Rob SYO-301

SY0-301 Google Dump Reformtted by Tony G
Number: SY0-301 Passing Score: 800 Time Limit: 120 min File Version: 1.1 SY0-301 A-M Exams with 30 question in each exam for easyer studying.
Exam A QUESTION 1 Access control decisions are based on responsibilities that an individual user or process has in an organization. This best describes: A. B. C. D. MAC (Mandatory Access Control) RBAC (Role Based Access Control) DAC (Discretionary Access Control) None of the above.
Answer: B Section: (none) Explanation/Reference:
QUESTION 2 A honey pot is ______. A. B. C. D. A false system or network to attract attacks away from your real network. A place to store passwords. A sage haven for your backup media. Something that exist only in theory.
Answer: A Section: (none) Explanation/Reference:
QUESTION 3 Computer forensics experts collect and analyze data using which of the following guidelines so as to minimize data loss? A. B. C. D. Evidence Chain of custody Chain of command Incident response
QUESTION 4 A DMZ (Demilitarized Zone) typically contains: A. A customer account database
B. Staff workstations C. A FTP (File Transfer Protocol) server D. A SQL (Structured Query Language) based database server Answer: C Section: (none) Explanation/Reference:
QUESTION 5 What two functions does IPSec perform? (Choose two.) A. B. C. D. E. F. Provides the Secure Shell (SSH) for data confidentiality. Provides the Password Authentication Protocol (PAP) for user authentication. Provides the Authentication Header (AH) for data integrity. Provides the Internet Protocol (IP) for data integrity. Provides the Nonrepudiation Header (NH) for identity integrity. Provides the Encapsulation Security Payload (ESP) for data confidentiality.
Answer: CF Section: (none) Explanation/Reference:
QUESTION 6 You are promoting user awareness in forensics, so users will know what to do when incidents occur with their computers. Which of the following tasks should you instruct users to perform when an incident occurs? (Choose all that apply.) A. B. C. D. Shut down the computer. Contact the incident response team. Documents what they see on the screen. Log off the network.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 7 The best protection against the abuse of remote maintenance of PBX (Private Branch Exchange) system is to: A. Keep maintenance features turned off until needed. B. Insists on strong authentication before allowing remote maintenance.
C. Keep PBX (Private Branch Exchange) in locked enclosure and restrict access to only a few people. D. Check to see if the maintenance caller is on the list of approved maintenance personnel. Answer: B Section: (none) Explanation/Reference:
QUESTION 8 What statement is most true about viruses and hoaxes? A. B. C. D. Hoaxes can create as much damage as a real virus. Hoaxes are harmless pranks and should be ignored. Hoaxes can help educate user about a virus. Hoaxes carry a malicious payload and can be destructive.
QUESTION 9 The primary purpose of NAT (Network Address Translation) is to: A. B. C. D. Translate IP (Internet Protocol) addresses into user-friendly names. Hide internal hosts from the public network. Use on public IP (Internet Protocol) address on the internal network as a name server. Hide the public network from internal hosts.
QUESTION 10 Users of Instant Messaging clients are especially prone to what? A. B. C. D. E. F. Theft of root user credentials. Disconnection from the file server. Hostile code delivered by file transfer. Slow Internet connections. Loss of email privileges. Blue Screen of Death errors.
Answer: C
Section: (none) Explanation/Reference:
QUESTION 11 What is one advantage if the NTFS file system over the FAT16 and FAT32 file systems? A. B. C. D. Integral support for streaming audio files. Integral support for UNIX compatibility. Integral support for dual-booting with Red Hat Linux. Integral support for file and folder level permissions.
Answer: D Section: (none) Explanation/Reference:
QUESTION 12 You have identified a number of risks to which your companys assets are exposed, and want to implement policies, procedures, and various security measures. In doing so, what will be your objective? A. Eliminate every threat that may affect the business. B. Manage the risks so that the problems resulting from them will be minimized. C. Implement as many security measures as possible to address every risk that an asset may be exposed to. D. Ignore as many risks as possible to keep costs down. Answer: B Section: (none) Explanation/Reference:
QUESTION 13 DAC (Discretionary Access Control) system operate which following statement: A. B. C. D. Files that dont have an owner cannot be modified. The administrator of the system is an owner of each object. The operating system is an owner of each object. Each object has an owner, which has full control over the object.
QUESTION 14 The defacto IT (Information Technology) security evaluation criteria for the international community is called? A. B. C. D. Common Criteria Global Criteria TCSEC (Trusted Computer System Evaluation Criteria) ITSEC (Information Technology Security Evaluation Criteria)
QUESTION 15 You are running cabling for a network through a boiler room where the furnace and some other heavy machinery reside. You are concerned about interference from these sources. Which of the following types of cabling provides the best protection from interference in this area? A. B. C. D. STP UTP Coaxial Fiber-optic
QUESTION 16 When evidence is acquired, a log is started that records who had possession of the evidence for a specific amount of time. This is to avoid allegations that the evidence may have been tampered with when it was unaccounted for, and to keep track of the tasks performed in acquiring evidence from a piece of equipment or materials. What is the term used to describe this process? A. B. C. D. Chain of command. Chain of custody. Chain of jurisdiction. Chain of evidence.
QUESTION 17 Following a disaster, while returning to the original site from an alternate site, the first process to resume at the original site would be the: A. B. C. D. Least critical process Most critical process. Process most expensive to maintain at an alternate site. Process that has a maximum visibility in the organization.
QUESTION 18 User A needs to send a private e-mail to User B. User A does not want anyone to have the ability to read the e-mail except for User B, thus retaining privacy. Which tenet of information security is User A concerned about? A. B. C. D. Authentication Integrity Confidentiality Non-repudiation
Answer: C Section: (none) Explanation/Reference:
QUESTION 19 What kind of attack are hashed password vulnerable to? A. B. C. D. Man in the middle. Dictionary or brute force. Reverse engineering. DoS (Denial of Service)
QUESTION 20 Active detection IDS systems may perform which of the following when a unauthorized connection attempt is discovered? (Choose all that apply.) A. Inform the attacker that he is connecting to a protected network. B. Shut down the server or service.
C. Provide the attacker the usernames and passwords for administrative accounts. D. Break of suspicious connections. Answer: BD Section: (none) Explanation/Reference:
QUESTION 21 You are the first to arrive at a crime scene in which a hacker is accessing unauthorized data on a file server from across the network. To secure the scene, which of the followings actions should you perform? A. B. C. D. Prevent members of the organization from entering the server room. Prevent members of the incident response team from entering the server room. Shut down the server to prevent the user from accessing further data. Detach the network cable from the server to prevent the user from accessing further data.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 22 An application that appears to perform a useful function but instead contains some sort of malicious code is called a _____. A. B. C. D. E. Worm SYN flood Virus Trojan Horse Logic Bomb
QUESTION 23 You have been alerted to the possibility of someone using an application to capture and manipulate packets as they are passing through your network. What type of threat does this represent? A. B. C. D. DDos Back Door Spoofing Man in the Middle
QUESTION 24 Access c ontrols that are created and administered by the data owner are considered: A. B. C. D. MACs (Mandatory Access Control) RBACs (Role Based Access Control) LBACs (List Based Access Control) DACs (Discretionary Access Control)
QUESTION 25 Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies. What type of encryption is it from the list below? A. B. C. D. WTLS Symmetric Multifactor Asymmetric
QUESTION 26 When securing a FTP (File Transfer Protocol) server, what can be done to ensure that only authorized users can access the server? A. B. C. D. Allow blind authentication. Disable anonymous authentication. Redirect FTP (File Transfer Protocol) to another port. Only give the address to users that need access.
QUESTION 27 Asymmetric cryptography ensures that: A. B. C. D. Encryption and authentication can take place without sharing private keys. Encryption of the secret key is performed with the fastest algorithm available. Encryption occurs only when both parties have been authenticated. Encryption factoring is limited to the session key.
QUESTION 28 A program that can infect other programs by modifying them to include a version of itself is a: A. B. C. D. Replicator Virus Trojan horse Logic bomb
QUESTION 29 The protection of data against unauthorized access or disclosure is an example of what? A. B. C. D. Confidentiality Integrity Signing Hashing
QUESTION 30 If a private key becomes compromised before its certificates normal expiration, X.509 defines a method requiring each CA (Certificate Authority) to periodically issue a signed data structure called a certificate:
A. B. C. D.
Enrollment list Expiration list Revocation list Validation list
Exam B QUESTION 1 What transport protocol and port number does SHH (Secure Shell) use? A. B. C. D. TCP (Transmission Control Protocol) port 22 UDP (User Datagram Protocol) port 69 TCP (Transmission Control Protocol) port 179 UDP (User Datagram Protocol) port 17
QUESTION 2 What design feature of Instant Messaging makes it extremely insecure compared to other messaging systems? A. B. C. D. It is a peer-to-peer network that offers most organizations virtually no control over it. Most IM clients are actually Trojan Horses. It is a centrally managed system that can be closely monitored. It uses the insecure Internet as a transmission medium.
QUESTION 3 John wants to encrypt a sensitive message before sending it to one of his managers. Which type of encryption is often used for e-mail? A. B. C. D. S/MINE BIND DES SSL
QUESTION 4 In a decentralized privilege management environment, user accounts and passwords are stored on: A. One central authentic ation server.
B. Each individual server. C. No more than two servers. D. One server configured for decentralized management. Answer: B Section: (none) Explanation/Reference:
QUESTION 5 Many intrusion detection systems look for known patterns or _____ to aid in detecting attacks. A. B. C. D. Viruses Signatures Hackers Malware
QUESTION 6 Providing false information about the source of an attack is known as: A. B. C. D. Aliasing Spoofing Flooding Redirecting
QUESTION 7 You are assessing risks and determining which asset protection policies to create first. Another member of the IT staff has provided you with a list of assets, which have importance weighted on a scale of 1 to 10. Internet connectivity has an importance of 8, data has an importance of 9, personnel have an importance of 7, and software has an importance of 5. Based on the weights, what is the order in which you will generate new policies? A. Internet policy, data security, personnel safety policy, software policy. B. Data security policy, Internet policy, software policy, personnel safety policy. C. Software policy, personnel safety policy, Internet policy, data security policy.
D. Data security policy, Internet policy, personnel safety policy, software policy. Answer: D Section: (none) Explanation/Reference:
QUESTION 8 You are compiling estimates on how much money the company could lose if a risk occurred one time in the future. Which of the following would these amounts represent? A. B. C. D. ARO SLE ALE Asset identification
QUESTION 9 When visiting an office adjacent to the server room, you discover the lock to the window is broken. Because it is not your office you tell the resident of the office to contact the maintenance person and have it fixed. After leaving, you fail to follow up on whether the window was actually repaired. What affect will this have on the likelihood of a threat associated with the vulnerability actually occurring? A. B. C. D. If the window is repaired, the likelihood of the thread occurring will increase. If the window is repaired, the likelihood of the threat occurring will remain constant. If the window is not repaired the, the likelihood of the threat occurring will decrease. If the window is not repaired, the likelihood of the threat occurring will increase.
QUESTION 10 A company consists of a main building with two smaller branch offices at opposite ends of the city. The main building and branch offices are connected with fast links so that all employees have good connectivity to the network. Each of the buildings has security measures that require visitors to sign in, and all employees are required to wear identification badges at all times. You want to protect servers and other vital equipment so that the company has the best level of security at the lowest possible cost. Which of the following will you do to achieve this objective?
A. Centralize servers and other vital components in a single room of the main building, and add security measures to this room so that they are well protected. B. Centralize most servers and other vital components in a single room of the main building, and place servers at each of the branch offices. Add security measures to areas where the servers and other components are located. C. Decentralize servers and other vital components, and add security measures to areas where the servers and other components are located. D. Centralize servers and other vital components in a single room in the main building. Because the building prevents unauthorized access to visitors and other persons, there is no need to implement physical security in the server room. Answer: A Section: (none) Explanation/Reference:
QUESTION 11 Which of the following backup methods copies only modified files since the last full backup? A. B. C. D. Full Differential Incremental Archive
QUESTION 12 When examining the servers list of protocols that are bound and active on each network interface card, the network administrator notices a relatively large number of protocols. Which actions should be taken to ensure network security? A. Unnecessary protocols do not pose a significant to the system and should be left intact for compatibility reasons. B. There are no unneeded protocols on most systems because protocols are chosen during the installation. C. Unnecessary protocols should be disabled on all server and client machines on a network as they pose great risk. D. Using port filtering ACLs (Access Control List) at firewalls and routers is sufficient to stop malicious attacks on unused protocols. Answer: C Section: (none) Explanation/Reference:
QUESTION 13 An administrator notices that an e-mail server is currently relaying e- mail (including spam) for any e-mail server requesting relaying. Upon further investigation the administrator notices the existence of /etc/mail/relay domains. What modifications should the administrator make to the relay domains file to prevent relaying for non-explicitly named domains? A. Move the .* entry to the bottom of the relay domains file and restart the e-mail process. B. Move the .* entry to the top of the relay domains file and restart the e-mail process. C. Delete the .* entry in the relay domains file and restart the e-mail process. D. Delete the relay domains file from the /etc/mail folder and restart the e-mail process. Answer: C Section: (none) Explanation/Reference:
QUESTION 14 A recent audit shows that a user logged into a server with their user account and executed a program. The user then performed activities only available to an administrator. This is an example of an attack? A. B. C. D. Trojan horse Privilege escalation Subseven back door Security policy removal
QUESTION 15 Users who configure their passwords using simple and meaningful things such as pet names or birthdays are subject to having their account used by an intruder after what type of attack? A. B. C. D. E. F. G. Dictionary attack Brute Force attack Spoofing attack Random guess attack Man in the middle attack Change list attack Role Based Access Control attack
H. Replay attack I. Mickey Mouse attack Answer: A Section: (none) Explanation/Reference:
QUESTION 16 By definition, how many keys are needed to lock and unlock data using symmetric -key encryption? A. B. C. D. 3+ 2 1 0
QUESTION 17 A autonomous agent that copies itself into one or more host programs, then propagates when the host is run, is best described as a: A. B. C. D. Trojan horse Back door Logic bomb Virus
QUESTION 18 What are access decisions based on in a MAC (Mandatory Access Control) environment? A. B. C. D. Access control lists Ownership Group membership Sensitivity labels
Answer: D Section: (none)
Explanation/Reference:
QUESTION 19 A company uses WEP (Wired Equivalent Privacy) for wireless security. Who may authenticate to the companys access point? A. B. C. D. Only the administrator. Anyone can authenticate. Only users within the company. Only users with the correct WEP (Wired Equivalent Privacy) key.
QUESTION 20 Notable security organizations often recommend only essential services be provided by a particular host, and any unnecessary services be disable. Which of the following does NOT represent a reason supporting this recommendation? A. Each additional service increases the risk of compromising the host, the services that run on the host, and potential clients of these services. B. Different services may require different hardware, software, or a different discipline of administration. C. When fewer services and applications are running on a specific host, fewer log entries and fewer interactions between different services are expected, which simplifies the analysis and maintenance of the system from a security point of view. D. If a service is not using a well-known port, firewalls will not be able to disable access to this port, and an administrator will not be able to restrict access to this service. Answer: B Section: (none) Explanation/Reference:
QUESTION 21 Of the following services, which one determines what a user can change or view? A. B. C. D. Data integrity Data confidentiality Data authentication Access control
QUESTION 22 One way to limit hostile sniffing on a LAN (Local Area Network is by installing: A. B. C. D. An ethernet switch. An ethernet hub. A CSU/DSU (Channel Service Unit/Data Service Unit). A firewall.
QUESTION 23 Packet sniffing can be used to obtain username and password information in clear text from which one of the following? A. B. C. D. SSH (Secure Shell) SSL (Secure Sockets Layer) FTP (File Transfer Protocol) HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer)
QUESTION 24 Documenting change levels and revision information is most useful for: A. B. C. D. Theft tracking Security audits Disaster recovery License enforcement
QUESTION 25 IMAP4 requires port ____ to be open. A. 80 B. 3869
C. D. E. F. G. H. I.
22 21 23 25 110 143 443
Answer: H Section: (none) Explanation/Reference:
QUESTION 26 As the Security Analyst for your companies network, you become aware that your systems may be under attack. This kind of attack is a DOS attack and the exploit send more traffic to a node than anticipated. What kind of attack is this? A. B. C. D. Ping of death Buffer Overflow Logic Bomb Smurf
QUESTION 27 As the Security Analyst for your companies network, you want to implement AES. What algorithm will it use? A. B. C. D. Rijndael Nagle Spanning Tree PKI
QUESTION 28 Forensic procedures must be followed exactly to ensure the integrity of data obtained in an investigation. When making copies of data from a machine that us being examined, which of the following tasks should be done to ensure it is an exact duplicate?
A. B. C. D.
Perform a cyclic redundancy check using a checksum or hashing algorithm. Change the attributes of data to make it read only. Open files on the original media and compare them to the copied data. Do nothing. Imaging software always makes an accurate image.
QUESTION 29 As the Security Analyst for your companies network, you want to implement Single Signon technology. What benefit can you expect to get when implementing Single Signon? A. B. C. D. You will need to log on twice at all times. You can allow for system wide permissions with it. You can install multiple applications. You can browse multiple directories.
QUESTION 30 What technology was originally designed to decrease broadcast traffic but is also beneficial in reducing the likelihood of having information compromised by sniffers? A. B. C. D. VPN (Virtual Private Network) DMZ (Demilitarized Zone) VLAN (Virtual Local Area Network) RADIUS (Remote Authentic ation Dial-in User Service)
Exam C QUESTION 1 When a user clicks to browse a secure page, the SSL (Secure Sockets Layer) enabled server will first: A. B. C. D. Use its digital certificate to establish its identity to the browser. Validate the user by checking the CRL (Certificate Revocation List). Request the user to produce the CRL (Certificate Revocation List). Display the requested page on the browser, then provide its IP (Internet Protocol) address for verification
QUESTION 2 A _____ occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle. A. B. C. D. E. F. Brute Force attack Buffer overflow Man in the middle attack Blue Screen of Death SYN flood Spoofing attack
QUESTION 3 Which of the following describes the concept of data integrity? A. B. C. D. A means of determining what resources a user can use and view. A method of security that ensures all data is sequenced, and numbered. A means of minimizing vulnerabilities of assets and resources. A mechanism applied to indicate a datas level of security.
QUESTION 4 After installing a new operating system, what configuration changes should be
implemented? A. B. C. D. Create application user accounts. Rename the guest account. Rename the administrator account, disable the guest accounts. Create a secure administrator account.
QUESTION 5 You are explaining SSL to a junior administrator and come up to the topic of handshaking. How many steps are employed between the client and server in the SSL handshake process? A. B. C. D. Five Six Seven Eight
QUESTION 6 The term due care best relates to: A. B. C. D. Policies and procedures intended to reduce the likelihood of damage or injury. Scheduled activity in a comprehensive preventative maintenance program. Techniques and methods for secure shipment of equipment and supplies. User responsibilities involved when sharing passwords in a secure environment.
QUESTION 7 At what stage of an assessment would an auditor test systems for weaknesses and attempt to defeat existing encryption, passwords and access lists? A. Penetration B. Control C. Audit planning
D. Discovery Answer: A Section: (none) Explanation/Reference:
QUESTION 8 Controlling access to information systems and associated networks is necessary for the preservation of their: A. B. C. D. Authenticity, confidentiality, integrity and availability. Integrity and availability. Confidentiality, integrity and availability. Authenticity, confidentiality and availability.
QUESTION 9 The start of the LDAP (Lightweight Directory Access Protocol) directory is called the: A. B. C. D. Head Root Top Tree
QUESTION 10 What type of authentication may be needed when a stored key and memorized password are not strong enough and additional layers of security is needed? A. B. C. D. Mutual Multi-factor Biometric Certificate
QUESTION 11 Dave is increasing the security of his Web site by adding SSL (Secure Sockets Layer). Which type of encryption does SSL use? A. B. C. D. Asymmetric Symmetric Public Key Secret
QUESTION 12 In context of wireless networks, WEP (Wired Equivalent Privacy) was designed to: A. B. C. D. Provide the same level of security as a wired LAN (Local Area Network). Provide a collision preventive method of media access. Provide a wider access area that that of wired LANs (Local Area Network). Allow radio frequencies to penetrate walls.
QUESTION 13 What are two common methods when using a public key infrastructure for maintaining access to servers in a network? A. B. C. D. ACL and PGP. PIM and CRL. CRL and OCSP. RSA and MD2
QUESTION 14 What is the greatest benefit to be gained through the use of S/MINE /Secure Multipurpose Internet Mail Extension) The ability to:
A. B. C. D.
Encrypted and digitally sign e- mail messages. Send anonymous e- mails. Send e-mails with a return receipt. Expedite the delivery of e-mail.
QUESTION 15 While performing a routing site audit of your wireless network, you discover an unauthorized Access Point placed on your network under the desk of Accounting department security. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. What type of attack have you just become a victim of? A. B. C. D. E. F. G. H. I. SYN Flood. Distributed Denial of Service. Man in the Middle attack. TCP Flood. IP Spoofing. Social Engineering Replay attack Phone tag Halloween attack
Answer: F Section: (none) Explanation/Reference:
QUESTION 16 A collection of information that includes login, file access, other various activities, and actual or attempted legitimate and unauthorized violations is a(n): A. B. C. D. Audit ACL (Access Control List) Audit trail Syslog
QUESTION 17
You are the first person to respond to the scene of an incident involving a computer being hacked. After determining the scope of the crime scene and securing it, you attempt to preserve evidence at the scene. Which of the following tasks will you perform to preserve evidence? (Choose all that apply.) A. Photograph any information displayed on the monitors of computers involved in the incident. B. Document any observation or messages displayed by the computer. C. Shut down the computer to prevent further attacks that may modify data. D. Gather up manuals, nonfunctioning devices, and other materials and equipment in the area so they are ready for transport. Answer: AB Section: (none) Explanation/Reference:
QUESTION 18 A well defined business continuity plan must consist of risk and analysis, business impact analysis, strategic planning and mitigation, training and awareness, maintenance and audit and: A. B. C. D. Security labeling and classification. Budgeting and acceptance. Documentation and security labeling. Integration and validation.
QUESTION 19 Which of the following media types is most immune to RF (Radio Frequency) eavesdropping? A. B. C. D. Coaxial cable Fiber optic cable Twisted pair wire Unbounded
QUESTION 20 A piece of malicious code that can replicate itself has no productive purpose and exist
only to damage computer systems or create further vulnerabilities is called a? A. B. C. D. E. Logic Bomb Worm Trojan Horse SYN flood Virus
Answer: E Section: (none) Explanation/Reference:
QUESTION 21 How many bits are employed when using has encryption? A. B. C. D. 32 64 128 256
QUESTION 22 You are the first person to arrive at a crime scene. An investigator and crime scene technician arrive afterwards to take over the investigation. Which of the following tasks will the crime scene technician be responsible for performing? A. Ensure that any documentation and evidence they possessed is handled over to the investigator. B. Reestablish a perimeter as new evidence presents itself. C. Establish a chain of command. D. Tag, bag, and inventory evidence. Answer: D Section: (none) Explanation/Reference:
QUESTION 23 Which of the following is an example of an asymmetric algorithm? A. CAST (Carlisle Adams Stafford Tavares) B. RC5 (Rivest Cipher 5)
C. RSA (Rivest Shamir Adelman) D. SHA-1 (Secure Hashing Algorithm 1) Answer: C Section: (none) Explanation/Reference:
QUESTION 24 Honey pots are useful in preventing attackers from gaining access to critical system. True or false? A. True B. False C. It depends on the style of attack used. Answer: A Section: (none) Explanation/Reference:
QUESTION 25 You are researching the ARO and need to find specific data that can be used for risk assessment. Which of the following will you use to find information? A. B. C. D. Insurance companies Stockbrokers Manuals included with software and equipment. None of the above. There is no way to accurately predict the ARO.
QUESTION 26 Data integrity is best achieved using a(n) A. B. C. D. Asymmetric cipher Digital certificate Message digest Symmetric cipher
QUESTION 27 In order for a user to obtain a certificate from a trusted CA (Certificate Authority), the user must present proof of identity and a: A. B. C. D. Private key Public key Password Kerberos key
QUESTION 28 Which of the following is a technical solution that supports high availability? A. B. C. D. UDP (User Datagram Protocol) Anti-virus solution RAID (Redundant Array of Independent Disks) Firewall
QUESTION 29 You have decided to implement biometrics as part of your security system. Before purchasing a locking system that uses biometrics to control access to secure areas, you need to decide what will be used to authenticate users. Which of the following options relies solely on biometric authentication? A. B. C. D. Username and password. Fingerprints, retinal scans, PIN numbers, and facial characteristics. Voice patterns, fingerprints, and retinal scans. Strong passwords, PIN numbers, and digital imaging.
QUESTION 30 Which of the following results in a domain name server resolving the domain name to
a different and thus misdirecting Internet traffic? A. B. C. D. DoS (Denial of Service) Spoofing Brute force attack Reverse DNS (Domain Name Service)
Exam D QUESTION 1 Which two of the following are symmetric -key algorithms used for encryption? A. B. C. D. Stream-cipher Block Public Secret
Answer: AB Section: (none) Explanation/Reference:
QUESTION 2 While connected from home to an ISP (Internet Service Provider), a network administrator performs a port scan against a corporate server and encounters four open TCP (Transmission Control Protocol) ports: 25, 110, 143 and 389. Corporate users in the organization must be able to connect from home, send and receive messages on the Internet, read e- mail by beams of the IMAPv.4 (Internet Message Access Protocol version 4) protocol, and search into a directory services database for user e-mail addresses, and digital certificates. All the e-mail relates services, as well as the directory server, run on the scanned server. Which of the above ports can be filtered out to decrease unnecessary exposure without affecting functionality? A. B. C. D. 25 110 143 389
QUESTION 3 A high profile company has been receiving a high volume of attacks on their web site. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implemented? A. B. C. D. A DMZ (Demilitarized Zone) A honey pot A firewall A new subnet
Answer: B Section: (none)
QUESTION 4 When a session is initiated between the Transport Control Program (TCP) client and server in a network, a very small buffer space exist to handle the usually rapid handshaking exchange of messages that set s up the session. What kind of attack exploits this functionality? A. B. C. D. Buffer Overflow SYN Attack Smurf Birthday Attack
QUESTION 5 A primary drawback to using shared storage clustering for high availability and disaster recover is: A. The creation of a single point of vulnerability. B. The increased network latency between the host computers and the RAID (Redundant Array of Independent Disk) subsystem. C. The asynchronous writes which must be used to flush the server cache. D. The highest storage capacity required by the RAID (Redundant Array of Independent Disks) subsystem. Answer: A Section: (none) Explanation/Reference:
QUESTION 6 What kind of attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system? A. B. C. D. CRL DOS ACL MD2
QUESTION 7 A problem with air conditioning is causing fluctuations in temperature in the server room. The temperature is rising to 90 degrees when the air conditioner stops working, and then drops to 60 degrees when it starts working again. The problem keeps occurring over the next two days. What problem may result from these fluctuations? (Select the best answer.) A. B. C. D. Electrostatic discharge Power outages Chip creep Poor air quality
QUESTION 8 In order to establish a secure connection between headquarters and a branch office over a public network, the router at each location should be configured to use IPSec (Internet Protocol Security) in ______ mode. A. B. C. D. Secure Tunnel Transport Data link
QUESTION 9 Giving each user or group of users only the access they need to do their job is an example of which security principal. A. B. C. D. Least privilege Defense in depth Separation of duties Access control
QUESTION 10 When an ActiveX control is executed, it executes with the privileges of the: A. B. C. D. Current user account Administrator account Guest account System account
QUESTION 11 Which of the following is the best description of separation of duties? A. Assigning different parts of tasks to different employees. B. Employees are granted only the privileges necessary to perform their tasks. C. Each employee is granted specific information that is required to carry out the job function. D. Screening employees before assigning them to a position. Answer: A Section: (none) Explanation/Reference: Explanation: A task needs several people involved as a method of checks and balances.
QUESTION 12 Which of the following is a popular VPN (Virtual Private Network) protocol operating at OSI (Open Systems Interconnect) model Layer 3? A. B. C. D. PPP (Point-to-Point Protocol) SSL (Secure Sockets Layer) L2TP (Layer Two Tunneling Protocol) IPSec (Internet Protocol Security)
QUESTION 13 The system administrator has just used a program that highlighted the susceptibility of several servers on the network to various exploits. The program also suggested fixes. What type of program was used?
A. B. C. D.
Intrusion detection Port scanner Vulnerability scanner Trojan scanner
QUESTION 14 What fingerprinting technique relies on the fact that operating systems differ in the amount of information that is quoted when ICMP (Internet Control Message Protocol) errors are encountered? A. B. C. D. TCP (Transmission Control Protocol) options. ICMP (Internet Control Message Protocol) error message quenching. Fragmentation handling. ICMP (Internet Control Message Protocol) message quoting.
Answer: D Section: (none) Explanation/Reference: Explanation: ICMP Message quoting: The ICMP quotes back part of the original message with every ICMP error message. Each operating system will quote definite amount of message to the ICMP error messages. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote hosts OS.
QUESTION 15 An extranet would be best defined as an area or zone: A. B. C. D. Set aside for business to store extra servers for internal use. Accessible to the general public for accessing the business web site. That allows a business to securely transact with other businesses. Added after the original network was built for additional storage.
Answer: C Section: (none) Explanation/Reference: Explanation: An extranet is a private network that uses the Internet protocol and the public telecommunication system to securely share part of a business's information or operations with suppliers, vendors, partners, customers, or other businesses. An extranet can be viewed as part of a company's intranet that is extended to users outside the company.
QUESTION 16 What authentication problem is addressed by single sign on? A. Authorization through multiple servers.
B. Multiple domains. C. Multi-factor authentication. D. Multiple usernames and passwords. Answer: D Section: (none) Explanation/Reference:
QUESTION 17 An administrator is concerned with viruses in e-mail attachments being distributed and inadvertently installed on users workstations. If the administrator sets up and attachment filter, what types of attachments should be filtered from e- mails to minimize the danger of viruses. A. B. C. D. Text file Image files Sound files Executable files
QUESTION 18 Which protocol is typically used for encrypting traffic between a web browser and web server? A. B. C. D. IPSec (Internet Protocol Security) HTTP (Hypertext Transfer Protocol) SSL (Secure Sockets Layer) VPN (Virtual Private Network)
QUESTION 19 Incorrectly detecting authorized access as an intrusion or attack is called a false: A. B. C. D. Negative Intrusion Positive Alarm
Answer: C
QUESTION 20 When hardening a machine against external attacks, what process should be followed when disabling services? A. Disable services such as DHCP (Dynamic Host Configuration Protocol) client and print servers from servers that do not use/serve those functions. B. Disable one unnecessary service after another, while reviewing the effects of the previous action. C. Research the services and their dependencies before disabling any default services. D. Disable services not directly related to financial operations. Answer: C Section: (none) Explanation/Reference:
QUESTION 21 Message authentication codes are used to provide which service? A. B. C. D. Integrity Fault recovery Key recovery Acknowledgement
QUESTION 22 IDEA (International Data Encryption Algorithm), Blowfish, RC5 (Rivest Cipher 5) and CAST-128 are encryption algorithms of which type? A. B. C. D. Symmetric Asymmetric Hashing Elliptic curve
Answer: A Section: (none) Explanation/Reference: Explanation: A few well-known examples of symmetric encryption algorithms are: DES, Triple-DES (3DES), IDEA, CAST-128, BLOWFISH, RC5, and TWOFISH.
Note: When using symmetric algorithms, both parties share the same key for en- and decryption. To provide privacy, this key needs to be kept secret. Once somebody else gets to know the key, it is not safe any more. Symmetric algorithms have the advantage of not consuming too much computing power.
QUESTION 23 An example of a physical access barrier would be: A. B. C. D. Video surveillance Personnel traffic pattern management Security guard Motion detector
QUESTION 24 Which of the following is likely to be found after enabling anonymous FTP (File Transfer Protocol) read/write access? A. B. C. D. An upload and download directory for each user. Detailed logging information for each user. Storage and distribution of unlicensed software. Fewer server connections and less network bandwidth utilization.
QUESTION 25 Currently, the most costly method of an authentication is the use of: A. B. C. D. Passwords Tokens Biometrics Shared secrets
QUESTION 26 Which systems should be included in a disaster recover plan?
A. B. C. D.
All systems. Those identified by the board of directors, president or owner. Financial systems and human resources systems. Systems identified in a formal risk analysis process.
Answer: D Section: (none) Explanation/Reference: Explanation: A preliminary risk analysis is performed to identify business critical applications and functions. Once those functions have been identified and documented, we prepared a structured approach to disaster recovery for the organization.
QUESTION 27 Security requirements for servers DO NOT typically include: A. The absence of vulnerabilities used by known forms of attack against server hosts. B. The ability to allow administrative activities to all users. C. The ability to deny access to information on the server other than that intended to be available. D. The ability to disable unnecessary network services that may be built into the operating system or server software. Answer: B Section: (none) Explanation/Reference:
QUESTION 28 An administrator of a web server notices many port scans to a server. To limit exposure and vulnerability exposed by these port scans the administrator should: A. Disable the ability to remotely scan the registry. B. Leave all processes running for possible future use. C. Close all programs or processes that use a UDP (User Datagram Protocol) or TCP (Transmission Control Protocol) port. D. Uninstall or disable any programs or processes that are not needed for the proper use of the server. Answer: D Section: (none) Explanation/Reference:
QUESTION 29 Privileged accounts are most vulnerable immediately after a: A. Successful remote login.
B. Privileged user is terminated. C. Default installation is performe d. D. Full system backup is performed. Answer: B Section: (none) Explanation/Reference: Explanation: A fired domain admin could easily RAS or VPN in and wreck havoc if his/her privileged account is not disabled.
QUESTION 30 What is the advantage of a multi-homed firewall? A. It is relatively inexpensive to implement. B. The firewall rules are easier to manage. C. If the firewall is compromised, only the systems in the DMZ (Demilitarized Zone) are exposed. D. An attacker must circumvent two firewalls. Answer: C Section: (none) Explanation/Reference:
Exam E QUESTION 1 A password security policy can help a system administrator to decrease the probability that a password can be guessed by reducing the passwords: A. B. C. D. Length Lifetime Encryption level Alphabet set
QUESTION 2 What is the best defence against man in the middle attacks? A. B. C. D. A firewall Strong encryption Strong authentication Strong passwords
Answer: C Section: (none) Explanation/Reference: Explanation: A man in the middle (MITM) attack, means that someone places himself in the communication channel between the two parties already at the time of certificate exchange. When a party sends its public key to the other, the MITM takes this key and replaces it by his own. The other party thinks the key just received came from the expected sender, but in fact it comes from the MITM. That's the reasons why public keys should be signed by a trusted authority (a.k.a. "trust center" or "certificate authority").
QUESTION 3 One of the most effective ways for an administrator to determine what security holes reside on a network is to: A. B. C. D. Perform a vulnerability assessment. Run a port scan. Run a sniffer. Install and monitor and IDS (Intrusion Detection System)
QUESTION 4 An inherent flaw of DAC (Discretionary Access Control) relating to security is: A. DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse. B. DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates. C. DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account. D. DAC (Discretionary Access Control) has no known security flaws. Answer: A Section: (none) Explanation/Reference:
QUESTION 5 What is the most common method used by attackers to identify the presence of an 801.11b network? A. B. C. D. War driving Direct inward dialing War dialing Packet driving
Answer: A Section: (none) Explanation/Reference: Explanation: War driving is the practice of literally driving around looking for free connectivity from Wi-Fi networks. Incorrect Answers: B: Does not apply. C: In war dialing combinations of numbers are tested to find network back doors via modem. D: Does not apply.
QUESTION 6 Analyzing log files after an attack has started as an example of: A. B. C. D. Active detection Overt detection Covert detection Passive detection
Answer: D Section: (none) Explanation/Reference: Explanation: Passive intrusion detection systems involve the manual review of event logs and application logs. The inspection involves analysis and detection of attack patterns in event log data.
QUESTION 7 A malformed MIME (Multipurpose Internet Mail Extensions) header can: A. Create a back door that will allow an attacker free access to a companys private network. B. Create a virus that infects a users computer. C. Cause an unauthorized disclosure of private information. D. Cause an e-mail server to crash. Answer: D Section: (none) Explanation/Reference:
QUESTION 8 When a user digitally signs a document an asymmetric algorithm is used to encrypt: A. B. C. D. Secret passkeys File contents Certificates Hash results
QUESTION 9 The best way to harden an application that is developed in house is to: A. Use an industry recommended hardening tool. B. Ensure that security is given due considerations throughout the entire development process. C. Try attacking the application to detect vulnerabilities, then develop patches to fix any vulnerabilities found. D. Ensure that the auditing system is comprehensive enough to detect and log any possible intrusion, identifying existing vulnerabilities. Answer: B Section: (none) Explanation/Reference:
QUESTION 10 The best method to use for protecting a password stored on the server used for user authentication is to:
A. B. C. D.
Store the server password in clear text. Hash the server password. Encrypt the server password with asymmetric keys. Encrypt the server password with a public key.
QUESTION 11 During the digital signature process, asymmetric cryptography satisfied what security requirement? A. B. C. D. Confidentiality Access control Data integrity Authentication
QUESTION 12 Which encryption scheme relies on both the sender and receiver to use different keys to encrypt and decrypt messages? A. B. C. D. Symmetric Blowfish Skipjack Asymmetric
Answer: D Section: (none) Explanation/Reference: Explanation: Asymmetric Encryption is a form of Encryption where keys come in pairs. What one key encrypts, only the other can decrypt. Incorrect Answers: A: In symmetric encryption the message can be encrypted and decrypted using the same key. B: Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. C: Skipjack is the encryption algorithm contained in the Clipper chip, and it was designed by the NSA.
QUESTION 13 For system logging to be an effective security measure, an administrator must: A. B. C. D. Review the logs on a regular basis. Implement circular logging. Configure the system to shutdown when the logs are full. Configure SNMP (Simple Network Management Protocol) traps for logging events.
QUESTION 14 The most effective way an administrator can protect users from social engineering is: A. B. C. D. Education Implement personal firewalls. Enable logging on at users desktops. Monitor the network with an IDS (Intrusion Detection System)
Answer: A Section: (none) Explanation/Reference: Explanation: Social engineering: An outside hacker's use of psychological tricks on legitimate users of a computer system, in order to gain the information (usernames and passwords) he needs to gain access to the system.
QUESTION 15 With regards to the use of Instant Messaging, which of the following type of attack strategies is effectively combated with user awareness training? A. B. C. D. Social engineering Stealth Ambush Multi-prolonged
QUESTION 16 The process by which remote users can make a secure connection to internal resources after establishing an Internet connection could correctly be referred to as: A. Channeling B. Tunneling
C. Throughput D. Forwarding Answer: B Section: (none) Explanation/Reference:
QUESTION 17 Appropriate documentation of a security incident is important for each of the following reasons EXCEPT: A. The documentation serves as a lessons learned which may help avoid further exploitation of the same vulnerability. B. The documentation will server as an aid to updating policy and procedure. C. The documentation will indicate who should be fired for the incident. D. The documentation will server as a tool to assess the impact and damage for the incident. Answer: C Section: (none) Explanation/Reference:
QUESTION 18 How can an e-mail administrator prevent malicious users from sending e- mails from non-existent domains? A. Enable DNS (Domain Name Service) reverse lookup on the e-mail server. B. Enable DNS (Domain Name Service) forward lookup on the e-mail server. C. Enable DNS (Domain Name Service) recursive queries on the DNS (Domain Name Service) server. D. Enable DNS (Domain Name Service) reoccurring queries on the DNS (Domain Name Service) Answer: A Section: (none) Explanation/Reference:
QUESTION 19 A network attack that misuses TCPs (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users is called a: A. B. C. D. Man in the middle. Smurf Teardrop SYN (Synchronize)
QUESTION 20 Which of the following options describes a challenge-response session? A. A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identification Number). B. A workstation or system that generates a random login ID that the user enters when prompted along with the proper PIN (Personal Identification Number). C. A special hardware device that is used to generate random text in a cryptography system. D. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated. Answer: A Section: (none) Explanation/Reference:
QUESTION 21 Assuring the recipient that a message has not been altered in transit is an example of which of the following: A. B. C. D. Integrity Static assurance Dynamic assurance Cyclical check sequence
QUESTION 22 A server placed into service for the purpose of attracting a potential intruders attention is known as a: A. B. C. D. Honey pot Lame duck Teaser Pigeon
Answer: A Section: (none)
Explanation/Reference: Explanation: A honeypot is a system which uses fake server and send alarms when some "bad guy" try to exploit some bug. The goal is to learn how black-hats probe for and exploit a system. By learning their tools and methods, you can then better protect your network and systems.
QUESTION 23 An organization is implementing Kerberos as its primary authentication protocol. Which of the following must be deployed for Kerberos to function properly? A. B. C. D. Dynamic IP (Internet Protocol) routing protocols for routers and servers. Separate network segments for the realms. Token authentication devices. Time synchronization services for clients and servers.
Answer: D Section: (none) Explanation/Reference: Explanation: Time synchronization is crucial because Kerberos uses server and workstation time as part of the authentication process.
QUESTION 24 The action of determining with operating system is installed on a system simply by analyzing its response to certain network traffic is called: A. B. C. D. OS (Operating System) scanning. Reverse engineering. Fingerprinting Host hijacking.
QUESTION 25 One of the factors that influence the lifespan of a public key certificate and its associated keys is the: A. B. C. D. Value of the information it is used to protect. Cost and management fees. Length of the asymmetric hash. Data available openly on the cryptographic system.
QUESTION 26 A DRP (Disaster Recovery Plan) typic ally includes which of the following: A. B. C. D. Penetration testing. Risk assessment. DoS (Denial of Service) attack. ACLs (Access Control List).
QUESTION 27 When a change to user security policy is made, the policy maker should provide appropriate documentation to: A. B. C. D. The security administrator. Auditors Users All staff.
QUESTION 28 A major difference between a worm and a Trojan horse program is: A. B. C. D. Worms are spread via e- mail while Trojan horses are not. Worms are self replicating while Trojan horses are not. Worms are a form of malicious code while Trojan horses are not. There is no difference.
QUESTION 29 A common algorithm used to verify the integrity of data from a remote user through a the creation of a 128-bit hash from a data input is: A. IPSec (Internal Protocol Security)
B. RSA (Rivest Shamir Adelman) C. Blowfish D. MD5 (Message Digest 5) Answer: D Section: (none) Explanation/Reference: Explanation: The MD5 hashing algorithm that creates a 128-bit hash value.
QUESTION 30 A network administrator wants to restrict internal access to other parts of the network. The network restrictions must be implemented with the least amount of administrative overhead and must be hardware based. What is the best solution? A. B. C. D. Implement firewalls between subnets to restrict access. Implement a VLAN (Virtual Local Area Network) to restrict network access. Implement a proxy server to restrict access. Implement a VPN (Virtual Private Network).
Exam F QUESTION 1 Which one of the following would most likely lead to a CGI (Common Gateway Interface) security problem? A. B. C. D. HTTP (Hypertext Transfer Protocol) protocol. Compiler or interpreter that runs the CGI (Common Gateway Interface) script. The web browser. External data supplied by the user.
QUESTION 2 What is the best method of reducing vulnerability from dumpster diving? A. B. C. D. Hiring additional security staff. Destroying paper and other media. Installing surveillance equipment. Emptying the trash can frequently.
QUESTION 3 SSL (Secure Sockets Layer) session keys are available in what two lengths? A. B. C. D. 40-bit and 64-bit. 40-bit and 128-bit. 64-bit and 128-bit. 128-bit and 1,024-bit.
QUESTION 4 Which of the following is expected network behaviour? A. Traffic coming from or going to unexpected locations. B. Non-standard or malformed packets/protocol violations.
C. Repeated, failed connection attempts. D. Changes in network performance such as variations in traffic load. Answer: D Section: (none) Explanation/Reference:
QUESTION 5 Which of the following steps in the SSL (Secure Socket Layer) protocol allows for client and server authentication, MAC (Mandatory Access Control) and encryption algorithm negotiation, and selection of cryptographic keys? A. B. C. D. SSL (Secure Sockets Layer) alert protocol. SSL (Secure Sockets Layer) change cipher spec protocol. SSL (Secure Sockets Layer) record protocol. SSL (Secure Sockets Layer) handshake protocol.
Answer: D Section: (none) Explanation/Reference: Explanation: SSL Handshake Protocol run before any application data is transmitted provides mutual authentication establishes secret encryption keys establishes secret MAC keys
QUESTION 6 Which of the following correctly identifies some of the contents of an users X.509 certificate? A. Users public key, object identifiers, and the location of the users electronic identity. B. Users public key, the CA (Certificate Authority) distinguished name, and the type of symmetric algorithm used for encryption. C. Users public key, the certificates serial number, and the certificates validity dates. D. Users public key, the serial number of the CA (Certificate Authority) certificate, and the CRL (Certificate Revocation List) entry point. Answer: B Section: (none) Explanation/Reference: Explanation: The X.509 standard defines what information can go into a certificate, and describes how to write it down (the data format). All X.509 certificates have the following data, in addition to the signature: Version: Serial Number: The entity that created the certificate, the CA, is responsible for assigning it a serial number to distinguish it from other certificates it issues. Signature Algorithm Identifier: Issuer Name: The X.500 name of the entity that signed the certificate. This is normally a CA. Using this certificate implies trusting the entity that signed this certificate.
Validity Period: Subject Name: Subject Public Key Information: This is the public key of the entity being named, together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters. Reference: http://csrc.nist.gov/pki/panel/santosh/tsld002.htm
QUESTION 7 What is the best method of defence against IP (Internet Protocol) spoofing attacks? A. B. C. D. Deploying intrusion detection systems. Creating a DMZ (Demilitarized Zone). Applying ingress filtering to routers. Thee is not a good defense against IP (Internet Protocol) spoofing.
Answer: C Section: (none) Explanation/Reference: Explanation: IP Spoofing attacks that take advantage of the ability to forge (or "spoof") IP address can be prevented by implementing Ingress and Egress filtering on the network perimeter.
QUESTION 8 A need to know security policy would grant access based on: A. B. C. D. Least privilege Less privilege Loss of privilege Singe privilege
QUESTION 9 Which tunneling protocol only works on IP networks? A. B. C. D. IPX L2TP PPTP SSH
QUESTION 10 What functionality should be disallowed between a DNS server and untrusted node? A. B. C. D. name resolutions reverse ARP requests system name resolutions zone transfers
Answer: D Section: (none) Explanation/Reference: Explanation: Users who can start zone transfers from your server can list all of the records in your zones.
QUESTION 11 Which access control method provides the most granular access to protected objects? A. B. C. D. Capabilities Access control lists Permission bits Profiles
QUESTION 12 The primary DISADVANTAGE of symmetric cryptography is: A. B. C. D. Speed Key distribution Weak algorithms Memory management
Answer: B Section: (none) Explanation/Reference: Explanation: In symmetric encryption the message can be encrypted and decrypted using the same key.
QUESTION 13 What port does SNMP use? A. 21 B. 161
C. 53 D. 49 Answer: B Section: (none) Explanation/Reference: Explanation: SNMP uses UDP port 161
QUESTION 14 What port does TACACS use? A. B. C. D. 21 161 53 49
Answer: D Section: (none) Explanation/Reference: Explanation: TACACS uses both TCP and UDP port 49.
QUESTION 15 What would NOT improve the physical security of workstations? A. B. C. D. Lockable cases, keyboards, and removable media drives. Key or password protected configuration and setup. Password required to boot. Strong passwords.
QUESTION 16 What are the four major components of ISAKMP (Internet Security Association and Key Management Protocol)? A. Authentication of peers, threat management, communication management, and cryptographic key establishment. B. Authentication of peers, threat management, communication management, and cryptographic key establishment and management. C. Authentication of peers, threat management, security association creation and management cryptographic key establishment and management. D. Authentication of peers, threat management, security association creation and management and cryptographic key management. Answer: C
Section: (none) Explanation/Reference: Explanation: The four major functional components of ISAKMP are: Authentication of communications peers. Threat mitigation. Security association creation and management. Cryptographic key establishment and management.
QUESTION 17 An attacker can determine what network services are enabled on a target system by: A. B. C. D. Installing a rootkit on the target system. Checking the services file. Enabling logging on the target system. Running a port scan against the target system.
QUESTION 18 What type of attack CANNOT be detected by an IDS (Intrusion Detection System)? A. B. C. D. DoS (Denial of Service) Exploits of bugs or hidden features Spoofed e-mail Port scan
QUESTION 19 Which of the following provides privacy, data integrity and authentication for handles devices in a wireless network environment? A. B. C. D. WEP (Wired Equivalent Privacy) WAP (Wireless Application Protocol) WSET (Wireless Secure Electronic Transaction) WTLS (Wireless Transport Layer Security)
Answer: D Section: (none) Explanation/Reference: Explanation: Short for Wireless Transport Layer Security. WTLS is the security layer of the
WAP, providing privacy, data integrity and authentication for WAP services. Not A: WEP is one of the most popular features available for a Wireless LAN. It is used to encrypt and decrypt data signals transmitted between Wireless LAN devices. In essence, WEP makes a wireless LAN link as secure as a wired link. However, WTLS
QUESTION 20 An effective method of preventing computer viruses from spreading is to: A. B. C. D. Require root/administrator access to run programs. Enable scanning of e- mail attachments. Prevent the execution of .vbs files. Install a host based IDS (Intrusio n Detection System)
QUESTION 21 A PKI (Public Key Infrastructure) document that serves as the vehicle on which to base common interoperability standards and common assurance criteria on an industry wide basis is a certificate: A. B. C. D. Policy Practice Procedure Process
QUESTION 22 The integrity of a cryptographic system is considered compromised if which of the following conditions exist? A. B. C. D. A 40-bit algorithm is used for a large financial transaction. The public key is disclosed. The private key is disclosed. The validity of the data source is compromised.
QUESTION 23 The system administrator concerned about security has designated a special area in which to place the web server away from other servers on the network. This area is commonly known as the? A. B. C. D. Honey pot Hybrid subnet DMZ (Demilitarized Zone) VLAN (Virtual Local Area Network)
Answer: C Section: (none) Explanation/Reference: Explanation: A Demilitarized Zone is used by a company that wants to host its own Internet services without sacrific ing unauthorized access to its private network.
QUESTION 24 A document written by the CEO that outlines PKI use, management and deployment is a... A. B. C. D. PKI policy PKI procedure PKI practice best practices guideline
Answer: A Section: (none) Explanation/Reference: Explanation: Definition of Policy - course of action, guiding principle, or procedure considered expedient, prudent, or advantageous.
QUESTION 25 Which one does not use Smart Card Technology? A. B. C. D. CD Player Cell Phone Satellite Cards Handheld Computer
QUESTION 26 Regarding security, biometrics are used for.
A. B. C. D.
Accountability Certification Authorization Authentication
QUESTION 27 What is the most effective social engineering defence strategy? A. B. C. D. Marking of documents Escorting of guests Badge security system Training and awareness
QUESTION 28 Missing audit log entries most seriously affect an organizations ability to: A. B. C. D. Recover destroyed data. Legally prosecute an attacker. Evaluate system vulnerabilities. Create reliable system backups.
Answer: C Section: (none) Explanation/Reference: Explanation: The audit trail lets you detect suspicious activity from both outsiders and insiders and provides you with important evidence to use against intruders.
QUESTION 29 File encryption using symmetric cryptography satisfies what security requirement? A. B. C. D. Confidentiality Access control Data integrity Authentication
QUESTION 30 A security administrator tasked with confining sensitive data traffic to a specific subnet would do so by manipulating privilege policy based tables in the networks: A. B. C. D. Server Router VPN (Virtual Private Network) Switch
Exam G QUESTION 1 Security training should emphasize that the weakest links in the security of an organization are typically: A. B. C. D. Firewalls Polices Viruses People
QUESTION 2 IEEE (Institute of Electrical and Electronics Engineers) 802.11b is capable of providing data rates of to: A. B. C. D. 10 Mbps (Megabits per second) 10.5 Mbps (Megabits per second) 11 Mbps (Megabits per second) 12 Mbps (Megabits per second)
QUESTION 3 The standard encryption algorithm based on Rijndael is known as: A. B. C. D. AES (Advanced Encryption Standard) 3DES (Triple Data Encryption Standard) DES (Data Encryption Standard) Skipjack
Answer: A Section: (none) Explanation/Reference: Explanation: Rijndael is a symmetric -key block cipher. After a competition Rijndael was selected as the successor to DES and became the Advanced Encryption Standard, or AES.
QUESTION 4 The WAP (Wireless Application Protocol) programming model is based on the following three elements:
A. B. C. D.
Client, original server, WEP (Wired Equivalent Privacy) Code design, code review, documentation Client, original server, wireless interface card Client, gateway, original server
Answer: D Section: (none) Explanation/Reference: Explanation: WAP programming model:
QUESTION 5 Technical security measures and countermeasures are primary intended to prevent: A. Unauthorized access, unauthorized modification, and denial of authorized access. B. Interoperability of the framework, unauthorized modification, and denial of authorized access. C. Potential discovery of access, interoperability of the framework, and denial of authorized access. D. Interoperability of the framework, unauthorized modification, and unauthorized access. Answer: A Section: (none) Explanation/Reference:
QUESTION 6 Poor programming techniques and lack of code review can lead to which of the following type of attack? A. B. C. D. CGI (Common Gateway Interface) script Birthday Buffer overflow Dictionary
QUESTION 7 Security controls may become vulnerabilities in a system unless they are: A. B. C. D. Designed and implemented by the system vendor. Adequately tested. Implemented at the application layer in the system. Designed to use multiple factors of authentication.
QUESTION 8 Which of the following is NOT a characteristic of DEN (Directory Enabled Networking)? A. It is mapped into the directory defined as part of the LDAP (Lightweight Directory Access Protocol). B. It is inferior to SNMP (Simple Network Management Protocol). C. It is an object oriented information model. D. It is an industry standard indicating how to construct and store information about a networks users, applications and data. Answer: B Section: (none) Explanation/Reference:
QUESTION 9 A network attack method that uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer is known as a: A. B. C. D. Man in the middle attack Smurf attack Ping of death attack TCP SYN (Transmission Control Protocol / Synchronized) attack
Answer: C Section: (none) Explanation/Reference: Explanation: The Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. IP packets of this size are illegal, but applications can be built that are capable of creating them. Carefully programmed operating systems could detect and safely handle illegal IP packets, but some failed to do this. Note: Packets that are bigger than the maximum size the underlying layer can handle (the MTU) are fragmented into smaller packets, which are then reassembled by the receiver. For ethernet style devices, the MTU is typically 1500. Incorrect Answers: A: A man in the middle attack allows a third party to intercept and replace components of the data stream. B: The "smurf" attack, named after its exploit program, is one of the most recent in the category of network-level attacks against hosts. A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim. D: In a TCP SYN attack a sender transmits a volume of connections that cannot be completed. This causes the connection queues to fill up, thereby denying service to
legitimate TCP users.
QUESTION 10 Which of the following is considered the best technical solution for reducing the treat of a man in the middle attack? A. Virtual LAN (Local Area Network) B. GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol-within-Internet Protocol Encapsulation Protocol) C. PKI (Public Key Infrastructure) D. Enforcement of badge system Answer: C Section: (none) Explanation/Reference:
QUESTION 11 Access controls based on security labels associated with each data item and each user are known as: A. B. C. D. MACs (Mandatory Access Control) RBACs (Role Based Access Control) LBACs (List Based Access Control) DACs (Discretionary Access Control)
QUESTION 12 What is NOT an acceptable use for smart card technology? A. B. C. D. Mobile telephones Satellite television access cards A PKI (Public Key Infrastructure) token card shared by multiple users Credit cards
QUESTION 13 Which of the following access control models introduces user security clearance and data classification?
A. B. C. D.
RBAC (Role Based Access Control). NDAC (Non-Discretionary Access Control). MAC (Mandatory Access Control). DAC (Discretionary Access Control).
QUESTION 14 A wireless network with three access points, two of which are used as repeaters, exists at a company. What step should be taken to secure the wireless network? A. B. C. D. Ensure that employees use complex passwords. Ensure that employees are only using issued wireless cards in their systems. Ensure that WEP (Wired Equivalent Privacy) is being used. Ensure that everyone is using adhoc mode.
QUESTION 15 How are clocks used in a Kerberos authentication system? A. B. C. D. The clocks are synchronized to ensure proper connections. The clocks are synchronized to ensure tickets expire correctly. The clocks are used to generate the seed value for the encryptions keys. The clocks are used to benchmark and set the optimal encryption algorithm.
QUESTION 16 What are three measures which aid in the prevention of a social engineering attack? A. B. C. D. education, limit available information and security policy. education, firewalls and security policy. security policy, firewalls and incident response. security policy, system logging and incident response.
Answer: A
QUESTION 17 Which of the following would be most effective in preventing network traffic sniffing? A. B. C. D. deploy an IDS (Intrusion Detection System). disable promiscuous mode. use hubs instead of routers. use switches instead of hubs.
QUESTION 18 Non-repudiation is based on what type of key infrastructure? A. B. C. D. symmetric. distributed trust. asymmetric. user-centric.
QUESTION 19 The first step in effectively implementing a firewall is: A. B. C. D. blocking unwanted incoming traffic. blocking unwanted outgoing traffic. developing a firewall policy. protecting against DDoS (Distributed Denial of Service) attacks.
QUESTION 20 LDAP (Lightweight Directory Access Protocol) requires what ports by default?
A. B. C. D.
389 and 636 389and 139 636 and 137 137 and 139
QUESTION 21 In the context of the Internet; what is tunneling? Tunneling is: A. B. C. D. using the Internet as part of a private secure network the ability to burrow through three levels of firewalls the ability to pass information over the internet within the shortest amount of time creating a tunnel which can capture data
QUESTION 22 Which of the following is required to use S/MIME (Secure Multipurpose Internet Mail Extensions)? A. B. C. D. digital certificate. server side certificate. SSL (Secure Sockets Layer) certificate. public certificate.
QUESTION 23 Non-repudiation is generally used to: A. protect the system from transmitting various viruses, worms and Trojan horses to other computers on the same network. B. protect the system from DoS (Denial of Service) attacks. C. prevent the sender or the receiver from denying that the communication between them has occurred. D. ensure the confidentiality and integrity of the communication.
QUESTION 24 Which of the following is typically included in a CRL (Certificate Revocation List)? A. certificates that have had a limited validity period and have expired. B. certificates that are pending renewal. C. certificates that are considered invalid because they do not contain a valid CA (Certificate Authority) signature. D. certificates that have been disabled before their scheduled expiration. Answer: D Section: (none) Explanation/Reference:
QUESTION 25 Company intranets, newsletters, posters, login banners and e-mails would be good tools to utilize in a security: A. B. C. D. investigation awareness program policy review control test
QUESTION 26 Using distinct key pairs to separate confidentiality services from integrity services to support non-repudiation describes which one of the following models? A. B. C. D. discrete key pair. dual key pair. key escrow. foreign key.
QUESTION 27 What IETF (Internet Engineering Task Force) protocol uses All (Authentication Header) and ESP (Encapsulating Security Payload) to provide security in a networked environment? A. B. C. D. SSL (Secure Sockets Layer). IPSec (Internet Protocol Security). HTTPS (Secure Hypertext Transfer Protocol). SSH (Secure Shell).
QUESTION 28 Which of the following is the best IDS (Intrusion Detection System) to monitor the entire network? A. B. C. D. a network based IDS (Intrusion Detection System) a host based IDS (Intrusion Detection System) a user based lDS (Intrusion Detection System) a client based IDS (Intrusion Detection System)
QUESTION 29 One of the primary concerns of a centralized key management system is that A. B. C. D. keys must be stored and distributed securely certificates must be made readily available the key repository must be publicly accessible the certificate contents must be kept confidential
QUESTION 30 What has 160-Bit encryption? A. MD-5
B. MD-4 C. SHA-1 D. Blowfish Answer: C Section: (none) Explanation/Reference:
Exam H QUESTION 1 FTP (Fi1e Transfer Protocol) is accessed through what ports? A. B. C. D. 80 and 443. 20 and 21. 21 and 23. 20 and 80.
QUESTION 2 In a typical file encryption process, the asymmetric algorithm is used to? A. B. C. D. encrypt symmetric keys. encrypt file contents. encrypt certificates. encrypt hash results.
QUESTION 3 An IT (Information Technology) security audit is generally focused on reviewing existing: A. B. C. D. resources and goals policies and procedures mission statements ethics codes
QUESTION 4 Instant Messaging is most vulnerable to: A. DoS (Denial of Service). B. fraud.
C. stability. D. sniffing. Answer: D Section: (none) Explanation/Reference:
QUESTION 5 Loki, NetCaZ, Masters Paradise and NetBus are all considered what type of attack? A. B. C. D. brute force spoofing back door man in the middle
QUESTION 6 The use of embedded root certificates within web browsers is an example of which of the following trust models? A. B. C. D. bridge. mesh. hierarchy. trust list.
QUESTION 7 A security consideration that is introduced by a VPN (Virtual Private Network) is: A. an intruder can intercept VPN (Virtual Private Network) traffic and create a man in the middle attack. B. captured data is easily decrypted because there are a finite number of encryption keys. C. tunneled data CANNOT be authenticated, authorized or accounted for. D. a firewall CANNOT inspect encrypted traffic. Answer: D Section: (none) Explanation/Reference:
QUESTION 8 Impersonating a dissatisfied customer of a company and requesting a password change on the customers account is a form of: A. B. C. D. hostile code. social engineering. IP (Internet Protocol) spoofing. man in the middle attack.
QUESTION 9 A system administrator discovers suspicious activity that might indicate a computer crime. The administrator should first: A. B. C. D. refer to incident response plan. change ownership of any related files to prevent tampering. move any re lated programs and files to non-erasable media. set the system time to ensure any logged information is accurate.
QUESTION 10 DDoS (Distributed Denial of Service) is most commonly accomplished by: A. internal host computers simultaneously failing. B. overwhelming and shutting down multiple services on a server. C. multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router. D. an individual e- mail address list being used to distribute a virus. Answer: C Section: (none) Explanation/Reference:
QUESTION 11 Which is of greatest importance when considering physical security?
A. B. C. D.
reduce overall opportunity for an intrusion to occur make alarm identification easy for security professionals barricade all entry points against unauthorized entry assess the impact of crime zoning and environmental considerations in the overall design
QUESTION 12 An attack whereby two different messages using the same hash function produce a common message digest is also known as a: A. B. C. D. man in the middle attack. ciphertext only attack. birthday attack. brute force attack.
QUESTION 13 In a RBAC (Role Based Access Control) contexts, which statement best describes the relation between users, roles and operations? A. B. C. D. multiple users, single role and single operation. multiple users, single role and multiple operations. single user, single role and single operation. multiple users, multiple roles and multiple operations.
QUESTION 14 The flow of packets traveling through routers can be controlled by implementing what type of security mechanism? A. B. C. D. ACL (Access Control List) fault tolerance tables OSPF (Open Shortest Path First) policy packet locks
QUESTION 15 Which security architecture utilizes authentication header and/or encapsulating security payload protocols? A. B. C. D. IPSec (Internet Protocol Security). SSL (Secure Sockets Layer). TLS (Transport Layer Security). PPTP (Point-to-Point Tunneling Protocol).
QUESTION 16 The goal of TCP (transmission Control Protocol) hijacking is: A. B. C. D. taking over a legitimate TCP (transmission Control Protocol) connection predicting the TCP (transmission Control Protocol) sequence number identifying the TCP (transmission Control Protocol) port for future exploitation identifying source addresses for malicious use
QUESTION 17 What are the three entities of the SQL (Structured Query Language) security model? A. B. C. D. actions, objects and tables actions, objects and users tables, objects and users users, actions and tables
QUESTION 18 What is the greatest advantage to using RADIUS (Remote Authentication Dial-in User Service) for a multi-site VPN (Virtual Private Network) supporting a large population of remote users? A. RADIUS (Remote Authentic ation Dial-in User Service) provides for a centralized user database. B. RADIUS (Remote Authentication Dial-in User Service) provides for a decentralized user database. C. No user database is required with RADIUS (Remote Authentication Dial-in User Service). D. User database is replicated and stored locally on all remote systems. Answer: A Section: (none) Explanation/Reference:
QUESTION 19 Which of the following is the best protection against an intercepted password? A. B. C. D. VPN (Virtual Private Network). PPTP (Point-to-Point Tunneling Protocol). one time password. complex password requirement.
QUESTION 20 Which of the following is used to authenticate and encrypt IP (Internet Protocol) traffic? A. B. C. D. ESP (Encapsulating Security Payload) S/MIME (Secure Multipurpose Internet Mail Extensions) IPSec (Internet Protocol Security) IPv2 (Internet Protocol version 2)
QUESTION 21 An administrator is configuring a server to make it less susceptible to an attacker obtaining the user account passwords. The administrator decides to have the encrypted
passwords contained within a file that is readable only by root. What is a common name for this file? A. B. C. D. passwd shadow hoats.allow hosts.deny
QUESTION 22 What port scanning technique is used to see what ports are in a listening state and then performs a two way handshake? A. B. C. D. TCP (transmission Control Protocol) SYN (Synchronize) scan TCP (transmission Control Protocol) connect scan TCP (transmission Control Protocol) fin scan TCP (transmission Control Protocol) null scan
QUESTION 23 When hosting a web server with CGI (Common Gateway Interface) scripts, the directories for public view should have: A. B. C. D. execute permissions read and write permissions read, write, and execute permissions full control permissions
QUESTION 24 When User A applies to the CA (Certificate Authority) requesting a certificate to allow the start of communication with User B, User A must supply the CA (Certificate Authority) with A. User As public key only B. User Bs public key only
C. User As and User Bs public keys D. User As and User Bs public and private keys Answer: A Section: (none) Explanation/Reference:
QUESTION 25 Performing a security vulnerability assessment on systems that a company relies on demonstrates: A. B. C. D. that the site CAN NOT be hacked a commitment to protecting data and customers insecurity on the part of the organization a needless fear of attack
QUESTION 26 The Diffie-Hellman algorithm allows: A. B. C. D. access to digital certificate stores from s-certificate authority. a secret key exchange over an insecure medium without any prior secrets. authentication without the use of hashing algorithms. multiple protocols to be used in key exchange negotiations.
QUESTION 27 Which of the following type of attack CAN NOT be deterred solely through technical means? A. B. C. D. dictionary. man in the middle. DoS (Denial of Service). social engineering.
QUESTION 28 TCP/IP (transmission Control Protocol/Internet Protocol) hijacking resulted from exploitation of the fact that TCP/IP (transmission Control Protocol/Internet Protocol): A. has no authentication mechanism, thus allowing a clear text password of 16 bytes B. allows packets to be tunneled to an alternate network C. has no authentication mechanism, and therefore allows connectionless packets from anyone D. allows a packet to be spoofed and inserted into a stream, thereby enabling commands to be executed on the remote host Answer: D Section: (none) Explanation/Reference:
QUESTION 29 Intruders are detected accessing an internal network The source IP (Internet Protocol) addresses originate from trusted networks. The most common type of attack in this scenario in A. B. C. D. social engineering TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking smurfing spoofing
QUESTION 30 A user wants to send e-mail and ensure that the message is not tampered with while in transit Which feature of modern cryptographic systems will facilitate this? A. B. C. D. confidentiality. authentication. integrity. non-repudiation.
Exam I QUESTION 1 What must be done to maximize the effectiveness of system logging? A. B. C. D. encrypt log flles rotate log files print and copy log files review and monitor log files
QUESTION 2 Turnstiles, double entry doors and security guards are all prevention measures for which type of social engineering? A. B. C. D. piggybacking looking over a co-workers shoulder to retrieve information looking through a co-workers trash to retrieve information impersonation
QUESTION 3 WTLS (Wireless Transport Layer Security) provides security services between a mobile device and a: A. B. C. D. WAP (Wireless Application Protocol) gateway. web server. wireless client. wireless network interface card.
QUESTION 4 When a potential hacker looks through trash, the most useful items or information that might be found include all except: A. an IP (Internet Protocol) address.
B. system configuration or network map. C. old passwords. D. system access requests. Answer: D Section: (none) Explanation/Reference:
QUESTION 5 A public key is a pervasive system whose services are implemented and delivered using public key technologies that include CAs (Certificate Authority), digital certificates, non-repudiation, and key history management. A. B. C. D. cryptography scheme. distribution authority. exchange. infrastructure.
QUESTION 6 In cryptographic operations, digital signatures can be used for which of the following systems? A. B. C. D. encryption. asymmetric key. symmetric and encryption. public and decryption.
QUESTION 7 Which of the following programs is able to distribute itself without using a host file? A. B. C. D. virus. Trojan horse. logic bomb. worm.
Answer: D
QUESTION 8 Digital signatures can be used for which of the following? A. B. C. D. availability. encryption. decryption. non-repudiation.
QUESTION 9 The basic strategy that should be used when configuring the rules for a secure firewall is: A. B. C. D. permit all. deny all. default permit. implicit deny
QUESTION 10 An employer gives an employee a laptop computer to use remotely. The user installs personal applications on the laptop and overwrites some system files. How might this have been prevented with minimal impact on corporate productivity? A. B. C. D. Users should not be given laptop computers in order to prevent this type of occurrence. The user should have received instructions as to what is allowed to be installed. The hard disk should have been made read only. Biometrics should have been used to authenticate the user before allowing software installation.
QUESTION 11 Which security method is in place when the administrator of a network enables access lists on the routers to disable all ports that are not used? A. B. C. D. MAC (Mandatory Access Control). DAC (Discretionary Access Control). RBAC (Role Based Access Control). SAC (Subjective Access Control).
QUESTION 12 Which of the following would NOT be considered a method for managing the administration of accessibility? A. B. C. D. DAC (Discretionary Access Control) list. SAC (Subjective Access Control) list. MAC (Mandatory Access Control) list. RBAC (Role Based Access Control) list.
QUESTION 13 Which of the following hash functions generates a 160-bit output? A. B. C. D. MD4 (Message Digest 4). MD5 (Message Digest5). UDES (Data Encryption Standard). SHA-1 (Secure Hashing Algorithm 1).
QUESTION 14 What is the first step before a wireless solution is implemented? A. ensure ad hoc mode is enabled on the access points. B. ensure that all users have strong passwords.
C. purchase only Wi-Fi (Wireless Fidelity) equipment. D. perform a thorough site survey. Answer: D Section: (none) Explanation/Reference:
QUESTION 15 Intrusion detection systems typically consist of two parts, a console and a A. B. C. D. sensor router processor firewall
QUESTION 16 Which of the following keys is contained in a digital certificate? A. B. C. D. public key. private key. hashing key. session key.
QUESTION 17 An attacker attempting to penetrate a companys network through its remote access system would most likely gain access through what method? A. B. C. D. war dialer. Trojan horse. DoS (Denial of Service). worm.
QUESTION 18 A companys web server is configured for the following services: HTTP (Hypertext Transfer Protocol), SSL (Secure Sockets Layer), FTP (Pile Transfer Protocol), SMTP (Simple Mail Transfer Protocol). The web server is placed into a DMZ (Demilitarized Zone). What are the standard ports on the firewall that must be opened to allow traffic to and from the server? A. B. C. D. 119,23,21,80. 443,119,21,1250. 80,443,21,25. 80,443,110,21.
QUESTION 19 An attacker manipulates what field of an IP (Internet Protocol) packet in an IP (Internet Protocol) spoofing attack? A. B. C. D. version field. source address field. source port field. destination address field.
QUESTION 20 Administrators currently use telnet to remotely manage several servers. Security policy dictates that passwords and administrative activities must not be communicated in clear text. Which of the following is the best alternative to using telnet? A. B. C. D. DES (Data Encryption Standard). S-Telnet. SSH (Secure Shell). PKI (Public Key Infrastructure).
QUESTION 21 How ma ny characters should the minimum length of a password be to deter dictionary password cracks? A. B. C. D. 6. 8. 10. 12.
QUESTION 22 A VPN (Virtual Private Network) using IPSec (Internet Protocol Security) in the tunnel mode will provide encryption for the: A. B. C. D. one time pad used in handshaking. payload and message header. hashing algorithm and all e- mail messages. message payload only.
QUESTION 23 A DoS (Denial of Service) attack which takes advantage of TCPs (Transmission Control Protocol) three way handshake for new connections is known as: A. B. C. D. SYN (Synchronize) flood. ping of death attack. land attack. buffer overflow attack.
QUESTION 24 The Bell La-Padula access control model consists of four elements. These elements are A. subjects, objects, access modes and security levels. B. subjects, objects, roles and groups.
C. read only, read/write, write only and read/write/delete. D. groups, roles, access modes and security levels. Answer: A Section: (none) Explanation/Reference:
QUESTION 25 How should a primary DNS (Domain Name Service) server be configured toprovide the best security against DoS (Denial of Service) and hackers? A. B. C. D. disable the DNS (Domain Name Service) cache function. disable application services other than DNS (Domain Name Service). disable the DNS (Domain Name Service) reverse lookup function. allow only encrypted zone transfer to a secondary DNS (Domain Name Service) server.
QUESTION 26 What type of security process will allow others to verify the originator of an e-mail message? A. B. C. D. authentication. integrity. non-repudiation. confidentiality.
QUESTION 27 Which of the following protocols is used by web servers to encrypt data? A. B. C. D. TCP/IP (transmission Control Protocol/Internet Protocol) ActiveX IPSec (Internet Protocol Security) SSL (Secure Sockets Layer)
QUESTION 28 Of the following, what is the primary attribute associated with e-mail hoaxes? A. B. C. D. E-mail hoaxes create unnecessary e-mail traffic and panic in non-technical users. E- mail hoaxes take up large amounts of server disk space. E-mail hoaxes can cause buffer overflows on the e-mail server. E- mail hoaxes can encourage malicious users.
QUESTION 29 Most certificates used for authentication are based on what standard? A. B. C. D. 1S019278 X.500 RFC 1205 X.509 v3
QUESTION 30 What type of security mechanism can be applied to modems to better authenticate remote users? A. B. C. D. firewalls encryption SSH (Secure Shell) callback
Exam J QUESTION 1 NAT (Network Address Translation) can be accomplished with which of the following? A. static and dynamic NAT (Network Address Translation) and PAT (Port Address Translation) B. static and hide NAT (Network Address Translation) C. static and hide NAT (Network Address Translation) and PAT (Port Address Translation) D. static, hide, and dynamic NAT (Network Address Translation) Answer: C Section: (none) Explanation/Reference:
QUESTION 2 In order for an SSL (Secure Sockets Layer) connection to be established between a web client and server automatically, the web client and server should have a(n): A. B. C. D. shared password certificate signed by a trusted root CA (Certificate Authority) address on the same subnet common operating system
QUESTION 3 Despite regular system backups a significant risk still exists if: A. B. C. D. recovery procedures are not tested all users do not log off while the backup is made backup media is moved to an off-site location an administrator notices a failure during the backup process
QUESTION 4 Malicious code is installed on a server that will e- mail system keystrokes stored in a text file to the author and delete system logs every five days or whenever a backup is performed. What type of program is this?
A. B. C. D.
virus. back door. logic bomb. worm.
QUESTION 5 The public key infrastructure model where certificates are issued and revoked via a CA (Certificate Authority) is what type of model? A. B. C. D. managed distributed centralized standard
QUESTION 6 The best reason to perform a business impact analysis as part of the business continuity planning process is to: A. test the veracity of data obtained from risk analysis B. obtain formal agreement on maximum tolerable downtime C. create the framework for designing tests to determine efficiency of business continuity plans D. satisfy documentation requirements of insurance companies covering risks of systems and data important for business continuity Answer: B Section: (none) Explanation/Reference:
QUESTION 7 A FEP (File Transfer Protocol) bounce attack is generally used to A. exploit a buffer overflow vulnerability on the FTP (File Transfer Protocol) server B. reboot the FTP (1sile Transfer Protocol) server C. store and distribute malicious code
D. establish a connection between the FTP (File Transfer Protocol) server and another computer Answer: D Section: (none) Explanation/Reference:
QUESTION 8 A security designer is planning the implementation of security mechanisms in a RBAC (Role Based Access Control) compliant system. The designer has determined that there are three types of resources in the system including files, printers, and mailboxes. The organization has four distinct departments with distinct functions including Sales, Marketing, Management, and Production. Each department needs access to different resources. Each user has a workstation. Which roles should be created to support the RBAC (Role Based Access Control) model? A. B. C. D. file, printer, and mailbox roles sales, marketing, management, and production roles user and workstation roles allow access and deny access roles
QUESTION 9 Malicious port scanning is a method of attack to determine which of the following? A. B. C. D. computer name the fingerprint of the operating system the physical cabling topology of a network user ID and passwords
QUESTION 10 What should be done to secure a DHCP (Dynamic Host Configuration Protocol) service? A. B. C. D. block ports 67 and 68 at the firewall. block port 53 at the firewall. block ports 25 and 26 at the firewall. block port ll0 at the firewall.
QUESTION 11 As a security administrator, what are the three categories of active responses relating to intrusion detection? A. collect additional information, maintain the environment, and take action against the intruder B. collect additional information, change the environment, and alert the manager C. collect additional information, change the environment, and take action against the intruder D. discard any additional information, change the environment, and take action against the intruder Answer: C Section: (none) Explanation/Reference:
QUESTION 12 What protocol should be used to prevent intruders from using access points on a wireless network? A. B. C. D. ESP (Encapsulating Security Payload) WEP (Wired Equivalent Privacy) TLS (Transport Layer Security) SSL (Secure Sockets Layer)
QUESTION 13 What is the main advantage SSL (Secure Sockets Layer) has over HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer)? A. SSL (Secure Sockets Layer) offers full application security for HTITP (Hypertext Transfer Protocol) while HITPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not. B. SSL (Secure Sockets Layer) supports additional application layer protocols such as FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol) while HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not. C. SSL (Secure Sockets Layer) and HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) are transparent to the application.
D. SSL (Secure Sockets Layer) supports user authentication and HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not. Answer: B Section: (none) Explanation/Reference:
QUESTION 14 During the digital signature process, hashing provides a means to verify what security requirement? A. B. C. D. non-repudiation. access control. . data integrity. authentication.
QUESTION 15 Which of the following often requires the most effort when securing a server due to lack of available documentation? A. B. C. D. hardening the OS (Operating System) configuring the network creating a proper security policy installing the latest hot fixes and patches
QUESTION 16 In order for User A to send User B an e- mail message that only User B can read, User A must encrypt the e-mail with which of the following keys? A. B. C. D. User Bs public key User Bs private key User As public key User As private key
QUESTION 17 What does the message recipient use with the hash value to verify a digital signature? A. B. C. D. signers private key receivers private key signers public key receivers public key
QUESTION 18 As it relates to digital certificates, SSLv3.0 (Secure Sockets Layer version 3.0) added which of the following key functionalities? The ability to; A. B. C. D. act as a CA (Certificate Authority). force client side authentication via digital certificates. use x.400 certificates. protect transmissions with 1024-bit symmetric encryption.
QUESTION 19 In responding to incidents such as security breaches, one of the most important steps taken is: A. B. C. D. encryption. authentication. containment. intrusion.
QUESTION 20 SSL (Secure Sockets Layer) is used for secure communications with:
A. B. C. D.
file and print servers. RADIUS (Remote Authentication Dial-in User Service) servers. AAA (Authentication, Authorization, and Administration) servers. web servers.
QUESTION 21 Which of the following statements is true about network based lDSs (Intrusion Detection System)? A. Network based lDSs (Intrusion Detection System) are never passive devices that listen on a network wire-without interfering with the normal operation of a network. B. Network based IDSs (Intrusion Detection System) are usually passive devices that listen on a network wire while interfering with the normal operation of a network. C. Network based lDSs (Intrusion Detection System) are usually intrusive devices that listen on a network wire while interfering with the normal operation of a network. D. Network based lDSs (Intrusion Detection System) are usually passive devices that listen on a network wire without interfering with the normal operation of a network. Answer: D Section: (none) Explanation/Reference:
QUESTION 22 What physical access control most adequately protects against physical piggybacking? A. B. C. D. man trap. security guard. CCTV (Closed-Circuit Television). biometrics.
QUESTION 23 Which of the following provides the strongest authentication? A. token
B. username and password C. biometrics D. one time password Answer: C Section: (none) Explanation/Reference:
QUESTION 24 What is the best method to secure a web browser? A. B. C. D. do not upgrade, as new versions tend to have more security flaws. disable any unused features of the web browser. connect to the Internet using only a VPN (Virtual Private Network) connection. implement a filtering policy for illegal, unknown and undesirable sites.
QUESTION 25 What is the primary DISADVANTAGE of a third party relay? A. B. C. D. Spammers can utilize the relay. The relay limits access to specific users. The relay restricts the types of e-mail that maybe sent. The relay restricts spammers from gaining access.
QUESTION 26 A network administrator wants to connect a network to the Internet but does not want to compromise internal network IP (Internet Protocol) addresses. What should the network administrator implement? A. B. C. D. a honey pot a NAT (Network Address Translation) a VPN (Virtual Private Network) a screened network
QUESTION 27 Which of the following methods may be used to exploit the clear text nature of an instant-Messaging session? A. B. C. D. packet sniffing. port scanning. . cryptanalysis. reverse engineering.
QUESTION 28 A user receives an e-mail from a colleague in another company. The e-mail message warns of a virus that may have been accidentally sent in the past, and warns the user to delete a specific file if it appears on the users computer. The user checks and has the file. What is the best next step for the user? A. B. C. D. Delete the file immediately. Delete the file immediately and copy the e-mail to all distribution lists. Report the contents of the message to the network administrator. Ignore the message. This is a virus hoax and no action is required.
QUESTION 29 When implementing Kerberos authentication, which of the following factors must be accounted for? A. Kerberos can be susceptible to man in the middle attacks to gain unauthorized access. B. Kerberos tickets can be spoofed using replay attacks to network resources. C. Kerberos requires a centrally managed database of all user and resource passwords. D. Kerberos uses clear text passwords. Answer: C Section: (none) Explanation/Reference:
QUESTION 30 Which of the following protocols is most similar to SSLv3 (Secure Sockets Layer version 3)? A. B. C. D. TLS (transport Layer Security). MPLS (Multi-Protocol Label Switching). SASL (Simple Authentication and Security Layer). MLS (Multi-Layer Switching).
Exam K QUESTION 1 A CRL (Certificate Revocation List) query that receives a response in near real time: A. B. C. D. indicates that high availability equipment is used. implies that a fault tolerant database is being used. does not guarantee that fresh data is being returned. indicates that the CA (Certificate Authority) is providing near real time updates.
QUESTION 2 Which of the following is a VPN (Virtual Private Network) tunneling protocol? A. B. C. D. AH (Authentication Header). SSH (Secure Shell). IPSec (Internet Protocol Security). DES (Data Encryption Standard).
QUESTION 3 What ports does FFP (File Transfer Protocol) use? A. B. C. D. 20 and 21. 25 and 110. 80 and 443. 161 and 162.
QUESTION 4 A decoy system that is designed to divert an attacker from accessing critical systems while collecting information about the attackers activity, and encouraging the attacker to stay on the system long enough for administrators to respond is known as: A. DMZ (Demilitarized Zone).
B. honey pot. C. intrusion detector. D. screened host. Answer: B Section: (none) Explanation/Reference:
QUESTION 5 What is the default transport layer protocol and port number that SSL (Secure Sockets Layer) uses? A. B. C. D. UDP (User Datagram Protocol) transport layer protocol and port 80 TCP (Transmission Control Protocol) transport layer protocol and port 80 TCP (Transmission Control Protocol) transport layer protocol and port 443 UDP (User Datagram Protocol) transport layer protocol and port 69
QUESTION 6 The greater the keyspace and complexity of a password, the longer a attack may take to crac k the password. A. B. C. D. dictionary brute force inference frontal
QUESTION 7 Which two protocols are VPN (Virtual Private Network) tunneling protocols? A. B. C. D. PPP (point-to-Point Protocol) and SLIP (Serial Line Internet Protocol). PPP (Point-to-Point Protocol) and PPTP (Point-to-Point Tunneling Protocol). L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol). SMIP (Simple Mail Transfer Protocol) and L2TP (Layer Two Tunneling Protocol).
Answer: C Section: (none)
QUESTION 8 An e- mail is received alerting the network administrator to the presence of a virus on the system if a specific executable file exists. What should be the first course of action? A. Investigate the e-mail as a possible hoax with a reputable anti-virus vendor. B. Immediately search for and delete the file if discovered. C. Broadcast a message to the entire organization to alert users to the presence of a virus. D. Locate and download a patch to repair the file. Answer: A Section: (none) Explanation/Reference:
QUESTION 9 A minor configuration change which can help secure DNS (Domain Name Service) information is: A. B. C. D. block all unnecessary traffic by using port filtering. prevent unauthorized zone transfers. require password changes every 30 days. change the default password.
QUESTION 10 What determines if a user is presented with a dialog box prior to downloading an AcliveX component? A. B. C. D. the users browser setting. the <script> meta tag. the condition of the sandbox. the negotiation between the client and the server.
QUESTION 11 ActiveX controls to prove where they originated. A. B. C. D. are encrypted. are stored on the web server. use SSL (Secure Sockets Layer). are digitally signed.
QUESTION 12 A virus that hides itself by intercepting disk access requests is: A. B. C. D. multipartite. stealth. interceptor. polymorphic.
QUESTION 13 Which of the following needs to be included in a SLA (Service Level Agreement) to ensure the availability of server based resources rather than guaranteed server performance levels? A. B. C. D. network hosting application security
QUESTION 14 When does CHAP (Challenge Handshake Authentication Protocol) perform the handshake process? A. when establishing a connection and at anytime after the connection is established. B. only when establishing a connection and disconnecting.
C. only when establishing a connection. D. only when disconnecting. Answer: A Section: (none) Explanation/Reference:
QUESTION 15 Part of a fire protection plan for a computer room should include: A. B. C. D. procedures for an emergency shutdown of equipment. a sprinkler system that exceeds local code requirements. the exclusive use of non-flammable materials within the room. the fireproof doors that can be easily opened if an alarm is sounded.
QUESTION 16 Which of the following is an HTIP (Hypertext Transfer Protocol) extension or mechanism used to retain connection data, user information, history of sites visited, and can be used by attackers for spoofing an on-line identity? A. B. C. D. HTTPS (Hypertext Transfer Protocol over SSL). cookies. HTTP (Hypertext Transfer Protocol)/l.0 Caching. vCard v3.0.
QUESTION 17 What should a firewall employ to ensure that each packet is part of an established TCP (Transmission Control Protocol) session? A. B. C. D. packet filter. stateless inspection. stateful like inspection. circuit level gateway.
QUESTION 18 Which of the following is most commonly used by an intruder to gain unauthorizedaccess to a system? A. B. C. D. brute force attack. key logging. Trojan horse. social engineering.
QUESTION 19 Management wants to track personnel who visit unauthorized web sites. What type of detection will this be? A. B. C. D. abusive detection. misuse detection. anomaly detection. site filtering.
QUESTION 20 Which of the following best describes TCP/IP (Transmission Control Protocol/Internet Protocol) session hijacking? A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allow a third party host to insert acceptable packets. B. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered allowing third party hosts to create new IF (Internet Protocol) addresses. C. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the server. D. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the client. Answer: A Section: (none) Explanation/Reference:
QUESTION 21 What is a common DISADVANTAGE of employing an IDS (Intrusion Detection System)? A. B. C. D. false positives. throughput decreases. compatibility. administration.
QUESTION 22 System administrators and hackers use what technique to review network traffic to determine what services are running? A. B. C. D. sniffer. IDS (Intrusion Detection System). firewall. router.
QUESTION 23 What is a good practice in deploying a CA (Certificate Authority)? A. B. C. D. enroll users for policy based certificates. create a CPS (Certificate Practice Statement). register the CA (Certificate Authority) with a subordinate CA (Certificate Authority). create a mirror CA (Certificate Authority) for fault tolerance.
QUESTION 24 Single servers are frequently the targets of attacks because they contain: A. application launch scripts.
B. security policy settings. C. credentials for many systems and users. D. master encryption keys. Answer: C Section: (none) Explanation/Reference:
QUESTION 25 Sensitive data traffic can be confined to workstations on a specific subnet using privilege policy based tables in as: A. B. C. D. router. server. modem. VPN (Virtual Private Network).
QUESTION 26 What is the most common goal of operating system logging? A. B. C. D. to determine the amount of time employees spend using various applications. to keep a record of system usage. to provide details of what systems have been compromised. to provide details of which systems are interconnected.
QUESTION 27 When a patch is released for a server the administrator should: A. B. C. D. immediately download and install the patch. test the patch on a non-production server then install the patch to production. not install the patch unless there is a current need. install the patch and then backup the production server.
QUESTION 28 An e- mail relay server is mainly used to: A. block all spam, which allows the e-mail system to function more efficiently without the additional load of spam. B. prevent viruses from entering the network. C. defend the primary e- mail server and limit the effects of any attack. D. eliminate e-mail vulnerabilities since all e- mail is passed through the relay first. Answer: C Section: (none) Explanation/Reference:
QUESTION 29 What network mapping tool uses ICMP (Internet Control Message Protocol)? A. B. C. D. port scanner. map scanner. ping scanner. share scanner.
QUESTION 30 Which of the following will let a security administrator allow only if ITP (Hypertext Transfer Protocol) traffic for outbound Internet connections and set permissions to allow only certain users to browse the web? A. B. C. D. packet filtering firewall. protocol analyzer. proxy server. stateful firewall.
Exam L QUESTION 1 The most common form of authentication is the use of: A. B. C. D. certificates. tokens. passwords. biometrics.
QUESTION 2 What are the three main components of a Kerberos server? A. B. C. D. authentication server, security database and privilege server. SAM (Sequential Access Method), security database and authentication server. application database, security database and system manager. authentication server, security database and system manager.
QUESTION 3 Which of the following IP (Internet Protocol) address schemes will require NAT (Network Address Translation) to connect to the Internet? A. B. C. D. 204.180.0.0/24 172.16.0.0/24 192.172.0.0/24 172.48.0.0/24
QUESTION 4 Which of the following is NOT a field of a X509 v.3 certificate? A. private key B. issuer
C. serial number D. subject Answer: A Section: (none) Explanation/Reference:
QUESTION 5 Servers or workstations running programs and utilities for recording probes and attacks against them are referred to as: A. B. C. D. firewalls. host based IDS (Intrusion Detection System). proxies active targets.
QUESTION 6 To reduce vulnerabilities on a web server, an administrator should adopt which preventative measure? A. B. C. D. use packet sniffing software on all inbound communications. apply the most recent manufacturer updates and patches to the server. enable auditing on the web server and periodically review the audit logs. block all DNS (Domain Naming Service) requests coming into the server.
QUESTION 7 When a cryptographic systems keys are no longer needed, the keys should be: A. B. C. D. destroyed or stored in a secure manner deleted from the systems storage mechanism recycled submitted to a key repository
QUESTION 8 Which of the following terms represents a MAC (Mandatory Access Control) model? A. B. C. D. Lattice Bell La-Padula BIBA Clark and Wilson
QUESTION 9 LDAP (Lightweight Directory Access Protocol) directories are arranged as: A. B. C. D. linked lists. trees. stacks. queues.
QUESTION 10 Which of the following is the greatest problem associated with Instant Messaging? A. B. C. D. widely deployed and difficult to control. created without security in mind. easily spoofed. created with file sharing enabled.
QUESTION 11 The term cold site refers to: A. a low temperature facility for long term storage of critical data B. a location to begin operations during disaster recovery
C. a facility seldom used for high performance equipment D. a location that is transparent to potential attackers Answer: B Section: (none) Explanation/Reference:
QUESTION 12 Sensitive material is currently displayed on a users monitor. What is the best course of action for the user before leaving the area? A. B. C. D. The user should leave the area. The monitor is at a personal desk so there is no risk. turn off the monitor wait for the screen saver to start refer to the company's policy on securing sensitive data
QUESTION 13 The theft of network passwords without the use of software tools is an example of: A. B. C. D. Trojan programs. social engineering. sniffing. hacking.
QUESTION 14 An alternate site configured with necessary system hardware, supporting infrastructure and an on site staff able to respond to an activation of a contingency plan 24 hours a day, 7 days a week is a: A. B. C. D. cold site. warm site. mirrored site. hot site.
QUESTION 15 Which type of password generator is based on challenge-response mechanisms? A. B. C. D. asynchronous synchronous cryptographic keys smart cards
QUESTION 16 Which of the following is a characteristic of MACs (Mandatory Access Control): A. B. C. D. use levels of security to classify users and data allow owners of documents to determine who has access to specific documents use access control lists which specify a list of authorized users use access control lists which specify a list of unauthorized users
QUESTION 17 S/MIME (Secure Multipurpose Internet Mail Extensions) is used to: A. B. C. D. encrypt user names and profiles to ensure privacy encrypt messages and files encrypt network sessions acting as a VPN (Virtual Private Network) client automatically encrypt all outbound messages
QUESTION 18 What are three characteristics of a computer virus? A. find mechanism, initiation mechanism and propagate B. learning mechanism, contamination mechanism and exploit
C. search mechanism, connection mechanism and integrate D. replication mechanism, activation mechanism and objective Answer: D Section: (none) Explanation/Reference:
QUESTION 19 Which of the following are tunneling protocols? A. IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), and SSL (Secure Sockets Layer) B. IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), and PPP (PointtoPoint Protocol) C. L2TP (Layer Two Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol), and SSL (Secure Sockets Layer) D. PPTP (Point-to-Point Tunneling Protocol), L2TP (Layer Two Tunneling Protocol), and IPSec (Internet Protocol Security) Answer: D Section: (none) Explanation/Reference:
QUESTION 20 What are TCP (Transmission Control Protocol) wrappers used for? A. B. C. D. preventing IP (Internet Protocol) spoofing controlling access to selected services encrypting TCP (Transmission Control Protocol) traffic sniffing TCP (transmission Control Protocol) traffic to troubleshoot
QUESTION 21 A user logs onto a workstation using a smart card containing a private key. The user is verified when the public key is successfully factored with the private key. What security service is being provided? A. B. C. D. authentication. confidentiality. integrity. non-repudiation.
QUESTION 22 What technical impact may occur due to the receipt of large quantifies of spam? A. B. C. D. DoS (Denial of Service). processor underutilization. reduction in hard drive space requirements. increased network throughput.
QUESTION 23 An administrator wants to set up a system for an internal network that will examine all packets for known attack signatures. What type of system will be set up? A. B. C. D. vulnerability scanner packet filter host based lDS (Intrusion Detection System) network based II)S (Intrusion Detection System)
QUESTION 24 A password management system designed to provide availability for a large number of users includes which of the following? A. B. C. D. self service password resets locally saved passwords multiple access methods synchronized passwords
QUESTION 25 What is a common type of attack on web servers? A. B. C. D. birthday. buffer overflow. spam. brute force.
QUESTION 26 While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. The pop-up window is a certificate which validates the identity of the plug-in developer. Which of the following best describes this type of certificate? A. B. C. D. software publisher certificate web certificate CA (Certificate Authority) certificate server certificate
QUESTION 27 What is the major reason that social engineering attacks succeed? A. B. C. D. strong passwords are not required lack of security awareness multiple logins are allowed audit logs are not monitored frequently
QUESTION 28 Which authentication protocol could be employed to encrypt passwords? A. PPTP (Point-to-Point Tunneling Protocol) B. SMTP (Simple Mail Transfer Protocol)
C. Kerberos D. CHAP (Challenge Handshake Authentication Protocol) Answer: D Section: (none) Explanation/Reference:
QUESTION 29 Which protocol is used to negotiate and provide authenticated keying material forsecurity associations in a protected manner? A. B. C. D. ISAKMP (Internet Security Association and Key Management Protocol) ESP (encapsulating Security Payload) 5511 (Secure Shell) SKEME (Secure Key Exchange Mechanism)
QUESTION 30 E- mail servers have a configuration choice which allows the relaying of messages from one e-mail server to another. An e- mail server should be configured to prevent e-mail relay because: A. B. C. D. untraceable, unwanted e-mail can be sent an attacker can gain access and take over the server confidential information in the servers e- mail boxes can be read using the relay the open relay can be used to gain control of nodes on additional networks
Exam M QUESTION 1 A mobile sales force requires remote connectivity in order to access shared files and e-mail on the corporate network. All employees in the sales department have laptops equipped with ethernet adapters. Some also have moderns. What is the best remote access solution to allow all sales employees to access the corporate network? A. B. C. D. ISDN (Integrated Services Digital Network) dial-up SSL (Secure Sockets Layer) VPN (Virtual Private Network)
QUESTION 2 Which of the following four critical functions of a VPN (Virtual Private Network) restricts users fro m using resources in a corporate network? A. B. C. D. access control authentication confidentiality data integrity
QUESTION 3 How are honey pots used to collect information? Honey pots collect: A. B. C. D. IP (Internet Protocol) addresses and identity of internal users data on the identity, access, and compromise methods used by the intruder. data regarding and the identity of servers within the network. IP (Internet Protocol) addresses and data of firewalls used within the network.
QUESTION 4 How must a firewall be configured to only allow employees within the company to download files from a FTP (File Transfer Protocol) server?
A. B. C. D.
open port 119 to all inbound connections. open port 119 to all outbound connections. open port 20/21 to all inbound connections. open port 20/21 to all outbound connections.
QUESTION 5 Tunneling is best described as the act of encapsulating: A. B. C. D. encrypted/secure IP packets inside of ordinary/non-secure IF packets. ordinary/non-secure IP packets inside of encrypted/secure IP packets. encrypted/secure IP packets inside of encrypted/non-secure IF packets. ordinary/secure IP packets inside of ordinary/non-secure IF packets.
QUESTION 6 Clients in Company A can view web sites that have been created for them, but CANNOT navigate in them. Why might the clients not be able to navigate in the sites? A. B. C. D. The sites have improper permissions assigned to them. The server is in a DMZ (Demilitarized Zone). The sites have IP (Internet Protocol) filtering enabled. The server has heavy traffic.
QUESTION 7 An acceptable use policy signed by an employee can be interpreted as an employees written for allowing an employer to search an employees workstation. A. B. C. D. refusal. policy. guideline. consent.
QUESTION 8 What protocol can be used to create a VPN (Virtual Private Network)? A. B. C. D. PPP (Point-to-Point Protocol). PPTP (Point-to-Point Tunneling Protocol). SLIP (Serial Line Internet Protocol). ESLIP (Encrypted Serial Line Internet Protocol).
QUESTION 9 The information that governs and associates users and groups to certain rights to use, read, write, modify, or execute objects on the system is called a(n): A. B. C. D. public key ring. ACL (Access Control List). digital signature. CRL (Certificate Revocation Lists).
QUESTION 10 A fundamental risk management assumption is, computers can NEVER be completely. A. B. C. D. secure until all vendor patches are installed. secure unless they have a variable password. secure. secure unless they have only one user.
QUESTION 11 An administrator is setting permissions on a file object in a network operating system which uses DAC (Discretionary Access Control). The ACL (Access Control List) of the file follows: Owner: User A: User B: Sales: Marketing: Other: Read, Write, Execute Read, Write, -, -, - (None) Read,-, -,Write, Read, Write, -
User "A" is the only owner of the file. User "B" is a member of the Sales group. What effective permissions does User "B" have on the flee with the above access list? A. B. C. D. User B has no permissions on the file. User B has read permissions on the file. User B has read and write permissions on the file. User B has read, write and execute permissions on the file.
QUESTION 12 A user who has accessed an information system with a valid user ID and password combination is considered a(n): A. B. C. D. manager user authenticated user security officer
QUESTION 13 Which security method should be impleme nted to allow secure access to a web page, regardless of the browser type or vendor? A. B. C. D. certificates with SSL (Secure Sockets Layer). integrated web with NOS (Network Operating System) security. SSL (Secure Sockets Layer) only. secure access to a web page is not possible.
Answer: A
QUESTION 14 The most common method of social engineering is: A. B. C. D. looking through users trash for information calling users and asking for information e-mailing users and asking for information e- mail
QUESTION 15 Why are unique user IDs critical in the review of audit trails? A. B. C. D. They CANNOT be easily altered. They establish individual accountability. They show which files were changed. They trigger corrective controls.
QUESTION 16 A police department has three types of employees: booking officers, investigators, and judges. Each group of employees is allowed different rights to files based on their need. The judges do not need access to the fingerprint database, the investigators need read access and the booking officers need read/write access. The booking officer would need no access to warrants, while an investigator would need read access and a judge would need read/write access. This is an example of: A. B. C. D. DAC (Discretionary Access Control) level access control. RBAC (Role Based Access Control) level access control. MAC (Mandatory Access Control) level access control. ACL (Access Control List) level access control.
QUESTION 17 The main purpose of digital certificates is to bind a A. B. C. D. public key to the identity of the signer and recipient private key to the identity of the signer and recipient public key to the entity that holds the corresponding private key private key to the entity that holds the corresponding public key
QUESTION 18 A perimeter router is configured with a restrictive ACL (Access Control List). Which transport layer protocols and ports must be allowed in order to support L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol) connections respectively, through the perimeter router? A. B. C. D. TCP (Transmission Control Protocol) port 635 and UDP (User Datagram Protocol) port 654 TCP (Transmission Control Protocol) port 749 and UDP (User Datagram Protocol) port 781 UDP (User Datagram Protocol) port 1701 and TCP (transmission Control Protocol) port 1723 TCP (Transmission Control Protocol) port 1812 and UDP (User Datagram Protocol) port 1813
QUESTION 19 Digital certificates can contain which of the following items: A. B. C. D. the CAs (Certificate Authority) private key. the certificate holders private key. the certificates revocation information. the certificates validity period.
QUESTION 20 The system administrator of the company has terminated employment unexpectedly. When the administrators user ID is deleted, the system suddenly begins deleting files. This is an example of what type of malicious code?
A. B. C. D.
logic bomb virus Trojan horse worm
QUESTION 21 A network administrator has just replaced a hub with a switch. When using software to sniff packets from the networks, the administrator notices conversations the administrators computer is having with servers on the network, but can no longer see conversations taking place between other network clients and servers. Given that the switch is functioning properly, what is the most likely cause of this? A. B. C. D. With the exception of broadcasts, switches do not forward traffic out all ports. The switch is setup with a VLAN (Virtual Local Area Network) utilizing all ports. The software used to sniff packets is not configured properly. The sniffers Ethernet card is malfunctioning.
QUESTION 22 Which encryption key is used to verify a digital signature? A. B. C. D. the signers public key. the signers private key. the recipient's public key. the recipient's private key.
QUESTION 23 NetBus and Back Orifice are each considered an example of a(n): A. virus. B. illicit server. C. spoofing tool.
D. allowable server. Answer: B Section: (none) Explanation/Reference:
QUESTION 24 Companies without an acceptable use policy may give their employees an expectation of A. B. C. D. intrusions audits privacy prosecution
QUESTION 25 Implementation of access control devices and technologies must fully reflect an organizations security position as contained in its: A. B. C. D. ACLs (Access Control List) access control matrixes information security policies internal control procedures
QUESTION 26 Searching through trash is used by an attacker to acquire data such as network diagrams, IP (Internet Protocol) address lists and: A. B. C. D. boot sectors. process lists. old passwords. virtual memory.
QUESTION 27 Discouraging employees from misusing company e- mail is best handled by: A. B. C. D. enforcing ACLs (Access Control List). creating a network security policy. implementing strong authentication. encrypting company e- mail messages.
QUESTION 28 Forging an IP (Internet Protocol) address to impersonate another machine is best defined as: A. B. C. D. TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking. IF (Internet Protocol) spoofing. man in the middle. replay.
QUESTION 29 When setting password rules, which of the following would LOWER the level of security of a network? A. Passwords must be greater than six characters and consist at least one non-alpha. B. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. C. Complex passwords that users CAN NOT remotely change are randomly generated by the administrator and given to users. D. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account. Answer: C Section: (none) Explanation/Reference:
QUESTION 30
A severed T1 line is most likely to be considered in planning. A. B. C. D. data recovery. off site storage. media destruction. incident response.
QUESTION 31 An organizations primary purpose in conducting risk analysis in dealing with computer security is: A. to identify vulnerabilities to the computer systems within the organization. B. to quantify the impact of potential threats in relation to the cost of lost businessfunctionality. C. to identify how much it will cost to implement counter measures. D. to delegate responsibility. Answer: B Section: (none) Explanation/Reference:
QUESTION 32 Which of the following most accurately describes a DMZ (Demilitarized Zone)? A. an application program with a state that authenticates the user and allows the user to be categorized based on privilege B. a network between a protected network and an external network in order to provide an additional layer of security C. the entire area between the network of origin and the destination network. D. an application that allows the user to remove any offensive of an attacker Answer: B Section: (none) Explanation/Reference:
QUESTION 33 SSL (Secure Sockets Layer) operates between which two layers of the OSI (Open Systems Interconnection) model? A. application and transport
B. transport and network C. network and data link D. data link and physical Answer: A Section: (none) Explanation/Reference:
QUESTION 34 What is a network administrator protecting against by ingress/egress filtering traffic as follows: Any packet coming into the network must not have a source address of the internal network. Any packet coming into the network must have a destination address from the internal network Any packet leaving the network must have a source address from the internal network. Any packet leaving the network must not have a destination address from the internal networks Any packet coming into the network or leaving the network must not have a source or destination address of a private address or an address listed in RFC19lS reserved space. A. B. C. D. SYN (Synchronize) flooding spoofing DoS (Denial of Service) attacks dictionary attacks
QUESTION 35 How must a firewall be configured to make sure that a company can communicate with other companies using SMTP (Simple Mail Transfer Protocol) e-mail? A. Open TCP (Transmission Control Protocol) port 110 to all inbound and outbound connections. B. Open UDP (User Datagram Protocol) port 110 to all inbound connections. C. Open UUP (User Datagram Protocol) port 25 to all inbound connections. D. Open TOP (Transmission Control Protocol) port 25 to all inbound and outbound connections. Answer: D Section: (none) Explanation/Reference:
QUESTION 36 A CPS (Certificate Practice Statement) is a legal document that describes a CAs (Certificate Authority):
A. B. C. D.
class level issuing process. copyright notice. procedures. asymmetric encryption schema.
QUESTION 37 Actively monitoring data streams in search of malicious code or behavior is an example of: A. B. C. D. load balancing. an Internet proxy. URL filtering. content inspection.
Answer: D Section: (none) Explanation/Reference: Explanation:
QUESTION 38 Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network? A. B. C. D. Firewall NIDS NIPS HIDS
Answer: B Section: (none) Explanation/Reference: Explanation:
QUESTION 39 The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffic on the network. Which of the following is the MOST likely cause? A. B. C. D. NIPS is blocking activities from those specific websites. NIDS is blocking activities from those specific websites. The firewall is blocking web activity. The router is denying all traffic from those sites.
Answer: A Section: (none) Explanation/Reference: Explanation:
QUESTION 40 Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text? A. B. C. D. Protocol analyzer Port scanner Vulnerability scanner Honeypot
QUESTION 41 Which of the following can a security administrator implement to help identify smurf attacks? A. B. C. D. Load balancer Spam filters NIDS Firewall
Answer: C Section: (none) Explanation/Reference: Explanation:
QUESTION 42 Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer? (Select TWO). A. B. C. D. E. MAC filtering Disabled SSID broadcast WPA2-Enterprise EAP-TLS WEP with 802.1x
Answer: AB Section: (none) Explanation/Reference: Explanation:
QUESTION 43 Which of the following functions is MOST likely performed by a web security gateway? A. B. C. D. Protocol analyzer Content filtering Spam filtering Flood guard
QUESTION 44 Which of the following devices is often used to cache and filter content? A. B. C. D. Proxies Firewall VPN Load balancer
QUESTION 45 In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access? (Select TWO). A. B. C. D. E. Subnetting NAT Firewall NAC VPN
Answer: CE Section: (none) Explanation/Reference: Explanation:
QUESTION 46 Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks? A. Load balancer
B. URL filter C. VPN concentrator D. Protocol analyzer Answer: A Section: (none) Explanation/Reference: Explanation:
QUESTION 47 An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement? A. B. C. D. Software based firewall Mandatory Access Control (MAC) VPN concentrator Web security gateway
QUESTION 48 Which of the following should be installed to prevent employees from receiving unsolicited emails? A. B. C. D. Pop-up blockers Virus definitions Spyware definitions Spam filters
QUESTION 49 Which of the following should a security administrator implement to prevent users from disrupting network connectivity, if a user connects both ends of a network cable to different switch ports? A. B. C. D. VLAN separation Access control Loop protection DMZ
Explanation/Reference: Explanation:
QUESTION 50 A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check? A. B. C. D. Anti-virus software ACLs Anti-spam software NIDS
QUESTION 51 Which of the following BEST describes the proper method and reason to implement port security? A. Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network. B. Apply a security control which ties specific networks to end-device IP addresses and prevents new devices from being connected to the network. C. Apply a security control which ties specific ports to end-device MAC addresses and prevents all devices from being connected to the network. D. Apply a security control which ties specific ports to end-device IP addresses and prevents mobile devices from being connected to the network. Answer: A Section: (none) Explanation/Reference: Explanation:
QUESTION 52 Which of the following would need to be configured correctly to allow remote access to the network? A. B. C. D. ACLs Kerberos Tokens Biometrics
QUESTION 53 By default, which of the following stops network traffic when the traffic is not identified in the firewall ruleset? A. B. C. D. Access control lists Explicit allow Explicit deny Implicit deny
QUESTION 54 Based on logs from file servers, remote access systems, and IDS, a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss, but the insider's lawyer insists the laptop cannot be identified. Which of the following would BEST be used to identify the specific computer used by the insider? A. B. C. D. IP address User profiles MAC address Computer name
QUESTION 55 Applying detailed instructions to manage the flow of network traffic at the edge of the network, including allowing or denying traffic based on port, protocol, address, or direction is an implementation of which of the following? A. B. C. D. Virtualization Port security IPSec Firewall rules
QUESTION 56 Which of the following is the default rule found in a corporate firewall's access control list?
A. B. C. D.
Anti-spoofing Permit all Multicast list Deny all
QUESTION 57 Which of the following is BEST used to prevent ARP poisoning attacks across a network? A. B. C. D. VLAN segregation IPSec IP filters Log analysis
QUESTION 58 A small company needs to invest in a new expensive database. The company's budget does not include the purchase of additional servers or personnel. Which of the following solutions would allow the small company to save money on hiring additional personnel and minimize the footprint in their current datacenter? A. B. C. D. Allow users to telecommute Setup a load balancer Infrastructure as a Service Software as a Service
QUESTION 59 Which of the following is MOST likely to be the last rule contained on any firewall? A. B. C. D. IP allow any any Implicit deny Separation of duties Time of day restrictions
Answer: B
Section: (none) Explanation/Reference: Explanation:
QUESTION 60 Which of the following cloud computing concepts is BEST described as providing an easy-to- configure OS and on-demand computing for customers? A. B. C. D. Platform as a Service Software as a Service Infrastructure as a Service Trusted OS as a Service
QUESTION 61 MAC filtering is a form of which of the following? A. B. C. D. Virtualization Network Access Control Virtual Private Networking Network Address Translation
QUESTION 62 Reviewing an access control list on a firewall reveals a Drop All statement at the end of the rules. Which of the following describes this form of access control? A. B. C. D. Discretionary Time of day restrictions Implicit deny Mandatory
QUESTION 63
An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server? A. B. C. D. Virtual servers require OS hardening but not patching or antivirus. Virtual servers have the same information security requirements as physical servers. Virtual servers inherit information security controls from the hypervisor. Virtual servers only require data security controls and do not require licenses.
QUESTION 64 Webmail is classified under which of the following cloud-based technologies? A. B. C. D. Demand Computing Infrastructure as a Service (IaaS) Software as a Service (SaaS) Platform as a Service (PaaS)
QUESTION 65 A security engineer is troubleshooting a server in the DMZ, which cannot be reached from the Internet or the internal network. All other servers on the DMZ are able to communicate with this server. Which of the following is the MOST likely cause? A. B. C. D. The server is configured to reject ICMP packets. The server is on the external zone and it is configured for DNS only. The server is missing the default gateway. The server is on the internal zone and it is configured for DHCP only.
QUESTION 66 Which of the following may cause a user, connected to a NAC-enabled network, to not be prompted for credentials? A. The user's PC is missing the authentication agent. B. The user's PC is not fully patched. C. The user's PC is not at the latest service pack.
D. The user's PC has out-of-date antivirus software. Answer: A Section: (none) Explanation/Reference: Explanation:
QUESTION 67 Which of the following would be implemented to allow access to services while segmenting access to the internal network? A. B. C. D. IPSec VPN NAT DMZ
QUESTION 68 A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this? A. B. C. D. Cloud computing VLAN Load balancer MAC filtering
QUESTION 69 Which of the following is a security control that is lost when using cloud computing? A. B. C. D. Logical control of the data Access to the application's administrative settings Administrative access to the data Physical control of the data
QUESTION 70 Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices? A. B. C. D. HTTPS SSH IPv4 ICMP
QUESTION 71 Which of the following uses TCP port 22 by default? A. B. C. D. SSL, SCP, and TFTP SSH, SCP, and SFTP HTTPS, SFTP, and TFTP TLS, TELNET, and SCP
QUESTION 72 Which of the following allows a security administrator to set device traps? A. B. C. D. SNMP TLS ICMP SSH
QUESTION 73 A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel? A. RTP B. SNMP
C. IPSec D. 802.1X Answer: C Section: (none) Explanation/Reference: Explanation:
QUESTION 74 Which of the following protocols would be the MOST secure method to transfer files from a host machine? A. B. C. D. SFTP WEP TFTP FTP
QUESTION 75 Which of the following port numbers is used for SCP, by default? A. B. C. D. 22 69 80 443
QUESTION 76 Which of the following is the MOST secure method of utilizing FTP? A. B. C. D. FTP active FTP passive SCP FTPS
QUESTION 77 Which of the following protocols can be implemented to monitor network devices? A. B. C. D. IPSec FTPS SFTP SNMP
QUESTION 78 Which of the following protocols would an administrator MOST likely use to monitor the parameters of network devices? A. B. C. D. SNMP NetBIOS ICMP SMTP
QUESTION 79 A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives no reply; however, the technician is able to telnet to that router. Which of the following is the MOST likely cause of the security administrator being unable to ping the router? A. B. C. D. The remote switch is turned off. The remote router has ICMP blocked. The remote router has IPSec blocked. The main office's router has ICMP blocked.
QUESTION 80 A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purpose?
A. B. C. D.
IPv6 ICMP IGMP IPv4
QUESTION 81 In which of the following locations would a forensic analyst look to find a hooked process? A. B. C. D. BIOS Slack space RAM Rootkit
QUESTION 82 Which of the following file transfer protocols is an extension of SSH? A. B. C. D. FTP TFTP SFTP FTPS
QUESTION 83 Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems? A. B. C. D. SSH SCP SFTP SNMP
QUESTION 84 The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likely occurring? A. B. C. D. The development team The development team The development team The development team is transferring data to test systems using FTP and TFTP. is transferring data to test systems using SCP and TELNET. is transferring data to test systems using SFTP and SCP. is transferring data to test systems using SSL and SFTP.
QUESTION 85 An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list? A. B. C. D. 445 1433 1501 3389
QUESTION 86 If a security administrator wants to TELNET into a router to make configuration changes, which of the following ports would need to be open by default? A. B. C. D. 23 135 161 3389
QUESTION 87 Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services? A. B. C. D. 21 25 110 143
QUESTION 88 A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal? A. B. C. D. Block port 23 on the L2 switch at each remote site. Block port 23 on the network firewall. Block port 25 on the L2 switch at each remote site. Block port 25 on the network firewall.
QUESTION 89 Which of the following are the default ports for HTTP and HTTPS protocols? (Select TWO). A. B. C. D. E. 21 80 135 443 445
Answer: BD Section: (none) Explanation/Reference: Explanation:
QUESTION 90 In an 802.11n network, which of the following provides the MOST secure method of both encryption and authorization? A. WEP with 802.1x
B. WPA Enterprise C. WPA2-PSK D. WPA with TKIP Answer: B Section: (none) Explanation/Reference: Explanation:
QUESTION 91 Isolation mode on an AP provides which of the following functionality types? A. B. C. D. Segmentation of each wireless user from other wireless users Disallows all users from communicating directly with the AP Hides the service set identifier Makes the router invisible to other routers
QUESTION 92 Which of the following is the BEST choice for encryption on a wireless network? A. B. C. D. WPA2-PSK AES WPA WEP
QUESTION 93 A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last month. Which of the following is MOST likely causing the disconnections? A. B. C. D. An attacker inside the company is performing a bluejacking attack on the user's laptop. Another user's Bluetooth device is causing interference with the Bluetooth on the laptop. The new access point was mis-configured and is interfering with another nearby access point. The attacker that breached the nearby company is in the parking lot implementing a war driving attack.
QUESTION 94 Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage? A. B. C. D. Encryption methods Power levels SSID Radio frequency
QUESTION 95 Which of the following protocols requires the use of a CA based authentication process? A. B. C. D. FTPS implicit FTPS explicit MD5 PEAP-TLS
QUESTION 96 When configuring multiple computers for RDP on the same wireless router, it may be necessary to do which of the following? A. B. C. D. Forward to different RDP listening ports. Turn off port forwarding for each computer. Enable DMZ for each computer. Enable AP isolation on the router.
QUESTION 97 A technician needs to limit the wireless signal from reaching outside of a building. Which of the following
actions should the technician take? A. B. C. D. Disable the SSID broadcast on the WAP Place the WAP antenna on the exterior wall of the building Decrease the power levels on the WAP Enable MAC filtering in the WAP
QUESTION 98 Which of the following will provide the HIGHEST level of wireless network security? A. B. C. D. WPA2 SSH SSID WEP
QUESTION 99 Which of the following facilitates computing for heavily utilized systems and networks? A. B. C. D. Remote access Provider cloud VPN concentrator Telephony
QUESTION 100 Risk can be managed in the following ways EXCEPT: A. B. C. D. mitigation. acceptance. elimination. transference.
Answer: C
QUESTION 101 A company that purchases insurance to reduce risk is an example of which of the following? A. B. C. D. Risk deterrence Risk acceptance Risk avoidance Risk transference
QUESTION 102 Which of the following is a best practice to identify fraud from an employee in a sensitive position? A. B. C. D. Acceptable usage policy Separation of duties False positives Mandatory vacations
QUESTION 103 A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control? A. B. C. D. Separation of duties Discretionary Mandatory vacation Least privilege
QUESTION 104 Instead of giving a security administrator full administrative rights on the network, the administrator is given
rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job description. Which of the following describes this form of access control? A. B. C. D. Mandatory vacation Least privilege Discretionary Job rotation
QUESTION 105 A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced? A. B. C. D. Privacy policy Human Resources policy Appropriate use policy Security policy
QUESTION 106 An administrator is updating firmware on routers throughout the company. Where should the administrator document this work? A. B. C. D. Event Viewer Router's System Log Change Management System Compliance Review System
QUESTION 107 Due to sensitive data concerns, a security administrator has enacted a policy preventing the use of flash drives. Additionally, which of the following can the administrator implement to reduce the risk of data leakage? A. Enact a policy that all work files are to be password protected. B. Enact a policy banning users from bringing in personal music devices.
C. Provide users with unencrypted storage devices that remain on-site. D. Disallow users from saving data to any network share. Answer: B Section: (none) Explanation/Reference: Explanation:
QUESTION 108 Performing routine security audits is a form of which of the following controls? A. B. C. D. Preventive Detective Protective Proactive
QUESTION 109 Which of the following is MOST commonly a part of routine system audits? A. B. C. D. Job rotation Business impact analysis User rights and permissions reviews Penetration testing
QUESTION 110 Which of the following is a method to prevent ad-hoc configuration mistakes? A. B. C. D. Implement an auditing strategy Implement an incident management strategy Implement a patch management strategy Implement a change management strategy
QUESTION 111 Which of the following should be reviewed periodically to ensure a server maintains the correct security configuration? A. B. C. D. NIDS configuration Firewall logs User rights Incident management
QUESTION 112 A security administrator finished taking a forensic image of a computer's memory. Which of the following should the administrator do to ensure image integrity? A. B. C. D. Run the image through AES128. Run the image through a symmetric encryption algorithm. Compress the image to a password protected archive. Run the image through SHA256.
QUESTION 113 Which of the following BEST explains the security benefit of a standardized server image? A. B. C. D. All current security updates for the operating system will have already been applied. Mandated security configurations have been made to the operating system. Anti-virus software will be installed and current. Operating system license use is easier to track.
QUESTION 114 Which of the following describes when forensic hashing should occur on a drive? A. After the imaging process and before the forensic image is captured B. Before the imaging process and then after the forensic image is created
C. After the imaging process and after the forensic image is captured D. Before and after the imaging process and then hash the forensic image Answer: D Section: (none) Explanation/Reference: Explanation:
QUESTION 115 Which of the following assists in identifying if a system was properly handled during transport? A. B. C. D. Take a device system image Review network traffic and logs Track man hours and incident expense Chain of custody
QUESTION 116 Which of the following describes the purpose of chain of custody as applied to forensic image retention? A. B. C. D. To provide proof the evidence has not been tampered with or modified To provide verification that the forensic examiner is qualified To provide documentation as to who has handled the evidence To provide a baseline reference
QUESTION 117 Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft? A. B. C. D. Password behaviors Clean desk policy Data handling Data disposal
QUESTION 118 Which of the following will educate employees about malicious attempts from an attacker to obtain bank account information? A. B. C. D. Password complexity requirements Phishing techniques Handling PII Tailgating techniques
QUESTION 119 Which of the following is a reason to perform user awareness and training? A. B. C. D. To enforce physical security requirements by staff To minimize the organizational risk posed by users To comply with law and vendor software best practices To identify the staff's personally owned electronic devices
QUESTION 120 Used in conjunction, which of the following are PII? (Select TWO). A. B. C. D. E. Marital status Favorite movie Pet's name Birthday Full name
Answer: DE Section: (none) Explanation/Reference: Explanation:
QUESTION 121 On-going annual awareness security training should be coupled with: A. succession planning.
B. implementation of security controls. C. user rights and permissions review. D. signing of a user agreement. Answer: D Section: (none) Explanation/Reference: Explanation:
QUESTION 122 Which of the following risks may result from improper use of social networking and P2P software? A. B. C. D. Shoulder surfing Denial of service Information disclosure Data loss prevention
QUESTION 123 Which of the following is the MAIN reason to require data labeling? A. B. C. D. To ensure that staff understands what data they are handling and processing To ensure that new viruses do not transfer to removable media To ensure that all media sanitization requirements are met To ensure that phishing attacks are identified and labeled properly
QUESTION 124 DRPs should contain which of the following? A. B. C. D. Hierarchical list of non-critical personnel Hierarchical list of critical systems Hierarchical access control lists Identification of single points of failure
Explanation:
QUESTION 125 Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts? A. B. C. D. Succession planning Remove single points of failure Risk management Business impact analysis
QUESTION 126 A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. Which of the following types of testing is being described? A. B. C. D. White box Gray box Black box Red teaming
QUESTION 127 Which of the following environmental controls would BEST be used to regulate cooling within a datacenter? A. B. C. D. Fire suppression Video monitoring EMI shielding Hot and cold aisles
QUESTION 128 Which of the following environmental variables reduces the potential for static discharges?
A. B. C. D.
EMI Temperature UPS Humidity
QUESTION 129 Which of the following should be considered when trying to prevent somebody from capturing network traffic? A. B. C. D. Video monitoring Hot aisles HVAC controls EMI shielding
QUESTION 130 With which of the following is RAID MOST concerned? A. B. C. D. Integrity Confidentiality Availability Baselining
QUESTION 131 Which of the following reduces the likelihood of a single point of failure when a server fails? A. B. C. D. Clustering Virtualization RAID Cold site
QUESTION 132 Which of the following is the BEST way to secure data for the purpose of retention? A. B. C. D. Off-site backup RAID 5 on-site backup On-site clustering Virtualization
QUESTION 133 A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability? (Select TWO). A. B. C. D. E. Hardware RAID 5 Load sharing Server clustering Software RAID 1 Load balancing
Answer: AD Section: (none) Explanation/Reference: Explanation:
QUESTION 134 A security administrator is in charge of a datacenter, a hot site and a cold site. Due to a recent disaster, the administrator needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensure is in place for a cold site? A. B. C. D. Location with all required equipment loaded with all current patches and updates Location with duplicate systems found in the datacenter Location near the datacenter that meets power requirements Location that meets power and connectivity requirements
QUESTION 135 A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is an example of which of the following? A. B. C. D. Fault tolerance Continuity of operations Succession planning Data handling error
QUESTION 136 In order to ensure high availability of all critical servers, backups of the main datacenter are done in the middle of the night and then the backup tapes are taken to an offsite location. Which of the following would ensure the minimal amount of downtime in the case of a disaster? A. B. C. D. Having the offsite location of tapes also be the standby server Having the offsite location of tapes also be the warm site Having the offsite location of tapes also be the cold site Having the offsite location of tapes also be the hot site
QUESTION 137 Which of the following concepts ensures that the data is only viewable to authorized users? A. B. C. D. Availability Biometrics Integrity Confidentiality
QUESTION 138 A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the datacenter. Which of the following are being addressed? (Select TWO). A. Integrity B. Recovery
C. Clustering D. Confidentiality E. Availability Answer: DE Section: (none) Explanation/Reference: Explanation:
QUESTION 139 A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised? A. B. C. D. Authenticity Integrity Availability Confidentiality
QUESTION 140 A user downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware? A. B. C. D. Logic bomb Worm Trojan Adware
QUESTION 141 While browsing the Internet, an administrator notices their browser behaves erratically, appears to download something, and then crashes. Upon restarting the PC, the administrator notices performance is extremely slow and there are hundreds of outbound connections to various websites. Which of the following BEST describes what has occurred? A. B. C. D. The PC has become part of a botnet. The PC has become infected with spyware. The PC has become a spam host. The PC has become infected with adware.
QUESTION 142 Which of the following malware types is an antivirus scanner MOST unlikely to discover? (Select TWO). A. B. C. D. E. Trojan Pharming Worms Virus Logic bomb
Answer: BE Section: (none) Explanation/Reference: Explanation:
QUESTION 143 Which of the following is the primary difference between a virus and a worm? A. B. C. D. A worm is undetectable A virus is typically larger A virus is easily removed A worm is self-replicating
QUESTION 144 Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control server. If the computer is powered off, which of the following data types will be unavailable for later investigation? A. B. C. D. Swap files, system processes, and master boot record Memory, temporary file system, and archival storage System disk, email, and log files Memory, network processes, and system processes
QUESTION 145 Upon investigation, an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following? A. B. C. D. Trojan Virus Logic bomb Rootkit
QUESTION 146 Which of the following is the MOST likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network? A. B. C. D. Worm Spyware Botnet Rootkit
QUESTION 147 Which of the following malware types is MOST commonly installed through the use of thumb drives to compromise systems and provide unauthorized access? A. B. C. D. Trojans Botnets Adware Logic bomb
QUESTION 148 A system administrator could have a user level account and an administrator account to prevent: A. password sharing.
B. escalation of privileges. C. implicit deny. D. administrative account lockout. Answer: B Section: (none) Explanation/Reference: Explanation:
QUESTION 149 When examining HTTP server logs the security administrator notices that the company's online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack? A. B. C. D. Spim DDoS Spoofing DoS
QUESTION 150 Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch? A. B. C. D. ARP poisoning MAC spoofing pWWN spoofing DNS poisoning
QUESTION 151 Which of the following threats corresponds with an attacker targeting specific employees of a company? A. B. C. D. Spear phishing Phishing Pharming Man-in-the-middle
Answer: A
QUESTION 152 A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank's privacy policy, security policy and requests that the user clearly state their name, birthday and enter the banking details to validate the user's identity. Which of the following BEST describes this type of attack? A. B. C. D. Phishing Spoofing Vishing Pharming
QUESTION 153 Which of the following is a technique designed to obtain information from a specific person? A. B. C. D. Smurf attack Spear phishing DNS poisoning Pharming
QUESTION 154 Which of the following is another name for a malicious attacker? A. B. C. D. Black hat White hat Penetration tester Fuzzer
QUESTION 155 Which of the following logical controls does a flood guard protect against? A. B. C. D. Spanning tree Xmas attacks Botnet attack SYN attacks
QUESTION 156 Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code? A. B. C. D. Spoofing Man-in-the-middle Spear phishing DoS
QUESTION 157 A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following? A. B. C. D. Whaling Bluesnarfing Vishing Dumpster diving
QUESTION 158 The security administrator implemented privacy screens, password protected screen savers, and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate? (Select TWO). A. Whaling B. Dumpster diving
C. Shoulder surfing D. Tailgating E. Impersonation Answer: BC Section: (none) Explanation/Reference: Explanation:
QUESTION 159 Which of the following security threats does shredding mitigate? A. B. C. D. Shoulder surfing Document retention Tailgating Dumpster diving
QUESTION 160 Which of the following attacks would password masking help mitigate? A. B. C. D. Shoulder surfing Brute force Tailgating Impersonation
QUESTION 161 Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials? A. B. C. D. Evil twin Tailgating Impersonation Shoulder surfing
QUESTION 162 Which of the following is specific to a buffer overflow attack? A. B. C. D. Memory addressing Directory traversal Initial vector Session cookies
QUESTION 163 Which of the following wireless attacks uses a counterfeit base station with the same SSID name as a nearby intended wireless network? A. B. C. D. War driving Evil twin Rogue access point War chalking
QUESTION 164 Data can potentially be stolen from a disk encrypted, screen-lock protected, smartphone by which of the following? A. B. C. D. Bluesnarfing IV attack Honeynet SIM cloning
QUESTION 165 Which of the following is an unauthorized wireless router that allows access to a secure network?
A. B. C. D.
Interference War driving Evil twin Rogue access point
QUESTION 166 A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring? A. B. C. D. Interference Rogue access points IV attack Bluejacking
QUESTION 167 Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods? A. B. C. D. Rogue APs War driving Packet analysis RF interference
QUESTION 168 A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack? A. B. C. D. Evil twin Vishing War driving Bluesnarfing
QUESTION 169 A programmer allocates 16 bytes for a string variable, but does not adequately ensure that more than 16 bytes cannot be copied into the variable. This program may be vulnerable to which of the following attacks? A. B. C. D. Buffer overflow Cross-site scripting Session hijacking Directory traversal
QUESTION 170 Which of the following MUST a programmer implement to prevent cross-site scripting? A. B. C. D. Validate input to remove shell scripts Validate input to remove hypertext Validate input to remove batch files Validate input to remove Java bit code
QUESTION 171 Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags? A. B. C. D. LDAP injection SQL injection Error and exception handling Cross-site scripting
QUESTION 172 During the analysis of malicious code, a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following? A. B. C. D. Buffer overflow XML injection SQL injection Distributed denial of service
QUESTION 173 Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email? A. B. C. D. Exception handling Adware Cross-site request forgery Cross-site scripting
QUESTION 174 A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action? A. B. C. D. Change the server's SSL key and add the previous key to the CRL. Install a host-based firewall. Install missing security updates for the operating system. Add input validation to forms.
QUESTION 175 An application log shows that the text "test; rm -rf /etc/passwd" was entered into an HTML form. Which of the following describes the type of attack that was attempted? A. Session hijacking B. Command injection
C. Buffer overflow D. SQL injection Answer: B Section: (none) Explanation/Reference: Explanation:
QUESTION 176 Which of the following is MOST relevant to a buffer overflow attack? A. B. C. D. Sequence numbers Set flags IV length NOOP instructions
QUESTION 177 The detection of a NOOP sled is an indication of which of the following attacks? A. B. C. D. SQL injection Buffer overflow Cross-site scripting Directory transversal
QUESTION 178 Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred? A. B. C. D. Spam filter IDS Firewall Malware inspection
QUESTION 179 Which of the following should be enabled to ensure only certain wireless clients can access the network? A. B. C. D. DHCP SSID broadcast MAC filtering AP isolation
QUESTION 180 Which of the following BEST describes an intrusion prevention system? A. B. C. D. A system A system A system A system that stops an attack in progress. that allows an attack to be identified. that logs the attack for later analysis. that serves as a honeypot.
QUESTION 181 Which of the following is a best practice when securing a switch from physical access? A. B. C. D. Disable unnecessary accounts Print baseline configuration Enable access lists Disable unused ports
QUESTION 182 Which of the following can prevent an unauthorized employee from entering a datacenter? (Select TWO). A. Failsafe B. Video surveillance C. Bollards
D. Security guard E. Proximity reader Answer: DE Section: (none) Explanation/Reference: Explanation:
QUESTION 183 Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system? A. B. C. D. System System System System A fails open. System B fails closed. A and System B both fail closed. A and System B both fail open. A fails closed. System B fails open.
QUESTION 184 Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implemented to prevent this security concern? A. B. C. D. Proximity readers Mantraps Video surveillance Biometric keypad
QUESTION 185 A visitor plugs their laptop into the network and receives a warning about their antivirus being out- of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is the MOST likely cause? A. The IDS detected that the visitor's laptop did not have the right patches and updates so the IDS blocked access to the network. B. The security posture is disabled on the network but remediation must take place before access is given to the visitor on that laptop. C. The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.
D. The IPS detected that the visitor's laptop did not have the right patches and updates so it prevented its access to the network. Answer: C Section: (none) Explanation/Reference: Explanation:
QUESTION 186 Which of the following is a detective security control? A. B. C. D. CCTV Firewall Design reviews Bollards
QUESTION 187 Which of the following identifies some of the running services on a system? A. B. C. D. Determine open ports Review baseline reporting Review honeypot logs Risk calculation
QUESTION 188 A security administrator is tasked with revoking the access of a terminated employee. Which of the following account policies MUST be enacted to ensure the employee no longer has access to the network? A. B. C. D. Account disablement Account lockout Password recovery Password expiration
QUESTION 189 A company needs to be able to prevent entry, at all times, to a highly sensitive area inside a public building. In order to ensure the BEST type of physical security, which of the following should be implemented? A. B. C. D. Intercom system Video surveillance Nightly guards Mantrap
QUESTION 190 Which of the following would provide the MOST reliable proof that a datacenter was accessed at a certain time of day? A. B. C. D. Video surveillance Security log Entry log Proximity readers
QUESTION 191 Which of the following should be performed on a computer to protect the operating system from malicious software? (Select TWO). A. B. C. D. E. Disable unused services Update NIDS signatures Update HIPS signatures Disable DEP settings Install a perimeter firewall
Answer: AC Section: (none) Explanation/Reference: Explanation:
QUESTION 192 A new enterprise solution is currently being evaluated due to its potential to increase the company's profit margins. The security administrator has been asked to review its security implications. While evaluating the
product, various vulnerability scans were performed. It was determined that the product is not a threat but has the potential to introduce additional vulnerabilities. Which of the following assessment types should the security administrator also take into consideration while evaluating this product? A. B. C. D. Threat assessment Vulnerability assessment Code assessment Risk assessment
QUESTION 193 Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment? A. B. C. D. Document scan results for the change control board. Organize data based on severity and asset value. Examine the vulnerability data using a network analyzer. Update antivirus signatures and apply patches.
QUESTION 194 Which of the following is used when performing a quantitative risk analysis? A. B. C. D. Focus groups Asset value Surveys Best practice
QUESTION 195 Which of the following describes a passive attempt to identify weaknesses? A. Vulnerability scanning B. Zero day attack C. Port scanning
D. Penetration testing Answer: A Section: (none) Explanation/Reference: Explanation:
QUESTION 196 An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application's security posture? A. B. C. D. Baseline reporting Protocol analysis Threat modeling Functional testing
QUESTION 197 An administrator identifies a security issue on the corporate web server, but does not attempt to exploit it. Which of the following describes what the administrator has done? A. B. C. D. Vulnerability scan Penetration test Social engineering Risk mitigation
QUESTION 198 The server log shows 25 SSH login sessions per hour. However, it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior? A. B. C. D. Change management Code review Baseline reporting Security policy
QUESTION 199 Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems, the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to identify the issue? A. B. C. D. Hardware baseline review Vulnerability scan Data integrity check Penetration testing
QUESTION 200 Which of the following is used when performing a qualitative risk analysis? A. B. C. D. Exploit probability Judgment Threat frequency Asset value
QUESTION 201 Upper management decides which risk to mitigate based on cost. This is an example of: A. B. C. D. qualitative risk assessment. business impact analysis. risk management framework. quantitative risk assessment.
QUESTION 202 A security administrator wants to know which systems are more susceptible to an attack compared to other systems on the network. Which of the following assessment tools would be MOST effective?
A. B. C. D.
Network design review Vulnerability scanner Baseline review Port scanner
QUESTION 203 Which of the following is a management control type? A. B. C. D. Vulnerability scanning Least privilege implementation Baseline configuration development Session locks
QUESTION 204 Which of the following devices would allow a technician to view IP headers on a data packet? A. B. C. D. NIDS Protocol analyzer VPN switch Firewall
QUESTION 205 Which of the following penetration testing types is performed by security professionals with limited inside knowledge of the network? A. B. C. D. Passive vulnerability scan Gray box White box Black box
Answer: B
QUESTION 206 Which of the following is a reason to perform a penetration test? A. B. C. D. To passively test security controls within the enterprise To provide training to white hat attackers To identify all vulnerabilities and weaknesses within the enterprise To determine the impact of a threat against the enterprise
QUESTION 207 Penetration testing should only be used during controlled conditions with express consent of the system owner because: A. B. C. D. white box penetration testing cannot identify zero day exploits. vulnerability scanners can cause massive network flooding during risk assessments. penetration testing passively tests policy controls and can identify vulnerabilities. penetration testing actively tests security controls and can cause system instability.
QUESTION 208 Which of the following security practices should occur initially in software development? A. B. C. D. Secure code review Patch management Fuzzing Penetration tests
QUESTION 209 A penetration test shows that almost all database servers were able to be compromised through a default
database user account with the default password. Which of the following is MOST likely missing from the operational procedures? A. B. C. D. Application hardening OS hardening Application patch management SQL injection
QUESTION 210 Which of the following is an example of verifying new software changes on a test system? A. B. C. D. User access control Patch management Intrusion prevention Application hardening
QUESTION 211 Which of the following allows an attacker to identify vulnerabilities within a closed source software application? A. B. C. D. Fuzzing Compiling Code reviews Vulnerability scanning
QUESTION 212 Which of the following would an administrator do to ensure that an application is secure and all unnecessary services are disabled? A. B. C. D. Baselining Application hardening Secure application coding Patch management
QUESTION 213 A security administrator ensures that certain characters and commands entered on a web server are not interpreted as legitimate data and not passed on to backend servers. This is an example of which of the following? A. B. C. D. Error and exception handling Input validation Determining attack surface Data execution prevention
QUESTION 214 A business-critical application will be installed on an Internet facing server. Which of the following is the BEST security control that should be performed in conjunction with updating the application to the MOST current version? A. B. C. D. The firewall should be configured to allow the application to auto-update. The firewall should be configured to prevent the application from auto-updating. A port scan should be run against the application's server. Vendor-provided hardening documentation should be reviewed and applied.
QUESTION 215 Which of the following has a programmer MOST likely failed to consider if a user entering improper input is able to crash a program? A. B. C. D. SDLM CRC Data formatting Error handling
QUESTION 216 Which of the following is the MOST efficient way to combat operating system vulnerabilities? A. B. C. D. Anti-spam Locking cabinets Screen locks Patch management
QUESTION 217 Which of the following is a hardening step of an application during the SDLC? A. B. C. D. Disabling unnecessary accounts Application patch management schedule Secure coding concepts Disabling unnecessary services
QUESTION 218 Which of the following is the BEST way to mitigate data loss if a portable device is compromised? A. B. C. D. Full disk encryption Common access card Strong password complexity Biometric authentication
QUESTION 219 Which of the following should be performed if a smartphone is lost to ensure no data can be retrieved from it? A. Device encryption B. Remote wipe
C. Screen lock D. GPS tracking Answer: B Section: (none) Explanation/Reference: Explanation:
QUESTION 220 Several classified mobile devices have been stolen. Which of the following would BEST reduce the data leakage threat? A. B. C. D. Use GPS tracking to find the devices. Use stronger encryption algorithms. Immediately inform local law enforcement. Remotely sanitize the devices.
QUESTION 221 Which of the following should be used to help prevent device theft of unused assets? A. B. C. D. HSM device Locking cabinet Device encryption GPS tracking
QUESTION 222 Which of the following devices would be installed on a single computer to prevent intrusion? A. B. C. D. Host intrusion detection Network firewall Host-based firewall VPN concentrator
QUESTION 223 A security administrator has been receiving support tickets for unwanted windows appearing on user's workstations. Which of the following can the administrator implement to help prevent this from happening? A. B. C. D. Pop-up blockers Screen locks Host-based firewalls Antivirus
QUESTION 224 Which of the following would an administrator apply to mobile devices to BEST ensure the confidentiality of data? A. B. C. D. Screen locks Device encryption Remote sanitization Antivirus software
QUESTION 225 Which of the following is a security vulnerability that can be disabled for mobile device users? A. B. C. D. Group policy Remote wipe GPS tracking Pop-up blockers
QUESTION 226 Which of the following software should a security administrator implement if several users are stating that they are receiving unwanted email containing advertisements? A. Host-based firewalls
B. Anti-spyware C. Anti-spam D. Anti-virus Answer: C Section: (none) Explanation/Reference: Explanation:
QUESTION 227 An employee stores their list of passwords in a spreadsheet on their local desktop hard drive. Which of the following encryption types would protect this information from disclosure if lost or stolen? A. B. C. D. Database Removable media File and folder level Mobile device
QUESTION 228 A company has remote workers with laptops that house sensitive data. Which of the following can be implemented to recover the laptops if they are lost? A. B. C. D. GPS tracking Whole disk encryption Remote sanitation NIDS
QUESTION 229 When decommissioning old hard drives, which of the following is the FIRST thing a security engineer should do? A. B. C. D. Perform bit level erasure or overwrite Flash the hard drive firmware Format the drive with NTFS Use a waste disposal facility
Answer: A
QUESTION 230 Which of the following devices provides storage for RSA or asymmetric keys and may assist in user authentication? (Select TWO). A. B. C. D. E. Trusted platform module Hardware security module Facial recognition scanner Full disk encryption Encrypted USB
Answer: AB Section: (none) Explanation/Reference: Explanation:
QUESTION 231 Which of the following is true about hardware encryption? (Select TWO). A. B. C. D. E. It must use elliptical curve encryption. It requires a HSM file system. It only works when data is not highly fragmented. It is faster than software encryption. It is available on computers using TPM.
QUESTION 232 Which of the following BEST describes the function of TPM? A. B. C. D. High speed secure removable storage device Third party certificate trust authority Hardware chip that stores encryption keys A trusted OS model
QUESTION 233 Which of the following is MOST likely to result in data loss? A. B. C. D. Accounting transferring confidential staff details via SFTP to the payroll department. Back office staff accessing and updating details on the mainframe via SSH. Encrypted backup tapes left unattended at reception for offsite storage. Developers copying data from production to the test environments via a USB stick.
QUESTION 234 A security administrator is implementing a solution that can integrate with an existing server and provide encryption capabilities. Which of the following would meet this requirement? A. B. C. D. Mobile device encryption Full disk encryption TPM HSM
QUESTION 235 Which of the following are the BEST reasons to use an HSM? (Select TWO). A. B. C. D. E. Encrypt the CPU L2 cache Recover keys Generate keys Transfer keys to the CPU Store keys
Answer: CE Section: (none) Explanation/Reference: Explanation:
QUESTION 236 A company needs to reduce the risk of employees emailing confidential data outside of the company. Which of the following describes an applicable security control to mitigate this threat? A. Install a network-based DLP device B. Prevent the use of USB drives
C. Implement transport encryption D. Configure the firewall to block port 110 Answer: A Section: (none) Explanation/Reference: Explanation:
QUESTION 237 Which of the following can cause hardware based drive encryption to see slower deployment? A. B. C. D. A lack of management software USB removable drive encryption Role/rule-based access control Multifactor authentication with smart cards
QUESTION 238 Which of the following is the MOST secure way of storing keys or digital certificates used for decryption/ encryption of SSL sessions? A. B. C. D. Database HSM Key escrow Hard drive
QUESTION 239 Which of the following is a removable device that may be used to encrypt in a high availability clustered environment? A. B. C. D. Cloud computer HSM Biometrics TPM
Explanation:
QUESTION 240 A security administrator is implementing a solution that encrypts an employee's newly purchased laptop but does not require the company to purchase additional hardware or software. Which of the following could be used to meet this requirement? A. B. C. D. Mobile device encryption HSM TPM USB encryption
QUESTION 241 During incident response, which of the following procedures would identify evidence tampering by outside entities? A. B. C. D. Hard drive hashing Annualized loss expectancy Developing audit logs Tracking man hours and incident expenses
QUESTION 242 Which of the following protocols only encrypts password packets from client to server? A. B. C. D. XTACACS TACACS RADIUS TACACS+
QUESTION 243 Which of the following methods of access, authentication, and authorization is the MOST secure by default?
A. B. C. D.
Kerberos TACACS RADIUS LDAP
QUESTION 244 Which of the following uses tickets to identify users to the network? A. B. C. D. RADIUS LDAP TACACS+ Kerberos
QUESTION 245 A purpose of LDAP authentication services is: A. B. C. D. to implement mandatory access controls. a single point of user management. to prevent multifactor authentication. to issue one-time hashed passwords.
QUESTION 246 When granting access, which of the following protocols uses multiple-challenge responses for authentication, authorization and audit? A. B. C. D. TACACS TACACS+ LDAP RADIUS
QUESTION 247 A security administrator is setting up a corporate wireless network using WPA2 with CCMP but does not want to use PSK for authentication. Which of the following could be used to support 802.1x authentication? A. B. C. D. LDAP RADIUS Kerberos Smart card
QUESTION 248 Which of the following authentication services would be used to authenticate users trying to access a network device? A. B. C. D. SSH SNMPv3 TACACS+ TELNET
QUESTION 249 Which of the following requires special handling and explicit policies for data retention and data distribution? A. B. C. D. Personally identifiable information Phishing attacks Zero day exploits Personal electronic devices
QUESTION 250 Centrally authenticating multiple systems and applications against a federated user database is an example of:
A. B. C. D.
smart card. common access card. single sign-on. access control list.
QUESTION 251 A Human Resource manager is assigning access to users in their specific department performing the same job function. This is an example of: A. B. C. D. role-based access control. rule-based access control. centralized access control. mandatory access control.
QUESTION 252 The security administrator often observes that an employee who entered the datacenter does not match the owner of the PIN that was entered into the keypad. Which of the following would BEST prevent this situation? A. B. C. D. Multifactor authentication Username and password Mandatory access control Biometrics
QUESTION 253 Which of the following allows a user to have a one-time password? A. B. C. D. Biometrics SSO PIV Tokens
QUESTION 254 Which of the following is a technical control? A. B. C. D. System security categorization requirement Baseline configuration development Contingency planning Least privilege implementation
QUESTION 255 A security administrator wants to prevent users in sales from accessing their servers after 6:00 A. m., and prevent them from accessing accounting's network at all times. Which of the following should the administrator implement to accomplish these goals? (Select TWO). B. Separation of duties C. Time of day restrictions D. Access control lists E. Mandatory access control F. Single sign-on Answer: BC Section: (none) Explanation/Reference: Explanation:
QUESTION 256 A thumbprint scanner is used to test which of the following aspects of human authentication? A. B. C. D. Something a user did Something a user has Something a user is Something a user knows
QUESTION 257 A security administrator with full administrative rights on the network is forced to change roles on a quarterly basis with another security administrator. Which of the following describes this form of access control? A. B. C. D. Job rotation Separation of duties Mandatory vacation Least privilege
QUESTION 258 In order to access the network, an employee must swipe their finger on a device. Which of the following describes this form of authentication? A. B. C. D. Single sign-on Multifactor Biometrics Tokens
QUESTION 259 A proximity card reader is used to test which of the following aspects of human authentication? A. B. C. D. Something a user knows Something a user is Something a user did Something a user has
QUESTION 260 Which of the following would be considered multifactor authentication? A. Pin number and a smart card B. ACL entry and a pin number
C. Username and password D. Common access card Answer: A Section: (none) Explanation/Reference: Explanation:
QUESTION 261 Which of the following is a form of photo identification used to gain access into a secure location? A. B. C. D. Token CAC DAC Biometrics
QUESTION 262 Which of the following is a trusted OS implementation used to prevent malicious or suspicious code from executing on Linux and UNIX platforms? A. B. C. D. SELinux vmlinuz System File Checker (SFC) Tripwire
QUESTION 263 Which of the following is an example of allowing a user to perform a self-service password reset? A. B. C. D. Password length Password recovery Password complexity Password expiration
QUESTION 264 Which of the following is an example of requiring users to have a password of 16 characters or more? A. B. C. D. Password recovery requirements Password complexity requirements Password expiration requirements Password length requirements
QUESTION 265 A security administrator is asked to email an employee their password. Which of the following account policies MUST be set to ensure the employee changes their password promptly? A. B. C. D. Password expiration Account lockout Password recovery Account enablement
QUESTION 266 Employees are required to come up with a passphrase of at least 15 characters to access the corporate network. Which of the following account policies does this exemplify? A. B. C. D. Password expiration Password complexity Password lockout Password length
QUESTION 267 An administrator has implemented a policy that passwords expire after 60 days and cannot match their last six previously used passwords. Users are bypassing this policy by immediately changing their passwords six times and then back to the original password. Which of the following can the administrator MOST easily employ to prevent this unsecure practice, with the least administrative effort?
A. B. C. D.
Create a policy that passwords must be no less than ten characters. Monitor user accounts and change passwords of users found to be doing this. Create a policy that passwords cannot be changed more than once a day. Monitor user accounts and lock user accounts that are changing passwords excessively.
QUESTION 268 Which of the following MUST be implemented in conjunction with password history, to prevent a user from reusing the same password? A. B. C. D. Maximum age time Lockout time Minimum age time Expiration time
QUESTION 269 Which of the following represents the complexity of a password policy which enforces lower case password using letters from 'a' through 'z' where 'n' is the password length? A. B. C. D. n26 2n * 26 26n n2 * 26
QUESTION 270 Which of the following BEST describes the process of key escrow? A. B. C. D. Maintains a copy of a user's public key for the sole purpose of recovering messages if it is lost Maintains a secured copy of a user's private key to recover the certificate revocation list Maintains a secured copy of a user's private key for the sole purpose of recovering the key if it is lost Maintains a secured copy of a user's public key in order to improve network performance
QUESTION 271 Which of the following is the primary purpose of using a digital signature? (Select TWO). A. B. C. D. E. Encryption Integrity Confidentiality Non-repudiation Availability
QUESTION 272 The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses: A. B. C. D. multiple keys for non-repudiation of bulk data. different keys on both ends of the transport medium. bulk encryption for data transmission over fiber. the same key on each end of the transmission medium.
QUESTION 273 Which of the following methods BEST describes the use of hiding data within other files? A. B. C. D. Digital signatures PKI Transport encryption Steganography
QUESTION 274 When a user first moves into their residence, the user receives a key that unlocks and locks their front door. This key is only given to them but may be shared with others they trust. Which of the following cryptography concepts is illustrated in the example above? A. B. C. D. Asymmetric key sharing Exchange of digital signatures Key escrow exchange Symmetric key sharing
QUESTION 275 Which of the following cryptography types provides the same level of security but uses smaller key sizes and less computational resources than logarithms which are calculated against a finite field? A. B. C. D. Elliptical curve Diffie-Hellman Quantum El Gamal
QUESTION 276 The BEST way to protect the confidentiality of sensitive data entered in a database table is to use: A. B. C. D. hashing. stored procedures. encryption. transaction logs.
QUESTION 277 WEP is seen as an unsecure protocol based on its improper use of which of the following? A. RC6 B. RC4
C. 3DES D. AES Answer: B Section: (none) Explanation/Reference: Explanation:
QUESTION 278 Which of the following is used in conjunction with PEAP to provide mutual authentication between peers? A. B. C. D. LEAP MSCHAPv2 PPP MSCHAPv1
QUESTION 279 Which of the following is seen as non-secure based on its ability to only store seven uppercase characters of data making it susceptible to brute force attacks? A. B. C. D. PAP NTLMv2 LANMAN CHAP
QUESTION 280 Which of the following access control technologies provides a rolling password for one-time use? A. B. C. D. RSA tokens ACL Multifactor authentication PIV card
QUESTION 281 A security administrator has discovered through a password auditing software that most passwords can be discovered by cracking the first seven characters and then cracking the second part of the password. Which of the following is in use by the company? A. B. C. D. LANMAN MD5 WEP 3DES
QUESTION 282 NTLM is an improved and substantially backwards compatible replacement for which of the following? A. B. C. D. 3DES LANMAN PGP passwd
QUESTION 283 Which of the following does a TPM allow for? A. B. C. D. Cloud computing Full disk encryption Application hardening Input validation
QUESTION 284 The company encryption policy requires all encryption algorithms used on the corporate network to have a key length of 128-bits. Which of the following algorithms would adhere to company policy? A. DES
B. SHA C. 3DES D. AES Answer: D Section: (none) Explanation/Reference: Explanation:
QUESTION 285 The security administrator wants to ensure messages traveling between point A and point B are encrypted and authenticated. Which of the following accomplishes this task? A. B. C. D. MD5 RSA Diffie-Hellman Whole disk encryption
QUESTION 286 Which of the following elements of PKI are found in a browser's trusted root CA? A. B. C. D. Private key Symmetric key Recovery key Public key
QUESTION 287 Where are revoked certificates stored? A. B. C. D. Recovery agent Registration Key escrow CRL
QUESTION 288 Which of the following asymmetric encryption keys is used to encrypt data to ensure only the intended recipient can decrypt the ciphertext? A. B. C. D. Private Escrow Public Preshared
QUESTION 289 Which of the following must a security administrator do when the private key of a web server has been compromised by an intruder? A. B. C. D. Submit the public key to the CRL. Use the recovery agent to revoke the key. Submit the private key to the CRL. Issue a new CA.
QUESTION 290 Which of the following PKI implementation element is responsible for verifying the authenticity of certificate contents? A. B. C. D. CRL Key escrow Recovery agent CA
QUESTION 291 If a user wishes to receive a file encrypted with PGP, the user must FIRST supply the:
A. B. C. D.
public key. recovery agent. key escrow account. private key.
QUESTION 292 A certificate that has been compromised should be published to which of the following? A. B. C. D. AES CA CRL PKI
QUESTION 293 The security administrator is tasked with authenticating users to access an encrypted database. Authentication takes place using PKI and the encryption of the database uses a separate cryptographic process to decrease latency. Which of the following would describe the use of encryption in this situation? A. B. C. D. Private key encryption to authenticate users and private keys to encrypt the database Private key encryption to authenticate users and public keys to encrypt the database Public key encryption to authenticate users and public keys to encrypt the database Public key encryption to authenticate users and private keys to encrypt the database
QUESTION 294 When a certificate issuer is not recognized by a web browser, which of the following is the MOST common reason? A. B. C. D. Lack of key escrow Self-signed certificate Weak certificate pass-phrase Weak certificate cipher
QUESTION 295 Public keys are used for which of the following? A. B. C. D. Decrypting wireless messages Decrypting the hash of an electronic signature Bulk encryption of IP based email traffic Encrypting web browser traffic
QUESTION 296 Which of the following is a requirement when implementing PKI if data loss is unacceptable? A. B. C. D. Web of trust Non-repudiation Key escrow Certificate revocation list
QUESTION 297 Which of the following is true about PKI? (Select TWO). A. B. C. D. E. When encrypting a message with the public key, only the public key can decrypt it. When encrypting a message with the private key, only the private key can decrypt it. When encrypting a message with the public key, only the CA can decrypt it. When encrypting a message with the public key, only the private key can decrypt it. When encrypting a message with the private key, only the public key can decrypt it.
QUESTION 298 The recovery agent is used to recover the: A. B. C. D. root certificate. key in escrow. public key. private key.
QUESTION 299 Which of the following is true about the CRL? A. B. C. D. It should be kept public It signs other keys It must be kept secret It must be encrypted
QUESTION 300 A file has been encrypted with an employee's private key. When the employee leaves the company, their account is deleted. Which of the following are the MOST likely outcomes? (Select TWO). A. B. C. D. E. Recreate the former employee's account to access the file. Use the recovery agent to decrypt the file. Use the root user account to access the file. The data is not recoverable. Decrypt the file with PKI.

Rob SYO-301

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Rob SYO-301

Hochgeladen von

Copyright:

Verfügbare Formate

SY0-301 Google Dump Reformtted by Tony G

Answer: B Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

QUESTION 4 A DMZ (Demilitarized Zone) typically contains: A. A customer account database

Answer: CF Section: (none) Explanation/Reference:

Answer: BC Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: C Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: AD Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Enrollment list Expiration list Revocation list Validation list

Answer: C Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

H. Replay attack I. Mickey Mouse attack Answer: A Section: (none) Explanation/Reference:

Answer: C Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: D Section: (none)

Answer: D Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: C Section: (none) Explanation/Reference:

Answer: C Section: (none) Explanation/Reference:

QUESTION 25 IMAP4 requires port ____ to be open. A. 80 B. 3869

22 21 23 25 110 143 443

Answer: H Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: D Section: (none) Explanation/Reference:

Answer: C Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: C Section: (none) Explanation/Reference:

Answer: B Section: (none) Explanation/Reference:

Answer: A Section: (none) Explanation/Reference:

D. Discovery Answer: A Section: (none) Explanation/Reference: