925 terms

TestOut Security

STUDY
PLAY

Terms in this set (...)

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than required for the rest of the users. You need to make the change as easily as possible. Which should you do?
Implement a granular password policy for the users in the Directors OU.
Create a granular password policy. Apply the policy to all users in the Directors OU.
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than required for the rest of the users. You would like to define a granular password policy for these users. Which toold should you use?
ADSI Edit
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members in the Directors OU. Which should you do?
Create a granular password policy for Matt. Apply the new policy directly to Matt's user account.
Accessing the chip surface directly to observe, manipulate, and interfere with the ciruit
Exploiting vulnerabilities in the card's protocols or encryption methods
Capturing transmission data produced by the card as it is used
Deliberately inducing malfunctions in the card
Microprobing
Software Attacks
Eavesdropping
Fault Generation
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security goals is most at risk?
Confidentiality
Smart phones with cameras and Internet capabilities pose a risk to which security goal?
Confidentiality
By definition, which security concept ensures that only authorized parties can access data?
Confidentiality
You computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user.

In this example, what protection does the hashing activity provide?
Non-repudiation
Which of the following is an example of an internal threat?
A user accidentally deletes the new product designs
What is the greatest threat to the confidentiality of data in most secure organizations?
USB devices
Which of the following is the correct definition of a threat?
Any potential danger to the confidentiality, integrity, or availability of information or systems
Which of the following is an example of a vulnerability?
Misconfigured server
Which of the following is not a valid concept to associate with integrity?
Control access to resources to prevent unwanted access
When a cryptographic system is used to protect the confidentiality of data, what is actually protected?
Unauthorized users are prevented from viewing or accessing the resource
By definition, which security concept uses the ability to prove that a sender sent an encrypted message?
Non-repudiation
The company network is protected by a firewall, an IDS, and tight access controls. All of the files on this protected network are copied to tape every 24 hours.

The backup solution imposed on this network is designed to provide protection for what security service?
Availability
Which is the star property of Bell-LaPadula?
No write down
The Clark-Wilson model is primarily based on?
Controlled intermediary access applications
The Brewer-Nash model is designed primarily to prevent?
Conflicts of interest
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?
Identity
What form of access control is based on job descriptions?
Role-based access control (RBAC)
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
DAC
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
MAC
In which form of access control environment is access controlled by rules rather than by identity?
MAC
You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used?
RBAC
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
DAC
Which of the following is the term for the process of validating a subject's identity?
Authentication
Which of the following is used for identification?
Username
A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources?
Authentication and authorization
Which of the following defines an object as used in access control?
Data, applications, systems, networks, and physical space
Which access control model manages rights and permissions based on job descriptions and responsibilities?
Role Based Access Control (RBAC)
Which of the following defines the crossover rate for evaluating biometric systems?
The point where in the number of false negatives in a biometric system
Which of the following are examples of a single sign-on authentication solutions?
Kerberos
SESAME
Which of the following is stronger than any biometric authentication factor?
A two-factor authentication
A device which is synchronized to an authentication server uses which type of authentication?
Synchronous token
Which of the following authentication methods uses tickets to provide single sign-on?
Kerberos
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
Which of the following advantages can Single Sign-On (SSO) prodive?
The elimination of multiple user accounts and passwords for an individual
Access to all authorized resources with a single instance of authentication
Which of the following is an example of two-factor authentication?
A token device and a PIN
Which of the following is an example of three-factor authentication?
Token device, keystroke analysis, cognitive question
Which of the following are examples of Type II authentication credentials?
Smart card
Photo ID
Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?
False negative
Which of the following is a hardware device that contains identification information and which can be used to control building access or computer logon?
Smart card
PIN
Smart card
Password
Retina scan
Fingerprint scan
Hardware token
User name
Voice recognition
Wi-Fi triangulation
Typing behaviours
Something you know
Something you have
Something you know
Something you are
Something you are
Something you have
Something you know
Something you are
Somewhere you are
Something you do
The mathematical algorithm used by HMAC-based One-Time Passwords (HOTP) relies on two types of information to generate a new password based on the previously generated password. Which information is used to generate the new password?
Counter
Shared secret
The mathematical algorithm used to generate Time-based One-Time Passwords (TOTP) uses a shared secret and a counter to generate unique, one-time passwords. Which event causes the counter to increment when creating TOTP passwords?
The passage of time
Which of the following information is typically not included in an access token?
User account password
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user accounts a member of the Managers group which has access to a special shared folder. Late that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Have Marcus log off and log back on
Which of the following terms describes the component that is generated following authentication and which is used to gain access to resources following logon?
Access token
Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?
User ACL
Which type of media preparation is sufficient for media that will be reused in a different security context within your organization?
Sanitization
Which of the following is an example of privilege escalation?
Creeping privileges
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?
Separation of duties
By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with?
Principle of least privilege
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone NOT on the list?
Implicit deny
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal?
Separation of duties
You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement?
Job rotation
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following will the access list use?
Explicit allow, implicit deny
Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?
Need to know
What is the primary purpose of separation of duties?
Prevent conflicts of interest
Separation of duties is an example of which type of access control?
Preventive
Need to know is required to access which types of resources?
Compartmentalized resources
What should be done to a user account if the user goes on an extended vacation?
Disable the account
Tom Plask's user account has been locked because he entered too many incorrect passwords. You need to unlock the account. Click the tab in the properties of the Tom Plask user object you would use to unlock his account.
Account
Tom Plask was recently transferred to the Technical Support department. He now needs access to the network resources used by Support employees. To do this, you need to add Tom Plask's user account to the Support group in the Active Directory domain.
Member Of
You are creating a new Active Directory domain user account for the Robert Tracy user account. During the account setup process, you assigned a password to the new account. However, you know that for security reasons the system administrator should not know any user's password. Only the user should know his or her own password -- no one else.
User must change password at next logon
You are the network administrator in a small nonprofit organization. Currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can manage alone, so an additional help desk employee has been hired to carry some of the load. Currently, permissions to network resources are assigned directly to Craig's user object. Because the new employee needs exactly the same level of access, you decide to simply copy Craig's Active Directory domain user object and rename it with the new employee's name.
No, permissions are not copied when a user account is copied.
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed form kscott to kjones but no other values change. Which of the following commands will accomplish this?
usermod -l kjones kscott
You have performed an audit and have found active accounts for employees who no longer work for the company. You want to disable those accounts. What command example will disable a user account?
usermod -L joer
An employee named Bob Smith, with a user name of bsmith, has left the company. You have been instructed by your supervisor to delete his user account along with his home directory. Which of the following commands would produce the required outcome?
userdel bsmith;rm -rf /home/bsmith
userdel -r bsmith
A user with an account name of larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage the files in the system in the very near future. Which command below will disable or remove the user account from the system and remove his home directory?
userdel -r larry
In the /etc/shadow file, which character in the password field indicates that a standard user account is locked?
!
Which of the following utilities would you typically use to lock a user account?
passwd
usermod
You suspect that the ghsant user account is locked. Which command will show the status of the user account?
passwd -S gshant
You are the administrator for a small company. You need to add a new group of users, named sales, to the system. Which command will accomplish this?
groupadd sales
Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the following commands will accomplish this?
groupmod -n marketing sales
You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the following commands should you use?
groupdel temp_sales
What is the effect of the following command?
chage -M 60 -W 10 jsmith
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires.
What chage command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires?
chage -M 60 -W 10 jsmith
Which chage option keeps a user from changing password every two weeks?
-m 33
Which file should you edit to limit the amount of concurrent logins for a specific user?
/etc/security/limits.conf
Within the /etc/security/limits.conf file, you notice the following entry:
@guests hard maxlogins 3
What effect does the line have on the Linux system?
Limits the number of max logins from the guest group to three.
You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which should you do?
Create a GPO computer policy for the computers in the Development OU.
Computer policies include a special category called user rights. Which action do they allow an administrator to perform?
Identify users who can perform maintenance tasks on computers in an OU.
What statement is true regarding application of GPO settings?
If a setting is defined in the Local Group Policy on the computer and not defined in the CPO linked to the OU, the setting will be applied.
Which of the following is the single best rule to enforce when designing complex passwords?
Longer passwords
For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do?
Configure account lockout policies in Group Policy
You want to make sure that all users have passwords over 8 characters and that passwords must be changed every 30 days. What should you do?
Configure account policies in Group Policy
You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?
Configure day/time restrictions in the user accounts
You are configuring the local security policy of a Windows 7 system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure?
Enforce password history
Minimum password age
You are configuring the local security policy of a Windows 7 system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attempts. Which policies should you configure?
Minimum password length
Account lockout threshold
You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration.
Users cannot change the password for 10 days.
You have implemented account lockout with a clipping level of 4. What will be the effect of this setting?
The account will be locked after 4 incorrect attempts.
Which of the following is not an important aspect of password management?
Enable account lockout
You are teaching new users about security and passwords. Which example of the passwords would be the most secure password?
T1a73gZ9!
Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company's customer database. Which action should you take?
Train sales employees to use their own user accounts to update the customer database.
Delete the account that the sales employees are currently using.
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access?
RADIUS
TACACS+
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following would be a required part of your configuration?
Configure the remote access servers as RADIUS clients.
Which of the following are characteristics of TACACS+?
Uses TCP
Allows for a possible of three different servers, one each for authentication, authorization, and accounting
Which of the following are differences between RADIUS and TACACS+?
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.
Which of the following protocols can be used to centralize remote access authentication?
TACACS
RADIUS is primarily used for what purpose?
Authentication remote clients before access to the network is granted
Which of the following is a characteristic of TACACS+?
Encrypts the entire packet, not just authentication packets
Which of the following ports are used with TACACS?
49
What does a remote access use for authorization?
Remote access policies
Which of the following is the best example of remote access authentication?
A user establishes a dialup connection to a server to gain access to shared resources
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?
Mutual authentication
CHAP performs which of the following security functions?
Periodically verifies the identity of a peer using a three-way handshake
Which of the following authentication protocols tranmits passwords in clear text, and is therefore considered too insecure for modern networks?
PAP
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?
CHAP
Which of the following authentication protocols uses a three-way handshake to authenticate users to the network?
CHAP
MS-CHAP
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?
Ticket
Which of the following are required when implementing Kerberos for authentication and authorization?
Ticket granting server
Time synchronization
Which of the following are requirements to deploy Kerberos on a network?
Time synchronization between devices
A centralized database of users and passwords
Which ports does LDAP use by default?
389
636
You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. Which port would this use?
636
Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication?
Use SSL
You want to use Kebreros to protect LDAP authentication. Which authentication mode should you choose?
SASL
A user has just authenticated using Kerberos. What object is issued to the user immediately following logon?
Ticket granting ticket
Which of the following protocols uses port 88?
Kerberos
Which of the following authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?
LANMAN
What is mutual authentication?
A process by which each party in an online communication verifies the identity of the other party
A manager has told you she is concerned about her employees writing their passwords for Web sites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could be used to prevent this?
Credential Manager
KWalletManager is a Linux-based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials?
Blowfish
GPG
You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive. Click the option you would use in Credential Manager to do this.
Back up Credentials
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?
SASL
In an Identity Management System, what is the function of the Authoritative Source?
Specify the owner of a data item.
In an Identity Management System, what is the function of the Identity Vault?
Ensure that each employee has the appropriate level of access in each system.
You are the network administrator for a small company. Your organization currently uses the following server systems:
A Windows server that functions as a domain controller and a file server.
A Novell Open Enterprise Server that functions as a GroupWise e-mail server.
A Linux server that hosts your organization's NoSQL database server that is used for big data analysis.
Because each of these systems uses its own unique set of authentication credentials, you must spend a considerable amount of time each week keeping user account information updated on each system. In addition, if a user changes his or her password on one system, it is not updated for the user's accounts on the other two systems.
Which should you do?
Implement password synchronization.
Implement an Identity Vault.
Synchronizes user creation across all systems
Allows users to manage their passwords throughout all systems
Acts as the authoritative source for user credentials for each connected system
Serves as repository for the identity of each user
Defines a permission a user has to access resources in connected systems
Removes a user from all systems and revokes rights
Automated Provisioning
Password Synchronization
Identity Vault
Identity Vault
Entitlement
Automated De-provisioning
Which type of cipher changes the position of the characters in a plain text message?
Transposition
The Enigma machine, a cryptographic tool introduced in 1944 and used in WW2, encrypted messages by replacing characters for plain text. Which type of cipher does the Enigma machine use?
Substitution
In a cryptographic system, what properties should the initialization vector have?
Large
Unpredictable
Which of the following is a form of mathematical attack against the complexity of a cryptosystem's algorithm?
Analytic attack
Which form of cryptanalysis focuses on the weaknesses in the supporting computing platform as a means to exploit and defeat encryption?
Statistical attack
What is the cryptography mechanism which hides secret communications within various forms of data?
Steganography
Which of the following encryption methods combines a random value with the plain text to produce the cipher text?
One-time pad
In which type of attack does the attacker have access to both the plain text and the resulting cipher text, but does not have the ability to encrypt the plain text?
Known plaintext
Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting cipher text. What type of attack is this?
Chose plaintext
When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred?
Key clustering
Which of the following best describes a side-channel attack?
The attack is based on information gained from the physical implementation of a cryptosystem.
Which of the following password attacks adds appendages to known dictionary words?
Hybrid
Which of the following attacks will typically take the longest amount of time to complete?
Brute force attack
Which type of password attack employs a list of pre-defined passwords that it tries against a logon prompt or a local copy of a security accounts database?
Dictionary
Why are brute force attacks always successful?
They test every possible valid combination
Hashing algorithms are used to perform what activity?
Create a message digest
Which of the following best describes high amplification when applied to hashing algorithms?
A small change in the message results in a big change in the hash value.
When two different messages produce the same hash value, what has occurred?
Collision
Which of the following is used to verify that a downloaded file has not been altered?
Hash
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the Web site. The two hashes match. What do you know about the file?
Your copy is the same as the copy posted on the website
Which of the following is the strongest hashing algorithm?
SHA-1
Which of the following is the weakest hashing algorithm?
MD5
SHA-1 uses which of the following bit length hashing algorithms?
Only 160-bit
Which of the following does not or cannot produce a hash value of 128 bits?
SHA-1
A birthday attack focuses on what?
Hashing algorithms
If two different messages or files produce the same hashing digest, then a collision has occurred. What form of cryptographic attack exploits this condition?
Birthday attack
If a birthday attack is successful, meaning the attacker discovers a password that generates the same hash as that captured from a user's logon credentials, which of the following is true?
The discovered password will allow the attacker to log on as the user, even if it is not the same as the user's password
A collision was discovered
Which of the following are true of Triple DES (3DES)?
Is used in IPSec
Uses a 168-bit key
Which of the following are true concerning the Advanced Encryption Standard (AES) symmetric block cipher?
AES uses a variable-length block and key length (128-, 192-, or 256- bit keys).
AES uses the Rijndael block cipher
Which of the following symmetric block ciphers does not use a variable block length?
International Data Encryption Algorithm (IDEA)
Which of the following encryption mechanisms offers the least security because of weak keys?
DES
Which version of the Rivest Cipher is a block cipher that supports variable bit length keys and variable bit block sizes?
RC5
Bob Jones used the RC5 cryptosystem to encrypt a sensitive and confidential file on his notebook. He used 32 bit blocks, a 64 bit key, and he only used the selected key once. He moved the key onto a USB hard drive which was stored in a safety deposit box. Bob's notebook was stolen. Within a few days Bob discovered the contents of his encrypted file on the Internet. What is the primary reason why Bob's file was opened so quickly?
Weak key
What type of key or keys are used in symmetric cryptography?
A shared private key
How many keys are used with symmetric key cryptography?
One
Which of the following is not true concerning symmetric key cryptography?
Key management is easy when implemented on a large scale.
Which of the following can be classified as a "stream cipher"?
RC4
You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible?
AES
Which of the following algorithms are used in symmetric encryption?
Blowfish
3DES
AES
You are concerned about the strength of your cryptographic keys, so you implement a system that does the following:
The initial key is fed into the input of the bcrypt utility on a Linux workstation.
The bcrypt utility produces and enhanced key that is 128 bits long.
The resulting enhanced key is much more difficult to crack than the original key. Which kind of encryption mechanism was used in this scenario?
Key stretching
Which of the following is considered an out-of-band distribution method for private-key encryption
Copying the key to a USB drive
The sender's key is sent to a recipient using a Diffie-Hellman key exchange.
The sender's key is copied to a USB drive and handed to the recipient.
The sender's key is sent to the recipient using public-key cryptography.
The sender's key is burned to a CD and handed
In-band distribution
Out-of-band distribution
In-band distribution
Out-of-band distribution
How many keys are used with asymmetric or public key cryptography?
Two
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What must the receiver use to access the hashing value to verify the integrity of the transmission?
Sender's public key
Which of the follow are characteristics of ECC?
Asymmetric encryption
Uses a finite set of values within an algebraic field
Which of the following algorithms are used in asymmetric encryption?
RSA
Diffie-Hellman
Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?
Private keys
Which of the following generates the key pair used in asymmetric cryptography?
CSP
Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt the message?
Sam's public key
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature?
Mary's private key
The strength of a cryptosystem is dependent upon which of the following?
Secrecy of the key
Which form of asymmetric cryptography is based upon Diffie-Hellman?
El Gamal
Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5 or any other symmetric cryptography solution?
Diffie-Hellman
Implements the Diffie-Hellman key exchange protocol using elliptic curve cryptography
Exist only for the lifetime of a specific communication session
Uses no deterministic algorithm when generating public keys
Can be reused by multiple communication sessions
ECDH
Ephemeral keys
Perfect forward secrecy
Static keys
What is the purpose of key escrow?
To provide a means for legal authorities to access confidential data
Which aspect of certificates makes them a reliable and useful mechanism for proving the identity of a person, system, or service on the Internet?
Trusted third-party
Which of the following items are contained in a digital certificate?
Public Key
Validity period
In what form of key management solution is key recovery possible?
Centralized
Which of the following conditions does not result in a certificate being added to the certificate revocation list?
Certificate expiration
Which of the following is an entity that accept and validates information contained within a request for a certificate?
Registration authority
Which of the following would you find on a CPS?
A declaration of the security that the organization is implementing for all certificates
What is a PKI?
A hierarchy of computers for issuing certificates
A PKI is a method for managing which type of encryption?
Asymmetric
What technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large complex environments?
Online Certificate Status Protocol
You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?
Recovery agent
You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?
Obtain a certificate from a public PKI
To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where should it be submitted?
Identifying data and a certification request to the registration authority (RA)
How many keys are used with Public Key Cryptography?
Two
When is the best time to apply for a certificate renewal?
Near the end of the certificate's valid lifetime
What is the main function of a TPM hardware chip?
Generate and store cryptographic keys
Which of the following is a direct protection of integrity?
Digital signature
Which of the following statements is true when comparing symmetric and asymmetric cryptography?
Asymmetric key cryptography is used to distribute symmetric keys
Which of the following is not true in regards to S/MIME?
Uses IDEA encryption
Which of the following technologies is based upon SSL (Secure Sockets Layer)?
TLS (Transport Layer Security)
Which of the following can be used to encrypt Web, e-mail, telnet, file transfer, and SNMP traffic?
IPSec (Internet Protocol Security)
What is the primary use of Secure Electronic Transaction (SET)?
Protect credit card information transmissions
Secure Multi-Purpose Internet Mail Extensions (S/MIME) is used primarily to protect what?
E-mail attachments
The PGP or Pretty Good Privacy encryption utility relies upon what algorithms?
3DES
IDEA
Which public key encryption system does PGP (Pretty Good Privacy) use for key exchange and digital signatures?
RSA
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) can be used to provide security for what type of traffic?
Web
Which of the following communications encryption mechanisms has a specific version for wireless communications?
TLS (Transport Layer Security)
Which security mechanism can be used to harden or protect e-commerce traffic from Web servers?
SSL
What form of cryptography is not scalable as a stand-alone system for use in very large and ever expanding environments where data is frequently exchanged between different communication partners?
Symmetric cryptography
What form of cryptography is scalable for use in very large and ever-expanding environments where data is frequently exchanged between different communication partners?
Asymmetric cryptography
Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow to its client?
Service level agreement
HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what?
Privacy
Which of the following policies specifically protects PII?
Privacy
Which of the following defines an acceptable use agreement?
An agreement which identifies the employee's rights to use company property such as Internet access and computer equipment for personal use.
You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do?
Contact your customers to let them know of the security breach
When informing an employee that they are being terminated, what is the most important activity?
Disabling their network access
What is the most effective means of improving or enforcing security in any environment?
User awareness training
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs?
Shredding
Which of the following best describes the concept of due care or due diligence?
Reasonable precautions, based on industry best practices, are utilized and documented
Which of the following is a high-level, general statement about the role of security in the organization?
Policy
Which of the following is a recommendation to use when a specific standard or procedure does not exist?
Guideline
Which of the following is the best protection against security violations?
Defense in depth
Who has the responsibility for the development of a security policy?
Senior management
What is the primary purpose of source code escrow?
To obtain change rights over software after the vendor goes out of business
What is the primary purpose of change control?
Prevent unmanaged change
Make sure that remote access connections are secure
Create a list of all protocols being used on the network
Identify the choke points on the network
Use timestamps on all documents
Create a list of all devices
Reach Your Network
Map Your Network
Protect Your Network
Prepare to Document
Map Your Network
Remove insecure protocols
Implement the principle of least privilege
Segregate and isolate networks
Establish an update management process
Establish a baseline for all systems
Reach Your Network
Control Your Network
Protect Your Network
Manage Your Network
Manage Your Network
You have been recently hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network Plan for the network. You have already completed the first and second milestones where documentation procedures were identified and the network image was mapped. You are now working on the third milestone where you must identify ways to protect the network. Which tasks should you complete as a part of this milestone?
Physically secure high-value systems
Identify and document each user on the network
When recovery is being performed due to a disaster, which services are to be stabilized first?
Mission critical
In business continuity planning, what is the primary focus of the scope?
Business processes
What is the primary goal of business continuity planning?
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the following best describes compliance testing?
The testing of control procedures to see if they are working as expected and are being implemented in accordance with management policies
When is a BCP or DRP design and development actually completed?
Never
As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?
Collect and destroy all old plan copies
You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals. Which type of BCP test is this considered?
Tabletop exercise
Which of the following is not a valid response to a risk discovered during a risk analysis?
Denial
Which of the following best defines Singe Loss Expectancy (SLE)?
The total monetary loss associated with a single occurrence of a threat
What is the average number of times that a specific risk is likely to be realized?
Annualized Rate of Occurrence
When analyzing assets, which analysis method assigns financial values to assets?
Quantitative
Which of the following statements is true in regards to risk analysis?
Don't implement a countermeasure if the cost is greater than loss
Annualized Rate of Occurrence (ARO) identifies how often in a single year the successful threat attack will occur
When would choosing to do nothing about an identified risk be acceptable?
When the cost of protecting the asset is greater than the potential loss
If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?
Negligence
You have conducted a risk analysis to protect a key company asset. You identify the following values:
Asset value = 400
Exposure factor = 75
Annualized Rate of Occurrence = .25
What is the Annualized Loss Expectancy (ALE)?
75
When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated?
Through historical data provided by insurance companies and crime statistics
Purchasing insurance is what type of response to risk?
Transference
To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?
Delphi method
You have conducted a risk analysis to protect a key company asset. You identify the following values:
Asset value = 400
Exposure factor = 75
Annualized Rate of Occurrence = .25
What is the Single Loss Expectancy (SLE)?
300
You have conducted a risk analysis to protect a key company asset. You identify the following values:
Asset value = 400
Exposure factor = 75
Annualized Rate of Occurrence = .25
Countermeasure A has a cost of 320 and will protect the asset for four years. Countermeasure B has an annual cost of 85. An insurance policy to protect the asset has an annual premium of 90.
What should you do?
Accept the risk or find another countermeasure
Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies?
Network DLP
You are a network administrator over two Windows-based sites. You have almost 2000 employees with workstations and 64 servers that need to be more secure. You have decided to implement a Data Loss Prevention (DLP) solution to detect and stop breaches of sensitive data.
You decided to implement e-mail and instant messaging communication controls so that messages that violate your organizations security policy are blocked at the workstation before being transmitted on the network.
Which DLP solution should you implement?
Endpoint DLP
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?
Back up all logs and audits regarding the incident
Which of the following is an important aspect of evidence gathering?
Backing up all log files and audit trails
Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?
Hahsing
The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?
Rebooting the system
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?
Create a checksum using a hashing algorithm
You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains.
What should you do first?
Make a bit-level copy of the disk
During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence?
Disconnect the access point from the network
You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack.
What should you do next?
Perform a memory dump
When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first?
Document what's on the screen
Arrange the computer components listed on the left in order of decreasing volatility on the right.
CPU registers and caches
System RAM
Paging file
Hard disk
File system backup on an external USB drive
What is the best definition of a security incident?
Violation of security policy
When conducting a forensic investigation, which of the following initial actions is appropriate for preserving evidence?
Document what's on the screen
What is the most important element related to evidence in addition to the evidence itself?
Chain of custody document
The chain of custody is used for what purposes?
Listing people coming into contact with evidence
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?
Chain of custody
What is the primary countermeasure to social engineering?
Awareness
How can an organization help prevent social engineering attacks?
Publish and enforce clearly-written security policies
Educate employees on the risks and countermeasures
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site?
Phishing
Phishing
Whaling
Spear phishing
Dumpster diving
Piggybacking
Vishing
An attacker sends an email pretending to be from a trusted organization, asking users to access a web site to verify personal information
An attacker gathers personal information about the target individual, who is a CEO
An attacker gathers personal information about the target individual in an organization
An attacker searches through an organization's trash looking for sensitive information
An attacker enters a secured building by following an authorized employee through a secure door without providing identification
An attacker uses a telephone to convince target individuals to reveal their credit card information.
Which of the following is a common form of social engineering attack?
Hoax virus information e-mails
You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter you username and password at a new Web site so you can manage your e-mail and spam using the new service.
What should you do?
Verify that the e-mail was sent by the administrator and that this new service is legitimate
Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?
Establish and enforce a document destruction policy
What is the primary difference between impersonation and masquerading?
One is more active, the other is more passive
Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?
Vishing
A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so the project can get back on schedule.
Which type of an attack best describes the scenario?
Whaling
The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack?
Authority
By definition, which type of social engineering attack uses of a fictitious scenario to persuade someone to give information for which they are not authorized?
Pretexting
Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?
Social validation
You've just received an e-mail message that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from you system to prevent further spread of the threat.
What should your first action based on this message be?
Verify the information on well-known malicious code threat management Web sites
Dictionary attacks are often more successful when performed after what reconnaissance action?
Social engineering
Which of the following is a term used to describe a level of confidence that the evaluation methods were thorough and complete so that the security designation can be trusted?
Assurance
Which of the following defines system high mode?
All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system
Which of the following not used by the reference monitor to determine levels of access?
Ring architecture
Which of the following defines layering in regards to system access control?
Various tasks are divided into a hierarchical manner to provide security
Which of the following terms restricts the ability of a program to read and write to memory according to its permissions or access level?
Confinement
Who is assigned the task of judging the security of a system or network and granting it an approval to operate?
Designated Approving Authority
A process performed in a controlled environment by a third-party which verifies that an IS meets a specific set of security standards before being granted the approval to operate is known as?
Accreditation
Which is the operating mode of a system that is deployed in such a way so that it operates at a single level of classification and all users who can access the system all have that same specific clearance level as well as all of the need to know over all the data on the system?
Dedicated
Which of the following components of the Common Criteria (CC) evaluation system is a document written by a user or community that identifies the security requirements for a specific purpose?
Protection Profile (PP)
Which of the following terms describes the product that is evaluated against the security requirements in the Common Criteria (CC) evaluation system?
Target of Evaluation (TOE)
Which of the following best describes the Security Target (ST) in the Common Criteria (CC) evaluation system?
The ST is a document that describes the security properties of a security product
Which of the following is a representative example of an assigned level of a system that was judged through Common Criteria?
EAL5
What is another name for a backdoor that was left in a product by the manufacturer by accident?
Maintenance hook
Which of the following is an action which must take place during the release stage of the SDLC?
Venders develop and release patches in response to exploited vulnerabilities that have been discovered
Which of the following development modes is a method used by programmers while writing programs that allows for optimal control over coherence, security, accuracy, and comprehensibility?
Structured programming
How often should change control management be implemented?
Any time a production system is altered
In which phase of the system life cycle is security integrated into the product?
Project Initiation
In which phase of the system life cycle is software testing performed?
Software Development
What is the primary purpose of imposing software life cycle management concepts?
Increase the quality of software
What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every years?
To check for evidence of fraud
What is the primary means by which supervisors can determine whether or not employees are complying with the organization's security policy?
Auditing
A code of ethics provides for all but which of the following?
Clearly defines courses of action to take when a complex issue is encountered
Which of the following are typically associated with human resource security policies?
Termination
Background checks
Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment?
Improve and hold new awareness sessions
As you are helping a user with a computer problem you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently requires:
Minimum password length = 10
Minimum password age = 4
Maximum password age = 30
Password history = 6
Require complex passwords that include numbers and symbols
Account lockout clipping level = 3
Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down?
Implement end-user training
You have installed anti-virus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it.
What should you add to your security measures to help prevent this from happening again?
User awareness training
Which of the following defines two-man control?
Certain tasks should be dual-custody in nature to prevent a security breach
Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's credential information?
Non-disclosure agreement
Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept?
The system administrator configures remote access privileges and the security officer reviews and activates each account
Which of the following is not a protection against collusion?
Cross training
Which of the following is not an element of the termination process?
Dissolution of the NDA
...
...
The best way to initiate solid administrative control over an organization's employees is to have what element in place?
Distinct job descriptions
Conduct role-based training
Verify an individual's job history
Show individuals how to protect sensitive information
Disable a user's account
Remind individuals of NDA agreements
Obtain an individual's credit history
Employment
Pre-employment
Employment
Termination
Termination
Pre-employment
Specifies exactly which services will be performed by each party
Creates an agreement with a vendor to provide services on an ongoing basis
Provides a summary of which party is responsible for performing specific tasks
Documents how the networks will be connected
Defines how disputes will be managed
Specifies a preset discounted pricing structure
SLA
BPO
MOU
ISA
SLA
BPO
Your organization entered into an Interoperability Agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between you domain and the partner domain.
The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase?
Conduct periodic vulnerability assessments
Verify compliance with the IA documents
Your organization entered into an Interoperability Agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between you domain and the partner domain. This configuration will allows users in their domain to access resources in your domain and vice versa.
As a security administrator, which tasks should you complete during this phase?
Identify how data ownership will be determined
Identify how data will be shared
Communicate vulnerability assessment findings with the other party
Disable VPN configurations that allow partner access to your network
Compare your organization's security policies against the partner's policies
Disable the domain trust relationship between networks
Identify how privacy will be protected
Draft an ISA
Conduct regular security audits
Ongoing operations
Off-boarding
Onboarding
Off-boarding
Onboarding
Onboarding
Ongoing operations
On your way into the back entrance of the building at work one morning, a man dressed as a plumber asks you to let him in so he can 'fix the restroom." What should you do?
Direct him to the front entrance and instruct him to check in with the receptionist
Which of the following are solutions that address physical security?
Require identification and name badges for all employees
Escort visitors at all times
Which of the following can be used to stop piggybacking that has been occurring at a front entrance where employees should swipe their smart cards to gain entry?
Deploy a mantrap
What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment but which actively prevents re-entrance through the exit portal?
Turnstiles
You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which camera type should you choose?
PTZ
You want to use CCTV it increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowers lighting conditions?
500 resolution, 50mm, .05 LUX
Which of the following CCTV camera types lets you adjust the distance that the camera can see (i.e. zoom in or out)?
Varifocal
Which of the following CCTV types would you use in areas with little or not light?
Infrared
Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry?
Double-entry door
Turnstile
Which of the following controls is an example of a physical access control method?
Locks on doors
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You've hired a third-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement cable locks to prevent theft of computer equipment.
Click on the office location where cable locks would be most appropriate.
Lobby
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You've hired a third-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement mantraps to prevent this from happening in the future.
Click on the office location where a mantrap would be most appropriate.
Lobby
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You've hired a third-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you provide employees with access badges and implement access badge readers to prevent this from happening in the future.
Click on the office locations where access badge readers would be most appropriate.
Lobby
Server closet
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You've hired a third-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement closed-circuit TV (CCTV) surveillance cameras to prevent this from happening in the future.
Click on the office locations where surveillance cameras would be most appropriate.
Lobby
Server closet
Hardened carrier
Barricades
Alarmed carrier
Emergency lighting
Biometric authentication
Emergency escape plans
Anti-passback system
Exterior floodlights
Protected cable distribution
Perimeter barrier
Protected cable distribution
Safety
Door locks
Safety
Physical access control
Perimeter barrier
Which of the following is the most important thing to do to prevent console access to the router?
Keep the router in a locked room
You have 5 salesmen who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns?
Use cable locks to chain the laptops to the desks
You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following:
When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock.
The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet.
She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media.
You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace
You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks
Control access to the work area with a locking doors and card readers
Relocate the switch to the locked server closet
You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following:
When you enter the facility, a receptionist greets you and escorts you through a locked door to the work area where the office manager sits.
The office manager informs you that the organization's servers are kept in a locked closet. An access card is required to enter the server closet.
She informs you that server backups are configured to run each night. A rotation of tapes are used as the backup media.
You notice the organization's network switch is kept in the server closet.
You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks.
The office manager informs you that her desktop system will no longer boot and asks you to repair or replace it, recovering as much data as possible in the process. You carry the workstation out to your car and bring it back to your office to work on it.
Implement a hardware checkout policy
You walk by the server room and notice a fire has started. What should you do first?
Make sure everyone has cleared the area
Which of the following fire extinguisher types is best used for electrical fires that might result when working with computer components?
Class C
Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components?
Carbon dioxide (CO2)
Which of the following fire extinguisher types poses a safety risk to users in the area?
CO2
Halon
Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running.
What should you do?
Install shielded cables near the elevator
hat is the recommended humidity level for server rooms?
50%
Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees.
What should you do to help reduce problems?
Add a separate A/C unit in the server room
You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting the availability of the network.
Which of the following should you implement?
Positive pressure system
Which of the following statements about ESD is not correct?
ESD is much more likely to occur when the relative humidity is above 50%
Which of the following is the least effective power loss protection for computers?
Surge protector
Besides protecting a computer from under voltages, a typical UPS also performs which two actions?
Protects from over voltages
Conditions the power signal
A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device?
Remote wipe
Which of the following are not reasons to remote wipe a mobile device?
When the device is inactive for a period of time
Which of the following mobile device security consideration will disable the ability to use the device after a short period of inactivity?
Screen lock
Most accurate
More accurate
Less accurate
Least accurate
GPS
Wi-Fi triangulation
Cell phone tower triangulation
IP address resolution
Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions.
You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible.
Which actions should you take?
Enable device encryption
Implement storage segmentation
Over the last several years, the use of mobile devices within your organization has increased dramatically.
Unfortunately, many department heads circumvented your Information Systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result there is a proliferation of devices within your organization without accountability.
You need to get things under control and begin tracking the devices that are owned by your organization.
How should you do this?
Implement a mobile endpoint management (MEM) solution
Preventing malware infections
Supporting mobile device users
Preventing loss of control of sensitive data
Preventing malicious insider attacks
Applying the latest anti-malware definitions
Implement a network access control (NAC) solution
Specify who users can call for help with mobile device apps in your acceptable use policy
Enrol devices in a mobile device management system
Specify where and when mobile devices can be possessed in your acceptable use policy
Implement a network access control (NAC) solution
Users take pictures of proprietary processes and procedures
Devices with a data plan can e-mail stolen data
Devices have no PIN or password configured
Anti-malware software is not installed
A device containing sensitive data may be lost
Specify where and when mobile devices can be possessed in your acceptable use policy
Specify where and when mobile devices can be possessed in your acceptable use policy
Enrol devices in a mobile device management system
Implement a network access control (NAC) solution
Enrol devices in a mobile device management system
Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them.
To increase the security of these devices, you want to apply a default set of security-related configuration settings.
What is the best approach to take to accomplish this?
Configure and apply security policy settings in a mobile device management system
Enroll the devices in a mobile device management system
Your organization recently purchased 18 iPad tablet for use by the organization's management team. To increase the security of these devices, you want to apply a default set of security-related configuration settings.
What is the best approach to take to accomplish this?
Configure and apply security policy settings in a mobile device management system
Enroll the devices in a mobile device management system
Jailbreaking
Sideloading
Sandboxing
Assigned Access
Allows apps to be installed from sources other than the App Store
Allows apps to be installed from sources other than the Windows Store
Prevents a running app from accessing data stored by other running apps
Defines a whitelist of Windows Store applicaitons
Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization.
For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice president's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network.
You've reviewed the vice president's social media pages and you found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smart phone was never misplaced prior to the attack.
Which security weakness is the most likely cause of the security breach?
Geo-tagging was enabled on her smartphone
You organization is formulating a bring your own device (BYOD) security policy for mobile devices.
Which of the following statements should be considered as you formulate your policy?
You can't use domain-based group policies to enforce security settings on mobile devices
Your organization's security policy specifies that any mobile device (regardless of ownership) that connects to your internal network must have remote wipe enabled. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it.
Your organization recently purchased several Windows RT tablets. Which should you do?
Sign up for a Windows Intune account to manage the tablets
Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloud-based Windows Intune account.
One of your sales representatives left her tablet at an airport. The device contains sensitive information and you need to remove it in case the device is compromised.
Which Intune portal should you use to perform a remote wipe?
Admin Portal
Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloud-based Windows Intune account.
One of your sales representatives left his notebook at a customer's site. The device contains sensitive information and you want to change the password to prevent the data from being compromised.
Which Intune portal should you use to remotely change the password?
Admin Portal
The presence of unapproved modems on desktop systems gives rise to the LAN being vulnerable to which of the following?
War dialing
Which of the following phone attacks adds unauthorized charges to a telephone bill?
Cramming
Which Internet connectivity method sends voice phone calls using the TCP/IP protocol over digital data lines?
VoIP
A customer just received a phone bill on which there are charges for unauthorized services. This customer is a victim to which type of attack?
Cramming
Which of the following best describes the purpose of using subnets?
Subnets divide an IP network address into multiple network addresses
Which of the following is not a reason to use subnets on a network?
Combine different media type on the same subnet
Which of the following IPv6 addresses is equivalent to the IPv4 loopback address of 127.0.0.1?
::1
Which of the following describes an IPv6 address?
128-bit address
Eight hexadecimal quartets
Which of the following correctly describe the most common format for expressing IPv6 addresses?
32 numbers, grouped using colons
Hexadecimal numbers
Which of the following are valid IPv6 addresses?
6384:1319:7700:7631:446A:5511:8940:2552
141:0:0:0:15:0:0:1
Which of the following is a valid IPv6 address?
FEC0::AB:9007
Routers operate at what level of the Open System Interconnect model?
Network layer
You've decided to use a subnet mask of 255.255.192.0 on the 172.17.0.0 network to create four separate subnets.
Which network IDs will be assigned to these subnets in this configuration?
172.17.128.0
172.17.0.0
You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration.
What should you do?
Implement version 3 of SNMP
You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. Which protocol should you implement?
DNS
Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?
ICMP
You are configuring a network firewall to allows SMTP outbound e-mail traffic, and POP3 inbound e-mail traffic. Which of the following TCP/IP ports should you open on the firewall?
25
110
Which port number is used by SNMP?
161
Which of the following ports does FTP use to establish sessions and manage traffic?
20, 21
Using the Netstat command, you notice that a remote system has made a connection to your Windows Server 2008 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing?
Downloading a file
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform secure credit card transactions.
Which port needs to be enabled to allow secure transactions?
443
Which of the following network services or protocols uses TCP/IP port 22?
SSH
SNMP
SSH
TFTP
SCP
Telnet
HTTPS
HTTP
FTP
SMTP
POP3
161 TCP and UDP
22 TCP and UDP
69 UDP
22 TCP and UDP
23 TCP
443 TCP and UDP
80 TCP
20 TCP
25 TCP
110 TCP
Which two of the following lists accurately describes TCP and UDP?
TCP: connection-oriented, reliable, sequenced, high overhead
UDP: connectionless, unreliable, unsequenced, low overhead
You are an application developer creating applications for a wide variety of customers. In which two of the following situations would you select a connectionless protocol?
A gaming company wants to create a networked version of its latest game. Communication speed and reducing packet overhead are more important than error-free delivery.
A company connects two networks through an expensive WAN link. The communication media is reliable, but very expensive. They want to minimize connection times.
You want to maintain tight security on your internal network so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable?
53
Your company's network provides HTTP, HTTPS, and SSH access to remote employees. Which ports must be opened on the firewall to allow this traffic to pass?
80, 443, 22
Your network recently experienced a series ot attacks aimed at the Telnet and FTP services. You have rewritten the security policy to abolish the unsecured services, and now you must secure the network using your firewall and routers. Which ports must be closed to prevent traffic directed to these two services?
23, 21
Which of the following is the main difference between a DoS attack and a DDoS attack?
The DDoS attack uses zombie computers
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
DDoS
You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack?
The system will unavailable to respond to legitimate requests
The threat agent will obtain information about open ports on the system
You need to enumerate the devices on your network and display the configuration details of the network.
Which of the following utilities should you use?
nmap
An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing?
Browsing the organization's Website
Which type of active scan turns off all flags in a TCP header?
Null
Which of the following Denial of Service (DoS) attacks uses ICMP packets and will only be successful if the victim has less bandwidth than the attacker?
Ping flood
In which of the following Denial of Service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot?
Teardrop
A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?
Land attack
Which of the following is a form of denial of service attack that subverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet?
SYN flood
Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?
Smurf
A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?
ACK
When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what?
Land attack
A Smurf attack requires all but which of the following elements to be implemented?
Padded cell
Which of the following best describes the ping of death?
An ICMP packet that is larger than 65,536 bytes
Which of the following is the best countermeasure against man-in-the-middle attacks?
IPSec
What is modified in the most common form of spoofing on a typical IP packet?
Source address
Which type of Denial of Service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?
DNS poisoning
Which of the following describes a man-in-the-middle attack?
A false server intercepts communications from a client by impersonating the intended server
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?
Man-in-the-middle attack
When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream, what type of attack has occurred?
Hijacking
What is the goal of a TCP/IP hijacking attack?
Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access
Which of the following is not a protection against session hijacking?
DHCP reservations
Which of the following is the most effective protection against IP packet spoofing on a private network?
Ingress and egress filters
While using the Internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the Web server, the correct site is displayed.
Which type of attack has likely occurred?
DNS poisoning
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
ARP poisoning
What are the most common network traffic packets captured and used in a replay attack?
Authentication
When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?
An unauthorized user gaining access to sensitive resources
A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received on the Internet-facing interface. This is an example of what form of attack?
Spoofing
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information.
What kind of exploit has been used in this scenario?
Pharming
DNS poisoning
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
Extranet
You are the office manager of a small financial credit business. Your company handles personal, financial information for clients seeking small loans over the Internet. You are aware of your obligation to secure clients records, but budget is an issue.
Which item would provide the best security for this situation?
All-in-one security appliance
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the Internet from the library's computers. The students will use the computers to search the Internet for research paper content. The school budget is limited.
Which content filtering option would you choose?
Restrict content based on content categories
Application-aware proxy
Application-aware firewall
Application-aware IDS
Improves application performance
Enforces security rules based on the application that is generating network traffic, instead of the traditional port and protocol
Analyzes network packets to detect malicious payloads targeted at application-layer services
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers.
Which type of device should you use to create the DMZ?
Network-based firewall
You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users.
Which solution should you use?
Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ.
You have used firewalls to create a demilitarized zone. You have a Web server that needs to be accessible to Internet users. The Web server must communicate with a database server for retrieving product, customer, and order information.
How should you place devices on the network to best protect the servers?
Put the database server on the private network
Put the Web server inside the DMZ.
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?
DMZ
Which of the following is likely to be located in a DMZ?
FTP server
Members of the Sales team use laptops to connect to the company network. While traveling, they connect their laptops to the Internet through airport and hotel networks.
You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed.
Which solution should you use?
NAC
In which of the following situations would you most likely implement a demilitarized zone (DMZ)?
You want to protect a public Web server from attack.
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion or sacrificial host
Which of the following is a firewall function?
Packet filtering
Which of the following are characteristics of a circuit-level gateway?
Stateful
Filters based on sessions
Which of the following are characteristics of a packet filtering firewall?
Stateless
Filters IP address and port
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
Circuit-level
You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs.
Which type of firewall should you install?
Application level
Which of the following is the best device to deploy to protect your private network from a public untrusted network?
Firewall
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling.
You want to protect the laptop from Internet-based attacks.
Which solution should you use?
Host based firewall
You connect your computer to a wireless network available at the local library. You find that you can access all web sites you want on the Internet except for two.
What might be causing the problem?
A proxy server is blocking access to the web sites.
Which of the following functions are performed by proxies?
Block employees from accessing certain Web sites
Cache web pages
Which of the following are true of a circuit proxy filter firewall?
Operates at the Session layer.
Verifies sequencing of session packets.
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
ACL
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?
IP address
You have just installed a packet-filtering firewall on your network. What options will you be able to set on your firewall?
Destination address of a packet
Port number
Source address of a packet
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports; open only ports required by applications inside the DMZ.
Which of the following firewall types can be a proxy between servers and clients?
Circuit proxy filtering firewall
Application layer firewall
You have a small network at home that is connected to the Internet. On your home network you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network.
You want to configure the server as a Web server and allow Internet hosts to contact the server to browse a personal Web site.
What should you use to allow access?
Static NAT
You are the network administrator for a small company that implements NAT to access the Internet. However, you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 additional registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside.
Which method of NAT translation should you implement for these 5 servers?
Static
You want to connect your small company network to the Internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of Network Address Translation (NAT) should you implement?
Dynamic
Which of the following is not one of the ranges of IP addresses defined in RFC 1918 that are commonly used behind a NAT server?
169.254.0.0-169.254.255.255
Which of the following networking devices or services prevents the use of IPSec in most cases?
NAT
Which of the following is not a benefit of NAT?
Improving the throughput rate of traffic
You have a group of salesmen who would like to access your private network through the Internet while they are traveling. You want to control access to the private network through a single server.
Which solution should you implement?
VPN concentrator
A VPN is used primarily for what purpose?
Support secured communications over an untrusted network
Which VPN protocol typically employs IPSec as its data encryption mechanism?
L2TP
Which statement best describes IPSec when used in tunnel mode?
The entire data packet, including headers, is encapsulated.
Which IPSec subprotocol provides data encryption?
ESP
Which of the following is not a VPN tunnel protocol?
RADIUS
Which is the best countermeasure for someone attempting to view your network traffic?
VPN
PPTP (Point to Point Tunneling Protocol) is quickly becoming obsolete because of what VPN protocol?
L2TP (Layer 2 Tunneling Protocol)
What is the primary use of tunneling?
Supporting private traffic through a public communication medium
In addition to Authentication Header (AH), IPSec is comprised of what other service?
Encapsulating Security Payload (ESP)
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database.
Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports.
Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decided to configure her notebook to use a VPN when accessing the home network over an open wireless connection.
Which key steps should you take when implementing this configuration?
Configure the browser to send HTTPS requests through the VPN connection.
Configure the VPN connection to use IPSec.
Which of the following is a valid security measure to protect e-mail from viruses?
Use blockers on e-mail from viruses
Which of the following prevents access based on website ratings and classifications?
Content filter
Prevents visiting malicious Web sites
Prevents outsided attempts to access confidential information
Identifies and disposes of infected content
Prevents unwanted e-mail from reaching your network
Prevents visiting restricted Web sites
Web threat filtering
Anti-phishing software
Virus blockers
Gateway e-mail spam blockers
URL content filtering
You are investigating the use of Web site and URL content filtering to prevent users from visiting certain Web sites.
Which benefits are the result of implementing this technology in your organization?
An increase in bandwidth availability
Enforcement of the organization's Internet usage policy
You have a company network with a single switch. All devices connect to the network through the switch.
You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download.
Which of the following components will be part of your solution?
802.1x authentication
Remediation servers
Which step is required to configure a NAP on a Remote Desktop (RD) Gateway server?
Edit the properties for the server and select Request clients to send a statement of health.
In a NAP system, what is the function of the System Health Validator?
Compare the statement of health submitted by the client to the health requirements
How does IPSec NAP enforcement differ from other NAP enforcement methods?
Clients must be issued a valid certificate before a connection to the private network is allowed.
Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?
WEP, WPA Personal, and WPA2 Personal
Which of the following offers the weakest form of encryption for an 802.11 wireless network?
WEP
Which of the following features are supplied by WPA2 on a wireless network?
Encryption
You need to secure your wireless network. Which security protocol would be the best choice?
WPA2
You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the following components will be part of your design?
AES encryption
802.1x
Which of the following locations will contribute the greatest amount of interference for a wireless access point?
Near cordless phones
Near backup generators
You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart.
What type of wireless antennae should you use on each side of the link?
High-gain
Parabolic
How does WPA2 differ from WPA?
WPA2 uses AES for encryption; WPA uses TKIP.
You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption.
What should you do?
Configure the connection to use WPA2-Enterprise.
Short initialization vector makes key vulnerable.
Uses AES for encryption.
Uses RC4 for encryption.
Uses TKIP for encryption.
Uses CBC-MAC for data integrity.
Uses CCMP for key rotation.
WEP
WPA2
WEP
WPA
WPA2
WPA2
You need to add security for your wireless network. You would like to use the most secure method.
Which method should you implement?
WPA2
Which of the following is used on a wireless network to identify the network name?
SSID
Which of the following are true about Wi-Fi Protected Access 2 (WPA2)?
Uses AES for encryption and CBC-MAC for data integrity
Upgrading from a network using WEP typically requires installing new hardware.
WiMAX is an implementation of which IEEE committee?
802.16
You want to connect a laptop computer running Windows 7 to a wireless network.
The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled.
What should you do?
Configure the connection with a preshared key and AES encryption.
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network.
One day you find that an employee has connected a wireless access point to the network in his office.
What type of security risk is this?
Rogue access point
Which of the following describes marks that attacks place outside a building to identify an open wireless network?
War chalking
The process of walking around an office building with an 802.11 signal detector known as what?
War driving
Which of the following best describes Bluesnarfing?
Unauthorized viewing calendar, e-mails, and messages on a mobile device
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
Bluejacking
Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?
Disable Bluetooth on the phone
You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions.
If the cordless phones are causing the interference, which of the following wireless standards could the network be using?
Bluetooth
802.11g
You organization uses an 802.11g wireless network. Recently, other tenants installed the following equipment in your building:
A wireless television distribution system running at 2.4 GHz
A wireless phone system running at 5.8 GHz
A wireless phone system running at 900 MHz
An 802.11n wireless network running in the 5 GHz frequency range
Since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?
The wireless TV system.
Which of the following best describes an evil twin?
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.
Network packet sniffing is often used to gain the information needed to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?
Encryption
Which of the following common network monitoring or diagnostic activity can be used as a passive malicious attack?
Sniffing
You are concerned that wireless access points may have been deployed within your organization without authorization.
What should you do?
Conduct a site survey.
Check the MAC addresses of devices connected to your wired switch.
Spark jamming
Random noise jamming
Random pulse jamming
Repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace
Produces RF signals using random amplitudes and frequencies
Uses radio signal pulses of random amplitude and frequency
An attacker has hidden an NFC reader behind an NFC-based kiosk in an airport.
The attacker uses the device to capture NFC data in transit between end-user devices and the reader in the kiosk. She then uses that information later on to masquerade as the original end-user device and establish an NFC connection to the kiosk.
What kind of attack has occurred in this scenario?
NFC relay attack
You are implementing a wireless network in a dentist's office. The dentist's practice is small, so you choose to use an inexpensive, consumer-grade access point.
While reading the documentation, you notice that the access point supports Wi-Fi Protected Setup (WPS) using a PIN. You are concerned about the security implications of this functionality.
What should you do to reduce the risk?
Disable WPS in the access point's configuration.
Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?
Disable SSID broadcast
Which remote access authentication protocol allows for the use of smart cards for authentication?
EAP
Which of the following do switches and wireless access points use to control access through the device?
MAC filtering
You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?
On a RADIUS server
You are the wireless network administrator for your organization. As the size of the organization has grown, you've decide to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys.
You've decided to use LEAP to authenticate wireless clients. To do this, you configured a Cisco RADIUS server and installed the necessary Cisco client software on each RADIUS client.
Which of the following is true concerning this implementation?
The system is vulnerable because LEAP is susceptible to dictionary attacks.
You are the wireless network administrator for your organization. As the size of the organization has grown, you've decide to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys.
To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other.
What should you do?
Configure the RADIUS server with a server certificate.
Configure all wireless access points with client certificates.
Which EAP implementation is most secure?
EAP-TLS
Which of the following features on a wireless network allows or rejects client connections based on the hardware address?
MAC address filtering
You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from accessing the access point (AP) configuration utility?
Change the administrative password on the AP.
You are concerned about sniffing attacks on your wireless network. Which of the following implementations offers the best countermeasure to sniffing?
WPA2 with AES
What is the least secure place to locate an access point with an omni-directional antenna when creating a wireless cell?
Near a window
What purposes does a wireless site survey server?
To identify existing or potential sources of interference.
To identify the coverage area and preferred placement of access points.
You need to place a wireless access point in your two-story building. While trying avoid interference, which of the following is the best location for the access point?
In the top floor
A
B
C
D
E
F
G
Directional
Directional
Omnidirectional
Directional
Directional
Directional
Directional
The owner of a hotel has contracted with you to implement a wireless network to provide Internet access for guests.
The owner has asked that you implement security controls such that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the Internet. If a user does not provide the correct code, they should not be allowed to access the Internet.
What should you do?
Implement a captive portal.
You manage a network with a single switch. All hosts connect to the network through the switch.
You want to increase the security of devices that are part of the accounting department. You want to make sure that broadcast traffic sent by an accounting computer is only received by other accounting computers, and you want to implement ACLs to control traffic sent to accounting computers through the network.
What should you do?
Use a router to configure a subnet for the accounting computers.
You want to reduce collisions by creating separate collision domains and virtual LANs. Which of the following devices should you choose?
Switch
Which of the following is an advantage of using switches to create virtual LANs?
Broadcast traffic travels to a subset of devices rather than to all devices on the network.
Which characteristic of a switch can improve bandwidth utilization and reduce the risk of sniffing attacks on the network?
A switch filters port traffic based on MAC address.
What characteristic of hubs poses a security threat?
Hubs transmit frames to all hosts on all ports.
Which of the following devices does not examine the MAC address in a frame before processing or forwarding the frame?
Hub
Which of the following describes how a router can be used to implement security on your network?
Use an access control list to deny traffic from specific IP addresses.
A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all of the other data entry employees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas.
This situation indicates which of the following has occurred?
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?
Privilege escalation
You've just deployed a new Cisco router that connects several network segments in your organization.
The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a password of password.
What should you do to increase the security of this device?
Use a stronger administrative password
While developing a network application, a programmer adds functionally that allows her to access the running program, without authentication, to capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application.
What type of security weakness does this represent?
Backdoor
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
ARP spoofing/poisoning
Which is a typical goal of MAC spoofing?
Bypassing 802.1x port-based security
Which protocol should you disable on the user access ports of a switch?
DTP
You've just deployed a new Cisco router that connects several network segments in your organization.
The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a user name of admin and a password of admin. You have used the MD5 hashing algorithm to protect the password.
What should you do to increase the security of this device?
Use an SSH client to access the router configuration.
Change the default administrative user name and password.
You've just deployed a new Cisco router that connects several network segments in your organization.
The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with a user name of admin01 and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.
What should you do to increase the security of this device?
Move the router to a secure server room.
You've just deployed a new Cisco router that connects several network segments in your organization.
The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with a user name of admin01 and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.
What should you do to increase the security of this device?
Use SCP to back up the router configuration to a remote location.
SSL
HTTP
SSH
Telnet
Console port
Uses public-key cryptography
Transfers data in clear text
Uses public-key cryptography
Transfers data in clear text
Cannot be sniffed
A virtual LAN can be created using which of the following?
Switch
When configuring VLANs on a switch, what is used to identify VLAN membership of a device?
Switch port
You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch.
Which of the following should you implement?
802.1x
Which of the following applications typically use 802.1x authentication?
Controlling access through a switch
Controlling access through a wireless access point
You manage a network that uses a single switch. All ports within your building connect through the single switch.
In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access.
Which feature should you implement?
VLANs
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?
Trunk ports
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch.
You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network.
What feature should you configure?
Port authentication
Which of the following solutions would you implement to eliminate switching loops?
Spanning tree
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches.
Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning tree
In which of the following situations would you use port security?
You want to restrict the devices that could connect through a switch port.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the Internet.
The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the Internet.
What can you do?
Configure port security on the switch.
You run a small network for your business that has a single router connected to the Internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer.
What should you use for this situation?
VLAN
Which of the following best describes the concept of a virtual LAN?
Devices on the same network logically grouped as if they were on separate networks.
Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access.
You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?
VLAN
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available.
Which feature should your switch support?
Spanning tree
You are concerned about protecting your network from network-based attacks from the Internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections.
Which type of device should you use?
Anomaly based IDS
What do host based intrusion detection systems often rely upon to perform their detection activities?
Host system auditing capabilities
What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack?
An alert is generated and delivered via e-mail, the console, or an SNMP trap.
The IDS logs all pertinent data about the intrusion.
Which of the following activities are considered passive in regards to the functioning of an intrusion detection system?
Monitoring the audit trails on a server
Listening to network traffic
An active IDS system often performs which of the following actions?
Perform reverse lookups to identify an intruder
Update filters to block suspect traffic
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?
Signature based
You have just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis?
Update the signature files
What is the most common form of host based IDS that employs signature or pattern matching detection methods?
Anti-virus software
You have configured a NIDS to monitor network traffic. Which of the following describes an attack that is not detected by the NIDS device?
False negative
Which of the following describes a false positive when using an IPS device?
Legitimate traffic being flagged as malicious
If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?
Disconnect the intruder
Which of the following devices is capable of detecting and responding to security threats?
IPS
You want to create a collection of computers on your network that appear to have valuable data, but are really computers configured with fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the methods of attack that are being deployed.
What should you implement?
Honeynet
A honey pot is used for what purpose?
To delay intruders in order to gather auditing data
Your organization uses a Web server to host an e-commerce site.
Because this Web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the Web server. The security control must be able to identify malicious payloads and black them.
What should you do?
Implement an application-aware IPS in front of the Web server.
Hard zoning
Port zoning
Soft zoning
The SAN switch is configured with ACLs to restrict communications between SAN hosts and storage devices.
Zone membership and access to SAN storage is based on the switch port a SAN host is connected to.
The SAN fabric naming service is configured such that a SAN host can view only the names of storage devices that are in the same zone.
You are implementing an iSCSI SAN that will be used by the file servers in your organization.
You are concerned about security, so your design specifies that iSCSI initiators and targets must authenticate with each other before a connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted.
Which of the following are true in the scenario?
The Internet Protocol Security (IPSec) protocol can be used to encrypt data in transit.
The Challenge-Handshake Authentication Protocol (CHAP) and Reverse CHAP can be used to mutually authenticate SAN hosts.
You are implementing a Fibre Channel SAN that will be used by the database servers in your organization.
You are concerned about security, so your design specifies that SAN hosts must authenticate with each other before a connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted.
Which of the following are true in this scenario?
The Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) can be used to mutually authenticate SAN hosts.
The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit.
Port locking
Fabric zoning
Port type locking
Virtual SANs
LUN masking
Binds specific SAN IDs to specific SAN switch ports.
Makes devices within a zone visible only to other devices within that same zone.
Limits the type of devices that can connect to a SAN switch port.
Divides a SAN into multiple logical SANs.
Makes LUNs available to some SAN hosts and unavailable to other SAN hosts.
You are designing a Fibre Channel SAN implementation that will be used by the file servers in your organization.
Multiple volumes will be configured on the SAN, each used by different departments in your organization. It's very important that only the appropriate server be able to connect to a given volume on the SAN. For example, the Sales and Marketing server must not be allowed to connect to the SAN volume used by Human Resources.
To enable this, you decide to use LUN masking.
Which of the follow is true of this scenario?
LUN masking provides weak security as it only obscures volumes on the SAN.
What is the main difference between a worm and a virus?
A worm can replicate itself, while a virus requires a host for distribution.
A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent?
Botnet
What is a program that appears to be a legitimate application, utility, game, or screensaver and that performs malicious activities surreptitiously?
Trojan horse
Which of the following describes a logic bomb?
A program that performs a malicious activity at a specific time or after a triggering event
You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer.
Which of the following terms best describes this software?
Rootkit
While browsing the Internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed.
What is this an example of?
Adware
Developers in your company have created a Web application that interfaces with a database server. During development, programmers created a special user account that bypasses the normal security.
What is this an example of?
Backdoor
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source.
What is another name for a logic bomb?
Asynchronous attack
You have installed anti-malware software that checks for viruses in e-mail attachments. You configure the software to quarantine any files with problems.
You receive an e-mail with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software.
What has happened to the file?
It has been moved to a secure folder on your computer.
Which of the following measures are you most likely to implement to protect against a worm or Trojan horse?
Anti-virus software
Which of the following statements about the use of anti-virus software is correct?
Anti-virus software should be configured to download updated virus definition files as soon as they become available.
You recently discovered several key files of your antivirus program have been deleted. You suspect that a virus has deleted the files. Which type of virus deletes key antivirus program files?
Retro
Which type of virus intercepts system requests and alters service outputs to conceal its presence?
Stealth
NetBus and Back Orifice are remote control tools. They allow you to connect to a remote system over a network and operate it as if you were sitting at its local keyboard. Unfortunately, these two programs are also examples of what type of security concern?
Backdoor trojans
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?
A strong password policy
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table
Which of the following is most vulnerable to a brute force attack?
Password authentication
A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. The computer runs Windows 7.
When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d.
On first logon, Bob is prompted to change his password, so he changes it to the name of his dog (Fido).
What should you do to increase the security of Bob's account?
Use Group Policy to require strong passwords on user accounts.
Train users not to use passwords that are easy to guess.
Which of the following actions should you take to reduce the attack surface of a server?
Disable unused services
Which of the following describes a configuration baseline?
A list of common security settings that a group or all devices share
You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server.
Which of the following recommendations should you follow when applying the hotfix?
Test the hotfix, then apply it to all servers.
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following should you do to increase its security?
Change default account passwords
Apply all patches and updates
Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)?
Hotfix
Which of the following is the best recommendation for applying hotfixes to your servers?
Apply only the hotfixes that apply to software running on your systems.
By definition, what is the process of reducing security exposure and tightening security controls?
Hardening
When securing a newly deployed server, which of the following rules of thumb should be followed?
Determine the unneeded services and their dependencies before altering the system.
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations?
Group Policy
WSUS
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply these to multiple computers.
Which tool would be the best choice to use?
Group Policy
Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers?
Group Policy
For users who are members of the Sales team, you want to force their computers to use a specific desktop background and remove access to administrative tools from the Start menu.
Which solution should you use?
Group Policy
Arrange the GPOs in the order in which they are applied.
1. The Local Group Policy on the Computers.
2. GPOs linked to the domain that contains the user or computer object.
3. GPOs linked to the organizational unit that contains the object.
Software that should be installed on a specific computer
Software that should be installed for a specific user
Scripts that should run at startup or shutdown
Scripts that should run at logon or logoff
Network communication security settings
Computer Configuration
User Configuration
Computer Configuration
User Configuration
Computer Configuration
FTPS uses which mechanism to provide security for authentication and data transfer?
SSL
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change.
What is the best way to accomplish this?
Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.
You have two folders that contain documents used by various departments:
The Development group has been given the Write permission to the Design folder.
The Sales group has been given the Write permission to the Products folder.
No other permissions have been given to either group.
User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible.
What should you do?
Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.
You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers.
What should you do?
Create a security group for the administrators; add all user accounts to the group.
Grant the group the necessary user rights.
You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network, and control access to files are accessed through the network or through a local logon.
Which solution should you implement?
NTFS and share permissions
You have a shared folder named Reports. Members of the managers group have been given Write access to the shared folder.
Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file.
What should you do?
Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server.
What should you do to enable access?
Open ports 20 and 21 for inbound and outbound connections
Many popular operating systems allow for quick and easy sharing of files and printers with other network members. Which of the following is not a means by which file and printer sharing is hardened?
Allowing NetBIOS traffic outside of your secured network
Which command should you use to scan for open TCP ports on your Linux system?
nmap -sT
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?
nmap
Which command should you use to display both listneing and non-listening sockets on your Linux system?
netstat -a
What will the netstat -a command show?
All listening and non-listening sockets
You manage the information systems for a large manufacturing firm.
Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to mange your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an Internet connection.
You are concerned about the security of these devices. What can you do to increase their security posture?
Install the latest firmware updates from the device manufacturer
Verify that your network's existing security infrastructure is working properly
You manage the information systems for a large co-location data center.
Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology allowing them to be managed using a mobile device app over an Internet connection.
You are concerned about the security of these devices. What can you do to increase their security posture?
Verify that your network's existing security infrastructure is working properly.
Install the latest firmware updates from the device manufacturer
Why do attackers prefer static environment devices to conduct distributed network attacks?
These devices tend to employ much weaker security than traditional network devices.
These devices are typically more difficult to monitor than traditional network devices.
You want to prevent your browser form running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
Client-side scripts
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
Buffer overflow
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
XSS
When you browse to a website, a pop-up windows tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system.
What type of attack has occurred?
Drive-by download
Which of the following are subject to SQL injection attacks?
Database servers
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored.
An attacker is able to insert database commands in the input fields and have those commands execute on the server.
Which type of attack has occurred?
SQL injection
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
Buffer overflow
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
Buffer overflow
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view.
Which tool can you implement to prevent these windows from showing?
Pop-up blocker
While using a Web-based order form, an attacker enters an usually large value in the Quantity field.
The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number.
As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money.
What type of attack has occurred in this scenario?
Integer overflow
While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences.
However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission.
What type of exploit has occurred in this scenario?
Locally shared object (LSO) exploit
Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names:
www.videoshare.com
www.vidshar.com
www.vidsshare.com
Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passwords.
What type of attack has occurred in this scenario?
Typosquatting
Watering hold attack
Arbitrary code execution exploit
LSO exploit
Zero-day attack
An attacker compromises a Web site, hoping that a target individual will access the site and be exposed to the exploit.
A vulnerability in a running process allows an attacker to inject malicious instructions and run them.
A Flash cookie is used to collect information about the user's browsing habits without their permission.
An attacker exploits computer application vulnerabilities before they are known and patched by the application's developer.
An attacker inserts SQL database commands into a data input field of an order form used by a Web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser.
Which practice would have prevented this exploit?
Implementing client-side validation
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field.
The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number.
As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money.
Which practices would have prevented this exploit?
Implementing client-side validation
Implementing server-side validation
Use of which of the following is a possible violation of privacy?
Cookies
Which of the following is not true regarding cookies?
They operate within a security sandbox
Which of the following is a text file provided by a Web site to a client that is stored on a user's hard drive in order to track and record information about the user?
Cookie
You want to allow e-commerce Web sites that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit.
How should you configure the browser settings?
Allow the first party cookies but block third-party cookies
What is a cookie?
A file saved on your hard drive that tracks Web site preferences and use.
To help prevent browser attacks, users of public computers should do which of the following?
Clear the browser cache
You manage several Windows systems.
Desktop users access an in-house application that is hosted on your intranet Web server. When a user click a specific option in the application, they receive an error message that the pop-up was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security.
What should you do?
Add the URL of the Web site to the Local intranet zone.
You manage several Windows systems. All computers are members of a domain.
You use an internal Web site that uses Integrated Windows Authentication. You attempt to connect to the Web site and are prompted for authentication.
You verify that your user account has permission to access the Web site. You need to ensure that you are automatically authenticated when you connect to the Web site.
What should you do?
Add the internal Web site to the Local intranet zone.
You have been getting a lot of phishing e-mails sent from the domain kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl.
You want to make sure that these e-mails never reach your Inbox, but that e-mails from other senders are not affected.
What should you do?
Add kenyan.msn.pl to the e-mail blacklist.
Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?
Spamming
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware.
What kind of attack has occurred in this scenario?
Spam
Which of the following mechanisms can you use to add encryption to e-mail?
S/MIME
PGP
You want to use a protocol for encrypting e-mails that uses a PKI with X.509 certificates. Which method should you choose?
S/MIME
What is the most common means of virus distribution?
E-mail
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send e-mail messages.
Which type of e-mail attack is this server susceptible to?
Open SMTP relay
Users in your organization receive e-mail messages informing them that suspicious activity has been detected on their bank account. They are directed to click a link in the e-mail to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain.
What kind of attack has occurred?
Phishing
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?
Peer-to-peer networking
What type of attack is most likely to succeed against communications between Instant Messaging clients?
Sniffing
Instant Messaging does not provide which of the following?
Privacy
Your organization's security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received an anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work.
You research BitTorrent and find that it uses TCP ports 6881-6889 by default. You check your perimeter firewall configuration and only ports 80 and 443 are open. However, when you check your firewall logs, you find that no network traffic using ports 6881-6889 has been blocked.
What should you do?
Implement an application control solution
You are implementing a new application control solution.
Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviours and log violations for later review.
How should you configure the application control software to handle applications not contained in the whitelist?
Flag
Which of the following are disadvantages to server virtualization?
A compromise of the host system might affect multiple servers
A failure in one hardware component could affect multiple servers
You have development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might get installed while browsing websites and could compromise your system or pose a confidentiality risk.
Which of the following would best protect your system?
Run the browser within a virtual environment
Which of the following is an advantage of a virtual broswer?
Protects the host operating system from malicious downloads
Which of the following are advantages of virtualization?
Centralized administration
Easy migration of systems to different hardware
You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems versions and editions.
Currently, all your testing virtual machines are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could possible adversely impact other network hosts if mistakes or errors exist in the code.
To prevent this, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other.
What should you do?
Create a new virtual switch configured for host-only (internal) networking
Connect the virtual network interfaces in the virtual machines to the virtual switch
Flexibility
Testing
Server consolidation
Sandboxing
Moving virtual machines between hypervisor hosts
Verifying that security controls are working as designed
Performing a physical-to-virtual migration (P2V)
Isolating a virtual machine from the physical network
You are responsible for maintaining Windows workstation operating systems in your organization. Recently, an update from Microsoft was automatically installed on your workstations that caused an application that was developed in-house to stop working.
To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed on production workstations.
Currently, all of your testing virtual machines do not have a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates.
What should you do?
Connect the virtual network interfaces in the virtual machines to the virtual switch
Create a new virtual switch configured for bridged (external) networking
Which of the following will enter random data to the inputs of an application?
Fuzzing
Which of the following is specifically meant to ensure that a program operates on clean, correct and useful data?
Input validation
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates them for security vulnerabilities.
Which assessment technique was used in this scenario?
Configuration testing
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities.
Which assessment technique was used in this scenario?
Code review
You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization.
You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment.
Which of the following are likely to be true about this test system?
The database admin user has no password assigned
Data will be stored in the database in unencrypted format
You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization.
You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment.
What should you do to harden this database before implementing it in a production environment?
Implement an Application layer protocol to encrypt data prior to saving it in the database
Disable anonymous access
Which form of alternate site is the cheapest but may not allow an organization to recover before reaching their maximum tolerable downtime?
Reciprocal agreement
Which of the following network strategies connects multiple servers together such that if one server fails, the others immediately take over its tasks, preventing a disruption in service?
Clustering
Which of the following drive configurations is fault tolerant?
RAID 5
You have been asked to deploy a network solution that requires an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?
Hot site
Daily backups are done at the ABD company location and only a weekly backup is maintained at another network location. Which of the following disaster recovery strategies is ABD using?
Warm site
You manage a Web site for your company. The Web site uses three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply.
Considering the availability of your website, which component represents a single point of failure?
Website storage
You manage the website for your company. The Web1 server hosts the website. This server has the following configuration:
Dual core processor
Dual power supplies
RAID 5 volume
One RAID controller
Two 1000 Mbps network adapters
Which component is a single point of failure for the website?
Disk controller
You have been asked to implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5?
3
What is an advantage of RAID 5 over RAID 1?
RAID 5 improves performance over RAID 1.
You manage the website for your company. The website uses a cluster of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage, and a single connection to your ISP.
You want to provide redundancy such that a failure in a single component does not cause the website to be unavailable. What should you add to your configuration to accomplish this?
Connect one server through a different ISP to the Internet.
When should a hardware device be replaced in order to minimize downtime?
Just before it's MTBF is reached.
You have a Web server on your network that hosts the public Web site for your company. You want to make sure that the Web site will continue to be available even if a NIC, hard drive, or other problem prevents the server from responding.
Which solution should you implement?
Load balancing
Which of the following is a recovery site that may have electricity connected, but there are no servers installed an no high-speed data lines present?
Cold site
Which of the following terms describes the actual time required to successfully recover operations in the event of an incident?
Recovery Time Objective (RTO)
MTTF
MTD
MTTR
MTBF
Measures the average time to failure of a system or component.
Identifies the length of time an organization can survive with a specified service, asset, or process down
Identifies the average amount of time to repair a failed component or to restore operations
Identifies the average lifetime of a system or component
Even if you perform regular backups, what must be done to ensure that you are protected against data loss?
Regularly test restoration procedures
Why should backup media be stored offsite?
To prevent the same disaster from affecting both the network and the backup media
A system failure has occurred. Which of the following restoration processes would result in the fastest restoration of all data to its most current state?
Restore the full backup and the last differential backup
Which of the following are backed up during an incremental backup?
Only files that have changed since the last full or incremental backup
Which of the following are backed up during a differential backup?
Only files that have changed since the last full backup
To increase your ability to recover from a disaster, where should you store backup tapes?
In a safety deposit box at a bank
Which backup strategy backs up all files forma a computer's file system regardless of whether the file's archive bit is set or not and marks them as having been backed up?
Full
Which backup strategy backs up only files which have the archive bit set, but does not mark them as having been backed up?
Differential
Your organization uses the following tape rotation strategy for its backup tapes:
1. The first set of tapes is used for daily backups.
2. At the end of each week, the latest daily backup tape is promoted to be the weekly backup tape.
3. At the end of each month, one of the weekly backup tapes is promoted to be the monthly backup tape.
What kind of backup tape rotation strategy is being used?
Grandfather
The disaster recovery plan calls for having tape backups stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies to choose a method that uses the fewest tapes, but is also quick to back up and restore files.
Which backup strategy would best meet the disaster recovery plan for tape backups?
Perform a full backup once a week with a differential backup the other days of the week
What does an incremental backup do during the backup?
Backs up all files with the archive bit set; resets the archive bit
What does a differential backup do during the backup?
Backs up all files with the archive bit set; does not reset the archive bit
Your network uses the following backup strategy:
Full backups every Sunday night
Incremental backups Monday through Saturday nights
Thursday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?
4
Your network uses the following backup strategy:
Full backups every Sunday night
Differential backups Monday through Saturday nights
Thursday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?
2
Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived.
Wednesday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?
1
You would like to implement BitLocker to encrypt data on a hard disk even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device.
What should you do?
Enable the TPM in the BIOS
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files.
What should you do?
Implement BitLocker with a TPM
Which of the following security measure encrypts the entire contents of a hard drive?
DriveLock
You want a security solution that protects the entire hard drive, preventing access even when it is moved to another system. Which solution would you choose?
BitLocker
Which of the following security solutions would prevent a user from reading a file which she did not create?
EFS
You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key.
Which system components are encrypted in this scenario?
Master boot record
C:\ volume
You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key.
You use EFS to encrypt the C:\Secrets folder and its contents.
Which of the following is true in this scenario?
If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, it will be saved in an unencrypted state.
Only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it by default
You create a new document and save it to a hard drive on a file server on your company's network. Then, you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing what security goal?
Confidentiality
You are purchasing a hard disk over the Internet from an online retailer. What does your browser use to ensure that others cannot see your credit card number on the Internet?
SSL
IPSec is implemented through two separate protocols. What are these protocols called?
AH
ESP
Which of the following network layer protocols provides authentication and encryption services for IP based network traffic?
IPSec
Which of the following protocols can be used to be securely manage a network device from a remote connection?
SSH
Which of the following protocols are often added to other protocols to provide secure transmission of data?
SSL
TLS
What is the primary function of the IKE protocol used with IPSec?
Create a security association between communicating partners.
Which of the following protocols can TLS use for key exchange?
RSA
Diffie-Hellman
SFTP uses which mechanism to provide security for authentication and data transfer?
SSH
Which of the following is a secure alternative to FTP that uses SSL for encryption?
FTPS
Which protocol does HTTPS use to offer greater security in Web transactions?
SSL
As network administrator you are asked to recommend a secure method of transferring data between hosts on a network. Which of the following protocols would you recommend?
SCP
SFTP
Telnet is inherently insecure because its communications is in plain text and easily intercepted. Which of the following is an acceptable alternative to Telnet?
SSH
What is the default encryption algorithm used by SSH (Secure Shell) to protect data traffic between a client and the controlled server?
IDEA
SSL (Secure Sockets Layer) operates at which layer of the OSI model?
Session
When using SSL authentication, what does the client verify first when checking a server's identity?
The current date and time must fall within the server's certificate validity period.
Which of the following cloud computing solutions will deliver software applications to a client either over the Internet or on a local area network?
SaaS
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?
PaaS delivers everything a developer needs to build an application onto the cloud infrastructure
Which of the following is not true regarding cloud computing?
Cloud computing requires end-user knowledge of the physical location and configuration of the system that delivers the services
Which of the following are true concerning the Virtual Desktop Infrastructure (VDI)?
In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on few central servers
User desktop environments are centrally hosted on servers instead of on individual desktop systems
Public cloud
Private cloud
Community cloud
Hybrid cloud
Provides cloud services to just about anyone
Provides cloud services to a single organization
Allows cloud services to be shared by several organizations
Integrates one cloud service with other cloud services
Which of the following functions can a port scanner provide?
Discovering unadvertised servers
Determining which ports are open on a firewall
Which of the following is the name of the type of port scan which does not complete the full three-way handshake of TCP, but rather listens only for either SYN/ACK or RST/ACK packets?
TCP SYN scan
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services.
Which tool should you use?
Port scanner
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need?
Vulnerability scanner
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Network mapper
You want to use a tool to scan a system for vulnerabilities including open ports, running services, and missing patches. Which tool would you use?
Nessus
Retina
You want to check a server for user accounts that have weak passwords. Which tool should you use?
John the Ripper
Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool?
Check for open ports
Check for missing patches
Check user accounts for weak passwords
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities?
OVAL
You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could be present on a system?
Definition
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?
Run the vulnerability assessment again
You want to use a vulnerability scanner to check a system for known security risks. What should you do first?
Update the scanner definition files
A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server.
What type of scan was conducted in this scenario?
Credentialed scan
A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside.
What type of scan should he use?
Non-credentialed scan
Which of the following identifies an operating system or network service based on its response to ICMP messages?
Fingerprinting
Which of the following uses hacking techniques to proactively discover internal vulnerabilities?
Penetration testing
You have decided to perform a double blind penetration test. Which of the following actions would you perform first?
Inform senior management
Which of the following activities are typically associated with a penetration test?
Running a port scanner
Attempting social engineering
What is the main difference between vulnerability scanning penetration testing?
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter
What is the primary purpose of penetration testing?
Test the effectiveness of your security periemeter
Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack?
Zero knowledge team
A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses NMAP to probe various network hosts to see which operating system they are running.
Which process did the administrator use in the penetration test in this scenario?
Active fingerprinting
A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try and determine which operating systems are running on network hosts.
Which process did the administrator use in the penetration test in this scenario?
Passive fingerprinting
Which of the following are included in an operations penetration test?
Looking through discarded papers or media for sensitive information
Eavesdropping or obtaining sensitive information from items that are not properly stored
Which phase or step of a security assessment is a passive activity?
Reconnaissance
White box test
Grey box test
Black box test
Single blind test
Double blind test
The tester has detailed information about the target system prior to starting the test
The tester has the same amount of information that would be available to a typical insider in the organization
The tester has no prior knowledge of the target system
Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed
The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed
You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device.
Which tool should you use?
Protocol analyzer
You want to know what protocols are being used on your network. You'd like to monitor network traffic and sort traffic based on protocol.
Which tool should you use?
Packet sniffer
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
Wireshark
You have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B.
On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B.
What should you do?
Configure port mirroring
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?
Packet sniffer
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device which is connected to the same hub that is connected to the router.
When you run the software, you only see frames addressed to the workstation and not to other devices.
Which feature should you configure?
Promiscuous mode
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device which is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router.
When you run the software, you only see frames addressed to the four workstations but not to the router.
Which feature should you configure?
Mirroring
You have recently reconfigured FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that FTP passwords and data are being encrypted.
Which tool should you use?
Protocol analyzer
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future?
Create a hash of each log
What does hashing of log files provide
Proof that the files have not been altered
When a new IT employee is hired by your organization, you need to clearly inform her of the log retention policy. This policy includes details about all but which of the following?
What limitation of legal punishment or fines is supported by the organization
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred.
Which log type should you check?
System
You have heard about a Trojan horse program where the compromised system sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker.
Which log would you monitor?
Firewall
Which of the following is a standard for sending log messages to a central logging server?
Syslog
You suspect that some of your computers have been hijacked and are being used to perform denial of service attacks directed against other computer on the Internet.
Which log would you check to see if this is happening?
Firewall
You are interested in identifying the source of potential attacks that have recently been directed against your network but which have been successfully blocked.
Which log would you check?
Firewall
You suspect that your Web server has been the target of a denial of service attack. You would like to view information about the number of connections to the server over the past three days.
Which log would you most likely examine?
Performance
You are concerned that an attacker can gain access to your Web server, make modifications to your system, and alter the log files to hide his actions. Which of the following actions would best protect the log files?
Use syslog to send log entries to another server
You decide to use syslog to send log entries from multiple servers to a central logging server. Which of the following are the most important considerations for your implementation?
Disk space on the syslog server
Clock synchronization between all devices
You manage a firewall that connects your private network to the Internet. You would like to see a record of every packet that has been rejected by the firewall in the past month.
Which tool should you use?
Event log
Which of the following best describes an audit daemon?
The trusted utility that runs a background process whenever auditing is enabled.
Which of the following is not included in a system level audit event?
Names of accessed files
Any actions performed by the user
The auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored?
Preventative
Which of the following is not an advantage when using an internal auditor to examine security systems and relevant documentation?
Findings in the audit and subsequent summations are viewed as objective
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment?
Periodic reviews must be conducted to detect malicious activity or policy violations.
Which of the following describes privilege auditing?
Rights and privileges of users and groups are checked to guard against creeping privileges
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?
Auditing
What is the purpose of audit trails?
Detect security-violating events
Which of the following is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?
Audit trail
A recreation of historical events is made possible through?
Audit trails
You have worked as the network administrator for a company for seven months. One day all picture files on the server become corrupted.
You discover that a user downloaded a virus from the Internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss is adamant that this situation does not reoccur.
What should you do?
Install a network virus detection software solution
You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed.
As part of your security plan, you would like to implement scanning of e-mails for all users. You want to scan the e-mails and prevent any e-mails with malicious attachments from being received by users.
Your solution should minimize administration, allowing you to centrally manage the scan settings.
Which solution should you use?
Network based firewall
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices.
You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.
Which solution should you implement?
Host-based IDS
What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?
IDS
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?
IDS
Network based intrusion detection is most suited to detect and prevent which types of attacks?
Bandwidth-based denial of service
What does an IDS that uses signature recognition use for identifying attacks?
Comparison to a database of known attacks
You want to implement an IDS system that uses rules or statistical analysis to detect attacks. Which type of IDS should you deploy?
Anomaly
Which of the following describes how access lists can be used to improve network security?
An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.
You want tot set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement?
RAS
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that server that you need.
You want the connection to be as secure as possible. Which type of connection will you need?
Remote acces
Which of the following tools allow for remote managmeent of servers?
SSH
Telnet
Which network service would you use to get the IP address from the FQDN hostname?
DNS
Which of the following specifications identify security that can be added to wireless networks?
802.11i
802.1x
What encryption method is used by WPA for wireless networks?
TKIP
You have physically added a wireless access point to your network and installed a wireless networking card in two laptops running Windows. Neither laptop can find the network and you have come to the conclusion that you must manually configure the wireless access point (AP).
Which of the following values uniquely identifies the network AP?
SSID
You have a small wireless network that uses multiple access points. The network uses WPA and broadcasts the SSID. WPA2 is not supported by the wireless access points.
You want to connect a laptop computer to the wireless network. Which of the following parameters will you need to configure on the laptop?
TKIP encryption
Preshared key
Holds a copy of the Active Directory database
Manages access for a workstation
Manages access for an employee
Can be created to logically organize network resources
Cannot be moved, renamed, or deleted
Defines a collection of network resources that share a common directory database
Domain controller
COmputer object
User object
Organizational unit
Generic container
Domain
You have configured a NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device?
False positive
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called?
Residual risk
Which of the following is not an example of a service level agreement?
Security policy design
What is a service level agreement (SLA)?
A guarantee of a specific level of service
A Service Level Agreement (SLA) defines the relationship between, and the contractual responsibilities of, providers and recipients of services. Which of the following characteristics are most important when designing an SLA?
Clear and detailed descriptions of penalties if the level of service is not provided.
Detailed provider responsibilities for all continuity and diasaster recovery mechanisms.
Which of the following is a policy that defines appropriate and inappropriate activities and usage for company resources, assets, and communications?
Acceptable use policy
When developing the totality of security policy documentation, what type of policy document will contain instructions or information on remaining in compliance with regulations and industry standards?
Standards
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?
Change management
When duplicating a drive for forensic investigative purposes, which of the following copying methods is most appropriate?
Bit-level cloning
What is the most common failure of a security policy in an environment?
Lack of user awareness
You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them through a local liquidator. Computers were previously not used for storing sensitive information.
What should you do prior to getting rid of the computers?
Sanitize the hard drives
Which of the following activities assigns a security level to different types of data?
Information classification
Which of the following is not part of security awanress training?
Employee agreement documents
What is the primary security feature that can be diesgned into a network's infrastructure to protect and support availability?
Redundancy
To prevent server downtime, which of the following components should be installed redundantly in a server system?
Power supply
Which of the following disk configurations might sustain losing two disks?
RAID 1+0
RAID 0+1
You have a computer with three hard disks.
A RAID 0 volume uses space on Disk 1 and Disk 2.
A RAID 1 volume uses space on Disk 2 and Disk 3.
Disk 2 fails. Which of the following is true?
Data on the RAID 1 volume is accessible; data on the RAID 0 volume is not.
You manage a server that runs your company Web site. The Web server has reached its capacity, and the number of client requests is greater than the server can handle.
You would like to find a solution so that a second server can respond to requests for Web site content.
Which solution should you implement?
Load balancing
If your mission critical services have a maximum tolerable downtime (MTD) (or a recovery time objective (RTO)) of 36 hours, what would be the optimum form of recovery site you should choose?
Warm
Which of the following is a characteristic of a virus?
Requires an activation mechanism to run
Which of the following is undetectable software that allows administrator-level access?
Rootkit
Which of the following are characteristics of a rootkit?
Requires administrator-level privileges for installation
Hides itself from detection
Which of the following is not a primary characteristic of a worm?
It infects the MBR of a hard drive
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which type of activity could result?
Spam
Which type of activity changes or falsifies information in order to mislead or re-direct traffic?
Spoofing
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?
Spam
Which of the following are denial of service attacks?
Smurf
Fraggle
Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?
Denial of service attack
As the victim of a Smurf attack, what protection measure is the most effective during the attack?
Communicating with your upstream provider
An attacker on the network intends to overwhelm another computer with ICMP packets as follows:
1. The attacker sends a broadcast ICMP packet to the switch
2. The switch sends the packet to all hosts on the network
3. Each host replies, but the packets are addressed to the victim
4. The victim is overwhelmed wwith ICMP packets
What type of attack has occurred on the network?
Smurf
Which of the following is not a form of social engineering?
Impersonating a user by loggin on with stolen credentials
Attackers convince personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access.
Attackers send e-mails to senior executives and high profile personnel pretending to be from a trusted organization asking to verify personal information of send money.
Attackers use Voice over IP (VoIP) to pretend to be from a trusted organization asking victims to verify personal information or send money.
Attackers send e-mails with specific information about the victim (such as which online banks they use) that ask them to verify personal information or send money.
Attackers send unwanted and unsolicited text messages to many people with the intent to sell products or services.
Masquerading
Whaling
Vishing
Spear phishing
Spim
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?
Buffer overflow
Which of the following methods should you use to prevent SQL injection attacks?
Perform input validation
What is the most common attack waged against Web server?
Buffer overflow
Which of the following is not an example of a physical barrier access control mechanism?
One time passwords
What is the primary benefit of CCTV?
Expands the area visible by security guards
You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan?
Security guards
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack.
Which tool should you use?
IPS
If your anti-virus software does not detect and remove a virus, what should you try first?
Update your virus detection software.
You have a development machine that contains sensitive information relative to your business. Youa re concerned that spyawre and malware might get installed while browsing websites and could compromise your system or pose a condientiality risk.
Which of the following would best protect your system?
Run the browser within a virtual environment
You have installed anti-virus software on the computers on your network. You update the definition and engine files, and configure the software to update those files everyday.
What else should you do to protect your systems from malware?
Schedule regular full system scans
Educate users about malware
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware.
Which of the following actions would best prevent this scenario from occurring again?
Configure the software to automatically download the virus definition files as soon as they become available.
Which of the following functions are performed by the TPM?
Create a hash of system components
You have a network with 3 remote access servers, a RADIUS server used for authenticaiton and authorrization, and a second RADIUS server used for accounting.
Where should you configure remote access policies?
On the RADIUS server used for authentication and authorization
What does the Mandatory Access Control (MAC) method use to control access?
Sensitivity labels
A router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions.
This is an example of which kind of access control model?
RBAC (based on rules)
Which of the following identification and authentication factors are often well-known or easy to discover by others on the same network or system?
Username
Which of the following is the most common form of authentication?
Password
Which of the following best describes oe-factor authentication?
Multiple authentication credentials may be required, but they are all of the same type
You maintain a network with four servers. Currently, users must provide authentication credentials whenever they access a different server.
Which solution allows users to supply authentication credentials once for all servers?
SSO
Which of the following are disadvantages of biometrics?
They have a potential for numerous false negatives
When used alone or solely, they are no more secure than a strong password
What is the most important aspect of a biometric device?
Accuracy
Which of the following is not used to oversee and/or improve the security performance of employees?
Exit interviews
You have hired 10 new temporary workers who will be witht he company for 3 months. You want to make sure that after that time the user accounts cannot be used for logon. What should you do?
Configure account expiration in the user accounts
What form of cryptography is best suited for bulk encryption because it is sof ast?
Symmetric key cryptography
What is the most obvious means of providing non-repudiation in a cryptography system?
Digital signatures
When a sender encrypts a message using their own private key, what security service is being provided to the recipient?
Non-repudiation
When protection of the content of a message is required, which of the following cryptography solutions should be employed?
Symmetric encryption
Which of the following is not a valid example of steganography?
Encrypting a data file with an encryption key
Which of the following is the weakest symmetric encryption method?
DES
Which of the following are typically used for encrypting data on a wireless network?
AES
TKIP
Which of the following is a minimal requirement in order to employ S/MIME?
Digital certificate
Which of the following is an advantage of WPA over WEP?
Dynamic keys
You are configuring a dial-up connection to a remote access server. Which protocols would you choose to establish the connection and authenticate, providing the most secure connection possible?
PPP
CHAP
Which of the following is not true regarding SSL (Secure Sockets Layer)?
SSL authenticates the server to the client using a biometric based multi-factor authentication mechanism
The session keys employed by SSL (Secure Sockets Layer) are available in what big lengths?
128 bit and 40 bit
In the certificate authority trust model known as a hierarchy, where does trust start?
Root CA
Which standard is most widely used for certificates?
X.509
Certificates can be invalidated by the trusted third-party that originally issued the certificate. WHat is the name of the mechanism that is used to distribute information about invalid certificates?
CRL
Which of the following identifies someone who can retrieve private keys from storage?
Recovery agent
Which of the following best describes the contents of the CRL?
A list of all revoked certificates
Which of the following is a mechanism for granting and validating certificates?
PKI
Certificate revocation should occur under all but which of the following conditions?
The certificate owner has held the certificate beyond the established lifetime timer
Which of the following would require that a certificate be placed on the CRL?
The private key is compromised
A private key has been stolen. What action should be taken to deal with this crisis?
Add the digital certificate to the CRL
What action is taken when the private key associated with a digital certificate becomes compromised?
The certificate is revoked and added to the Certificate Revocation List
You are concerned that if a private key is lost, all documents encrypted using your private key will be inaccessible. Which service should you use to solve this problem?
Key escrow
Which of the following is the best countermeasure for man-in-the-middle attacks?
Public Key Infrastructure (PKI)
An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?
The CA's public key must validate the CA's digital signature on the server certificate
Which of the following are improvements to SNMP that are included within SNMP version 3?
Encryption of SNMP messages
Authentication for agents and managers
Which access control type is used to implement short-term repairs to restore basic funcitonality following an attack?
Corrective
Encryption is which type of access control?
Technical
What type of password is maryhadalittlelamb?
Pass phrase
Which of the following conditions is desirable when selecting a biometric system?
A low crossover error rate
A high processing rate
Which of the following is not a characteristic of Kerberos?
Peer-to-peer relationships between entities
What is another termf or the type of lgon credentials provided by a token device?
One-time password
Which form of authentication solution employs a hashed form of the user's password that has an added time stamp as a form of identity?
Kerberos
Which of the following is not an example of a single sign-on solution?
Workgroup
A smart card can be used to store all but which of the following items?
Biometric template original
http://tabs.ultimate-guitar.com/e/ed_sheeran/i_see_fire_ver4_crd.htmis an example of a decentralized privilege management solution?
Workgroup
Where are the goals and mission of an organization defined?
Strategic security policy
If your organization relies on high-end customized software developed by an external company, what security precaution should be implemented to protect yourself against the software developer going out of business?
Code escrow
Change control should be used to oversee and manage changes over what aspect of an organization?
Every aspect
Which of the following is not part of security awareness training?
Employee agreement documents
Which of the following is the least reliable means to clean or purge media?
Degaussing
In a high security environment, what is the most important concern when a removable media is no longer needed?
Destruction
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and was allowed to pass withough any alerts being generated
Which of the following is not true concerning a padded cell?
Is often placed inside a honey pot.
Network-based intrustion detection systems (IDS) are able to detect which type of attacks?
Port scanning
Denial of service
Audit trails produced by auditing activities are considered what type of security control?
Detective
Which of the following best defines Single Loss Expectancy (SLE)?
The total monetary loss associated with a single occurrence of a threat
Which of the following is the most frequently used symmetric key stream cipher?
Ron's Cipher v4 (RC4)
Which of the following forms of cryptography is best implemented in hardware?
Symmetric stream
Which of the following was the runner up in the selection of the algorithm of AES?
Twofish
Which of the following symmetric cryptography systems can have a key size of 0 bits/
RC5
Which of the following symmetric cryptography systems does not support a variable block size?
IDEA
Which of the following is an example of a statistical attack against a cryptosystem?
Exploiting a computer's inability to produce true random numbers
Which of the following is not an accepted countermeasure to strengthen a cryptosystem?
Keep the cryptosystem a secret
Which of the following is not a valid statement in regards to key management?
Keys should not be destroyed at the end of their lifetime, instead they should be escrowed
What is the primary purpose of a certificate?
Identity proofing
FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol) can both be secured using which of the following?
SSL (Secure Sockets Layer)
You want to allow traveling users to connect to your private network through the Internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the Internet in these locations.
Which of the following protocols would be most likely to be allowed through the widest number of firewalls?
SSL
After blocking a number of ports to secure your server, you are unable to send e-mail. To allow e-mail service which of the following needs to be done?
Open port 25 to allow SMTP service.
You are the administrator for a secure network that uses firewall filtering. Several network users have requested to access Internet Usenet groups but are unable. What needs to be done to allow users to access the newsgroups?
Open port 119 to allow NNTP service
You are reviewing the configuration of a firewall that serves as a single point for Internet Access. You note that the following ports are open: 21, 22, 25, 53, 8-, 110, and 443. Policy dictages that users are only allowed to perform the following actions on Internet hosts:
Download files using FTP
Brwse secure and insecure Websites
Send and receive e-mail
Which ports, if any, are you most likely to close on the firewall
22
You have a small home wireless network that uses WEP. The access point is configured as the DHCP server and a NAT router that connects to the Internet. You do not have a RADIUS server. Which authentication method should you choose?
Open
You have a business network where you are replacing the wired network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network will have multiple wireless access points. You want to use WPA2 on the network. What should you do to configure the wireless network?
Install a RADIUS server. Use 802.1x authentication.
Configure devices to run in infrastructure
You've just installed a wireless access point (AP) for your organization's network. You know that the radio signals used by the AP extend beyond your organization's building and are concerned that unauthorized users outside may be able to access your internal network.
What can you do to protect the wireless network?
Disable DHCP on the AP
Configure the AP to filter out unauthorized MAC addresses
YOU MIGHT ALSO LIKE...
STUDY GUIDE