Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

100 Cards in this Set

  • Front
  • Back
101. Which of the following is the greatest problem associated with Instant Messaging?

A. widely deployed and difficult to control.
B. created without security in mind.
C. easily spoofed.
D. created with file sharing enabled.
102. An organization is implementing Kerberos as its primary authentication protocol. Which of the following must be deployed for Kerberos to function properly?

A. dynamic IP (Internet Protocol) routing protocols for routers and servers.
B. separate network segments for the realms.
C. token authentication devices.
D. time synchronization services for clients and servers.
103. Searching through trash is used by an attacker to acquire data such as network diagrams, IP (Internet Protocol) address lists and:

A. boot sectors.
B. process lists.
C. old passwords.
D. virtual memory.
104. Discouraging employees from misusing company e-mail is best handled by:

A. enforcing ACL (Access Control List).
B. creating a network security policy.
C. implementing strong authentication.
D. encrypting company e-mail messages.
105. The Diffie-Hellman algorithm allows:

A. access to digital certificate stores from s-certificate authority.
B. a secret key exchange over an insecure medium without any prior secrets.
C. authentication without the use of hashing algorithms.
D. multiple protocols to be used in key exchange negotiations.
106. Which of the following type of attack CAN NOT be deterred solely through technical means?

A. dictionary.
B. man in the middle.
C. DoS (Denial of Service).
D. social engineering.
107. Which of the following is the best description of “separation of duties”?

A. assigning different parts of tasks to different employees.
B. employees are granted only the privileges necessary to perform their tasks.
C. each employee is granted specific information that is required to carry out a job function.
D. screening employees before assigning them to a position.
108. How must a firewall be configured to make sure that a company can communicate with other companies using SMTP (Simple Mail Transfer Protocol) e-mail?

A. Open TCP (transmission Control Protocol) port 110 to all inbound and outbound connections.
B. Open UDP (User Datagram Protocol) port 110 to all inbound connections.
C. Open UUP (User Datagram Protocol) port 25 to all inbound connections.
D. Open TCP (Transmission Control Protocol) port 25 to all inbound and outbound connections.
109. An organization’s primary purpose in conducting risk analysis in dealing with computer security is:

A. to identify vulnerabilities to the computer systems within the organization.
B. to quantify the impact of potential threats in relation to the cost of lost business-functionality.
C. to identify how much it will cost to implement countermeasures.
D. to delegate responsibility.
110. A user wants to send an e-mail and ensure that the message is not tampered with while in transit. Which feature of modern cryptographic systems will facilitate this?

A. confidentiality.
B. authentication.
C. integrity.
D. non-repudiation.
111. WTLS (Wireless Transport Layer Security) provides security services between a mobile device and a:

A. WAP (Wireless Application Protocol) gateway.
B. web server.
C. wireless client.
D. wireless network interface card.
112. What are three measures which aid in the prevention of a social engineering attack?

A. education, limit available information and security policy.
B. education, firewalls and security policy.
C. security policy, firewalls and incident response.
D. security policy, system logging and incident response.
113. A server placed into service for the purpose of attracting a potential intruder’s attention is known as a:

A. honey pot.
B. lame duck.
C. teaser.
D. pigeon.
114. Which of the following would be most effective in preventing network traffic sniffing?

A. deploy an IDS (Intrusion Detection System).
B. disable promiscuous mode.
C. use hubs instead of routers.
D. use switches instead of hubs.
115. What ports does FTP (File Transfer Protocol) use?

A. 20 and 21.
B. 25 and 110.
C. 80 and 443.
D. 161 and 162.
116. A decoy system that is designed to devert an attacker from accessing critical systems while collecting information about the attacker’s activity, and encouraging the attacker to sts-y on the system long enough for administrators to respond is known as:

A. DMZ (Demilitarized Zone).
B. honey pot.
C. intrusion detector.
D. screened host.
117. An e-mail relay server is mainly used to:

A. block all spam, which allows the e-mail system to function more efficiently without the additional load of spam.
B. prevent viruses from entering the network.
C. defend the primary e-mail server and limit the effects of any attack.
D. eliminate e-mail vulnerabilities since all e-mail is passed through the relay first.
118. What network mapping tool uses ICMP (Internet Control Message Protocol)?

A. port scanner.
B. map scanner.
C. ping scanner.
D. share scanner.
119. Which two protocols are VPN (Virtual Private Network) tunneling protocols?

A. PPP (point-to-Point Protocol) and SliP (Serial Line Internet Protocol).
B. PPP (Point-Point-Protocol) and PPTP (Point-to-Point Tunneling Protocol).
C. L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol).
D. SMTP (Simple Mail Transfer Protocol) and L2TP (Layer Two Tunneling Protocol).
120. File encryption using symmetric cryptography satisfies what security requirement?

A. confidentiality.
B. access control.
C. data integrity.
D. authentication.
121. An e-mail is received alerting the network administrator to the presence of a virus on the system if a specific executable file exists. What should be the first course of action?

A. Investigate the e-mail as a possible hoax with a reputable anti-virus vendor.
B. Immediately search for and delete the file if discovered.
C. Broadcast amessage to the entire organization to alert users to the presence of a virus.
D. Locate and download a patch to repair the file.
122. Part of a fire protection plan for a computer room should include;

A. procedures for an emergency shutdown of equipment.
B. a sprinkler system that exceeds local code requirements.
C. the exclusive use of non-flammable materials within the room.
D. fireproof doors that can be easily opened if an alarm is sounded.
123. Which of the following is an HTTP (Hypertext Transfer Protocol) extension or mechanism used to retain connection data, user information, history of sites visited, and can be used by attackers for spoofing an on-line identity?

A. HTTPS (Hypertext Transfer Protocol over SSL).
B. cookies.
C. HTTP (Hypertext Transfer Protocol)/l.0 Caching.
D. vCard v3.0.
124. ActiveX controls__________ to prove where they originated.

A. are encrypted.
B. are stored on the web server.
C. use SSL (Secure Sockets Layer).
D. are digitally signed.
125. A virus that hides itself by intercepting disk access requests is:

A. multipartite.
B. stealth.
C. interceptor.
D. polymorphic.
126. When a potential hacker looks through trash, the most useful items or information that might be found include all except:

A. an IP (Internet Protocol) address.
B. system configuration or network map.
C. old passwords.
D. system access requests.
127. A user logs onto a workstation using a smart card containing a private key. The user is verified when the public key is successfully factored with the private key. What security service is being provided?

A. authentication.
B. confidentiality.
C. integuity.
D. non-repudiation.
128. In cryptographic operations, digital signatures can be used for which of the following systems?

A. encryption.
B. asymmetric key.
C. symmetric and encryption.
D. public and decryption.
129. Which of the following programs is able to distribute itself without using a host file?

A. virus.
B. Trojan horse.
C. logic bomb.
D. worm.
130. Malicious code is installed on a server that will e-mail system keystrokes stored in a text file to the author and delete system logs every five days or whenever a backup is performed. What type of program is this?

A. virus.
B. back door.
C. logic bomb.
D. worm.
131. What is a common type of attack on web servers?

A. birthday.
B. buffer overflow.
C. spam.
D. brute force.
132. Digital signatures can be used for which of the following?

A. availability.
B. encryption.
C. decryption.
D. non-repudiation.
133. Malicious port scanning is a methed of attack to determine which of the following?

A. computer name
B. the fingerprint of the operating system
C. the physical cabling topology of a network
D. user IDs and passwords
134. What should be done to secure a DHCP (Dynamic Host Configuration Protocol) service?

A. block ports 67 and 68 at the firewall.
B. block port 53 at the firewall.
C. block ports 25 and 26 at the firewall.
D.block port 110 at the flrewall.
135. During the digital signature process, asymmetric cryptography satisfies what security requirement?

A. confidentiality.
B. access control.
C. data. integrity.
D. authentication.
136. Which security method is in place when the administrator of a network enables access lists on the routers to disable all ports that are not used?

A. MAC (Mandatory Access Control).
B. DAC (fliscretionary Access Control).
C. RBAC (Role Based Access Control).
D. SAC (Subjective Access Control).
137. What is the first step before a wireless solution is implemented?

A. ensure adhoc mode is enabled on the access points.
B. ensure that all users have strong passwords.
C. purchase only Wi-Fi (Wireless Fidelity) equipment.
D. perform a thorough site survey.
138. A system administrator discovers suspicious activity that might indicate a computer crime. The administrator should flrst:

A. refer to incident response plan.
B. change ownership of any related files to prevent tampering.
C. move any related programs and files to non-erasable media.
D. set the system time to ensure any logged information is accurate.
139. The information that governs and associates users and groups to certain rights to use, read, write, modify, or execute objects on the system is called a(n):

A. public key ring.
B. ACL (Access Control List).
C. digital signature.
D. CRL (Certificate Revocation Lists).
140. Which of the following is expected network behavior?

A. traffic coming from or going to unexpected locations.
B. non-standard or malformed packets/protocol violations.
C. repeated, failed connection attempts.
D. changes in network performance such as variations in traffic load.
141. Security training should emphasize that the weakest links in the security of an organization are typically:

A. firewalls.
B. policies.
C. viruses.
D. people.
142. For system logging to be an effective security measure, an administrator must:

A. review the logs on a regular basis.
B. implement circular logging.
C. configure the system to shutdown when the logs are fill.
D. configure SNMP (Simple Network Management Protocol) traps for logging events.
143. A perimeter router is configured with a restrictive ACL (Access Control List). Which transport layer protocols and ports must be allowed in order to support L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol) connections respectively, through the perimeter router?

A. TCP (rransmission Control Protocol) port 635 and UDP (User Dalagram Protocol) port 654
B. TCP (Fransmission Control Protocol) port 749 and UDP (User Datagram Protocol) port 781
C. UDP (User Datagram Protocol) port 1701 and TCP (transmission Control Protocol) port 1723
D. TCP (rransmission Control Protocol) port 1812 and UDP (User Datagram Protocol) port 1813
144. Which of the following keys is contained in a digital certificate?

A. public key.
B. private key.
C. hashing key.
D. session key.
145. Which of the following options describes a challenge-response session?

A. A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identificatton Number).
B. a workstaiion or system Ihat generates a random login ID that the user enters when prompted along with the proper PIN (Personal Identification Number).
C. a special hardware device that is used to generate random text in a cryptography system.
D. the authentication mechanism in the workstation or system does act determine if the owner should be authenticated.
146. Message authentication codes are used to provide which service?

A. integrity.
B. fault recovery.
C. key recovery.
D. acknowledgement.
147. Single servers are frequently the targets of attacks because they contain:

A. application launch scripts.
B. security policy settings.
C. credentials for many systems and users.
D. master encryption keys.
148. Sensitive data traffic can be confined to workstations on a specific subnet using privilege policy based tables in the:

A. router.
B. server.
C. modem.
D. VPN (Virtual Private Network).
149. Which one of the following would most likely lead to a CGI (Common Gateway Interface) security problem?

A. HTTP (Hypertext Transfer Protocol) protocol.
B. compiler or interpreter that DNS the CGI (Common Gateway Interface) script.
C. the web browser.
D. external data supplied by the user.
150. An attacker manipulates what field of an IP (Internet Protocol) packet in an IP (Internet Protocol) spoofing attack?

A. version field.
B. source address field.
C. source port field.
D. destination address field.
151. What is the best method of defense against IP (Internet Protocol) spoofing attacks?

A. deploying intrusion detection systems.
B. creating a DMZ (Demilitarized Zone).
C. applying ingress filtering to routers.
D. There is not a good defense against IP (Internet Protocol) spoofing.
152. What access control principle requires that every user or process is given the most restricted privileges?

A. control permissions.
B. least privilege.
C. hierarchical permissions.
D. access mode.
153. Incorrectly detecting authorized access as an intrusion or attack is called a false:

A. negative.
B. intrusion.
C. positive.
D. alarm.
154. A VPN (Virtual Private Network) using IPSec (Internet Protocol Security) in the tunnel mode will provide encryption for the:

A. one time pad used in handshaking.
B. payload and message header.
C. hashing algorithm and all e-mail messages.
D. message payload only.
155. When implementing Kerberos authentication, which of the following factors must be accounted for?

A. Kerberos can be susceptible to man in the middle attacks to gain unauthorized access.
B. Kerberos tickets can be spoofed using replay attacks to network resources.
C. Kerberos requires a centrally managed database of all user and resource passwords.
D. Kerberos uses clear text passwords.
156. Which of the following protocols is most similar to SSLv3 (Secure Sockets Layer version 3)?

A. TLS (transport Layer Security).
B. MPLS (Multi-Protocol Label Switching).
C. SASL (Simple Authentication and Security Layer).
D. MLS (Multi-Layer Switching).
157. How should a primary DNS (D)omain Name Service) server be configured to-provide the best security against DoS (Denial of Service) and hackers?

A. disable the DNS (Domain Name Service) cache function.
B. disable application services other than DNS (Domain Name Service).
C. disable the DNS (Domain Name Service) reverse lookup function.
D. allow only encrypted zone transfer to a secondary DNS (Domain Name Service) server.
158. What type of security process will allow others to verify the originator of an e-mail message?

A. authentication.
B. integrity.
C. non-repudiation.
D. confidentiality.
159. Which of the following statements is true about Network based IDS (Intrusion Detection System)?

A. Network based (Intrusion Detection System) are never passive devices that listen on a network wire-without interfering with the normal operation of a network.
B. Network based IDS (Intrusion Detection System) are usually passive devices that listen on a network wire while interfering with the normal operation of a network.
C. Network based IDS (Intrusion Detection System) are usually intrusive devices that listen on a network wire while interfering with the normal operation of a network.
D. Network based IDS (Intrusion Detection System) are usually passive devices that listen on a network wire without interfering with the normal operation of a network.
160. What physical access control most adequately protects against physical piggybacking?

A. man trap.
B. security guard.
C. CCTV (Closed-Circuit Television).
D. biometrics.
161. Management wants to track personnel who visit unauthorized web sites. What type of detection will this be?

A. abusive detection.
B. misuse detection.
C. anomaly detection.
D. site filtering.
162. An administrator of a web server notices many port scans to a server. To limit exposure and vulnerability exposed by these port scans
the administrator should:

A. disable the ability to remotely scan the registry.
B. leave all processes running for possible future use.
C. close all programs or processes that use a UDP (User Datagram Protocol) or TCP (Transmission Control Protocol) port.
D. uninstall or disable any programs or processes that are not needed for the proper use of the server.
163. Which protocol is typically used for encrypting traffic between a web browser and web server?

A. IPSec (Internet Protocol Security).
B. HTTP (IIypertext Transfer Protocol).
C. SSL (Secure Sockets Layer).
D. VPN (Virtual Private Network).
164. Which of the following best describes TCP/IP (Transmission Control Protocol/Internet Protocol) session hijacking?

A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets.
B. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered allowing third party hosts to create new IP (Internet Protocol) addresses.
C. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the server.
D. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the client.
165. A malformed MIME (Multipurpose Internet Mail Extensions) header can:

A. create a back door that will allow an attacker free access to a company private network.
B. create a virus that infects a user’s computer.
C. cause an unauthorized disclosure of private information.
D. cause an e-mail server to crash.
166. When a change to user security policy is made, the policy maker should provide appropriate documentation to:

A. the security-administrator.
B. auditors.
C. users.
D. all staff.
167. What technical impact may occur due to the receipt of large quantifies of spam?
A. DoS (Denial of Service).
B. processor underutilization.
C. reduction in hard drive space requirements.
D. increased network throughput.
168. A public key ___________ is a pervasive system whose services are implemented and delivered using public key technologies that include CAs (Certificate Authority), digital certificates, non-repudiation, and key history management.

A. cryptography scheme.
B. distribution authority.
C. exchange.
D. infrastructure.
169. Forging an IP (Internet Protocol) address to impersonate another machine is best defined as:

A. TCP/IP (Transmission Control Protocol/Intemet Protocol) hijacking.
B. IF (Internet Protocol) spoofing.
C. man in the middle.
D. replay.
170. When setting password rules, which of the following would LOWER the level of security of a network?

A. Passwords must be greater than six characters and consist at least one non-alpha.
B. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before.
C. Complex passwords that users CAN NOT remotely change are randomly generated by the administrator and given to users.
D. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account.
171. Which of the following can be used to track a user’s browsing habits on the Internet
and may contain usernames and passwords?

A. digital certificates.
B. cookies.
C. ActiveX controls.
D. web server cache.
172. Currently, the most costly method of authentication is the use of:

A. passwords.
B. tokens.
C. biometrics.
D. shared secrets.
173. One of the factors that influence the lifespan of a public key certificate and its associated keys is the:

A. value of the information it is used to protect
B. cost and management fees
C. length of the asymmetric hash
D. data-available openly on the cryptographic system
174. FTP (Fi1e Transfer Protocol) is accessed through what ports?
A. 80 and 443.
B. 20 and 21.
C. 21 and 23.
D. 20 and 80.
175. The best method to use for protecting a password stored on the server used for user authentication is to:

A. store the server password in clear text.
B. hash the server password.
C. encrypt the server password with asymmetric keys.
D. encrypt the server password with a public key.
176. In a typical file encryption process, the asymmetric algorithm is used to?

A. encrypt symmetric keys.
B. encrypt file contents.
C. encrypt certiflcates.
D. encrypt hash results.
177. Which of the following protocols is used by web servers to encrypt data?

A. TCP/IP (transmission Control Protocol/Internet Protocol)
B. ActiveX
C. IPSec (Internet Protocol Security)
D. SSL (Secure Sockets Layer)
178. A piece of code that appears to do something useful while performing a harmful and unexpected function like stealing passwords is a:

A. virus.
B. logic bomb.
C. worm.
D. Trojan horse.
179. The integrity of a cryptographic system is considered compromised if which of the following conditions exist?

A. a 40-bit algorithm is used for a large financial transaction
B. the public key is disclosed
C. the private key is disclosed
D. the validity of the data source is compromised
180. During the digital signature process, hashing provides a means to verify what security requirement?

A. non-pudiation.
B. access control.
C. data integrity.
D. authentication.
181. Which of the following often requires the most effort when securing a server due to lack of available documentation?

A. hardening the OS (Operating System)
B. configuring the network
C. creating a proper security policy
D. installing the latest hot fixes and patches
182. One of the most effective ways for an administrator to determine what security holes reside on a network is is to:

A. perform a vulnerability assessment.
B. run a port scan.
C. run a sniffer.
D. install and monitor an IDS (Intrusion Detection System).
183. As it relates to digital certificates, SSLv3.0 (Secure Sockets Layer version 3.0) added which of the following key functionalities? The ability to:
A. act as a CA (Certificate Authority).
B. force client side authentication via digital certificates.
C. use x.400 certificates.
D. protect transmissions with 1024-bit symmetric encryption.
184. In responding to incidents such as security breaches, one of the most important steps taken is:

A. encryption.
B. authentication.
C. containment.
D. intrusion.
185. Missing audit log entries rnost seriously affect an organization’s ability to;

A. recover destroyed data.
B. legally prosecute an attacker.
C. evaluate system vulnerabilities.
D. create reliable system backups.
186. SSL (Secure Sockets Layer) is used for secure communications with:

A. file and print servers.
B. RADIUS (Remote Authentication Dial-in User Service) servers.
C. AAA (Authentication, Authorization, and Administration) servers.
D. web servers.
187. Non-repudiation is based on what type of key infrastructure?

A. symmetric.
B. distributed trust.
C. asymmetric.
D. user-centric.
188. The first step in effectively implementing a firewall is:

A. blocking unwanted incoming traffic.
B. blocking unwanted outgoing traffic.
C. developing a firewall policy.
D. protecting against DDoS (Distributed Denial of Service) attacks.
189. Which of the following provides the strongest authentication?

A. token
B. username and password
C. biometrics
D. one time password
190. A security administrator tasked with confining sensitive data traffic to a specific subnet would do so by manipulating privilege policy based tables in the networks:

A. server
B. router
C. VPN (Virtual Private Network)
D. switch
191. What is the best method to secure a web browser?

A. do not upgrade, as neW versions tend to have more security flaws.
B. disable any unused features of the web browser.
C. connect to the Internet using only a VPN (Virtual Private Network) connection.
D. implement a filtering policy for illegal, unknown and undesirable sites.
192. The most common form of authentication is the use of:

A. certificates.
B. tokens.
C. passwords.
D. biometrics.
193. What are the three main components of a Kerberos server?

A. authentication server, security database and a privilege server.
B. SAM (Sequential Access Method), security database and an authentication server.
C. application database, security database and system manager.
D. authentication server, security database and system manager.
194. Which of the following methods may be used to exploit the clear text nature of an instant-Messaging session?

A. packet sniffing.
B. port scanning.
C. crypt analysis.
D. reverse engineering.
195. A user receives an e-mail from a colleague in another company. The e-mail message warns of a virus that may have been accidentally sent in the pasts, and warns the user to delete a specific file if it appears on the user’s computer. The user checks and has the file. What is the best next step for the user?

A. Delete the file immediately.
B. Delete the file immediately and copy the e-mail to all distribution lists.
C. Report the contents of the message to the network administrator.
D. Ignore the message. This is a virus hoax and no action is required.
196. A need to know security policy Would grant access based on:

A. least privilege.
B. less privilege.
C. loss of privilege.
D. single privilege.
197. IDEA (International Data Encryption Algorithm), Blowfish, RC5 (Rivest Cipher 5)
and CAST-128 are encryption algorithms of which type?

A. symmetric.
B. asymmetric.
C. hashing.
D. elliptic curve.
198. A CRL (Certificate Revocation List) query that receives a response in near real time:

A. indicates that high availability equipment is used.
B. implies that a fault tolerant database is being used.
C. does not guarantee that fresh data is being returned.
D. indicates that the CA (Certificate Authority) is providing near real time updates.
199. Which of the following is a VPN (Virtual Private Network) tunneling protocol?

A. AH (Authentication Header).
B. SSH (Secure Shell).
C. IPSec (Internet Protocol Security).
D. DES (Data Encryption Standard).
200. Appropriate documentation of a security incident is important for each of the following reasons EXCEPT:

A. The documentation serves as a lessons learned which may help avoid further exploitation of the same vulnerability.
B. The documentation will serve as an aid to updating policy and procedure.
C. The documentation will indicate who should be fired for the incident.
D. The documentation will serve as a tool to assess the impact and damage for the incident.