Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

100 Cards in this Set

  • Front
  • Back
201. A network attack method that uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer is known as as:

A. man in the middle attack.
B. smurf attack.
C. ping of death attack.
D. TCP SYN (Transmission Control Protocol / Synchronized) attack.
202. The standard encryption algorithm based on Rijndeel is known as:

A. AES (Advanced Encryption Standard).
B. 3DES (rriple Data Encryption Standard).
C. DES (Data Encryption Standard).
D. Skipjack.
203. A DoS (Denial of Service) attack which takes advantage of TCP’s (Transmission Control Protocol) three way handshake for new connections is known as as:

A. SYN (Synchronize) flood.
B. ping of death attack.
C. land attack.
D. buffer overflow attack.
204. The Bell La-Padula access control model consists of four elements. These elements are

A. subjects, objects, access modes and security levels.
B. subjects, objects, roles and groups.
C. read only, read/write, write only and read/write/delete.
D. groups, roles, access modes and security levels.
205. What is generally the most overlooked element of security management?

A. security awareness.
B. intrusion detection.
C. risk assessment.
D. vulnerability control.
206. What is the advantage of a multi-homed firewall?

A. It is relatively inexpensive to implement.
B. The firewall rules are easier to manage.
C. If the firewall is compromised, only the systems in the DMZ Demilitarized Zone) are exposed.
D. An attacker must circumvent two firewalls.
207. Which of the following is an example of an asymmetric encryption algorithm?

A. RCA (Rivest Cipher 4)
B. IDEA (International Data Encryption Algorithm)
C. MD5 (Message Digest-5)
D. RSA (Rivest Shamir Adelman)
208. Which of the following needs to be included in a SLA (Service Level Agreement) to ensure the availability of server based resources rather than guaranteed server performance levels?

A. network
B. hosting
C. application
D. security
209. Which access control method provides the most granular access to protected objects?

A. capabilities
B. access control lists
C. permission bits
D. profiles
210. The process by which remote users can make a secure connection to internal resources after establishing an Internet connection could correctly be referred to as:

A. channeling
B. tunneling
C. throughput
D. forwarding
211. When an ActiveX control is executed, it executes with the privileges of the:

A. current user account.
B. administrator account.
C. guest account.
D. system account.
212. Which of the following would best protect the confidentiality and integrity of an e-mail message?

A. SHA-1 (Secure Hashing Algorithm I).
B. IPSec (Internet Protocol Security).
C. digital signature.
D. S/MIME (Secure Multipurpose Internet Mail Extensions).
213. When does CHAP (Challenge Handshake Authentication Protocol) perform the handshake process?

A. when establishing a connection and at anytime after the connection is established.
B. only when establishing a connection and disconnecting.
C. only when establishing a connection.
D. only when disconnecting.
214. What should a firewall employ to ensure that each packet is part of an established TCP (Transmission Control Protocol) session?

A. packet filter.
B. stateless inspection.
C. stateful like inspection.
D. circuit level gateway.
215. Which of the following is most commonly used by an intruder to gain unauthorized-access to a system?

A. brute force attack.
B. key logging.
C. Trojan horse.
D. social engineering.
216. A minor configuration change which can help secure DNS (Domain Name Service) information is:

A. block all unnecessary traffic by using port filtering.
B. prevent unauthorized zone transfers.
C. require password changes every 30 days.
D. change the default password.
217. What determines if a user is presented with a dialog box prior to downloading an Active-X component?

A. the user’s browser setting.
B. the <Script> meta tag.
C. the condition of the sandbox.
D. the negotiation between the client and the server.
218. LDAP (Lightweight Directory Access Protocol) requires what ports by default?

A. 389 and 636
B. 389and 139
C. 636 and 137
D. 137 and 139
219. Which security method should be implemented to allow secure access to a web page, regardless of the browser type or vendor?

A. certificates with SSL (Secure Sockets Layer).
B. integrated web with NOS (Network Operating System) security.
C. SSL (Secure Sockets Layer) only.
D. secure access to a web page is not possible.
220. What is a common DISADVANTAGE of employing an IDS (Intrusion Detection System)?

A. false positives.
B. throughput decreases.
C. compatibility.
D. administration.
221. System administrators and hackers use what technique to review network traffic to determine what services are running?

A. sniffer.
B. IDS (Intrusion Detection System).
C. firewall.
D. router.
222. Servers or workstations running programs and utilities for recording probes and attacks against them are referred to as:

A. firewalls.
B. host based IDS (Intrusion Detection System).
C. proxies.
D. active targets.
223. To reduce vulnerabilities on a web server, an administrator should adopt which preventative measure?

A. use packet sniffing software on all inbound communications.
B. apply the most recent manufacturer updates and patches to the server.
C. enable auditing on the web server and periodically review the audit logs.
D. block all DNS (Domain Naming Service) requests coming into the server.
224. What is the greatest advantage to using RADIUS (Remote Authentication Dial-in User Service) for a multi-site VPN (Virtual Private Network) supporting a large population of remote users?
A. RADIUS (Remote Authentication Dial-in User Service) provides for a centralized user database.
B. RADIUS (Remote Authentication Dial-in User Service) provides for a decentralized user database.
C. No user database is required with RADIUS (Remote Authentication Dial-in User Service).
D. User database is replicated and stored locally on all remote systems.
225. What is NOT an acceptable use for smart card technology?

A. mobile telephones.
B. satellite television access cards.
C. a PKI (Public Key Infrastructure) token card shared by multiple users.
D. credit cards.
226. Which of the following is the best protection against an intercepted password?

A. VPN (Virtual Private Network).
B. PPTP (Pointsto-Point Tunneling Protocol).
C. one time password.
D. complex password requirement.
227. Which of the following statements most clearly outlines a major security vuInerability associated with Instant Messaging?

A. Instant Messaging does not support any form of message encryption.
B. Instant Messaging negatively impacts user productivity.
C. Instant Messaging uses TCP (rransmission Control Protocol) port 25 for message exchange.
D. Instant Messaging allows file attachments which could potentially contain viruses.
228. Using distinct key pairs to separate confidentiality services from integrity services to support non-repudiation describes which one of the following models?

A.discrete key pair.
B. dual key pair.
C. key escrow.
D. foreign key.
229. Which IETF (Internet Engineering Task Force) protocol uses All (Authentication Header) and ESP (Encapsulating Security Payload) to provide security in a networked environment?

A. SSL (Secure Sockets Layer).
B. IPSec (Internet Protocol Security).
C. S-HTrP (Secure Hypertext Transfer Protocol).
D. SSH (Secure Shell).
230. A honey pot is best described as

A. encryptor.
B. DMZ (Demilitarized Zone).
C. firewall.
D. decoy.
231. A program appearing to be useful that contains additional hidden code that allows unauthorized individuals to exploit or destroy data is commonly known as as:

A. virus.
B. Trojan horse.
C. worm.
D. back door.
232. Which of the following is typically included in a CRL (Certificate Revocation List)?

A. certificates that have had a limited validity period and have expired.
B. certificates that are pending renewal.
C. certificates that are considered invalid because they do not contain a valid CA (Certificate Authority) signature.
D. certificates that have been disabled before their scheduled expiration.
233. A CPS (Certificate Practice Statement) is a legal document that describes a CA’s (Certificate Authority):

A. class level issuing process.
B. copyright notice.
C. procedures.
D. asymmetric encryption schema.
234. A severed Tl line is most likely to be considered in planning.

A. data recovery.
B. off site storage.
C. media destraction.
D. incident response.
235. The primary DISADVANTAGE of symmetric cryptography is:

A. speed.
B. key distribution.
C. weak algorithms.
D. memory management.
236. How are clocks used in a Kerberos authentication system?

A. The clocks are synchronized to ensure proper connections.
B. The clocks are synchronized to ensure tickets expire correctly.
C. The clocks are used to generate the seed value for the encryptions keys.
D. The clocks are used to benchmark and set the optimal encryption algorithm.
237. An IT (Information Technology) security audit is generally focused on reviewing existing:

A. resources and goals
B. policies and procedures
C. mission statements
D. ethics codes
238. The action of determining which operating system is installed on a system simply by analyzing its response to certain network traffic is called:

A. OS (Operating System) scanning.
B. reverse engineering.
C. Fingerprinting.
D. host hijacking.
239. The most effective way an administrator can protect users from social engineering is:

A. education.
B. implement personal firewalls.
C. enable logging on at users’ desktops.
D. monitor the network with an IDS (Intrusion Detection System).
240. Instant Messaging is most vulnerable to:

A. DoS (Denial of Service).
B. fraud.
C. stability.
D. sniffing.
241. What type of security mechanism can be applied to modems to better authenticate remote users?

A. firewalls
B. encryption
C. SSH (Secure Shell)
D. callback
242. Despite regular system backups a significant risk still exists if:

A. recovery procedures are not tested
B. all users do not log off while the backup is made
C. backup media is moved to an off-site location
D. an administrator notices a failure during the backup process
243. What are three characteristics of a computer virus?

A. find mechanism, initiation mechanism and propagate
B. learning mechanism, contamination mechanism and exploit
C. search mechanism, connection mechanism and integrate
D. replication mechanism, activation mechanism and objective
244. Technical security measures and countermeasures are primarily intended to prevent:

A. unauthorized access, unauthorized modification, and denial of authorized access.
B. interoperability of the framework, unauthorized modification, and denial of authorized access.
C. potential discovesy of access, interoperability of the framework, and denial of authorized access.
D. interoperability of the framework, unauthorized modification, and unauthorized access.
245. Impersonating a dissatisfied customer of a company and requesting a password change on the customer’a account is a form of:

A. hostile code.
B. social engineering.
C. IP (Intemet Protocol) spoofing.
D. man in the middle attack.
246. The basic strategy that should be used when configuring the rules for a secure firewall is:

A. permit all.
B. deny all.
C. default permit.
D. default deny .
247. An employer gives an employee a laptop computer to use remotely. The user installs personal applications on the laptop and overwrites some system files. How might this have been prevented with minimal impact on corporate productivity?

A. Users should not be given laptop computers in order to prevent this type of occurrence.
B. The user should have received instructions as to what is allowed to be installed.
C. The hard disk should have been made read-only
D. Biometrics should have been used to authenticate the user before allowing software installation.
248. A fundamental risk management assumption is, computers can NEVER be completely.

A. secure until all vendor patches are installed.
B. secure unless they have a variable password.
C. secure.
D. secure unless they have only one user.
249. DDoS (Distributed Denial of Service) is most commonly accomplished by:

A. internal host computers simultaneously failing.
B. overwhelming and shutting down multiple services on a server.
C. multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router.
D. an individual e-mail address list being used to distribute a virus.
250. IEEE (Institute of Electrical and Electronics Engineers) 802.llb is capable of providing data rates of up to:

A. 10Mbps (Megabits per second).
B. 10.5Mbps (Megabits per second).
C. 11 Mbps (Megabits per second).
D. 12 Mbps (Megabits per second).
251. A team organized for the purpose of handling security crises is called a(n):

A. computer information team.
B. security resources team.
C. active detection team.
D. incident response team.
252. Which security architecture utilizes authentication header and/or encapsulating security payload protocols?

A. IPSec (Internet Protocol Security).
B. SSL (Secure Sockets Layer).
C. TLS (Transport Layer Security).
D. PPTP (Point-to-Point Tunneling Protocol).
253. Tunneling is best described as the ac of encapsulating:

A. encrypted/secure IP packets inside of ordinary/non-secure IP packets.
B. ordinary/non-secure IP packets inside of encrypted/secure IP packets.
C. encrypted/secure IP packets inside of encrypted/non-secure IP packets.
D. ordinary/secure IP packets inside of ordinary/non-secure IP packets.
254. What is a good practice in deploying a CA (Certificate Authority)?

A. enroll users for policy based certificates.
B. create a CPS (Certificate Practice Statement).
C. register the CA (Certificate Authority) with a subordinate CA (Certificate Authority).
D. create a mirror CA (Certificate Authority) for fault tolerance.
255. What is the most common goal of operating system logging?
A. to determine the amount of time employees spend using various applications.
B. to keep a record of system usage.
C. to provide details of what systems have been compromised.
D. to provide details of which systems are interconnected.
256. Poor programming techniques and lack of code review can lead to which of the following type of attack?

A. CGI (Common Gateway Interface) script.
B. birthday.
C. buffer overflow.
D. dictionary.
257. When a patch is released for a server the administrator should:

A. immediately download and install the patch.
B. test the patch on a non-production server then install the patch to production.
C. not install the patch unless there is a current need.
D. install the patch and then backup the production server.
258. An attacker attempting to penetrate a company’s network through its remote access system would most likely gain access through what method?

A. war dialer.
B. Trojan horse.
C. DoS (Denial of Service).
D. worm.
259. A company’s web server is configured for the following services: HTTP (Hypertext Transfer Protocol), SSL (Secure Sockets Layer), FTP (Pile Transfer Protocol), SMTP (Simple Mail Transfer Protocol). The web server is placed into a DMZ (Demilitarized Zone). What are the standard ports on the firewall that must be opened to allow traffic to and from the server?

A. 119,23,21,80.
B. 443, 119,21,1250.
C. 80,443,21,25.
D. 80,443, 110,21.
260. Which systems should be included in a disaster recovery plan?

A. all systems.
B. those identified by the board of directors, president or owner.
C. financial systems and human resources systems.
D. systems identified in a formal risk analysis process.
261. A PKI (Public Key Infrastructure) document that serves as the vehicle on which to base common interoperability standards and common assurance criteria on an industry wide basis is a certificate:

A. policy.
B. practice.
C. procedure.
D. process.
262. When hardening a machine against external attacks, what process should be followed when disabling services?

A. disable services such as DHCP (Dynamic Host Configuration Protocol) client and print servers from servera that do not use/serve those functions.
B. disable one unnecessary service after another, while reviewing the effects of the previous action.
C. research the services and their dependencies before disabling any default services.
D. disable services not directly related to financial operations.
263. Which of the following will let a security administrator allow only if HTTP (Hypertext Transfer Protocol) traffic for outbound Intemet connections and set permissions to allow only certain users to browse the web?

A. packet filtering firewall.
B. protocol analyzer.
C. proxy server.
D. stateful firewall.
264. Which of the following is NOT a characteristic of DEN (Directory Enabled Networking)?

A. It is mapped into the directory defined as part of the LDAP (Lightweight Directory Access Protocol).
B. It is inferior to SNMP (Simple Network Management Protocol).
C. It is an object oriented information model.
D. It is an industry standard indicating how to construct and store information about a network’s users, applications and data.
265. The system administrator concerned about security has designated a special area in which tops the web server away from other servers on the network. This area is commonly known as the?

A. honey pot
B. hybrid subuet
C. DMZ (Demilitarized Zone).
D. VLAN (Virtual Local Area Network)
266. Which of the following IP (Internet Protocol) address schemes will require NAT (Network Address Translation) to connect to the Intemet?
267. What is the primary DISADVANTAGE of a third party relay?

A. Spammers can utilize the relay.
B. The relay limits access to specific users.
C. The relay restricts the types of e-mail that maybe sent.
D. The relay restricts spaminers from gaining access.
268. A network administrator wants to connect a network to the Internet but does not want to compromise internal network IP (Internet Protocol) addresses. What should the network administrator implement?

A. a honey pot
B. a NAT (Network Address Translation)
C. a VPN (Virtual Private Network)
D. a screened network
269. Which of the following is NOT a field of a X.509 v.3 certificate?

A. private key
B. issuer
C. serial number
D. subject
270. What is the default transport layer protocol and port number that
SSL (Secure Sockets Layer) uses?

A. UDP (User Datagram Protocol) transport layer protocol and port 80
B. TCP (Transmission Control Protocol) transport layer protocol and port 80
C. TCP (Transmission Control Protocol) transport layer protocol and port 443
D. UDP (User Datagram Protocol) transport layer protocol and port 69
271. The greater the keyspace and complexity of a password, the longer a_______ attack may take to crack the password.

A. dictionary
B. brute force
C. inference
D. frontal
272. Security requirements for servers DO NOT typically include:

A. the absence of vulnerabilities used by known forms of attack against server hosts
B. the ability to allow administrative activities to all users
C. the ability to deny access to information on the server other than that intended to be available
D. the ability to disable unnecessary network services that may be built
into the operating system or server sofiware
273. When a cryptographic system’s keys are no longer needed, the keys should be:

A. destroyed or stored in a secure manner
B. deleted from the system’s storage mechanism
C. recycled
D. submitted to a key repository
274. Creation of an information inventory is most valuable when:

A. localizing license based attacks
B. trying to reconstruct damaged systems
C. determining virus penetration within an enterprise
D. terminating employees for security policy violations
275. A network administrator wants to restrict intenal access to other parts of the network.
The network restrictions must be implemented with the least amount of administrative overhead
and must be hardware based. What is the best solution?

A. implement firewalls between subnets to restrict access
B. implement a VLAN (Virtual Local Area Network) to restrict network access
C. implement a proxy server to restrict access
D. implement a VPN (Virtual Private Network)
276. Which of the following is the best reason for a CA (Certificate Authority) to-revoke a certificate?

A. The user’s certificate has been idle for two months.
B. The user has relocated to another address.
C. The user’s private key has been compromised.
D. The user’s public key has been compromised.
277. Which of the following correctly identifies some of the contents of an end user’s X.509 certificate?
A. user’s public key, object identifiers, and the location of the user’s electronic identity
B. user’s public key, the CA (Certificate Authority) distinguished name, and the type of symmetric algorithm used for encryption
C. user’s public key, the certificate’s serial number, and the certificate’s validity dates
D. user’s public key, the serial number of the CA (Certificate Authority) certificate, and the CRL (Certificate Revocation List) entry point
278. Which of the following is a protocol generally used for secure web transactions?

A. S/MIME (Secure Multipurpose Internet Mail Extensions)
B. XML (Extensible Markup Language)
C. SSL (Secure Sockets Layer)
D. SMTP (Simple Mail Transfer Protocol)
279. Which of the following statements identifies a characteristic of a symmetric algorithm?

A. performs a fast transformation of data relative to other cryptographic methods
B. regardless of the size of the user’s input data, the size of the output data is fixed.
C. is relatively slow in transforming data when compared to other cryptographic methods
D. includes a one way function where it is computationally infeasible for another entity to determine the input data from the output data
280. Assuring the recipient that a message has not been altered in transit is an example of which of the following:

A. integrity
B. static assurance
C. dynamic assurance
D. cyclical check sequence
281. Being able to verify that a message received has not been modified in transit is defined as:
A. authorization
B. non-repudiation
C. integrity
D. cryptographic mapping
282. Which of the following terms represents a MAC (Mandatory Access Control) model?

A. Lattice
B. Bell La-Padla
D. Clark and Wilson
283. The most common method of social engineering is:

A. looking through users’ trash for information
B. calling users and asking for information
C. e-mailing users and asking for information
D. e-mail
284. In the context of the Internet; what is tunneling? Tunneling is:

A. using the Internet as part of a private secure network
B. the ability to burrow through three levels of firewalls
C. the ability to pass information over the internet within the shortest amount of time
D. creating a tunnel which can capture data
285. An effective method of preventing computer viruses from spreading is to:

A. require root/administrator access to run programs
B. enable scanning of e-mail attachments
C. prevent the execution of .vbs files
D. install a host based IDS (Intrusion Detection System)
286. The term cold site refers to:
A. a low temperature facility for long term storage of critical data
B. a location to begin operations during disaster recovery
C. a facility seldom used for high performance equipment
D. a location that is transparent to potential attackers
287. Sensitive material is currently displayed on a user’s monitor. What is the best course of action for the user before leaving the area?

A. The user should leave the area. The monitor is at a personal desk so there is no risk.
B. turn off the monitor
C. wait for the screen saver to start
D. refer to the company's policy on securing sensitive data
288. The system administrator of the company has terminated employment unexpectedly. When the administrator’s user ID is deleted, the system suddenly begins deleting files.
This is an example of what type of malicious code?

A. logic bomb
B. virus
C. Trojan horse
D. worm
289. With regards to the use of Instant Messaging, which of the following type of attack strategies is effectively combated with user awareness training?

A. social engineering
B. stealth
C. ambush
D. multi-pronged
290. What would NOT improve the physical security of workstations?

A. lockable cases, keyboards, and removable media drives
B. key or password proteced configuration and setup
C. password required to boot
D. strong passwords
291. What authentication problem is addressed by single sign on?

A. authorization through multiple servers
B. multiple domains
C. multi-factor authentication
D. multiple usernames and passwords
292. Access controls based on security labels associated with each data item and each user are known as:

A. MACs (Mandatory Access Control)
B. RBACs (Role Based Access Control)
C. LBACs (List Based Access Control)
D. DACs (t)iscretionary Access Control)
293. A network administrator has just replaced a hub with a switch. When using software to sniff packets from the networks, the administrator notices conversations the administrator’s computer is having with servers on the network, but can no longer see conversations taking place between other network clients and servers. Given that the switch is functioning properly, what is the most likely cause of this?

A. With the exception of broadcasts, switches do not forward traffic out all port .
B. The switch is setup with a VLAN (Virtual Local Area Network) utilizing all ports.
C. The software used to sniff packets is not configured properly.
D. The sniffer’s ethernet card is malfunctioning.
294. Which type of password generator is based on challenge-response mechanisms?

A. asynchronous
B. synchronous
C. cryptographic keys
D. smart cards
295. Which of the following is a characteristic of MAC (Mandatory Acces Control) systems? MACs (Mandatory Access Control):

A. uses levels of security to classify users and data
B. allows owners of documents to determine who has access to specific documents
C. uses access control lists which specify a list of authorized users
D. uses access control lists which specify a list of unauthorized users
296. Which of the following is considered the best technical solution for reducing the threat of a man in the middle attack?

A. Implement virtual LAN (Local Area Network)
B. Implement GRE (Generic Route Encapsulation) tunnel IPIP
(Internet Protocol-within-Internet Protocol)Encapsulation Protocol)
C. Implement PKI (Public Key Infrastructure)
D. Implement enforcement of badge system
297. Companies without an acceptable use policy (AUP) may give their employees an
expectation of:

A. intrusions
B. audits
C. privacy
D. prosecution
298. An administrator is concerned with viruses in e-mail attachments being distributed and inadvertently installed on users’ workstations. If the administrator set up an attachment filter, what types of attachments should be filtered from e-mails to minimize the danger of viruses?

A. textflles
B. image files
C. sound files
D. executable files
299. It is most difficult to eavesdrop on which of the following types of network cabling?

A. fiber optic cable
B. coaxial cable
C. UTP (DNShielded Twisted Pair)
D. STP (Shielded Twisted Pair)
300. Implementation of access control devices and technologies must fully reflect an organization’s security position as contained in its:

A. ACLs (Access Control List)
B. access control matrixes
C. information security policies
D. internal control procedures