Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
833 Cards in this Set
- Front
- Back
|
You work as the security administrator at TestKing.com. One morning you discover that
a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? |
Privilege escalation attack
|
|
|
Which of the following attacks are being referred to if someone is accessing your e-mail server and sending inflammatory information to others?
|
Repudiation Attack
|
|
|
Which security management model works on the basis that all new privilege assignments
and privilege assignment modifications made to existing privileges are performed through one governing group? |
Centralized security management model
|
|
|
What does the MAC access control model use to identify the users who have permissions
to a resource? |
Predefined access privileges.
|
|
|
An attack in which a user logs into a server with his user account, executes a program and
then performed activities only available to an administrator is an example of which of the following? |
Privilege escalation
|
|
|
You work as the security administrator at TestKing.com. One morning you discover that
a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occurred? |
Privilege escalation attack.
|
|
|
Choose the statement which best defines the characteristics of a computer virus.
|
A computer virus is a replication mechanism, activation mechanism and has an
objective. |
|
|
Which description is correct about an application or string of code that could not
automatically spread from one system to another but is designed to spread from file to file? |
Virus
|
|
|
To which of the following viruses does the characteristic when the virus may attempt to
infect your boot sector, infect all of your executable files, and destroy your applications files form part of? |
Multipartite Virus
|
|
|
To which of the following viruses does the characteristic when the virus may attempt to
infect your boot sector, infect all of your executable files, and destroy your applications files form part of? |
Multipartite Virus
|
|
|
Which of the following should be scanned for viruses?
|
Executable files.
|
|
|
Which of the following would be considered a detrimental effect of a virus hoax? (Select
TWO). |
Users are tricked into changing the system configuration.
Technical support resources are consumed by increased user calls. |
|
|
To which of the following viruses does the characteristic when the virus attacks your
system, display a message on your computer, and delete files on your system form part of? |
Polymorphic Virus
|
|
|
Which of the following definitions should BEST suit the functions of an e-mail server?
|
Detect the viruses in the messages received from various sources and send warnings to
the recipient to warn him/her of the risky mail. |
|
|
By which means do most network bound viruses spread?
|
E-mail
|
|
|
To which of the following viruses does the characteristic when the virus will attempt to
avoid detection by masking itself from applications. It may attach itself to the boot sector of the hard drive, form part of? |
Stealth Virus
|
|
|
What is the main reason why e-mail security concepts do not work?
|
The workers lack of interest in updating virus definitions
|
|
|
Which of the following definitions should BEST suit the functions of an e-mail server?
|
Detect the viruses in the messages received from various sources and send warnings to
the recipient to warn him/her of the risky mail. |
|
|
To which of the following viruses does the characteristic when the virus will attempt to
avoid detection by masking itself from applications. It may attach itself to the boot sector of the hard drive, form part of? |
Stealth Virus
|
|
|
What is a piece of malicious code that has no productive purpose but can replicate itself and exist only to damage computer systems or create further vulnerabilities called?
|
Virus
|
|
|
Which of the following is used to describe an autonomous agent that copies itself into one
or more host programs, then propagates when the host is run? |
Virus
|
|
|
What is a program that can infect other programs by modifying them to include a version
of it called? |
Virus
|
|
|
What type of virus can hides itself by intercepting disk access requests?
|
Stealth.
|
|
|
By which means do most network bound viruses spread?
|
E-mail
|
|
|
Which of the following types of malicious software travels across computer networks
without requiring a user to distribute the software? |
Worm
|
|
|
Choose the statement that best details the difference between a worm and a Trojan horse?
|
Worms self replicate while Trojan horses do not.
|
|
|
Which of the following types of programs autonomously replicates itself across
networks? |
Worm
|
|
|
Which of the following is the major difference between a worm and a Trojan horse?
|
Worms are self replicating while Trojan horses are not.
|
|
|
Which of the following can distribute itself without using a host file?
|
Worm.
|
|
|
Which malicious software can be transmitted across computer networks without user
intervention? |
A worm can be transmitted without user intervention.
|
|
|
Identify the malicious software that can be transmitted across computer networks without
needing a client to distribute the software? |
A Worm can be transmitted across computer networks without needing a client to
distribute software. |
|
|
Which program replicate independently across networks?
|
Worm will replicate independently.
|
|
|
Identify the malicious code that does not need human involvement to install itself and to
spread? |
A Worm does not need human involvement.
|
|
|
Which of the following types of programs autonomously replicates itself across
networks? |
Worm
|
|
|
A user downloads and installs a new screen saver and the program starts to rename and
delete random files. Which of the following would be the BEST description of this program? |
Trojan horse
|
|
|
What is an application that appears to perform a useful function but instead contains
some sort of malicious code called? |
Trojan Horse
|
|
|
What is a piece of code that appears to do something useful while performing a harmful
and unexpected function like stealing passwords called? |
Trojan horse
|
|
|
What is a program that appears to be useful but contains hidden code that allows
unauthorized individuals to exploit or destroy data is commonly known? |
A Trojan horse
|
|
|
What is happening when a user downloads and installs a new screen saver and the
program starts to rename and delete random files? |
This program illustrates a Trojan horse.
|
|
|
Identify the malicious code that enters the system via a freely distributed game that is
purposely installed and played? |
It can enter a system by means of a Trojan horse.
|
|
|
Which one of the following is not Bluetooth threat?
|
a smurf attack.
|
|
|
Given: John is a network administrator. He advises the server administrator of his
company to implement whitelisting, blacklisting, closing-open relays and strong authentication techniques. Question: Which threat is being addressed? |
Spam
|
|
|
An SMTP server is the source of email spam in an organization. Which of the following
is MOST likely the cause? |
Anonymous relays have not been disabled.
|
|
|
Spam is considered a problem even when deleted before being opened because spam:
|
wastes company bandwidth
|
|
|
Which of the following are techniques typically used by spammers?
|
Harvesting email addresses from web sites.
Randomizing the subject line of emails. |
|
|
A security specialist with a large company has seen an increase in the number of spam
emails. A user tells the specialist that even though the user has unsubscribed from the lists, the problem seems to be worsening. Which of the following would be a possible cause? |
Unsubscribe requests confirm email addresses.
|
|
|
An SMTP server is the source of email spam in an organization. Which of the following
is MOST likely the cause? |
Anonymous relays have not been disabled.
|
|
|
Why is spam regard as a problem when deleted prior to opening it?
|
Spam waste several company bandwidth.
|
|
|
Which techniques are used by spammers? (Choose TWO)
|
Spammers harvest e-mail addresses from web sites.
The subject line of e-mails is randomized. |
|
|
Which one of the following options will permit an attacker to hide the presence of
malicious code through altering the systems process and registry entries? |
Rootkit
|
|
|
Which scanner can find a rootkit?
|
Malware scanner
|
|
|
Which programs and codes will permit an untraceable presence on a system with
administrative rights? |
A Rootkit will illustrate the set of programs and codes.
|
|
|
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS
attack) is an attempt to make a computer resource unavailable to its intended users. Which method can be used to perform denial of service (DoS) attacks? |
Botnet
|
|
|
Malicious code that enters a target system, lays dormant until a user opens the certain
program then deletes the contents of attached network drives and removable storage devices is known as a: |
logic bomb
|
|
|
For the following items, which is an example of an attack that executes once a year on a
certain date? |
Logic bomb
|
|
|
What type of program will record system keystrokes in a text file and e-mail it to the
author, and will also delete system logs every five days or whenever a backup is performed? |
Logic bomb.
|
|
|
The system administrator of the company has resigned. When the administrator's user ID
is deleted, the system suddenly begins deleting files. What type of malicious code is this? |
Logic bomb
|
|
|
Identify the malicious code that enters a system and stay inactive until a user opens that
particular program then starts to delete the contents of attached network drives and removable storage devices? |
The malicious code is known as logic bomb.
|
|
|
In computing, the Basic Input/Output System (BIOS) , also known as the System BIOS, is a de facto standard defining a firmware interface for IBM PC Compatible computers. A user is concerned with the security of their laptops BIOS. The user would not like anyone to be able to access control functions except themselves. Which of the following could make the BIOS more secure?
|
Password
|
|
|
Which threat is increased by the availability of portable external storage such as USB
hard drives to networks? |
Removal of sensitive and PII data
|
|
|
Users are using thumb drives to connect to USB ports on company workstations. A
technician is concerned that sensitive files can be copied to the USB drives. Which mitigation technique would address this concern? (Select TWO). |
Disable the USB root hub within the OS.
Disable USB within the workstations BIOS. |
|
|
A Faraday cage or Faraday shield is an enclosure formed by conducting material, or by a
mesh of such material. Such an enclosure blocks out external static electrical fields. Faraday cages are named after physicist Michael Faraday, who built one in 1836. Which of the following would a Faraday cage prevent usage of? |
Cell phone
|
|
|
Which security policy will be most likely used while attempting to mitigate the risks
involved with allowing a user to access company email via their cell phone? |
The cell phone should require a password after a set period of inactivity.
|
|
|
What should you do to lessen the risks involved with permitting a user to access TestKing
e-mail via their cell phones? |
You should ensure that the cell phone information is encrypted according to the NIST
standards. |
|
|
Which of the following types of removable media is write-once and appropriate for archiving security logs?
|
CD-R
|
|
|
Identify the primary security risk linked with removable storage?
|
Continuity security risk.
|
|
|
Which of the following would be an example of a hardware device where keys can be
stored? (Select TWO). |
PCMCIA card.
Smart card. |
|
|
Which of the following authentication methods increases the security of the
authentication process because it must be in your physical possession? |
Smart Cards.
|
|
|
Choose the option that best defines what a hotfix is?
|
It is a not fully tested software fix which addresses a specific issue(s) being
experienced by certain customers. |
|
|
Which of the following is the BEST place to obtain a hotfix or patch for an application or
system? |
The manufacturer's website
|
|
|
Which of the following is an installable package that includes several patches from the
same vendor for various applications? |
Service pack
|
|
|
What are best practices while installing and securing a new system for a home user?
(Select THREE). |
Apply all service packs.
Apply all system patches. Use a strong firewall. |
|
|
What is an installable package that encompasses of numerous patches from the same
vendor for different applications called? |
A Service pack is an installable package.
|
|
|
Which description is correct about a way to prevent buffer overflows?
|
Apply all security patches to workstations.
|
|
|
Which method can be used to correct a single security issue on a workstation?
|
A patch
|
|
|
To reduce vulnerabilities on a web server, an administrator should adopt which of the
following preventative measures? |
Apply the most recent manufacturer updates and patches to the server.
|
|
|
Which security threat will affect PCs and can have its software patched remotely by a
command and control center? |
Zombie
|
|
|
Patch management must be combined with full-featured systems management to be
effective. Determining which patches are needed, applying the patches and which of the following are three generally accepted activities of patch management? |
Auditing for the successful application of the patches
|
|
|
Which of the following are components of host hardening? (Select TWO).
|
Applying patches.
Disabling unnecessary services. |
|
|
Which of the following is the primary method of performing network hardening?
|
Disable any unnecessary ports and services.
|
|
|
Which of the following would be the MOST important reason to apply updates?
|
Software is inherently insecure and as new vulnerabilities are found the vulnerabilities
must be fixed. |
|
|
A graphical user interface (GUI) is a type of user interface which allows people to interact
with electronic devices such as computers; hand-held devices such as MP3 Players, Portable Media Players or Gaming devices; household appliances and office equipment. Which of the following will allow a technician to restrict a user accessing to the GUI? |
Group policy implementation
|
|
|
Which goals can be achieved by use of security templates? (Select TWO).
|
To ensure that servers are in compliance with the corporate security policy.
To ensure that all servers start from a common security configuration |
|
|
Which of the following BEST describes the baseline process of securing devices on a
network infrastructure? |
Hardening
|
|
|
The first step in creating a security baseline would be:
|
creating a security policy
|
|
|
Which item specifies a set of consistent requirements for a workstation or server?
|
Configuration baseline
|
|
|
Which description is correct about the standard load for all systems?
|
Configuration baseline
|
|
|
Operating system hardening essentially means securing the operating system. Which of
the following is not a method, specific for securing the operating system? |
Use encryption to protect the transfer of sensitive information, and ensure that
encryption is enabled between the server and client. |
|
|
When a new network device is configured for first-time installation, which of the
following is a security threat? |
Use of default passwords
|
|
|
Which of the following is a security reason to implement virtualization throughout the
network infrastructure? |
To isolate the various network services and roles
|
|
|
Which of the following will require setting a baseline? (Select TWO).
|
Anomaly-based monitoring.
Behavior-based monitoring. |
|
|
Non-essential services are often appealing to attackers because non-essential services:
(Select TWO) |
sustain attacks that go unnoticed.
are not typically configured correctly or secured. |
|
|
When defining methods to secure and monitor servers, which of the following statements
are FALSE? |
Use motion alarms and tracking equipment to better secure your servers.
|
|
|
While reviewing the running services on a production server, an unknown service is
observed. Which of the following actions should be taken? |
Investigate the service and determine whether the service is necessary.
|
|
|
Which of the following types of publicly accessible servers should have anonymous
logins disabled to prevent an attacker from transferring malicious data? |
FTP
|
|
|
Which action should be performed to harden workstations and servers?
|
Install only needed software.
|
|
|
Which of the following would be the BEST reason to disable unnecessary services on a
server? |
Attack surface and opportunity for compromise are reduced
|
|
|
Which of the following would be BEST to do when network file sharing is needed?
(Select TWO). |
Set a disk quota.
Place the share on a different volume than the operating system. |
|
|
A technician is helping an organization to correct problems with staff members
unknowingly downloading malicious code from Internet websites. Which of the following should the technician do to resolve the problem? |
Disable unauthorized ActiveX controls
|
|
|
Which of the following definitions BEST suit ActiveX?
|
It allows customized controls, icons, and other features to increase the usability of web
enabled systems |
|
|
With which privileges are ActiveX control executed?
|
Current user account
|
|
|
Which of the following is responsible for displaying an install dialog box for an ActiveX component?
|
The user's browser setting.
|
|
|
Which of the following definitions BEST suit Java Applet?
|
The client browser must have the ability to run Java applets in a virtual machine on the
client |
|
|
Which of the following definitions BEST suit Java Applet?
|
The client browser must have the ability to run Java applets in a virtual machine on the
client |
|
|
The concept that a web script is run in its own environment and cannot interfere with any
other process is known as a: |
sandbox
|
|
|
Which of the following web vulnerabilities is being referred to when it's an older form of scripting that was used extensively in early web systems?
|
CGI
|
|
|
Which of the following would be an easy way to determine whether a secure web page
has a valid certificate? |
Right click on the lock at the bottom of the browser and check the certificate
information |
|
|
The MOST common exploits of Internet-exposed network services are due to:
|
buffer overflows
|
|
|
Which of the following definitions BEST suit Buffer Overflow?
|
It receives more data than it is programmed to accept.
|
|
|
Which one of the following options overwrites the return address within a program to
execute malicious code? |
Buffer overflow
|
|
|
Which of the following describes a server or application that is accepting more input than
the server or application is expecting? |
Buffer overflow
|
|
|
Which of the following can affect heaps and stacks?
|
Buffer overflows
|
|
|
Which of the following web vulnerabilities is being referred to when it receives more data
than it is programmed to accept? |
Buffer Overflows.
|
|
|
Which of the following is a common type of attack on web servers?
|
Buffer overflow
|
|
|
What exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node.
|
Buffer overflow
|
|
|
Which of the following occurs when a string of data is sent to a buffer that is larger than
the buffer was designed to handle? |
Buffer overflow
|
|
|
Which of the following type of attacks exploits poor programming techniques and lack of
code review? |
Buffer overflow
|
|
|
Which of the following is a DoS exploit that sends more traffic to a node than
anticipated? |
Buffer Overflow
|
|
|
Identify common utilization of Internet-exposed network services?
|
Buffer overflows is a common utilization.
|
|
|
What results in poor programming techniques and lack of code review?
|
It can result in the Buffer overflow attack.
|
|
|
A server or application that accepts more input than the server or application is expecting
is known as: |
It is known as a Buffer overflow.
|
|
|
Which of the following is a common type of attack on web servers?
|
Buffer overflow.
|
|
|
Which of the following is often misused by spyware to collect and report a user's
activities? |
Tracking cookie
|
|
|
Which of the following can be used to track a user's browsing habits on the Internet?
|
Cookies
|
|
|
Which of the following can be used to retain connection data, user information, history of
sites visited, and can be used by attackers for spoofing an on-line identity? |
Cookies.
|
|
|
Which of the following web vulnerabilities is being referred to when it has a feature
designed into many e-mail servers that allows them to forward e-mail to other e-mail servers? |
SMTP Relay
|
|
|
Which of the following would be the MOST common method for attackers to spoof
email? |
Open relays
|
|
|
Which of the following is used to determine equipment status and modify the
configuration or settings of network devices? |
SNMP
|
|
|
Which of the following ports does SMTP use?
|
25
|
|
|
Which of the following protocols is used to transmit e-mail between an e-mail client and an e-mail server?
|
Post Office Protocol, version 3 (POP3).
|
|
|
Which of the following protocols make use of port 25?
|
SMTP
|
|
|
The employees at a company are using instant messaging on company networked
computers. The MOST important security issue to address when using instant messaging is that instant messaging: |
communications are open and unprotected
|
|
|
With regards to the use of Instant Messaging, which of the following type of attack can
best be guarded against by user awareness training? |
Social engineering
|
|
|
What makes Instant Messaging extremely insecure compared to other messaging
systems? |
It is a peer-to-peer network that offers most organizations virtually no control over it.
|
|
|
Which of the following is the greatest vulnerability of using Instant Messaging clients?
|
Hostile code delivered by file transfer.
|
|
|
Which of the following is the biggest problem associated with Instant Messaging?
|
It was created without security in mind.
|
|
|
Which of the following is Instant Messaging most vulnerable to?
|
sniffing.
|
|
|
TestKing.com makes use of instant messaging in the environment. What is a vital security
issue that should be addressed when using instant messaging? |
You should address the fact that instant messaging communications are open and
unprotected. |
|
|
A peer-to-peer computer network uses diverse connectivity between participants in a
network and the cumulative bandwidth of network participants rather than conventional centralized resources where a relatively low number of servers provide the core value to a service or application. Which of the following is a security risk while using peer-to-peer software? |
Data leakage
|
|
|
Which of the following programming techniques should be used to prevent buffer
overflow attacks? |
Input validation
|
|
|
Your company's website permits customers to search for a product and display the current
price and quantity available of each product from the production database. Which of the following will invalidate an SQL injection attack launched from the lookup field at the web server level? |
Input validation
|
|
|
Determine the programming method you should use to stop buffer overflow attacks?
|
You should make use of Input validation.
|
|
|
Which practice can best code applications in a secure manner?
|
Cross-site scripting
|
|
|
Identify the type of attack that CGI scripts are vulnerable to?
|
It is vulnerable to Cross site scripting.
|
|
|
After installing new software on a machine, what needs to be updated to the baseline?
|
Behavior-based HIDS
|
|
|
Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS)
are methods of security management for computers and networks. A HIDS is installed to monitor which of following? |
System files
|
|
|
While monitoring application activity and modification, which system should be used?
|
HIDS
|
|
|
While hardening an operating system, which item is LEAST effective?
|
Installing HIDS
|
|
|
Which of the following can be used by a technician to detect staff members that are
connecting to an unauthorized website? |
C HIDS
|
|
|
A host-based IDS system can perform a number of monitoring and intrusion detection
activities which a network IDS cannot. Choose the one that does not apply? |
Can see information within encrypted tunnels.
|
|
|
A companys security' specialist is securing a web server that is reachable from the
Internet. The web server is located in the core internal corporate network. The network cannot be redesigned and the server cannot be moved. Which of the following should the security specialist implement to secure the web server? (Select TWO). |
Host-based IDS.
Host-based firewall. |
|
|
A misuse-detection IDS is mainly focused on which of the following?
|
Isolating attacks based on attack signatures and audit trails.
|
|
|
Which IDS response type(s) only collects information on the attack and reports it?
|
Passive response method
|
|
|
When a network-based IDS detects a suspicious event, it can perform a number of
actions. Which of the following does not apply? |
Can log the offending user off the system and disable the user account.
|
|
|
Of the intrusion detection capabilities listed below, which is FALSE for a network based
IDS system? |
A network based IDS system can detect dial-in intrusions and attempts to physically
access the server. |
|
|
Which of the following types of IDS should be implemented to monitor traffic on a
switch? (Select TWO). |
Network Based Passive.
Network Based Active. |
|
|
Which of the following is a popular network IDS system?
|
Snort
|
|
|
Of the different IDS types and analysis methods, which of the following is considered the
simplest IDS system to implement? |
Pattern matching network-based IDS.
|
|
|
When discussing IDS systems, of the list of responses below, which is not an active
response? |
Shunning
|
|
|
Which of the following IDS response methods should be used if you want the IDS to
instruct the firewall to block sockets and ports that are sending offensive traffic? |
Network Configuration changes
|
|
|
What does certain HIDS utilities consider to detect system security related irregularities?
|
A file hashing snapshot comparison is considered by certain HIDS.
|
|
|
On a company's LAN, port 3535 is typically blocked for outbound traffic. An end-user
has recently purchased a legitimate business program that needs to make outbound calls through this port Which step should be taken by a technician to allow this? (Select TWO). |
Open the port on the user's personal software firewall.
Open the port on the company's firewall. |
|
|
John works as a network administrator for his company. On the monthly firewall log, he
discovers that many internal PCs are sending packets on a routine basis to a single external PC. Which statement correctly describes what is happening? |
The remote PC has a zombie master application running and the local PCs have a
zombie slave application running. |
|
|
Why malware that uses virtualization techniques is difficult to detect?
|
The malware may be running at a more privileged level than the antivirus software.
|
|
|
To aid in preventing the execution of malicious code in email clients, which of the
following should be done by the email administrator? |
Spam and anti-virus filters should be used
|
|
|
A finance manager in an organization notices that staff phone bills are excessive. Upon
further examination of the bill, it appears some of the staff has been sending over 5,000 text messages a day to what appears to be random numbers. Which of the following is the BEST way to prevent this problem? |
Install antivirus software on mobile phones.
|
|
|
A manager reports that users are receiving multiple emails from the account of a user who
no longer works for the company. Which of the following would be the BEST way to determine whether the emails originated internally? |
Review anti-virus logs on the former employee's computer
|
|
|
When does your antivirus software scan your e-mails for possible viruses?
|
While receiving
|
|
|
What is used by anti-virus software to detect unknown viruses?
|
Heuristic analysis is used to detect unknown viruses.
|
|
|
Users on a network report that they are receiving unsolicited emails from the same email
address. Which action should be performed to prevent this from occurring? |
Install an anti-spam filter on the domain mail servers and filter the email address.
|
|
|
Look at the following items, which one usually applies specifically to a web browser?
|
Pop-up blocker
|
|
|
Which of the following is MOST effective in preventing adware?
|
Pop-up blocker
|
|
|
Why do security researchers often use virtual machines?
|
To offer an environment where malware can be executed with minimal risk to
equipment and software |
|
|
Virtualized applications, such as virtualized browsers, can protect the underlying
operating system from which of the following? |
Malware installation from suspects Internet sites
|
|
|
In computing, virtualization is a broad term that refers to the abstraction of computer
resources. Which is a security reason to implement virtualization throughout the network infrastructure? |
To isolate the various network services and roles
|
|
|
What technology is able to isolate a host OS from some types of security threats?
|
Virtualization
|
|
|
For the following items, which is a security limitation of virtualization technology?
|
If an attack occurs, it could potentially disrupt multiple servers.
|
|
|
Which technology is able to isolate a host OS from some types of security threats?
|
Virtualization
|
|
|
You work as a network technician. You have been asked to reconstruct the infrastructure
of an organization. You should make sure that the virtualization technology is implemented securely. What should be taken into consideration while implementing virtualization technology? |
The technician should verify that the virtual servers and the host have the latest service
packs and patches applied. |
|
|
Which of the following are nonessential protocols and services?
|
TFTP (Trivial File Transfer Protocol).
|
|
|
Which of the following statements are true regarding FTP Connections?
|
FTP is a protocol, a client, and a server.
|
|
|
Which one of the following File Transfer Protocol does the statement "FTP is a protocol,
a client, and a server" refer to? |
FTP Connections
|
|
|
You work as the security administrator at TestKing.com. You are investigating the
consequences of networks attacks aimed at FTP servers. Which of the following states the aim of a FTP (File Transfer Protocol) bounce attack? |
The attack aims to establish a connection between the FTP server and another
computer. |
|
|
Which of the following are nonessential protocols and services?
|
NetBios services
|
|
|
Which of the following attacks are being referred to if it was regarded as a benign
protocol that was incapable of very much damage? |
ICMP Attacks
|
|
|
From the listing of attacks, which uses either improperly formatted MTUs (Maximum
Transmission Unit) or the ICMP (Internet Control Message Protocol) to crash the targeted network computer? |
A Ping of Death attack
|
|
|
Nmap has been run against a server and more open ports than expected have been discovered. Which of the following would be the FIRST step to take?
|
The process using the ports should be examined.
|
|
|
Which of the following definitions refers to X.500?
|
It was implemented by the International Telecommunications Union (ITU).
|
|
|
Which of the following would originally link UNIX systems together in a dial-up
environment? |
SLIP (Serial Line Internet Protocol)
|
|
|
Which of the following protocols are not recommended due to them supplying passwords and information over the network?
|
SNMP (Simple Network Management Protocol).
|
|
|
Which of the following attacks are being referred to if the attack involves the attacker
gaining access to a host in the network and logically disconnecting it? |
TCP/IP Hijacking
|
|
|
Choose the figure which represents the number of ports in the TCP/IP (Transmission
Control Protocol/Internet Protocol) which are vulnerable to being scanned, attacked, and exploited. |
65,535 ports
|
|
|
Identify the item that can determine which flags are set in a TCP/IP handshake?
|
Protocol analyzer
|
|
|
IPSec works at which of the following layers of the TCP/IP model?
|
Network
|
|
|
Which of the below options would you consider as a program that constantly observes
data traveling over a network? |
Sniffer
|
|
|
Which of the following concepts involve using a network sniffer to acquire evidence, and
gathering the relevant data on intrusions from sources such as the hard disk, RAM, system cache? |
Collecting evidence
|
|
|
Choose the protocol that is most vulnerable to packet sniffing attacks aimed at
intercepting username and password information. |
FTP (File Transfer Protocol)
|
|
|
From the listing of attacks, choose the attack which exploits session initiation between a
Transport Control Program (TCP) client and server within a network? |
SYN attack
|
|
|
From the listing of attacks, choose the attack which misuses the TCP (Transmission
Control Protocol) three-way handshake process, in an attempt to overload network servers, so that authorized users are denied access to network resources? |
SYN (Synchronize) attack
|
|
|
Which of the following attacks are being referred to if packets are not
connection-oriented and do not require the synchronization process? |
UDP Attack
|
|
|
Which of the following options is the correct sequence for the TCP Three-Way
Handshake? |
Host A, SYN, SYN/ACK, ACK, Host B
|
|
|
Which of the following protocols suites are responsible for IP addressing?
|
IP
|
|
|
Which of the following common attacks would the attacker capture the user's login
information and replay it again later? |
Spoofing
|
|
|
Which of the following attacks can be mitigated against by implementing the following
ingress/egress traffic filtering? * Any packet coming into the network must not have a source address of the internal network. * Any packet coming into the network must have a destination address from the internal network. * Any packet leaving the network must have a source address from the internal network. * Any packet leaving the network must not have a destination address from the internal networks. * Any packet coming into the network or leaving the network must not have a source or destination address of a private address or an address listed in RFC19lS reserved space. |
spoofing
|
|
|
In which of the following attacks does the attacker pretend to be a legitimate user?
|
Spoofing
|
|
|
Which of the attacks can involve the misdirection of the domain name resolution and
Internet traffic? |
Spoofing
|
|
|
You are the network administrator at TestKing.com. You discover that your domain name
server is resolving the domain name to the wrong IP (Internet Protocol) address and thus misdirecting Internet traffic. You suspect a malicious attack. Which of the following would you suspect? |
Spoofing
|
|
|
You are the security administrator at TestKing.com. You detect intruders accessing your internal network. The source IP (Internet Protocol) addresses originate from trusted networks. What type of attack are you experiencing?
|
spoofing
|
|
|
You are the security administrator at TestKing.com. You detect intruders accessing your internal network. The source IP (Internet Protocol) addresses originate from trusted networks. What type of attack are you experiencing?
|
spoofing
|
|
|
Which of the following is the best defense against IP (Internet Protocol) spoofing attacks?
|
Applying ingress filtering to routers.
|
|
|
Nmap has been run against a server and more open ports than expected have been
discovered. Which of the following would be the FIRST step to take? |
The process using the ports should be examined.
|
|
|
Which of the following network attacks cannot occur in an e-mail attack?
|
Dictionary attack
|
|
|
The CEO of your company is worrying about staff browsing inappropriate material on the Internet via HTTPS. Your company is advised to purchase a product which can decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing. Which type of attack is similar to this product?
|
Man-in-the-middle
|
|
|
Which of the following definitions would be correct regarding Active Inception?
|
Placing a computer system between the sender and receiver to capture information.
|
|
|
In which of the following does someone use an application to capture and manipulate
packets as they are passing through your network? |
Man in the Middle
|
|
|
Which of the following is the best defense against man in the middle attacks?
|
Strong encryption
|
|
|
Which of the following types of attacks is BEST described as an attacker capturing part
of a communication and later sending that communication segment to the server while pretending to be the client? |
Replay
|
|
|
When an attacker captures part of a communication and later sends the communication
segment to the server whilst pretending to be the user it is known as a: |
It is known as the Replay attack.
|
|
|
One type of network attack sends two different messages that use the same hash function
to generate the same message digest. Which network attack does this? |
Birthday attack.
|
|
|
One of the below options are correct regarding the DoS (Denial of Service) attack?
|
Prevention access to resources by users authorized to use those resources.
|
|
|
Which of the following is a DoS (Denial of Service) attack that exploits TCP's
(Transmission Control Protocol) three-way handshake for new connections? |
SYN (Synchronize) flood.
|
|
|
Which of the following is a security breach that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?
|
DoS (Denial of Service)
|
|
|
Which of the following is a possible technical impact of receiving large quantifies of
spam? |
DoS (Denial of Service).
|
|
|
One of the below options are correct regarding the DDoS (Distributed Denial of Service)
attack? |
Use of multiple computers to attack a single organization
|
|
|
Which one of the following options is an attack launched from multiple zombie machines
in attempt to bring down a service? |
DDoS
|
|
|
Which of the following is most common method of accomplishing DDoS (Distributed Denial of Service) attacks?
|
Multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router.
|
|
|
Identify the attack that targets a web server if numerous computers send a lot of FIN
packets at the same time with spoofed source IP addresses? |
This attack is known as DDoS.
|
|
|
How can you determine whether the workstations on the internal network are functioning
as zombies participating in external DDoS attacks? |
You should use Firewall logs to confirm the suspicion.
|
|
|
You configure a computer to act as a zombie set in order to attack a web server on a
specific date. What would this contaminated computer be part of? |
The computer is part of a DDoS attack.
|
|
|
What is used in a distributed denial of service (DDOS) attack?
|
DDOS makes use of Botnet.
|
|
|
What can result in DDoS?
|
Privilege escalation can result in a DDoS.
|
|
|
Study the following items carefully, which one will permit a user to float a domain
registration for a maximum of five days? |
Kiting
|
|
|
In computing, a Uniform Resource Locator (URL) is a type of Uniform Resource
Identifier (URI) that specifies where an identified resource is available and the mechanism for retrieving it. When a user attempts to go to a website, he notices the URL has changed, which attack will MOST likely cause the problem? |
DNS poisoning
|
|
|
You receive numerous complaints from users stating that they are rerouted to a protest
webpage when the attempt to access the company web page on the Internet. What is the reason for this occurrence? |
It is most likely DNS Poisoning.
|
|
|
For the following options, which is an area of the network infrastructure that allows a
technician to put public facing systems into it without compromising the entire infrastructure? |
DMZ
|
|
|
Which of the following is employed to allow distrusted hosts to connect to services inside
a network without allowing the hosts direct access to the internal networks? |
Demilitarized zone (DMZ)
|
|
|
Which of the following portions of a company's network is between the Internet and an
internal network? |
Demilitarized zone (DMZ)
|
|
|
For referring to an intranet, which of the following terms does not apply?
|
A demilitarized zone (DMZ)
|
|
|
What is the BEST model to consider with regards to a secured Email infrastructure?
|
Email proxy in the DMZ and Email server in the internal network.
|
|
|
What is the area in which a system administrator would place the web server to isolate it
from other servers on the network called? |
DMZ (Demilitarized Zone)
|
|
|
Which of the following best describes a DMZ (Demilitarized Zone)?
|
A network between a protected network and an external network in order to provide an
additional layer of security. |
|
|
Which of the following would be placed in a DMZ (Demilitarized Zone)?
|
A FTP (File Transfer Protocol) server
|
|
|
QUESTION NO: 9
Which of the following is the general philosophy behind a DMZ? |
Any system on the DMZ can be compromised because it's accessible from the Internet.
|
|
|
What should you implement to permit suspicious hosts connecting to services inside a
network without permitting the hosts direct access to the internal networks? |
This can be accomplished by employing Demilitarized zone (DMZ).
|
|
|
Determine the segments between the Internet and an internal network?
|
The Demilitarized zone (DMZ) is between the Internet and an internal network.
|
|
|
How can a demilitarized zone (DMZ) network segment be created?
|
It can be created by using two firewalls.
|
|
|
You are the network administrator at TestKing.com. The company network contains a
web server that has to be available by remote users, partners and users. Identify the best location for the web server? |
The Demilitarized zone (DMZ) is the best location for the web server.
|
|
|
What is used to securely house public facing servers between the Internet and the local
network? |
Demilitarized zone (DMZ) is a semi-trusted location.
|
|
|
A company wants to implement a VLAN. Senior management believes that a VLAN will
be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. Which of the following issues should be discussed with senior management before VLAN implementation? |
MAC addresses can be spoofed and DTP allows rogue network devices to configure ports
|
|
|
A compromise of which device could result in a VLAN being compromised?
|
Switch
|
|
|
You work as the security administrator at TestKing.com. You must ensure that internal
access to other parts of the network is controlled and restricted. The solution which you implement to restrict network access must be hardware based. You also want to use the least amount of administrative effort to accomplish your task. How will you accomplish the task? |
Deploy a VLAN (Virtual Local Area Network) Deploy.
|
|
|
You contemplate on implementing VLAN on the company network. Management
believes that a VLAN will be secure since authentication is accomplished by MAC addressing and dynamic trunking protocol (DTP) will facilitate network efficiency. Identify the issues that need to be discussed prior to implementing VLAN? |
You should inform management that MAC addresses can be spoofed and DTP permits
rogue network devices in order to configure ports. |
|
|
Which of the following can be used to mitigate against sniffers and decrease broadcast
traffic? |
VLAN (Virtual Local Area Network)
|
|
|
You work as the network administrator at TestKing.com. You want to restrict internal access to other parts of the network. Your solution will be hardware based and must be implemented with the least amount of administrative effort. Which of the following would be your best solution?
|
Implement a VLAN (Virtual Local Area Network) to restrict network access.
|
|
|
Which statement best describes a static NAT?
|
A static NAT uses a one to one mapping.
|
|
|
Which of the following could cause communication errors with an IPSec VPN tunnel
because of changes made to the IP header? |
NAT
|
|
|
In computer networking, network address translation (NAT) is the process of modifying
network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another. Which description is true about a static NAT? |
A static NAT uses a one to one mapping.
|
|
|
On which of the following devices would you not implement NAT?
|
Switch
|
|
|
Which of the following could cause communication errors with an IPSec VPN tunnel
because of changes made to the IP header? |
NAT
|
|
|
Of the technologies used to create a less vulnerable system, which technology can be
implemented in a firewall, router, workstation or server computer; and translates the internal IP address range to an external IP address or address range? |
Network address translation (NAT)
|
|
|
Which type of NAT configuration maps a range of internal IP addresses to a range of
external IP address? |
Dynamic NAT
|
|
|
Overloading NAT allows the organization to use publicly assigned IP addresses over the
Internet that is different from its private IP addresses. To do this, which type of mapping is performed by Overloading NAT? |
Maps multiple internal IP addresses to one external IP address by employing a
port-based mapping method. |
|
|
After auditing file, which log will show unauthorized usage attempts?
|
Security
|
|
|
Which of the following can be used to accomplish NAT (Network Address Translation)?
|
Static and dynamic NAT (Network Address Translation) and PAT (Port Address
Translation). |
|
|
When connecting a network to the Internet, which of the following will ensure that the
internal network IP (Internet Protocol) addresses are not compromised? |
A NAT (Network Address Translation).
|
|
|
Which of the following is MOST often used to allow a client or partner access to a
network? |
Extranet
|
|
|
Fiber optic cable is considered safer than CAT5 because fiber optic cable: (Select TWO).
|
is hard to tap in to.
is not susceptible to interference. |
|
|
Which of the following measures can be used to secure twisted-pair cable networks from
eavesdropping? |
Protect the physical cables.
Protect all critical network segments that connect hubs and switches, and provide connectivity to routers and servers. Check your network cable infrastructure regularly. |
|
|
Which of the following access attacks would involve listening in on someone's network?
|
Eavesdropping
|
|
|
Which media is LEAST susceptible to a tap being placed on the line?
|
Fiber
|
|
|
Fiber optic cable is considered safer than CAT5 because fiber optic cable: (Select TWO).
|
is hard to tap in to.
is not susceptible to interference. |
|
|
A company wants to connect the network to a manufacturer's network to be able to order
parts. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? |
Extranet
|
|
|
Which of the combinations here can be used to create an extranet?
|
All of the above configurations
|
|
|
Which of the following access attacks would involve listening in on someone's network?
|
Eavesdropping
|
|
|
Which media is LEAST susceptible to a tap being placed on the line?
|
Fiber
|
|
|
Fiber optic cable is considered safer than CAT5 because fiber optic cable because:
|
is hard to tap into.
is not susceptible to interference. |
|
|
A company wants to connect the network to a manufacturer's network to be able to order
parts. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? |
Extranet
|
|
|
Which of the combinations here can be used to create an extranet?
|
Two intranets.
One intranet and one perimeter network. |
|
|
Security for the extranet security zone can include a number of strategies. Choose the one
that does not apply. |
Use host-based firewalls for computers that contain confidential data
|
|
|
A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used?
|
Switch
|
|
|
An enclosure that prevents radio frequency signals from emanating out of a controlled
environment is BEST described as which of the following? |
Faraday cage
|
|
|
A software or hardware device that allows only authorized network traffic in or out of a
computer or network is called a: |
firewall
|
|
|
QUESTION NO: 15
The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: |
sandbox
|
|
|
Which of the following sabotage methods can bring down an entire bus topology coaxial
network? |
Physical removal of a terminator
|
|
|
Which of the following security topologies is a dual-homed device used to connect the outside network with the inside network. This would also be one of the first devices where public traffic arrives, and where specialized software defines which types of traffic are allowed to pass through?
|
Bastion host.
|
|
|
Which of the following should be considered when subnetting is performed? (Select
TWO). |
The number of networks.
The number of hosts. |
|
|
A security administrator tasked with confining sensitive data traffic to a specific subnet
would do so by manipulating privilege policy based tables in the network's: |
router
|
|
|
Tom is a network technician of his company. Now, he is making a decision between
implementing a HIDS on the database server and implementing a NIDS. Why NIDS may be better to implement? (Select TWO). |
Many HIDS have a negative impact on system performance.
Many HIDS are not able to detect network attacks. |
|
|
The NIC should be placed in which mode to monitor all network traffic while placing a
NIDS onto the network? |
Promiscuous
|
|
|
Which of the following definitions would be correct regarding Passive Inception?
|
Involve someone who routinely monitors network traffic
|
|
|
A company implements an SMTP server on their firewall. This implementation would
violate which of the following security principles? |
Use a device as intended
|
|
|
In computing, a stateful firewall (any firewall that performs stateful packet inspection
(SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. You have been studying stateful packet inspection and want to perform this security technique on the network. Which device will you use to BEST utilize stateful packet inspection? |
Firewall
|
|
|
Which of the following types of firewalls provides inspection at layer 7 of the OSI
model? |
Application-proxy
|
|
|
Which of the following CANNOT be performed by a proxy server?
|
Data encryption.
|
|
|
A large company wants to deploy an FTP server to support file transfers between business
customers and partners. Which of the following should the security specialist consider before making these changes? |
FTP transfers data in an unencrypted format.
|
|
|
A honeypot is used to:
|
allow administrators a chance to observe an attack.
|
|
|
Which if the following technologies would you use if you need to implement a system
that simulates a network of vulnerable devices, so that this network can be targeted by attackers? |
A honeypot
|
|
|
Which of the following security technologies cannot protect hosts from direct attacks, nor
can they resolve security issues? |
A honeypot
|
|
|
With reference to locating honeypots, which of the following placement strategies
provides some benefit for attacks being initiated from within the company network? |
Inside the private network
|
|
|
For the following items, which one is a collection of servers setup to attract hackers?
|
Honeynet
|
|
|
With reference to honeypots, which statement is FALSE?
|
Honeypots are usually more difficult to monitor than IDS systems and firewalls.
|
|
|
Internet filter appliances/servers will most likely analyze which three items? (Select
THREE). |
Certificates.
URLs. Content. |
|
|
An organization needs to monitor all network traffic as it traverses their network. Which
item should be used by the technician? |
Protocol analyzer
|
|
|
Which of the following is a protocol analyzer?
|
WireShark
|
|
|
Which of the following options would be the primary firewall to protect you from e-mail
viruses? |
E-mail servers.
|
|
|
For the following items, which is a protocol analyzer?
|
WireShark
|
|
|
Which program permits a client to execute code with a higher level of security than what the client have access to?
|
Privilege escalation.
|
|
|
An attack in which a user logs into a server with his user account, executes a program and
then performed activities only available to an administrator is an example of which of the following? |
Privilege escalation
|
|
|
When using network monitoring systems to monitor workstations, which of the following
elements should be reviewed because their information could indicate a possible attack? |
Network counters and access denied errors
|
|
|
Which of the following would allow an administrator to find weak passwords on the
network? |
A rainbow table
|
|
|
An outside auditor has been contracted to determine whether weak passwords are being
used on the network. In order to achieve this goal, the auditor is running a password cracker against the master password file. Which of the following is an example of this? |
Vulnerability assessment
|
|
|
Which password management system best provides for a system with a large number of
users? |
Self service password reset management systems
|
|
|
What is used to find weak passwords on the network?
|
A rainbow table will accomplish this.
|
|
|
Which item can be commonly programmed into an application for ease of administration?
|
Back door
|
|
|
Loki, NetCaZ, Masters Paradise and NetBus are examples of what type of attack?
|
back door
|
|
|
Which programming mechanism should be used to permit administrative access whilst
bypassing the usual access control methods? |
It is known as a back door.
|
|
|
Which method is the easiest to disable a 10Base2 network?
|
Remove a terminator.
|
|
|
Coaxial cable is a cable consisting of an inner conductor, surrounded by a tubular
insulating layer typically made from a flexible material with a high dielectric constant, all of which is then surrounded by another conductive layer (typically of fine woven wire for flexibility, or of a thin metallic foil), and then finally covered again with a thin insulating layer on the outside. Which is the primary security risk with coaxial cable? |
Data emanation from the core
|
|
|
Why will a Faraday cage be used?
|
To mitigate data emanation
|
|
|
Which of the following statements best suits the wireless communication technology
ODFM? |
Accomplishes communication by breaking the data into subsignals and transmitting
them simultaneously |
|
|
Which of the following statements best suits the wireless communication technology
FHSS? |
Accomplishes communication by hopping the transmission over a range of predefined
frequencies |
|
|
Identify the utility used for wireless sniffing and war driving?
|
NetStumbler is used.
|
|
|
Which of the following do attackers most often use to identify the presence of an 801.11b
network? |
War driving
|
|
|
The purpose of the SSID in a wireless network is to:
|
identify the network
|
|
|
To keep an 802.llx network from being automatically discovered, a user should:
|
turn off the SSID broadcast
|
|
|
How can you ensure that an 802.11x network is not discovered automatically?
|
This can be accomplished by turning off the SSID broadcast.
|
|
|
Which action should be performed when discovering an unauthorized wireless access point attached to a network?
|
Unplug the Ethernet cable from the wireless access point.
|
|
|
Which of the following would be MOST desirable when attacking encrypted data?
|
Weak key
|
|
|
The implicit deny will block anything you didn't specifically allow but you may have
allowed stuff that you don't need. A technician is reviewing the system logs for a firewall and is told that there is an implicit deny within the ACL Which is an example of an implicit deny? |
Items which are not specifically given access are denied by default.
|
|
|
You work as the security administrator at TestKing.com. One morning you discover that clients can no longer navigate web sites which have been created for them. What is the most likely cause of the issue?
|
The incorrect permissions have been assigned for the web sites.
|
|
|
Giving each user or group of users only the access they need to do their job is an example
of which of the following security principals? |
Least privilege
|
|
|
Which of the following access control principle dictates that every user be given the most
restricted privileges? |
Least privilege
|
|
|
You work as the network administrator at TestKing.com. The company network consists
of a single location with one owner, one manager and five sales assistants. Which inventory system permissions will best be supported with the least privilege principle for the manager? |
The Update rights inventory system permission will be the best option.
|
|
|
You implement a policy stating that users will only have access to the systems necessary to execute their tasks. What is this an example of?
|
It is an example of least privilege.
|
|
|
Identify the security principle where every user or groups only have access to accomplish
their daily tasks? |
It is an example of least privilege.
|
|
|
Which of the following security principals entails the practice of providing each user only
the access they require to perform their job? |
Least privilege
|
|
|
Which of the following methods, based on the separation of duties principle, involves
provisioning of at least two people for a task to enhance security, and also ensures that multiple people are trained for each task? |
Cross training
|
|
|
Which of the following best describes the term "separation of duties"?
|
Assigning different parts of tasks to different employees.
|
|
|
Determine the company policies that prevent collusion?
|
Separation of duties will stop collusion.
Job rotation will stop collusion. |
|
|
In order to allow for more oversight of past transactions, a company decides to exchange
positions of the purchasing agent and the accounts receivable agent. Which is an example of this? |
Job rotation
|
|
|
The staff must be cross-trained in different functional areas in order to detect fraud.
Which of the following is an example of this? |
Job rotation
|
|
|
Job rotation is a cross-training technique where organizations minimize collusion
amongst staff. |
True
|
|
|
Which of the following access control models uses security labels that are attached to
every object? |
Mandatory Access Control (MAC)
|
|
|
Choose the access control model that allows access control determinations to be
performed based on the security labels associated with each user and each data item. |
MACs (Mandatory Access Control) method
|
|
|
Which of the following access decisions are based on a Mandatory Access Control
(MAC) environment? |
Sensitivity labels
|
|
|
Which of the following statements regarding the MAC access control models is TRUE?
|
In the Mandatory Access Control (MAC) users cannot share resources dynamically.
|
|
|
What does the MAC access control model use to identify the users who have permissions
to a resource? |
Predefined access privileges.
|
|
|
Which of the following access control models uses subject and object labels?
|
Mandatory Access Control (MAC)
|
|
|
Access controls based on security labels associated with each data item and each user are known as:
|
Mandatory Access Control (MAC)
|
|
|
Which of the following access control models refers to assigning sensitivity labels to the
user and the data? |
Mandatory Access Control (MAC)
|
|
|
Which of the following statements regarding the MAC access control models is TRUE?
|
In the Mandatory Access Control (MAC) users cannot share resources dynamically.
|
|
|
Which access control system allows the system administrator to establish access
permissions to network resources? |
MAC
|
|
|
Which access control method is centrally controlled and managed, where all access
capabilities are predefined and users have no influence on permissions, nor can users share information that has not been previously defined by administrators? |
Mandatory Access Control (MAC) method
|
|
|
Which of the following is FALSE for the MAC access method?
|
Users are allowed to change permissions or rights that are associated with objects.
|
|
|
Which of the following statements regarding access control models is FALSE?
|
The MAC model uses Access Control Lists (ACLs) to map a user's access permissions to a resource.
|
|
|
Which item will MOST likely permit an attacker to make a switch function like a hub?
|
MAC flooding
|
|
|
Identify the service provided by message authentication code (MAC) hash;
|
integrity
|
|
|
Which access control system allows the system administrator to establish access
permissions to network resources? |
MAC
|
|
|
Which of the following is FALSE for the MAC access method?
|
Users are allowed to change permissions or rights that are associated with objects.
|
|
|
Which of the following statements regarding access control models is FALSE?
|
The MAC model uses Access Control Lists (ACLs) to map a user's access permissions
to a resource. |
|
|
Which item will MOST likely permit an attacker to make a switch function like a hub?
|
MAC flooding
|
|
|
Identify the service provided by message authentication code (MAC) hash;
|
integrity
|
|
|
Which of the following is FALSE for the MAC access method?
|
Users are allowed to change permissions or rights that are associated with objects.
|
|
|
Which access control system allows the system administrator to establish access
permissions to network resources? |
MAC
|
|
|
Which of the following statements regarding access control models is FALSE?
|
The MAC model uses Access Control Lists (ACLs) to map a user's access permissions
to a resource. |
|
|
Which item will MOST likely permit an attacker to make a switch function like a hub?
|
MAC flooding
|
|
|
Identify the service provided by message authentication code (MAC) hash;
|
integrity
|
|
|
Which access control system allows the system administrator to establish access
permissions to network resources? |
MAC
|
|
|
Who is responsible for establishing access permissions to network resources in the MAC
access control model? |
The system administrator.
|
|
|
Choose the terminology or concept which best describes a (Mandatory Access Control)
model. |
Lattice
|
|
|
Which of the following terms represents a MAC (Mandatory Access Control) model?
|
Lattice
|
|
|
Identify the access control model that makes use of security labels connected to the
objects? |
You should make use of the Mandatory Access Control (MAC) model.
|
|
|
Identify the access decisions based on a Mandatory Access Control (MAC) environment?
|
Sensitivity labels are based on a Mandatory Access Control (MAC) environment.
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
Which access controls are based on security labels assigned to every data item and every
user? |
You should identify Mandatory Access Control (MAC).
|
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
Which access controls are based on security labels assigned to every data item and every
user? |
You should identify Mandatory Access Control (MAC).
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
Which access controls are based on security labels assigned to every data item and every
user? |
You should identify Mandatory Access Control (MAC).
|
|
|
Which access controls are based on security labels assigned to every data item and every
user? |
You should identify Mandatory Access Control (MAC).
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
Which access controls are based on security labels assigned to every data item and every user?
|
Mandatory Access Control (MAC).
|
|
|
Which access controls are based on security labels assigned to every data item and every user?
|
You should identify Mandatory Access Control (MAC).
|
|
|
Which access controls are based on security labels assigned to every data item and every
user? |
You should identify Mandatory Access Control (MAC).
|
|
|
Which access controls are based on security labels assigned to every data item and every
user? |
You should identify Mandatory Access Control (MAC).
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
What does the DAC access control model use to identify the users who have permissions to a resource?
|
Access Control Lists.
|
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
Which access controls are based on security labels assigned to every data item and every
user? |
You should identify Mandatory Access Control (MAC).
|
|
|
Which access controls are based on security labels assigned to every data item and every
user? |
You should identify Mandatory Access Control (MAC).
|
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw.
|
The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. This creates a security loophole for Trojan horse attacks.
|
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
What model assigns sensitivity labels to users and their data?
|
You should identify the Mandatory Access Control (MAC) access control model.
|
|
|
Which access controls are based on security labels assigned to every data item and every
user? |
You should identify Mandatory Access Control (MAC).
|
|
|
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option
that describes this flaw. |
The DAC (Discretionary Access Control) model uses only the identity of the user or
specific process to control access to a resource. This creates a security loophole for Trojan horse attacks. |
|
|
Which access control method gives the owner control over providing permissions?
|
Discretionary Access Control (DAC)
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
Who is responsible for establishing access permissions to network resources in the DAC
access control model? |
The owner of the resource.
|
|
|
Which access control system allows the owner of a resource to establish access
permissions to that resource? |
MAC
|
|
|
Which access control method allowsusers to have some level of flexibility on how
information is accessed, but at the expense of increasing the risk of unauthorized disclosure of information? |
Discretionary Access Control (DAC) method
|
|
|
A user is assigned access rights explicitly. This is a feature of which of the following ?
|
Discretionary Access Control (DAC)
|
|
|
Which access control model uses Access Control Lists to identify the users who have
permissions to a resource? |
DAC
|
|
|
On the topic of the DAC (Discretionary Access Control) model, choose the statement(s)
which are TRUE. |
All objects have an owner, and this owner has full control over that specific object.
|
|
|
Which of the following will restrict access to files according to the identity of the user or
group? |
DAC
|
|
|
What does the DAC access control model use to identify the users who have permissions
to a resource? |
Access Control Lists
|
|
|
With regard to DAC (Discretionary Access Control), which of the following statements
are true? |
Each object has an owner, which has full control over the object.
|
|
|
A user is assigned access rights explicitly. This is a feature of which of the following
access control models? |
Discretionary Access Control (DAC)
|
|
|
Which of the following best describes an access control mechanism that allows the data
owner to create and administer access control? |
DACs (Discretionary Access Control)
|
|
|
How is access control permissions established in the RBAC access control model?
|
The role or responsibilities users have in the organization.
|
|
|
An organization has a hierarchical-based concept of privilege management with
administrators having full access, human resources personnel having slightly less access and managers having access to their own department files only. This is BEST described as: |
Role Based Access Control (RBAC)
|
|
|
You work as the network administrator at Certkiller.com. The Certkiller.com network
uses the RBAC (Role Based Access Control) model. You must plan the security strategy for users to access resources on the Certkiller.com network. The types of resources you must control access to are mailboxes, and files and printers. Certkiller.com is divided into distinct departments and functions named Finance, Sales, Research and Development, and Production respectively. Each user has its own workstation, and accesses resources based on the department wherein he/she works. You must determine which roles to create to support the RBAC (Role Based Access Control) model. |
Create Finance, Sales, Research and Development, and Production roles.
|
|
|
Which of the following access control models uses roles to determine access
permissions? |
RBAC
|
|
|
How is access control permissions established in the RBAC access control model?
|
The role or responsibilities users have in the organization.
|
|
|
A security specialist for a large distributed network with numerous divisions is selecting
an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? |
Role Based Access Control (RBAC)
|
|
|
Which access control method would you need to implement if you want to use a group
management approach to defining access to company resources and data, so that you can define access according to job function or responsibility? |
Role-Based Access Control (RBAC) method.
|
|
|
Which of the following access control models uses roles to determine access
permissions? |
RBAC
|
|
|
Which of the following statements is FALSE for role-based access control?
|
Group members cannot pass on rights and privileges to other users.
|
|
|
Which of the following best describes an access control mechanism in which access
control decisions are based on the responsibilities that an individual user or process has in an organization? |
RBAC (Role Based Access Control)
|
|
|
With regard to RBAC (Role Based Access Control), which of the following best
describes the relation between users, roles and operations? |
Multiple users, multiple roles and multiple operations.
|
|
|
A technician is auditing the security posture of an organization. The audit shows that
many of the users have the ability to access the company's accounting information. Which of the following should the technician recommend to address this problem? |
Changing the user rights and security groups
|
|
|
Which of the following is a best practice for managing user rights and privileges?
|
Identify roles and objects to be accessed, create groups, and grant rights and privileges
based on groups. |
|
|
Which of the following policies detail guidelines on the rights, privileges, and restrictions
for using company equipment and assets? |
Access control
|
|
|
Which of the following types of authentication BEST describes providing a username,
password and undergoing a thumb print scan to access a workstation? |
Multifactor
|
|
|
Which of the following statements are true regarding File Sharing?
|
When files are stored on a workstation, the connection is referred to as a peer-to-peer
connection. |
|
|
An Auditing system is necessary to prevent attacks on what part of the system?
|
The files.
|
|
|
Which description is true about the process of securely removing information from media
(e.g. hard drive) for future use? |
Sanitization
|
|
|
Which of the following can be used to implement a procedure to control inbound and
outbound traffic on a network segment? |
ACL
|
|
|
In computer security, an access control list (ACL) is a list of permissions attached to an object. Which log will reveal activities about ACL?
|
Firewall
|
|
|
Which of the following security mechanisms can be used to control the flow of packets
traveling through routers? |
ACL (Access Control List)
|
|
|
What should be identified to implement a procedure to control inbound and outbound traffic on a network segment?
|
This can be accomplished using ACL.
|
|
|
Which of the following associates users and groups to certain rights to use, read, write,
modify, or execute objects on the system? |
ACL (Access Control List).
|
|
|
A graphical user interface (GUI) is a type of user interface which allows people to interact with electronic devices such as computers; hand-held devices such as MP3 Players, Portable Media Players or Gaming devices; household appliances and office equipment. Which of the following will permit a technician to restrict a user's access to the GUI?
|
Group policy implementation.
|
|
|
On the subject of security management models, identify the statement that is TRUE?
|
Decentralized security involves the process of assigning all new privileges through
multiple governing groups, located at different location. |
|
|
Which of the following statements regarding password policy is FALSE?
|
Specifies the number of correct logon attempts permitted, prior to an account being
locked out of the system. |
|
|
Which of the following types of publicly accessible servers should have anonymous
logins disabled to prevent an attacker from transferring malicious data? |
FTP
|
|
|
Default passwords in hardware and software should be changed:
|
when the hardware or software is turned on.
|
|
|
Audit log information can BEST be protected by: (Select TWO).
|
recording to write-once media.
access controls that restrict usage. |
|
|
Which of the following would be MOST useful in determining which internal user was
the source of an attack that compromised another computer in its network? |
The target computer's audit logs.
|
|
|
Which of the following elements, included in password policy, defines the time duration
for which a locked out account remains locked out? |
Account lockout duration
|
|
|
After the maximum number attempts have failed, which of the following could set an
account to lockout for 30 minutes? |
Account lockout duration
|
|
|
Which of the following would be the BEST reason for certificate expiration?
|
Brute force techniques are likely to break the key if given enough time.
|
|
|
Which of the following statements is TRUE regarding the Security Token system?
|
If your token does not grant you access to certain information, that information will
either not be displayed or your access will be denied. The authentication system creates a token every time a user or a session begins. At the completion of a session, the token is destroyed. |
|
|
Most key fob based identification systems use which of the following types of
authentication mechanisms? (Select TWO). |
Token.
Username/password. |
|
|
Your company has already implemented two-factor authentication and wants to install a
third authentication factor. If the existing authentication system uses strong passwords and PKI tokens, which item would provide a third factor? |
Fingerprint scanner
|
|
|
Determine the two-factor authentication for an information system?
|
You should identify ATM card and PIN.
|
|
|
The authentication process where the user can access several resources without the need
for multiple credentials is known as: |
single sign-on
|
|
|
Users need to access their email and several secure applications from any workstation on
the network. In addition, an authentication system implemented by the administrator requires the use of a username, password, and a company issued smart card. This is an example of which of the following? |
SSO
|
|
|
Which of the following describes the process by which a single user name and password
can be entered to access multiple computer applications? |
Single sign-on
|
|
|
The authentication process where the user can access several resources without the need
for multiple credentials is known as: |
single sign-on
|
|
|
The ability to logon to multiple systems with the same credentials is typically known as:
|
single sign-on
|
|
|
A company has a complex multi-vendor network consisting of UNIX, Windows file
servers and database applications. Users report having too many passwords and that access is too difficult. Which of the following can be implemented to mitigate this situation? |
Single sign-on
|
|
|
Which of the following environments are using the principle of single sign-on to grant
users access for accessing resources? |
Kerberos.
Novell eDirectory. Microsoft Active Directory. |
|
|
Which of the following is based on granting users access to all the systems, applications and resources they need, when they start a computer session?
|
Principle of single sign-on (SSO).
|
|
|
Users would not like to enter credentials to each server or application to conduct their
normal work. Which type of strategy can solve this problem? |
sso
|
|
|
Identify the authentication system where a unique username and password is used to
access multiple systems within a company? |
Single Sign-on is used to access multiple systems within a company.
|
|
|
Which of the following authentication problems is addressed by a single sign on process?
|
Multiple usernames and passwords.
|
|
|
Which of the following is a advantage that can be gained when implementing a Single
Sign-on technology? |
You can browse multiple directories.
|
|
|
Identify the process where users can access numerous resources without needing multiple
credentials? |
The authentication process is known as single sign-on.
|
|
|
Which of the following Directory Services does the statement that it is the backbone for
all security, access, and network implementations from here on out refer to? |
Active Directory
|
|
|
Which solution can be used by a user to implement very tight security controls for
technicians that seek to enter the users' datacenter? |
Biometric reader and smartcard
|
|
|
Which item is not a logical access control method?
|
biometrics
|
|
|
Which item best describes an instance where a biometric system identifies legitimate
users as being unauthorized? |
False rejection
|
|
|
Which of the following methods of authentication makes use of hand scanners,
fingerprints, retinal scanners or DNA structure to identify the user? |
Biometrics
|
|
|
For which of the following can biometrics be used?
|
Authentication
|
|
|
Which of the following is the most costly method of an authentication?
|
Biometrics
|
|
|
Which of the following provides the strongest form of authentication?
|
biometrics
|
|
|
Which of the following relies solely on biometric authentication?
|
Voice patterns, fingerprints, and retinal scans.
|
|
|
Which of the following definitions fit correctly to RADIUS?
|
is a mechanism that allows authentication of dial-in and other network connections
|
|
|
What is the biggest benefit to using RADIUS (Remote Authentication Dial-in User
Service) for a multi-site VPN (Virtual Private Network) that supports a large number of remote users? |
RADIUS (Remote Authentication Dial-in User Service) provides for a centralized user
database. |
|
|
RADIUS (Remote The Lightweight Directory Access Protocol) or LDAP is an application protocol for querying and modifying directory services running over TCP/IP. A user needs to implement secure LDAP on the network. Which port number will secure LDAP use:
default? |
636
|
|
|
Choose the terminology that correctly refers to the start (top) of a LDAP (Lightweight
Directory Access Protocol) directory. |
Root
|
|
|
Which of the following definitions refers to LDAP?
|
It is a standardized directory access protocol that allows queries to be made of
directories. |
|
|
Identify the port number that will ensure a secure LDAP usage by default?
|
Port 636 will secure LDAP.
|
|
|
Which of the following Directory Services does the statement that it stores information
on all system resources, users, and any other relevant information about systems attached to a NetWare server refer to? |
eDirectory
|
|
|
Which port must be open to allow a user to login remotely onto a workstation?
|
3389
|
|
|
Which of the following is the best description about the method of controlling how and
when users can connect in from home? |
Remote access policy
|
|
|
Remote authentication allows you to authenticate users using a locally hosted script. Which of the following is an example of remote authentication?
|
A user in one city logs onto a network by connecting to a domain server in another city.
|
|
|
A company has instituted a VPN to allow remote users to connect to the office. As time
progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? |
IKE
|
|
|
A VPN typically provides a remote access link from one host to another over:
|
the Internet
|
|
|
Which of the following definitions fit correctly to VPN?
|
are used to make connections between private networks across a public network, such
as the Internet |
|
|
A company has instituted a VPN to allow remote users to connect to the office. As time
progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? |
IKE
|
|
|
Which of the following network authentication protocols uses symmetric key
cryptography, stores a shared key for each network resource and uses a Key Distribution Center (KDC)? |
Kerberos
|
|
|
Which authentication method will prevent a replay attack from occurring?
|
Kerberos
|
|
|
For which reason are clocks used in Kerberos authentication?
|
Clocks are used to ensure that tickets expire correctly.
|
|
|
Which of the following authentication systems make use of the KDC Key Distribution
Center? |
Kerberos
|
|
|
Kerberos uses which of the following ports by default?
|
88
|
|
|
In which authentication model a ticket granting server is an important concept?
|
Kerberos
|
|
|
A very important capability or element must be deployed before the Kerberos
authentication system functions properly. What is it? |
You must deploy time synchronization services for clients and servers.
|
|
|
Which of the following authentication systems make use of the KDC Key Distribution
Center? |
Kerberos
|
|
|
Which of the following must be deployed for Kerberos to function correctly?
|
Time synchronization services for clients and servers.
|
|
|
Why are clocks used in a Kerberos authentication system?
|
To ensure tickets expire correctly.
|
|
|
Which of the following factors must be considered when implementing Kerberos
authentication? |
Kerberos requires a centrally managed database of all user and resource passwords.
|
|
|
Which of the following are the main components of a Kerberos server?
|
Authentication server, security database and privilege server.
|
|
|
Which authentication method does the following sequence: Logon request, encrypts value
response, server, challenge, compare encrypts results, authorize or fail referred to? |
CHAP
|
|
|
The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from
the client to the server, and the server sends a challenge back to the client At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer. |
At the stage when the connection is established and at whichever time after the
connection has been established. |
|
|
Which of the following sequences is correct regarding the flow of the CHAP system?
|
Logon request, challenge, encrypts value response, server, compare encrypted results,
authorize or fail |
|
|
You work as the security administrator at TestKing.com. You want to ensure that only
encrypted passwords are used during authentication. Which authentication protocol should you use? |
CHAP (Challenge Handshake Authentication Protocol)
|
|
|
When does CHAP (Challenge Handshake Authentication Protocol) perform the
handshake process? |
When establishing a connection and at anytime after the connection is established.
|
|
|
Which of the following uses unencrypted username and passwords?
|
PAP
|
|
|
Both the server and the client authenticate before exchanging data. This is an example of which of the following?
|
mutual authentication.
|
|
|
Which of the following statements regarding authentication protocols is FALSE?
|
MS-CHAP version 1 is capable of mutual authentication of both the client and the
server. |
|
|
Identify the method that should be used to ensure that the user is able to authenticate to
the server and the server to the user? |
You should make use of the Mutual authentication method.
|
|
|
On the basis of certain ports, which of the following will allow wireless access to network
resources? |
802.lx
|
|
|
Which of the following protocols works with 802.1X to authenticate a client to a
network? |
EAP will works with 802.1X to authenticate a client.
|
|
|
Which of the following definitions fit correctly to TACACS?
|
It allows credentials to be accepted from multiple methods, including Kerberos.
|
|
|
In a secure environment, which authentication mechanism will perform better?
|
TACACS because it encrypts client-server negotiation dialogs.
|
|
|
Which of the following would allow credentials to be accepted from multiple methods,
including Kerberos? |
TACACS (Terminal Access Controller Access Control System)
|
|
|
You work as the security administrator at Certkiller.com. You must configure the firewall
to support TACACS. Which port(s) should you open on the firewall? |
Port 49
|
|
|
During which phase of identification and authentication does proofing occur?
|
Identification
|
|
|
Which security action should be finished before access is given to the network?
|
Identification and authentication
|
|
|
A computer system containing personal identification information is being implemented
by a company's sales department. The sales department has requested that the system become operational before a security review can be completed. Which of the following can be used to explain the reasons a security review must be completed? |
Corporate security policy
|
|
|
The difference between identification and authentication is that:
|
authentication verifies a set of credentials while identification verifies the identity of a
user requesting credentials. |
|
|
Which method could identify when unauthorized access has occurred?
|
Implement previous logon notification.
|
|
|
Which type of business policies involve limiting issues such as unauthorized disclosure
of information, unauthorized access to the company facilities, and data theft? |
Physical access control
|
|
|
After auditing file, which log will show unauthorized usage attempts?
|
Security
|
|
|
You are a network technician of your company. You have just detected an intrusion on your company's network from the Internet. What should be checked FIRST?
|
The firewall logs
|
|
|
Which practice is the best to secure log files?
|
Copy or save the logs to a remote log server.
|
|
|
Many unauthorized staff has been entering the data center by piggybacking authorized
staff. The CIO has mandated to stop this behavior. Which technology should be installed at the data center to prevent piggybacking? |
Mantrap
|
|
|
Which one of the following options will create a security buffer zone between two
rooms? |
Mantrap
|
|
|
You work as a network administrator for your company. Your company requires you to
improve the physical security of a data center located inside the office building. The data center already maintains a physical access log and has a video surveillance system. Which additional control can be performed? |
Mantrap
|
|
|
Risk assessment is a common first step in a risk management process. Risk assessment is
the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). As a best practice, risk assessments should be based upon which of the following? |
A quantitative measurement of risk, impact and asset value
|
|
|
What will be implemented by a technician to mitigate the chances of a successful attack against the wireless network?
|
Implement an authentication system and WPA.
|
|
|
The main objective of risk management in an organization is to reduce risk to a level:
|
the organization will accept.
|
|
|
From the listing of attacks, which analyzes how the operating system (OS) responds to
specific network traffic, in an attempt to determine the operating system running in your networking environment? |
Fingerprinting
|
|
|
Why do many web servers provide message auditing, as do logon, system, and
applications? |
To check for unusual events
|
|
|
Which of the following steps is MOST often overlooked during the auditing process?
|
Reviewing event logs regularly
|
|
|
Which of the following describes how a technician would configure an audit trail to
ensure the information system captures sufficient data in audit records? |
Event date, event type, object identity, subject identity.
|
|
|
Which of the following should be done if an audit recording fails in an information
system? |
Send an alert to the appropriate personnel
|
|
|
Malicious port scanning is a method of attack to determine which of the following?
|
The fingerprint of the operating system
|
|
|
One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions?
|
A TCP (transmission Control Protocol) SYN (Synchronize) scan
|
|
|
A security specialist is reviewing firewall logs and sees the information below. Which of
the following BEST describes the attack that is occurring? |
Port scan
|
|
|
A security specialist is reviewing firewall logs and sees the information below. Which of
the following BEST describes the attack that is occurring? s-192.168.0.21:53 --> d-192.168.0.1:0 s-192.168.0.21:53 --> d-192.168.0.1:1 s-192.168.0.21:53 --> d-192.168.0.1:2 s-192.168.0.21:53 --> d-192.168.0.1:3 s-192.168.0.21:53 --> d-192.168.0.1:4 s-192.168.0.21:53 --> d-192.168.0.1:5 s-192.168.0.21:53 --> d-192.168.0.1:6 s-192.168.0.21:53 --> d-192.168.0.1:7 s-192.168.0.21:53 --> d-192.168.0.1:8 |
Port scan
|
|
|
QUESTION NO: 5
One of these options best defines the main purpose of implementing an e-mail relay server. Which is it? |
An e-mail relay server is used to protect the primary e-mail server and therefore assists
in reducing the effects of viruses and port scan attacks. |
|
|
One type of port scan can determine which ports are in a listening state on the network,
and can then perform a two way handshake. Which type of port scan can perform this set of actions? |
A TCP (transmission Control Protocol) SYN (Synchronize) scan
|
|
|
Which tool can help the technician to find all open ports on the network?
|
Network scanner
|
|
|
Which method is the LEAST intrusive to check the environment for known software
flaws? |
Vulnerability scanner
|
|
|
After analyzing vulnerability and applying a security patch, which non-intrusive action
should be taken to verify that the vulnerability was truly removed? |
Repeat the vulnerability scan.
|
|
|
Which of the following is a reason to use a vulnerability scanner?
|
To identify open ports on a system
|
|
|
Which of the following is the MOST effective way for an administrator to determine
what security holes reside on a network? |
Perform a vulnerability assessment
|
|
|
Which one of the following options is a vulnerability assessment tool?
|
Nessus
|
|
|
What type of program highlights the vulnerabilities of servers on the network to various
exploits and suggests ways to mitigate the vulnerabilities? |
Vulnerability scanner
|
|
|
Why should you use a vulnerability scanner?
|
You should use a vulnerability scanner to determine open ports on a system.
|
|
|
Network traffic is data in a network. Which tool can be used to review network traffic for clear text passwords?
|
Protocol analyzer
|
|
|
Which of the following assessment tools would be MOST appropriate for determining if
a password was being sent across the network in clear text? |
Protocol analyzer
|
|
|
A protocol analyzer will most likely detect which security related anomalies?
|
Many malformed or fragmented packets
|
|
|
Password cracking tools are available worldwide over the Internet. Which one of the
following items is a password cracking tool? |
John the Ripper
|
|
|
One of the below is a description for a password cracker, which one is it?
|
A program that performs comparative analysis.
|
|
|
Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol).
|
A ping scanner.
|
|
|
Choose the most effective method of preventing computer viruses from spreading
throughout the network. |
You should enable scanning of all e-mail attachments.
|
|
|
Which of the following are types of certificate-based authentication?
|
One-to-one mapping.
Many-to-one mapping. |
|
|
In computer programming, DLL injection is a technique used to run code within the
address space of another process by forcing it to load a dynamic-link library. Which activity is MOST closely associated with DLL injection? |
Penetration testing
|
|
|
Which of the following is not identified within the penetration testing scope of work?
|
a complete list of all network vulnerabilities.
|
|
|
Which description is true about penetration testing?
|
Simulating an actual attack on a network
|
|
|
Which description is true about the external security testing?
|
Conducted from outside the organizations security perimeter
|
|
|
A newly hired security specialist is asked to evaluate a company's network security. The
security specialist discovers that users have installed personal software; the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the FIRST step to take? |
Enforce the security policy.
|
|
|
Which tool can best monitor changes to the approved system baseline?
|
Enterprise performance monitoring software
|
|
|
Malware, a portmanteau from the words malicious and software, is software designed to
infiltrate or damage a computer system without the owner's informed consent. A network technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which item can help determine the amount of CPU cycles being consumed? |
Run performance monitor to evaluate the CPU usage.
|
|
|
Which is the primary objective to implement performance monitoring applications on
network systems from a security standpoint? |
To detect availability degradations caused by attackers
|
|
|
Network utilization is the ratio of current network traffic to the maximum traffic that the
port can handle. Which of the following can most effectively determine whether network utilization is abnormal? |
Performance baseline
|
|
|
Of the list of tools below, which is not a tool that collects security baseline-related
information from Windows Management Instrumentation (WMI) or from sources other than WMI and Web-Based Enterprise Management (WBEM)? |
Snort
|
|
|
John works as a network administrator for his company. He uses a tool to check SMTP,
DNS, P0P3, and ICMP packets on the network. This is an example of which of the following? |
A protocol analyzer
|
|
|
What should you update to the baseline after installing new software on a machine?
|
Behavior-based HIDS will need an update to the baseline.
|
|
|
An Intrusion detection system (IDS) is software and/or hardware designed to detect
unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. When an IDS is configured to match a specific traffic pattern, then which of the following is this referring to? |
Signature-based
|
|
|
Look at the following intrusion detection systems carefully, which one uses well defined
models of how an attack occurs? |
Signature
|
|
|
A network intrusion detection system (NIDS) is an intrusion detection system that tries to
detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. Which NIDS configuration is solely based on specific network traffic? |
Signature-based
|
|
|
IDS is short for Intrusion Detection Systems. Which option is the MOST basic form of
IDS? |
Signature
|
|
|
Identify the IDS that make use of known patterns to discover malicious activity?
|
Signature based IDS.
|
|
|
Which security application cannot proactively detect workstation anomalies?
|
NIDS
|
|
|
The purpose of a DNS server is to enable people and applications to lookup records in
DNS tables. Why implement security logging on a DNS server? |
To monitor unauthorized zone transfers
|
|
|
A DNS (Domain Name Service) server uses a specific port number. Choose this port
number from the options. |
Port 1,024
|
|
|
Which of the following BEST describes an attempt to transfer DNS zone data?
|
Reconnaissance
|
|
|
Which of the following Directory Services does the statement that it can identify an individual computer system on the Internet refer to?
|
DNS
|
|
|
Which of the following definitions refers to DNS?
|
It can identify an individual computer system on the Internet.
|
|
|
Which security measures should be recommended while implementing system logging
procedures? |
Perform hashing of the log files.
|
|
|
Which of the following logs shows when the workstation was last shutdown?
|
System
|
|
|
What should be taken into consideration while executing proper logging procedures?
|
The amount of disk space required.
The information that is needed to reconstruct events. |
|
|
Which of the following would be MOST useful in determining which internal user was
the source of an attack that compromised another computer in its network? |
The target computer's audit logs.
|
|
|
Monitoring changes to the current security policy represents the best way to audit which
element? |
Privilege
|
|
|
Which type of policies defines how maintenance personnel are allowed to access and deal
with the equipment of the company, specifies the extent to which external maintenance can be utilized, and specifies whether remote maintenance is allowed? |
Network maintenance policy
|
|
|
Tom is a network administrator of his company. He suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which logs will be the BEST place to look for information?
|
Firewall logs
|
|
|
A PC is rejecting push updates from the server; all other PCs on the network are
accepting the updates successfully. What should be examined first? |
Local firewall
|
|
|
Tom is a network administrator of his company. He guesses that PCs on the internal
network may be acting as zombies participating in external DDoS attacks. Which item will most effectively confirm the administrator's suspicions? |
Firewall logs
|
|
|
Which of the following ports are typically used by email clients?
|
110.
143. |
|
|
When reviewing audit trails, what makes unique user IDs especially important?
|
Unique user IDs establishes individual accountability.
|
|
|
Which of the following steps is MOST often overlooked during the auditing process?
|
Reviewing event logs regularly
|
|
|
Which of the following BEST describes actions pertaining to user account reviews?
(Select TWO). |
User account reports are periodically extracted from systems and employment
verification is performed. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization. |
|
|
Which of the following statements regarding system auditing is TRUE?
|
System audit files must be reviewed regularly for unusual events.
|
|
|
Which auditing method assists in ensuring that all user account, groups, and roles are correctly defined and assigned correctly?
|
Privilege audits.
|
|
|
Which of the following components is a good data retention policy?
|
Offsite storage is a good data retention policy.
|
|
|
Audit record storage capacity must be large enough to ensure that:
|
the storage is not exceeded.
|
|
|
Which of the following is a primary concern of centralized key management systems?
|
Keys must be stored and distributed securely.
|
|
|
Which description is true about how to accomplish steganography in graphic files?
|
Replacing the least significant bit of each byte
|
|
|
What is steganography primarily used for?
|
Hide information
|
|
|
You discover that the JPEG file that contains a message in green letters on a solid white background is published on a website. There is a minor variation in color on the edge of every letter that is mapped to an ASCII table. Identify the process that will reveal the hidden message?
|
This process is known as steganography.
|
|
|
Which of the following types of encryption would be BEST to use for a large amount of
data? |
Symmetric
|
|
|
Which algorithms can best encrypt large amounts of data?
|
Symmetric key algorithms
|
|
|
Choose the type of encryption used by SSL (Secure Sockets Layer).
|
Symmetric key exchange.
|
|
|
Secret Key encryption is also known as:
|
symmetrical
|
|
|
What maybe happen when hashing two different files creates the same result?
|
A collision
|
|
|
PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of
the email, the executive wants to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which asymmetric key should be used by the executive to encrypt the signature? |
Private
|
|
|
For which of the following can digital signatures be used?
|
Asymmetric key.
|
|
|
Which of the following protects the confidentiality of data by making the data unreadable
to those who don't have the correct key? |
Encryption
|
|
|
Which of the following refers to the ability to be reasonably certain that data is not
disclosed to unintended persons? |
Confidentiality
|
|
|
Removable storage has been around almost as long as the computer itself. Which of the following is the GREATEST security risk regarding removable storage?
|
Confidentiality of data.
|
|
|
A user has a sensitive message that needs to be sent in via email. The message needs to be
protected from interception. Which of the following should be used when sending the email? |
Encryption
|
|
|
Which of the following refers to the ability to be reasonably certain that data is not
modified or tampered with? |
Integrity
|
|
|
How to test the integrity of a company's backup data?
|
By restoring part of the backup
|
|
|
Which description is correct concerning the process of comparing cryptographic hash
functions of system executables, configuration files, and log files? |
File integrity auditing
|
|
|
Which of the following types of cryptography is typically used to provide an integrity
check? |
Hash
|
|
|
Which of the following intrusion detection technologies work by monitoring the file structure of a system to determine whether any system files were deleted or modified by an attacker?
|
System integrity verifier (SIV)
|
|
|
Which services is provided by message authentication codes?
|
You make use of message authentication codes to provide the Integrity service.
|
|
|
Which of the following defines the ability to verify that an e-mail message received has
not been modified in transit? |
Integrity
|
|
|
Which of the following would be achieved by using encryption? (Select THREE).
|
Non-repudiation.
Confidentiality. Integrity. |
|
|
Which component of a security triad deals with ensuring that any needed data is available when necessary?
|
Availability.
|
|
|
Which of the following describes the validation of a message's origin?
|
Non-repudiation
|
|
|
Which of the following would be needed to ensure that a user who has received an email
cannot claim that the email was not received? |
Non-repudiation
|
|
|
Which of the following describes the validation of a message's origin?
|
Non-repudiation
|
|
|
What is the general purpose of non-repudiation?
|
To prevent the sender or the receiver from denying that the communication between
them has occurred. |
|
|
Which of the following are types of certificate-based authentication? (Select TWO)
|
One-to-one mapping.
Many-to-one mapping. |
|
|
Most current encryption schemes are based on
|
algorithms
|
|
|
Which option is correct about a hash algorithms ability to avoid the same output from two
guessed inputs? |
Collision resistance
|
|
|
Which of the following security services are provided by digital signatures? (Select
THREE). |
Authentication.
Non-repudiation. Integrity. |
|
|
Non-repudiation is enforced by which of the following?
|
Digital signatures
|
|
|
Non-repudiation is enforced by which of the following?
|
Digital signatures
|
|
|
A digital signature or digital signature scheme is a type of asymmetric cryptography. For
messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which of the following keys? |
Senders private key
|
|
|
Which of the following are used to prove where ActiveX controls originated from?
|
Digital signatures.
|
|
|
TestKing.com issues Certificates as a Local Registration Authority. Identify the actions
that should be taken to ensure that e-mails sent to clients outside the company can be authenticated by the recipients? |
Your best option would be to ensure that digital signatures are turned off on all
outgoing e-mails. |
|
|
Identify the security services offered by digital signatures? (Choose THREE)
|
Integrity is offered by digital signatures.
Non-repudiation is offered by digital signatures. Authentication is offered by digital signatures. |
|
|
Identify the usage of digital signatures?
|
You make use of digital signatures for integrity and non-repudiation.
|
|
|
Which of the following describes a type of algorithm that cannot be reversed in order to
decode the data? |
One Way Function
|
|
|
Which statement correctly describes the difference between a secure cipher and a secure
hash? |
A cipher can be reversed, a hash cannot.
|
|
|
A security specialist has downloaded a free security software tool from a trusted industry
site. The source has published the MD5 hash values for the executable program. The specialist performs a successful virus scan on the download but the MD5 hash is different. Which of the following steps should the specialist take? |
Avoid executing the file and contact the source website administrator
|
|
|
Which method will most effectively verify that a patch file downloaded from a third party
has not been modified since the time that the original manufacturer released the patch? |
Compare the final MD5 hash with the original.
|
|
|
In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash
function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. A user sees an MD5 hash number beside a file that they wish to download. Which description is true about a hash? |
A hash is a unique number that is generated based upon the files contents and should
be verified after download. |
|
|
The hashing algorithm is created from a hash value, making it nearly impossible to derive
the original input number. Which item can implement the strongest hashing algorithm? |
NTLMv2
|
|
|
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily
understood by unauthorized people. Which of the following is considered the weakest encryption? |
DES
|
|
|
Pretty good privacy (PGP) uses which of the following symmetric encryptions of message
data and hashing methods? |
3DES and SHA-1
|
|
|
Which encryption algorithm depends on the inability to factor large prime numbers?
|
RSA
|
|
|
Which of the following encryption algorithms relies on the inability to factor large prime
numbers? |
RSA
|
|
|
Which encryption algorithms can be used to encrypt and decrypt data?
|
RC5
|
|
|
Which of the following is an example of an asymmetric encryption algorithm?
|
RSA (Rivest Shamir Adelmann)
|
|
|
Identify the encryption algorithms that are unable to factor big prime numbers?
|
You should select the RSA.
|
|
|
In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Pre-shared keys can be applied to which of the following?
|
pgp
|
|
|
Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data.
|
Asymmetric scheme
|
|
|
Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is
subordinate to another. The model with no single trusted root is known as: |
peer-to-peer.
|
|
|
Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication?
|
A user must trust the public key that is received
|
|
|
Which of the following does PGP use to encrypt data?
|
A symmetric scheme
|
|
|
Which of the following mail standards relies on a "Web of Trust"?
|
Pretty Good Privacy (PGP)
|
|
|
What is the important defect in Pretty Good Privacy (PGP) authentication?
|
The most important defect is that the client has to trust the public key that is received.
|
|
|
In order to encrypt credit card data, which will be the most secure algorithm with the least
CPU utilization? |
AES
|
|
|
Which of the following provides the MOST secure form of encryption?
|
AES
|
|
|
Encryption is the conversion of data into a form, called a ciphertext that cannot be easily
understood by unauthorized people. Which encryption is the strongest by use of mathematical evaluation techniques? |
AES
|
|
|
Which item will effectively allow for fast, highly secure encryption of a USB flash drive?
|
AES256
|
|
|
You work as the security administrator at TestKing.com. You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN (Local Area Network): What solution should you implement?
|
WEP (Wired Equivalent Privacy).
|
|
|
WEP uses which of the following stream ciphers?
|
RC4
|
|
|
A small manufacturing company wants to deploy secure wireless on their network. Which
of the following wireless security protocols could be used? (Select TWO). |
WEP.
WPA. |
|
|
Which statement is true about the cryptographic algorithm employed by TLS to establish
a session key? |
Diffie-Hellman
|
|
|
Which of the following connectivity is required for a web server that is hosting an SSL
based web site? |
Port 443 inbound
|
|
|
Which of the following identifies the layer of the OSI model where SSL provides
encryption? |
Session
|
|
|
Which of the following uses private key / public key technology to secure web sites?
|
SSL
|
|
|
From the options below, which represents the first action performed by an SSL (Secure Sockets Layer) enabled server when a user clicks to browse a secure page?
|
The server uses its digital certificate to identify itself to the browser.
|
|
|
Which of the following identifies the layer of the OSI model where SSL provides encryption?
|
Session
|
|
|
The Diffie-Hellman encryption algorithm relies on which of the following?
|
Key exchange
|
|
|
Choose the option that details one of the primary benefits of using S/MIME /Secure Multipurpose Internet Mail Extension)?
|
S/MIME allows users to send both encrypted and digitally signed e-mail messages.
|
|
|
Which of the following standards does S/MIME use to perform public key exchange and
authentication? |
X.509
|
|
|
What is the purpose of S/MIME (Secure Multipurpose Internet Mail Extensions)?
|
To encrypt messages and files
|
|
|
What do you require in order to use S/MIME (Secure Multipurpose Internet Mail
Extensions)? |
A digital certificate.
|
|
|
Which of the following tunneling protocols supports encapsulation in a single
point-to-point environment? |
PPTP
|
|
|
Which of the following definitions fit correctly to PPTP?
|
It supports encapsulation in a single point-to-point environment
|
|
|
Which of the following has largely replaced SLIP?
|
PPP (Point-to-Point Protocol)
|
|
|
Which of the following is a tunneling protocol that only works on IP networks?
|
PPTP
|
|
|
Which of the following protocols is used to transmit data between a web browser and a
web server? |
HTTP
|
|
|
Which protocol can be used to ensure secure transmissions on port 443?
|
HTTPS
|
|
|
From the list of protocols, which two are VPN (Virtual Private Network) tunneling
protocols? Choose two protocols. |
L2TP (Layer Two Tunneling Protocol).
PPTP (Point-to-Point Tunneling Protocol). |
|
|
Which item can easily create an unencrypted tunnel between two devices?
|
L2TP
|
|
|
Which of the following definitions fit correctly to L2TP?
|
It is primarily a point-to-point protocol
|
|
|
L2TP tunneling replies on which of the following for security?
|
IPSec
|
|
|
Which security does L2TP tunneling reply on?
|
It will reply on IPSec.
|
|
|
Recently, your company has implemented a work from home program. Employees should
connect securely from home to the corporate network. Which encryption technology can be used to achieve this goal? |
IPSec
|
|
|
Which of the following definitions fit correctly to IPSec?
|
It is not a tunneling protocol, but it is used in conjunction with tunneling protocols.
|
|
|
You work as the security administrator at TestKing.com. TestKing.com has headquarters
in London and a branch office in Paris. You must ensure that a secure connection is established between the London headquarters and the Paris branch office over the public network. You deploy IPSec (Internet Protocol Security) to achieve this goal. You must still configure the IPSec mode for the router at each location. Which IPSec mode should you configure? |
Tunnel mode
|
|
|
Which of the following is a VPN (Virtual Private Network) protocol that operates at the
Network Layer (Layer 3) of the OSI (Open Systems Interconnect) model? |
IPSec (Internet Protocol Security)
|
|
|
Which of the following can be used to authenticate and encrypt IP (Internet Protocol)
traffic? |
IPSec (Internet Protocol Security)
|
|
|
Which of the following best describes tunneling?
|
The act of encapsulating ordinary/non-secure IP packets inside of encrypted/secure IP
packets. |
|
|
Which of the following statements are true regarding FTP Secure?
|
As discussed earlier, SSH is a program that allows connections to be secured by
encrypting the session between the client and the server |
|
|
On a firewall, which ports must be open in order to support SSH (Secure Shell)?
|
TCP (Transmission Control Protocol) port 22
|
|
|
Which of the following is an alternative to using telnet?
|
SSH (Secure Shell).
|
|
|
The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and revoke digital certificates. The public key infrastructure is based on which encryption schemes? |
Asymmetric
|
|
|
Using software on an individual computer to generate a key pair is an example of which
of the following approaches to PKI architecture? |
Decentralized
|
|
|
PKI is based on which of the following types of encryption?
|
Asymmetric
|
|
|
Which of the following would be an effective way to ensure that a compromised PKI key
can not access a system? |
Revoke the key
|
|
|
Which key can be used by a user to log into their network with a smart card?
|
Privatekey
|
|
|
Which key is generally applied FIRST to a message digest to provide non-repudiation by
use of asymmetric cryptography? |
Privatekey of the sender
|
|
|
Which of the following is included in a CRL (Certificate Revocation List)?
|
Certificates that have been disabled before their scheduled expiration.
|
|
|
With regard to CRLs (Certificate Revocation Lists), which of the following are true?
|
A CLR (Certificate Revocation List) query that receives a response in near real time does not guarantee that fresh data is being returned.
|
|
|
Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is
subordinate to another. The model with no single trusted root is known as: |
peer-to-peer
|
|
|
Which of the following would be an effective way to ensure that a compromised PKI key
can not access a system? |
Revoke the key
|
|
|
How to make sure that when an employee leaves the company permanently, the company
will have access to their private keys? |
Store the keys in escrow.
|
|
|
CRL is short for Certificate Revocation List. Which types of keys are included in a CRL?
|
Both public and private keys
|
|
|
Which of the following would be the MOST effective backup site for disaster recovery?
|
Hot site
|
|
|
For the following sites, which one has the means (e.g. equipment, software, and
communications) to facilitate a full recovery within minutes? |
Hot site
|
|
|
Which of the following is an alternate site configured with necessary system hardware,
supporting infrastructure and an on site staff able to respond to an activation of a contingency plan 24 hours a day, 7 days a week? |
A hot site.
|
|
|
Identify the most effective backup site for disaster recovery?
|
A hot site is the most effective.
|
|
|
Which of the following best describes the term cold site?
|
A location to begin operations during disaster recovery.
|
|
|
Which is the correct order in which crucial equipment should draw power?
|
UPS line conditioner, UPS battery, and backup generator
|
|
|
When power must be delivered to critical systems, which of the following is a
countermeasure? |
Backup generator
|
|
|
Choose the correct order in which crucial equipment should draw power.
|
UPS line conditioner, UPS battery, and backup generator
|
|
|
A travel reservation organization conducts the majority of its transactions via a public
facing website. Any downtime to this website will lead to serious financial damage for this organization. One web server is connected to several distributed database servers. Which statement is correct about this scenario? |
Single point of failure
|
|
|
TestKing.com makes use of a public facing website to conduct their business. Downtime
to this website results in a significant financial loss. A web server is connected to a number of distributed database servers. What is this known as? |
This is known as a single point of failure.
|
|
|
Which of the following technical solutions supports high availability?
|
RAID (Redundant Array of Independent Disks)
|
|
|
Determine the RAID configuration that offers the highest availability?
|
Four disks striped with parity.
|
|
|
Which one of the following options will allow for a network to remain operational after a
Tl failure? |
Redundant ISP
|
|
|
Which item can reduce the attack surface of an operating system?
|
Disabling unused services
|
|
|
Which of the following would be MOST important to have to ensure that a company will
be able to recover in case of severe environmental trouble or destruction? |
Disaster recovery plan
|
|
|
Following a disaster, which of the following functions should be returned FIRST from the backup facility to the primary facility?
|
Least critical functions
|
|
|
Which of the following types of backups requires that files and software that have been
changed since the last full backup be copied to storage media? |
Differential
|
|
|
Alex is a network administrator of his company. He is backing up all server data nightly
to a local NAS device. Which additional action should Alex perform to block disaster in the case the primary site is permanently lost? |
Backup all data at a preset interval to tape and store those tapes at a sister site in
another city. |
|
|
Firmware updates are usually produced by manufactures to address security issues with
regard to processing logic or the operating system. To deploy any firmware update, you should perform a number of steps. Choose the one that does not apply. |
You do not need to perform a backup of the existing IOS image and running
configuration because this is a firmware update. |
|
|
You work as a network technician for your company. The company policy for availability
needs full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Wednesday afternoon; how many types are required to restore the data on the file server for Thursday morning? |
Three
|
|
|
A technician is conducting a forensics analysis on a computer system. Which step should
be taken FIRST? |
Get a binary copy of the system.
|
|
|
Which of the following tools is NOT a computer forensic tool or a provider that offers
computer forensic tools? |
Tripwire
|
|
|
Which of the following is a definition of computer forensics?
|
Describes the process of investigating and analyzing computer system security incidents, to determine how the incident occurred and to collect and document all probable evidence that can be used legally.
|
|
|
The concept of forensic analysis involves a standard approach or process. Choose the
correct combination of steps for this process. (Select THREE) |
Authenticate the evidence.
Collect the evidence and analyze the evidence. Acquire the evidence. |
|
|
Forensic investigations and response actions should define the actions for dealing with a
number of situations. Which of the following actions should you perform when an attack is in progress? Choose all options that apply. |
You should remove all affected systems immediately.
You should maintain connectivity so that you can continuously collect data on the attack. |
|
|
In forensics, which of the following tasks should be performed when an incident occurs?
(Choose all that apply) |
Contact the incident response team.
Documents what they see on the screen. |
|
|
Automatic collection of evidence involves the collection of evidence using a number of
tools. Choose the option that is FALSE? |
Specialized tools that collect evidence from hard drives, system cache, CPU caches,
RAM and virtual memory. |
|
|
Which description is correct about the form used while transferring evidence?
|
Chain of custody
|
|
|
To preserve evidence for later use in court, which of the following needs to be
documented? |
Chain of custody
|
|
|
What should be established immediately upon evidence seizure?
|
Chain of custody
|
|
|
Which of the following guidelines do computer forensics experts use to collect and
analyze data while minimizing data loss? |
Chain of custody
|
|
|
What should be documented in order to preserve evidence for later use in court?
|
You should document the chain of custody.
|
|
|
Which of the following avoids the allegations that the evidence may have been tampered
with when it was unaccounted for? |
Chain of custody.
|
|
|
You work as a network administrator for your company. Your company has just detected
a malware incident. Which will be your first response? |
Containment
|
|
|
Keeping all relevant information on the attack or intrusion and using a previously defined
procedure to secure and assess all relevant information on the attack, both onsite and offsite is the process that describes which of the following? |
Preserving evidence
|
|
|
Which of the following sequence of steps should be contained in a computer incident
response policy? |
Preparation; detection and analysis; containment, eradication and recovery;
post-incident activity |
|
|
Which definition best defines what a challenge-response session is?
|
A challenge-response session is a workstation or system that produces a random
challenge string that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number). |
|
|
Which of the following is not a step in the incident response?
|
repudiation
|
|
|
An employee receives a request from a person claiming to be an employee at a remote
office location. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory; however, the caller claims there is an emergency and asks that the request be expedited. Which of the following would be the BEST action for the employee to take? |
Follow established procedures and report any abnormal incidents.
|
|
|
A system administrator reports that an unauthorized user has accessed the network.
Which of the following would be the FIRST action to take? |
Contain the problem.
|
|
|
Which type of policies defines violations, such as privacy issues, usage of equipment; and
details how violations are to be reported? |
Violations reporting policy
|
|
|
Documentation describing a group expected minimum behavior is known as:
|
a code of ethics
|
|
|
A company's new employees are asked to sign a document that describes the methods of
and purposes for accessing the company's IT systems. Which of the following BEST describes this document? |
Acceptable Use Policy
|
|
|
Which security measure should be used while implementing access control?
|
Password complexity requirements
|
|
|
When setting password rules, which of the following would lower the level of security of a network?
|
Complex passwords that users can not remotely change are randomly generated by the administrator and given to users.
|
|
|
Which of the following policies details processes that describe how passwords are
managed? |
Password
|
|
|
Which of the rules listed here are FALSE for implementing effective password policies
for users? |
A password should at least be four characters in length.
|
|
|
Sending a patch through a testing and approval process is an example of which option?
|
Change management
|
|
|
A programmer plans to change the server variable in the coding of an authentication
function for a proprietary sales application. Which process should be followed before implementing the new routine on the production application server? |
Change management
|
|
|
Identify the process that sends a patch through a testing and approval process?
|
It is an example of Change management.
|
|
|
In a classified environment, a clearance into a Top Secret compartment only allows
access to certain information within that compartment. This is known as |
need to know.
|
|
|
Which description is correct about a tool used by organizations to verify whether or not a
staff member has been involved in malicious activity? |
Mandatory vacations
|
|
|
Which one of the following processes is best to remove PII data from a disk drive before
reuse? |
Sanitization
|
|
|
Which type of policies defines the levels of care which should be used to maintain the
confidentiality of private data? |
Due care policies
|
|
|
Which of the following best describes the term "due care"?
|
Policies and procedures intended to reduce the likelihood of damage or injury.
|
|
|
An end-to-end traffic performance guarantee made by a service provider to a customer is
a: |
SLA.
|
|
|
Which type of Service Level Agreement (SLA) deals with hosting of a specific
application or service? |
Application service provider SLA.
|
|
|
Which of the following should to be included in a SLA (Service Level Agreement) to
ensure the availability of server based resources rather than guaranteed server performance levels? |
hosting
|
|
|
Choose the option that best describes the definition of human resource policies.
|
Deals with specifying standards and enforcing behaviors.
|
|
|
A representative from the human resources department informs a security specialist that
an employee has been terminated. Which of the following would be the BEST action to take? |
Disable the employee's user accounts and keep the data for a specified period of time.
|
|
|
Human resource department personnel should be trained about security policy:
|
guidelines and enforcement.
|
|
|
A representative from the human resources department informs a security specialist that
an employee has been terminated. Which of the following would be the BEST action to take? |
Disable the employee's user accounts and keep the data for a specified period of time.
|
|
|
Which of the following personnel security policies define that information should be
limited to only those individuals who require it, so as to minimize unauthorized access of information? |
Need to Know policies
|
|
|
A sound company security policy should define a specific element. What is it?
|
The assets of the organization.
|
|
|
Which of the following activities can violate security policy, and can lead to an incident?
|
Unauthorized processing, modification and deletion of data.
Unauthorized access attempts to access computer systems and private data. All system changes performed without the consent of the owner to hardware, software, and firmware. DoS attacks which disable the computer system, routers, and any other type of network device. |
|
|
The risks of social engineering can be decreased by implementing: (Select TWO)
|
security awareness training
|
|
|
Which of the following definitions would be correct regarding Eavesdropping?
|
Listening or overhearing parts of a conversation
|
|
|
Which of the following definitions would be correct regarding Eavesdropping?
|
Listening or overhearing parts of a conversation
|
|
|
Which of the following access attacks would involve looking through your files in the
hopes of finding something interesting? |
Snooping
|
|
|
Which of the following access attacks would involve putting a computer system between
the sender and receiver to capture information? |
Interception
|
|
|
Which of the following access attacks would involve looking through your files in the
hopes of finding something interesting? |
Snooping
|
|
|
An administrator wants to make sure that no equipment is damaged when encountering a
fire or false alarm in the server room. Which type of fire suppression system should be used? |
Carbon Dioxide
|
|
|
You work as a network administrator for your company. Taking personal safety into
consideration, what fire suppression substances types can effectively prevent damage to electronic equipment? |
CO
|
|
|
Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?
|
Water
|
|
|
Which of the following types of network cabling has no shielding?
|
Unshielded Twisted Pair.
|
|
|
A user has received an email from a mortgage company asking for personal information
including bank account numbers. This would BEST be described as: |
phishing
|
|
|
You receive an e-mail to reset the online banking username and password. When you
attempt to access the link the URL appearing in the browser does not match the link. What is this known as? |
This situation is known as phishing.
|
|
|
What is the scenario named where a user receives an e-mail requesting personal data as
well as bank account details? |
This can be described as phishing.
|
|
|
Which of the following definitions would be correct regarding Snooping?
|
Someone looking through your files.
|
|
|
On the topic of comparing viruses and hoaxes, which statement is TRUE? Choose the
best TRUE statement. |
Hoaxes can create as much damage as a real virus.
|
|
|
Which of the following would be considered a detrimental effect of a virus hoax? (Select
TWO). |
Technical support resources are consumed by increased user calls.
Users are tricked into changing the system configuration. |
|
|
Which of the following is the primary attribute associated with e-mail hoaxes?
|
E-mail hoaxes create unnecessary e-mail traffic and panic in non-technical users.
|
|
|
What does the security administrator wants to prevent by ensuring that the users'
password cannot be seen by passersby? |
The security administrator wants to stop shoulder surfing.
|
|
|
In order to recover discarded company documents, which of the following might an attacker resort to?
|
Dumpster diving.
|
|
|
Which of the following is the best method of reducing vulnerability from dumpster
diving? |
Destroying paper and other media.
|
|
|
Which of the following is a major reason that social engineering attacks succeed?
|
Lack of security awareness
|
|
|
A person pretends to be a telecommunications repair technician, enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against a wall. This is an example of:
|
social engineering.
|
|
|
Turnstiles, double entry doors and security guards are all prevention measures for which
of the following types of social engineering? |
Piggybacking
|
|
|
Which of the following describes an attacker encouraging a person to perform an action
in order to be successful? |
Social engineering
|
|
|
Choose the attack or malicious code that cannot be prevented or deterred solely through
using technical measures. |
Social engineering.
|
|
|
Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as:
|
social engineering
|
|
|
Social engineering attacks would be MOST effective in which of the following
environments? (Select TWO). |
A company with a help desk whose personnel have minimal training.
A public building that has shared office space. |
|
|
In addition to bribery and forgery, which of the following are the MOST common techniques that attackers use to socially engineer people?
|
Flattery
Assuming a position of authority |
|
|
Choose the attack or malicious code that cannot be prevented or deterred solely through
using technical measures. |
Social engineering.
|
|
|
Which of the following describes an attacker encouraging a person to perform an action
in order to be successful? |
Social engineering
|
|
|
Which of the following options best describe how a social engineering attack occurs?
|
You are e-mailed by your "manager" and he is out of town and forgot his password and
you send him the necessary information |
|
|
Who is finally in charge of the amount of residual risk?
|
The senior management
|
|
|
Choose the primary disadvantage of using a third party mail relay.
|
Spammers can utilize the third party mail relay.
|
|
|
When evidence is used in court, a number of factors must be TRUE for the actual data.
Choose the option that is FALSE. |
The data must have been modified while it was being collected, documented, and
maintained or stored; so that is current. |
|
|
You work as the security administrator at TestKing.com. A hacker has recently accessed
confidential company data from over the network. You have just secured the crime scene and now want to preserve evidence. What should you do next? Choose all correct options. |
Document all messages being displayed by the computer.
Take photographs of all information being displayed on all monitors that was used to access the confidential data. |
|
|
Which of the following concepts pertain to the process which proves that evidence
presented is in fact the evidence which was collected? |
Authenticating evidence
|
|
|
When should you remove all systems that were affected by an attack, for immediate
evidence collection and system recovery purposes? |
When an attack is over.
|
|
|
A user accesses a retailer from an Internet search. While browsing the retailer's web site,
the user wants to purchase an item and enters the credit card information. The user later observes unknown charges on the credit card bill and has not received the purchased items. Which of the following actions should the user take? |
Be sure that a URL is secure before entering personal information.
|
