Term
Adjectives and adverbs are what? |
|
Definition
modifiers [words that further explain or restrict another word in a sentence]. |
|
|
Term
Adjectives
What is an adjective? |
|
Definition
An adjective modifies a noun or pronoun by describing what it is. |
|
|
Term
Rule 1
Adjectives are placed before a noun or pronoun.
Give examples. |
|
Definition
Correct: The red [adjective = describes the color of the car] car [noun] was in an accident.
Incorrect: The car [noun] red [adjective] was in an accident. |
|
|
Term
Adverbs
What is an adverb?
|
|
Definition
An adverb modifies a verb to describe how something is done, or an adverb modifies an adjective to further describe a noun or pronoun’s state of being. |
|
|
Term
Rule 1
Adverbs are often formed by adding –ly to an adjective, and an adverb can go after or before the verb.
Give an example |
|
Definition
Correct: She sings [verb] beautifully [adverb = describes how she sings]. Correct: He quickly [adverb=describes how he moved] moved [verb] to the opposite side. |
|
|
Term
Rule 2
An adverb can describe an adjective. When using an adverb to describe an adjective, place the adverb before the adjective.
Give an example |
|
Definition
Correct: Joe's extremely [adverb = describes how excited Joe's car is] fast [adjective = describes Joe's car] car is his pride and joy.
Incorrect: Joe's fast [adjective] extremely [adverb] car is his pride and joy. |
|
|
Term
Rule 3
An adverb that describes frequency [always, never, sometimes, often, etc.] usually comes before the main verb or phrase it is describing.
Give an example |
|
Definition
Correct: He is often [adverb that describes how late he is for work] late for work [adjective clause that describes the subject he].
Incorrect: He is late for work [adjective] often [adverb]. |
|
|
Term
Adjectives do not have singular and plural forms.
Give an example |
|
Definition
Incorrect: The reds cars were in an accident. Correct: The red cars were in an accident. |
|
|
Term
Adjectives can be placed at the end of a sentence when using a form of the “to be” verb if they describe the subject of the sentence.
Give an example |
|
Definition
Incorrect: My wonderful wife is. Correct: My wife is wonderful.
|
|
|
Term
When the adjective good is used as an adverb, it changes to well.
Give an example |
|
Definition
Incorrect: Jonathan plays basketball good for his age. Correct: Jonathan plays basketball well for his age. |
|
|
Term
Do not use the adverb very with adjectives that express an increased quality.
Give an example |
|
Definition
Incorrect: Jonathan is a very good basketball player for his age. Correct: Jonathan is a good basketball player for his age. |
|
|
Term
Sometimes, adverbs of frequency can be placed at the beginning of a sentence. Do not place an adverb of frequency at the end of a sentence.
Give an example |
|
Definition
Incorrect: He likes to go to sporting events sometimes [adverb]. Correct: Sometimes [adverb] he likes to go to sporting events. |
|
|
Term
QUESTION NO: 91
Sara, a security analyst, discovers which operating systems the client devices on the network are
running by only monitoring a mirror port on the router. Which of the following techniques did Sara
use?
A. Active fingerprinting
B. Passive fingerprinting
C. Protocol analyzing
D. Network enumerating |
|
Definition
|
|
Term
QUESTION NO: 92
Which of the following authentication services uses a ticket granting system to provide access?
A. RADIUS
B. LDAP
C. TACACS+
D. Kerberos |
|
Definition
|
|
Term
QUESTION NO: 93
Matt, the Chief Information Officer (CIO), wants to protect laptop users from zero day attacks.
Which of the following would BEST achieve Matt’s goal?
A. Host based firewall
B. Host based IDS
C. Anti-virus
D. Anti-spyware |
|
Definition
|
|
Term
QUESTION NO: 94
Which of the following is often rated based on its ability to increase the time it takes to perform an
attack?
A. Safe
B. Screen lock
C. Patch management
D. Visualization |
|
Definition
|
|
Term
QUESTION NO: 95
The human resources department of a company has requested full access to all network
resources, including those of the financial department. Jane, the administrator, denies this, citing:
A. Conflict of interest
B. Separation of duties
C. Role authentication
D. Implicit deny |
|
Definition
|
|
Term
QUESTION NO: 96
Which of the following is a way to gain access to a protected system while another user is entering
credentials?
A. Spim
B. Shoulder surfing
C. DDoS
D. Backdoor |
|
Definition
|
|
Term
QUESTION NO: 97
Which of the following would Pete, a security administrator, MOST likely implement in order to
allow employees to have secure remote access to certain internal network services such as file
servers?
A. Packet filtering firewall
B. VPN gateway
C. Switch
D. Router |
|
Definition
|
|
Term
QUESTION NO: 98
Jane, a security administrator, needs to deploy a wireless network where the wireless encryption
key is negotiated automatically. Which of the following MUST be implemented?
A. WPA2-PSK
B. 802.1n
C. MAC filtering
D. WPA enterprise |
|
Definition
|
|
Term
QUESTION NO: 99
Which of the following can be implemented on the company gateway router to prevent IP packets
with a source IP of the internal company network from being routed by the external interface of the
router into the company's network?
A. 802.1x
B. Flood guards
C. Access control lists
D. Loop protection |
|
Definition
|
|
Term
QUESTION NO: 100
Which of the following BEST explains the security benefit of a standardized server image?
A. All current security updates for the operating system will have already been applied.
B. Mandated security configurations have been made to the operating system.
C. Anti-virus software will be installed and current.
D. Operating system license use is easier to track. |
|
Definition
|
|
Term
Topic 2, Volume B
QUESTION NO: 101
Jane, the security administrator for a company, needs to assign permissions for users on her
network. Which of the following would allow Jane to give ONLY the appropriate permissions
necessary?
A. Separation of duties
B. Job rotation
C. Privilege escalation
D. Least privilege |
|
Definition
|
|
Term
QUESTION NO: 102
Users in the marketing department are given a different level of access to files than users in the
accounting department. Which of the following types of access control does this BEST describe?
A. Standard access control
B. Role based access control
C. Mandatory access control
D. Discretionary access control |
|
Definition
|
|
Term
QUESTION NO: 103
Which of the following types of data encryption would Jane, a security administrator, use if MBR
and the file systems needed to be included?
A. Full disk
B. Individual files
C. Database
D. Partial disk |
|
Definition
|
|
Term
QUESTION NO: 104
Sara, an employee, enters the datacenter but does not ensure the door was fully closed
afterwards. Which of the following could directly result from this situation?
A. Clean desk policy
B. Social engineering
C. Tailgating
D. Chain of custody |
|
Definition
|
|
Term
QUESTION NO: 105
Which of the following should Pete, the security administrator, change to help mitigate the risk
associated with war drivers discovering the wireless network?
A. WPA encryption
B. WEP encryption
C. MAC filtering
D. AP power levels |
|
Definition
|
|
Term
QUESTION NO: 106
Which of the following is used to verify the identity of the sender of a signed email?
A. Public key
B. Sender's IP
C. From field
D. Private key |
|
Definition
|
|
Term
QUESTION NO: 107
Which of the following is the MOST important security requirement for mobile devices storing PII?
A. Remote data wipe
B. GPS location service
C. VPN pass-through
D. WPA2 wireless |
|
Definition
|
|
Term
QUESTION NO: 108
Which of the following is a way to confirm that all staff members know their roles and
responsibilities during an IT disaster or other IT contingency event?
A. Table-top exercise
B. Hot site
C. Disaster recovery plan
D. MTTR |
|
Definition
|
|
Term
QUESTION NO: 109
The main corporate website has a service level agreement that requires availability 100% of the
time, even in the case of a disaster. Which of the following would be required to meet this
demand?
A. Warm site implementation for the datacenter
B. Geographically disparate site redundant datacenter
C. Localized clustering of the datacenter
D. Cold site implementation for the datacenter |
|
Definition
|
|
Term
QUESTION NO: 110
Which of the following concepts is BEST described as developing a new chain of command in the
event of a contingency?
A. Business continuity planning
B. Continuity of operations
C. Business impact analysis
D. Succession planning |
|
Definition
|
|
Term
QUESTION NO: 111
Which of the following will allow proper ventilation for servers in a data center?
A. Hot/cold aisles
B. Humidity controls
C. EMI shielding
D. Load balancing |
|
Definition
|
|
Term
QUESTION NO: 112
Which of the following combinations represents multifactor authentication?
A. Key and proximity badge
B. Fingerprint and proximity badge
C. Retina scan and voice analysis
D. Password and PIN |
|
Definition
|
|
Term
QUESTION NO: 113
Jane, an administrator, is primarily concerned with blocking external attackers from gaining
information on remote employees by scanning their laptops. Which of the following security
applications is BEST suited for this task?
A. Host IDS
B. Personal firewall
C. Anti-spam software
D. Anti-virus software |
|
Definition
|
|
Term
QUESTION NO: 114
Which of the following can Pete, the security administrator, implement to filter Internet traffic?
A. Warning banners
B. Spam filters
C. Host-based firewalls
D. Command shell restrictions |
|
Definition
|
|
Term
QUESTION NO: 115
Which of the following should Jane, the security administrator, do FIRST when an employee
reports the loss of a corporate mobile device?
A. Remotely lock the device with a PIN
B. Enable GPS location and record from the camera
C. Remotely uninstall all company software
D. Remotely initiate a device wipe |
|
Definition
|
|
Term
QUESTION NO: 116
Which of the following protocols is used to authenticate the client and server's digital certificate?
A. PEAP
B. DNS
C. TLS
D. ICMP |
|
Definition
|
|
Term
QUESTION NO: 117
Which of the following authentication services uses the AAA architecture and runs on TCP?
A. LDAP
B. Kerberos
C. RADIUS
D. TACACS+ |
|
Definition
|
|
Term
QUESTION NO: 118
Users have notified Sara, a technician, that the performance of a specific set of servers has
degraded. All of the servers are in the same facility and accessible, but are very slow to respond.
Which of the following is MOST likely the cause?
A. The servers are not configured in a hot aisle and cool aisle containment.
B. Redundancy and data de-duplication has failed.
C. The UPS is overloaded and has begun the shutdown process.
D. HVAC has failed causing server CPUs to overheat and throttle. |
|
Definition
|
|
Term
QUESTION NO: 119
Matt, an administrator, captures malicious DNS traffic on the network. Which of the following tools
would be used to analyze the nature of this traffic?
A. Sniffer
B. Zone transfer
C. Network tap
D. Application firewall |
|
Definition
|
|
Term
QUESTION NO: 120
Which of the following should Pete, an administrator, use to verify the integrity of a downloaded
file?
A. CRL
B. CSR
C. AES
D. MD5 |
|
Definition
|
|
Term
QUESTION NO: 151
When deploying virtualized servers, which of the following should a company be the MOST
concerned with?
A. Integrity
B. Non-repudiation
C. Power consumption
D. Availability |
|
Definition
|
|
Term
QUESTION NO: 152
The main difference between symmetric and asymmetric encryption is that:
A. Symmetric encryption uses the same key for encryption and decryption, while asymmetric
encryption uses one key to encrypt and one to decrypt.
B. In symmetric encryption the encryption key must be of even number length so that it can be
split in two, where one part is used for encryption and the other is used for decryption.
C. Asymmetric encryption uses the same key for encryption and decryption, while symmetric
encryption uses one key to encrypt and one to decrypt.
D. In asymmetric encryption the same key is given to one user in a hashed format and used for
encryption, and to another used in plain text and used for decryption |
|
Definition
|
|
Term
QUESTION NO: 153
Jane, an information security manager, often receives reports about the sharing of cipher lock
codes to gain access to secure areas. Jane would like to implement a new control that would
prevent the sharing of codes and limit access points to only key employees. Which of the following
security controls would BEST mitigate this issue?
A. Use ACLs
B. Separation of duties
C. Install proximity readers
D. Time of day restrictions |
|
Definition
|
|
Term
QUESTION NO: 154
Jane, a security administrator, has been tasked with explaining access control aspects to a peer.
Which of the following is a directory service supporting both Windows and Linux authentication?
A. LDAP
B. Trusted OS
C. TACACS+
D. PAM |
|
Definition
|
|
Term
QUESTION NO: 155
Pete, a system administrator, has concerns regarding his users accessing systems and secured
areas using others' credentials. Which of the following can BEST address this concern?
A. Create conduct policies prohibiting sharing credentials.
B. Enforce a policy shortening the credential expiration timeframe.
C. Implement biometric readers on laptops and restricted areas.
D. Install security cameras in areas containing sensitive systems. |
|
Definition
|
|
Term
QUESTION NO: 156
Which of the following is the MOST secure solution for connecting remote sites to the corporate
headquarters?
A. PPTP
B. L2TP
C. HTTP
D. IPSec |
|
Definition
|
|
Term
QUESTION NO: 157
Which of the following is the BEST method to use when preventing a cross-site scripting attack on
a Human Resource system?
A. Require all data be filtered through a web application firewall.
B. Restrict permitted HTML encoding to a limited subset of tags and attributes.
C. Provide user education on the threat of cross-site scripting.
D. Input validation upon arrival at the server. |
|
Definition
|
|
Term
QUESTION NO: 158
Jane's, a user, word processing software is exhibiting strange behavior, opening and closing itself
at random intervals. There is no other strange behavior on the system. Which of the following
would mitigate this problem in the future?
A. Install application updates
B. Encrypt the file system
C. Install HIDS
D. Install anti-spam software |
|
Definition
|
|
Term
QUESTION NO: 159
Jane, a user, has an IP address of 172.16.24.43 and visits a website which states that she has an
IP address of 204.211.38.89. Which of the following is being used on the network? (Select TWO).
A. NAT
B. NAC
C. Spoofing
D. DMZ
E. VLANs
F. PAT |
|
Definition
|
|
Term
QUESTION NO: 160
Which of the following data loss prevention strategies mitigates the risk of replacing hard drives
that cannot be sanitized?
A. Virtualization
B. Patch management
C. Full disk encryption
D. Database encryption |
|
Definition
|
|
Term
QUESTION NO: 161
Which of the following is characterized by Matt, an attacker, attempting to leave identification
markings for open wireless access points?
A. Initialization vector
B. War chalking
C. Packet sniffing
D. War driving |
|
Definition
|
|
Term
QUESTION NO: 162
Which of the following can Matt, a security administrator, implement to support confidentiality and
integrity?
A. PKI
B. Non-repudiation
C. Digital signatures
D. Recovery agents |
|
Definition
|
|
Term
QUESTION NO: 163
Which of the following can Pete, an administrator, use to verify that a downloaded file was not
corrupted during the transfer?
A. NTLM tag
B. LANMAN hash
C. MD5 checksum
D. SHA summary |
|
Definition
|
|
Term
QUESTION NO: 164
Planning what traffic will be separated, assigning tags, and configuring routing are part of
configuring which of the following?
A. IPSec
B. ACL
C. NAT
D. VLAN |
|
Definition
|
|
Term
QUESTION NO: 165
Jane, an employee, receives an error on an encrypted laptop, making the laptop un-bootable.
Jane now cannot access any files on the laptop. The desktop technician is unable to recover the
key from the computer and will have to inform Jane that the files are now unrecoverable. Which of
the following would have prevented Jane from losing access to the files?
A. Certificate Authority
B. Private keys
C. Public keys
D. Key escrow |
|
Definition
|
|
Term
QUESTION NO: 166
Which of the following combines authentication and authorization, and does not use the TCP
protocol?
A. RADIUS
B. Kerberos
C. LDAP
D. TACACS+ |
|
Definition
|
|
Term
QUESTION NO: 167
Which of the following occurs when two access points share the same SSID broadcast where one
access point is used to capture data?
A. Rogue access point
B. Bluesnarfing
C. Evil twin
D. Packet sniffing |
|
Definition
|
|
Term
QUESTION NO: 168
Pete and Jane, users in a financial office are reporting that they are not being asked for
credentials anymore when successfully connecting to the company wireless. All other offices are
still being authenticated on the wireless. Which of the following is this an example of?
A. Evil twin
B. Interference
C. IV attack
D. War driving |
|
Definition
|
|
Term
QUESTION NO: 169
Which of the following is BEST described by a scenario where management chooses to implement
security controls to lessen the impact of a given risk?
A. Avoidance
B. Transference
C. Deterrence
D. Mitigation |
|
Definition
|
|
Term
QUESTION NO: 170
A recent network attack caused several random computers to malfunction, even though those
computers had the latest updates and patches applied. Which of the following describes this type
of attack?
A. Targeted
B. DDoS
C. Zero day
D. Buffer overflow |
|
Definition
|
|
Term
QUESTION NO: 171
Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security
gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the
tethered connection and corporate data is stolen. Which of the following would BEST prevent this
from occurring again?
A. Disable the wireless access and implement strict router ACLs
B. Reduce restrictions on the corporate web security gateway
C. Security policy and threat awareness training
D. Perform user rights and permissions reviews |
|
Definition
|
|
Term
QUESTION NO: 172
Sara makes a phone call to the help desk pretending to be Jane. Sara states that she has
forgotten her password and asks that it be reset to 12345. Which of the following is Sara
performing?
A. Shoulder surfing
B. Impersonation
C. Dumpster diving
D. Tailgating |
|
Definition
|
|
Term
QUESTION NO: 173
Which of the following default network ports is used by FTP?
A. 20
B. 22
C. 23
D. 25 |
|
Definition
|
|
Term
QUESTION NO: 174
A company recently installed a load balancer for their servers. The company is MOST concerned
with:
A. Integrity
B. Availability
C. Authentication
D. Confidentiality |
|
Definition
|
|
Term
QUESTION NO: 175
Which of the following pseudocodes MOST likely prevents buffer overflows?
A. If input contains < or > then escape the character and execute the program with user input
B. If input is less than 100 characters, then prompt for input again
C. If input contains \ then remove \ and execute program with user input
D. If input is greater than 1000 characters then truncate input |
|
Definition
|
|
Term
QUESTION NO: 176
Which of the following is usually encrypted when stored or transmitted?
A. CRL
B. Private key
C. Root certificate
D. Public key |
|
Definition
|
|
Term
QUESTION NO: 177
Which of the following could Jane, a security administrator, implement to mitigate the risk of
tailgating for a large organization?
A. Train employees on correct data disposal techniques and enforce policies.
B. Only allow employees to enter or leave through one door at specified times of the day.
C. Only allow employees to go on break one at a time and post security guards 24/7 at each
entrance.
D. Train employees on risks associated with social engineering attacks and enforce policies. |
|
Definition
|
|
Term
QUESTION NO: 178
Pete, a security administrator, implemented design changes and moved certain servers into a
dedicated area that is accessible from the outside network, yet separated from the internal
network. Which of the following did Pete implement?
A. NAC
B. NAT
C. DMZ
D. VLAN |
|
Definition
|
|
Term
QUESTION NO: 179
While placing an order at an online bookstore, Sara, a user, enters her correct credentials and is
immediately presented with a pop-up window requesting her username and password again.
Which of the following has MOST likely occurred?
A. LDAP injection attack
B. Evil twin attack
C. Phishing attack
D. SQL injection attack |
|
Definition
|
|
Term
QUESTION NO: 180
Identifying a list of all approved software on a system is a step in which of the following practices?
A. Passively testing security controls
B. Application hardening
C. Host software baselining
D. Client-side targeting |
|
Definition
|
|