Security +

Question 1
Mark for later review
Cloud computing is a model for enabling ubiquitous, convenient, on-
demand network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and services) that
can be rapidly provisioned and released with minimal management effort
or service provider interaction.
This cloud model is composed of five essential characteristics, three
service models, and four deployment models.
Please match the characteristics on the left with the descriptions
presented on the right side.

 On-demand self-service
 Broad network access
 Resource pooling
 Rapid elasticity
 Measured service

 Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly
outward and inward commensurate with demand.
 Capabilities are available over the network and accessed through standard mechanisms that promote
use by heterogeneous thin or thick client platforms
 A consumer can unilaterally provision computing capabilities as needed automatically
 Cloud systems automatically control and optimize resource use by leveraging a metering capability at
some level of abstraction appropriate to the type of service.
 The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant
model, with different physical and virtual resources dynamically assigned and reassigned according to
consumer demand.

 Question 2
 Mark for later review
 Based upon these two ARP tables, what is likely going on here?

Interface: [Link] --- 0x11

Internet Address Physical Address Type
[Link] f0-7b-cb-98-8a-d6 dynamic
[Link] 00-1b-a9-9b-e6-ad dynamic
[Link] f0-7c-cb-78-8c-d7 dynamic

Interface: [Link] --- 0x11

Internet Address Physical Address Type
[Link] f0-7b-cb-98-8a-d6 dynamic
[Link] f0-7b-cb-98-8a-d6 dynamic
[Link] f0-7b-cb-98-8a-d6 dynamic

 ARP Spoofing
 IP Address Spoofing
 ARP Table Corruption
 MAC Address Spoofing
Question 3
Mark for later review
You are running a packet sniffer on a network and see a packet containing
a long string of "0x90 0x90 0x90 0x90...." in the middle of it traveling to an
x86-based machine as a target. This could be indicative of what activity
being attempted?

Over-subscription of the traffic on a backbone.

A source quench packet.
A buffer overflow attack.
A FIN scan.

Question 4
Mark for later review
A packet containing a long string of NOP's followed by a command is
usually indicative of what?

A half-port scan.
A packet destined for the network's broadcast address.
A syn scan.
A buffer overflow attack.

Question 5
Mark for later review
In the days before CIDR (Classless Internet Domain Routing), networks
were commonly organized by classes. Which of the following would have
been true of a Class C network?

The first two bits of the IP address would be set to one, and the third bit set to zero.
The first three bits of the IP address would be set to one.
The first bit of the IP address would be set to zero.
The first bit of the IP address would be set to one and the second bit set to zero.

Question 6
Mark for later review
Which of the following is an IP address that is private (i.e. reserved for
internal networks, and not a valid address to use on the Internet)?

[Link]
[Link]
[Link]
[Link]

Question 7
Mark for later review
Which of the following is an IP address that is private (i.e. reserved for
internal networks, and not a valid address to use on the Internet)?

[Link]
[Link]
[Link]
[Link]

Question 8
Mark for later review
In the days before CIDR (Classless Internet Domain Routing), networks
were commonly organized by classes. Which of the following would have
been true of a Class A network?

The first bit of the IP address would be set to zero

The first three bits of the IP address would be set to one
The first two bits of the IP address would be set to one, and the third bit set to zero
The first bit of the IP address would be set to one and the second bit set to zero

Question 9
Mark for later review
When we encrypt or decrypt data there is a basic operation involving ones
and zeros where they are compared in a process that looks something like
this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output
What is this cryptographic operation called?
Exclusive-OR
Logical-NOR
Decryption
Bit Swapping

Question 10
Mark for later review
Which of the following BEST describes a function relying on a shared secret
key that is used along with a hashing algorithm to verify the integrity of
the communication content as well as the sender?

NAM - Negative Acknowledgement Message

Message Authentication Code - MAC
PAM - Pluggable Authentication Module
Digital Signature Certificate

Question 11
Mark for later review
The DES algorithm is an example of what type of cryptography?

Two-key
Secret Key
Asymmetric Key
Public Key
Previous Ne
Question 12
Mark for later review
Which of the following encryption methods is known to be unbreakable?

DES codebooks.
Symmetric ciphers.
One-time pads.
Elliptic Curve Cryptography.

Question 13
Mark for later review
What algorithm was DES derived from?

Lucifer.
Twofish.
Skipjack.
Brooks-Aldeman.
Previous Next
Question 14
Mark for later review
Where parties do not have a shared secret and large quantities of sensitive
information must be passed, the most efficient means of transferring
information is to use Hybrid Encryption Methods. What does this mean?

Use of elliptic curve encryption.

Use of software encryption assisted by a hardware encryption accelerator.
Use of public key encryption to secure a secret key, and message encryption using the secret
key.
 Use of the recipient's public key for encryption and decryption based on the recipient's private
key.
Previous Next
Question 15
Mark for later review
In computing what is the name of a non-self-replicating type of malware
program containing malicious code that appears to have some useful
purpose but also contains code that has a malicious or harmful purpose
imbedded in it, when executed, carries out actions that are unknown to the
person installing it, typically causing loss or theft of data, and possible
system harm.

Trojan horse.
virus.
worm.
trapdoor.
Previous Next
Question 16
Mark for later review
The three classic ways of authenticating yourself to the computer security
software are by something you know, by something you have, and by
something:

non-trivial.
you are.
you need.
you can get.

Question 17
Mark for later review
Which of the following exemplifies proper separation of duties?

Console operators are permitted to mount tapes and disks.

Operators are not permitted to modify the system time.
Tape operators are permitted to use the system console.
Programmers are permitted to use the system console.

Question 18
Mark for later review
Which of the following is not a logical control when implementing logical
access security?

passwords.
access profiles.
employee badges.
userids.

Question 19
Mark for later review
Which of the following media is MOST resistant to tapping?

coaxial cable.
twisted pair.
microwave.
fiber optic.

Question 20
Mark for later review
Which of the following is a tool often used to reduce the risk to a local area
network (LAN) that has external connections by filtering Ingress and
Egress traffic?

fiber optics.
passwords.
a firewall.
dial-up.

Question 21
Mark for later review
Which one of the following is usually not a benefit resulting from the use of
firewalls?

prevents the spread of viruses.

allows centralized management and control of services.
reduces the risks of external threats from malicious hackers.
reduces the threat level on internal system.

Question 22
Mark for later review
Which of the following would assist the most in Host Based intrusion
detection?

access control lists.

audit trails.
security clearances.
host-based authentication.

Question 23
Mark for later review
Controls to keep password sniffing attacks from compromising computer
systems include which of the following?

static and recurring passwords.

static and one-time passwords.
one-time passwords and encryption.
encryption and recurring passwords.

Question 24
Mark for later review
Which one of the following represents an ALE calculation?

asset value x loss expectancy.

actual replacement cost - proceeds of salvage.
single loss expectancy x annualized rate of occurrence.
gross loss expectancy x loss frequency.

Question 25
Mark for later review
Which application layer protocol is used to monitor networked devices and
to set configurations on those devices?

TFTP - Trivial File Transfer Protocol

SMTP - Simple Mail Transfer Protocol
SNMP - Simple Network Management Protocol
SSH - Secure Shell

Question 26
Mark for later review
Which of the following recovery plan test results would be most useful to
management?

description of each activity.

list of successful and unsuccessful activities.
amount of work completed.
elapsed time to perform various activities.
Previous Next
Question 27
Mark for later review
Which of the following computer recovery sites is the least expensive and
the most difficult to test?

mobile hot site.

cold site.
non-mobile hot site.
warm site.

Question 28
Mark for later review
Organizations should not view disaster recovery as which of the following?

Committed expense.
Enforcement of legal statutes.
Discretionary expense.
Compliance with regulations.

Question 29
Mark for later review
You are investigating a running Windows computer and after you scanned
it remotely, you noticed some odd TCP and UDP ports were open. Which
command native to Windows computers allows us to view open ports?

format C:
netstat -an
nslookup [Link]
ipconfig /displaydns

Question 30
Mark for later review
A deviation from an organization-wide security policy requires which of the
following?

Risk Containment
Risk Acceptance
Risk Reduction
Risk Assignment

Question 31
Mark for later review
Who must bear the primary responsibility for determining the level of
protection needed for information systems resources?
Systems Auditors
IS security specialists
Senior Management
Senior security analysts

Question 32
Mark for later review
The security of a computer application is most effective and economical in
which of the following cases?

The system is originally designed to provide the necessary security.

The system is optimized prior to the addition of security.
The system is procured off-the-shelf.
The system is customized to meet the specific security threat.

Question 33
Mark for later review
Who can best decide what are the adequate technical security controls in a
computer-based application system in regards to the protection of the data
being used, the criticality of the data, and it's sensitivity level ?

System Auditor
System Manager
Data or Information user
Data or Information Owner

Question 34
Mark for later review
The information security staffs participation in which of the following
system development life cycle phases provides maximum benefit to the
organization?

in parallel with every phase throughout the project

development and documentation phase
project initiation and planning phase
system design specifications phase

Question 35
Mark for later review
Which of the following statements is true about data encryption as a
method of protecting data?

It should sometimes be used for password files

It is usually easily administered
It requires careful key management
It makes few demands on system resources

Question 36
Mark for later review
How many bits is the effective length of the key of the Data Encryption
Standard algorithm?

64
168
128
56

Question 37
Mark for later review
A public key algorithm that does both encryption and digital signature is
which of the following?

RSA
Diffie-Hellman
IDEA
DES

Question 38
Mark for later review
Which of the following attacks could capture network user passwords?

Smurfing
Sniffing
Data diddling
IP Spoofing

Question 39
Mark for later review
When backing up an applications system's data, which of the following is a
key question to be answered first?

Where to keep backups

What records to backup
When to make backups
How to store backups
Question 40
Mark for later review
What is the 802.11 standard related to?

Packet-switching technology
The OSI/ISO model
Wireless network communications
Public Key Infrastructure (PKI)
Previous Next
Question 41
Mark for later review
Devices that supply power when the commercial utility power system fails
are called which of the following?

uninterruptible power supplies

power dividers
power conditioners
power filters

Question 42
Mark for later review
Which of the following would NOT be considered a Denial of Service Attack?

TearDrop
Smurf
Syn Flood
Zone Transfer

Question 43
Mark for later review
FTP, TFTP, SNMP, and SMTP are provided at what level of the Open
Systems Interconnect (OSI) Reference Model?

Network
Transport
Application
Presentation

Question 44
Mark for later review
A 'Pseudo flaw' is which of the following?
Used for testing for bounds violations in application programming.
An apparent loophole deliberately implanted in an operating system program as a trap for
intruders.
A normally generated page fault causing the system to halt.
An omission when generating Psuedo-code.

Question 45
Mark for later review
Which of the following is NOT true of Secure Sockets Layer (SSL)?

Is the predecessor to the Transport Layer Security (TLS) protocol.

It is used for transmitting private information, data, and documents over the Internet.
By convention it uses 's-[Link] instead of '[Link]
It was developed by Netscape.

Question 46
Mark for later review
Which of the following is the most reliable authentication method for
remote access?

Variable callback system

Combination of callback and caller ID
Synchronous token
Fixed callback system

Question 47
Mark for later review
Within the realm of IT security, which of the following combinations best
defines risk?

Threat coupled with a vulnerability

Vulnerability coupled with an attack
Threat coupled with a breach
Threat coupled with a breach of security

Question 48
Mark for later review
Which of the following is the most reliable and secure way of removing
data from magnetic storage media such as a magnetic tape, or a cassette?

Degaussing
Buffer overflow
Zeroization
Parity Bit Manipulation

Question 49
Mark for later review
Which of the following backup sites is the most effective for disaster
recovery?

Reciprocal Agreement
Hot sites
Cold sites
Time brokers

Question 50
Mark for later review
Which of the following is true related to network sniffing?

Sniffers alter the source address of a computer to disguise and exploit weak authentication
methods.
Sniffers allow an attacker to monitor data passing across a network.
Sniffers send IP fragments to a system that overlap with each other.
Sniffers take over network connections.

Question 51
Mark for later review
Which of the following is true of two-factor authentication?

It does not use single sign-on technology.

It relies on two independent proofs of identity.
It requires two measurements of hand geometry.
It uses the RSA public-key signature based on integers with large prime factors.

Question 52
Mark for later review
The primary service provided by Kerberos is which of the following?

confidentiality
authorization
authentication
non-repudiation

Question 53
Mark for later review
Which of the following identifies the encryption algorithm selected by NIST
for the new Advanced Encryption Standard?

RC6
Twofish
Serpent
Rijndael

Question 54
Mark for later review
Compared to RSA, which of the following is true of Elliptic Curve
Cryptography(ECC)?

It has been mathematically proved to be less secure.

It has been mathematically proved to be more secure.
It is believed to require longer key for equivalent security.
It is believed to require shorter keys for equivalent security.
Previous Next
Question 55
Mark for later review
Lower Layers (Physical, Link, Network, Transport) protection tools are
unable to protect against what kind of attacks?

Denial of Service Attacks

Piggy Back Attacks
Content Based Attacks
Brute Force Attacks

Question 56
Mark for later review
What are the three most important functions that digital signatures
perform?

Authorization, Detection and Accountability

Integrity, Authentication and Nonrepudiation
Integrity, Confidentiality and Authorization
Authorization, Authentication and Nonrepudiation

Question 57
Mark for later review
Which of the following tools is used to stress test applications, firewalling
and IDS devices by sending large numbers of packets at them including
randomly generated and/or malformed packets?

Snort
Wireshark
IP Stack Integrity Checker
Security Onion

Question 58
Mark for later review
Which of the following cryptographic attacks describes when the attacker
has a copy of the plaintext and the corresponding ciphertext?

known plaintext
ciphertext only
chosen plaintext
brute force

Question 59
Mark for later review
Which of the following steps is NOT part of a Business Impact Assessment
(BIA):

Identifying critical business functions.

Calculating the risk for each different business function.
Creating Data Gathering techniques.
Do not report BIA finding to management

Question 60
Mark for later review
In a known plaintext attack, the cryptanalyst has knowledge of which of
the following?

the plaintext and the secret key

both the plaintext and the associated ciphertext of several messages
the ciphertext and the key
the plaintext and the algorithm

Question 61
Mark for later review
Which of the following is unlike the other three choices presented?
Smurf
Buffer Overflow
Teardrop
El Gamal

Question 62
Mark for later review
Which of the following results in the most devastating business
interruptions?

Loss of Hardware/Software
Loss of Applications
Loss of Data
Loss of Communication Links
Previous Next
Question 63
Mark for later review
Which of the following is defined as the most recent point in time to which
data must be synchronized without adversely affecting the organization
(financial or operational impacts)?

Recovery Time Objective

Point of Time Objective
Recovery Point Objective
Critical Time Objective

Question 64
Mark for later review
You have discovered an attack on your system that exploited a
vulnerability however none of your antivirus scanners detected the threat.
You performed extensive research but you did not find anything on this
vulnerability and the resultant exploit. What classification of attack are you
likely seeing?

Malware Attack
Zero-Day Exploit
Below the RADAR Threat
Common Virus

Question 65
Mark for later review
In the CIA Triad, if Encryption provides Confidentiality, what can provide
Integrity?
Redundancy
Firewalls
Digital Signatures
Public Certificates

Question 66
Mark for later review
What is the length of an MD5 message digest?

varies depending upon the message size.

256 bits
128 bits
160 bits

Question 67
Mark for later review
Which of the following answers involves network access control using
digital certificates?

IEEE 802.1N
IEEE 802.1X
IEEE 802.1Q
IEEE 802.1AE

Question 68
Mark for later review
What is the role of IKE within the IPsec protocol?

peer authentication and key exchange

data encryption
data signature
enforcing quality of service

Question 69
Mark for later review
In a hierarchical PKI the highest CA is regularly called Root CA, it is also
referred to by which one of the following term?

Subordinate CA
Top Level CA
Master CA
Big CA
Question 70
Mark for later review
Which of the following is not a physical control for physical security?

facility construction materials

fences
training
lighting

Question 71
Mark for later review
Crime Prevention Through Environmental Design (CPTED) is a discipline
that:

Outlines how the proper design of the administrative control environment can reduce crime by
directly affecting human behavior.
Outlines how the proper design of the detective control environment can reduce crime by directly
affecting human behavior.
Outlines how the proper design of a physical environment can reduce crime by directly affecting
human behavior.
Outlines how the proper design of the logical environment can reduce crime by directly affecting
human behavior.

Question 72
Mark for later review
A momentary power outage is a:

spike
surge
fault
blackout

Question 73
Mark for later review
A momentary low voltage, from 1 cycle to a few seconds, is a:

sag
spike
blackout
fault
Question 74
Mark for later review
A prolonged high voltage is a:

blackout
spike
surge
fault

Question 75
Mark for later review
A prolonged power supply that is below normal voltage is a:

blackout
surge
brownout
fault

Question 76
Mark for later review
Which of the following is true about digital certificate?

You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a
specific user.
Can't contain geography data such as country for example.
Electronic credential proving that the person the certificate was issued to is who they claim to be
It is the same as digital signature proving Integrity and Authenticity of the data

Question 77
Mark for later review
What kind of Encryption technology does SSL utilize?

Secret or Symmetric key

Private key
Public Key
Hybrid (both Symmetric and Asymmetric)

Question 78
Mark for later review
Preservation of confidentiality within information systems requires that the
information is not disclosed to:

Authorized person
Unauthorized persons or processes.
Unauthorized persons.
Authorized persons and processes

Question 79
Mark for later review
What is called an event or activity that has the potential to cause harm to
the information systems or networks?

Vulnerability
Threat
Threat agent
Weakness
Previous Next
Question 80
Mark for later review
A weakness or lack of a safeguard, which may be exploited by a threat,
causing harm to the information systems or networks is called a ?

Threat
Vulnerability
Overflow
Risk

Question 81
Mark for later review
What is called the probability that a threat to an information system will
materialize?

Hole
Risk
Vulnerability
Threat

Question 82
Mark for later review
Controls like guards and general steps to maintain building security,
securing of server rooms or laptops, the protection of cables, and usage of
magnetic switches on doors and windows are some of the examples of:
Physical controls
Technical controls
Administrative controls
Logical controls
Previous Next
Question 83
Mark for later review
To control access by a subject (an active entity such as individual or
process) to an object (a passive entity such as a file) involves setting up:

Identification controls
Access Matrix
Access terminal
Access Rules
Previous Next
Question 84
Mark for later review
The type of discretionary access control (DAC) that is based on an
individual's identity is also called:

Non-Discretionary Access Control

Lattice-based Access control
Identity-based Access control
Rule-based Access control

Question 85
Mark for later review
What is called the access protection system that limits connections by
calling back the number of a previously authorized location?

Sendback systems
Callback forward systems
Callback systems
Sendback forward systems

Question 86
Mark for later review
Which one of the following factors is NOT one on which Authentication is
based?

Type 2. Something you have, such as an ATM card or smart card

Type 1. Something you know, such as a PIN or password
Type 3. Something you are (based upon one or more intrinsic physical or behavioral traits), such
as a fingerprint or retina scan
Type 4. Something you are, such as a system administrator or security administrator

Question 87
Mark for later review
The act of requiring two of the three possible factors that can be used in
the authentication process refers to:

Bi-Factor Authentication
Two-Factor Authentication
Double Authentication
One-Factor Authentication

Question 88
Mark for later review
Which best describes a tool (i.e. keyfob, calculator, memory card or smart
card) used to supply dynamic passwords?

Token passing networks

Tokens
Coupons
Tickets

Question 89
Mark for later review
In biometrics, the "one-to-one" search used to verify claim to an identity
made by a person is considered:

Identification
Authentication
Auditing
Authorization

Question 90
Mark for later review
The percentage of invalid subjects falsely accepted by a biometric
authentication system is referred to as _____?

True Acceptance Rate (TAR) or Type III Error

False Acceptance Rate (FAR) or Type II Error
False Rejection Rate (FRR) or Type I Error
Crossover Error Rate (CER)

Question 91
Mark for later review
What is called the percentage at which the False Rejection Rate equals the
False Acceptance Rate?

Failure to enroll rate (FTE or FER)

Crossover Error Rate (CER)
False Acceptance Rate (FAR) or Type II Error
False Rejection Rate (FRR) or Type I Error

Question 92
Mark for later review
Which of the following is used to monitor network traffic or to monitor host
audit logs in real time to determine violations of system security policy
that have taken place?

Intrusion Detection System

Compliance Validation System
Compliance Monitoring System
Intrusion Management System (IMS)

Question 93
Mark for later review
A host-based IDS is resident on which of the following?

On each of the critical hosts

decentralized hosts
central hosts
bastion hosts

Question 94
Mark for later review
A network-based IDS reviews a packet's payload and header. This enables
which of the following?

Detection of all password guessing attacks

Detection of all viruses
Detection of denial of service
Detection of data corruption

Question 95
Mark for later review
Which of the following reviews system and event logs to detect attacks on
the host and determine if the attack was successful?

bastion-based IDS
firewall-based IDS
server-based IDS
host-based IDS

Question 96
Mark for later review
Which of the following is an issue with signature-based intrusion detection
systems?

It runs only on the windows operating system

Signature databases must be augmented with inferential elements.
Only previously identified attack signatures are detected.
Hackers can circumvent signature evaluations.
Previous Next
Question 97
Mark for later review
Which of the following is an IDS that acquires data and defines a "normal"
usage profile for the network or host?

dynamical anomaly-based ID
inferential anomaly-based ID
Signature-Based ID
Statistical Anomaly-Based ID

Question 98
Mark for later review
Which of the following is NOT a factor related to Access Control?

availability
integrity
confidentiality
authenticity
Previous N
Question 99
Mark for later review
What is a decrease in amplitude as a signal propagates along a
transmission medium best known as?

Delay distortion
Attenuation
Noise
Crosstalk

Question 100
Mark for later review
Which of the following transmission media would NOT be affected by cross
talk or interference?

Fiber optic cables

Satellite radiolink
Copper cable
Radio System

Question 101
Mark for later review
Which of the following is the MOST important aspect relating to employee
termination?

User ID and passwords of the employee have been deleted.

Company property provided to the employee has been returned.
The details of employee have been removed from active payroll files.
The appropriate company staff are notified about the termination.

Question 102
Mark for later review
Which would generate the most network traffic while attempting a remote
Operating System detection?

Fingerprinting Tools
Packet Sniffing
Passive Remote OS Detection
Active Remote OS Detection

Question 103
Mark for later review
Which of the following terms BEST describes how we establish a system
state of mandatory settings and security configuration settings which must
be in place on a system prior to being permitted on the enterprise
network?

System Accreditation
Input Validation
Configuration Baseline
Application Hardening

Question 104
Mark for later review
Which of the following answers is directly related to providing High
Availability to your users?

Backup data circuits

Senior Executive Support
Updated Antivirus Software
Good hiring practices

Question 105
Mark for later review
What is the condition called when timing is targeted between the time of
check and time of actual use?

Race Conditions
Integer Overflow
Buffer Overflow
Memory Leak

Question 106
Mark for later review
You are concerned about physical security and notice an increase in
physical theft and devices that are missing within your environment.
Which of the following could help you prevent the theft of unused devices
and equipments?

Tracking Devices
Full drive Encryption
Lockable Storage Container
Firewalls

Question 107
Mark for later review
You are testing a web server on your internal network before moving it to
the DMZ - Demarcation Zone but when you pull it up
with [Link] you get a certificate error message that says: "The
security certificate presented by this website was issued for a different
website address"
Which answer BEST explains the likely problem?
The certificate is damaged
The certificate is expired
The domain name registration expired
The certificate is not assigned to an IP Address

Question 108
Mark for later review
Which of the following answers is true of symmetric key cryptography?

A private key is used to decrypt something encrypted with the public key
Public keys and private keys are the same
With pre-shared keys, each user key is different
With secret keys, the key is the same for the sender and receiver.

Question 109
Mark for later review
You are a forensics investigator and have been assigned to a very high-
profile case involving a laptop with suspected evidence of conspiracy to
commit murder and obstruction of justice.
Accordingly, you do not want to bungle the investigation by contaminating
or losing critical evidence in this case.
You are handed the laptop and instructed to be done with the forensics no
later than Friday at close of business.
What is the first thing you must do to begin your examination of this
laptop?
Capture a disk image and take hashes of it
Transfer the laptop's disk drive into another laptop
Take the drive apart and secure the disk platters for examination
Start the laptop and log on to look for evidence

Question 110
Mark for later review
You work in a police department forensics lab where you examine
computers for evidence of crimes. Your work is vital to the success of the
prosecution of criminals.

One day you receive a laptop and are part of a two man team responsible
for examining it together. However, it is lunch time and after receiving the
laptop you leave it on your desk and you both head out to lunch.

What critical step in forensic evidence have you forgotten?

Locking the laptop in your desk
Chain of custody
Cracking the admin password with chntpw
Making a disk image for examination

Question 111
Mark for later review
You are a software tester responsible for testing code written by your
developers. You've become aware of a new testing technique called
fuzzing.
Which one of these answers BEST defines what fuzzing is?
Manually entering gibberish into the program APIs
Applying old software patches
Deleting parts of the software to see how it reacts
Sending random data into computer program inputs to test for problems

Question 112
Mark for later review
What is a common way of preventing users from running code which has
been altered or corrupted since it was originally approved and installed?

Code Signing
Sofware Accreditation
IDEA - International Data Encryption Algorithm
Code Hashing

Question 113
Mark for later review
You are an IT Manager and network administrator in your organization and
you are interested in bolstering your posture on disk redundancy like a
RAID array of disks can offer.

Which of the following concepts is represented by your interest in disk

redundancy?

Backup Strategy
Server Clustering
Load Balancing
High Availability
Question 114
Mark for later review
In the OSI Model, which of the following answers is the proper sequence
going from lowest (1) to highest (7)?

Hub, Switch, Router, NetBEUI, SNMP, HTML

ISDN, ARP, IP, TCP, NetBIOS, MP3 and HTTP.
L1TP, L2TP, IP, UDP, NFS, MP3, SNMP
FTP, JPG, SQL, SSH, ICMP, PPP, USB

Question 115
Mark for later review
Which of the following sequence represents the DoD - Department of
Defense TCP/IP Reference Model?

APIN - Application, Presentation, Internet, Network Interface

ATIN - Application, Transport, Internet, Network Interface
TINA - Transport, Internet, Network Interface, Application
AITN - Application, Internet, Transport, Network Interface

Question 116
Mark for later review
Which one of the following answers represents this IP Address
[Link] in Binary format?

01000011.10001100.00100011.00000011
11000011.10001110.01000011.00000010
11001011.10011110.01000011.10000011
11000011.01001110.01000011.00100010

Question 117
Mark for later review
Which type of control is concerned with restoring controls?

Corrective controls
Preventive controls
Detective controls
Compensating controls

Question 118
Mark for later review
Which of the following answers represents a US government-funded
network traffic analysis tool that runs on Linux, Unix, Mac and Windows?

Snort
Cowpatty
tcpdump
Nessus

Question 119
Mark for later review
Which of the following is NOT a management control?

Personnel Hiring Policies

Proper Data Classification
Encryption Technologies
Security Awareness Training for Users

Question 120
Mark for later review
Which biometric system tries to recognize a user based upon patterns of
blood vessels on the back of the inside of user's eye?

Handwriting Dynamics
Iris Recognition
Retina Pattern Matching
Mind Mapping

Question 121
Mark for later review
Which type of attack is based on the probability of two different messages
using the same hash function producing a common message digest?

Differential linear cryptanalysis

Statistical attack
Birthday attack
Differential cryptanalysis

Question 122
Mark for later review
You are watching an active stream of your firewall logs and notice
suspicious traffic from an IP Address outside your country which is probing
your network.
You, being a curious type try to PING the remote IP Address but receive no
response, which is curious to you. How can a remote host send traffic but
not be PING-able?
Its firewall is misconfigured
Its interface is down
It is configured to ignore ICMP Packets
A host in the path is blocking ICMP

Question 123
Mark for later review
Network security workers have a lot of responsibility for ensuring that
threatening network traffic doesn't reach internal hosts or servers. Any
part of a network packet entering your network can be scrubbed using a
content filter for dangerous content as is the case with unwanted HTML
tags.

Which answer BEST describes this process?

Layer 3 Switch
Content Filtering
HTTPS Filtering
NIDS

Question 124
Mark for later review
Which of the following binds a subject name to a public key value?

A public-key certificate
A Symmetric key infrastructure
A secret key certificate
A private key certificate

Question 125
Mark for later review
Which of the following answers is NOT a Cryptographic Attack?

Hybrid Cryptosystem
Frequency Analysis
Brute Force Attacks
Rainbow Table

Question 126
Mark for later review
Which of the following terms is BEST described as a specialized chip on an
endpoint device that stores RSA encryption keys specific to the host
system for hardware authentication?

Smart Card
Trusted User Module - TUM
Common Access Card - CAC
Trusted Platform Module - TPM

Question 127
Mark for later review
Which of the following answers is BEST described as the process of hiding
files in Windows Operating System's disk drive file system by taking
advantage of a feature allowing backward compatibility with Macintosh's
file system?
FS Steganography
ADS - Additional Data Streams
ADS - Alternate Data Streams
PDS - Primary Data Streams

Question 128
Mark for later review
Looking at the steps presented below, What is being represented here?

STEP #1 (on the sender side, before both files (.txt and .md5) are sent to
the receiver)
$ md5sum [Link] > practice.md5

STEP #2 (on the receiver side, after receiving both files and saving them to
the same directory)
$ md5sum -c practice.md5
[Link]: OK
$
Verifying a cryptographic hash of a file. Then creation of a Message Digrest indicating the file
has changed
Creation of a cryptographic hash of a file. Verification of a cryptographic hash of a file, the file
has not changed
Verifying an encryption hash of the file
Comparing encryption keys on a system

Question 129
Mark for later review
Which of the following answers BEST describes functionality of the CHAP
protocol?
Transmits user's passwords in clear text
Periodically re-authenticates the user to protect against man-in-the-middle attacks.
Uses PKI
Used to prevent remote logon

Question 130
Mark for later review
Which of the following is the most secure technique to authenticate users?

Allow access only through user ID and password.

Establish biometric access through a secured server or Web site.
Maintain correct and accurate ACLs (access control lists) to allow access to applications.
Ensure the person is authenticated by something he knows and something he has.

Question 131
Mark for later review
Which one of the following is NOT a Technical Control?

Firewalls or IDS Technologies

File Encryption
Strong User Authentication
Proper Data Classification

Question 132
Mark for later review
What attack is taking place when the victim sees one link but the link goes
to a different site?

Buffer Overflow
XSS - Cross Site Scripting
Input Validation
Clickjacking
Previous Next
Question 133
Mark for later review
Which answer is one way of executing software in a restricted operating
system environment to limit the ability of dangerous code to damage the
host computer?

Input Validation
Application Sandboxing
Standard Libraries
Virtual Machines

Question 134
Mark for later review
Which of the following answers is a popular, open-source Network IDS and
IPS?

Nessus
Nmap
Netcat
Snort

Question 135
Mark for later review
Which of the following answers would BEST mitigate the threat of buffer
overflow attacks?

Installing an IDS/IPS
Controlling installation of software
Enabling event logging on hosts
Locking down your firewall
Previous Next
Question 136
Mark for later review
You are an information systems security officer at a mid-sized business and
are called upon to investigate a threat conveyed in an email from one
employee to another.
You gather the evidence from both the email server transaction logs and
from the computers of the two individuals involved in the incident and
prepare an executive summary.
You find that a threat was sent from one user to the other in a digitally
signed email. The sender of the threat says he didn't send the email in
question.
What concept of PKI - Public Key Infrastructure will implicate the sender?
Non-repudiation
Integrity
The digital signature of the recipient
Authentication

Question 137
Mark for later review
Which of the following authentication protocol encrypts only the password
in the access-request packet, from the client to the server versus the
whole body of the packet?

RADIUS
TACACS
TACACS+
XTACACS

Question 138
Mark for later review
Layer 2 of the OSI model has two sublayers. What are those sublayers, and
what are two IEEE standards that describe technologies at that layer?

Network and MAC; IEEE 802.1 and 802.3

LLC and MAC; IEEE 802.2 and 802.3
LCL and MAC; IEEE 802.2 and 802.3
LCL and MAC; IEEE 802.1 and 802.3

Question 139
Mark for later review
Which of the following is the MOST secure authentication mechanism used
to authenticate a user?

Fingerprint Scan (Something you have)

Fingerprint Scan (Something you are)
PIN Number (Something you know)
Hardware Token (Something you have)

Question 140
Mark for later review
Of the following answers, select the best one which are two encrypted
forms of transferring files between hosts.

TFTP and STFTP

SSH and SFTP
FTPS and SFTP
SCP and FTP

Question 141
Mark for later review
Match up the following Protocols with the proper port numbers in order
from left to right:
SSH, Kerberos, NetBIOS, LDAP, HTTPS, Secure LDAP
22, 88, 136, 389, 443, 636
22, 88, 137, 388, 443, 636
22, 88, 137, 389, 443, 636
22, 88, 137, 389, 442, 636

Question 142
Mark for later review
Which of the following passwords is the most complex and thereby most
secure?

18Password89
GoColts2013abcd
18^%AMazonOCT2013
19761978OCT31

Question 143
Mark for later review
As a diligent network administrator you occasionally run a packet analyzer
to detect problems on your network. Using a common open-source packet
analyzer that has a string parser engine that looks for text in the packet
capture, you start looking for strings which shouldn't cross the network
insecurely.

Out of curiosity you search for specific passwords used on networking

devices and notice a critical password is passing in clear text between
the RADIUSserver and the Authenticator.

Which authentication protocol is likely being used here and which protocol
should you switch to if you want to mitigate this problem?
PAP and MSCHAPV2
NTLM/NTLMV2
CHAP/PAP
MSCHAPV2/NTLMV2

Question 144
Mark for later review
Of the following answers, which is the strongest form of access control?

Role/Rule-Based Access Control

Mandatory Access Control
Discretionary Access Control
Implicit Deny Control
Previous Next
Question 145
Mark for later review
Nathalie the wireless network admin has noted within her access point
wireless traffic another access point with the exact same configuration as
her own access point. What is it that you are seeing in the image below?

An Unauthorized Access Point

A Rogue Access Point attack
Wifi Snarfing Access Point
An Evil Twin Access point attack

Question 146
Mark for later review
Which of the following answers can use RC4 for encryption?

WEP and AES

SSL and CHAP
CHAP and 3DES
SSL and WEP

Question 147
Mark for later review
Suppose you work in a high-security facility and your network handles
sensitive information and you are concerned about electromagnetic waves
emanations leaving your data center.
Your concern is that these emanations could be intercepted and you want
to provide some protection for your cabling.
Which of the following answers would most effectively mitigate the threat
of data theft from your CAT 5 wiring?
EMI Shielding
Fencing to keep emanation sniffers away
Multi-Mode Fiber Optic Cabling
Coaxial Cable
Previous Next
Question 148
Mark for later review
Suppose you are an IT Technician responsible for the IOM - Installation,
Operation and Maintenance of key web application server.

The server has been built, locked down, patched and scanned for baseline
security and there's another step you want to take to actively ensure it is
resistant to attack and the controls are performing as they should.

What could it be?

Penetration Test
Port Scan on the Server
Web Application Code Review
Protocol Analyzer

Question 149
Mark for later review
Which of the following answers best describes the type of penetration
testing where the analyst has full knowledge of the network to perform a
test?

White-Box Penetration Testing

Gray-Box Pen Testing
Penetration Testing
Black-Box Pen Testing

Question 150
Mark for later review
Which of the following two answers are two of the most common detection
mechanisms for Intrusion Detection or Intrusion Prevention Systems?

Network-Based IDS (NIDS) and Intrusion Prevention Systems (IPS)

Host-Based IDS (HIDS) and Intrusion Prevention Systems (IPS)
Anomaly Detection and Signature Detection
Forward Chaining and Backward Chaining Intrusion detection systems

Question 151
Mark for later review
Suppose that you are the COMSEC - Communications Security custodian for
a large, multinational corporation. Susie, from Finance approaches you in
the break room saying that she lost her smart ID Card that she uses to
digitally sign and encrypt emails in the PKI.

What happens to the certificates contained on the smart card after the
security officer takes appropriate action?

The user may no longer have certificates

They are reissued to the user
New certificates are issued to the user
They are added to the CRL
Previous Next
Question 152
Mark for later review
When planning for disaster recovery it is important to know a chain of
command should one or more people become missing, incapacitated or
otherwise not available to lead the organization.
Which of the following terms BEST describes this process?

Business Continuity Planning

Succession Planning
Continuity of Operations
Business Impact Analysis

Question 153
Mark for later review
As an IT Manager, you are responsible for the Compliance with standard
operating procedures and operational security.
Part of those duties includes ensuring that the operating environment
prepares adequately for potential disasters like fires, floods, tornados,
earthquakes or civil disturbance.
Which of the following answers reflects the MOST important thing to plan
for when implementing fire suppression systems?

Always use water sprinkler

The best price for the suppression system
A good support contract from the vendor
Ensuring sprinklers don't damage equipment

Question 154
Mark for later review
You work for the FBI - Federal Bureau of Investigation in their forensics
division. Your boss tells you they seized a laptop that needs to be
examined for evidence of spying by a hostile nation.
What is the first step you should take before examining the laptop?
Remove the disk drive and plug it into another computer
Crack the computer's password with chntpw
Make a system drive image and examine it
Power it up and look around for evidence

Question 155
Mark for later review
Which of the following two terms are IPsec modes of operation?

Transport and Tunnel mode

Authenticated and Tunnel Mode
Security Parameter and Security Associations
Authentication Header and Encapsulating Security Payloads
Previous Next
Question 156
Mark for later review
Of the following answers, which is BEST described as:

- Authenticates and negotiates end users and manages secret keys

- Established either by IKE or by manual user configuration
- Is unidirectional when SAs are established for IPSec, the SAs for both
directions are established
IKE - Internet Key Exchange
ISAKMP - Internet Security Association and Key Management Protocol
SKEP - Secure Key Exchange Protocol
IPSec Security Association - SA

Question 157
Mark for later review
Which one of the following answers was the reason why WEP - Wired
Equivalent Privacy failed to be an effective wireless security protocol.

Static Keys and Short IVs

Larger IVs
Per-Frame Sequence Counter
Dynamic Keys

Question 158
Mark for later review
Which of the following answers is NOT associated with WPA - Wi-Fi
Protected Access security technology for wireless networks?

Dynamic Encryption Keys

ICV uses CRC-32
128-Bit TKIP
Per-frame Sequence counter

Question 159
Mark for later review
Which one of these answers is NOT a feature of WPA2?

Full IEEE 802.11i standard

Uses AES Encryption
Static Keys
Personal and Enterprise Version

Question 160
Mark for later review
Which of the following answers BEST depicts the whole purpose of Digital
Certificates?

To take part in PKI

To encrypt messages
To decrypt messages
Primary method of uniquely identifying valid users

Question 161
Mark for later review
Which of the following BEST describes the role of the Certificate Authority?

Issues, stores, revokes and distributes certificates

Middleman between subscribers and CA
Distributes keys and accepts registrations
Provides non-repudiation in the PKI process

Question 162
Mark for later review
Which of the following standards do PKI Digital Signatures follow?

W3C XML Schema

X.509
MD2-Based
IEEE 802.1x

Question 163
Mark for later review
One of your kids was using your computer and now it's acting funny. Some
software was probably installed from the internet but you're not sure what
it is. You've run a full system malware scan but nothing was found. You
are certain that something serious has happened because you notice these
symptoms:
- Altered file permissions for critical system files that you can't change
- Port TCP/22 is open on your computer now
- Certain administrative menu items are notably absent from your
computer's interface
- There are extra instances of system processes active in your computer
and you can't kill them

What type of software was likely installed on your computer?

Rootkit
Logic Bomb
Virus
Adware

Question 164
Mark for later review
How many bits are in the TTL Field of an IP Header?

32 for a max hop count of 1024

8 for a max hop count of 512
16 for a max hop count of 65,535
8 for a max TTL of 255

Question 165
Mark for later review
What is it called when a group of infected computers attacks targets on the
internet using unsolicited network traffic?

Spoofing Attack
DoS
MDoS
DDoS

Question 166
Mark for later review
Which attack would you be seeing if you saw a SYN packet with the source
and the destination as the same address?

LAND attack
Null Scan
ARP Flood
XMas Tree Scan

Question 167
Mark for later review
If you were using nmap to scan a remote host and you used the switches -
sX to set the FIN, PSH and URG TCP Flags to on, what sort of scan would
this be?

Fraggle Attack
LAND Scan
Replay Attack
Xmas Tree Scan

Question 168
Mark for later review
Under normal circumstances, what are the only two parts of a packet which
changes between sending host and the receiving host while in transit?

TTL and Packet Expiration Counter value

TTL and MAC
Routing Protocol and TTL
MAC Address and Physical Media

Question 169
Mark for later review
Which of the following is NOT a best practice when hardening systems or
bastion hosts?

Change default passwords

Deploy a NIDS
Limit Services
Apply Patches

Question 170
Mark for later review
Of the following choices, which one is a type of firewall actively
maintaining awareness of the status conversations between internal and
external hosts?

Stateless
Stateful Firewall
Active State Firewall
Non-Passive Firewall

Question 171
Mark for later review
Which of the following is NOT one of the main advantages of subnetting
networks?

Fewer waste of IP Addresses

Minimizes ARP Caches
Decreased network congestion
Added security

Question 172
Mark for later review
You are conducting routine network traffic analysis on your local network
using wireshark and notice traffic requested on 53/TCP by an unknown
external address. What is it you are likely seeing?

Normal DNS zone transfer between authorized hosts

A zone transfer request from an external source
Routine DNS Query from an external host
This is a normal request for SSH services

Question 173
Mark for later review
Which answer BEST describes a device that sits between your users and
the internet and rewrites source ports and source IP Addresses and
enhances your security posture?

Web Firewall
Web Proxy
Network Address Translator
Wall of Fire

Question 174
Mark for later review
Which of the following signaling methods is most closely associated with
802.11 wireless networks?

Full Duplex
Half Duplex
Wireless Duplex
Mega Duplex
Previous
Question 175
Mark for later review
Which remote access technology providing confidentiality, integrity and
non-repudiation is BEST described by the following?
- Allows for geographically separated networks to appear as one local
network
- Data is encapsulated into another packet for transmission across the
internet
- Network resources appear local as if they were in the same room
- Remote users can work as if they were on the LAN with other users
VPN
RADIUS
L2TP
PPTP

Question 176
Mark for later review
Which of the following answers BEST describes the processing of making a
system more resistant to attacks from hackers?

System Hardening
Computer Updates
System Logging
System Patching

Question 177
Mark for later review
In the Microsoft Windows world they have an ability to push configuration
parameters down to computers which gives administrators control of all
Windows operating system settings in an enterprise environment.
What are these called?
Security Templates
Local Policies
Group Policies
Security Logging

Question 178
Mark for later review
Which of the following is NOT a password management best practice?

Limiting Failed Logon Attempts

Disable Unnecessary Services
Preventing Weak Passwords
Preventing Password Reuse
Question 179
Mark for later review
Which of the following answers is NOT one of the standard Microsoft
Windows operating system event log types?

Stability Logs
Application Log
System Log
Security Log

Question 180
Mark for later review
Which answer BEST describes the process you are doing if you:
- Apply hotfixes, service packs and patches
- Use effective password management practices
- Enable logging on your systems
- Disable non-essential services
Application Hardening
OS Hardening
Network Hardening
Implementing Security Controls

Question 181
Mark for later review
If you were performing the following actions, which of the answers would
BEST describe what you are doing?
- Update software and hardware for network backbone infrastructure
components
- Using SSH to manage network devices
- Remove unnecessary protocols and services
- Block unneeded ports via firewalls on routers and other filtering devices
- Deploy NIDS and NIPS on the network
- Secure remote access by using VPN tunneling
- Configure network devices to be resistant to information gathering
Network Hardening
Network OS Hardening
Application Hardening
Implementing Security Controls

Question 182
Mark for later review
Input validation can be an effective measure against all the following
EXCEPT?
Social Engineering
XSS - Cross Site Scripting
Buffer Overflows
SQL Injections

Question 183
Mark for later review
One of your users is a traveling salesman and his computer got infected
with malware that changed the user's password as well as the
administrator password. Nobody can log on to the computer to retrieve the
user's files.
Which of the following answers BEST describes how you can still access the
files? No use of encryption is reported on the computer.
Send the drive out for data retrieval
Put the drive into another computer
The data is lost and cannot be retrieved
Boot to alternate media

Question 184
Mark for later review
Which of the following answers BEST describes a potential threat to disk or
file encryption on a Windows Computer?

DRA - Data Recovery Agent

Using different encryption keys for each file
Public key disclosure
Rouge Enterprise Administrators

Question 185
Mark for later review
How do you prevent users from booting from alternate media like a USB
key or CDROM / DVD?

Full Disk Encryption

BIOS Password
Case Intrusion Detection
Locked Computer Cases

Question 186
Mark for later review
Which answer BEST describes a software suite that examines and identifies
weaknesses in security of your network devices and computers?
IDS - Intrusion Detection System
Vulnerability Scanners
IPS - Intrusion Prevention System
Antivirus Scanners

Question 187
Mark for later review
Which RAID disk configuration uses three separate physical drives, byte-
level striping, plus one additional physical drive for parity data?

RAID 2
RAID 3
RAID 1
RAID 4

Question 188
Mark for later review
There are three main types of backup operations: Full, Incremental and
Differential Backups. Which one always backs up ONLY data which has
been changed since the last FULL backup?

Incremental Backup
Differential Backup
Preferential Backup
Full Backup

Question 189
Mark for later review
Which of the following answers BEST relates to the type of risk analysis
that involves committees, interviews, opinions and subjective input from
staff?

Interview Approach to Risk Analysis

Qualitative Risk Analysis
Quantitative Risk Analysis
Managerial Risk Assessment

Question 190
Mark for later review
Which of the following is a fraud detection method whereby employees are
moved from position to position?

Job Rotation
Mandatory Job Duties
Mandatory Rotation
Mandatory Vacations

Question 191
Mark for later review
Which answer BEST describes information access permissions where,
unless the user is specifically given access to certain data they are denied
any access by default?

Explicit Deny
Explicit Permit
Implicit Deny
Implied Permissions

Question 192
Mark for later review
Which answer correctly identifies the process used to identify and confirm
vulnerabilities on your company systems by attacking them and seeing
which attacks succeed and which one does not?

Penetration Testing
Footprinting
Port Scans
Vulnerability Assessment

Question 193
Mark for later review
In the CIA Triad, if Digital Signatures can provide Integrity, what provides
Availability?

Redundancy
Digital Signatures
Executive Support
Public Certificates

Question 194
Mark for later review
Which access control method allows the data owner (the person who
created the file) to control access to the information they own?

MAC - Mandatory Access Control

NDAC - Non-Discretionary Access Control
RBAC - Role-Based Access Control
DAC - Discretionary Access Control

Question 195
Mark for later review
Which of the following answers BEST indicates the most important part of a
data backup plan?

A reliable network infrastructure

An effective backup plan
Testing the backups with restore operations
Expensive backup hardware

Question 196
Mark for later review
Which of the following answers BEST describes the Bell-LaPadula model of
storage and access control of classified information?

No write up, no read down

No reading from higher classification levels
No read over and no write up
No read up and No write down

Question 197
Mark for later review
Which of the following answers BEST describes why administrators should
use a separate unprivileged user account for everyday duties?

To maintain proficiency with their admin duties

TO avoid a conflict of interest
So he does not become sloppy with the privileges
To mitigate the effects of malware

Question 198
Mark for later review
What is the danger if you go to your bank's website and the web browser
pops up a security alert about the website address not matching the URL
on the certificate?

This means that the certificate has expired

The certificate issue is not a trusted one
It could be a fake website trying to steal your credentials
Users should just click through those without worry
Question 199
Mark for later review
Of the three types of alternate sites: hot, warm or cold, which is BEST
described by the following facility description?

- Configured and functional facility

- Available with a few hours
- Requires constant maintenance
- Is expensive to maintain

Remote Site
Warm Site
Cold Site
Hot Site

Question 200
Mark for later review
Which of the following answers is an agreement between your organization
and the provider that includes guarantees for MTBF, MTTR and system up-
times?

SLA - Service Level Agreement

WPEU - Warrantied Period of Expected Use
SLA - Service Line Agreement
Guaranteed Uptime

Question 201
Mark for later review
Suppose you are an IT Manager at a successful organization and you
discover that an employee has been stealing sensitive corporate secrets
and he has been fired by the senior executive.
Which Access Control Category would this fall under?
Recovery Access Control
Compensating Access Control
Corrective Access Control
Deterrent Access Control

Question 202
Mark for later review
Related to user authentication, which of the following is NOT a type of
"Something you know"?

Smart Card
PIN
Passphrase
Password

Question 203
Mark for later review
Which of the following answers permits users to access multiple resources
within an enterprise without having to log on to each system separately?

SSO - Single Sign On

Biometric Authentication Systems
PAP - Password Authentication Protocol
CHAP - Challenge Handshake Authentication Protocol

Question 204
Mark for later review
Which of the following is NOT a weakness of Kerberos?

SSO - Single Sign On

KDC is a single point of failure
Need for time sync on all systems
DOS or DDOS Attacks on the KDC

Question 205
Mark for later review
When an employee moves around from position to position in the same
organization and his or her access to network resources grows unchecked,
what is this called?

Privilege Escalation
Mission Creep
Access Violation
Authorization Creep
Previous Next
Question 206
Mark for later review
Which of the following authentication method would avoid conditions
where a replay attack would be successful by making use of an
authenticator.

PAP - Password Authentication Protocol

Biometric Authentication
Chap - Challenge Handshake Authentication Protocol
Kerberos

Question 207
Mark for later review
You have been asked by your senior executive staff to deploy a web server
on your network but you are worried about it being attacked and
compromised. Where would you most likely want to deploy the server so
as to avoid exposing your internal network to the threat of a compromised
server?

Secure VLAN
DMZ
Extranet
Unused Network Area

Question 208
Mark for later review
Which of the following answers is BEST described by the following
features?
- It's an alternative to RADIUS
- Performs AAA separately
- Supports PAP, CHAP and EAP
- Allows the use of multi-factor authentication
- Uses TCP port 49
AAA Server
Active Directory Domain Controller
TACACS+
RADIUS+

Question 209
Mark for later review
Among the following answers, which is BEST described by:

- Data is encrypted and encapsulated into another packet for transmission

across an untrusted medium.
- Permits networks to be geographically separate but appear as though
they were on the same local network.

VPN - Virtual Private Network

PPTP - Point-to-Point-Protocol
L2TP - Layer 2 Transport Protocol
VPN - Virtual Public Network
Question 210
Mark for later review
There are basic goals of cryptography. Which of the following most
benefits from the process of encryption?

Authentication
Integrity
Confidentiality
Non-Repudiation

Question 211
Mark for later review
Which of the following control is intended to discourage a potential
attacker?

Recovery
Deterrent
Preventive
Corrective

Question 212
Mark for later review
Which type of risk assessment is the formula ALE = ARO x SLE used for?

Expected Loss Analysis

Quantitative Analysis
Objective Analysis
Qualitative Analysis

Question 213
Mark for later review
What is taking place when a malicious website forcibly loads a different
website when the victim visits the initial website?

XSS - Cross Site Scripting

SQL Injection
Buffer Overflow
CSRF - Cross Site Request Forgery
Question 214
Mark for later review
Tools like John the Ripper, L0phtcrack, Cain and Ophcrack are used to do
what?

Password Decryption
Fuzzing and False Injection Tools
Network Scanning Tools
Vulnerability Scanning Tools

Question 215
Mark for later review
Which answer is the term for the process of attacking our own systems in
order to find and fix otherwise undiscovered vulnerabilities?

Ethical Hacking
Vulnerability Assessment
Zeor Day Analysis
Defense in Depth

Question 216
Mark for later review
Which technology allows users to authenticate once and then be given
access to all domain resources to which they are granted permissions?

XACML
SOAP
SSO
SAML

Question 217
Mark for later review
What technology allows network administrators to segregate computers
into smaller network enclaves for the purpose of security, enterprise
organization or simple departmental isolation?

VTP - VLAN Trunking Protocol

VLAN - Virtual Local Area Network
STP - Spanning Tree Protocol
DHCP - Dynamic Host Configuration Protocol

Question 218
Mark for later review
Which layer of the OSI model deals with MAC addresses?

Layer 3 - Network Layer

Layer 4 - Transport Layer
Layer 5 - Session Layer
Layer 2 - Datalink Layer

Question 219
Mark for later review
While using which type of networking device would each host 'see' all other
traffic on the network?

Network Hub
Token Ring Network
Network Switch
Network Router

Question 220
Mark for later review
What is the name of a security device that can dynamically block traffic
based upon source, destination, content or transport layer state?

Packet Filter
IDS - Intrusion Detection System
Stateless Firewall
Stateful Firewall

Question 221
Mark for later review
What device would let you know if someone had broken into your network
and was maintaining presence on your network computers?

Firewall
Enterprise Antivirus System
Honeypot System
Intrusion Detection System

Question 222
Mark for later review
Which network traffic optimization process involve prioritization of network
service to applications and services which are sensitive to loss of network
service or dropped packets?
Caching Engines
QoS
High Availability
Load Balancing

Question 223
Mark for later review
Your DNS server is down and you absolutely must get connectivity to a
remote server to upload a critical file before midnight. What can you do
locally to manually map an IP Address to a domain name?

Add a hosts file entry

Edit your [Link] file
Make a Static ARP Entry
Use nslookup or dig

Question 224
Mark for later review
Which type of switch port security is the only secure method of controlling
access to the network?

Switchport Security with Sticky MAC Addresses

VMPS - VLAN Membership Policy Server
802.1x
MAC Filtering

Question 225
Mark for later review
What's the name of the attack where hundreds or thousands of
compromised computer start attacking a victim computer?

Multipartite Virus
Buffer Overflow
DDoS
Network Worm

Question 226
Mark for later review
Which type of virus would still exist on your computer's drive even if you
formated it and reinstalled an operating system?

Typical Virus
Buffer Overflows
Boot-Sector Virus
Worms

Question 227
Mark for later review
Which variation on VLANs makes it so that hosts cannot talk to each other
but they can talk to severs or default gateways?

Static VLANs
Dynamic VLANs
Switchport Security
Private VLANs

Question 228
Mark for later review
Which denial of service attack involves sending crafted ICMP packets which
have a source address of the victim and all responses go to the victim?

Buffer Overflow
SYN Flood
Macro Virus
Smurf Attack

Question 229
Mark for later review
Which solutions would mitigate the situation where users could boot to
alternate boot media to access the disk drive?

Microsoft EFS
BIOS Passwords, case locks and restricting booting to alternate media
Case Intrusion Switches and Strong Passwords
Computer Case Locks and BIOS Passwords

Question 230
Mark for later review
Which early version of wireless encryption can be broken in less than a
minute now?

WEP
Dynamic WEP
WEP2
WPA2

Question 231
Mark for later review
Which of the following are capable of taking proactive steps in response to
malicious activity?

ActiveX
Host-Based Firewalls
IPS
IDS

Question 232
Mark for later review
You need a connectivity solution for remote users who must securely
connect nightly to upload daily sales info. Which answer provides the best
solution?

Site-to-Site VPN
Remote-Access VPN
Extranet VPN
SSH - Secure Shell

Question 233
Mark for later review
Which type of VPN is most suited for connectivity between the enterprise
networks and their suppliers and business partners?

Site-to-Site VPN
SSH - Secure Shell
Remote-Access VPN
Extranet VPN

Question 234
Mark for later review
You have remote users to whom you must provide support from where they
work at home or when traveling.
What's a commonly used protocol we use to provide this service?

L2TP - Layer 2 Tunneling Protocol

IPSec
PPTP - Point-to-Point Tunneling Protocol
RDP - Remote Desktop Protocol

Question 235
Mark for later review
Which Symmetric Encryption Key standard has been the official encryption
standard by the United States government since 2002?

PKI - Public Kye Infrastructure

AES - Advanced Encryption Standard
3DES - Triple Data Encryption Standard
RSA - Data Security

Question 236
Mark for later review
Which answer represents the biggest obstacle to packet inspection?

Encryption
Encrypted Packet Headers
Hackers attacking network infrastructure devices
Encrypted Layer 2 MAC Addresses

Question 237
Mark for later review
Which answer is a command line packet analyzer for Linux and Unix
operating systems?

tcp/ip
iptables
pcap
tcpdump

Question 238
Mark for later review
Which answer is the most common format that network sniffers use to save
their files?

.png
.vmem
NTLDR
.pcap

Question 239
Mark for later review
Public Key Infrastructure (PKI) uses asymmetric key encryption between
parties. The originator encrypts information using the intended recipient's
"public” key in order to send confidential data. The recipients use their
own "private” key to decrypt the information. The methodology ensures
that:
The sender and recipient have reached a mutual agreement on the encryption key exchange
that they will use.
The sender of the message is the only other person with access to the recipient's private key.
The channels through which the information flows are secure.
Only the recipient with the proper matching key will get access to the decrypted message.

Question 240
Mark for later review
A confidential number used as an authentication factor to verify a user's
identity is called a:
PIN
User ID
Password
Challenge

Question 241
Mark for later review
In which phase of Internet Key Exchange (IKE) protocol is peer
authentication performed?
Phase 2
No peer authentication is performed
Pre Initialization Phase
Phase 1

Question 242
Mark for later review
Which of the following access control category BLOCKS the unwanted
behaviour with hard countermeasures like metal fence or file permission?
Deterrent Access Control
Deny Access Control
Preventive Access Controls
Detective Access Control

Question 243
Mark for later review
Which of the following answers BEST describes the process of restricting
how users are able to interface with both web and standard software
applications?
API Control Measures
Input Validation
Output Validation
Configuration Baselines

Question 244
Mark for later review
Select the answers below which represents the two types of Trust Models
used by certificate authorities.
Transitive Trust Model and Bridge Trust Model
Implicit Trust Model and Bridge Trust Model
Hierarchical Trust Model and Bridge Trust Model
Bridge Trust Model and Web of Trust Model

Question 245
Mark for later review
View the image below and identify the attack

Reflection Attack
DOS
TFN
DDoS
Question 246
Mark for later review
Which of the following protocol uses default credentials of 'public' and
'private'?
SMTP
SNMP
SNMTP
TFTP

Question 247
Mark for later review
The owner of a system should have the confidence that the system will
behave according to its specifications. This is termed as :
Assurance
Availability
accountability
integrity

Question 248
Mark for later review
Which cryptographic system provides both data security and non-
repudiation?
PKI - Public Key Infrastructure
3DES - Triple Data Encryption Standard
RSA - Data Security
PPTP - Point-to-Point Tunneling Protocol

Question 249
Mark for later review
Which of the following is the preferred way to suppress an electrical fire in
a data center?
CO2, soda acid, or Halon
water or soda acid
CO2
ABC Rated Dry Chemical

Question 250
Mark for later review
How many hosts are IP addresses available on a subnet with a mask of
[Link]?
128
62
32
64