Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
251 Cards in this Set
- Front
- Back
|
You need to discover if users are using Terminal Services to log in to your Windows 2000 Server network. Which user right should you audit?
|
Log on locally
|
|
|
Which statement is true of the Key Distribution Center (KDC) when the Kerberos protocol is being used?
|
The KDC is used to store, distribute, and maintain cryptographic session keys.
|
|
|
WHich network device or component ensures that the computers on the network meet an organizations policies?
|
NAC - Network Access Control
|
|
|
Which network device acts as an Internet gateway, firewall, and Internet caching server for a private network?
|
proxy server
|
|
|
What safeguards should you employ kto protect cell phones owned by an organization?
|
- Maintain physical control
- Enable user authentication - Disable unneeded features |
|
|
You are investigating the authentication protocols used on your network. You discover that several authentication protocols are being used on your network. What is the oldest?
|
LANMan
|
|
|
What is an embedded firewall?
|
a firewall that is integrated into a router
|
|
|
Which entity must certify the public key pair of a root CA?
|
the root CA
|
|
|
What is the major security vulnerability of using File Transfer Protocol (FTP)?
|
The user ID and password are sent in clear text.
|
|
|
Your organization is concerned with unauthorized users downloading confidential data to removable media. You decide to encrypt the company's confidential data using the operating system's encryption feature. What does this ensure?
|
The data is protected while it is on the original media only.
|
|
|
What is RAID 1 implemented with a single hard disk controller?
|
disk mirroring
|
|
|
What attack involves the use of multiple computers iwht the purpose of denying legitimate access to a critical server?
|
distributed denial-of-service (DDoS) attack
|
|
|
What is network address hijacking?
|
It allows the attacker to reroute data taffic from a network device to a personal computer.
|
|
|
Which port number is used by L2TP?
|
1701
|
|
|
Which term is most commonly used to describe equipment that creates a demilitarized zone (DMZ)?
|
firewall
|
|
|
What attack involves the use of a promiscuous mode for data analysis?
|
packet sniffing
|
|
|
Which network entity acts as the nterface between a local area network and the internet using one IP address?
|
NAT - Network Address Translation
|
|
|
What network device provides a transparent firewall solution between an internal network and outside networks?
|
NAT - Network Address Translation
|
|
|
After determining the scope of a user's job, what is the next step in implementing the principle of least privilege?
|
determine the minimum set of privileges needed to perform the user's job.
|
|
|
What is the best implementation of the principle of least privilege?
|
Issuing the Run as comand to execute administrative tasks during a regular user session
|
|
|
What are two advantages of implementing RBAC?
|
- low security cost
- easier to implement |
|
|
What type of access control model is based on the user's or group's identity?
|
DAC - Discretionary Access Control
|
|
|
Which type of monitoring requires that updates be regularly obtained to ensure effectiveness?
|
signature-based
|
|
|
Which type of monitoring detects any changes or deviations in network traffic?
|
anomaly-based
|
|
|
What tool should you use to limit the amount of audit log information by discarding information that is not needed by the security professional?
|
audit-reduction tool
|
|
|
What two methods are used to monitor access control violations?
|
- IDSs
- audit logs |
|
|
Which key management system does an encryption system provide to generate keys?
|
creation
|
|
|
Which security principle identifies sensitive data and ensures that unauthorized entities cannot access it?
|
confidentiality
|
|
|
What is the purpose of the BitLocker technology?
|
It encrypts the drive contents so that data cannot be stolen.
|
|
|
What produces 160-bit checksums?
|
SHA
|
|
|
What disk systems protect against data loss if a single drive fails?
|
- disk mirroring
- disk stiping with parity - failure resistant disk system (FRDS) |
|
|
What are some disadvantages to using a cold site?
|
- recovery time
- testing availability |
|
|
Which RAID level requires at least three hard disks and writes both parity and data across all disks in the array?
|
Level 5
|
|
|
What does an incremental backup do?
|
It backs up all new files and any files that have changed since the last full backup, and resets the archive bit.
|
|
|
What element is created to ensure that your company is able to resume operation after unplanned downtime in a timely manner?
|
disaster recovery plan
|
|
|
Which protocol allows the transfer of files over a secure connection?
|
SCP - Secure copy
|
|
|
Which protocol is NOT used by network-attached storage?
|
NTFS - New Technology File System
|
|
|
Which file system allows computers to mount the file system from a remote location, thereby enabling the client system to view the server storage as part of the local client?
|
NFS - Network File System
|
|
|
What Web technology provides the highest level of security?
|
HTTPS
|
|
|
On a network, what is typically monitored by an HIDS?
|
failed login attempts
|
|
|
You need to ensure that a single document transmitted from your Web server is encrypted. You need to implemetn this solution as simply as possible. What should you do?
|
Use S-HTTP
|
|
|
What type of firewall is most detrimental to network performance?
|
application-level proxy firewall (requires more processing per packet)
|
|
|
Youare responsible for managing your company's virtualization environment. What feature should NOT be allowed on a virtualizaion host?
|
browsing the internet
|
|
|
What technology will phreakers attack?
|
VOIP
|
|
|
At which layer of the OSI model do routers operate?
|
Network
|
|
|
Your network contains four segments. What network devices can you use to connect two or more of the LAN segments together?
|
- Router
- Switch - Bridge |
|
|
What system detects network intrusion attempts and controls access to the network for the intruders?
|
IPS - Intrusion prevention system
|
|
|
What is the primary advantage of using a network-based intrusion detection system (NIDS)?
|
low maintenance
|
|
|
A user reports that she is unable to access a fie server. You discover that there are numberous open connections of the file server from several servers and routers. What type of attack has affected the file server?
|
denial-of-service (DoS) attack
|
|
|
Which tool is a file integrity checker?
|
Tripwire
|
|
|
you manage the security for a small corporate network that includes a hub and firewall. you want to provide protection against traffic sniffing. What should you do?
|
Replace the hub with a switch.
|
|
|
What should you use to connect a computer to a 100BaseTX Fast Ethernet network?
|
- CAT5 UTP cable
- RJ-45 connectors |
|
|
What network transfers data at a maximum rate of 100 Mbps?
|
Fast Ethernet
|
|
|
Which WiFi mode requires all wireless traffic on a wireless network to be transmitted through wireless access points?
|
infrastructure
|
|
|
You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do?
|
Periodically complete a site survey.
|
|
|
What device enables non-wireless devices and wireless devices to communicate vian 802.11b network?
|
an access point
|
|
|
What is the most common form of identification and authentication?
|
user identification with reusable password
|
|
|
What device generates time-sensitive passwords?
|
Security token
|
|
|
What replaced NTLM for network user authentication on Windows 2000 networks?
|
Kerberos
|
|
|
What password types are usually the hardest to remember?
|
- dynamic passwords
- software-generated password |
|
|
What contains LDAP entries?
|
DIT - Directory information tree
|
|
|
What is true of an audit trail?
|
- assists in intrusion detection
- establishes accountability for access control |
|
|
As part of your company's security policy, you are creating a performance baseline for a Windows Server 2003 computer. What counter does Microsoft recommend should remain at or close to zero?
|
Memory\Pages/sec
|
|
|
You are using a network analyzer to monitor traffic on your network. A user reports trouble communicating with the file server. You suspect that the file server is the victim of a denial of service attack. You decide to use the network analyzer to determine the problem. What info should you examine?
|
station statistics
|
|
|
What size checksum is produced by the SHA?
|
160-bit
|
|
|
You have been asked to perform user account reviews. What should you do?
|
- Ensure that users have the appropriate level of access
- Ensure that user accounts are for valid employees |
|
|
What size checksum does MD5 produce?
|
128-bit
|
|
|
What is an advantage of ECC over the RSA algorithm?
|
ECC requires fewer resources.
|
|
|
What is used to digitally sign packets that are transmitted on IPSec connections?
|
KHMAC - Keyed Hashing for Message Authentication Code
|
|
|
What IETF standard is used for attaching files to e-mail messages and sending those messages?
|
MIME - Multipurpose Internet Mail Extension
|
|
|
What is contained within an X.509 CRL?
|
serial numbers
|
|
|
What events should be considered as part of the business continuity plan?
|
- natural disaster
- hardware failure |
|
|
What are objectives of a security awareness program?
|
- promote acceptable use and behavior
- enforce compliance to the information security program - communicate ramifications of violating the security policy |
|
|
What is typically part of a company's user management policies?
|
employee termination
|
|
|
Which component of a computer use policy should state that the data stored on a company computer is not guaranteed to remain confidential?
|
no expectation of privacy
|
|
|
What is a data haven?
|
A data haven either has no laws or poorly enforced laws for information protection
|
|
|
What firewall architecture has two network interfaces?
|
dual-homed firewall
|
|
|
You must design the network for your company's new location. What two considerations are important?
|
- number of hosts to support
- number of subnetworks needed |
|
|
Internet Explorer is confgured to block all pop-ups. You access a research site that implements a required pop-up immediately after login. You must ensure that the pop-up that is implemented after logging in is never blocked. What should you do?
|
Add the Web site to the Allowed sites list on the Pop-up Blocker settings dialog box.
|
|
|
A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. What port should be opened on the Internet side of the DMZ firewal?
|
20
|
|
|
You need to implement security countermeasures to protect from attacks being implemented against your PBX system via remote maintenance. Which policies provide protection against remote maintenance PBX attacks?
|
- Turn off the remote maintenance features when not needed.
- use strong authentication on the remote maintenance ports. - Keep PBX terminals in a locked, restricted area. - Replace or disable embedded logins and passwords. |
|
|
You have deployed a modem to allow remote users to connect to your network. You need to ensure that only users from specific locations can access your network using the modem. What should you deploy?
|
Callback
|
|
|
you are deploying a virtual private network (VPN) for remote users. You have decided to deploy the VPN gateway in its own demilitarized zone (DMZ) behind the external firewall. what are the benefits of this deployment?
|
- The firewall can protect the VPN gateway
- The firewall can inspect plain text from the VPN |
|
|
What cable type is vulnerable to the use of vampire taps?
|
Coaxial
|
|
|
What is the type of logical network topology used on Ethernet networks?
|
Bus
|
|
|
You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack. What should you do?
|
- Change the default Service Set Identifier (SSID)
- Disable SSID broadcast - Configure the network to use authenticated access only - Configure the WEP protocol to use a 128-bit key |
|
|
Your manager has asked you to improve network security by confining sensitive internal data traffic to computers on a specific subnet using access control lists (ACLs). where should the ACLs be deployed?
|
Routers
|
|
|
You have been asked to control the usage of portable USB drives in your Windows domain. What is the best way to do this using the least administrative effort?
|
Disable USB devices via a domain group policy.
|
|
|
What security threats are self-replicating?
|
- worm
- virus |
|
|
What is RAID 0?
|
disk striping
|
|
|
What is RAID 5?
|
disk striping with parity
|
|
|
Which condition might indicate that a network is undergoing a DoS attack?
|
a significant increase in network traffic
|
|
|
Which hacker attack is a combination of IP spoofing and the saturation of a network with ICMP messages?
|
smurf
|
|
|
What type of attack redirects you to a fake Web site?
|
hyperlink spoofing
|
|
|
Which protocol is NOT capable of preventing a man-in-the-middle attack?
|
Remote shell (rsh)
|
|
|
Which attack involves impersonating the identity of another host to gain access to privileged resources that are typically restricted?
|
spoofing
|
|
|
What type of untargeted hacker reconnaissance sends ICMP messages to IP addresses to determine which IP addresses are used by communicating hosts?
|
ping sweep
|
|
|
Which type of scanning sends ICMP messages to each IP address on a network?
|
ping scanning
|
|
|
Which hacker attack can be perpetrated by hijacking a communications session between a Web browser and a Web server?
|
MITM - Man-in-the-middle
|
|
|
WHich protocol was developed by the IETF to digitally sign packet headers and to encrypt and encapsulate packets?
|
IPSec
|
|
|
A hacker is sending a massive number of requests to a Web server on a company network. Which basic type of attack is occurring?
|
denial of service
|
|
|
What is DNS poisoning?
|
the practice of dispensing IP addresses and host names with the goal of traffic diversion
|
|
|
What is a network connection construct that is used to transport encapsulated network transmissions?
|
a tunnel
|
|
|
You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. The solution must be hardware based. Which type of network should you deploy?
|
VLAN
|
|
|
What is the primary objective of privilege management?
|
to ensure control over user permissions and access rights
|
|
|
Which access control principle ensures that a particular role has more than one person trained to perform its duties?
|
job rotation
|
|
|
The administrator must ensure that certain users do not have access to a particular file. All other users should be able to access the file based on their group permissions. What should you use to provide this functionality?
|
explicit deny
|
|
|
A user works in a small office environment that implements a small Microsoft workgroup. Users commonly share folders with each other. Whch access control model is represented in this example?
|
DAC - Discretionary Access Control
|
|
|
What is the most important entity in a mandatory access control (MAC) environment?
|
security label
|
|
|
Which access control model provides the strictest security mechanism?
|
MAC - mandatory access control
|
|
|
What two activities are considered illegal on a computer system that is protected by MAC?
|
- read-up
- write-down |
|
|
What can an administrator use to designate which users can access a file?
|
an ACL
|
|
|
What option is a non-discretionary security control method?
|
MAC - Mandatory Access Control
|
|
|
Which type of right occurs when a user inherits a permission based on group membership?
|
implicit right
|
|
|
Under MAC, which entities would exist as an object?
|
- a file
- a printer - a computer |
|
|
Which access control method uses the settings in pre-configured security policies to make all decisions?
|
rule-based access control
|
|
|
What is the primary task of an anomaly detector?
|
to identify abnormal activity
|
|
|
Which type of intrusion detection system (IDS) watches for intrusions that match a known identity?
|
signature-based IDS
|
|
|
What criteria can be used to restrict access to resources? (list 5)
|
- roles
- groups - location - time of day - transaction type |
|
|
You are creating a monitoring solution for your company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of monitoring are you using?
|
behavior-based
|
|
|
For anomaly based monitoring to be effective, what must be in place?
|
a baseline
|
|
|
You need to determine whether user accounts are being used. Which property should you verify?
|
When the last login occurred
|
|
|
Which encryption standard uses a single 56-bit encryption key to encrypt 64-bit blocks of data?
|
DES
|
|
|
Which option is a public key encryption?
IDEA RC5 RSA Skipjack |
RSA
|
|
|
What is an encryption method that is designed to be used only once?
|
OTP
|
|
|
Which encryption standard was developed by the US government for the Clipper Chip?
|
Skipjack
|
|
|
Which strength encryption key is used in IDEA encryption?
|
128-bit
|
|
|
Which type of encryption algorithm does RSA represent?
|
asymmetric with authentication
|
|
|
What protocol transmits Web pages over SSL?
|
HTTPS
|
|
|
Which email security method is defined in RFC 2632 and RFC 2634?
|
S/MIME
|
|
|
What technology is used to create an encrypted remote terminal connection with a UNIX computer?
|
SSH
|
|
|
Which protocol operates at the Data Link layer of the OSI model?
|
L2TP
|
|
|
What is a common implementation for the IPSec protocol?
|
VPN
|
|
|
Which technology transmits encrypted authentication information over a secure communications channel?
|
SSH
|
|
|
What must be secured in a PKI to protect the certificates that have been validated?
|
the private key of the root CA
|
|
|
Which task does a key revocation system accomplish?
|
key invalidation
|
|
|
What is EFS?
|
a Windows XP feature that supports file encryption
|
|
|
What refers to the type of trust model used by CAs?
|
hierarchy
|
|
|
Which stage is NOT a part of the life cycle of evidence?
- storage - collection - accreditation - presentation in court |
accreditation
|
|
|
What policy defines the sensitivity of a company's data?
|
an information policy
|
|
|
What is defined in an acceptable use policy?
|
how users are allowed to employ company hardware
|
|
|
What term indicates that a company has taken reasonable measures to protect its confidential information and employees?
|
due care
|
|
|
What is the first step in a change control process?
|
Acquire management approval
|
|
|
Which information classification should U.S. companies avoid using?
|
Top Secret
|
|
|
Which social engineering attack is typically considered the most dangerous?
|
physical penetration
|
|
|
What two suppression methods are recommended when paper, laminates and wooden furniture are the elements of a fire in the facility?
|
Water
Soda Acid |
|
|
Which system provides a company with telephone extensions for employees?
|
PBX
|
|
|
Which network device or componenent ensures that the computers on the network meet an organization's security policies?
|
NAC
|
|
|
What is meant by the terma data source in intrusion detection system (IDS) technology?
|
the raw information used by the IDS to detect suspicious activity
|
|
|
Which option is an example of antivirus software running with old antivirus definitions?
|
a vulnerability
|
|
|
What is a Ping of Death?
|
transmission of large ICMP packets
|
|
|
What is SMTP relay?
|
an e-mail feature that allows any Internet user to send e-mail messages through an SMTP server
|
|
|
Which agents are used by the presence service of an IM system? (Two)
|
- presence user agent
- watcher user agent |
|
|
What is the best countermeasure for a buffer overflow attack on a commercial application?
|
Update the software with the latest patches, updates, and service packs.
|
|
|
Which types of computers are targeted by RedPill and Scooby Doo attacks?
|
virtual machines
|
|
|
Which network device acts as an Internet gateway, firewall, and Internet caching server for a private network?
|
proxy server
|
|
|
Where should a honeypot reside?
|
on the demilitarized zone (DMZ)
|
|
|
Which tool is NOT a back door application?
- Back Orifice - NetBus - Masters Paradise - Nessus |
Nessus
|
|
|
On a Windows XP Pro client computer what tool would you use to viet the IP address information?
|
ipconfig
|
|
|
In low encryption mode, which level of encryption does WEP provide?
|
64-bit
|
|
|
To which type of attack are password files stored on a server vulnerable?
|
a dictionary attack
|
|
|
You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security while providing support for older wireless. Which protocol should you choose?
|
Wi-Fi Protected Access (WPA)
|
|
|
To which attacks are passwords susceptible?
|
- sniffing
- dictionary - brute force - social engineering |
|
|
As part of your company's security policy, all network packets must be captured using a network analyzer. What should you do to ensure that this occurs?
|
- Enable promiscuous mode on every network interface
- use a hardware network analyzer |
|
|
You need to view events that are generated based on your auditing settings. Which log in Event Viewer should you view?
|
Security
|
|
|
You need to view events on host name registrations. Which log in Event viewer should you view?
|
DNS
|
|
|
Which statement is true of a watermark?
|
A watermark can enable you to detect copyright violations.
|
|
|
You administer a small corporate network. On Friday evening, after close of business, you performed a full backup of the hard disk of one of the company's servers. On Monday evening, you performed a differential backup of the same server's hard disk, and on Tuesday, Wednsday, and Thursday evenings you performed incremental backups of the server's hard disk. Which files are recorded in the backup that you performed on Thursday?
|
all the files on the hard disk that were changed or created since the incremental backup on Wednesday
|
|
|
A Web server is located on a DMZ segment. The Web server only serves HTTP pages, and there are no other computers on the DMZ segment.Which port should be opened on the Internet side of the DMZ firewall?
|
80
|
|
|
What is a copper network medium that is designed to support gigabit data transmission rates?
|
CAT6 UTP
|
|
|
Bob manages the Sales department. Most of his sales representatives travel among several client sites. He wants to enable these sales representatives to check the shipping status of their orders online. This information currently resides on the company intranet, but is not accessible to anyone outside the company firewall. Bob has asked you to make the information available to traveling sales representatives. You decide to create an extranet to allow these employees to view their customers' order status and history. Which technique could you use to secure communications between network segments sending order-status data via the Internet?
|
VPN
|
|
|
What defines the minimum level of security?
|
baselines
|
|
|
Which statement is NOT true of an RSA algorithm?
|
An RSA algorithm is an example of symmetric cryptography
|
|
|
In the context of backup media, what is meant by the term retention time?
|
The amount of time a tape is stored before its data is overwritten
|
|
|
Your company has a backup solution that performs a full backup each Saturday evening and a differential backup all other evenings. A vital system crashes on Tuesday morning. How many backups will need to be restored?
|
two
|
|
|
You are aware that any system in the demilitarized zone (DMZ) can be compromised because the DMZ is accessible from the Internet.What should you do to mitigate this risk?
|
Implement every computer on the DMZ as a bastion host.
|
|
|
You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security while providing support for older wireless clients.Which protocol should you use?
|
Wi-Fi Protected Access (WPA)
|
|
|
Which audit events could be monitored to improve user accountability?
|
- logon attempts
- file modification - account modification |
|
|
What is a vulnerability scanner?
|
an application that identifies security issues on a network and offers suggestions on how to prevent the issues
|
|
|
You have configured auditing for several security events on your Windows Server 2003 network. The Event Viewer logs are backed up on a daily basis. You configure the following settings for the Security log:
- the max event log size - the audit: Shut down system immediately if unable to log security events setting is enabled. - the do not overwrite events setting is enabled A few weeks later, the computer shuts down. You discover that the Security event log settings are causing the problem. What could you do? |
- Configure automatic log rotation
- disable the audit - enable the overwrite events as needed setting |
|
|
Which statements are true of Internet Protocol Security (IPSec)?
|
- IPSec can work in either tunnel mode or transport mode
- IPSec uses Encapsulation Security Payload (ESP) and Authentication Header (AH) as security protocols for encapsulation - The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions |
|
|
Which part of a computer system should be inspected for hidden files and data?
|
slack space
|
|
|
Which statement is NOT true of digital certificates?
|
Class 2 assurance for a dig. cert. only verifies a user's name and e-mail address
|
|
|
What is formed when a malicious program is installed on several host computers and is remotely triggered?
|
botnet
|
|
|
What is an example of privelege escalation?
|
gaining access to a restricted file by changing the permissions of your valid account
|
|
|
Which security threat often uses tracking cookies to collect and report on a user's activities?
|
spyware
|
|
|
What is a rootkit?
|
a collection of programs that grants a hacker administrative access to a computer or network
|
|
|
Which statement correctly defines spamming attacks?
|
repeatedly sending identical e-mails to a specific address
|
|
|
Which security threat is a software application that displays advertisements while the application is executing?
|
adware
|
|
|
A custom application is used to manage your company's human resources files. A manager reports that certain users are able to perform actions that should not be permitted. When you research ...
|
privelege escalation
|
|
|
You receive an unsolicited e-mail from an application vendor stating that a security patch is available for your application. Your company's security policy states that all applications must be updated with security patches and service packs. What should you do?
|
Go to the vendor's web site to download the security patch.
|
|
|
When should you install a software patch on a production server?
|
after the patch has been tested
|
|
|
How does an unsigned Java applet enforce security in JDK 1.1?
|
by using sandboxes
|
|
|
Which spyware technique inserts a dynamic link library into a running process's memory?
|
DLL injection
|
|
|
You have been asked to reduce the surface area of a Windows Server 2003 computer that acts as a Web server. Which step is NOT included in reducing surface area attacks?
|
Disable auditing
|
|
|
What is a passive measure that can be used to detect hacker attacks?
|
event logging
|
|
|
Which type of firewall hides a packet's true origin before sending it through another network?
|
proxy firewall
|
|
|
Which type of firewall only examines the packet header information?
|
packet-filtering firewall
|
|
|
What is a disadvantage of a hardware firewall compared to a software firewall?
|
It has a fixed number of available interfaces
|
|
|
Which attack is NOT directed only at virtual machines?
|
Man-in-the-middle
|
|
|
You are responsible for managing a Windows Server 2008 computer that hosts several virtual computers. You need to install the latest patches for the operating system. Where should you install the patches?
|
on bother the host computer and all Window Server 2008 virtual computers
|
|
|
You have been asked to implement antivirus software for your virtualization environment. Where should you install the antivirus software?
|
on both the host computer and all virtual computers
|
|
|
Which type of untargeted hacker reconnaissance sends ICMP messages to IP addresses to determine which IP addresses are used by communicating hosts?
|
ping sweep
|
|
|
Which service passes through a firewall on port 80?
|
HTTP
|
|
|
You are investigating possible unauthorized access to a Windows Server 2003 computer. The first step in your company's investigation policy states that the current network connections must be documented. Which command should you use?
|
netstat
|
|
|
You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals:The VPN gateway should require the use of Internet Protocol Security (IPSec). All remote users must use IPSec to connect to the VPN gateway. No internal hosts should use IPSec. Which IPSec mode should you use?
|
host-to-gateway
|
|
|
Which network medium should be selected to protect network transmissions from EMI?
|
fiber-optic cable
|
|
|
In which type of attack can rainbow tables be used?
|
brute force password attack
|
|
|
Which Windows account policy prevents a user from reusing a certain number of expired passwords?
|
Enforce PAssword History
|
|
|
Which password setting is most important to ensure password strength?
|
password complexity
|
|
|
Which procedure does an iris scanner use to determine whether to authenticate a user?
Which password policy will likely weaken password security? |
requiring only alphabetic words as passwords
|
|
|
Which security policy will likely strengthen password security?
|
requiring users to periodically change their passwords
|
|
|
Which procedure does an iris scanner use to determine whether to authenticate a user?
|
It takes a picture of the user's eye and compares the picture with pictures on file.
|
|
|
Which protocol grants TGTs?
|
Kerberos
|
|
|
What is the most important component in a Kerberos environment?
|
Key Distribution Center (KDC)
|
|
|
In CHAP, what occurs during step 4 of the handshake process?
|
The client sends the server a response
|
|
|
Which protocol uses a challenge/response mechanism?
|
CHAP
|
|
|
Which protocol should you configure on a remote access server to authenticate remote users with smart cards?
|
EAP
|
|
|
Which biometric method analyzes both the physical motions that are performed when a signature is signed and the specific features of a person's signature?
|
signature dynamics
|
|
|
Which technology provides centralized remote user authentication, authorization, and accounting?
|
RADIUS
|
|
|
Which option is a protocol that enables LDAP servers to share directory entries?
|
LDIF
|
|
|
Which three options represent potential physical security risks to an information processing facility? (Choose three.)
|
- physical theft
- power failure - hardware damage |
|
|
When measuring the risk that intruders pose to a computer network, which option represents a loss of money?
|
stolen equipment
|
|
|
In which situation will you accept a risk?
|
when the cost of the safeguard exceeds the amount of the potential loss
|
|
|
Your company's security policy states that passwords should never be transmitted in plain text. You need to determine if this policy is being followed. Which tool should you use?
|
protocol analyzer
|
|
|
What is a potential opening in network security that a hacker can exploit to attack a network?
|
a vulnerability
|
|
|
When calculating risks by using the quantitative method, what is the result of multiplying the asset values by the exposure factor (EF)?
|
single loss expectancy (SLE)
|
|
|
For anomaly-based monitoring to be effective, what must be in place?
|
a baseline
|
|
|
You are creating a monitoring solution for your company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of monitoring are you using?
|
behavior-based
|
|
|
Which type of monitoring is most likely to produce a false alert?
|
anomaly-based
|
|
|
You have been tasked with designing the audit policy for your company based on your company's security policy. What is the first step you should take?
|
Plan the audit strategy
|
|
|
What is the process of ensuring the corporate security policies are carried out consistently?
|
auditing
|
|
|
You have configured auditing for several security events on your Windows Server 2003 network. The Event Viewer logs are backed up on a daily basis. You need to ensure that security events are only cleared manuyally by an administrator. What should you do?
|
Enable the Don not overwrite events option for the Security log.
|
|
|
Which statement is true of symmetric cryptography?
|
Symmetric cryptography is faster than asymmetric cryptography.
|
|
|
What provides confidentiality?
|
assymetric encryption
|
|
|
Which security service does encryption provide?
|
confidentiality
|
|
|
What are the core security objectives for the protection of information assets?
|
confidentiality, integrity, and availability
|
|
|
What does sending data across an insecure network, such as the Internet, primarily affect?
|
confidentiality and integrity
|
|
|
Which activity is NOT covered under the confidentiality objective of the CIA triad?
|
treason
|
|
|
Which option will have the least effect on the confidentiality, integrity, and availability of the resources within the organization?
|
a damaged hard drive
|
|
|
What is the primary purpose of a packet checksum?
|
data integrity
|
|
|
What does the message authentication code (MAC) ensure?
|
message integrity
|
|
|
Which three elements are provided by digital signatures? (Choose three.)
|
- integrity
- authentication - non-repudiation |
|
|
What is used to decrypt a file in asymmetric encryption?
|
private key
|
|
|
Which technology requires Trusted Platform Module (TPM) hardware?
|
BitLocker
|
|
|
What is a mathematical formula that is used in cryptography to encrypt data?
|
algorithm
|
|
|
Which two alternate data center facilities are the easiest to test? (Choose two.)
|
- hot site
- redundant site |
|
|
Which strategy ensures that you have the required number of components plus one extra to plug into any system in case of failure?
|
fault tolerance
|
|
|
What is the purpose of a dual backbone?
|
to provide local area network (LAN) redundancy
|
|
|
What protects data on computer networks from loss due to power outages?
|
a UPS
|
|
|
You have been asked to implement a plan whereby the server room for your company will remain online for three hours after a power failure. This will give your IT department enough time to implement the alternate site. Which technology would be best in this scenario?
|
backup generator
|
