Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

195 Cards in this Set

  • Front
  • Back
1. Message authentication codes are used to provide which service?

A. Integrity
B. Fault recovery
C. Key recovery
D. Acknowledgement
2. When a change to user security policy is made, the policy maker should provide appropriate documentation to:

A. The security administrator.
B. Auditors
C. Users
D. All staff.
3. A major difference between a worm and a Trojan horse program is:

A. Worms are spread via e-mail while Trojan horses are not.
B. Worms are self replicating while Trojan horses are not.
C. Worms are a form of malicious code while Trojan horses are not.
D. There is no difference.
4. A common algorithm used to verify the integrity of data from a remote user through a the creation of a 128-bit hash from a data input is:

A. IPSec (Internal Protocol Security)
B. RSA (Rivest Shamir Adelman)
C. Blowfish
D. MD5 (Message Digest 5)
5. What is the best method of reducing vulnerability from dumpster diving?

A. Hiring addit ional security staff.
B. Destroying paper and other media.
C. Installing surveillance equipment.
D. Emptying the trash can frequently.
6. What is the best method of defence against IP (Internet Protocol) spoofing attacks?

A. Deploying intrusion detection systems.
B. Creating a DMZ (Demilitarized Zone).
C. Applying ingress filtering to routers.
D. Thee is not a good defense against IP (Internet Protocol) spoofing.
7. A need to know security policy would grant access based on:

A. Least privilege
B. Less privilege
C. Loss of privilege
D. Singe privilege
8. When a user digitally signs a document an asymmetric algorithm is used to encrypt:

A. Secret passkeys
B. File contents
C. Certificates
D. Hash results
9. The best way to harden an application that is developed in house is to:

A. Use an industry recommended hardening tool.
B. Ensure that security is given due considerations throughout the entire development process.
C. Try attacking the application to detect vulnerabilities, then develop patches to fix any vulnerabilities found.
D. Ensure that the auditing system is comprehensive enough to detect and log any possible intrusion, identifying existing vulnerabilities.
10. Security requirements for servers DO NOT typically include:

A. The absence of vulnerabilities used by known forms of attack against server hosts.
B. The ability to allow administrative activities to all users.
C. The ability to deny access to information on the server other than that intended to be available.
D. The ability to disable unnecessary network services that may be built into the operating system or server software.
11. How can an e-mail administrator prevent malicious users from sending e-mails from non-existent domains?

A. Enable DNS (Domain Name Service) reverse lookup on the e- mail server.
B. Enable DNS (Domain Name Service) forward lookup on the e- mail server.
C. Enable DNS (Domain Name Service) recursive queries on the DNS (Domain Name Service) server.
D. Enable DNS (Domain Name Service) reoccurring queries on the DNS (Domain Name Service)
12. A network attack that misuses TCP's (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users is called a:

A. Man in the middle.
B. Smurf
C. Teardrop
D. SYN (Synchronize)
13. Which of the following options describes a challenge -response session?

A. A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identification Number).
B. A workstation or system that generates a random login ID that the user enters when prompted along with the proper PIN (Personal Identification Number).
C. A special hardware device that is used to generate random text in a cryptography system.
D. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.
14. A server placed into service for the purpose of attracting a potential intruder's attention is known as a:

A. Honey pot
B. Lame duck
C. Teaser
D. Pigeon
15. A network administrator wants to restrict internal access to other parts of the network. The network restrictions must be implemented with the least amount of administrative overhead and must be hardware based.
What is the best solution?

A. Implement firewalls between subnets to restrict access.
B. Implement a VLAN (Virtual Local Area Network) to restrict network access.
C. Implement a proxy server to restrict access.
D. Implement a VPN (Virtual Private Network).
16. Which one of the following would most likely lead to a CGI (Common Gateway Interface) security problem?

A. HTTP (Hypertext Transfer Protocol) protocol.
B. Compiler or interpreter that runs the CGI (Common Gateway Interface) script.
C. The web browser.
D. External data supplied by the user.
17. SSL (Secure Sockets Layer) session keys are available in what two lengths?

A. 40-bit and 64-bit.
B. 40-bit and 128-bit.
C. 64-bit and 128-bit.
D. 128-bit and 1,024-bit.
18. Which access control method provides the most granular access to protected objects?

A. Capabilities
B. Access control lists
C. Permission bits
D. Profiles
19. The primary DISADVANTAGE of symmetric cryptography is:

A. Speed
B. Key distribution
C. Weak algorithms
D. Memory management
20. Missing audit log entries most seriously affect an organization's ability to:

A. Recover destroyed data.
B. Legally prosecute an attacker.
C. Evaluate system vulnerabilities.
D. Create reliable system backups.
21. File encryption using symmetric cryptography satisfies what security requirement?

A. Confidentiality
B. Access control
C. Data integrity
D. Authentication
22. Which of the following provides privacy, data integrity and authentication for handles devices in a wireless network environment?

A. WEP (Wired Equivalent Privacy)
B. WAP (Wireless Application Protocol)
C. WSET (Wireless Secure Electronic Transaction)
D. WTLS (Wireless Transport Layer Security)
23. The integrity of a cryptographic system is considered compromised if which of the following conditions exist?

A. A 40-bit algorithm is used for a large financial transaction.
B. The public key is disclosed.
C. The private key is disclosed.
D. The validity of the data source is compromised.
24. The system administrator concerned about security has designated a special area in which to place the web server away from other servers on the network.
This area is commonly known as the?

A. Honey pot
B. Hybrid subnet
C. DMZ (Demilitarized Zone)
D. VLAN (Virtual Local Area Network)
25. An administrator of a web server notices many port scans to a server. To limit exposure and vulnerability exposed by these port scans the administrator should:

A. Disable the ability to remotely scan the registry.
B. Leave all processes running for possible future use.
C. Close all programs or processes that use a UDP (User Datagram Protocol) or TCP (Transmission Control Protocol) port.
D. Uninstall or disable any programs or processes that are not needed for the proper use of the server.
26. Which encryption scheme relies on both the sender and receiver to use different keys to encrypt and decrypt messages?

A. Symmetric
B. Blowfish
C. Skipjack
D. Asymmetric
27. Which tunneling protocol only works on IP networks?

28. What functionality should be disallowed between a DNS server and untrusted node?

A. name resolutions
B. reverse ARP requests
C. system name resolutions
D. zone transfers
29. A document written by the CEO that outlines PKI use, management and deployment is a: _______.

A. PKI policy
B. PKI procedure
C. PKI practice
D. best practices guideline
30. Which one does not use Smart Card Technology?

A. CD Player
B. Cell Phone
C. Satellite Cards
D. Handheld Computer
31. What port does SNMP use?

A. 21
B. 161
C. 53
D. 49
32. What port does TACACS use?

A. 21
B. 161
C. 53
D. 49
33. What type of authentication may be needed when a stored key and memorized password are not strong enough and additional layers of security is needed?

A. Mutual
B. Multi-factor
C. Biometric
D. Certificate
34. You are the first to arrive at a crime scene in which a hacker is accessing unauthorized data on a file server from across the network.
To secure the scene, which of the followings actions should you perform?

A. Prevent members of the organization from entering the server room.
B. Prevent members of the incident response team from entering the server room.
C. Shut down the server to prevent the user from accessing further data.
D. Detach the network cable from the server to prevent the user from accessing further data.
35. You are the first person to arrive at a crime scene. An investigator and crime scene technician arrive afterwards to take over the investigation.
Which of the following tasks will the crime scene technician be responsible for performing?

A. Ensure that any documentation and evidence they possessed is handled over to the investigator.
B. Re-establish a perimeter as new evidence presents itself.
C. Establish a chain of command.
D. Tag, bag, and inventory evidence.
36. A ___________ occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle.

A. Brute Force attack
B. Buffer owerflow
C. Man in the middle attack
D. Blue Screen of Death
E. SYN flood
F. Spoofing attack
37. Packet sniffing can be used to obtain username and password information in clear text from which one of the following?

A. SSH (Secure Shell)
B. SSL (Secure Sockets Layer)
C. FTP (File Transfer Protocol)
D. HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer)
38. A company uses WEP (Wired Equivalent Privacy) for wireless security.
Who may authenticate to the company's access point?

A. Only the administrator.
B. Anyone can authenticate.
C. Only users within the company.
D. Only users with the correct WEP (Wired Equivalent Privacy) key.
39. As the Security Analyst for your companies network, you become aware that your systems may be under attack. This kind of attack is a DOS attack and the exploit sends more traffic
to a node than anticipated. What kind of attack is this?

A. Ping of death
B. Buffer Overflow
C. Logic Bomb
D. Smurf
40. Following a disaster, while returning to the original site from an alternate site, the first process to resume at the original site would be the:

A. Least critical process
B. Most critical process.
C. Process most expensive to maintain at an alternate site.
D. Process that has a maximum visibility in the organization.
41. In order to establish a secure connection between headquarters and a branch office over a public network, the router at each location should be configured to use IPSec (Internet Protocol Security) in .......... mode.

A. Secure
B. Tunnel
C. Transport
D. Data link
42. The primary purpose of NAT (Network Address Translation) is to:

A. Translate IP (Internet Protocol) addresses into user friendly names.
B. Hide internal hosts from the public network.
C. Use on public IP (Internet Protocol) address on the internal network as a name server.
D. Hide the public network from internal hosts.
43. Users of Instant Messaging clients are especially prone to what?

A. Theft of root user credentials.
B. Disconnection from the file server.
C. Hostile code delivered by file transfer.
D. Slow Internet connections.
44. Which two of the following are symmetric-key algorithms used for encryption?

A. Stream-cipher
B. Block
C. Public
D. Secret
45. Computer forensics experts collect and analyze data using which of the following guidelines so as to minimize data loss?

A. Evidence
B. Chain of custody
C. Chain of command
D. Incident response
46. A DMZ (Demilitarized Zone) typically contains:

A. A customer account database
B. Staff workstations
C. A FTP (File Transfer Protocol) server
D. A SQL (Structured Query Language) based database server
47. What kind of attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?

D. MD2
48. User A needs to send a private e-mail to User B. User A does not want anyone to have the ability to read the e-mail except for User B, thus retaining privacy.
Which tenet of information security is User A concerned about?

A. Authentication
B. Integrity
C. Confidentiality
D. Non-repudiation
49. You are researching the ARO and need to find specific data that can be used for risk assessment.
Which of the following will you use to find information?

A. Insurance companies
B. Stockbrokers
C. Manuals included with software and equipment.
D. None of the above. There is no way to accurately predict the ARO.
50. Giving each user or group of users only the access they need to do their job is an example of which security principal?

A. Least privilege
B. Defense in depth
C. Separation of duties
D. Access control
51. Documenting change levels and revision information is most useful for:

A. Theft tracking
B. Security audits
C. Disaster recovery
D. License enforcement
52. One way to limit hostile sniffing on a LAN (Local Area Network is by installing:

A. An ethernet switch.
B. An ethernet hub.
C. A CSU/DSU (Channel Service Unit/Data Service Unit).
D. A firewall.
53. Notable security organizations often recommend only essential services be provided by a particular host, and any unnecessary services be disabled.
Which of the following does NOT represent a reason supporting this recommendation?

A. Each additional service increases the risk of compromising the host, the services that run on the host, and potential clients of these services.
B. Different services may require different hardware, software, or a different discipline of administration.
C. When fewer services and applications are running on a specific host, fewer log entries and fewer interactions between different services are expected, which simplifies the analysis and maintenance of the system from a security point of view.
D. If a service is not using a well known port, firewalls will not be able to disable access to this port, and an administrator will not be able to restrict access to this service.
54. Which of the following backup methods copies only modified files since the last full backup?

A. Full
B. Differential
C. Incremental
D. Archive
55. You are compiling estimates on how much money the company could lose if a risk occurred one time in the future.
Which of the following would these amounts represent?

D. Asset identification
56. The term "due care" best relates to:

A. Policies and procedures intended to reduce the likelihood of damage or injury.
B. Scheduled activity in a comprehensive preventative maintenance program.
C. Techniques and methods for secure shipment of equipment and supplies.
D. User responsibilities involved when sharing passwords in a secure environment.
57. Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies.
What type of encryption is it from the list below?

B. Symmetric
C. Multifactor
D. Asymmetric
58. You are the first person to respond to the scene of an incident involving a computer being hacked. After determining the scope of the crime scene and securing it, you attempt to preserve evidence at the scene.
Which of the following tasks will you perform to preserve evidence? (Choose all that apply)

A. Photograph any information displayed on the monitors of computers involved in the incident.
B. Document any observation or messages displayed by the computer.
C. Shut down the computer to prevent further attacks that may modify data.
D. Gather up manuals, nonfunctioning devices, and other materials and equipment in the area so they are ready for transport.
59. At what stage of an assessment would an auditor test systems for weaknesses and attempt to defeat existing encryption, passwords and access lists?

A. Penetration
B. Control
C. Audit planning
D. Discovery
60. When examining the server's list of protocols that are bound and active on each network interface card, the network administrator notices a relatively large number of protocols.
Which actions should be taken to ensure network security?

A. Unnecessary protocols do not pose a significant to the system and should be left intact for compatibility reasons.
B. There are no unneeded protocols on most systems because protocols are chosen during the installation.
C. Unnecessary protocols should be disable on all server and client machines on a network as they pose great risk.
D. Using port filtering ACLs (Access Control List) at firewalls and routers is sufficient to stop malicious attacks on unused protocols.
61. Which of the following describes the concept of data integrity?

A. A means of determining what resources a user can use and view.
B. A method of security that ensures all data is sequenced, and numbered.
C. A means of minimizing vulnerabilities of assets and resources.
D. A mechanism applied to indicate a data's level of security.
62. In a decentralized privilege management environment, user accounts and passwords are stored on:

A. One central authentication server.
B. Each individual server.
C. No more than two servers.
D. One server configured for decentralized management.
63. In context of wireless networks, WEP (Wired Equivalent Privacy) was designed to:

A. Provide the same level of security as a wired LAN (Local Area Network).
B. Provide a collision preventive method of media access.
C. Provide a wider access area that that of wired LANs (Local Area Network).
D. Allow radio frequencies to penetrate walls.
64. What two functions does IPSec perform? (Choose two)

A. Provides the Secure Shell (SSH) for data confidentiality.
B. Provides the Password Authentication Protocol (PAP) for user authentication.
C. Provides the Authentication Header (AH) for data integrity.
D. Provides the Internet Protocol (IP) for data integrity.
E. Provides the Nonrepudiation Header (NH) for identity integrity.
F. Provides the Encapsulation Security Payload (ESP) for data confidentiality.
65. A primary drawback to using shared storage clustering for high availability and disaster recover is:

A. The creation of a single point of vulnerability.
B. The increased network latency between the host computers and the RAID (Redundant Array of Independent Disk) subsystem.
C. The asynchronous writes which must be used to flush the server cache.
D. The highest storage capacity required by the RAID (Redundant Array of Independent Disks) subsystem.
66. What are two common methods when using a public key infrastructure for maintaining access to servers in a network?

A. ACL and PGP.
B. PIM and CRL.
C. CRL and OCSP.
D. RSA and MD2
67. After installing a new operating system, what configuration changes should be implemented?

A. Create application user accounts.
B. Rename the guest account.
C. Rename the administrator account, disable the guest accounts.
D. Create a secure administrator account.
68. Users who configure their passwords using simple and meaningful things such as pet names or birthdays are subject to having their account used by an intruder after what type of attack?

A. Dictionary attack
B. Brute Force attack
C. Spoofing attack
D. Random guess attack
69. By definition, how many keys are needed to lock and unlock data using symmetric- key encryption?

A. 3+
B. 2
C. 1
D. 0
70. What kind of attack are hashed password vulnerable to?

A. Man in the middle.
B. Dictionary or brute force.
C. Reverse engineering.
D. DoS (Denial of Service)
71. What is one advantage if the NTFS file system over the FAT16 and FAT32 file systems?

A. Integral support for streaming audio files.
B. Integral support for UNIX compatibility.
C. Integral support for dual-booting with Red Hat Linux.
D. Integral support for file and folder level permissions.
72. You have identified a number of risks to which your company's assets are exposed, and want to implement policies, procedures, and various security measures.
In doing so, what will be your objective?

A. Eliminate every threat that may affect the business.
B. Manage the risks so that the problems resulting from them will be minimized.
C. Implement as many security measures as possible to address every risk that an asset may be exposed to.
D. Ignore as many risks as possible to keep costs down.
73. Which of the following results in a domain name server resolving the domain name to a different and thus misdirecting Internet traffic?

A. DoS (Denial of Service)
B. Spoofing
C. Brure force attack
D. Reverse DNS (Domain Name Service)
74. Active detection IDS systems may perform which of the following when a unauthorized connection attempt is discovered? (Choose all that apply)

A. Inform the attacker that he is connecting to a protected network.
B. Shut down the server or service.
C. Provide the attacker the usernames and passwords for administrative accounts.
D. Break off suspicious connections.
75. Honey pots are useful in preventing attackers from gaining access:

A. to critical systems
B. all systems
C. It depends on the style of attack used
D. it depends upon the PKI
76. An autonomous agent that copies itself into one or more host programs, then propagates when the host is run, is best described as a:

A. Trojan horse
B. Back door
C. Logic bomb
D. Virus
77. What technology was originally designed to decrease broadcast traffic but is also beneficial in reducing the likelihood of having information compromised by sniffers?

A. VPN (Virtual Private Network)
B. DMZ (Demilitarized Zone)
C. VLAN (Virtual Local Area Network)
D. RADIUS (Remote Authentic ation Dial- in User Service)
78. Of the following services, which one determines what a user can change or view?

A. Data integrity
B. Data confidentiality
C. Data authentication
D. Access control
79. IMAP4 requires port ___________ to be open.

A. 80
B. 53
C. 22
D. 21
E. 23
F. 25
G. 110
H. 143
I. 443
80. What are access decisions based on in a MAC (Mandatory Access Control) environment?

A. Access control lists
B. Ownership
C. Group membership
D. Sensitivity labels
81. As the Security Analyst for your companies network, you want to implement AES. What algorithm will it use?

A. Rijndael
B. Nagle
C. Spanning Tree
82. When securing a FTP (File Transfer Protocol) server, what can be done to ensure that only authorized users can access the server?

A. Allow blind authentication.
B. Disable anonymous authentication.
C. Redirect FTP (File Transfer Protocol) to another port.
D. Only give the address to users that need access.
83. Asymmetric cryptography ensures that:

A. Encryption and authentication can take place without sharing private keys.
B. Encryption of the secret key is performed with the fastest algorithm available.
C. Encryption occurs only when both parties have been authenticated.
D. Encryption factoring is limited to the session key.
84. You are promoting user awareness in forensics, so users will know what to do when incidents occur with their computers.
Which of the following tasks should you instruct users to perform when an incident occurs? (Choose all that apply)

A. Shut down the computer.
B. Contact the incident response team.
C. Documents what they see on the screen.
D. Log off the network.
85. When a session is initiated between the Transport Control Program (TCP) client and server in a network, a very small buffer space exist to handle the usually rapid "hand-shaking" exchange of messages that sets up the session.
What kind of attack exploits this functionality?

A. Buffer Overflow
B. SYN Attack
C. Smurf
D. Birthday Attack
86. A program that can infect other programs by modifying them to include a version of itself is a:

A. Replicator
B. Virus
C. Trojan horse
D. Logic bomb
87. A collection of information that includes login, file access, other various activities, and actual or attempted legitimate and unauthorized violations is a(n):

A. Audit
B. ACL (Access Control List)
C. Audit trail
D. Syslog
88. Forensic procedures must be followed exactly to ensure the integrity of data obtained in an investigation.
When making copies of data from a machine that us being examined, which of the following tasks should be done to ensure it is an exact duplicate?

A. Perform a cyclic redundancy check using a checksum or hashing algorithm.
B. Change the attributes of data to make it read only.
C. Open files on the original media and compare them to the copied data.
D. Do nothing. Imaging software always makes an accurate image.
89. DAC (Discretionary Access Control) system operate which following statement:

A. Files that don't have an owner CANT NOT be modified.
B. The administrator of the system is an owner of each object.
C. The operating system is an owner of each object.
D. Each object has an owner, which has full control over the object.
90. You have decided to implement biometrics as part of your security system. Before purchasing a locking system that uses biometrics to control access to secure areas, you need to decide what will be used to authenticate users.
Which of the following options relies solely on biometric authentication?

A. Username and password.
B. Fingerprints, retinal scans, PIN numbers, and facial characteristics.
C. Voice patterns, fingerprints, and retinal scans.
D. Strong passwords, PIN numbers, and digital imaging.
91. As the Security Analyst for your companies network, you want to implement Single Signon technology.
What benefit can you expect to get when implementing Single Signon?

A. You will need to log on twice at all times.
B. You can allow for system wide permissions with it.
C. You can install multiple applications.
D. You can browse multiple directories.
92. Many intrusion detection systems look for known patterns or ______ to aid in detecting attacks.

A. Viruses
B. Signatures
C. Hackers
D. Malware
93. What type of authentication may be needed when a stored key and memorized password are not strong enough and additional layers of security is needed?

A. Mutual
B. Multi-factor
C. Biometric
D. Certificate
94. You are the first to arrive at a crime scene in which a hacker is accessing unauthorized data on a file server from across the network.
To secure the scene, which of the followings actions should you perform?

A. Prevent members of the organization from entering the server room.
B. Prevent members of the incident response team from entering the server room.
C. Shut down the server to prevent the user from accessing further data.
D. Detach the network cable from the server to prevent the user from accessing further data.
95. You are the first person to arrive at a crime scene. An investigator and crime scene technician arrive afterwards to take over the investigation.
Which of the following tasks will the crime scene technician be responsible for performing?

A. Ensure that any documentation and evidence they possessed is handled over to the investigator.
B. Re-establish a perimeter as new evidence presents itself.
C. Establish a chain of command.
D. Tag, bag, and inventory evidence.
96. The defacto IT (Information Technology) security evaluation criteria for the international community is called?

A. Common Criteria
B. Global Criteria
C. TCSEC (Trusted Computer System Evaluation Criteria)
D. ITSEC (Information Technology Security Evaluation Criteria)
97. Which of the following is a technical solution that supports high availability?

A. UDP (User Datagram Protocol)
B. Anti-virus solution
C. RAID (Redundant Array of Independent Disks)
D. Firewall
98. Which of the following is an example of an asymmetric algorithm?

A. CAST (Carlisle Adams Stafford Tavares)
B. RC5 (Rivest Cipher 5)
C. RSA (Rivest Shamir Adelman)
D. SHA-1 (Secure Hashing Algorithm 1)
99. Dave is increasing the security of his Web site by adding SSL (Secure Sockets Layer).
Which type of encryption does SSL use?

A. Asymmetric
B. Symmetric
C. Public Key
D. Secret
100. What would NOT improve the physical security of workstations?

A. Lockable cases, keyboards, and removable media drives.
B. Key or password protected configuration and setup.
C. Password required to boot.
D. Strong passwords.
101. What are the four major components of ISAKMP (Internet Security Association and Key Management Protocol)?

A. Authentication of peers, threat management, communication ma nagement, and cryptographic key establishment.
B. Authentication of peers, threat management, communication management, and cryptographic key establishment and management.
C. Authentication of peers, threat management, security association creation and management cryptographic key establishment and management.
D. Authentication of peers, threat management, security association creation and management and cryptographic key management.
102. Security training should emphasise that the weakest links in the security of an organization are typically:

A. Firewalls
B. Polices
C. Viruses
D. users
103. IEEE (Institute of Electrical and Electronics Engineers) 802.11b is capable of providing data rates of:

A. 10 Mbps (Megabits per second)
B. 10.5 Mbps (Megabits per second)
C. 11 Mbps (Megabits per second)
D. 12 Mbps (Megabits per second)
104. The standard encryption algorithm based on Rijndael is known as:

A. AES (Advanced Encryption Standard)
B. 3DES (Triple Data Encryption Standard)
C. DES (Data Encryption Standard)
D. Skipjack
105. Security controls may become vulnerabilities in a system unless they are:

A. Designed and implemented by the system vendor.
B. Adequately tested.
C. Implemented at the application layer in the system.
D. Designed to use multiple factors of authentication.
106. Which of the following is considered the best technical solution for reducing the treat of a man in the middle attack?

A. Virtual LAN (Local Area Network)
B. GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol- within- Internet Protocol Encapsulation Protocol)
C. PKI (Public Key Infrastructure)
D. Enforcement of badge system
107. Access controls based on security labels associated with each data item and each user are known as:

A. MACs (Mandatory Access Control)
B. RBACs (Role Based Access Control)
C. LBACs (List Based Access Control)
D. DACs (Discretionary Access Control)
108. An extranet would be best defined as an area or zone:

A. Set aside for business to store extra servers for internal use.
B. Accessible to the general public for accessing the business' web site.
C. That allows a business to securely transact with other businesses.
D. Added after the original network was built for additional storage.
109. What authentication problem is addressed by single sign on?

A. Authorization through multiple servers.
B. Multiple domains.
C. Multi-factor authentication.
D. Multiple usernames and passwords.
110. An administrator is concerned with viruses in e-mail attachments being distributed and inadvertently installed on user's workstations.
If the administrator sets up and attachment filter, what types of attachments should be filtered from e-mails to minimize the danger of viruses?

A. Text file
B. Image files
C. Sound files
D. Executable files
111. When an ActiveX control is executed, it executes with the privileges of the:

A. Current user account
B. Administrator account
C. Guest account
D. System account
112. IDEA (International Data Encryption Algorithm), Blowfish, RC5 (Rivest Cipher 5) and CAST-128 are encryption algorithms of which type?

A. Symmetric
B. Asymmetric
C. Hashing
D. Elliptic curve
113. An example of a physical access barrier would be:

A. Video surveillance
B. Personnel traffic pattern management
C. Security guard
D. Motion detector
114. Which of the following is likely to be found after enabling anonymous FTP (File Transfer Protocol) read/write access?

A. An upload and download directory for each user.
B. Detailed logging information for each user.
C. Storage and distribution of unlicensed software.
D. Fewer server connections and less network bandwidth utilization.
115. A network attack method that uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer is known as a:

A. Man in the middle attack
B. Smurf attack
C. Ping of death attack
D. TCP SYN (Transmission Control Protocol / Synchronized) attack
116. What is NOT an acceptable use for smart card technology?

A. Mobile telephones
B. Satellite television access cards
C. A PKI (Public Key Infrastructure) token card shared by multiple users
D. Credit cards
117. An effective method of preventing computer viruses from spreading is to:

A. Require root/administrator access to run programs.
B. Enable scanning of e-mail attachments.
C. Prevent the execution of .vbs files.
D. Install a host based IDS (Intrusion Detection System)
118. A PKI (Public Key Infrastructure) document that serves as the vehicle on which to base common interoperability standards and common assurance criteria on an industry wide basis is a certificate:

A. Policy
B. Practice
C. Procedure
D. Process
119. Currently, the most costly method of an authentication is the use of:

A. Passwords
B. Tokens
C. Biometrics
D. Shared secrets
120. Which systems should be included in a disaster recover plan?

A. All systems.
B. Those identified by the board of directors, president or owner.
C. Financial systems and human resources systems.
D. Systems identified in a formal risk analysis process.
121. What is the best defense against man in the middle attacks?

A. A firewall
B. Strong encryption
C. Strong authentication
D. Strong passwords
122. One of the most effective ways for an administrator to determine what security holes reside on a network is to:

A. Perform a vulnerability assessment.
B. Run a port scan.
C. Run a sniffer.
D. Install and monitor and IDS (Intrusion Detection System)
123. Analyzing log files after an attack has started as an example of:

A. Active detection
B. Overt detection
C. Covert detection
D. Passive detection
124. A malformed MIME (Multipurpose Internet Mail Extensions) header can:

A. Create a back door that will allow an attacker free access to a company's private network.
B. Create a virus that infects a user's computer.
C. Cause an unauthorized disclosure of private information.
D. Cause an e-mail server to crash.
125. An attacker can determine what network services are enabled on a target system by:

A. Installing a rootkit on the target system.
B. Checking the services file.
C. Enabling logging on the target system.
D. Running a port scan against the target system.
126. What type of attack CANNOT be detected by an IDS (Intrusion Detection System)?

A. DoS (Denial of Service)
B. Exploits of bugs or hidden features
C. Spoofed e- mail
D. Port scan
127. Regarding security, biometrics are used for:

A. Accountability
B. Certification
C. Authorization
D. Authentication
128. What is the most effective social engineering defense strategy?

A. Marking of documents
B. Escorting of guests
C. Badge security system
D. Training and awareness
129. A security administrator tasked with confining sensitive data traffic to a specific subnet would do so by manipulating privilege policy based tables in the networks:

A. Server
B. Router
C. VPN (Virtual Private Network)
D. Switch
130. For system logging to be an effective security measure, an administrator must:

A. Review the logs on a regular basis.
B. Implement circular logging.
C. Configure the system to shutdown when the logs are full.
D. Configure SNMP (Simple Network Management Protocol) traps for logging events.
131. With regards to the use of Instant Messaging, which of the following type of attack strategies is effectively combated with user awareness training?

A. Social engineering
B. Stealth
C. Ambush
D. Multi-prolonged
132. The process by which remote users can make a secure connection to internal resources after establishing an Internet connection could correctly be referred to as:

A. Channeling
B. Tunneling
C. Throughput
D. Forwarding
133. Appropriate documentation of a security incident is important for each of the following reasons EXCEPT:

A. The documentation serves as a lessons learned which may help avoid further exploitation of the same vulnerability.
B. The documentation will server as an aid to updating policy and procedure.
C. The documentation will indicate who should be fired for the incident.
D. The documentation will server as a tool to assess the impact and damage for the incident.
134. Assuring the recipient that a message has not been altered in transit is an example of which of the following:

A. Integrity
B. Static assurance
C. Dynamic assurance
D. Cyclical check sequence
135. Which of the following is expected network behavior?

A. Traffic coming from or going to unexpected locations.
B. Non-standard or malformed packets/protocol violations.
C. Repeated, failed connection attempts.
D. Changes in network performance such as variations in traffic load.
136. Which of the following steps in the SSL (Secure Socket Layer) protocol allows for client and server authentication, MAC (Mandatory Access Control) and encryption algorithm negotiation, and selection of cryptographic keys?

A. SSL (Secure Sockets Layer) alert protocol.
B. SSL (Secure Sockets Layer) change cipher spec protocol.
C. SSL (Secure Sockets Layer) record protocol.
D. SSL (Secure Sockets Layer) handshake protocol.
137. Which of the following correctly identifies some of the contents of an user's X.509 certificate?

A. User's public key, object identifiers, and the location of the user's electronic identity.
B. User's public key, the CA (Certificate Authority) distinguished name, and the type of symmetric algorithm used for encryption.
C. User's public key, the certificate's serial number, and the certificate's validity dates.
D. User's public key, the serial number of the CA (Certificate Authority) certificate, and the CRL (Certificate Revocation List) entry point.
138. An organization is implementing Kerberos as its primary authentication protocol.
Which of the following must be deployed for Kerberos to function properly?

A. Dynamic IP (Internet Protocol) routing protocols for routers and servers.
B. Separate network segments for the realms.
C. Token authentication devices.
D. Time synchronization services for clients and servers.
139. The WAP (Wireless Application Protocol) programming model is based on the following three elements:

A. Client, original server, WEP (Wired Equivalent Privacy)
B. Code design, code review, documentation
C. Client, original server, wireless interface card
D. Client, gateway, original server
140. Technical security measures and countermeasures are primary intended to prevent:

A. Unauthorized access, unauthorized modification, and denial of authorized access.
B. Interoperability of the framework, unauthorized modification, and denial of authorized access.
C. Potential discovery of access, interoperability of the framework, and denial of authorized access.
D. Interoperability of the framework, unauthorized modification, and unauthorized access.
141. Poor programming techniques and lack of code review can lead to which of the following type of attack?

A. CGI (Common Gateway Interface) script
B. Birthday
C. Buffer overflow
D. Dictionary
142. Which of the following is NOT a characteristic of DEN (Directory Enabled Networking)?

A. It is mapped into the directory defined as part of the LDAP (Lightweight Directory Access Protocol).
B. It is inferior to SNMP (Simple Network Management Protocol).
C. It is an object oriented information model.
D. It is an industry standard indicating how to construct and store information about a network's users, applications and data.
143. Privileged accounts are most vulnerable immediately after a:

A. Successful remote login.
B. Privileged user is terminated.
C. Default installation is performed.
D. Full system backup is performed.
144. What is the advantage of a multi-homed firewall?

A. It is relatively inexpensive to implement.
B. The firewall rules are easier to manage.
C. If the firewall is compromised, only the systems in the DMZ (Demilitarized Zone) are exposed.
D. An attacker must circumvent two firewalls.
145. A password security policy can help a system administrator to decrease the probability that a password can be guessed by reducing the password's:

A. Length
B. Lifetime
C. Encryption level
D. Alphabet set
146. An inherent flaw of DAC (Discretionary Access Control) relating to security is:

A. DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse.
B. DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates.
C. DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account.
D. DAC (Discretionary Access Control) has no known security flaws.
147. What is the most common method used by attackers to identify the presence of an 801.11b network?

A. War driving
B. Direct inward dialing
C. War dialing
D. Packet driving
148. The best method to use for protecting a password stored on the server used for user authentication is to:

A. Store the server password in clear text.
B. Hash the server password.
C. Encrypt the server password with asymmetric keys.
D. Encrypt the server password with a public key.
149. During the digital signature process, asymmetric cryptography satisfied what security requirement?

A. Confidentiality
B. Access control
C. Data integrity
D. Authentication
150. The most effective way an administrator can protect users from social engineering is:

A. Education
B. Implement personal firewalls.
C. Enable logging on at user's desktops.
D. Monitor the network with an IDS (Intrusion Detection System)
151. The action of determining which operating system is installed on a system simply by analyzing its response to certain network traffic is called:

A. OS (Operating System) scanning.
B. Reverse engineering.
C. Fingerprinting
D. Host hijacking.
152. One of the factors that influence the lifespan of a public key certificate and its associated keys is the:

A. Value of the information it is used to protect.
B. Cost and management fees.
C. Length of the asymmetric hash.
D. Data available openly on the cryptographic system.
153. A DRP (Disaster Recovery Plan) typically includes which of the following:

A. Penetration testing.
B. Risk assessment.
C. DoS (Denial of Service) attack.
D. ACLs (Access Control List).
154. Which of the following is the best description of "separation of duties"?

A. Assigning different parts of tasks to different employees.
B. Employees are granted only the privileges necessary to perform their tasks.
C. Each employee is granted specific information that is required to carry out the job function.
D. Screening employees before assigning them to a position.
155. Which of the following is a popular VPN (Virtual Private Network) protocol operating at OSI (Open Systems Interconnect) model Layer 3?

A. PPP (Point-to-Point Protocol)
B. SSL (Secure Sockets Layer)
C. L2TP (Layer Two Tunneling Protocol)
D. IPSec (Internet Protocol Security)
156. The system administrator has just used a program that highlighted the susceptibility of several servers on the network to various exploits. The program also suggested fixes.
What type of program was used?

A. Intrusion detection
B. Port scanner
C. Vulnerability scanner
D. Trojan scanner
157. Which protocol is typically used for encrypting traffic between a web browser and web server?

A. IPSec (Internet Protocol Security)
B. HTTP (Hypertext Transfer Protocol)
C. SSL (Secure Sockets Layer)
D. VPN (Virtual Private Network)
158. What fingerprinting technique relies on the fact that operating systems differ in the amount of information that is quoted when ICMP (Internet Control Message Protocol) errors are encountered?

A. TCP (Transmission Control Protocol) options.
B. ICMP (Internet Control Message Protocol) error message quenching.
C. Fragmentation handling.
D. ICMP (Internet Control Message Protocol) message quoting.
159. Incorrectly detecting authorized access as an intrusion or attack is called a false:

A. Negative
B. Intrusion
C. Positive
D. Alarm
160. When hardening a machine against external attacks, what process should be followed when disabling services?

A. Disable services such as DHCP (Dynamic Host Configuration Protocol) client and print servers from servers that do not use/serve those functions.
B. Disable one unnecessary service after another, while reviewing the effects of the previous action.
C. Research the services and their dependencies before disabling any default services.
D. Disable services not directly related to financial operations.
161. The best protection against the abuse of remote maintenance of PBX (Private Branch Exchange) system is to:

A. Keep maintenance features turned off until needed
B. Insists on strong authentication before allowing remote maintenance
C. Keep PBX (Private Branch Exchange) in locked enclosure and restrict access to only a few people.
D. Check to see if the maintenance caller is on the list of approved maintenance personnel
162. A high profile company has been receiving a high volume of attacks on their web site. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken.
What should be implemented?

A. A DMZ (Demilitarized Zone)
B. A honey pot
C. A firewall
D. A new subnet
163. The protection of data against unauthorized access or disclosure is an example of what?

A. Confidentiality
B. Integrity
C. Signing
D. Hashing
164. You are running cabling for a network through a boiler room where the furnace and some other heavy machinery reside. You are concerned about interference from these sources.
Which of the following types of cabling provides the best protection from interference in this area?

C. Coaxial
D. Fiber-optic
165. In order for a user to obtain a certificate from a trusted CA (Certificate Authority), the user must present proof of identity and a:

A. Private key
B. Public key
C. Password
D. Kerberos key
166. If a private key becomes compromised before its certificate's normal expiration, X.509 defines a method requiring each CA (Certificate Authority) to periodically issue a signed data structure called a certificate:

A. Enrollment list
B. Expiration list
C. Revocation list
D. Validation list
167. An application that appears to perform a useful function but instead contains some sort of malicious code is called a ..........

A. Worm
B. SYN flood
C. Virus
D. Trojan Horse
E. Logic Bomb
168. How many bits are employed when using has encryption?

A. 32
B. 64
C. 128
D. 256
169. What transport protocol and port number does SHH (Secure Shell) use?

A. TCP (Transmission Control Protocol) port 22
B. UDP (User Datagram Protocol) port 69
C. TCP (Transmission Control Protocol) port 179
D. UDP (User Datagram Protocol) port 17
170. While performing a routing site audit of your wireless network, you discover an unauthorized Access Point placed on your network under the desk of Accounting department security. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several time s, including taking her to lunch one time.
What type of attack have you just become a victim of?

A. SYN Flood.
B. Distributed Denial of Service.
C. Man in the Middle attack.
D. TCP Flood.
E. IP Spoofing.
F. Social Engineering
171. When visiting an office adjacent to the server room, you discover the lock to the window is broken. Because it is not your office you tell the resident of the office to contact the maintenance person and have it fixed. After leaving, you fail to follow up on whether the windows was actually repaired.
What affect will this have on the likelihood of a threat associated with the vulnerability actually occurring?

A. If the window is repaired, the likelihood of the thread occurring will increase.
B. If the window is repaired, the likelihood of the threat occurring will remain constant.
C. If the window is not repaired the, the likelihood of the threat occurring will decrease.
D. If the window is not repaired, the likelihood of the threat occurring will increase.
172. Providing false information about the source of an
attack is known as:

A. Aliasing
B. Spoofing
C. Flooding
D. Redirecting
173. The start of the LDAP (Lightweight Directory Access Protocol)
directory is called the:

A. Head
B. Root
C. Top
D. Tree
174. A company consists of a main building with two smaller branch offices at opposite ends of the city. The main building and branch offices are connected with fast links so that all employees have good connectivity to the network.
Each of the buildings has security measures that require visitors to sign in, and all employees are required to wear identification badges at all times. You want to protect servers and other vital equipment so that the company has the best level of security at the lowest possible cost.
Which of the following will you do to achieve this objective?

A. Centralize servers and other vital components in a single room of the main building, and add security measures to this room so that they are well protected.
B. Centralize most servers and other vital components in a single room of the main building, and place servers at each of the branch offices. Add security measures to areas where the servers and other components are located.
C. Decentralize servers and other vital components, and add security measures to areas where the servers and other components are located.
D. Centralize servers and other vital components in a single room in the main building. Because the building prevents unauthorized access to visitors and other persons, there is no need to implement physical security in the server room.
175. You are explaining SSL to a junior administrator and
come up to the topic of handshaking.
How many steps are employed between the client and server in the SSL handshake process?

A. Five
B. Six
C. Seven
D. Eight
176. An administrator notices that an e-mail server is currently relaying e-mail (including spam) for any e-mail server requesting relaying. Upon further investigation the administrator notices the existence of /etc/mail/relay domains.
What modifications should the administrator make to the relay domains file to prevent relaying for non-explicitly named domains?

A. Move the .* entry to the bottom of the relay domains file and restart the e- mail process.
B. Move the .* entry to the top of the relay domains file and restart the e- mail process.
C. Delete the .* entry in the relay domains file and restart the e- mail process.
D. Delete the relay domains file from the /etc/mail folder and restart the e-mail process.
177. Access control decisions are based on responsibilities that an individual user or process has in an organization.
This best describes:

A. MAC (Mandatory Access Control)
B. RBAC (Role Based Access Control)
C. DAC (Discretionary Access Control)
D. None of the above.
178. A honey pot is define as ________.

A. A decoy system or network to attract attacks away from your real network.
B. A place to store passwords.
C. A sage haven for your backup media.
D. Something that exist only in theory.
179. A problem with air conditioning is causing fluctuations in temperature in the server room. The temperature is rising to 90 degrees when the air conditioner stops working, and then drops to 60 degrees when it starts working again.
The problem keeps occurring over the next two days.
What problem may result from these fluctuations? (Select the best answer)

A. Electrostatic discharge
B. Power outages
C. Chip creep
D. Poor air quality
180. You have been alerted to the possibility of someone using an application to capture and manipulate packets as they are passing through your network.
What type of threat does this represent?

A. DDos
B. Back Door
C. Spoofing
D. Man in the Middle
181. Which of the following media types is most immune to RF (Radio Frequency) eavesdropping?

A. Coaxial cable
B. Fiber optic cable
C. Twisted pair wire
D. Unbounded
182. What statement is most true about viruses and hoaxes?

A. Hoaxes can create as much damage as a real virus.
B. Hoaxes are harmless pranks and should be ignored.
C. Hoaxes can help educate user about a virus.
D. Hoaxes carry a malicious payload and can be destructive.
183. While connected from home to an ISP (Internet Service Provider), a network administrator performs a port scan against a corporate server and encounters four open TCP (Transmission Control Protocol) ports: 25, 110, 143 and 389. Corporate users in the organization must be able to connect from home, send and receive messages on the Internet, read e-mail by beams of the IMAPv.4 (Internet Message Access Protocol version 4) protocol, and search into a directory services database for user e-mail addresses, and digital certificates.
All the e-mail relates services, as well as the directory server, run on the scanned server.

Which of the above ports can be filtered out to decrease unnecessary exposure without affecting functionality?

A. 25
B. 110
C. 143
D. 389
184. A piece of malicious code that can replicate itself has no productive purpose and exist only to damage computer systems or create further vulnerabilities is called a?

A. Logic Bomb
B. Worm
C. Trojan Horse
D. SYN flood
E. Virus
185. When evidence is acquired, a log is started that records who had possession of the evidence for a specific amount of time. This is to avoid allegations that the evidence may have been tampered with whe n it was unaccounted for, and to keep track of the tasks performed in acquiring evidence from a piece of equipment or materials.
What is the term used to describe this process?

A. Chain of command.
B. Chain of custody.
C. Chain of jurisdiction.
D. Chain of evidence.
186. Data integrity is best achieved using a(n)

A. Asymmetric cipher
B. Digital certificate
C. Message digest
D. Symmetric cipher
187. A recent audit shows that a user logged into a server with their user account and executed a program. The user then performed activities only available to an administrator.
This is an example of an attack?

A. Trojan horse
B. Privilege escalation
C. Subseven back door
D. Security policy removal
188. When a user clicks to browse a secure page, the SSL (Secure Sockets Layer) enabled server will first:

A. Use its digital certificate to establish its identity to the browser.
B. Validate the user by checking the CRL (Certificate Revocation List).
C. Request the user to produce the CRL (Certificate Revocation List).
D. Display the requested page on the browser, then provide its IP (Internet Protocol) address for verification
189. You are assessing risks and determining which asset protection policies to create first. Another member of the IT staff has provided you with a list of assets which have importance weighted on a scale of 1 to 10. Internet connectivity has an importance of 8, data has an importance of 9, personnel have an importance of 7, and software has an importance of 5.
Based on the weights, what is the order in which you will generate new policies?

A. Internet policy, data security, personnel safety policy, software policy.
B. Data security policy, Internet policy, software policy, personnel safety policy.
C. Software policy, personnel safety policy, Internet policy, data security policy.
D. Data security policy, Internet policy, personnel safety policy, software policy.
190. Controlling access to information systems and associated networks is necessary for the preservation of their:

A. Authenticity, confidentiality, integrity and availability.
B. Integrity and availability.
C. Confidentiality, integrity and availability.
D. Authenticity, confidentiality and availability.
191. What design feature of Instant Messaging makes it extremely insecure compared to other messaging systems?

A. It is a peer-to-peer network that offers most organizations virtually no control over it.
B. Most IM clients are actually Trojan Horses.
C. It is a centrally managed system that can be closely monitored.
D. It uses the insecure Internet as a transmission medium.
192. Access controls that are created and administered by the data owner are considered:

A. MACs (Mandatory Access Control)
B. RBACs (Role Based Access Control)
C. LBACs (List Based Access Control)
D. DACs (Discretionary Access Control)
193. A well defined business continuity plan must consist of risk and analysis, business impact analysis, strategic planning and mitigation, training and awareness, maintenance and audit and:

A. Security labeling and classification.
B. Budgeting and acceptance.
C. Documentation and security labeling.
D. Integration and validation.
194. John wants to encrypt a sensitive message before sending it to one of his managers.
Which type of encryption is often used for e-mail?

195. What is the greatest benefit to be gained through the use of S/MINE /Secure Multipurpose Internet Mail Extension)? The ability to:

A. Encrypted and digitally sign e-mail messages.
B. Send anonymous e-mails.
C. Send e- mails with a return receipt.
D. Expedite the delivery of e-mail.