• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/833

Click to flip

833 Cards in this Set

  • Front
  • Back
You work as the security administrator at TestKing.com. One morning you discover that
a user named Mia Hamm has used her user account to log on to a network server. Mia has
then executed a program and been able to perform operations which only a network
administrator or security administrator should be able to. What type of attack has
occurred?
Privilege escalation attack
Which of the following attacks are being referred to if someone is accessing your e-mail server and sending inflammatory information to others?
Repudiation Attack
Which security management model works on the basis that all new privilege assignments
and privilege assignment modifications made to existing privileges are performed through
one governing group?
Centralized security management model
What does the MAC access control model use to identify the users who have permissions
to a resource?
Predefined access privileges.
An attack in which a user logs into a server with his user account, executes a program and
then performed activities only available to an administrator is an example of which of the
following?
Privilege escalation
You work as the security administrator at TestKing.com. One morning you discover that
a user named Mia Hamm has used her user account to log on to a network server. Mia has
then executed a program and been able to perform operations which only a network
administrator or security administrator should be able to. What type of attack has
occurred?
Privilege escalation attack.
Choose the statement which best defines the characteristics of a computer virus.
A computer virus is a replication mechanism, activation mechanism and has an
objective.
Which description is correct about an application or string of code that could not
automatically spread from one system to another but is designed to spread from file to
file?
Virus
To which of the following viruses does the characteristic when the virus may attempt to
infect your boot sector, infect all of your executable files, and destroy your applications
files form part of?
Multipartite Virus
To which of the following viruses does the characteristic when the virus may attempt to
infect your boot sector, infect all of your executable files, and destroy your applications
files form part of?
Multipartite Virus
Which of the following should be scanned for viruses?
Executable files.
Which of the following would be considered a detrimental effect of a virus hoax? (Select
TWO).
Users are tricked into changing the system configuration.
Technical support resources are consumed by increased user calls.
To which of the following viruses does the characteristic when the virus attacks your
system, display a message on your computer, and delete files on your system form part
of?
Polymorphic Virus
Which of the following definitions should BEST suit the functions of an e-mail server?
Detect the viruses in the messages received from various sources and send warnings to
the recipient to warn him/her of the risky mail.
By which means do most network bound viruses spread?
E-mail
To which of the following viruses does the characteristic when the virus will attempt to
avoid detection by masking itself from applications. It may attach itself to the boot sector
of the hard drive, form part of?
Stealth Virus
What is the main reason why e-mail security concepts do not work?
The workers lack of interest in updating virus definitions
Which of the following definitions should BEST suit the functions of an e-mail server?
Detect the viruses in the messages received from various sources and send warnings to
the recipient to warn him/her of the risky mail.
To which of the following viruses does the characteristic when the virus will attempt to
avoid detection by masking itself from applications. It may attach itself to the boot sector
of the hard drive, form part of?
Stealth Virus
What is a piece of malicious code that has no productive purpose but can replicate itself and exist only to damage computer systems or create further vulnerabilities called?
Virus
Which of the following is used to describe an autonomous agent that copies itself into one
or more host programs, then propagates when the host is run?
Virus
What is a program that can infect other programs by modifying them to include a version
of it called?
Virus
What type of virus can hides itself by intercepting disk access requests?
Stealth.
By which means do most network bound viruses spread?
E-mail
Which of the following types of malicious software travels across computer networks
without requiring a user to distribute the software?
Worm
Choose the statement that best details the difference between a worm and a Trojan horse?
Worms self replicate while Trojan horses do not.
Which of the following types of programs autonomously replicates itself across
networks?
Worm
Which of the following is the major difference between a worm and a Trojan horse?
Worms are self replicating while Trojan horses are not.
Which of the following can distribute itself without using a host file?
Worm.
Which malicious software can be transmitted across computer networks without user
intervention?
A worm can be transmitted without user intervention.
Identify the malicious software that can be transmitted across computer networks without
needing a client to distribute the software?
A Worm can be transmitted across computer networks without needing a client to
distribute software.
Which program replicate independently across networks?
Worm will replicate independently.
Identify the malicious code that does not need human involvement to install itself and to
spread?
A Worm does not need human involvement.
Which of the following types of programs autonomously replicates itself across
networks?
Worm
A user downloads and installs a new screen saver and the program starts to rename and
delete random files. Which of the following would be the BEST description of this
program?
Trojan horse
What is an application that appears to perform a useful function but instead contains
some sort of malicious code called?
Trojan Horse
What is a piece of code that appears to do something useful while performing a harmful
and unexpected function like stealing passwords called?
Trojan horse
What is a program that appears to be useful but contains hidden code that allows
unauthorized individuals to exploit or destroy data is commonly known?
A Trojan horse
What is happening when a user downloads and installs a new screen saver and the
program starts to rename and delete random files?
This program illustrates a Trojan horse.
Identify the malicious code that enters the system via a freely distributed game that is
purposely installed and played?
It can enter a system by means of a Trojan horse.
Which one of the following is not Bluetooth threat?
a smurf attack.
Given: John is a network administrator. He advises the server administrator of his
company to implement whitelisting, blacklisting, closing-open relays and strong
authentication techniques.
Question: Which threat is being addressed?
Spam
An SMTP server is the source of email spam in an organization. Which of the following
is MOST likely the cause?
Anonymous relays have not been disabled.
Spam is considered a problem even when deleted before being opened because spam:
wastes company bandwidth
Which of the following are techniques typically used by spammers?
Harvesting email addresses from web sites.
Randomizing the subject line of emails.
A security specialist with a large company has seen an increase in the number of spam
emails. A user tells the specialist that even though the user has unsubscribed from the
lists, the problem seems to be worsening. Which of the following would be a possible
cause?
Unsubscribe requests confirm email addresses.
An SMTP server is the source of email spam in an organization. Which of the following
is MOST likely the cause?
Anonymous relays have not been disabled.
Why is spam regard as a problem when deleted prior to opening it?
Spam waste several company bandwidth.
Which techniques are used by spammers? (Choose TWO)
Spammers harvest e-mail addresses from web sites.
The subject line of e-mails is randomized.
Which one of the following options will permit an attacker to hide the presence of
malicious code through altering the systems process and registry entries?
Rootkit
Which scanner can find a rootkit?
Malware scanner
Which programs and codes will permit an untraceable presence on a system with
administrative rights?
A Rootkit will illustrate the set of programs and codes.
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS
attack) is an attempt to make a computer resource unavailable to its intended users.
Which method can be used to perform denial of service (DoS) attacks?
Botnet
Malicious code that enters a target system, lays dormant until a user opens the certain
program then deletes the contents of attached network drives and removable storage
devices is known as a:
logic bomb
For the following items, which is an example of an attack that executes once a year on a
certain date?
Logic bomb
What type of program will record system keystrokes in a text file and e-mail it to the
author, and will also delete system logs every five days or whenever a backup is
performed?
Logic bomb.
The system administrator of the company has resigned. When the administrator's user ID
is deleted, the system suddenly begins deleting files. What type of malicious code is this?
Logic bomb
Identify the malicious code that enters a system and stay inactive until a user opens that
particular program then starts to delete the contents of attached network drives and
removable storage devices?
The malicious code is known as logic bomb.
In computing, the Basic Input/Output System (BIOS) , also known as the System BIOS, is a de facto standard defining a firmware interface for IBM PC Compatible computers. A user is concerned with the security of their laptops BIOS. The user would not like anyone to be able to access control functions except themselves. Which of the following could make the BIOS more secure?
Password
Which threat is increased by the availability of portable external storage such as USB
hard drives to networks?
Removal of sensitive and PII data
Users are using thumb drives to connect to USB ports on company workstations. A
technician is concerned that sensitive files can be copied to the USB drives. Which
mitigation technique would address this concern? (Select TWO).
Disable the USB root hub within the OS.
Disable USB within the workstations BIOS.
A Faraday cage or Faraday shield is an enclosure formed by conducting material, or by a
mesh of such material. Such an enclosure blocks out external static electrical fields.
Faraday cages are named after physicist Michael Faraday, who built one in 1836. Which
of the following would a Faraday cage prevent usage of?
Cell phone
Which security policy will be most likely used while attempting to mitigate the risks
involved with allowing a user to access company email via their cell phone?
The cell phone should require a password after a set period of inactivity.
What should you do to lessen the risks involved with permitting a user to access TestKing
e-mail via their cell phones?
You should ensure that the cell phone information is encrypted according to the NIST
standards.
Which of the following types of removable media is write-once and appropriate for archiving security logs?
CD-R
Identify the primary security risk linked with removable storage?
Continuity security risk.
Which of the following would be an example of a hardware device where keys can be
stored? (Select TWO).
PCMCIA card.
Smart card.
Which of the following authentication methods increases the security of the
authentication process because it must be in your physical possession?
Smart Cards.
Choose the option that best defines what a hotfix is?
It is a not fully tested software fix which addresses a specific issue(s) being
experienced by certain customers.
Which of the following is the BEST place to obtain a hotfix or patch for an application or
system?
The manufacturer's website
Which of the following is an installable package that includes several patches from the
same vendor for various applications?
Service pack
What are best practices while installing and securing a new system for a home user?
(Select THREE).
Apply all service packs.
Apply all system patches.
Use a strong firewall.
What is an installable package that encompasses of numerous patches from the same
vendor for different applications called?
A Service pack is an installable package.
Which description is correct about a way to prevent buffer overflows?
Apply all security patches to workstations.
Which method can be used to correct a single security issue on a workstation?
A patch
To reduce vulnerabilities on a web server, an administrator should adopt which of the
following preventative measures?
Apply the most recent manufacturer updates and patches to the server.
Which security threat will affect PCs and can have its software patched remotely by a
command and control center?
Zombie
Patch management must be combined with full-featured systems management to be
effective. Determining which patches are needed, applying the patches and which of the
following are three generally accepted activities of patch management?
Auditing for the successful application of the patches
Which of the following are components of host hardening? (Select TWO).
Applying patches.
Disabling unnecessary services.
Which of the following is the primary method of performing network hardening?
Disable any unnecessary ports and services.
Which of the following would be the MOST important reason to apply updates?
Software is inherently insecure and as new vulnerabilities are found the vulnerabilities
must be fixed.
A graphical user interface (GUI) is a type of user interface which allows people to interact
with electronic devices such as computers; hand-held devices such as MP3 Players,
Portable Media Players or Gaming devices; household appliances and office equipment.
Which of the following will allow a technician to restrict a user accessing to the GUI?
Group policy implementation
Which goals can be achieved by use of security templates? (Select TWO).
To ensure that servers are in compliance with the corporate security policy.
To ensure that all servers start from a common security configuration
Which of the following BEST describes the baseline process of securing devices on a
network infrastructure?
Hardening
The first step in creating a security baseline would be:
creating a security policy
Which item specifies a set of consistent requirements for a workstation or server?
Configuration baseline
Which description is correct about the standard load for all systems?
Configuration baseline
Operating system hardening essentially means securing the operating system. Which of
the following is not a method, specific for securing the operating system?
Use encryption to protect the transfer of sensitive information, and ensure that
encryption is enabled between the server and client.
When a new network device is configured for first-time installation, which of the
following is a security threat?
Use of default passwords
Which of the following is a security reason to implement virtualization throughout the
network infrastructure?
To isolate the various network services and roles
Which of the following will require setting a baseline? (Select TWO).
Anomaly-based monitoring.
Behavior-based monitoring.
Non-essential services are often appealing to attackers because non-essential services:
(Select TWO)
sustain attacks that go unnoticed.
are not typically configured correctly or secured.
When defining methods to secure and monitor servers, which of the following statements
are FALSE?
Use motion alarms and tracking equipment to better secure your servers.
While reviewing the running services on a production server, an unknown service is
observed. Which of the following actions should be taken?
Investigate the service and determine whether the service is necessary.
Which of the following types of publicly accessible servers should have anonymous
logins disabled to prevent an attacker from transferring malicious data?
FTP
Which action should be performed to harden workstations and servers?
Install only needed software.
Which of the following would be the BEST reason to disable unnecessary services on a
server?
Attack surface and opportunity for compromise are reduced
Which of the following would be BEST to do when network file sharing is needed?
(Select TWO).
Set a disk quota.
Place the share on a different volume than the operating system.
A technician is helping an organization to correct problems with staff members
unknowingly downloading malicious code from Internet websites. Which of the
following should the technician do to resolve the problem?
Disable unauthorized ActiveX controls
Which of the following definitions BEST suit ActiveX?
It allows customized controls, icons, and other features to increase the usability of web
enabled systems
With which privileges are ActiveX control executed?
Current user account
Which of the following is responsible for displaying an install dialog box for an ActiveX component?
The user's browser setting.
Which of the following definitions BEST suit Java Applet?
The client browser must have the ability to run Java applets in a virtual machine on the
client
Which of the following definitions BEST suit Java Applet?
The client browser must have the ability to run Java applets in a virtual machine on the
client
The concept that a web script is run in its own environment and cannot interfere with any
other process is known as a:
sandbox
Which of the following web vulnerabilities is being referred to when it's an older form of scripting that was used extensively in early web systems?
CGI
Which of the following would be an easy way to determine whether a secure web page
has a valid certificate?
Right click on the lock at the bottom of the browser and check the certificate
information
The MOST common exploits of Internet-exposed network services are due to:
buffer overflows
Which of the following definitions BEST suit Buffer Overflow?
It receives more data than it is programmed to accept.
Which one of the following options overwrites the return address within a program to
execute malicious code?
Buffer overflow
Which of the following describes a server or application that is accepting more input than
the server or application is expecting?
Buffer overflow
Which of the following can affect heaps and stacks?
Buffer overflows
Which of the following web vulnerabilities is being referred to when it receives more data
than it is programmed to accept?
Buffer Overflows.
Which of the following is a common type of attack on web servers?
Buffer overflow
What exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node.
Buffer overflow
Which of the following occurs when a string of data is sent to a buffer that is larger than
the buffer was designed to handle?
Buffer overflow
Which of the following type of attacks exploits poor programming techniques and lack of
code review?
Buffer overflow
Which of the following is a DoS exploit that sends more traffic to a node than
anticipated?
Buffer Overflow
Identify common utilization of Internet-exposed network services?
Buffer overflows is a common utilization.
What results in poor programming techniques and lack of code review?
It can result in the Buffer overflow attack.
A server or application that accepts more input than the server or application is expecting
is known as:
It is known as a Buffer overflow.
Which of the following is a common type of attack on web servers?
Buffer overflow.
Which of the following is often misused by spyware to collect and report a user's
activities?
Tracking cookie
Which of the following can be used to track a user's browsing habits on the Internet?
Cookies
Which of the following can be used to retain connection data, user information, history of
sites visited, and can be used by attackers for spoofing an on-line identity?
Cookies.
Which of the following web vulnerabilities is being referred to when it has a feature
designed into many e-mail servers that allows them to forward e-mail to other e-mail
servers?
SMTP Relay
Which of the following would be the MOST common method for attackers to spoof
email?
Open relays
Which of the following is used to determine equipment status and modify the
configuration or settings of network devices?
SNMP
Which of the following ports does SMTP use?
25
Which of the following protocols is used to transmit e-mail between an e-mail client and an e-mail server?
Post Office Protocol, version 3 (POP3).
Which of the following protocols make use of port 25?
SMTP
The employees at a company are using instant messaging on company networked
computers. The MOST important security issue to address when using instant messaging
is that instant messaging:
communications are open and unprotected
With regards to the use of Instant Messaging, which of the following type of attack can
best be guarded against by user awareness training?
Social engineering
What makes Instant Messaging extremely insecure compared to other messaging
systems?
It is a peer-to-peer network that offers most organizations virtually no control over it.
Which of the following is the greatest vulnerability of using Instant Messaging clients?
Hostile code delivered by file transfer.
Which of the following is the biggest problem associated with Instant Messaging?
It was created without security in mind.
Which of the following is Instant Messaging most vulnerable to?
sniffing.
TestKing.com makes use of instant messaging in the environment. What is a vital security
issue that should be addressed when using instant messaging?
You should address the fact that instant messaging communications are open and
unprotected.
A peer-to-peer computer network uses diverse connectivity between participants in a
network and the cumulative bandwidth of network participants rather than conventional
centralized resources where a relatively low number of servers provide the core value to a
service or application. Which of the following is a security risk while using peer-to-peer
software?
Data leakage
Which of the following programming techniques should be used to prevent buffer
overflow attacks?
Input validation
Your company's website permits customers to search for a product and display the current
price and quantity available of each product from the production database. Which of the
following will invalidate an SQL injection attack launched from the lookup field at the
web server level?
Input validation
Determine the programming method you should use to stop buffer overflow attacks?
You should make use of Input validation.
Which practice can best code applications in a secure manner?
Cross-site scripting
Identify the type of attack that CGI scripts are vulnerable to?
It is vulnerable to Cross site scripting.
After installing new software on a machine, what needs to be updated to the baseline?
Behavior-based HIDS
Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS)
are methods of security management for computers and networks. A HIDS is installed to
monitor which of following?
System files
While monitoring application activity and modification, which system should be used?
HIDS
While hardening an operating system, which item is LEAST effective?
Installing HIDS
Which of the following can be used by a technician to detect staff members that are
connecting to an unauthorized website?
C HIDS
A host-based IDS system can perform a number of monitoring and intrusion detection
activities which a network IDS cannot. Choose the one that does not apply?
Can see information within encrypted tunnels.
A companys security' specialist is securing a web server that is reachable from the
Internet. The web server is located in the core internal corporate network. The network
cannot be redesigned and the server cannot be moved. Which of the following should the
security specialist implement to secure the web server? (Select TWO).
Host-based IDS.
Host-based firewall.
A misuse-detection IDS is mainly focused on which of the following?
Isolating attacks based on attack signatures and audit trails.
Which IDS response type(s) only collects information on the attack and reports it?
Passive response method
When a network-based IDS detects a suspicious event, it can perform a number of
actions. Which of the following does not apply?
Can log the offending user off the system and disable the user account.
Of the intrusion detection capabilities listed below, which is FALSE for a network based
IDS system?
A network based IDS system can detect dial-in intrusions and attempts to physically
access the server.
Which of the following types of IDS should be implemented to monitor traffic on a
switch? (Select TWO).
Network Based Passive.
Network Based Active.
Which of the following is a popular network IDS system?
Snort
Of the different IDS types and analysis methods, which of the following is considered the
simplest IDS system to implement?
Pattern matching network-based IDS.
When discussing IDS systems, of the list of responses below, which is not an active
response?
Shunning
Which of the following IDS response methods should be used if you want the IDS to
instruct the firewall to block sockets and ports that are sending offensive traffic?
Network Configuration changes
What does certain HIDS utilities consider to detect system security related irregularities?
A file hashing snapshot comparison is considered by certain HIDS.
On a company's LAN, port 3535 is typically blocked for outbound traffic. An end-user
has recently purchased a legitimate business program that needs to make outbound calls
through this port Which step should be taken by a technician to allow this? (Select
TWO).
Open the port on the user's personal software firewall.
Open the port on the company's firewall.
John works as a network administrator for his company. On the monthly firewall log, he
discovers that many internal PCs are sending packets on a routine basis to a single
external PC. Which statement correctly describes what is happening?
The remote PC has a zombie master application running and the local PCs have a
zombie slave application running.
Why malware that uses virtualization techniques is difficult to detect?
The malware may be running at a more privileged level than the antivirus software.
To aid in preventing the execution of malicious code in email clients, which of the
following should be done by the email administrator?
Spam and anti-virus filters should be used
A finance manager in an organization notices that staff phone bills are excessive. Upon
further examination of the bill, it appears some of the staff has been sending over 5,000
text messages a day to what appears to be random numbers. Which of the following is the
BEST way to prevent this problem?
Install antivirus software on mobile phones.
A manager reports that users are receiving multiple emails from the account of a user who
no longer works for the company. Which of the following would be the BEST way to
determine whether the emails originated internally?
Review anti-virus logs on the former employee's computer
When does your antivirus software scan your e-mails for possible viruses?
While receiving
What is used by anti-virus software to detect unknown viruses?
Heuristic analysis is used to detect unknown viruses.
Users on a network report that they are receiving unsolicited emails from the same email
address. Which action should be performed to prevent this from occurring?
Install an anti-spam filter on the domain mail servers and filter the email address.
Look at the following items, which one usually applies specifically to a web browser?
Pop-up blocker
Which of the following is MOST effective in preventing adware?
Pop-up blocker
Why do security researchers often use virtual machines?
To offer an environment where malware can be executed with minimal risk to
equipment and software
Virtualized applications, such as virtualized browsers, can protect the underlying
operating system from which of the following?
Malware installation from suspects Internet sites
In computing, virtualization is a broad term that refers to the abstraction of computer
resources. Which is a security reason to implement virtualization throughout the network
infrastructure?
To isolate the various network services and roles
What technology is able to isolate a host OS from some types of security threats?
Virtualization
For the following items, which is a security limitation of virtualization technology?
If an attack occurs, it could potentially disrupt multiple servers.
Which technology is able to isolate a host OS from some types of security threats?
Virtualization
You work as a network technician. You have been asked to reconstruct the infrastructure
of an organization. You should make sure that the virtualization technology is
implemented securely. What should be taken into consideration while implementing
virtualization technology?
The technician should verify that the virtual servers and the host have the latest service
packs and patches applied.
Which of the following are nonessential protocols and services?
TFTP (Trivial File Transfer Protocol).
Which of the following statements are true regarding FTP Connections?
FTP is a protocol, a client, and a server.
Which one of the following File Transfer Protocol does the statement "FTP is a protocol,
a client, and a server" refer to?
FTP Connections
You work as the security administrator at TestKing.com. You are investigating the
consequences of networks attacks aimed at FTP servers. Which of the following states the
aim of a FTP (File Transfer Protocol) bounce attack?
The attack aims to establish a connection between the FTP server and another
computer.
Which of the following are nonessential protocols and services?
NetBios services
Which of the following attacks are being referred to if it was regarded as a benign
protocol that was incapable of very much damage?
ICMP Attacks
From the listing of attacks, which uses either improperly formatted MTUs (Maximum
Transmission Unit) or the ICMP (Internet Control Message Protocol) to crash the targeted
network computer?
A Ping of Death attack
Nmap has been run against a server and more open ports than expected have been discovered. Which of the following would be the FIRST step to take?
The process using the ports should be examined.
Which of the following definitions refers to X.500?
It was implemented by the International Telecommunications Union (ITU).
Which of the following would originally link UNIX systems together in a dial-up
environment?
SLIP (Serial Line Internet Protocol)
Which of the following protocols are not recommended due to them supplying passwords and information over the network?
SNMP (Simple Network Management Protocol).
Which of the following attacks are being referred to if the attack involves the attacker
gaining access to a host in the network and logically disconnecting it?
TCP/IP Hijacking
Choose the figure which represents the number of ports in the TCP/IP (Transmission
Control Protocol/Internet Protocol) which are vulnerable to being scanned, attacked, and
exploited.
65,535 ports
Identify the item that can determine which flags are set in a TCP/IP handshake?
Protocol analyzer
IPSec works at which of the following layers of the TCP/IP model?
Network
Which of the below options would you consider as a program that constantly observes
data traveling over a network?
Sniffer
Which of the following concepts involve using a network sniffer to acquire evidence, and
gathering the relevant data on intrusions from sources such as the hard disk, RAM,
system cache?
Collecting evidence
Choose the protocol that is most vulnerable to packet sniffing attacks aimed at
intercepting username and password information.
FTP (File Transfer Protocol)
From the listing of attacks, choose the attack which exploits session initiation between a
Transport Control Program (TCP) client and server within a network?
SYN attack
From the listing of attacks, choose the attack which misuses the TCP (Transmission
Control Protocol) three-way handshake process, in an attempt to overload network
servers, so that authorized users are denied access to network resources?
SYN (Synchronize) attack
Which of the following attacks are being referred to if packets are not
connection-oriented and do not require the synchronization process?
UDP Attack
Which of the following options is the correct sequence for the TCP Three-Way
Handshake?
Host A, SYN, SYN/ACK, ACK, Host B
Which of the following protocols suites are responsible for IP addressing?
IP
Which of the following common attacks would the attacker capture the user's login
information and replay it again later?
Spoofing
Which of the following attacks can be mitigated against by implementing the following
ingress/egress traffic filtering?
* Any packet coming into the network must not have a source address of the internal
network.
* Any packet coming into the network must have a destination address from the internal
network.
* Any packet leaving the network must have a source address from the internal network.
* Any packet leaving the network must not have a destination address from the internal
networks.
* Any packet coming into the network or leaving the network must not have a source or
destination address of a private address or an address listed in RFC19lS reserved space.
spoofing
In which of the following attacks does the attacker pretend to be a legitimate user?
Spoofing
Which of the attacks can involve the misdirection of the domain name resolution and
Internet traffic?
Spoofing
You are the network administrator at TestKing.com. You discover that your domain name
server is resolving the domain name to the wrong IP (Internet Protocol) address and thus
misdirecting Internet traffic. You suspect a malicious attack. Which of the following
would you suspect?
Spoofing
You are the security administrator at TestKing.com. You detect intruders accessing your internal network. The source IP (Internet Protocol) addresses originate from trusted networks. What type of attack are you experiencing?
spoofing
You are the security administrator at TestKing.com. You detect intruders accessing your internal network. The source IP (Internet Protocol) addresses originate from trusted networks. What type of attack are you experiencing?
spoofing
Which of the following is the best defense against IP (Internet Protocol) spoofing attacks?
Applying ingress filtering to routers.
Nmap has been run against a server and more open ports than expected have been
discovered. Which of the following would be the FIRST step to take?
The process using the ports should be examined.
Which of the following network attacks cannot occur in an e-mail attack?
Dictionary attack
The CEO of your company is worrying about staff browsing inappropriate material on the Internet via HTTPS. Your company is advised to purchase a product which can decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing. Which type of attack is similar to this product?
Man-in-the-middle
Which of the following definitions would be correct regarding Active Inception?
Placing a computer system between the sender and receiver to capture information.
In which of the following does someone use an application to capture and manipulate
packets as they are passing through your network?
Man in the Middle
Which of the following is the best defense against man in the middle attacks?
Strong encryption
Which of the following types of attacks is BEST described as an attacker capturing part
of a communication and later sending that communication segment to the server while
pretending to be the client?
Replay
When an attacker captures part of a communication and later sends the communication
segment to the server whilst pretending to be the user it is known as a:
It is known as the Replay attack.
One type of network attack sends two different messages that use the same hash function
to generate the same message digest. Which network attack does this?
Birthday attack.
One of the below options are correct regarding the DoS (Denial of Service) attack?
Prevention access to resources by users authorized to use those resources.
Which of the following is a DoS (Denial of Service) attack that exploits TCP's
(Transmission Control Protocol) three-way handshake for new connections?
SYN (Synchronize) flood.
Which of the following is a security breach that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?
DoS (Denial of Service)
Which of the following is a possible technical impact of receiving large quantifies of
spam?
DoS (Denial of Service).
One of the below options are correct regarding the DDoS (Distributed Denial of Service)
attack?
Use of multiple computers to attack a single organization
Which one of the following options is an attack launched from multiple zombie machines
in attempt to bring down a service?
DDoS
Which of the following is most common method of accomplishing DDoS (Distributed Denial of Service) attacks?
Multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router.
Identify the attack that targets a web server if numerous computers send a lot of FIN
packets at the same time with spoofed source IP addresses?
This attack is known as DDoS.
How can you determine whether the workstations on the internal network are functioning
as zombies participating in external DDoS attacks?
You should use Firewall logs to confirm the suspicion.
You configure a computer to act as a zombie set in order to attack a web server on a
specific date. What would this contaminated computer be part of?
The computer is part of a DDoS attack.
What is used in a distributed denial of service (DDOS) attack?
DDOS makes use of Botnet.
What can result in DDoS?
Privilege escalation can result in a DDoS.
Study the following items carefully, which one will permit a user to float a domain
registration for a maximum of five days?
Kiting
In computing, a Uniform Resource Locator (URL) is a type of Uniform Resource
Identifier (URI) that specifies where an identified resource is available and the
mechanism for retrieving it. When a user attempts to go to a website, he notices the URL
has changed, which attack will MOST likely cause the problem?
DNS poisoning
You receive numerous complaints from users stating that they are rerouted to a protest
webpage when the attempt to access the company web page on the Internet. What is the
reason for this occurrence?
It is most likely DNS Poisoning.
For the following options, which is an area of the network infrastructure that allows a
technician to put public facing systems into it without compromising the entire
infrastructure?
DMZ
Which of the following is employed to allow distrusted hosts to connect to services inside
a network without allowing the hosts direct access to the internal networks?
Demilitarized zone (DMZ)
Which of the following portions of a company's network is between the Internet and an
internal network?
Demilitarized zone (DMZ)
For referring to an intranet, which of the following terms does not apply?
A demilitarized zone (DMZ)
What is the BEST model to consider with regards to a secured Email infrastructure?
Email proxy in the DMZ and Email server in the internal network.
What is the area in which a system administrator would place the web server to isolate it
from other servers on the network called?
DMZ (Demilitarized Zone)
Which of the following best describes a DMZ (Demilitarized Zone)?
A network between a protected network and an external network in order to provide an
additional layer of security.
Which of the following would be placed in a DMZ (Demilitarized Zone)?
A FTP (File Transfer Protocol) server
QUESTION NO: 9
Which of the following is the general philosophy behind a DMZ?
Any system on the DMZ can be compromised because it's accessible from the Internet.
What should you implement to permit suspicious hosts connecting to services inside a
network without permitting the hosts direct access to the internal networks?
This can be accomplished by employing Demilitarized zone (DMZ).
Determine the segments between the Internet and an internal network?
The Demilitarized zone (DMZ) is between the Internet and an internal network.
How can a demilitarized zone (DMZ) network segment be created?
It can be created by using two firewalls.
You are the network administrator at TestKing.com. The company network contains a
web server that has to be available by remote users, partners and users. Identify the best
location for the web server?
The Demilitarized zone (DMZ) is the best location for the web server.
What is used to securely house public facing servers between the Internet and the local
network?
Demilitarized zone (DMZ) is a semi-trusted location.
A company wants to implement a VLAN. Senior management believes that a VLAN will
be secure because authentication is accomplished by MAC addressing and that dynamic
trunking protocol (DTP) will facilitate network efficiency. Which of the following issues
should be discussed with senior management before VLAN implementation?
MAC addresses can be spoofed and DTP allows rogue network devices to configure ports
A compromise of which device could result in a VLAN being compromised?
Switch
You work as the security administrator at TestKing.com. You must ensure that internal
access to other parts of the network is controlled and restricted. The solution which you
implement to restrict network access must be hardware based. You also want to use the
least amount of administrative effort to accomplish your task.
How will you accomplish the task?
Deploy a VLAN (Virtual Local Area Network) Deploy.
You contemplate on implementing VLAN on the company network. Management
believes that a VLAN will be secure since authentication is accomplished by MAC
addressing and dynamic trunking protocol (DTP) will facilitate network efficiency.
Identify the issues that need to be discussed prior to implementing VLAN?
You should inform management that MAC addresses can be spoofed and DTP permits
rogue network devices in order to configure ports.
Which of the following can be used to mitigate against sniffers and decrease broadcast
traffic?
VLAN (Virtual Local Area Network)
You work as the network administrator at TestKing.com. You want to restrict internal access to other parts of the network. Your solution will be hardware based and must be implemented with the least amount of administrative effort. Which of the following would be your best solution?
Implement a VLAN (Virtual Local Area Network) to restrict network access.
Which statement best describes a static NAT?
A static NAT uses a one to one mapping.
Which of the following could cause communication errors with an IPSec VPN tunnel
because of changes made to the IP header?
NAT
In computer networking, network address translation (NAT) is the process of modifying
network address information in datagram packet headers while in transit across a traffic
routing device for the purpose of remapping a given address space into another. Which
description is true about a static NAT?
A static NAT uses a one to one mapping.
On which of the following devices would you not implement NAT?
Switch
Which of the following could cause communication errors with an IPSec VPN tunnel
because of changes made to the IP header?
NAT
Of the technologies used to create a less vulnerable system, which technology can be
implemented in a firewall, router, workstation or server computer; and translates the
internal IP address range to an external IP address or address range?
Network address translation (NAT)
Which type of NAT configuration maps a range of internal IP addresses to a range of
external IP address?
Dynamic NAT
Overloading NAT allows the organization to use publicly assigned IP addresses over the
Internet that is different from its private IP addresses. To do this, which type of mapping
is performed by Overloading NAT?
Maps multiple internal IP addresses to one external IP address by employing a
port-based mapping method.
After auditing file, which log will show unauthorized usage attempts?
Security
Which of the following can be used to accomplish NAT (Network Address Translation)?
Static and dynamic NAT (Network Address Translation) and PAT (Port Address
Translation).
When connecting a network to the Internet, which of the following will ensure that the
internal network IP (Internet Protocol) addresses are not compromised?
A NAT (Network Address Translation).
Which of the following is MOST often used to allow a client or partner access to a
network?
Extranet
Fiber optic cable is considered safer than CAT5 because fiber optic cable: (Select TWO).
is hard to tap in to.
is not susceptible to interference.
Which of the following measures can be used to secure twisted-pair cable networks from
eavesdropping?
Protect the physical cables.
Protect all critical network segments that connect hubs and switches, and provide
connectivity to routers and servers.
Check your network cable infrastructure regularly.
Which of the following access attacks would involve listening in on someone's network?
Eavesdropping
Which media is LEAST susceptible to a tap being placed on the line?
Fiber
Fiber optic cable is considered safer than CAT5 because fiber optic cable: (Select TWO).
is hard to tap in to.
is not susceptible to interference.
A company wants to connect the network to a manufacturer's network to be able to order
parts. Which of the following types of networks should the company implement to
provide the connection while limiting the services allowed over the connection?
Extranet
Which of the combinations here can be used to create an extranet?
All of the above configurations
Which of the following access attacks would involve listening in on someone's network?
Eavesdropping
Which media is LEAST susceptible to a tap being placed on the line?
Fiber
Fiber optic cable is considered safer than CAT5 because fiber optic cable because:
is hard to tap into.
is not susceptible to interference.
A company wants to connect the network to a manufacturer's network to be able to order
parts. Which of the following types of networks should the company implement to
provide the connection while limiting the services allowed over the connection?
Extranet
Which of the combinations here can be used to create an extranet?
Two intranets.
One intranet and one perimeter network.
Security for the extranet security zone can include a number of strategies. Choose the one
that does not apply.
Use host-based firewalls for computers that contain confidential data
A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used?
Switch
An enclosure that prevents radio frequency signals from emanating out of a controlled
environment is BEST described as which of the following?
Faraday cage
A software or hardware device that allows only authorized network traffic in or out of a
computer or network is called a:
firewall
QUESTION NO: 15
The concept that a web script is run in its own environment and cannot interfere with any
other process is known as a:
sandbox
Which of the following sabotage methods can bring down an entire bus topology coaxial
network?
Physical removal of a terminator
Which of the following security topologies is a dual-homed device used to connect the outside network with the inside network. This would also be one of the first devices where public traffic arrives, and where specialized software defines which types of traffic are allowed to pass through?
Bastion host.
Which of the following should be considered when subnetting is performed? (Select
TWO).
The number of networks.
The number of hosts.
A security administrator tasked with confining sensitive data traffic to a specific subnet
would do so by manipulating privilege policy based tables in the network's:
router
Tom is a network technician of his company. Now, he is making a decision between
implementing a HIDS on the database server and implementing a NIDS. Why NIDS may
be better to implement? (Select TWO).
Many HIDS have a negative impact on system performance.
Many HIDS are not able to detect network attacks.
The NIC should be placed in which mode to monitor all network traffic while placing a
NIDS onto the network?
Promiscuous
Which of the following definitions would be correct regarding Passive Inception?
Involve someone who routinely monitors network traffic
A company implements an SMTP server on their firewall. This implementation would
violate which of the following security principles?
Use a device as intended
In computing, a stateful firewall (any firewall that performs stateful packet inspection
(SPI) or stateful inspection) is a firewall that keeps track of the state of network
connections (such as TCP streams, UDP communication) traveling across it. You have
been studying stateful packet inspection and want to perform this security technique on
the network. Which device will you use to BEST utilize stateful packet inspection?
Firewall
Which of the following types of firewalls provides inspection at layer 7 of the OSI
model?
Application-proxy
Which of the following CANNOT be performed by a proxy server?
Data encryption.
A large company wants to deploy an FTP server to support file transfers between business
customers and partners. Which of the following should the security specialist consider
before making these changes?
FTP transfers data in an unencrypted format.
A honeypot is used to:
allow administrators a chance to observe an attack.
Which if the following technologies would you use if you need to implement a system
that simulates a network of vulnerable devices, so that this network can be targeted by
attackers?
A honeypot
Which of the following security technologies cannot protect hosts from direct attacks, nor
can they resolve security issues?
A honeypot
With reference to locating honeypots, which of the following placement strategies
provides some benefit for attacks being initiated from within the company network?
Inside the private network
For the following items, which one is a collection of servers setup to attract hackers?
Honeynet
With reference to honeypots, which statement is FALSE?
Honeypots are usually more difficult to monitor than IDS systems and firewalls.
Internet filter appliances/servers will most likely analyze which three items? (Select
THREE).
Certificates.
URLs.
Content.
An organization needs to monitor all network traffic as it traverses their network. Which
item should be used by the technician?
Protocol analyzer
Which of the following is a protocol analyzer?
WireShark
Which of the following options would be the primary firewall to protect you from e-mail
viruses?
E-mail servers.
For the following items, which is a protocol analyzer?
WireShark
Which program permits a client to execute code with a higher level of security than what the client have access to?
Privilege escalation.
An attack in which a user logs into a server with his user account, executes a program and
then performed activities only available to an administrator is an example of which of the
following?
Privilege escalation
When using network monitoring systems to monitor workstations, which of the following
elements should be reviewed because their information could indicate a possible attack?
Network counters and access denied errors
Which of the following would allow an administrator to find weak passwords on the
network?
A rainbow table
An outside auditor has been contracted to determine whether weak passwords are being
used on the network. In order to achieve this goal, the auditor is running a password
cracker against the master password file. Which of the following is an example of this?
Vulnerability assessment
Which password management system best provides for a system with a large number of
users?
Self service password reset management systems
What is used to find weak passwords on the network?
A rainbow table will accomplish this.
Which item can be commonly programmed into an application for ease of administration?
Back door
Loki, NetCaZ, Masters Paradise and NetBus are examples of what type of attack?
back door
Which programming mechanism should be used to permit administrative access whilst
bypassing the usual access control methods?
It is known as a back door.
Which method is the easiest to disable a 10Base2 network?
Remove a terminator.
Coaxial cable is a cable consisting of an inner conductor, surrounded by a tubular
insulating layer typically made from a flexible material with a high dielectric constant, all
of which is then surrounded by another conductive layer (typically of fine woven wire for
flexibility, or of a thin metallic foil), and then finally covered again with a thin insulating
layer on the outside. Which is the primary security risk with coaxial cable?
Data emanation from the core
Why will a Faraday cage be used?
To mitigate data emanation
Which of the following statements best suits the wireless communication technology
ODFM?
Accomplishes communication by breaking the data into subsignals and transmitting
them simultaneously
Which of the following statements best suits the wireless communication technology
FHSS?
Accomplishes communication by hopping the transmission over a range of predefined
frequencies
Identify the utility used for wireless sniffing and war driving?
NetStumbler is used.
Which of the following do attackers most often use to identify the presence of an 801.11b
network?
War driving
The purpose of the SSID in a wireless network is to:
identify the network
To keep an 802.llx network from being automatically discovered, a user should:
turn off the SSID broadcast
How can you ensure that an 802.11x network is not discovered automatically?
This can be accomplished by turning off the SSID broadcast.
Which action should be performed when discovering an unauthorized wireless access point attached to a network?
Unplug the Ethernet cable from the wireless access point.
Which of the following would be MOST desirable when attacking encrypted data?
Weak key
The implicit deny will block anything you didn't specifically allow but you may have
allowed stuff that you don't need. A technician is reviewing the system logs for a firewall
and is told that there is an implicit deny within the ACL Which is an example of an
implicit deny?
Items which are not specifically given access are denied by default.
You work as the security administrator at TestKing.com. One morning you discover that clients can no longer navigate web sites which have been created for them. What is the most likely cause of the issue?
The incorrect permissions have been assigned for the web sites.
Giving each user or group of users only the access they need to do their job is an example
of which of the following security principals?
Least privilege
Which of the following access control principle dictates that every user be given the most
restricted privileges?
Least privilege
You work as the network administrator at TestKing.com. The company network consists
of a single location with one owner, one manager and five sales assistants. Which
inventory system permissions will best be supported with the least privilege principle for
the manager?
The Update rights inventory system permission will be the best option.
You implement a policy stating that users will only have access to the systems necessary to execute their tasks. What is this an example of?
It is an example of least privilege.
Identify the security principle where every user or groups only have access to accomplish
their daily tasks?
It is an example of least privilege.
Which of the following security principals entails the practice of providing each user only
the access they require to perform their job?
Least privilege
Which of the following methods, based on the separation of duties principle, involves
provisioning of at least two people for a task to enhance security, and also ensures that
multiple people are trained for each task?
Cross training
Which of the following best describes the term "separation of duties"?
Assigning different parts of tasks to different employees.
Determine the company policies that prevent collusion?
Separation of duties will stop collusion.
Job rotation will stop collusion.
In order to allow for more oversight of past transactions, a company decides to exchange
positions of the purchasing agent and the accounts receivable agent. Which is an example
of this?
Job rotation
The staff must be cross-trained in different functional areas in order to detect fraud.
Which of the following is an example of this?
Job rotation
Job rotation is a cross-training technique where organizations minimize collusion
amongst staff.
True
Which of the following access control models uses security labels that are attached to
every object?
Mandatory Access Control (MAC)
Choose the access control model that allows access control determinations to be
performed based on the security labels associated with each user and each data item.
MACs (Mandatory Access Control) method
Which of the following access decisions are based on a Mandatory Access Control
(MAC) environment?
Sensitivity labels
Which of the following statements regarding the MAC access control models is TRUE?
In the Mandatory Access Control (MAC) users cannot share resources dynamically.
What does the MAC access control model use to identify the users who have permissions
to a resource?
Predefined access privileges.
Which of the following access control models uses subject and object labels?
Mandatory Access Control (MAC)
Access controls based on security labels associated with each data item and each user are known as:
Mandatory Access Control (MAC)
Which of the following access control models refers to assigning sensitivity labels to the
user and the data?
Mandatory Access Control (MAC)
Which of the following statements regarding the MAC access control models is TRUE?
In the Mandatory Access Control (MAC) users cannot share resources dynamically.
Which access control system allows the system administrator to establish access
permissions to network resources?
MAC
Which access control method is centrally controlled and managed, where all access
capabilities are predefined and users have no influence on permissions, nor can users
share information that has not been previously defined by administrators?
Mandatory Access Control (MAC) method
Which of the following is FALSE for the MAC access method?
Users are allowed to change permissions or rights that are associated with objects.
Which of the following statements regarding access control models is FALSE?
The MAC model uses Access Control Lists (ACLs) to map a user's access permissions to a resource.
Which item will MOST likely permit an attacker to make a switch function like a hub?
MAC flooding
Identify the service provided by message authentication code (MAC) hash;
integrity
Which access control system allows the system administrator to establish access
permissions to network resources?
MAC
Which of the following is FALSE for the MAC access method?
Users are allowed to change permissions or rights that are associated with objects.
Which of the following statements regarding access control models is FALSE?
The MAC model uses Access Control Lists (ACLs) to map a user's access permissions
to a resource.
Which item will MOST likely permit an attacker to make a switch function like a hub?
MAC flooding
Identify the service provided by message authentication code (MAC) hash;
integrity
Which access control system allows the system administrator to establish access
permissions to network resources?
MAC
Which of the following is FALSE for the MAC access method?
Users are allowed to change permissions or rights that are associated with objects.
Which of the following statements regarding access control models is FALSE?
The MAC model uses Access Control Lists (ACLs) to map a user's access permissions
to a resource.
Which item will MOST likely permit an attacker to make a switch function like a hub?
MAC flooding
Identify the service provided by message authentication code (MAC) hash;
integrity
Which access control system allows the system administrator to establish access
permissions to network resources?
MAC
Who is responsible for establishing access permissions to network resources in the MAC
access control model?
The system administrator.
Choose the terminology or concept which best describes a (Mandatory Access Control)
model.
Lattice
Which of the following terms represents a MAC (Mandatory Access Control) model?
Lattice
Identify the access control model that makes use of security labels connected to the
objects?
You should make use of the Mandatory Access Control (MAC) model.
Identify the access decisions based on a Mandatory Access Control (MAC) environment?
Sensitivity labels are based on a Mandatory Access Control (MAC) environment.
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
Which access controls are based on security labels assigned to every data item and every
user?
You should identify Mandatory Access Control (MAC).
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
Which access controls are based on security labels assigned to every data item and every
user?
You should identify Mandatory Access Control (MAC).
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
Which access controls are based on security labels assigned to every data item and every
user?
You should identify Mandatory Access Control (MAC).
Which access controls are based on security labels assigned to every data item and every
user?
You should identify Mandatory Access Control (MAC).
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
Which access controls are based on security labels assigned to every data item and every user?
Mandatory Access Control (MAC).
What does the DAC access control model use to identify the users who have permissions to a resource?
Access Control Lists.
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
Which access controls are based on security labels assigned to every data item and every
user?
You should identify Mandatory Access Control (MAC).
Which access controls are based on security labels assigned to every data item and every user?
You should identify Mandatory Access Control (MAC).
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
Which access controls are based on security labels assigned to every data item and every
user?
You should identify Mandatory Access Control (MAC).
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
Which access controls are based on security labels assigned to every data item and every
user?
You should identify Mandatory Access Control (MAC).
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. This creates a security loophole for Trojan horse attacks.
Which access controls are based on security labels assigned to every data item and every
user?
You should identify Mandatory Access Control (MAC).
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
What model assigns sensitivity labels to users and their data?
You should identify the Mandatory Access Control (MAC) access control model.
Which access controls are based on security labels assigned to every data item and every
user?
You should identify Mandatory Access Control (MAC).
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw.
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for
Trojan horse attacks.
Which access control method gives the owner control over providing permissions?
Discretionary Access Control (DAC)
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
Who is responsible for establishing access permissions to network resources in the DAC
access control model?
The owner of the resource.
Which access control system allows the owner of a resource to establish access
permissions to that resource?
MAC
Which access control method allowsusers to have some level of flexibility on how
information is accessed, but at the expense of increasing the risk of unauthorized
disclosure of information?
Discretionary Access Control (DAC) method
A user is assigned access rights explicitly. This is a feature of which of the following ?
Discretionary Access Control (DAC)
Which access control model uses Access Control Lists to identify the users who have
permissions to a resource?
DAC
On the topic of the DAC (Discretionary Access Control) model, choose the statement(s)
which are TRUE.
All objects have an owner, and this owner has full control over that specific object.
Which of the following will restrict access to files according to the identity of the user or
group?
DAC
What does the DAC access control model use to identify the users who have permissions
to a resource?
Access Control Lists
With regard to DAC (Discretionary Access Control), which of the following statements
are true?
Each object has an owner, which has full control over the object.
A user is assigned access rights explicitly. This is a feature of which of the following
access control models?
Discretionary Access Control (DAC)
Which of the following best describes an access control mechanism that allows the data
owner to create and administer access control?
DACs (Discretionary Access Control)
How is access control permissions established in the RBAC access control model?
The role or responsibilities users have in the organization.
An organization has a hierarchical-based concept of privilege management with
administrators having full access, human resources personnel having slightly less access
and managers having access to their own department files only. This is BEST described
as:
Role Based Access Control (RBAC)
You work as the network administrator at Certkiller.com. The Certkiller.com network
uses the RBAC (Role Based Access Control) model. You must plan the security strategy
for users to access resources on the Certkiller.com network. The types of resources you
must control access to are mailboxes, and files and printers. Certkiller.com is divided into
distinct departments and functions named Finance, Sales, Research and Development,
and Production respectively. Each user has its own workstation, and accesses resources
based on the department wherein he/she works. You must determine which roles to create
to support the RBAC (Role Based Access Control) model.
Create Finance, Sales, Research and Development, and Production roles.
Which of the following access control models uses roles to determine access
permissions?
RBAC
How is access control permissions established in the RBAC access control model?
The role or responsibilities users have in the organization.
A security specialist for a large distributed network with numerous divisions is selecting
an access control model. Employees in the human resource division need access to
personnel information but not production data and operations employees need access to
production data only. Which of the following access control models would be MOST
appropriate?
Role Based Access Control (RBAC)
Which access control method would you need to implement if you want to use a group
management approach to defining access to company resources and data, so that you can
define access according to job function or responsibility?
Role-Based Access Control (RBAC) method.
Which of the following access control models uses roles to determine access
permissions?
RBAC
Which of the following statements is FALSE for role-based access control?
Group members cannot pass on rights and privileges to other users.
Which of the following best describes an access control mechanism in which access
control decisions are based on the responsibilities that an individual user or process has in
an organization?
RBAC (Role Based Access Control)
With regard to RBAC (Role Based Access Control), which of the following best
describes the relation between users, roles and operations?
Multiple users, multiple roles and multiple operations.
A technician is auditing the security posture of an organization. The audit shows that
many of the users have the ability to access the company's accounting information. Which
of the following should the technician recommend to address this problem?
Changing the user rights and security groups
Which of the following is a best practice for managing user rights and privileges?
Identify roles and objects to be accessed, create groups, and grant rights and privileges
based on groups.
Which of the following policies detail guidelines on the rights, privileges, and restrictions
for using company equipment and assets?
Access control
Which of the following types of authentication BEST describes providing a username,
password and undergoing a thumb print scan to access a workstation?
Multifactor
Which of the following statements are true regarding File Sharing?
When files are stored on a workstation, the connection is referred to as a peer-to-peer
connection.
An Auditing system is necessary to prevent attacks on what part of the system?
The files.
Which description is true about the process of securely removing information from media
(e.g. hard drive) for future use?
Sanitization
Which of the following can be used to implement a procedure to control inbound and
outbound traffic on a network segment?
ACL
In computer security, an access control list (ACL) is a list of permissions attached to an object. Which log will reveal activities about ACL?
Firewall
Which of the following security mechanisms can be used to control the flow of packets
traveling through routers?
ACL (Access Control List)
What should be identified to implement a procedure to control inbound and outbound traffic on a network segment?
This can be accomplished using ACL.
Which of the following associates users and groups to certain rights to use, read, write,
modify, or execute objects on the system?
ACL (Access Control List).
A graphical user interface (GUI) is a type of user interface which allows people to interact with electronic devices such as computers; hand-held devices such as MP3 Players, Portable Media Players or Gaming devices; household appliances and office equipment. Which of the following will permit a technician to restrict a user's access to the GUI?
Group policy implementation.
On the subject of security management models, identify the statement that is TRUE?
Decentralized security involves the process of assigning all new privileges through
multiple governing groups, located at different location.
Which of the following statements regarding password policy is FALSE?
Specifies the number of correct logon attempts permitted, prior to an account being
locked out of the system.
Which of the following types of publicly accessible servers should have anonymous
logins disabled to prevent an attacker from transferring malicious data?
FTP
Default passwords in hardware and software should be changed:
when the hardware or software is turned on.
Audit log information can BEST be protected by: (Select TWO).
recording to write-once media.
access controls that restrict usage.
Which of the following would be MOST useful in determining which internal user was
the source of an attack that compromised another computer in its network?
The target computer's audit logs.
Which of the following elements, included in password policy, defines the time duration
for which a locked out account remains locked out?
Account lockout duration
After the maximum number attempts have failed, which of the following could set an
account to lockout for 30 minutes?
Account lockout duration
Which of the following would be the BEST reason for certificate expiration?
Brute force techniques are likely to break the key if given enough time.
Which of the following statements is TRUE regarding the Security Token system?
If your token does not grant you access to certain information, that information will
either not be displayed or your access will be denied. The authentication system creates a
token every time a user or a session begins. At the completion of a session, the token is
destroyed.
Most key fob based identification systems use which of the following types of
authentication mechanisms? (Select TWO).
Token.
Username/password.
Your company has already implemented two-factor authentication and wants to install a
third authentication factor. If the existing authentication system uses strong passwords
and PKI tokens, which item would provide a third factor?
Fingerprint scanner
Determine the two-factor authentication for an information system?
You should identify ATM card and PIN.
The authentication process where the user can access several resources without the need
for multiple credentials is known as:
single sign-on
Users need to access their email and several secure applications from any workstation on
the network. In addition, an authentication system implemented by the administrator
requires the use of a username, password, and a company issued smart card. This is an
example of which of the following?
SSO
Which of the following describes the process by which a single user name and password
can be entered to access multiple computer applications?
Single sign-on
The authentication process where the user can access several resources without the need
for multiple credentials is known as:
single sign-on
The ability to logon to multiple systems with the same credentials is typically known as:
single sign-on
A company has a complex multi-vendor network consisting of UNIX, Windows file
servers and database applications. Users report having too many passwords and that
access is too difficult. Which of the following can be implemented to mitigate this
situation?
Single sign-on
Which of the following environments are using the principle of single sign-on to grant
users access for accessing resources?
Kerberos.
Novell eDirectory.
Microsoft Active Directory.
Which of the following is based on granting users access to all the systems, applications and resources they need, when they start a computer session?
Principle of single sign-on (SSO).
Users would not like to enter credentials to each server or application to conduct their
normal work. Which type of strategy can solve this problem?
sso
Identify the authentication system where a unique username and password is used to
access multiple systems within a company?
Single Sign-on is used to access multiple systems within a company.
Which of the following authentication problems is addressed by a single sign on process?
Multiple usernames and passwords.
Which of the following is a advantage that can be gained when implementing a Single
Sign-on technology?
You can browse multiple directories.
Identify the process where users can access numerous resources without needing multiple
credentials?
The authentication process is known as single sign-on.
Which of the following Directory Services does the statement that it is the backbone for
all security, access, and network implementations from here on out refer to?
Active Directory
Which solution can be used by a user to implement very tight security controls for
technicians that seek to enter the users' datacenter?
Biometric reader and smartcard
Which item is not a logical access control method?
biometrics
Which item best describes an instance where a biometric system identifies legitimate
users as being unauthorized?
False rejection
Which of the following methods of authentication makes use of hand scanners,
fingerprints, retinal scanners or DNA structure to identify the user?
Biometrics
For which of the following can biometrics be used?
Authentication
Which of the following is the most costly method of an authentication?
Biometrics
Which of the following provides the strongest form of authentication?
biometrics
Which of the following relies solely on biometric authentication?
Voice patterns, fingerprints, and retinal scans.
Which of the following definitions fit correctly to RADIUS?
is a mechanism that allows authentication of dial-in and other network connections
What is the biggest benefit to using RADIUS (Remote Authentication Dial-in User
Service) for a multi-site VPN (Virtual Private Network) that supports a large number of
remote users?
RADIUS (Remote Authentication Dial-in User Service) provides for a centralized user
database.
RADIUS (Remote The Lightweight Directory Access Protocol) or LDAP is an application protocol for querying and modifying directory services running over TCP/IP. A user needs to implement secure LDAP on the network. Which port number will secure LDAP use:
default?
636
Choose the terminology that correctly refers to the start (top) of a LDAP (Lightweight
Directory Access Protocol) directory.
Root
Which of the following definitions refers to LDAP?
It is a standardized directory access protocol that allows queries to be made of
directories.
Identify the port number that will ensure a secure LDAP usage by default?
Port 636 will secure LDAP.
Which of the following Directory Services does the statement that it stores information
on all system resources, users, and any other relevant information about systems attached
to a NetWare server refer to?
eDirectory
Which port must be open to allow a user to login remotely onto a workstation?
3389
Which of the following is the best description about the method of controlling how and
when users can connect in from home?
Remote access policy
Remote authentication allows you to authenticate users using a locally hosted script. Which of the following is an example of remote authentication?
A user in one city logs onto a network by connecting to a domain server in another city.
A company has instituted a VPN to allow remote users to connect to the office. As time
progresses multiple security associations are created with each association being more
secure. Which of the following should be implemented to automate the selection of the
BEST security association for each user?
IKE
A VPN typically provides a remote access link from one host to another over:
the Internet
Which of the following definitions fit correctly to VPN?
are used to make connections between private networks across a public network, such
as the Internet
A company has instituted a VPN to allow remote users to connect to the office. As time
progresses multiple security associations are created with each association being more
secure. Which of the following should be implemented to automate the selection of the
BEST security association for each user?
IKE
Which of the following network authentication protocols uses symmetric key
cryptography, stores a shared key for each network resource and uses a Key Distribution
Center (KDC)?
Kerberos
Which authentication method will prevent a replay attack from occurring?
Kerberos
For which reason are clocks used in Kerberos authentication?
Clocks are used to ensure that tickets expire correctly.
Which of the following authentication systems make use of the KDC Key Distribution
Center?
Kerberos
Kerberos uses which of the following ports by default?
88
In which authentication model a ticket granting server is an important concept?
Kerberos
A very important capability or element must be deployed before the Kerberos
authentication system functions properly. What is it?
You must deploy time synchronization services for clients and servers.
Which of the following authentication systems make use of the KDC Key Distribution
Center?
Kerberos
Which of the following must be deployed for Kerberos to function correctly?
Time synchronization services for clients and servers.
Why are clocks used in a Kerberos authentication system?
To ensure tickets expire correctly.
Which of the following factors must be considered when implementing Kerberos
authentication?
Kerberos requires a centrally managed database of all user and resource passwords.
Which of the following are the main components of a Kerberos server?
Authentication server, security database and privilege server.
Which authentication method does the following sequence: Logon request, encrypts value
response, server, challenge, compare encrypts results, authorize or fail referred to?
CHAP
The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from
the client to the server, and the server sends a challenge back to the client At which stage
does the CHAP protocol perform the handshake process? Choose the best complete
answer.
At the stage when the connection is established and at whichever time after the
connection has been established.
Which of the following sequences is correct regarding the flow of the CHAP system?
Logon request, challenge, encrypts value response, server, compare encrypted results,
authorize or fail
You work as the security administrator at TestKing.com. You want to ensure that only
encrypted passwords are used during authentication. Which authentication protocol
should you use?
CHAP (Challenge Handshake Authentication Protocol)
When does CHAP (Challenge Handshake Authentication Protocol) perform the
handshake process?
When establishing a connection and at anytime after the connection is established.
Which of the following uses unencrypted username and passwords?
PAP
Both the server and the client authenticate before exchanging data. This is an example of which of the following?
mutual authentication.
Which of the following statements regarding authentication protocols is FALSE?
MS-CHAP version 1 is capable of mutual authentication of both the client and the
server.
Identify the method that should be used to ensure that the user is able to authenticate to
the server and the server to the user?
You should make use of the Mutual authentication method.
On the basis of certain ports, which of the following will allow wireless access to network
resources?
802.lx
Which of the following protocols works with 802.1X to authenticate a client to a
network?
EAP will works with 802.1X to authenticate a client.
Which of the following definitions fit correctly to TACACS?
It allows credentials to be accepted from multiple methods, including Kerberos.
In a secure environment, which authentication mechanism will perform better?
TACACS because it encrypts client-server negotiation dialogs.
Which of the following would allow credentials to be accepted from multiple methods,
including Kerberos?
TACACS (Terminal Access Controller Access Control System)
You work as the security administrator at Certkiller.com. You must configure the firewall
to support TACACS. Which port(s) should you open on the firewall?
Port 49
During which phase of identification and authentication does proofing occur?
Identification
Which security action should be finished before access is given to the network?
Identification and authentication
A computer system containing personal identification information is being implemented
by a company's sales department. The sales department has requested that the system
become operational before a security review can be completed. Which of the following
can be used to explain the reasons a security review must be completed?
Corporate security policy
The difference between identification and authentication is that:
authentication verifies a set of credentials while identification verifies the identity of a
user requesting credentials.
Which method could identify when unauthorized access has occurred?
Implement previous logon notification.
Which type of business policies involve limiting issues such as unauthorized disclosure
of information, unauthorized access to the company facilities, and data theft?
Physical access control
After auditing file, which log will show unauthorized usage attempts?
Security
You are a network technician of your company. You have just detected an intrusion on your company's network from the Internet. What should be checked FIRST?
The firewall logs
Which practice is the best to secure log files?
Copy or save the logs to a remote log server.
Many unauthorized staff has been entering the data center by piggybacking authorized
staff. The CIO has mandated to stop this behavior. Which technology should be installed
at the data center to prevent piggybacking?
Mantrap
Which one of the following options will create a security buffer zone between two
rooms?
Mantrap
You work as a network administrator for your company. Your company requires you to
improve the physical security of a data center located inside the office building. The data
center already maintains a physical access log and has a video surveillance system. Which
additional control can be performed?
Mantrap
Risk assessment is a common first step in a risk management process. Risk assessment is
the determination of quantitative or qualitative value of risk related to a concrete situation
and a recognized threat (also called hazard). As a best practice, risk assessments should
be based upon which of the following?
A quantitative measurement of risk, impact and asset value
What will be implemented by a technician to mitigate the chances of a successful attack against the wireless network?
Implement an authentication system and WPA.
The main objective of risk management in an organization is to reduce risk to a level:
the organization will accept.
From the listing of attacks, which analyzes how the operating system (OS) responds to
specific network traffic, in an attempt to determine the operating system running in your
networking environment?
Fingerprinting
Why do many web servers provide message auditing, as do logon, system, and
applications?
To check for unusual events
Which of the following steps is MOST often overlooked during the auditing process?
Reviewing event logs regularly
Which of the following describes how a technician would configure an audit trail to
ensure the information system captures sufficient data in audit records?
Event date, event type, object identity, subject identity.
Which of the following should be done if an audit recording fails in an information
system?
Send an alert to the appropriate personnel
Malicious port scanning is a method of attack to determine which of the following?
The fingerprint of the operating system
One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions?
A TCP (transmission Control Protocol) SYN (Synchronize) scan
A security specialist is reviewing firewall logs and sees the information below. Which of
the following BEST describes the attack that is occurring?
Port scan
A security specialist is reviewing firewall logs and sees the information below. Which of
the following BEST describes the attack that is occurring?
s-192.168.0.21:53 --> d-192.168.0.1:0
s-192.168.0.21:53 --> d-192.168.0.1:1
s-192.168.0.21:53 --> d-192.168.0.1:2
s-192.168.0.21:53 --> d-192.168.0.1:3
s-192.168.0.21:53 --> d-192.168.0.1:4
s-192.168.0.21:53 --> d-192.168.0.1:5
s-192.168.0.21:53 --> d-192.168.0.1:6
s-192.168.0.21:53 --> d-192.168.0.1:7
s-192.168.0.21:53 --> d-192.168.0.1:8
Port scan
QUESTION NO: 5
One of these options best defines the main purpose of implementing an e-mail relay
server. Which is it?
An e-mail relay server is used to protect the primary e-mail server and therefore assists
in reducing the effects of viruses and port scan attacks.
One type of port scan can determine which ports are in a listening state on the network,
and can then perform a two way handshake.
Which type of port scan can perform this set of actions?
A TCP (transmission Control Protocol) SYN (Synchronize) scan
Which tool can help the technician to find all open ports on the network?
Network scanner
Which method is the LEAST intrusive to check the environment for known software
flaws?
Vulnerability scanner
After analyzing vulnerability and applying a security patch, which non-intrusive action
should be taken to verify that the vulnerability was truly removed?
Repeat the vulnerability scan.
Which of the following is a reason to use a vulnerability scanner?
To identify open ports on a system
Which of the following is the MOST effective way for an administrator to determine
what security holes reside on a network?
Perform a vulnerability assessment
Which one of the following options is a vulnerability assessment tool?
Nessus
What type of program highlights the vulnerabilities of servers on the network to various
exploits and suggests ways to mitigate the vulnerabilities?
Vulnerability scanner
Why should you use a vulnerability scanner?
You should use a vulnerability scanner to determine open ports on a system.
Network traffic is data in a network. Which tool can be used to review network traffic for clear text passwords?
Protocol analyzer
Which of the following assessment tools would be MOST appropriate for determining if
a password was being sent across the network in clear text?
Protocol analyzer
A protocol analyzer will most likely detect which security related anomalies?
Many malformed or fragmented packets
Password cracking tools are available worldwide over the Internet. Which one of the
following items is a password cracking tool?
John the Ripper
One of the below is a description for a password cracker, which one is it?
A program that performs comparative analysis.
Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol).
A ping scanner.
Choose the most effective method of preventing computer viruses from spreading
throughout the network.
You should enable scanning of all e-mail attachments.
Which of the following are types of certificate-based authentication?
One-to-one mapping.
Many-to-one mapping.
In computer programming, DLL injection is a technique used to run code within the
address space of another process by forcing it to load a dynamic-link library. Which
activity is MOST closely associated with DLL injection?
Penetration testing
Which of the following is not identified within the penetration testing scope of work?
a complete list of all network vulnerabilities.
Which description is true about penetration testing?
Simulating an actual attack on a network
Which description is true about the external security testing?
Conducted from outside the organizations security perimeter
A newly hired security specialist is asked to evaluate a company's network security. The
security specialist discovers that users have installed personal software; the network OS
has default settings and no patches have been installed and passwords are not required to
be changed regularly. Which of the following would be the FIRST step to take?
Enforce the security policy.
Which tool can best monitor changes to the approved system baseline?
Enterprise performance monitoring software
Malware, a portmanteau from the words malicious and software, is software designed to
infiltrate or damage a computer system without the owner's informed consent. A network
technician suspects that a piece of malware is consuming too many CPU cycles and
slowing down a system. Which item can help determine the amount of CPU cycles being
consumed?
Run performance monitor to evaluate the CPU usage.
Which is the primary objective to implement performance monitoring applications on
network systems from a security standpoint?
To detect availability degradations caused by attackers
Network utilization is the ratio of current network traffic to the maximum traffic that the
port can handle. Which of the following can most effectively determine whether network
utilization is abnormal?
Performance baseline
Of the list of tools below, which is not a tool that collects security baseline-related
information from Windows Management Instrumentation (WMI) or from sources other
than WMI and Web-Based Enterprise Management (WBEM)?
Snort
John works as a network administrator for his company. He uses a tool to check SMTP,
DNS, P0P3, and ICMP packets on the network. This is an example of which of the
following?
A protocol analyzer
What should you update to the baseline after installing new software on a machine?
Behavior-based HIDS will need an update to the baseline.
An Intrusion detection system (IDS) is software and/or hardware designed to detect
unwanted attempts at accessing, manipulating, and/or disabling of computer systems,
mainly through a network, such as the Internet. When an IDS is configured to match a
specific traffic pattern, then which of the following is this referring to?
Signature-based
Look at the following intrusion detection systems carefully, which one uses well defined
models of how an attack occurs?
Signature
A network intrusion detection system (NIDS) is an intrusion detection system that tries to
detect malicious activity such as denial of service attacks, port scans or even attempts to
crack into computers by monitoring network traffic. Which NIDS configuration is solely
based on specific network traffic?
Signature-based
IDS is short for Intrusion Detection Systems. Which option is the MOST basic form of
IDS?
Signature
Identify the IDS that make use of known patterns to discover malicious activity?
Signature based IDS.
Which security application cannot proactively detect workstation anomalies?
NIDS
The purpose of a DNS server is to enable people and applications to lookup records in
DNS tables. Why implement security logging on a DNS server?
To monitor unauthorized zone transfers
A DNS (Domain Name Service) server uses a specific port number. Choose this port
number from the options.
Port 1,024
Which of the following BEST describes an attempt to transfer DNS zone data?
Reconnaissance
Which of the following Directory Services does the statement that it can identify an individual computer system on the Internet refer to?
DNS
Which of the following definitions refers to DNS?
It can identify an individual computer system on the Internet.
Which security measures should be recommended while implementing system logging
procedures?
Perform hashing of the log files.
Which of the following logs shows when the workstation was last shutdown?
System
What should be taken into consideration while executing proper logging procedures?
The amount of disk space required.
The information that is needed to reconstruct events.
Which of the following would be MOST useful in determining which internal user was
the source of an attack that compromised another computer in its network?
The target computer's audit logs.
Monitoring changes to the current security policy represents the best way to audit which
element?
Privilege
Which type of policies defines how maintenance personnel are allowed to access and deal
with the equipment of the company, specifies the extent to which external maintenance
can be utilized, and specifies whether remote maintenance is allowed?
Network maintenance policy
Tom is a network administrator of his company. He suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which logs will be the BEST place to look for information?
Firewall logs
A PC is rejecting push updates from the server; all other PCs on the network are
accepting the updates successfully. What should be examined first?
Local firewall
Tom is a network administrator of his company. He guesses that PCs on the internal
network may be acting as zombies participating in external DDoS attacks. Which item
will most effectively confirm the administrator's suspicions?
Firewall logs
Which of the following ports are typically used by email clients?
110.
143.
When reviewing audit trails, what makes unique user IDs especially important?
Unique user IDs establishes individual accountability.
Which of the following steps is MOST often overlooked during the auditing process?
Reviewing event logs regularly
Which of the following BEST describes actions pertaining to user account reviews?
(Select TWO).
User account reports are periodically extracted from systems and employment
verification is performed.
User accounts and their privileges are periodically extracted from systems and are
reviewed for the appropriate level of authorization.
Which of the following statements regarding system auditing is TRUE?
System audit files must be reviewed regularly for unusual events.
Which auditing method assists in ensuring that all user account, groups, and roles are correctly defined and assigned correctly?
Privilege audits.
Which of the following components is a good data retention policy?
Offsite storage is a good data retention policy.
Audit record storage capacity must be large enough to ensure that:
the storage is not exceeded.
Which of the following is a primary concern of centralized key management systems?
Keys must be stored and distributed securely.
Which description is true about how to accomplish steganography in graphic files?
Replacing the least significant bit of each byte
What is steganography primarily used for?
Hide information
You discover that the JPEG file that contains a message in green letters on a solid white background is published on a website. There is a minor variation in color on the edge of every letter that is mapped to an ASCII table. Identify the process that will reveal the hidden message?
This process is known as steganography.
Which of the following types of encryption would be BEST to use for a large amount of
data?
Symmetric
Which algorithms can best encrypt large amounts of data?
Symmetric key algorithms
Choose the type of encryption used by SSL (Secure Sockets Layer).
Symmetric key exchange.
Secret Key encryption is also known as:
symmetrical
What maybe happen when hashing two different files creates the same result?
A collision
PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of
the email, the executive wants to encrypt the signature so that the assistant can verify that
the email actually came from the executive.
Which asymmetric key should be used by the executive to encrypt the signature?
Private
For which of the following can digital signatures be used?
Asymmetric key.
Which of the following protects the confidentiality of data by making the data unreadable
to those who don't have the correct key?
Encryption
Which of the following refers to the ability to be reasonably certain that data is not
disclosed to unintended persons?
Confidentiality
Removable storage has been around almost as long as the computer itself. Which of the following is the GREATEST security risk regarding removable storage?
Confidentiality of data.
A user has a sensitive message that needs to be sent in via email. The message needs to be
protected from interception. Which of the following should be used when sending the
email?
Encryption
Which of the following refers to the ability to be reasonably certain that data is not
modified or tampered with?
Integrity
How to test the integrity of a company's backup data?
By restoring part of the backup
Which description is correct concerning the process of comparing cryptographic hash
functions of system executables, configuration files, and log files?
File integrity auditing
Which of the following types of cryptography is typically used to provide an integrity
check?
Hash
Which of the following intrusion detection technologies work by monitoring the file structure of a system to determine whether any system files were deleted or modified by an attacker?
System integrity verifier (SIV)
Which services is provided by message authentication codes?
You make use of message authentication codes to provide the Integrity service.
Which of the following defines the ability to verify that an e-mail message received has
not been modified in transit?
Integrity
Which of the following would be achieved by using encryption? (Select THREE).
Non-repudiation.
Confidentiality.
Integrity.
Which component of a security triad deals with ensuring that any needed data is available when necessary?
Availability.
Which of the following describes the validation of a message's origin?
Non-repudiation
Which of the following would be needed to ensure that a user who has received an email
cannot claim that the email was not received?
Non-repudiation
Which of the following describes the validation of a message's origin?
Non-repudiation
What is the general purpose of non-repudiation?
To prevent the sender or the receiver from denying that the communication between
them has occurred.
Which of the following are types of certificate-based authentication? (Select TWO)
One-to-one mapping.
Many-to-one mapping.
Most current encryption schemes are based on
algorithms
Which option is correct about a hash algorithms ability to avoid the same output from two
guessed inputs?
Collision resistance
Which of the following security services are provided by digital signatures? (Select
THREE).
Authentication.
Non-repudiation.
Integrity.
Non-repudiation is enforced by which of the following?
Digital signatures
Non-repudiation is enforced by which of the following?
Digital signatures
A digital signature or digital signature scheme is a type of asymmetric cryptography. For
messages sent through an insecure channel, a properly implemented digital signature
gives the receiver reason to believe the message was sent by the claimed sender. While
using a digital signature, the message digest is encrypted with which of the following
keys?
Senders private key
Which of the following are used to prove where ActiveX controls originated from?
Digital signatures.
TestKing.com issues Certificates as a Local Registration Authority. Identify the actions
that should be taken to ensure that e-mails sent to clients outside the company can be
authenticated by the recipients?
Your best option would be to ensure that digital signatures are turned off on all
outgoing e-mails.
Identify the security services offered by digital signatures? (Choose THREE)
Integrity is offered by digital signatures.
Non-repudiation is offered by digital signatures.
Authentication is offered by digital signatures.
Identify the usage of digital signatures?
You make use of digital signatures for integrity and non-repudiation.
Which of the following describes a type of algorithm that cannot be reversed in order to
decode the data?
One Way Function
Which statement correctly describes the difference between a secure cipher and a secure
hash?
A cipher can be reversed, a hash cannot.
A security specialist has downloaded a free security software tool from a trusted industry
site. The source has published the MD5 hash values for the executable program. The
specialist performs a successful virus scan on the download but the MD5 hash is
different. Which of the following steps should the specialist take?
Avoid executing the file and contact the source website administrator
Which method will most effectively verify that a patch file downloaded from a third party
has not been modified since the time that the original manufacturer released the patch?
Compare the final MD5 hash with the original.
In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash
function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been
employed in a wide variety of security applications, and is also commonly used to check
the integrity of files. A user sees an MD5 hash number beside a file that they wish to
download. Which description is true about a hash?
A hash is a unique number that is generated based upon the files contents and should
be verified after download.
The hashing algorithm is created from a hash value, making it nearly impossible to derive
the original input number. Which item can implement the strongest hashing algorithm?
NTLMv2
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily
understood by unauthorized people. Which of the following is considered the weakest
encryption?
DES
Pretty good privacy (PGP) uses which of the following symmetric encryptions of message
data and hashing methods?
3DES and SHA-1
Which encryption algorithm depends on the inability to factor large prime numbers?
RSA
Which of the following encryption algorithms relies on the inability to factor large prime
numbers?
RSA
Which encryption algorithms can be used to encrypt and decrypt data?
RC5
Which of the following is an example of an asymmetric encryption algorithm?
RSA (Rivest Shamir Adelmann)
Identify the encryption algorithms that are unable to factor big prime numbers?
You should select the RSA.
In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Pre-shared keys can be applied to which of the following?
pgp
Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data.
Asymmetric scheme
Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is
subordinate to another. The model with no single trusted root is known as:
peer-to-peer.
Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication?
A user must trust the public key that is received
Which of the following does PGP use to encrypt data?
A symmetric scheme
Which of the following mail standards relies on a "Web of Trust"?
Pretty Good Privacy (PGP)
What is the important defect in Pretty Good Privacy (PGP) authentication?
The most important defect is that the client has to trust the public key that is received.
In order to encrypt credit card data, which will be the most secure algorithm with the least
CPU utilization?
AES
Which of the following provides the MOST secure form of encryption?
AES
Encryption is the conversion of data into a form, called a ciphertext that cannot be easily
understood by unauthorized people. Which encryption is the strongest by use of
mathematical evaluation techniques?
AES
Which item will effectively allow for fast, highly secure encryption of a USB flash drive?
AES256
You work as the security administrator at TestKing.com. You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): What solution should you implement?
WEP (Wired Equivalent Privacy).
WEP uses which of the following stream ciphers?
RC4
A small manufacturing company wants to deploy secure wireless on their network. Which
of the following wireless security protocols could be used? (Select TWO).
WEP.
WPA.
Which statement is true about the cryptographic algorithm employed by TLS to establish
a session key?
Diffie-Hellman
Which of the following connectivity is required for a web server that is hosting an SSL
based web site?
Port 443 inbound
Which of the following identifies the layer of the OSI model where SSL provides
encryption?
Session
Which of the following uses private key / public key technology to secure web sites?
SSL
From the options below, which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page?
The server uses its digital certificate to identify itself to the browser.
Which of the following identifies the layer of the OSI model where SSL provides encryption?
Session
The Diffie-Hellman encryption algorithm relies on which of the following?
Key exchange
Choose the option that details one of the primary benefits of using S/MIME /Secure Multipurpose Internet Mail Extension)?
S/MIME allows users to send both encrypted and digitally signed e-mail messages.
Which of the following standards does S/MIME use to perform public key exchange and
authentication?
X.509
What is the purpose of S/MIME (Secure Multipurpose Internet Mail Extensions)?
To encrypt messages and files
What do you require in order to use S/MIME (Secure Multipurpose Internet Mail
Extensions)?
A digital certificate.
Which of the following tunneling protocols supports encapsulation in a single
point-to-point environment?
PPTP
Which of the following definitions fit correctly to PPTP?
It supports encapsulation in a single point-to-point environment
Which of the following has largely replaced SLIP?
PPP (Point-to-Point Protocol)
Which of the following is a tunneling protocol that only works on IP networks?
PPTP
Which of the following protocols is used to transmit data between a web browser and a
web server?
HTTP
Which protocol can be used to ensure secure transmissions on port 443?
HTTPS
From the list of protocols, which two are VPN (Virtual Private Network) tunneling
protocols? Choose two protocols.
L2TP (Layer Two Tunneling Protocol).
PPTP (Point-to-Point Tunneling Protocol).
Which item can easily create an unencrypted tunnel between two devices?
L2TP
Which of the following definitions fit correctly to L2TP?
It is primarily a point-to-point protocol
L2TP tunneling replies on which of the following for security?
IPSec
Which security does L2TP tunneling reply on?
It will reply on IPSec.
Recently, your company has implemented a work from home program. Employees should
connect securely from home to the corporate network. Which encryption technology can
be used to achieve this goal?
IPSec
Which of the following definitions fit correctly to IPSec?
It is not a tunneling protocol, but it is used in conjunction with tunneling protocols.
You work as the security administrator at TestKing.com. TestKing.com has headquarters
in London and a branch office in Paris. You must ensure that a secure connection is
established between the London headquarters and the Paris branch office over the public
network.
You deploy IPSec (Internet Protocol Security) to achieve this goal. You must still
configure the IPSec mode for the router at each location.
Which IPSec mode should you configure?
Tunnel mode
Which of the following is a VPN (Virtual Private Network) protocol that operates at the
Network Layer (Layer 3) of the OSI (Open Systems Interconnect) model?
IPSec (Internet Protocol Security)
Which of the following can be used to authenticate and encrypt IP (Internet Protocol)
traffic?
IPSec (Internet Protocol Security)
Which of the following best describes tunneling?
The act of encapsulating ordinary/non-secure IP packets inside of encrypted/secure IP
packets.
Which of the following statements are true regarding FTP Secure?
As discussed earlier, SSH is a program that allows connections to be secured by
encrypting the session between the client and the server
On a firewall, which ports must be open in order to support SSH (Secure Shell)?
TCP (Transmission Control Protocol) port 22
Which of the following is an alternative to using telnet?
SSH (Secure Shell).
The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and revoke digital certificates. The
public key infrastructure is based on which encryption schemes?
Asymmetric
Using software on an individual computer to generate a key pair is an example of which
of the following approaches to PKI architecture?
Decentralized
PKI is based on which of the following types of encryption?
Asymmetric
Which of the following would be an effective way to ensure that a compromised PKI key
can not access a system?
Revoke the key
Which key can be used by a user to log into their network with a smart card?
Privatekey
Which key is generally applied FIRST to a message digest to provide non-repudiation by
use of asymmetric cryptography?
Privatekey of the sender
Which of the following is included in a CRL (Certificate Revocation List)?
Certificates that have been disabled before their scheduled expiration.
With regard to CRLs (Certificate Revocation Lists), which of the following are true?
A CLR (Certificate Revocation List) query that receives a response in near real time does not guarantee that fresh data is being returned.
Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is
subordinate to another. The model with no single trusted root is known as:
peer-to-peer
Which of the following would be an effective way to ensure that a compromised PKI key
can not access a system?
Revoke the key
How to make sure that when an employee leaves the company permanently, the company
will have access to their private keys?
Store the keys in escrow.
CRL is short for Certificate Revocation List. Which types of keys are included in a CRL?
Both public and private keys
Which of the following would be the MOST effective backup site for disaster recovery?
Hot site
For the following sites, which one has the means (e.g. equipment, software, and
communications) to facilitate a full recovery within minutes?
Hot site
Which of the following is an alternate site configured with necessary system hardware,
supporting infrastructure and an on site staff able to respond to an activation of a
contingency plan 24 hours a day, 7 days a week?
A hot site.
Identify the most effective backup site for disaster recovery?
A hot site is the most effective.
Which of the following best describes the term cold site?
A location to begin operations during disaster recovery.
Which is the correct order in which crucial equipment should draw power?
UPS line conditioner, UPS battery, and backup generator
When power must be delivered to critical systems, which of the following is a
countermeasure?
Backup generator
Choose the correct order in which crucial equipment should draw power.
UPS line conditioner, UPS battery, and backup generator
A travel reservation organization conducts the majority of its transactions via a public
facing website. Any downtime to this website will lead to serious financial damage for
this organization. One web server is connected to several distributed database servers.
Which statement is correct about this scenario?
Single point of failure
TestKing.com makes use of a public facing website to conduct their business. Downtime
to this website results in a significant financial loss. A web server is connected to a
number of distributed database servers. What is this known as?
This is known as a single point of failure.
Which of the following technical solutions supports high availability?
RAID (Redundant Array of Independent Disks)
Determine the RAID configuration that offers the highest availability?
Four disks striped with parity.
Which one of the following options will allow for a network to remain operational after a
Tl failure?
Redundant ISP
Which item can reduce the attack surface of an operating system?
Disabling unused services
Which of the following would be MOST important to have to ensure that a company will
be able to recover in case of severe environmental trouble or destruction?
Disaster recovery plan
Following a disaster, which of the following functions should be returned FIRST from the backup facility to the primary facility?
Least critical functions
Which of the following types of backups requires that files and software that have been
changed since the last full backup be copied to storage media?
Differential
Alex is a network administrator of his company. He is backing up all server data nightly
to a local NAS device. Which additional action should Alex perform to block disaster in
the case the primary site is permanently lost?
Backup all data at a preset interval to tape and store those tapes at a sister site in
another city.
Firmware updates are usually produced by manufactures to address security issues with
regard to processing logic or the operating system. To deploy any firmware update, you
should perform a number of steps. Choose the one that does not apply.
You do not need to perform a backup of the existing IOS image and running
configuration because this is a firmware update.
You work as a network technician for your company. The company policy for availability
needs full backups on Sunday and incremental backups each week night at 10 p.m. The
file server crashes on Wednesday afternoon; how many types are required to restore the
data on the file server for Thursday morning?
Three
A technician is conducting a forensics analysis on a computer system. Which step should
be taken FIRST?
Get a binary copy of the system.
Which of the following tools is NOT a computer forensic tool or a provider that offers
computer forensic tools?
Tripwire
Which of the following is a definition of computer forensics?
Describes the process of investigating and analyzing computer system security incidents, to determine how the incident occurred and to collect and document all probable evidence that can be used legally.
The concept of forensic analysis involves a standard approach or process. Choose the
correct combination of steps for this process. (Select THREE)
Authenticate the evidence.
Collect the evidence and analyze the evidence.
Acquire the evidence.
Forensic investigations and response actions should define the actions for dealing with a
number of situations. Which of the following actions should you perform when an attack
is in progress? Choose all options that apply.
You should remove all affected systems immediately.
You should maintain connectivity so that you can continuously collect data on the attack.
In forensics, which of the following tasks should be performed when an incident occurs?
(Choose all that apply)
Contact the inciden