Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/139

Click to flip

139 Cards in this Set

  • Front
  • Back
1
What is the main advantage SSL (Secure Sockets Layer) has over HTTPS
(Hypertext Transfer Protocol over Secure Sockets Layer)?
A. SSL (Secure Sockets Layer) offers full application security for HTITP (Hypertext
Transfer Protocol) while H’ITPS (Hypertext Transfer Protocol over Secure
Sockets Layer) does not.
B. SSL (Secure Sockets Layer) supports additional application layer protocols such
as FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol)
while HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not.
C. SSL (Secure Sockets Layer) and HTTPS (Hypertext Transfer Protocol over
Secure Sockets Layer) are transparent to the application.
D. SSL (Secure Sockets Layer) supports user authentication and HTTPS (Hypertext
Transfer Protocol over Secure Sockets Layer) does not.
B
2
Which type of password generator is based on challenge-response mechanisms?
A. asynchronous
B. synchronous
C. cryptographic keys
D. smart cards
A
3
How must a firewall be configured to only allow employees within the company to
download files from a FTP (File Transfer Protocol) server?
A. open port 119 to all inbound connections.
B. open port 119 to all outbound connections.
C. open port 20/21 to all inbound connections.
D. open port 20/21 to all outbound connections.
D
4
Administrators currently use telnet to remotely manage several servers. Security
policy dictates that passwords and administrative activities must not be
communicated in clear text. Which of the following is the best alternative to using
telnet?
A. DES (Data Encryption Standard).
B. S-Telnet.
C. SSH (Secure Shell).
D. PKI (Public Key Infrastructure).
C
5
How many characters should the minimum length of a password be to deter
dictionary password cracks?
A. 6.
B. 8.
C. 10.
D. 12.
B
6
An acceptable use policy signed by an employee can be interpreted as an employee’s
written for allowing an employer to search an employee’s workstation.
A. refusal.
B. policy.
C. guideline.
D. consent.
D
7
What protocol can be used to create a VPN (Virtual Private Network)?
A. PPP (Point-to-Point Protocol).
B. PPTP (Point-to-Point Tunneling Protocol).
C. SLIP (Serial Line Internet Protocol).
D. ESLIP (Encrypted Serial Line Internet Protocol).
B
8
An attack whereby two different messages using the same hash function produce a
common message digest is also known as a:
A. man in the middle attack.
B. ciphertext only attack.
C. birthday attack.
D. brute force attack.
C
9
A password management system designed to provide availability for a large number
of users includes which of the following?
A. self service password resets
B. locally saved passwords
C. multiple access methods
D. synchronized passwords
A
10
An administrator is setting permissions on a file object in a network operating
system which uses DAC (Discretionary Access Control). The ACL (Access Control
List) of the file follows:
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 121 -
Owner: Read, Write, Execute User A: Read,
Write, - User B: -, -, - (None) Sales: Read,-, - Marketing: -,
Write, - Other Read, Write, -
User "A" is the only owner of the file. User "B" is a member of the Sales group.
What effective permissions does User "B" have on the flee with the above access
list?
A. User B has no permissions on the file.
B. User B has read permissions on the file.
C. User B has read and write permissions on the file.
D. User B has read, write and execute permissions on the file.
A
12
The use of embedded root certificates within web browsers is an example of which
of the following trust models?
A. bridge.
B. mesh.
C. hierarchy.
D. trust list.
D
13
A security consideration that is introduced by a VPN (Virtual Private Network) is:
A. an intruder can intercept VPN (Virtual Private Network) traffic and create a man
in the middle attack.
B. captured data is easily decrypted because there are a finite number of encryption
keys.
C. tunneled data CAN NOT be authenticated, authorized or accounted for.
D. a firewall CAN NOT inspect encrypted traffic.
D
14
The public key infrastructure model where certificates are issued and revoked via a
CA (Certificate Authority) is what type of model?
A. managed
B. distributed
C. centralized
D. standard
C
15
Which of the following is required to use S/MIME (Secure Multipurpose Internet
Mail Extensions)?
A. digital certificate.
B. server side certificate.
C. SSL (Secure Sockets Layer) certificate.
D. public certificate.
A
16
Non-repudiation is generally used to:
A. protect the system from transmitting various viruses, worms and Trojan horses to
other computers on the same network.
B. protect the system from DoS (Denial of Service) attacks.
C. prevent the sender or the receiver from denying that the communication between
them has occurred.
D. ensure the confidentiality and integrity of the communication.
C
18
Why are unique user IDs critical in the review of audit trails?
A. They CAN NOT be easily altered.
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 123 -
B. They establish individual accountability.
C. They show which files were changed.
D. They trigger corrective controls.
B
19
A police department has three types of employees: booking officers, investigators,
and judges. Each group of employees is allowed different rights to files based on
their need. The judges do not need access to the fingerprint database, the
investigators need read access and the booking officers need read/write access. The
booking officer would need no access to warrants, while an investigator would need
read access and a judge would need read/write access. This is an example of:
A. DAC (Discretionary Access Control) level access control.
B. RBAC (Role Based Access Control) level access control.
C. MAC (Mandatory Access Control) level access control.
D. ACL (Access Control List) level access control.
B
20
Which of the following access control models introduces user security clearance and
data classification?
A. RBAC (Role Based Access Control).
B. NDAC (Non-Discretionary Access Control).
C. MAC (Mandatory Access Control).
D. DAC (Discretionary Access Control).
C
21
A wireless network with three access points, two of which are used as repeaters,
exists at a company. What step should be taken to secure the wireless network?
A. Ensure that employees use complex passwords.
B. Ensure that employees are only using issued wireless cards in their systems.
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 124 -
C. Ensure that WEP (Wired Equivalent Privacy) is being used.
D. Ensure that everyone is using adhoc mode.
C
22
Digital certificates can contain which of the following items:
A. the CA’s (Certificate Authority) private key.
B. the certificate holder’s private key.
C. the certificate’s revocation information.
D. the certificate’s validity period.
D
23
Which encryption key is used to verify a digital signature?
A. the signer’s public key.
B. the signer’s private key.
C. the recipient's public key.
D. the recipient's private key.
A
24
NetBus and Back Orifice are each considered an example of a(n):
A. virus.
B. illicit server.
C. spoofing tool.
D. allowable server.
B
25
The theft of network passwords without the use of software tools is an example of:
A. Trojan programs.
B. social engineering.
C. sniffing.
D. hacking.
B
27
LDAP (Lightweight Directory Access Protocol) directories are arranged as:
A. linked lists.
B. trees.
C. stacks.
D. queues.
B
28
Which of the following is the greatest problem associated with Instant Messaging?
A. widely deployed and difficult to control.
B. created without security in mind.
C. easily spoofed.
D. created with file sharing enabled.
B
29
Searching through trash is used by an attacker to acquire data such as network
diagrams, IP (Internet Protocol) address lists and:
A. boot sectors.
B. process lists.
C. old passwords.
D. virtual memory.
C
30
Discouraging employees from misusing company e-mail is best handled by:
A. enforcing ACLs (Access Control List).
B. creating a network security policy.
C. implementing strong authentication.
D. encrypting company e-mail messages.
B
31
The Diffie-Hellman algorithm allows:
A. access to digital certificate stores from s-certificate authority.
B. a secret key exchange over an insecure medium without any prior secrets.
C. authentication without the use of hashing algorithms.
D. multiple protocols to be used in key exchange negotiations.
B
32
Which of the following type of attack CAN NOT be deterred solely through
technical means?
A. dictionary.
B. man in the middle.
C. DoS (Denial of Service).
D. social engineering.
D
33
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 127 -
How must a firewall be configured to make sure that a company can communicate
with other companies using SMTP (Simple Mail Transfer Protocol) e-mail?
A. Open TCP (Transmission Control Protocol) port 110 to all inbound and outbound
connections.
B. Open UDP (User Datagram Protocol) port 110 to all inbound connections.
C. Open UUP (User Datagram Protocol) port 25 to all inbound connections.
D. Open TOP (Transmission Control Protocol) port 25 to all inbound and outbound
connections.
D
34
An organization’s primary purpose in conducting risk analysis in dealing with
computer security is:
A. to identify vulnerabilities to the computer systems within the organization.
B. to quantify the impact of potential threats in relation to the cost of lost businessfunctionality.
C. to identify how much it will cost to implement counter measures.
D. to delegate responsibility.
B
35
A user wants to send e-mail and ensure that the message is not tampered with while
in transit Which feature of modern cryptographic systems will facilitate this?
A. confidentiality.
B. authentication.
C. integrity.
D. non-repudiation.
C
36
Which of the following is the best IDS (Intrusion Detection System) to monitor4heentire
network?
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 128 -
A. a network based IDS (Intrusion Detection System)
B. a host based IDS (Intrusion Detection System)
C. a user based lDS (Intrusion Detection System)
D. a client based IDS (Intrusion Detection System)
A
38
The main purpose of digital certificates is to bind a
A. public key to the identity of the signer and recipient
B. private key to the identity of the signer and recipient
C. public key to the entity that holds the corresponding private key
D. private key to the entity that holds the corresponding public key
C
39
What ports does FFP (File Transfer Protocol) use?
A. 20 and 21.
B. 25 and 110.
C. 80 and 443.
D. 161 and 162.
A
40
A decoy system that is designed to divert an attacker from accessing critical systems
while collecting information about the attacker’s activity, and encouraging the
attacker to stay on the system long enough for administrators to respond is known
as:
A. DMZ (Demilitarized Zone).
B. honey pot.
C. intrusion detector.
D. screened host.
Answers B
Explanation:
A honey pot is a computer that has been designed as a target for computer attacks. The
benefit of a honey pot system is that it will draw attackers away from a higher value
system or it will allow administrators to gain intelligence about an attack strategy.
41
What is the major reason that social engineering attacks succeed?
A. strong passwords are not required
B. lack of security awareness
C. multiple logins are allowed
D. audit logs are not monitored frequently
B
42
When User A applies to the CA (Certificate Authority) requesting a certificate to
allow the start of communication with User B, User A must supply the CA
(Certificate Authority) with
A. User A’s public key only
B. User B’s public key only
C. User A’s and User B’s public keys
D. User A’s and User B’s public and private keys
A
43
Of the following, what is the primary attribute associated with e-mail hoaxes?
A. E-mail hoaxes create unnecessary e-mail traffic and panic in non-technical users.
B. E-mail hoaxes take up large amounts of server disk space.
C. E-mail hoaxes can cause buffer overflows on the e-mail server.
D. E-mail hoaxes can encourage malicious users.
A
44
An e-mail is received alerting the network administrator to the presence of a virus
on the system if a specific executable file exists. What should be the first course of
action?
A. Investigate the e-mail as a possible hoax with a reputable anti-virus vendor.
B. Immediately search for and delete the file if discovered.
C. Broadcast a message to the entire organization to alert users to the presence of a
virus.
D. Locate and download a patch to repair the file.
A
45
Part of a fire protection plan for a computer room should include;
A. procedures for an emergency shutdown of equipment.
B. a sprinkler system that exceeds local code requirements.
C. the exclusive use of non-flammable materials within the room.
A. D.. fireproof doors that can be easily opened if an alarm is sounded.
A
46
Which of the following is an HTI’P (Hypertext Transfer Protocol) extension or
mechanism used to retain connection data, user information, history of sites visited,
and can be used by attackers for spoofing an on-line identity?
A. HTTPS (Hypertext Transfer Protocol over SSL).
B. cookies.
C. HTTP (Hypertext Transfer Protocol)/l.0 Caching.
D. vCard v3.0.
B
47
ActiveX controls to prove where they originated.
A. are encrypted.
B. are stored on the web server.
C. use SSL (Secure Sockets Layer).
D. are digitally signed.
D
48
Loki, NetCaZ, Masters Paradise and NetBus are all considered what type of attack?
A. brute force
B. spoofing
C. back door
D. man in the middle
C
49
When a potential hacker looks through trash, the most useful items or information
that might be found include all except:
A. an IP (Internet Protocol) address.
B. system configuration or network map.
C. old passwords.
D. system access requests.
D
50
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 132 -
A user logs onto a workstation using a smart card containing a private key. The
user is verified when the public key is successfully factored with the private key.
What security service is being provided?
A. authentication.
B. confidentiality.
C. integrity.
D. non-repudiation.
A
51
In cryptographic operations, digital signatures can be used for which of the
following systems?
A. encryption.
B. asymmetric key.
C. symmetric and encryption.
D. public and decryption.
B
52
Which of the following programs is able to distribute itself without using a host file?
A. virus.
B. Trojan horse.
C. logic bomb.
D. worm.
D
53
Malicious code is installed on a server that will e-mail system keystrokes stored in a
text file to the author and delete system logs every five days or whenever a backup is
performed. What type of program is this?
A. virus.
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 133 -
B. back door.
C. logic bomb.
D. worm.
C
54
A network administrator has just replaced a hub with a switch. When using
software to sniff packets from the networks, the administrator notices conversations
the administrator’s computer is having with servers on the network, but can no
longer see conversations taking place between other network clients and
servers. Given that the switch is functioning properly, what is the most likely cause
of this?
A. With the exception of broadcasts, switches do not forward traffic out all ports.
B. The switch is setup with a VLAN (Virtual Local Area Network) utilizing all ports.
C. The software used to sniff packets is not configured properly.
D. The sniffer’s Ethernet card is malfunctioning.
A
55
Digital signatures can be used for which of the following?
A. availability.
B. encryption.
C. decryption.
D. non-repudiation.
D
56
Malicious port scanning is a method of attack to determine which of the following?
A. computer name
B. the fingerprint of the operating system
C. the physical cabling topology of a network
D. user ID and passwords
B
57
E-mail servers have a configuration choice which allows the relaying of messages
from one e-mail server to another. An e-mail server should be configured to prevent
e-mail relay because:
A. untraceable, unwanted e-mail can be sent
B. an attacker can gain access and take over the server
C. confidential information in the server’s e-mail boxes can be read using the relay
D. the open relay can be used to gain control of nodes on additional networks
A
58
Which security method is in place when the administrator of a network enables
access lists on the routers to disable all ports that are not used?
A. MAC (Mandatory Access Control).
B. DAC (Discretionary Access Control).
C. RBAC (Role Based Access Control).
D. SAC (Subjective Access Control).
A
59
What is the first step before a wireless solution is implemented?
A. ensure ad hoc mode is enabled on the access points.
B. ensure that all users have strong passwords.
C. purchase only Wi-Fi (Wireless Fidelity) equipment.
D. perform a thorough site survey.
D
60
A system administrator discovers suspicious activity that might indicate a computer
crime. The administrator should first:
A. refer to incident response plan.
B. change ownership of any related files to prevent tampering.
C. move any related programs and files to non-erasable media.
D. set the system time to ensure any logged information is accurate.
A
61
The information that governs and associates users and groups to certain rights to
use, read, write, modify, or execute objects on the system is called a(n):
A. public key ring.
B. ACL (Access Control List).
C. digital signature.
D. CRL (Certificate Revocation Lists).
B
62
Performing a security vulnerability assessment on systems that a company relies on
demonstrates:
A. that the site CAN NOT be hacked
B. a commitment to protecting data and customers
C. insecurity on the part of the organization
D. a needless fear of attack
B
63
Which of the following keys is contained in a digital certificate?
A. public key.
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 136 -
B. private key.
C. hashing key.
D. session key.
A
64
Single servers are frequently the targets of attacks because they contain:
A. application launch scripts.
B. security policy settings.
C. credentials for many systems and users.
D. master encryption keys.
C
65
Sensitive data traffic can be confined to workstations on a specific subnet using
privilege policy based tables in as:
A. router.
B. server.
C. modem.
D. VPN (Virtual Private Network).
A
66
The best reason to perform a business impact analysis as part of the business
continuity planning process is to:
A. test the veracity of data obtained from risk analysis
B. obtain formal agreement on maximum tolerable downtime
C. create the framework for designing tests to determine efficiency of business
continuity plans
D. satisfy documentation requirements of insurance companies covering risks of
systems and data important for business continuity
B
67
A VPN (Virtual Private Network) using IPSec (Internet Protocol Security) in the
tunnel mode will provide encryption for the:
A. one time pad used in handshaking.
B. payload and message header.
C. hashing algorithm and all e-mail messages.
D. message payload only.
B
68
When implementing Kerberos authentication, which of the following factors must
be accounted for?
A. Kerberos can be susceptible to man in the middle attacks to gain unauthorized
access.
B. Kerberos tickets can be spoofed using replay attacks to network resources.
C. Kerberos requires a centrally managed database of all user and resource
passwords.
D. Kerberos uses clear text passwords.
C
69
Which of the following protocols is most similar to SSLv3 (Secure Sockets Layer
version 3)?
A. TLS (transport Layer Security).
B. MPLS (Multi-Protocol Label Switching).
C. SASL (Simple Authentication and Security Layer).
D. MLS (Multi-Layer Switching).
A
70
How should a primary DNS (Domain Name Service) server be configured toprovide
the best security against DoS (Denial of Service) and hackers?
A. disable the DNS (Domain Name Service) cache function.
B. disable application services other than DNS (Domain Name Service).
C. disable the DNS (Domain Name Service) reverse lookup function.
D. allow only encrypted zone transfer to a secondary DNS (Domain Name Service)
server.
B
71
What type of security process will allow others to verify the originator of an e-mail
message?
A. authentication.
B. integrity.
C. non-repudiation.
D. confidentiality.
C
72
Which of the following statements is true about network based lDSs (Intrusion
Detection System)?
A. Network based lDSs (Intrusion Detection System) are never passive devices that
listen on a network wire-without interfering with the normal operation of a
network.
B. Network based IDSs (Intrusion Detection System) are usually passive devices that
listen on a network wire while interfering with the normal operation of a network.
C. Network based lDSs (Intrusion Detection System) are usually intrusive devices
that listen on a network wire while interfering with the normal operation of a
network.
D. Network based lDSs (Intrusion Detection System) are usually passive devices that
listen on a network wire without interfering with the normal operation of a
network.
D
73
What physical access control most adequately protects against physical
piggybacking?
A. man trap.
B. security guard.
C. CCTV (Closed-Circuit Television).
D. biometrics.
A
74
Management wants to track personnel who visit unauthorized web sites. What type
of detection will this be?
A. abusive detection.
B. misuse detection.
C. anomaly detection.
D. site filtering.
B
75
Which of the following best describes TCP/IP (Transmission Control
Protocol/Internet Protocol) session hijacking?
A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is
altered in a way that intercepts legitimate packets and allow a third party host to
insert acceptable packets.
B. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is
altered allowing third party hosts to create new IF (Internet Protocol) addresses.
C. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state
remains unaltered allowing third party hosts to insert packets acting as the server.
D. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state
remains unaltered allowing third party hosts to insert packets acting as the client.
A
76
What technical impact may occur due to the receipt of large quantifies of spam?
A. DoS (Denial of Service).
B. processor underutilization.
C. reduction in hard drive space requirements.
D. increased network throughput.
A
78
Forging an IP (Internet Protocol) address to impersonate another machine is best
defined as:
A. TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking.
B. IF (Internet Protocol) spoofing.
C. man in the middle.
D. replay.
B
79
When setting password rules, which of the following would LOWER the level of
security of a network?
A. Passwords must be greater than six characters and consist at least one non-alpha.
B. All passwords are set to expire at regular intervals and users are required to
choose new passwords that have not been used before.
C. Complex passwords that users CAN NOT remotely change are randomly
generated by the administrator and given to users.
D. After a set number of failed attempts the server will lock out any user account
forcing the user to call the administrator to re-enable the account.
C
80
FTP (Fi1e Transfer Protocol) is accessed through what ports?
A. 80 and 443.
B. 20 and 21.
C. 21 and 23.
D. 20 and 80.
B
81
In a typical file encryption process, the asymmetric algorithm is used to?
A. encrypt symmetric keys.
B. encrypt file contents.
C. encrypt certificates.
D. encrypt hash results.
A
82
Turnstiles, double entry doors and security guards are all prevention measures for
which type of social engineering?
A. piggybacking
B. looking over a co-worker’s shoulder to retrieve information
C. looking through a co-worker’s trash to retrieve information
D. impersonation
A
84
Intruders are detected accessing an internal network The source IP (Internet
Protocol) addresses originate from trusted networks. The most common type of
attack in this scenario in
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 142 -
A. social engineering
B. TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking
C. smurfing
D. spoofing
D
85
As it relates to digital certificates, SSLv3.0 (Secure Sockets Layer version 3.0) added
which of the following key functionalities? The ability to;
A. act as a CA (Certificate Authority).
B. force client side authentication via digital certificates.
C. use x.400 certificates.
D. protect transmissions with 1024-bit symmetric encryption.
B
86
In responding to incidents such as security breaches, one of the most important
steps taken is:
A. encryption.
B. authentication.
C. containment.
D. intrusion.
C
87
SSL (Secure Sockets Layer) is used for secure communications with:
A. file and print servers.
B. RADIUS (Remote Authentication Dial-in User Service) servers.
C. AAA (Authentication, Authorization, and Administration) servers.
D. web servers.
D
88
TCP/IP (transmission Control Protocol/Internet Protocol) hijacking resulted from
exploitation of the fact that TCP/IP (transmission Control Protocol/Internet
Protocol):
A. has no authentication mechanism, thus allowing a clear text password of 16 bytes
B. allows packets to be tunneled to an alternate network
C. has no authentication mechanism, and therefore allows connectionless packets
from anyone
D. allows a packet to be spoofed and inserted into a stream, thereby enabling
commands to be executed on the remote host
D
90
Which of the following provides the strongest authentication?
A. token
B. username and password
C. biometrics
D. one time password
C
91
What is the best method to secure a web browser?
A. do not upgrade, as new versions tend to have more security flaws.
B. disable any unused features of the web browser.
C. connect to the Internet using only a VPN (Virtual Private Network) connection.
D. implement a filtering policy for illegal, unknown and undesirable sites.
B
92
Which of the following four critical functions of a VPN (Virtual Private Network)
restricts users from using resources in a corporate network?
A. access control
B. authentication
C. confidentiality
D. data integrity
A
93
What are the three main components of a Kerberos server?
A. authentication server, security database and privilege server.
B. SAM (Sequential Access Method), security database and authentication server.
C. application database, security database and system manager.
D. authentication server, security database and system manager.
A
94
Which of the following methods may be used to exploit the clear text nature of an
instant-Messaging session?
A. packet sniffing.
B. port scanning. .
C. cryptanalysis.
D. reverse engineering.
A
95
A user receives an e-mail from a colleague in another company. The e-mail message
warns of a virus that may have been accidentally sent in the past, and warns the
user to delete a specific file if it appears on the user’s computer. The user checks
and has the file. What is the best next step for the user?
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 145 -
A. Delete the file immediately.
B. Delete the file immediately and copy the e-mail to all distribution lists.
C. Report the contents of the message to the network administrator.
D. Ignore the message. This is a virus hoax and no action is required.
C
96
A CRL (Certificate Revocation List) query that receives a response in near real
time:
A. indicates that high availability equipment is used.
B. implies that a fault tolerant database is being used.
C. does not guarantee that fresh data is being returned.
D. indicates that the CA (Certificate Authority) is providing near real time updates.
C
97
Which of the following are tunneling protocols?
A. IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), and
SSL (Secure Sockets Layer)
B. IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), and
PPP (Point-to-Point Protocol)
C. L2TP (Layer Two Tunneling Protocol), PPTP (Point-to-Point Tunneling
Protocol), and SSL (Secure Sockets Layer)
D. PPTP (Point-to-Point Tunneling Protocol), L2TP (Layer Two Tunneling
Protocol), and IPSec (Internet Protocol Security)
D
98
A DoS (Denial of Service) attack which takes advantage of TCP’s (Transmission
Control Protocol) three way handshake for new connections is known as:
A. SYN (Synchronize) flood.
B. ping of death attack.
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 146 -
C. land attack.
D. buffer overflow attack.
A
99
The Bell La-Padula access control model consists of four elements. These elements
are
A. subjects, objects, access modes and security levels.
B. subjects, objects, roles and groups.
C. read only, read/write, write only and read/write/delete.
D. groups, roles, access modes and security levels.
A
100
As a security administrator, what are the three categories of active responses
relating to intrusion detection?
A. collect additional information, maintain the environment, and take action against
the intruder
B. collect additional information, change the environment, and alert the manager
C. collect additional information, change the environment, and take action against
the intruder
D. discard any additional information, change the environment, and take action
against the intruder
C
101
When does CHAP (Challenge Handshake Authentication Protocol) perform the
handshake process?
A. when establishing a connection and at anytime after the connection is established.
B. only when establishing a connection and disconnecting.
C. only when establishing a connection.
D. only when disconnecting.
A
102
What should a firewall employ to ensure that each packet is part of an established
TCP (Transmission Control Protocol) session?
A. packet filter.
B. stateless inspection.
C. stateful like inspection.
D. circuit level gateway.
C
103
Which of the following most accurately describes a DMZ (Demilitarized Zone)?
A. an application program with a state that authenticates the user and allows the user
to be categorized based on privilege
B. a network between a protected network and an external network in order to
provide an additional layer of security
C. the entire area between the network of origin and the destination network
A. D an application that allows the user to remove any offensive of an attacker
B
104
A minor configuration change which can help secure DNS (Domain Name Service)
information is:
A. block all unnecessary traffic by using port filtering.
B. prevent unauthorized zone transfers.
C. require password changes every 30 days.
D. change the default password.
B
105
Sensitive material is currently displayed on a user’s monitor. What is the best
course of action for the user before leaving the area?
A. The user should leave the area. The monitor is at a personal desk so there is no
risk.
B. turn off the monitor
C. wait for the screen saver to start
D. refer to the company's policy on securing sensitive data
D
106
LDAP (Lightweight Directory Access Protocol) requires what ports by default?
A. 389 and 636
B. 389and 139
C. 636 and 137
D. 137 and 139
A
107
Which security method should be implemented to allow secure access to a web page,
regardless of the browser type or vendor?
A. certificates with SSL (Secure Sockets Layer).
B. integrated web with NOS (Network Operating System) security.
C. SSL (Secure Sockets Layer) only.
D. secure access to a web page is not possible.
A
108
Which protocol is used to negotiate and provide authenticated keying material forsecurity
associations in a protected manner?
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 149 -
A. ISAKMP (Internet Security Association and Key Management Protocol)
B. ESP (encapsulating Security Payload)
C. 5511 (Secure Shell)
D. SKEME (Secure Key Exchange Mechanism)
A
109
System administrators and hackers use what technique to review network traffic to
determine what services are running?
A. sniffer.
B. IDS (Intrusion Detection System).
C. firewall.
D. router.
A
110
SSL (Secure Sockets Layer) operates between which two layers of the OSI (Open
Systems Interconnection) model?
A. application and transport
B. transport and network
C. network and data link D. data link and physical
A
111
To reduce vulnerabilities on a web server, an administrator should adopt which
preventative measure?
A. use packet sniffing software on all inbound communications.
B. apply the most recent manufacturer updates and patches to the server.
C. enable auditing on the web server and periodically review the audit logs.
D. block all DNS (Domain Naming Service) requests coming into the server.
B
112
What is the greatest advantage to using RADIUS (Remote Authentication Dial-in
User Service) for a multi-site VPN (Virtual Private Network) supporting a large
population of remote users?
A. RADIUS (Remote Authentication Dial-in User Service) provides for a centralized
user database.
B. RADIUS (Remote Authentication Dial-in User Service) provides for a
decentralized user database.
C. No user database is required with RADIUS (Remote Authentication Dial-in User
Service).
D. User database is replicated and stored locally on all remote systems.
A
113
Which of the following is the best protection against an intercepted password?
A. VPN (Virtual Private Network).
B. PPTP (Point-to-Point Tunneling Protocol).
C. one time password.
D. complex password requirement.
C
114
What is a network administrator protecting against by ingress/egress filtering
traffic as follows: Any packet coming into the network must not have a source
address of the internal network. Any packet coming into the network must have a
destination address from the internal network Any packet leaving the network must
have a source address from the internal network. Any packet leaving the network
must not have a destination address from the internal networks Any packet coming
into the network or leaving the network must not have a source or destination
address of a private address or an address listed in RFC19lS reserved space.
A. SYN (Synchronize) flooding
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 151 -
B. spoofing
C. DoS (Denial of Service) attacks
D. dictionary attacks
B
115
What IETF (Internet Engineering Task Force) protocol uses All (Authentication
Header) and ESP (Encapsulating Security Payload) to provide security in a
networked environment?
A. SSL (Secure Sockets Layer).
B. IPSec (Internet Protocol Security).
C. HTTPS (Secure Hypertext Transfer Protocol).
D. SSH (Secure Shell).
B
116
Which of the following is a characteristic of MACs (Mandatory Access Control):
A. use levels of security to classify users and data
B. allow owners of documents to determine who has access to specific documents
C. use access control lists which specify a list of authorized users
D. use access control lists which specify a list of unauthorized users
A
117
A CPS (Certificate Practice Statement) is a legal document that describes a CA’s
(Certificate Authority):
A. class level issuing process.
B. copyright notice.
C. procedures.
D. asymmetric encryption schema.
C
118
A severed T1 line is most likely to be considered in planning.
A. data recovery.
B. off site storage.
C. media destruction.
D. incident response.
D
120
An IT (Information Technology) security audit is generally focused on reviewing
existing:
A. resources and goals
B. policies and procedures
C. mission statements
D. ethics codes
B
121
Instant Messaging is most vulnerable to:
A. DoS (Denial of Service).
B. fraud.
C. stability.
D. sniffing.
D
122
A security designer is planning the implementation of security mechanisms in a
RBAC (Role Based Access Control) compliant system. The designer has determined
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 153 -
that there are three types of resources in the system including files, printers, and
mailboxes. The organization has four distinct departments with distinct functions
including Sales, Marketing, Management, and Production. Each department needs
access to different resources. Each user has a workstation. Which roles should be
created to support the RBAC (Role Based Access Control) model?
A. file, printer, and mailbox roles
B. sales, marketing, management, and production roles
C. user and workstation roles
D. allow access and deny access roles
B
123
Despite regular system backups a significant risk still exists if:
A. recovery procedures are not tested
B. all users do not log off while the backup is made
C. backup media is moved to an off-site location
D. an administrator notices a failure during the backup process
A
124
Which authentication protocol could be employed to encrypt passwords?
A. PPTP (Point-to-Point Tunneling Protocol)
B. SMTP (Simple Mail Transfer Protocol)
C. Kerberos
D. CHAP (Challenge Handshake Authentication Protocol)
D
125
Impersonating a dissatisfied customer of a company and requesting a password
change on the customer’s account is a form of:
A. hostile code.
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 154 -
B. social engineering.
C. IP (Internet Protocol) spoofing.
D. man in the middle attack.
B
126
The basic strategy that should be used when configuring the rules fore secure
firewall is:
A. permit all.
B. deny all.
C. default permit.
D. default deny .
D
127
An employer gives an employee a laptop computer to use remotely. The user installs
personal applications on the laptop and overwrites some system files. How might
this have been prevented with minimal impact on corporate productivity?
A. A. Users should not be given laptop computers in order to prevent this type of
occurrence.
B. The user should have received instructions as to what is allowed to be installed.
C. The hard disk should have been made read only.
D. Biometrics should have been used to authenticate the user before allowing
software installation.
B
128
In order for User A to send User B an e-mail message that only User B can read,
User A must encrypt the e-mail with which of the following keys?
A. User B’s public key
B. User B’s private key
C. User A’s public key
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 155 -
D. User A’s private key
A
129
The term cold site refers to:
A. a low temperature facility for long term storage of critical data
B. a location to begin operations during disaster recovery
C. a facility seldom used for high performance equipment
D. a location that is transparent to potential attackers
B
130
Which security architecture utilizes authentication header and/or encapsulating
security payload protocols?
A. IPSec (Internet Protocol Security).
B. SSL (Secure Sockets Layer).
C. TLS (Transport Layer Security).
D. PPTP (Point-to-Point Tunneling Protocol).
A
131
Tunneling is best described as the act of encapsulating:
A. encrypted/secure IF packets inside of ordinary/non-secure IF packets.
B. ordinary/non-secure IF packets inside of encrypted/secure IP packets.
C. encrypted/secure IP packets inside of encrypted/non-secure IF packets.
D. ordinary/secure IF packets inside of ordinary/non-secure IF packets.
B
132
What is a good practice in deploying a CA (Certificate Authority)?
A. enroll users for policy based certificates.
B. create a CPS (Certificate Practice Statement).
C. register the CA (Certificate Authority) with a subordinate CA (Certificate
Authority).
D. create a mirror CA (Certificate Authority) for fault tolerance.
B
133
NAT (Network Address Translation) can be accomplished with which of the
following?
A. static and dynamic NAT (Network Address Translation) and PAT (Port Address
Translation)
B. static and hide NAT (Network Address Translation)
C. static and hide NAT (Network Address Translation) and PAT (Port Address
Translation)
D. static, hide, and dynamic NAT (Network Address Translation)
C
134
When a patch is released for a server the administrator should:
A. immediately download and install the patch.
B. test the patch on a non-production server then install the patch to production.
C. not install the patch unless there is a current need.
D. install the patch and then backup the production server.
B
135
The system administrator of the company has terminated employment
unexpectedly. When the administrator’s user ID is deleted, the system suddenly
begins deleting files. This is an example of what type of malicious code?
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 157 -
A. logic bomb
B. virus
C. Trojan horse
D. worm
A
136
An administrator wants to set up a system for an internal network that will examine
all packets for known attack signatures. What type of system will be set up?
A. vulnerability scanner
B. packet filter
C. host based lDS (Intrusion Detection System)
D. network based II)S (Intrusion Detection System)
D
137
Which of the following will let a security administrator allow only if ITP (Hypertext
Transfer Protocol) traffic for outbound Internet connections and set permissions to
allow only certain users to browse the web?
A. packet filtering firewall.
B. protocol analyzer.
C. proxy server.
D. stateful firewall.
C
138
A mobile sales force requires remote connectivity in order to access shared files and
e-mail on the corporate network. All employees in the sales department have laptops
equipped with ethernet adapters. Some also have moderns. What is the best remote
access solution to allow all sales employees to access the corporate network?
A. ISDN (Integrated Services Digital Network)
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 158 -
B. dial-up
C. SSL (Secure Sockets Layer)
D. VPN (Virtual Private Network)
D
139
What is the primary DISADVANTAGE of a third party relay?
A. Spammers can utilize the relay.
B. The relay limits access to specific users.
C. The relay restricts the types of e-mail that maybe sent.
D. The relay restricts spammers from gaining access.
A
140
An administrator is configuring a server to make it less susceptible to an attacker
obtaining the user account passwords. The administrator decides to have the
encrypted passwords contained within a file that is readable only by root. What is a
common name for this file?
A. passwd
B. shadow
C. hoats.allow
D. hosts.deny
B
141
Which of the following is NOT a field of a X509 v.3 certificate?
A. private key
B. issuer
C. serial number
D. subject
A
142
What is the default transport layer protocol and port number that SSL (Secure
Sockets Layer) uses?
A. UDP (User Datagram Protocol) transport layer protocol and port 80
B. TCP (Transmission Control Protocol) transport layer protocol and port 80
C. TCP (Transmission Control Protocol) transport layer protocol and port 443
D. UDP (User Datagram Protocol) transport layer protocol and port 69
C
143
The greater the keyspace and complexity of a password, the longer a attack may
take to crack the password.
A. dictionary
B. brute force
C. inference
D. frontal
B
144
When a cryptographic system’s keys are no longer needed, the keys should be:
A. destroyed or stored in a secure manner
B. deleted from the system’s storage mechanism
C. recycled
D. submitted to a key repository
A
145
SY0 - 001
Leading the way in IT testing and certification tools, www.testking.com
- 160 -
Which of the following terms represents a MAC (Mandatory Access Control)
model?
A. Lattice
B. Bell La-Padula
C. BIBA
D. Clark and Wilson
A
146
In order for an SSL (Secure Sockets Layer) connection to be established between a
web client and server automatically, the web client and server should have a(n):
A. shared password
B. certificate signed by a trusted root CA (Certificate Authority)
C. address on the same subnet
D. common operating system
B
147
In the context of the Internet; what is tunneling? Tunneling is:
A. using the Internet as part of a private secure network
B. the ability to burrow through three levels of firewalls
C. the ability to pass information over the internet within the shortest amount of time
D. creating a tunnel which can capture data
A