Term
QUESTION NO: 1
All of the following provide confidentiality protection as part of the underlying protocol EXCEPT
A. SSL.
B. SSH.
C. L2TP.
D. IPSeC. |
|
Definition
|
|
Term
QUESTION NO: 2
Which of the following allows an attacker to manipulate files by using the least significant bit(s) to
secretly embed data?
A. Steganography
B. Worm
C. Trojan horse
D. Virus |
|
Definition
|
|
Term
QUESTION NO: 3
Which of the following type of attacks would allow an attacker to capture HTTP requests and send
back a spoofed page?
A. Teardrop
B. TCP/IP hijacking
C. Phishing
D. Replay |
|
Definition
|
|
Term
QUESTION NO: 4
How should a company test the integrity of its backup data?
A. By conducting another backup
B. By using software to recover deleted files
C. By restoring part of the backup
D. By reviewing the written procedures |
|
Definition
|
|
Term
QUESTION NO: 5
Which of following can BEST be used to determine the topology of a network and discover
unknown devices?
A. Vulnerability scanner
B. NIPS
C. Protocol analyzer
D. Networkmapper |
|
Definition
|
|
Term
QUESTION NO: 6
When should a technician perform penetration testing?
A. When the technician suspects that weak passwords exist on the network
B. When the technician is trying to guess passwords on a network
C. When the technician has permission from the owner of the network
D. When the technician is war driving and trying to gain access |
|
Definition
|
|
Term
QUESTION NO: 7
An administrator has implemented a new SMTP service on a server. A public IP address
translates to the internal SMTP server. The administrator notices many sessions to the server, and
gets notification that the servers public IP address is now reported in a spam real-time block
list.Which of the following is wrong with the server?
A. SMTP open relaying isenableD.
B. It does not have a spam filter.
C. The amount of sessions needs to belimiteD.
D. The public IP address is incorrect. |
|
Definition
|
|
Term
QUESTION NO: 8
Which of the following is MOST efficient for encrypting large amounts of data?
A. Hashing algorithms
B. Symmetric key algorithms
C. Asymmetric key algorithms
D. ECC algorithms |
|
Definition
|
|
Term
QUESTION NO: 9
Which of the following is a reason why a company should disable the SSID broadcast of the
wireless access points?
A. Rogue access points
B. War driving
C. Weak encryption
D. Session hijacking |
|
Definition
|
|
Term
QUESTION NO: 10
Which of the following BEST describes ARP?
A. Discovering the IP address of a device from the MAC address
B. Discovering the IP address of a device from the DNS name
C. Discovering the MAC address of a device from the IP address
D. Discovering the DNS name of a device from the IP address |
|
Definition
|
|
Term
QUESTION NO: 11
Which of the following would be BEST to use to apply corporate security settings to a device?
A. A security patch
B. A securityhotfix
C. An OS service pack
D. A security template |
|
Definition
|
|
Term
QUESTION NO: 12
A small call center business decided to install an email system to facilitate communications in the
office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of
$5,000 per year. The IT manager read there was a 90% chance each year that workstations would
be compromised if not adequately protected. If workstations are compromised it will take three
hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If
the anti-malware software is purchased, which of the following is the expected net savings?
A. $900
B. $2,290
C. $2,700
D. $5,000b |
|
Definition
|
|
Term
QUESTION NO: 13
Which of the following is the main objective of steganography?
A. Message digest
B. Encrypt information
C. Hide information
D. Data integrity |
|
Definition
|
|
Term
QUESTION NO: 14
Which of the following would allow for secure key exchange over an unsecured network without a
pre-shared key?
A. 3DES
B. AES
C. DH-ECC
D. MD5 |
|
Definition
|
|
Term
QUESTION NO: 15
Which of the following improves security in a wireless system?
A. IP spoofing
B. MAC filtering
C. SSID spoofing
D. Closed network |
|
Definition
|
|
Term
QUESTION NO: 16
A user wants to implement secure LDAP on the network. Which of the following port numbers
secure LDAP use by default?
A. 53
B. 389
C. 443
D. 636 |
|
Definition
|
|
Term
QUESTION NO: 17
On which of the following is a security technician MOST likely to find usernames?
A. DNS logs
B. Application logs
C. Firewall logs
D. DHCP logs |
|
Definition
|
|
Term
QUESTION NO: 18
How many keys are utilized with asymmetric cryptography?
A. One
B. Two
C. Five
D. Seven |
|
Definition
|
|
Term
QUESTION NO: 19
During a risk assessment it is discovered that only one system administrator is assigned several
tasks critical to continuity of operations. It is recommended to cross train other system
administrators to perform these tasks and mitigate which of the following risks?
A. DDoS
B. Privilege escalation
C. Disclosure of PII
D. Single point of failure |
|
Definition
|
|
Term
QUESTION NO: 20
Which of the following network filtering devices will rely on signature updates to be effective?
A. Proxy server
B. Firewall
C. NIDS
D. Honeynet |
|
Definition
|
|
Term
QUESTION NO: 21
Which of the following is a single server that is setup in the DMZ or outer perimeter in order to
distract attackers?
A. Honeynet
B. DMZ
C. Honeypot
D. VLAN |
|
Definition
|
|
Term
QUESTION NO: 22
Which of the following encryption algorithms is decrypted in the LEAST amount of time?
A. RSA
B. AES
C. 3DES
D. L2TP |
|
Definition
|
|
Term
QUESTION NO: 23
An administrator is trying to secure a network from threats originating outside the network. Which
of the following devices provides protection for the DMZ from attacks launched from the Internet?
A. Antivirus
B. Content filter
C. Firewall
D. Proxy server |
|
Definition
|
|
Term
QUESTION NO: 24
Which of the following is a way to manage operating system updates?
A. Service pack management
B. Patch application
C. Hotfix management
D. Change management |
|
Definition
|
|
Term
QUESTION NO: 25
Which of the following is a list of discrete entries that are known to be benign?
A. Whitelist
B. Signature
C. Blacklist
D. ACL |
|
Definition
|
|
Term
QUESTION NO: 26
Which of the following increases the collision resistance of a hash?
A. Salt
B. Increase the input length
C. Rainbow Table
D. Larger key space |
|
Definition
|
|
Term
QUESTION NO: 27
A programmer has decided to alter the server variable in the coding of an authentication function
for a proprietary sales application. Before implementing the new routine on the production
application server, which of the following processes should be followed?
A. Change management
B. Secure disposal
C. Password complexity
D. Chain of custody |
|
Definition
|
|
Term
QUESTION NO: 28
When deploying 50 new workstations on the network, which of following should be completed
FIRST?
A. Install a word processor.
B. Run the latestspywarE.
C. Apply the baseline configuration.
D. Run OS updates |
|
Definition
|
|
Term
QUESTION NO: 29
Which of the following should be implemented to have all workstations and servers isolated in their
own broadcast domains?
A. VLANs
B. NAT
C. Access lists
D. Intranet |
|
Definition
|
|
Term
QUESTION NO: 30
End users are complaining about receiving a lot of email from online vendors and pharmacies.
Which of the following is this an example of?
A. Trojan
B. Spam
C. Phishing
D. DNS poisoning |
|
Definition
|
|
Term
QUESTION NO: 31
Which of the following BEST describes a private key in regards to asymmetric encryption?
A. The key owner has exclusive access to the private key.
B. Everyone has access to the private key on the CA.
C. Only the CA has access to the private key.
D. The key owner and a recipient of an encrypted email have exclusive access to the private key. |
|
Definition
|
|
Term
QUESTION NO: 32
Which of the following logs might reveal the IP address and MAC address of a rogue device within
the local network?
A. Security logs
B. DHCP logs
C. DNS logs
D. Antivirus logs |
|
Definition
|
|
Term
QUESTION NO: 33
Which of the following is commonly used in a distributed denial of service (DDOS) attack?
A. Phishing
B. Adware
C. Botnet
D. Trojan |
|
Definition
|
|
Term
QUESTION NO: 34
Which of the following practices is MOST relevant to protecting against operating system security
flaws?
A. Network intrusion detection
B. Patch management
C. Firewall configuration
D. Antivirus selection |
|
Definition
|
|
Term
QUESTION NO: 35
Which of the following is a best practice for coding applications in a secure manner?
A. Input validation
B. Object oriented coding
C. Rapid Application Development (RAD)
D. Cross-site scripting |
|
Definition
|
|
Term
QUESTION NO: 36
Which of the following technologies can be used as a means to isolate a host OS from some types
of security threats?
A. Intrusion detection
B. Virtualization
C. Kiting
D. Cloning |
|
Definition
|
|
Term
QUESTION NO: 37
Which of the following network tools would provide the information on what an attacker is doing to
compromise a system?
A. Proxy server
B. Honeypot
C. Internet content filters
D. Firewall |
|
Definition
|
|
Term
QUESTION NO: 38
Assigning proper security permissions to files and folders is the primary method of mitigating
which of the following?
A. Hijacking
B. Policy subversion
C. Trojan
D. DoS |
|
Definition
|
|
Term
QUESTION NO: 39
Which of the following logical access controls would be MOST appropriate to use when creating
an account for a temporary worker?
A. ACL
B. Account expiration
C. Time of day restrictions
D. Logical tokens |
|
Definition
|
|
Term
QUESTION NO: 40
Which of the following may be an indication of a possible system compromise?
A. A port monitor utility shows that there are many connections to port 80 on the Internet facing
web server.
B. A performance monitor indicates a recent and ongoing drop in speed, disk space or memory
utilization from the baseline.
C. A protocol analyzer records a high number of UDP packets to a streaming media server on the
Internet.
D. The certificate for one of the web servers has expired and transactions on that server begins to drop rapidly |
|
Definition
|
|
Term
QUESTION NO: 41
An administrator suspects that files are being copied to a remote location during off hours. The file
server does not have logging enabled. Which of the following logs would be the BEST place to
look for information?
A. Intrusion detection logs
B. Firewall logs
C. Antivirus logs
D. DNS logs |
|
Definition
|
|
Term
QUESTION NO: 42
Which of the following access control methods gives the owner control over providing
permissions?
A. Role-Based Access Control (RBAC)
B. Rule-Based Access control (RBAC)
C. Mandatory Access Control (MAC)
D. Discretionary Access Control (DAC) |
|
Definition
|
|
Term
QUESTION NO: 43
Which of the following access control methods grants permissions based on the users position in
the company?
A. Mandatory Access Control (MAC)
B. Rule-Based Access control (RBAC)
C. Discretionary Access Control (DAC)
D. Role-Based Access Control (RBAC) |
|
Definition
|
|
Term
QUESTION NO: 44
Which of the following access control methods includes switching work assignments at preset
intervals?
A. Job rotation
B. Mandatory vacations
C. Least privilege
D. Separation of duties |
|
Definition
|
|
Term
QUESTION NO: 45
Which of the following authentication methods would MOST likely prevent an attacker from being
able to successfully deploy a replay attack?
A. TACACS
B. RAS
C. RADIUS
D. Kerberos |
|
Definition
|
|
Term
QUESTION NO: 46
Which of the following would an attacker use to footprint a system?
A. RADIUS
B. Password cracker
C. Port scanner
D. Man-in-the-middle attack |
|
Definition
|
|
Term
QUESTION NO: 47
Which of the following ensures a user cannot deny having sent a message?
A. Availability
B. Integrity
C. Non-repudiation
D. Confidentiality |
|
Definition
|
|
Term
QUESTION NO: 48
Which of the following allows an attacker to embed a rootkit into a picture?
A. Trojan horse
B. Worm
C. Steganography
D. Virus |
|
Definition
|
|
Term
QUESTION NO: 49
Which of the following is a publication of inactivated user certificates?
A. Certificate revocation list
B. Certificate suspension
C. Recovery agent
D. Certificate authority |
|
Definition
|
|
Term
QUESTION NO: 50
Which of the following is a method of encrypting email?
A. S/MIME
B. SMTP
C. L2TP
D. VPN |
|
Definition
|
|
Term
QUESTION NO: 51
Which of the following risks would be reduced by implementing screen filters?
A. Replay attacks
B. Phishing
C. Man-in-the-middle attacks
D. Shoulder surfing |
|
Definition
|
|
Term
QUESTION NO: 52
Which of the following allows an attacker to hide the presence of malicious code by altering the
systems process and registry entries?
A. Logic bomb
B. Worm
C. Trojan
D. Rootkit |
|
Definition
|
|
Term
QUESTION NO: 53
Which of the following will propagate itself without any user interaction?
A. Worm
B. Rootkit
C. Trojan
D. Virus |
|
Definition
|
|
Term
QUESTION NO: 54
An administrator wants to setup their network with only one public IP address. Which of the
following would allow for this?
A. DMZ
B. VLAN
C. NIDS
D. NAT |
|
Definition
|
|
Term
QUESTION NO: 55
An administrator wants to proactively collect information on attackers and their attempted methods
of gaining access to the internal network. Which of the following would allow the administrator to
do this?
A. NIPS
B. Honeypot
C. DMZ
D. NIDS |
|
Definition
|
|
Term
QUESTION NO: 56
Which of the following allows a technician to correct a specific issue with a solution that has not
been fully tested?
A. Patch
B. Hotfix
C. Security roll-up
D. Service pack |
|
Definition
|
|
Term
QUESTION NO: 57
A technician wants to regulate and deny traffic to websites that contain information on hacking.
Which of the following would be the BEST solution to deploy?
A. Internet content filter
B. Proxy
C. Protocol analyzer
D. NIDS |
|
Definition
|
|
Term
QUESTION NO: 58
Which of the following is the LEAST intrusive way of checking the environment for known software
flaws?
A. Protocol analyzer
B. Vulnerability scanner
C. Port scanner
D. Penetration test |
|
Definition
|
|
Term
QUESTION NO: 59
If a certificate has been compromised, which of the following should be done?
A. Run the recovery agent.
B. Put the certificate on the CRL.
C. Put the certificate in key escrow.
D. Suspend the certificate for further investigation |
|
Definition
|
|
Term
QUESTION NO: 60
Which of the following requires an update to the baseline after installing new software on a
machine?
A. Signature-based NIPS
B. Signature-based NIDS
C. Honeypot
D. Behavior-based HIDS |
|
Definition
|
|
Term
QUESTION NO: 61
Which of the following would be the MOST secure choice to implement for authenticating remote
connections?
A. LDAP
B. 8021x
C. RAS
D. RADIUS |
|
Definition
|
|
Term
QUESTION NO: 62
Which of the following is the BEST way to reduce the number of accounts a user must maintain?
A. Kerberos
B. CHAP
C. SSO
D. MD5 |
|
Definition
|
|
Term
QUESTION NO: 63
Which of the following can be used as a means for dual-factor authentication?
A. RAS and username/password
B. RADIUS and L2TP
C. LDAP and WPA
D. Iris scan and proximity card |
|
Definition
|
|
Term
QUESTION NO: 64
After implementing file auditing, which of the following logs would show unauthorized usage
attempts?
A. Performance
B. System
C. Security
D. Application |
|
Definition
|
|
Term
QUESTION NO: 65
Which of the following type of attacks requires an attacker to sniff the network?
A. Man-in-the-Middle
B. DDoS attack
C. MAC flooding
D. DNS poisoning |
|
Definition
|
|
Term
QUESTION NO: 66
If a user attempts to go to a website and notices the URL has changed, which of the following
attacks is MOST likely the cause?
A. DLL injection
B. DDoS attack
C. DNS poisoning
D. ARP poisoning |
|
Definition
|
|
Term
QUESTION NO: 67
Which of the following attacks can be caused by a user being unaware of their physical
surroundings?
A. ARP poisoning
B. Phishing
C. Shoulder surfing
D. Man-in-the-middle |
|
Definition
|
|
Term
QUESTION NO: 68
Which of the following actions should be performed upon discovering an unauthorized wireless
access point attached to a network?
A. Unplug the Ethernet cable from the wireless access point.
B. Enable MAC filtering on the wireless access point.
C. Change the SSID on the wireless access point.
D. Run a ping against the wireless access point. |
|
Definition
|
|
Term
QUESTION NO: 69
Which of the following redundancy solutions contains hardware systems similar to the affected
organization, but does not provide live data?
A. Hot site
B. Uninterruptible Power Supply (UPS)
C. Warm site
D. Cold site |
|
Definition
|
|
Term
QUESTION NO: 70
During the implementation of LDAP, which of the following will typically be changed within the
organizations software programs?
A. IP addresses
B. Authentication credentials
C. Non-repudiation policy
D. Network protocol |
|
Definition
|
|
Term
QUESTION NO: 71
Which of the following would be MOST useful to determine why packets from a computer outside
the network are being dropped on the way to a computer inside the network?
A. HIDS log
B. Security log
C. Firewall log
D. System log |
|
Definition
|
|
Term
QUESTION NO: 72
Which of the following security policies is BEST to use when trying to mitigate the risks involved
with allowing a user to access company email via their cell phone?
A. The cell phone should require a password after a set period of inactivity.
B. The cell phone should only be used for company related emails.
C. The cell phone data should be encrypted according to NIST standards.
D. The cell phone should have data connection abilitiesdisableD |
|
Definition
|
|
Term
QUESTION NO: 73
An administrator has been asked to encrypt credit card datA. Which of the following algorithms
would be the MOST secure with the least CPU utilization?
A. 3DES
B. AES
C. SHA-1
D. MD5 |
|
Definition
|
|
Term
QUESTION NO: 74
Which of the following algorithms is the LEAST secure?
A. NTLM
B. MD5
C. LANMAN
D. SHA-1 |
|
Definition
|
|
Term
QUESTION NO: 75
Which of the following algorithms is MOST closely associated with the signing of email messages?
A. MD5
B. TKIP
C. PGP
D. SHA-1 |
|
Definition
|
|
Term
QUESTION NO: 76
An executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting
the body of the email, the executive wishes to encrypt the signature so that the assistant can verify
that the email actually came from the executive. Which of the following asymmetric keys should
the executive use to encrypt the signature?
A. Public
B. Private
C. Shared
D. Hash |
|
Definition
|
|
Term
QUESTION NO: 77
A technician needs to detect staff members that are connecting to an unauthorized website. Which
of the following could be used?
A. Protocol analyzer
B. Bluesnarfing
C. Host routing table
D. HIDS |
|
Definition
|
|
Term
QUESTION NO: 78
An administrator suspects that multiple PCs are infected with a zombie. Which of the following
tools could be used to confirm this?
A. Antivirus
B. Recovery agent
C. Spyware
D. Port scan |
|
Definition
|
|
Term
QUESTION NO: 79
Which of the following is an example of security personnel that administer access control
functions, but do not administer audit functions?
A. Access enforcement
B. Separation of duties
C. Least privilege
D. Account management |
|
Definition
|
|
Term
QUESTION NO: 80
A malware incident has just been detected within a company. Which of the following should be the
administrators FIRST response?
A. Removal
B. Containment
C. Recovery
D. Monitor |
|
Definition
|
|
Term
QUESTION NO: 81
Taking into account personal safety, which of the following types of fire suppression substances
would BEST prevent damage to electronic equipment?
A. Foam
B. CO2
C. Halon
D. Water |
|
Definition
|
|
Term
QUESTION NO: 82
Which of the following describes the process of securely removing information from media (E. g.
hard drive) for future use?
A. Reformatting
B. Destruction
C. Sanitization
D. Deleting |
|
Definition
|
|
Term
QUESTION NO: 83
Which of the following principles should be applied when assigning permissions?
A. Most privilege
B. Least privilege
C. Rule based
D. Role based |
|
Definition
|
|
Term
QUESTION NO: 84
Which of the following type of strategies can be applied to allow a user to enter their username
and password once in order to authenticate to multiple systems and applications?
A. Two-factor authentication
B. Single sign-on
C. Smart card
D. Biometrics |
|
Definition
|
|
Term
QUESTION NO: 85
User A is a member of the payroll security group. Each member of the group should have
read/write permissions to a share. User A was trying to update a file but when the user tried to
access the file the user was denied. Which of the following would explain why User A could not
access the file?
A. Privilege escalation
B. Rights are not set correctly
C. Least privilege
D. Read only access |
|
Definition
|
|
Term
QUESTION NO: 86
Which of the following threats is the MOST difficult to detect and hides itself from the operating
system?
A. Rootkit
B. Adware
C. Spyware
D. Spam |
|
Definition
|
|
Term
QUESTION NO: 87
Which of the following methods is used to perform denial of service (DoS) attacks?
A. Privilege escalation
B. Botnet
C. Adware
D. Spyware |
|
Definition
|
|
Term
QUESTION NO: 88
Which of the following is an attack that is triggered by a specific event or by a date?
A. Logic bomb
B. Spam
C. Rootkit
D. Privilege escalation |
|
Definition
|
|
Term
QUESTION NO: 89
Which of the following can an attacker use to gather information on a system without having a user
ID or password?
A. NAT
B. DNS poisoning
C. Null session
D. Spoofing |
|
Definition
|
|
Term
QUESTION NO: 90
Which of the following is a way to logically separate a network through a switch?
A. Spanning port
B. Subnetting
C. VLAN
D. NAT |
|
Definition
|
|
Term
QUESTION NO: 91
Which of the following is a security threat when a new network device is configured for first-time
installation?
A. Attacker privilege escalation
B. Installation of a back door
C. Denial of Service (DoS)
D. Use of default passwords |
|
Definition
|
|
Term
QUESTION NO: 92
Which of the following is an exploit against a device where only the hardware model and
manufacturer are known?
A. Replay attack
B. Denial of service (DoS)
C. Privilege escalation
D. Default passwords |
|
Definition
|
|
Term
QUESTION NO: 93
A technician is implementing a new wireless network for an organization. The technician should be
concerned with all of the following wireless vulnerabilities EXCEPT:
A. rogue access points.
B. 80211 mode.
C. weak encryption.
D. SSID broadcasts. |
|
Definition
|
|
Term
QUESTION NO: 94
Which of the following tools will allow the technician to find all open ports on the network?
A. Performance monitor
B. Protocol analyzer
C. Router ACL
D. Network scanner |
|
Definition
|
|
Term
QUESTION NO: 95
An organization is installing new servers into their infrastructure. A technician is responsible for
making sure that all new servers meet security requirements for uptime. In which of the following is the availability requirements identified?
A. Service level agreement
B. Performance baseline
C. Device manufacturer documentation
D. Security template |
|
Definition
|
|
Term
QUESTION NO: 96
After issuance a technician becomes aware that some keys were issued to individuals who are not
authorized to use them. Which of the following should the technician use to correct this problem?
A. Recovery agent
B. Certificate revocation list
C. Key escrow
D. Public key recovery |
|
Definition
|
|
Term
QUESTION NO: 97
Password crackers are generally used by malicious attackers to:
A. verify system access.
B. facilitate penetration testing.
C. gain system access.
D. sniff network passwords |
|
Definition
|
|
Term
QUESTION NO: 98
Which of the following properly describes penetration testing?
A. Penetration tests are generally used to scan the network and identify open ports.
B. Penetration tests are generally used to map the network and grab banners.
C. Penetration tests are generally used to exploit a weakness without permission and show how
an attacker might compromise a system.
D. Penetration tests are generally used to demonstrate a weakness in a system and then provide
documentation on the weakness. |
|
Definition
|
|
Term
QUESTION NO: 99
Which of the following should a technician review when a user is moved from one department to
another?
A. User access and rights
B. Data storage and retention policies
C. Users group policy
D. Acceptable usage policy |
|
Definition
|
|
Term
QUESTION NO: 100
Which of the following is a reason to implement security logging on a DNS server?
A. To monitor unauthorized zone transfers
B. To measure the DNS server performance
C. To perform penetration testing on the DNS server
D. To control unauthorized DNSDoS |
|
Definition
|
|
