• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/291

Click to flip

291 Cards in this Set

  • Front
  • Back
Which of the following is an example of a false negative?
A. The IDS does not identify a buffer overflow
B. Anti-virus identifies a benign application as malware.
C. Anti-virus protection interferes with the normal operation of an application.
D. A user account is locked out after the user mistypes the password too many times.
A. The IDS does not identify a buffer overflow
Sara and Jane, users, are reporting an increase in the amount of unwanted email that they are receiving each day. Which of the following would be the BEST way to respond to this issue without creating a lot of administrative overhead?
A. Deploy an anti-spam device to protect the network.
B. Update the anti-virus definitions and make sure that it is set to scan all received email
C. Set up spam filtering rules in each user's mail client.
D. Change the firewall settings to block SMTP relays so that the spam cannot get in.
A. Deploy an anti-spam device to protect the network.
Which of the following encrypts the body of a packet, rather than just the password, while sending information?
A. LDAP
B. TACACS+
C. ACLs
D. RADIUS
B. TACACS+
Which of the following is similar to a smurf attack, but uses UDP instead to ICMP?
A. X-Mas attack
B. Fraggle attack
C. Vishing
D. Man-in-the-middle attack
B. Fraggle attack
Pete, a security administrator, wants to secure remote telnet services and decides to use the services over SSH. Which of the following ports should Pete allow on the firewall by default?
A. 21
B. 22
C. 23
D. 25
B. 22
Which of the following accurately describes the STRONGEST multifactor authentication?
A. Something you are, something you have
B. Something you have, something you know
C. Something you are near to, something you have
D. Something you have, someone you know
A. Something you are, something you have
Which of the following is a valid server-role in a Kerberos authentication system?
A. Token issuing system
B. Security assertion server
C. Authentication agent
D. Ticket granting server
D. Ticket granting server
A company is performing internal security audits after a recent exploitation on one of their proprietary applications. Sara, the security auditor, is given the workstation with limited documentation regarding the application installed for the audit. Which of the following types of testing methods is this?
A. Sandbox
B. White box
C. Black box
D. Gray box
D. Gray box
Sara, a security analyst, discovers which operating systems the client devices on the network are running by only monitoring a mirror port on the router. Which of the following techniques did Sara use?
A. Active fingerprinting
B. Passive finger printing
C. Protocol analyzing
D. Network enumerating
B. Passive finger printing
Which of the following is the BEST solution to securely administer remote servers?
A. SCP
B. SSH
C. Telnet
D. SFTP
B. SSH
A company has sent all of its private keys to a third party. The third party company has created a secure list of these keys. Which of the following has just been implemented?
A. Key escrow
B. CRL
C. CA
D. Recovery agent
A. Key escrow
Which of the following authentication protocols forces centralized wireless authentication?
A. WPA2-Personal
B. WPA2-Enterprise
C. WPA2-CCMP
D. WPA2-TKIP
B. WPA2-Enterprise
The fundamental information security principals include confidentiality, availability and which of the following?
A. The ability to secure data against unauthorized disclosure to external sources
B. The capacity of a system to resist unauthorized changes to stored information
C. The confidence with which a system can attest to the identity of a user
D. The characteristic of a system to provide uninterrupted service to authorized users
B. The capacity of a system to resist unauthorized changes to stored information
Which of the following risks could IT management be mitigating by removing an all-in-one device?
A. Continuity of operations
B. Input validation
C. Single point of failure
D. Single sign on
C. Single point of failure
Social networking sites are used daily by the marketing team for promotional purposes. However, confidential company information, including product pictures and potential partnerships, have been inadvertently exposed to the public by dozens of employees using social networking sites. Which of following is the BEST response to mitigate this threat with minimal company disruption?
A. Mandate additional security awareness training for all employees.
B. Report each employee to Human Resources for termination for violation of security policies
C. Implement a data loss prevention program to filter email.
D. Block access to social networking sites from the corporate network
A. Mandate additional security awareness training for all employees.
A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type?
A. NAT
B. NIPS
C. NAC
D. DMZ
C. NAC
Sara, an IT administrator, wants to protect a cluster of servers in a DMZ from zero day attacks. Which of the following would provide the BEST level of protection?
A. NIPS
B. NIDS
C. ACL
D. Antivirus
A. NIPS
Which of the following inspects traffic entering or leaving a network to look for anomalies against expected baselines?
A. IPS
B. Sniffers
C. Stateful firewall
D. Stateless firewall
CompTIA SY0-301 Exam
A. IPS
Which of the following BEST describes a software vulnerability that is actively being used by Sara and Jane, attackers, before the vendor releases a protective patch or update?
A. Buffer overflow
B. IV attack
C. Zero day attack
D. LDAP injection
C. Zero day attack
Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?
A. Switches
B. Protocol analyzers
C. Routers
D. Web security gateways
B. Protocol analyzers
Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?
A. Phishing
B. Shoulder surfing
C. Impersonation
D. Tailgating
C. Impersonation
Sara, a security administrator, is noticing a slow down in the wireless network response. Sara launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway?
A. IV attack
B. Interference
C. Blue jacking
D. Packet sniffing
A. IV attack
Which of the following would Pete, a security administrator, change to limit how far a wireless signal will travel?
A. SSID
B. Encryption methods
C. Power levels
D. Antenna placement
C. Power levels
Which of the following ports should be open in order for Sara and Pete, users, to identify websites by domain name?
A. TCP 21
B. UDP22
C. TCP 23
D. UDP 53
D. UDP 53
Sara, an administrator, suspects a denial of service attack on the network, but does not know where the network traffic is coming from or what type of traffic it is. Which of the following would help Sara further assess the situation?
A. Protocol analyzer
B. Penetration testing
C. HTTP interceptor
D. Port scanner
A. Protocol analyzer
Sara, a security administrator, has configured a trusted OS implementation on her servers. Which of the following controls are enacted by the trusted OS implementation?
A. Mandatory Access Controls
B. Time-based Access Controls
C. Discretionary Access Controls
D. Role Based Access Controls
A. Mandatory Access Controls
Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?
A. 21
B. 25
C. 80
D. 3389
C. 80
Pete, the security administrator, is implementing a web content fitter. Which of the following is the MOST important design consideration in regards to availability?
A. The number of filter categories
B. Other companies who are using the system
C. Fail state of the system
D. The algorithm of the filtering engine
C. Fail state of the system
Which of the following is where an unauthorized device is found allowing access to a network?
A. Bluesnarfing
B. Rogue access point
C. Honeypot
D. IV attack
B. Rogue access point
When used alone, which of the following controls mitigates the risk of Sara, an attacker, launching
an online brute force password attack?
A. Account expiration
B. Account lockout
C. Password complexity
D. Password length
B. Account lockout
Jane's, a user, word processing software is exhibiting strange behavior, opening and closing itself at random intervals. There is no other strange behavior on the system. Which of the following would mitigate this problem in the future?
A. Install application updates
B. Encrypt the file system
C. Install HIDS
D. Install anti-spam software
A. Install application updates
Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?
A. The system is running 802.1 x
B. The system is using NAC
C. The system is in active-standby mode
D. The system is virtualized
D. The system is virtualized
Which of the following security concepts establishes procedures where creation and approval are performed through distinct functions?
A. Discretionary access control
B. Job rotation
C. Separation of duties
D. Principle of least privilege
C. Separation of duties
While traveling Matt, an employee, decides he would like to download some new movies onto his corporate laptop. While installing software designed to download movies from multiple computers across the Internet. Matt agrees to share portions of his hard drive. This scenario describes one of the threats involved in which of the following technologies?
A. Social networking
B. ALE
C. Cloud computing
D. P2P
D. P2P
Which of the following is an attack where Pete spreads USB thumb drives throughout a bank's parking lot in order to have malware installed on the banking systems?
A. Tailgating
B. Replay attack
C. Virus
D. Social engineering
D. Social engineering
Pete, a security administrator, has configured and implemented an additional public intermediate CA. Which of the following must Pete submit to the major web browser vendors in order for the certificates, signed by this intermediate, to be trusted?
A. Die root CA's private key
B. The root CA's public key
C. The intermediate CA's public key
D. The intermediate CA's private key
C. The intermediate CA's public key
3DES is created when which of the following scenarios occurs?
A. The DES algorithm is run three consecutive times against the item being encrypted.
B. The DES algorithm has been used by three parties: the receiving party, sending party, and server.
C. The DES algorithm has its key length increased to 256.
D. The DES algorithm is combined with AES and SHA1.
A. The DES algorithm is run three consecutive times against the item being encrypted.
Which of the following is BEST described by a scenario where organizational management chooses to implement an internal Incident Response Structure for the business?
A. Deterrence
B. Separation of duties
C. Transference
D. Mitigation
D. Mitigation
A data loss prevention strategy would MOST likely incorporate which of the following to reduce the risk associated with data loss?
A. Enforced privacy policy, encryption of VPN connections, and monitoring of communications entering the organization.
B. Enforced acceptable usage policy, encryption of confidential emails, and monitoring of communications leaving the organization.
C. Enforced privacy policy, encryption of VPN connections, and monitoring of communications leaving the organization.
D. Enforced acceptable usage policy, encryption of confidential emails, and monitoring of communications entering the organization.
B. Enforced acceptable usage policy, encryption of confidential emails, and monitoring of
communications leaving the organization.
In a wireless network, which of the following components could cause too much coverage, too little coverage, and interference?
A. MAC filter
B. AP power levels
C. Phones or microwaves
D. SSID broadcasts
B. AP power levels
Which of the following has a default port of 22?
A. SSH
B. FTP
C. TELNET
D. SCAP
A. SSH
Which of the following is Jane, a security administrator, MOST likely implementing when deleting all the unneeded files and modules of a newly install application?
A. Exception handling
B. Patch management
C. System file clean up
D. Application hardening
D. Application hardening
The public key is used to perform which of the following? (Select THREE).
A. Validate the CRL
B. Validate the identity of an email sender
C. Encrypt messages
D. Perform key recovery
E. Decrypt messages
F. Perform key escrow
B. Validate the identity of an email sender
C. Encrypt messages
E. Decrypt messages
Which of the following types of data encryption would Jane, a security administrator, use if MBR and the file systems needed to be included?
A. Full disk
B. Individual files
C. Database
D. Partial disk
A. Full disk
Which of the following is BEST associated with PKI?
A. Private key
B. Block ciphers
C. Stream ciphers
D. NTLMv2
A. Private key
Pete, a network administrator, implements the spanning tree protocol on network switches. Which of the following issues does this address?
A. Flood guard protection
B. ARP poisoning protection
C. Loop protection
D. Trunking protection
C. Loop protection
Matt, a security administrator, has noticed that the website and external systems have been subject to many attack attempts. To verify integrity of the website and critical files, Matt should:
A. Require all visitors to the public web home page to create a username and password to view the pages in the website
B. Configure the web application firewall to send a reset packet to the incoming IP from where an attack or scan signature has been detected.
C. Create file hashes for website and critical system files, and compare the current file hashes to the baseline at regular time intervals.
D. Reboot the web server and database server nightly after the backup has been completed.
C. Create file hashes for website and critical system files, and compare the current file hashes to the baseline at regular time intervals.
Matt, the administrator, has been told to confirm what account an email was sent from. Which of the following is this an example of?
A. Surveillance
B. E-discovery
C. Chain of custody
D. Integrity
B. E-discovery
Which of the following BEST describes a denial of service attack?
A. Sara, the attacker, attempts to have the receiving server run a payload using programming commonly found on web servers.
B. Sara, the attacker, overwhelms a system or application, causing it to crash and bring the server down to cause an outage.
C. Sara, the attacker, overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.
D. Sara, the attacker, attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.
B. Sara, the attacker, overwhelms a system or application, causing it to crash and bring the server
down to cause an outage.
The Chief Information Officer (CIO) wants to protect laptop users from zero day attacks. Which of the following would BEST achieve the CIO's goal?
A. Host based firewall
B. Host based IDS
C. Anti-virus
D. Anti-spyware
A. Host based firewall
Matt, a server administrator, sets up database forms based on security rating levels. If a user has the lowest security rating then the database automatically determines what access that user has. Which of the following access control methods does this describe?
A. Mandatory access control
B. Role based access control
C. Rule based access control
D. Discretionary access control
A. Mandatory access control
Which of the following is a best practice when securing a switch from physical access?
A. Disable unnecessary accounts
B. Print baseline configuration
C. Enable access lists
D. Disable unused ports
D. Disable unused ports
When Pete, an employee, leaves a company, which of the following should be updated to ensure Pete's security access is reduced or eliminated?
A. RSA
B. CA
C. PKI
D. CRL
D. CRL
Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?
A. NIPS
B. HIDS
C. HIPS
D. NIDS
A. NIPS
Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee's credential?
A. Account expiration
B. Password complexity
C. Account lockout
D. Dual factor authentication
A. Account expiration
Jane, an IT security technician working at a bank, has implemented encryption between two locations. Which of the following security concepts BEST exemplifies the protection provided by this example?
A. Integrity
B. Confidentiality
C. Cost
D. Availability
B. Confidentiality
Which of the following mitigates the risk of proprietary information being compromised?
A. Cloud computing
B. Digital signatures
C. File encryption
D. Virtualization
C. File encryption
Which of the following should Pete, an administrator, use to verify the integrity of a downloaded file?
A. CRL
B. CSR
C. AES
D. MD5
D. MD5
While Sara is logging into the server from her workstation, she notices Pete watching her enter the username and password. Which of the following social engineering attacks is Pete executing?
A. Impersonation
B. Tailgating
C. Piggybacking
D. Shoulder surfing
D. Shoulder surfing
Which of the following is the MOST important security requirement for mobile devices storing PII?
A. Remote data wipe
B. GPS location service
C. VPN pass-through
D. WPA2 wireless
A. Remote data wipe
The log management system at Company A is inadequate to meet the standards required by their corporate governance team. A new automated log management system has been put in place. This is an example of which of the following?
A. Data integrity measurement
B. Network traffic analysis
C. Risk acceptance process
D. Continuous monitoring
D. Continuous monitoring
Several users' computers are no longer responding normally and sending out spam email to the users' entire contact list. This is an example of which of the following?
A. Trojan virus
B. Botnet
C. Worm outbreak
D. Logic bomb
C. Worm outbreak
Which of the following should Sara, a security technician, perform as the FIRST step when creating a disaster recovery plan for a mission critical accounting system?
A. Implementing redundant systems
B. Removal of single points of failure
C. Succession planning
D. Business impact assessment
D. Business impact assessment
Which of the following is the MOST secure protocol for Pete, an administrator, to use for managing network devices?
A. FTP
B. TELNET
C. FTPS
D. SSH
D. SSH
Which of the following is an example of authentication using something Jane, a user, has and something she knows?
A. GSM phone card and PIN
B. Username and password
C. Username and PIN
D. Fingerprint scan and signature
A. GSM phone card and PIN
Which of the following is the BEST incident response procedure to take when a previous
employee enters a facility?
A. Notify Computer Emergency Response Team (CERT) of the security breach to document it.
B. Take screenshots of the employee's workstation.
C. Take hashes of the employee's workstation.
D. Notify security to identify employee's whereabouts.
D. Notify security to identify employee's whereabouts.
Which of the following activities should be completed in order to detect anomalies on a network?
A. Incident management
B. Change management
C. User permissions reviews
D. Log reviews
D. Log reviews
Which of the following reduces the likelihood of a single point of failure when a server fails?
A. Clustering
B. Virtualization
C. RAID
D. Cold site
A. Clustering
Jane, a security administrator, wants to prevent users in sales from accessing their servers after 6:00 p.m., and prevent them from accessing accounting's network at all times. Which of the following should Jane implement to accomplish these goals? (Select TWO).
A. Separation of duties
B. Time of day restrictions
C. Access control lists
D. Mandatory access control
E. Single sign-on
B. Time of day restrictions
C. Access control lists
Which of the following describes the ability for a third party to verify the sender or recipient of a given electronic message during authentication?
A. Entropy
B. Principle of least privilege
C. Non-repudiation
D. Code signing
C. Non-repudiation
Which of the following protocols provides Pete, an administrator, with the HIGHEST level of security for device traps?
A. ICMP
B. SNMPv3
C. SSH
D. IPSec
B. SNMPv3
Jane has a vendors server in-house for shipping and receiving. She wants to ensure that if the server goes down that the server in-house will be operational again within 24 hours. Which of the following should Jane define with the vendor?
A. Mean time between failures
B. A warm recovery site
C. Mean time to restore
D. A hot recovery site
C. Mean time to restore
Which of the following procedures would be used to mitigate the risk of an internal developer
embedding malicious code into a production system?
A. Audit management
B. Mobile device management
C. Incident management
D. Change management
D. Change management
To mitigate the adverse effects of network modifications, which of the following should Matt, the security administrator, implement?
A. Change management
B. Routine auditing
C. Incident management
D. Log auditing
A. Change management
Jane, a security technician, wants to implement secure wireless with authentication. Which of the following allows for wireless to be authenticated via MSCHAPv2?
A. PEAP
B. WPA2 personal
C. TKIP
D. CCMP
A. PEAP
Pete, a user, is having trouble dialing into the network from their house. The administrator checks the RADIUS server, the switch connected to the server, and finds that the switch lost configuration after a recent power outage. The administrator replaces the switch and is able to ping the switch, but not the RADIUS server. Which of the following is the MOST likely cause?
A. The switch needs to have QoS setup correctly.
B. Port security is not enabled on the switch.
C. VLAN mismatch is occurring.
D. The DMZ is not setup correctly
C. VLAN mismatch is occurring.
Which of the following would MOST likely be implemented in order to prevent employees from accessing certain websites?
A. VPN gateway
B. Router
C. Proxy server
D. Packet filtering firewall
C. Proxy server
Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO).
A. Spoofing
B. Man-in-the-middle
C. Dictionary
D. Brute force
E. Privilege escalation
C. Dictionary
D. Brute force
When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?
A. Trust models
B. CRL
C. CA
D. Recovery agent
C. CA
Sara, a security analyst, suspects that a rogue web server is running on the network. Which of the following would MOST likely be used to identify the server's IP address?
A. Port scanner
B. Telnet
C. Traceroute
D. Honeypot
A. Port scanner
Which of the following is an improved version of the LANMAN hash?
A. LM2
B. NTLM
C. SHA
D. MD5
B. NTLM
Which of the following will help Matt, an administrator; mitigate the risk of static electricity?
A. Lightening rods
B. EMI shielding
C. Humidity controls
D. Temperature controls
C. Humidity controls
An application company sent out a software patch for one of their applications on Monday. The company has been receiving reports about intrusion attacks from their customers on Tuesday. Which of the following attacks does this describe?
A. Zero day
B. Directory traversal
C. Logic bomb
D. Session hijacking
A. Zero day
A company needs to remove sensitive data from hard drives in leased computers before the computers are returned to the supplier. Which of the following is the BEST solution?
A. Re-image with a default OS
B. Physical destruction of the hard drive
C. Format drive using a different file system
D. Sanitization using appropriate software
D. Sanitization using appropriate software
Jane, a security administrator, has applied security labels to files and folders to manage and restrict access. Which of the following is Jane using?
A. Mandatory access control
B. Role based access control
C. Implicit access control
D. Discretionary access control
A. Mandatory access control
Which of the following can Pete, an administrator, use to verify that a downloaded file was not corrupted during the transfer?
A. NTLM tag
B. LAN MAN hash
C. MD5 checksum
D. SHA summary
C. MD5 checksum
Sara, a user, on a public Wi-Fi network logs into a webmail account and is redirected to a search engine. Which of the following attacks may be occurring?
A. Evil twin
B. Bluesnarfing
C. War chalking
D. Bluejacking
A. Evil twin
When moving from an internally controlled environment to a fully outsourced infrastructure environment, such as cloud computing, it is MOST important to:
A. Implement mandatory access controls.
B. Ensure RAID 0 is implemented on servers.
C. Impose time of day restrictions across all services
D. Encrypt all confidential data.
D. Encrypt all confidential data.
Which of the following techniques floods an application with data in an attempt to find vulnerabilities?
A. Header manipulation
B. Steganography
C. Input validation
D. Fuzzing
D. Fuzzing
Which of the following would help Pete, an administrator, prevent access to a rogue access point connected to a switch?
A. Enable spanning tree protocol
B. Enable DHCP snooping
C. Disable VLAN trunking
D. Establish a MAC limit and age
D. Establish a MAC limit and age
A company wants to have a backup site that is a good balance between cost and recovery time objectives. Which of the following is the BEST solution?
A. Hot site
B. Remote site
C. Cold site
D. Warm site
D. Warm site
Jane, a user, has reported an increase in email phishing attempts. Which of the following can be implemented to mitigate the attacks?
A. Anti-spyware
B. Anti-adware
C. Anti-virus
D. Anti-spam
D. Anti-spam
While conducting a network audit, Sara, a security administrator, discovers that most clients are routing their network traffic through a desktop client instead of the company router. Which of the following is this attack type?
A. ARP poisoning
B. Session hijacking
C. DNS poisoning
D. Pharming attack
A. ARP poisoning
Which of the following is a reason why Pete, a security administrator, would implement port security?
A. To inspect the TPC and UDP ports of incoming traffic
B. To port C++code into Java bit-code in a secure manner
C. To implement secure datacenter electronic access
D. To limit the number of endpoints connected through the same switch port
D. To limit the number of endpoints connected through the same switch port
Which of the following is the MAIN benefit of server-side versus client-side input validation?
A. Server-side input validation results in a more secure system than client-side input validation.
B. Client-side input validation can lead to local buffer overflows while server-side input validation can lead to remote buffer overflow.
C. Client-side input validation results in a more secure system than server-side input validation.
D. Server-side input validation is prone to buffer overflows while client-side input validation is not.
A. Server-side input validation results in a more secure system than client-side input validation.
In the event of a mobile device being lost or stolen, which of the following BEST protects against sensitive information leakage?
A. Cable locks
B. Remote wipe
C. Screen lock
D. Voice encryption
B. Remote wipe
Which of the following is BEST utilized to actively test security controls on a particular system?
A. Port scanning
B. Penetration test
C. Vulnerability scanning
D. Grey/Gray box
B. Penetration test
Which of the following would be the BEST reason for Jane, a security administrator, to initially select individual file encryption over whole disk encryption?
A. It provides superior key redundancy for individual files.
B. The management of keys is easier to maintain for file encryption
C. It is faster to encrypt an individual file.
D. It provides protected access to all users
C. It is faster to encrypt an individual file.
Which of the following implements two factor authentication based on something you know and something you have?
A. Users shall authenticate to the system via a Kerberos enabled authentication server working with an integrated PKI only.
B. The system shall require users to authenticate to the system with a combination of a password or PIN and a smartcard
C. The system shall authenticate only authorized users by fingerprint and retina scan.
D. Users shall possess a combination of 8 digit PINs and fingerprint scanners.
B. The system shall require users to authenticate to the system with a combination of a password or PIN and a smartcard.
Which of the following attacks is characterized by Sara attempting to send an email from a Chief Information Officer's (CIO's) non-corporate email account to an IT staff member in order to have a password changed?
A. Spamming
B. Pharming
C. Privilege escalation
D. Impersonation
D. Impersonation
Which of the following should be done before resetting a user's password due to expiration?
A. Verify the user's domain membership
B. Verify the user's identity
C. Advise the user of new policies
D. Verity the proper group membership
B. Verify the user's identity
Sara, an attacker, calls the company's from desk and tries to gain insider information by providing specific company information to gain the attendant's trust. The front desk immediately alerts the IT department about this incident. This is an example of which of the following?
A. Shoulder surfing
B. Whaling
C. Tailgating
D. Impersonation
D. Impersonation
Which of the following is based on X.500 standards?
A. RADIUS
B. TACACS
C. Kerberos
D. LDAP
D. LDAP
Jane, an administrator, is primarily concerned with blocking external attackers from gaining information on remote employees by scanning their laptops. Which of the following security applications is BEST suited for this task?
A. Host IDS
B. Personal firewall
C. Anti-spam software
D. Anti-virus software
B. Personal firewall
Which of the following functions of a firewall allows Pete, an administrator, to map an external service to an internal host?
A. AP isolation
B. Port forwarding
C. DMZ
D. NAT
B. Port forwarding
Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?
A. Rootkit
B. Logic bomb
C. Worm
D. Botnet
B. Logic bomb
Hashing algorithms are used to address which of the following?
A. Confidentiality
B. Compatibility
C. Availability
D. Integrity
D. Integrity
After setting up a root CA. which of the following can Pete, a security administrator, implement to allow intermediate CAs to handout keys and certificates?
A. CRL
B. Spanning tree
C. Trust model
D. Key escrow
C. Trust model
Which of the following should Jane, the security administrator, do FIRST when an employee reports the loss of a corporate mobile device?
A. Remotely lock the device with a PIN
B. Enable GPS location and record from the camera
C. Remotely uninstall all company software
D. Remotely initiate a device wipe
D. Remotely initiate a device wipe
Which of the following BEST explains the security benefit of a standardized server image?
A. All current security updates for the operating system will have already been applied.
B. Mandated security configurations have been made to the operating system.
C. Anti-virus software will be installed and current.
D. Operating system license use is easier to track.
B. Mandated security configurations have been made to the operating system.
The accounting department needs access to network share A to maintain a number of financial reporting documents. The department also needs access to network share B in HR to view payroll documentation for cross-referencing items. Sara, an administrative assistant, needs access to view one document in network share A to gather data for management reports. Which of the following gives accounting and Sara the correct rights to these areas?
A. Accounting should be given read/write access to network share A and read access to networkshare B. Sara should be given read access for the specific document on network share A.
B. Accounting should be given read/write access to network share A and read access to network share B. Sara should be given read access to network share A.
C. Accounting should be given full access to network share A and read access to network share B. Sara should be given read/write access for the specific document on network share A.
D. Accounting should be given full access to network share A and read access to network share B. Sara should be given read/write access to network share A.
A. Accounting should be given read/write access to network share A and read access to network share B. Sara should be given read access for the specific document on network share A.
Which of the following should be implemented to restrict wireless access to the hardware address of a NIC?
A. URL filtering
B. WPA2 and EAP
C. PEAP and WPA
D. MAC filtering
D. MAC filtering
Which of the following is the purpose of the spanning tree protocol?
A. Loop protection
B. Access control lists
C. Secure device configuration
D. Implicit deny
A. Loop protection
Sara, the security engineer, has discovered that a breach is in progress on a non-production system of moderate importance. Which of the following should Sara collect FIRST?
A. Memory dump, ARP cache
B. Live system image, route table
C. Temp files, hosts file
D. Offline system image, router logs
A. Memory dump, ARP cache
The Chief Information Security Officer (CISO) tells the network administrator that a security company has been hired to perform a penetration test against their network. The security company asks the CISO which type of testing would be most beneficial for them. Which of the following BEST describes what the security company might do during a black box test?
A. The security company is provided with all network ranges, security devices in place, and logical maps of the network.
B. The security company is provided with no information about the corporate network or physical locations.
C. The security company is provided with limited information on the network, including all network diagrams.
D. The security company is provided with limited information on the network, including some subnet ranges and logical network diagrams.
B. The security company is provided with no information about the corporate network or physical locations.
While traveling, users need access to an internal company web server that contains proprietary information. Pete, the security administrator, should implement a:
A. NAC
B. VLAN
C. DMZ
D. RAS
D. RAS
Which of the following is used by Matt, a security administrator, to lower the risks associated with electrostatic discharge, corrosion, and thermal breakdown?
A. Temperature and humidity controls
B. Routine audits
C. Fire suppression and EMI shielding
D. Hot and cold aisles
A. Temperature and humidity controls
Which of the following are restricted to 64-bit block sizes? (Select TWO)
A. PGP
B. DES
C. AES 256
D. RSA
E. 3 DES
F. AES
B. DES
E. 3 DES
Workers of a small local organization have implemented an off-site location in which the organization can resume operations within 10 business days in the event of a disaster. This type of site is BEST known as which of the following?
A. Hot site
B. High-availability site
C. Cold site
D. Warm site
C. Cold site
The human resources department of a company has requested full access to all network resources, including those of the financial department. Jane, the administrator, denies this, citing:
A. Conflict of interest
B. Separation of duties
C. Role authentication.
D. Implicit deny
B. Separation of duties
Which of the following may cause Jane, the security administrator, to seek an ACL work around?
A. Zero day exploit
B. Dumpster diving
C. Virus outbreak
D. Tailgating
A. Zero day exploit
Which of the following security tools can Jane, an administrator, implement to mitigate the risks of theft?
A. Virtualization
B. Host based firewalls
C. HIPS
D. Device encryption
D. Device encryption
Which of the following ports would be blocked if Pete, a security administrator, wants to disable FTP?
A. 21
B. 23
C. 25
D. 110
A. 21
Sara, a security administrator, suspects that a web server may be under attack. The web logs have several entries containing variations of the following entries:
'or 1=1--
or1'=1--
'or1=1'—
Which of the following attacks is MOST likely occurring?
A. Zero day exploit
B. Buffer overflow
C. SQL injection
D. Man-in-the-middle
C. SQL injection
Which of the following attacks would be used if Sara, a user, is receiving unwanted text messages?
A. Packet sniffing
B. Bluesnarfing
C. Smurf attack
D. Blue jacking
D. Blue jacking
Which of the following practices reduces the attack surface of a wireless network? (Select TWO)
A. Antenna placement
B. Using TKIP instead on AES
C. Power-level control
D. Using WPA2 instead of WPA
E. Using RADIUS
A. Antenna placement
C. Power-level control
Which of the following combinations represents multifactor authentication?
A. Smart card and hard token
B. Voice print analysis and facial recognition
C. Username and PIN
D. Cipher lock combination and proximity badge
D. Cipher lock combination and proximity badge
Which of the following data loss prevention strategies mitigates the risk of replacing hard drives that cannot be sanitized?
A. Virtualization
B. Patch management
C. Full disk encryption
D. Database encryption
C. Full disk encryption
Matt, a security administrator, is responsible for provisioning role-based user accounts in an enterprise environment. A user has a temporary business need to perform multiple roles within the organization. Which of the following is the BEST solution to allow the user to perform multiple
roles?
A. Create expiring unique user IDs per role
B. Allow access to an existing user ID
C. Assign multiple roles to the existing user ID
D. Create an additional expiring generic user ID
C. Assign multiple roles to the existing user ID
An application programmer reports to Sara, the security administrator, that the antivirus software installed on a server is interfering with one of the production HR applications, and requests that antivirus be temporarily turned off. How should Sara respond to this request?
A. Ask the programmer to replicate the problem in a test environment.
B. Turn off antivirus, but install a host intrusion prevention system on the server.
C. Update the server's antivirus and anti-malware definitions from the vendor's site
D. Turn off antivirus, but turn on the host-based firewall with a deny-all rule set.
A. Ask the programmer to replicate the problem in a test environment.
Which of the following allows active exploitation of security vulnerabilities on a system or network for the purpose of determining true impact?
A. Port scanning
B. Penetration testing
C. Vulnerability scanning
D. Performing risk analysis
B. Penetration testing
A packet filtering firewall can protect from which of the following?
A. SOL injection
B. Brute force attack
C. Port scan
D. DNS poisoning
C. Port scan
Which of the following can Matt, an administrator, use to ensure the confidentiality of a file when it is being sent over FTP?
A. WPA2
B. PGP
C. MD5
D. NTLMv2
B. PGP
Pete, a user, submitted a form on the Internet but received an unexpected response shown below Server Error in “/” Application Runtime error in script on asp.net version 2.0 Which of the following controls should be put in place to prevent Pete from learning this information about the web server in the future?
A. Patch management
B. Error handling
C. Fuzzing
D. Input validation
B. Error handling
Employees are reporting that they are receiving unusual calls from the help desk for the purpose of verifying their user credentials. Which of the following attack types is occurring?
A. Vishing
B. Spear phishing
C. Phishing
D. Pharming
A. Vishing
Sara, a forensic invest gator, believes that the system image she was presented with is not the same as the original source. Which of the following should be done to verify whether or not theimage has been tampered with?
A. Compare file sizes from the original with the system image.
B. Reimage the original source with a read-only tool set to ignore errors.
C. Compare hashes of the original source and system image.
D. Compare time stamps from the original with the system image.
C. Compare hashes of the original source and system image.
Which of the following is a feature of Kerberos?
A. One-way encryption
B. Vendor patch management
C. Only available for Linux systems
D. Single sign-on
D. Single sign-on
An SQL injection vulnerability can be caused by which of the following?
A. Password complexity
B. Improper input validation
C. Discretionary access controls
D. Cross-site request forgery
B. Improper input validation
Which of the following does Jane, a software developer, need to do after compiling the source code of a program to attest the authorship of the binary?
A. Place Jane's name in the binary metadata
B. Use Jane's private key to sign the binary
C. Use Jane's public key to sign the binary
D. Append the source code to the binary
B. Use Jane's private key to sign the binary
Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?
A. NAT
B. Virtualization
C. NAC
D. Subnetting
D. Subnetting
Which of the following would Sara, a security administrator, utilize to identity a weakness within various applications without exploiting that weakness?
A. Protocol analyzer
B. Port scanner
C. Vulnerability scan
D. Penetration test
C. Vulnerability scan
Matt, a security administrator, wants to allow content owners to determine who has access to tiles. Which of the following access control types does this describe?
A. Rule based access control
B. Discretionary access control
C. Role based access control
D. Mandatory access control
B. Discretionary access control
Which of the following commands can Matt, an administrator, use to create a forensically sound hard drive image?
A. grep
B. dump
C. dcfldd
D. hex
C. dcfldd
Which of the following technologies would allow the removal of a single point of failure?
A. Dual-homing a server
B. Clustering a SQL server
C. Adding a second VLAN to a switch
D. Assigning a second IP address to a NIC
A. Dual-homing a server
Jane, the administrator, is tasked with deploying a strong encryption cipher. Which of the following ciphers would she be the LEAST likely to choose?
A. DES
B. Two fish
C. 3DES
D. AES
B. Two fish
Which of the following security tools can Jane, a security administrator, use to deter theft?
A. Virtualization
B. Cable locks
C. GPS tracking
D. Device encryption
B. Cable locks
Jane, a security administrator, has completed the imaging process for 20 computers that were deployed. The image contains the operating system and all required software. Which of the following is this an example of?
A. Implementing configuration hardening
B. Implementing configuration baseline
C. Implementing due diligence
D. Deploying and using a trusted OS
D. Deploying and using a trusted OS
Which of the following open standards should Pete, a security administrator, select for remote authentication of users?
A. TACACS
B. RADIUS
C. WPA2
D. RIPEMD
B. RADIUS
Matt, a system administrator, wants to establish a nightly available SQL database. Which of the following would be implemented to eliminate a single point of failure in storage and servers?
A. RAID 5 and a storage area network
B. Two striped drives and clustering
C. Two mirrored drives and clustering
D. RAID 0 and load balancing
A. RAID 5 and a storage area network
Which of the following password policies is the MOST effective against a brute force network attack?
A. Password complexity
B. Password recovery
C. 30 day password expiration
D. Account lockout
D. Account lockout
Which of the following malware types is MOST commonly associated with command and control?
A. Rootkits
B. Logic bombs
C. Botnets
D. Backdoors
C. Botnets
Which of the following security chips does BitLocker utilize?
A. BIOS
B. CPU
C. CMOS
D. TPM
D. TPM
Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?
A. LDAP injection
B. SQL injection
C. Error and exception handling
D. Cross-site scripting
D. Cross-site scripting
Which of the following is used to verify the identity of the sender of a signed email?
A. Public key
B. Sender's IP
C. From field
D. Private key
A. Public key
Sara, a security guard, reports that the side of the company building has been marked with spray paint. Which of the following could this be an example of?
A. Interference
B. War driving
C. War chalking
D. War dialing
C. War chalking
While performing basic forensic analysis of a hard drive in Sara's, the security administrator,
possession, which of the following should be verified during the analysis?
A. Witness statements
B. Image hashes
C. Chain of custody
D. Order of volatility
B. Image hashes
Which of the following policies is implemented in order to minimize data loss or theft?
A. PII handling
B. Password policy
C. Chain of custody
D. Zero day exploits
A. PII handling
Which of the following allows Pete, a security technician, to prevent email traffic from entering the company servers?
A. IDS
B. URL filtering
C. VPN concentrators
D. Spam filter
D. Spam filter
Which of the following security controls enforces user permissions based on a job role?
A. Single sign-on access
B. Group based privileges
C. Account policy enforcement
D. User assigned privileges
B. Group based privileges
Which of the following should be implemented to secure Pete's, a network administrator, day-today maintenance activities? (Select TWO).
A. TFTP
B. Telnet
C. TACACS+
D. FTP
E. SSH
C. TACACS+
E. SSH
When integrating source material from an open source project into a highly secure environment, which of the following precautions should prevent hidden threats?
A. Design review
B. Code review
C. Risk assessment
D. Vulnerability scan
B. Code review
Which of the following malware types is BEST described as protecting itself by hooking system processes and hiding its presence?
A. Botnet
B. Rootkit
C. Logic bomb
D. Virus
B. Rootkit
A company notices that there is a flaw in one of their proprietary programs that the company runs in-house. The flaw could cause damage to the HVAC system. Which of the following would the company transfer to an insurance company?
A. Risk
B. Threat
C. Vulnerability
D. Code review
A. Risk
Which of the following can Sara, a security administrator, implement to ensure that encrypted files and devices can be recovered if the passphrase is lost?
A. Private key rings
B. Trust models
C. Registration
D. Key escrow
D. Key escrow
An administrator responsible for building and validating security configurations is a violation of
which of the following security principles?
A. Least privilege
B. Job rotation
C. Separation of duties
D. Best business practices
C. Separation of duties
Sara, a network security administrator, has been tasked with setting up a guest wireless network for her corporation. The requirements for this connection state that it must have password authentication, with passwords being changed every week. Which of the following security
protocols would meet this goal in the MOST secure manner?
A. WPA – CCMP
B. WPA – PSK
C. WPA2-CCMP
D. WPA2-PSK
D. WPA2-PSK
The corporate NIPS requires a daily download from its vendor with updated definitions in order to
block the latest attacks. Which of the following describes how the NIPS is functioning?
A. Heuristics
B. Anomaly based
C. Signature based
D. Behavior based
C. Signature based
Which of the following are security relevant policies? (Select THREE)
A. Information classification policy
B. Network access policy
C. Data security standard
D. Procurement policy
E. Domain name policy
F. Auditing and monitoring policy
G. Secure login process
A. Information classification policy
B. Network access policy
F. Auditing and monitoring policy
Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?
A. Exception handling
B. Adware
C. Cross-site request forgery
D. Cross-site scripting
D. Cross-site scripting
Which of the following is a policy that would force all users to organize their areas as well as help
in reducing the risk of possible data theft?
A. Password behaviors
B. Clean desk policy
C. Data handling
D. Data disposal
B. Clean desk policy
Which of the following network solutions would BEST allow Jane, a security technician, to host an extranet application for her company?
A. Platform as a Service
B. Infrastructure as a Service
C. Storage as a Service
D. Software as a Service
D. Software as a Service
Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM
effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?
A. Blowfish
B. DES
C. SHA256
D. HMAC
A. Blowfish
Which of the following could Sara, an administrator, use in a workplace to remove sensitive data at rest from the premises?
A. Network sniffer
B. Personally owned devices
C. Vulnerability scanner
D. Hardware locks
B. Personally owned devices
Which of the following administrative controls BEST mitigates the risk of ongoing inappropriate
employee activities in sensitive areas?
A. Mandatory vacations
B. Collusion
C. Time of day restrictions
D. Least privilege
A. Mandatory vacations
Traffic has stopped flowing to and from the company network after the inline IPS hardware failed.
Which of the following has occurred?
A. Failsafe
B. Congestion
C. Fuzzing
D. Disaster recovery
A. Failsafe
A company is installing a wireless network in a building that houses several tenants. Which of the following should be considered to make sure none of the other tenants can detect the company's wireless network? (Select TOO).
A. Static IP addresses
B. Wireless encryption
C. MAC filtering
D. Antenna placement
E. Power levels
D. Antenna placement
E. Power levels
Pete is reporting an excessive amount of junk mail on the network email server. Which of the following would ONLY reduce the amount of unauthorized mail?
A. Network firewall
B. Port 25 restriction
C. Spam fitters
D. URL filters
C. Spam fitters
Which of the following network devices will prevent port scans?
A. Firewall
B. Load balancers
C. NIDS
D. Sniffer
A. Firewall
Which of the following multifactor authentication methods uses biometrics?
A. Somewhere you are
B. Something you have
C. Something you know
D. Something you are
D. Something you are
Marketing creates a new folder and requests the following access be assigned:
Sales Department - Read
Marketing Department - Full Control
Inside Sales - Read Write
This is an example of which of the following?
A. RBAC
B. MAC
C. RSA
D. DAC
A. RBAC
Sara, the software security engineer, is trying to detect issues that could lead to buffer overflows or memory leaks in the company software. Which of the following would help Sara automate this detection?
A. Input validation
B. Exception handling
C. Fuzzing
D. Code review
C. Fuzzing
Which of the following control types is video monitoring?
A. Detective
B. Management
C. Preventative
D. Access
A. Detective
Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?
A. Succession planning
B. Disaster recovery
C. Separation of duty
D. Removing single loss expectancy
A. Succession planning
Which of the following allows a server to request a website on behalf of Jane, a user?
A. Sniffers
B. Proxies
C. Load balancers
D. Firewall
B. Proxies
Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements?
A. EAP-TLS
B. EAP-FAST
C. PEAP-CHAP
D. PEAP-MSCHAPv2
D. PEAP-MSCHAPv2
Sara, a security administrator, has generated a key pair for the company web server. Which of the following should she do next to ensure all web traffic to the company web server is encrypted?
A. Install both the private and the public key on the client machine.
B. Install both the private and the public key on the web server.
C. Install the public key on the web server and the private key on the client machine.
D. Install the public key on the client machine and the private key on the web server.
B. Install both the private and the public key on the web server.
Pete, a security administrator, would like to implement laptop encryption to protect data. The Chief Executive Officer (CEO) believes this will be too costly to implement and decides the company will purchase an insurance policy instead. Which of the following is this an example of?
A. Risk avoidance
B. Risk deterrence
C. Risk acceptance
D. Risk transference
A. Risk avoidance
Matt, a security administrator, needs to Telnet into a router to change some configurations. Which of the following ports would need to be open to allow Matt to change the configurations?
A. 23
B. 125
C. 143
D. 3389
A. 23
The IT Security Department has completed an internal risk assessment and discovered the use of an outdated antivirus definition file. Which of the following is the NEXT step that management should take?
A. Analyze the vulnerability results from the scan.
B. Mitigate risk and develop a maintenance plan.
C. Ignore risk and document appropriately to address at a later time.
D. Transfer risk to web application developers.
B. Mitigate risk and develop a maintenance plan.
Which of the following elements makes up the standard equation used to define risk? (Select TWO).
A. Confidence
B. Reproducibility
C. Impact
D. Likelihood
E. Exploitability
C. Impact
D. Likelihood
Matt’s CRL is over six months old. Which of the following could Matt do in order to ensure he has the current information? (Select TWO).
A. Update the CRL
B. Change the trust model
C. Deploy a key escrow
D. Query the intermediate CA
E. Deploy a recovery agent
F. Deploy OCSP
A. Update the CRL
F. Deploy OCSP
Matt, the security administrator, notices a spike in the number of SQL injection attacks against a web server connected to a backend SQL database. Which of the following practices should be used to prevent an application from passing these attacks on to the database?
A. OS hardening
B. Application patch management
C. Error and exception handling
D. Input validation
D. Input validation
Jane's guest, Pete, comes to her office to meet her for lunch. She uses her encoded badge to enter, and he follows in behind her. This is an example of which of the following?
A. Tailgating
B. Least privilege
C. Whaling
D. Vishing
A. Tailgating
A vulnerability has been found in a service that is unnecessary for the corporate environment. Which of the following is the BEST way to mitigate this vulnerability?
A. Issue a hotfix to lower the vulnerability risk on the network
B. Issue a group policy to disable the service on the network.
C. Issue a service pack to ensure the service is current with all available patches
D. Issue a patch to ensure the service has a lower level of risk if compromised.
B. Issue a group policy to disable the service on the network.
Broadcast traffic is having a negative impact on network performance. Which of the following might help minimize this issue?
A. Use NAT to hide the IPs of each of the workstations.
B. Separate the network onto a number of different switches.
C. Separate the network into a number of different VLANs.
D. Route all the Unicast traffic through the proxy server.
C. Separate the network into a number of different VLANs.
One of the concerns regarding portable digital music devices in a corporate environment is they:
A. can distract users during various security training exercises.
B. can also be used as a USB removable drive.
C. can be used as recorders during meetings.
D. may cause interference with wireless access points
B. can also be used as a USB removable drive.
Which of the following describes separating encryption keys into multiple parts to store with trusted third parties?
A. Ticket granting ticket
B. Key recovery
C. Key escrow
D. Key registration
C. Key escrow
Which of the following authentication services relies on a shared secret?
A. RADIUS
B. LDAP
C. Kerberos
D. Tokens
A. RADIUS
Which of the following is characterized by an attack against a mobile device?
A. Evil twin
B. Header manipulation
C. Blue jacking
D. Rogue AP
C. Blue jacking
Which of the following should Pete, a security technician, apply to a server to BEST prevent SYN attacks?
A. Loop protection
B. Flood guards
C. Port security
D. ACL
B. Flood guards
When implementing a wireless network, which of the following will decrease the visibility of the network?
A. Decreasing the encryption strength
B. Disabling the SSID broadcast
C. Enabling WPA2 encryption
D. Enabling MAC filtering
B. Disabling the SSID broadcast
Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?
A. Error and exception handling
B. Application hardening
C. Application patch management
D. Cross-site script prevention
B. Application hardening
Mandatory vacation, job rotation, and separation of duties policies all enhance the overall security posture by doing which of the following?
A. Making it more convenient to review logs for malicious activity
B. Making it more difficult to hide malicious activity by insiders
C. Reducing risks associated with viruses and malware
D. Reducing risks associated with Internet attackers
B. Making it more difficult to hide malicious activity by insiders
A recent policy change requires Pete, a security administrator, to implement TLS wherever possible. Which of the following can TLS secure? (Select THREE).
A. SNMP
B. HTTP
C. LDAP
D. ICMP
E. SMTP
F. IPSec
G. SSH
B. HTTP
C. LDAP
E. SMTP
Which of the following allows a company to correct security issues within their software?
A. Application fuzzing
B. Cross-site scripting
C. Configuration baseline
D. Patch management
D. Patch management
Matt, a security analyst, discovered that a commonly used website is serving up a script that redirects users to a questionable website. Which of the following solutions MOST likely prevents this from occurring?
A. Anti-malware
B. NIDS
C. Pop-up blocker
D. Anti-spam
A. Anti-malware
Matt, a network engineer, is setting up an IPSec VPN. Which network-layer key management standard and its protocol can be used to negotiate the connection?
A. AH
B. Kerberos
C. EAP
D. IKE
D. IKE
Which of the following devices can Sara, an administrator, implement to detect and stop known attacks?
A. Signature-based NIDS
B. Anomaly-based NIDS
C. Signature-based NIPS
D. Anomaly-based NIPS
C. Signature-based NIPS
Which of the following represents the WEAKEST password?
A. PaSsWoRd
B. P@sSWOr&
C. P@sSW1r&
D. PassW1rD
A. PaSsWoRd
Which of the following is mainly used for remote access into the network?
A. XTACACS
B. TACACS+
C. Kerberos
D. RADIUS
D. RADIUS
In order to prevent users from surfing the web at work, Jane, the administrator, should block which of the following ports? (Select TWO).
A. TCP 25
B. TCP 80
C. TCP 110
D. TCP 443
E. UDP 80
F. UDP 8080
B. TCP 80
D. TCP 443
Matt, the IT administrator, wants to ensure that if any mobile device gets lost no data can be retrieved. Which of the following can he implement on the mobile devices to help accomplish this?
A. Cable locks
B. Strong passwords
C. Voice encryption
D. Remote sanitization
D. Remote sanitization
Matt, a security administrator, wants to configure all the switches and routers in the network in order to security monitor their status. Which of the following protocols would he need to configure on each device?
A. SMTP
B. SNMPv3
C. IPSec
D. SNMP
B. SNMPv3
Jane, a security administrator, recently configured the firewall for the corporate office. Some users report that they are unable to access any resources outside of the company. Which of the following is the MOST likely reason for the lack of access?
A. Jane forgot to save the configuration on the firewall
B. Jane forgot to account for the implicit deny statement
C. Jane forgot to connect the internal firewall port back to the switch
D. Jane specifically denied access for all users
B. Jane forgot to account for the implicit deny statement
Which of the following describes common concerns when implementing IPS?
A. Legitimate traffic will be incorrectly blocked
B. False negatives will disrupt network throughput
C. Incompatibilities with existing routers will result in a DoS
D. Security alerts will be minimal until adequate traffic is collected
A. Legitimate traffic will be incorrectly blocked
Which of the following network design elements will allow Jane, a security technician, to access internal company resources without the use of a DS3, Satellite, or T1 connection?
A. CSU/DSU
B. Firewall
C. Router
D. DSL
A. CSU/DSU
Which of the following utilizes the ECHO function of Internet Control Message Protocol (ICMP) to overwhelm a victim's system?
A. Logic bomb
B. Whaling
C. Man-in-the-middle
D. Smurf attack
D. Smurf attack
Matt, an administrator, is concerned about the wireless network being discovered by war driving. Which of the following can be done to mitigate this?
A. Enforce a policy for all users to authentic through a biometric device.
B. Disable all SSID broadcasting
C. Ensure all access points are running the latest firmware.
D. Move all access points into public access areas.
B. Disable all SSID broadcasting
Jane, the administrator of a small company, wishes to track people who access the secured server room, which is secured only by a simple hardware key lock. Jane does not have much of a budget or the approval to make significant construction changes. Given the limitations, which of the
following can she do in the meantime?
A. Implement a sign in/out sheet with on-site security personnel
B. Install a 24/7 closed-circuit camera system
C. Install a separate hardware lock with limited keys
D. Implement a cipher key lock
D. Implement a cipher key lock
Which of the following enterprise security controls is BEST implemented by the use of a RADIUS server?
A. ACL
B. NAT
C. VLAN
D. 802.1X
D. 802.1X
Pete, the security administrator at a financial institution, has finished downloading a new system patch and needs to verify its authenticity. Which of the following is the correct MD5 string for the file he downloaded?
A. 1a03b7fe4c67d9012gb42b4de49d9f3b
B. b42b4de49d9f3b1a03b7fe4c67d9012
C. 303b7fe4c67d9012b42b4de49d9f3b134
D. ab42b4de49d9f3b1a03b7f34c67d9012
D. ab42b4de49d9f3b1a03b7f34c67d9012
One of the advantages of Trusted Platform Modules (TPM) is:
A. it cannot be modified by a silent background process.
B. it is tied to the system's MAC address for secured tracking.
C. it cannot be used as the basis for securing other encryption methods.
D. it can be tied to the user's logon account for additional authentication
A. it cannot be modified by a silent background process.
Which of the following protocols is MOST closely linked with SSL?
A. SNMP
B. TLS
C. FTP
D. ICMP
B. TLS
Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?
A. Patch management
B. Application fuzzing
C. ID badge
D. Application configuration baseline
B. Application fuzzing
Which of the following data center environmental controls must be property configured to prevent equipment failure from water?
A. Lighting
B. Temperature
C. Humidity
D. Halon fire suppression
C. Humidity
Matt, a corporate user, has volunteered to participate in a test group for full disk encryption on employees' laptops. After his laptop's hard drive has been fully encrypted, the network administrator is still able to access Matt's files across a SMB share. Which of the following is the MAIN reason why the files are still accessible to the administrator?
A. Matt must reboot his laptop before the encryption is activated.
B. Files moved by the network administrator off Matt's laptop are automatically decrypted
C. Full disk encryption only secures files when the laptop is powered off
D. The network administrator can decrypt anyone's files.
C. Full disk encryption only secures files when the laptop is powered off
Hashing and encryption provide for which of the following? (Select TWO)
A. Authentication
B. Availability
C. Identification
D. Confidentiality
E. Authorization
F. Integrity
D. Confidentiality
F. Integrity
Which of the following will require exceptions when considering the use of 802.1x port security?
A. Switches
B. Printers
C. Laptops
D. Desktops
B. Printers
Which of the following data encryption types will BEST protect data in motion and at rest to a cloud provider?
A. File encryption
B. Transport
C. PKI
D. SHA-256
A. File encryption
Which of the following will mitigate the effects of devices in close proximity?
A. EMI shielding
B. Load balancing
C. Grounding
D. Video monitoring
A. EMI shielding
A major CA has been compromised and a new patch has been released to make necessary changes on user machines. Which of the following is likely to be updated as a part of this patch?
A. Recovery agent
B. CRL
C. Key escrow
D. PKI
B. CRL
Which of the following uses both a public and private key?
A. RSA
B. AES
C. MD5
D. SHA
A. RSA
Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described?
A. Tailgating
B. Fencing
C. Screening
D. Mantrap
D. Mantrap
Symmetric encryption utilizes________. While asymmetric encryption utilizes__________.
A. Public keys, one time
B. Shared keys, private keys
C. Private keys, session keys
D. Private keys, public keys
B. Shared keys, private keys
Jane, an administrator, notices that after 2.000 attempts a malicious user was able to compromise an employee's password. Which of the following security controls BEST mitigates this type of external attack? (Select TWO).
A. Account expiration
B. IDS
C. Password complexity
D. Server logging
E. Account lockout
F. Proxy server
C. Password complexity
E. Account lockout
Matt, the network engineer, has been tasked with separating network traffic between virtualmachines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).
A. Virtual switch
B. NAT
C. System partitioning
D. Access-list
E. Disable spanning tree
F. VLAN
A. Virtual switch
F. VLAN
Sara, an IT manager, wants to change the firewall rules to allow RemoteOfficeB to connect to the corporate network using SSH. Which of the following rules would only allow necessary access?
A. Permit RemoteOfficeB any port 69
B. Permit RemoteOfficeB any all
C. Permit RemoteOfficeB any port 22
D. Permit any corporate port 443
C. Permit RemoteOfficeB any port 22
Which of the following attacks is characterized by someone following a staff member who is entering a corporate facility?
A. Evil twin
B. Tailgating
C. Shoulder surfing
D. Impersonation
B. Tailgating
Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts?
A. Two factor authentication
B. Identification and authorization
C. Single sign-on
D. Single factor authentication
A. Two factor authentication
Jane, a corporate user, is trying to secure her laptop from drive-by download before she leaves for a computer conference. Which of the following should be installed to keep Jane's laptop secure from these attacks?
A. Full disk encryption
B. Host based firewall
C. Antivirus system
D. Network based firewall
C. Antivirus system
Which of the following detection methods may generate an alert when Matt, an employee,
accesses a server during non-business hours?
A. Signature
B. Time of Day restrictions
C. Heuristic
D. Behavioral
D. Behavioral
Which of the following data is typically left unencrypted in software based full disk encryption?
A. OS registry
B. Extended partition
C. BIOS
D. MBR
D. MBR
Which of the following is an authentication service that uses symmetrical keys and tickets?
A. RADIUS
B. TACACS+
C. Kerberos
D. LDAP
C. Kerberos
Which of the following application attacks is identified by use of the <SCRIPT> tag?
A. XSS
B. Buffer overflow
C. Directory traversal
D. Zero day
A. XSS
Jane, a security architect, is working on setting up a secure email solution between internal employees and external customers. Which of the following would BEST meet her goal?
A. Public key infrastructure
B. Key escrow
C. Internal certificate authority
D. Certificate revocation list
A. Public key infrastructure
Which of the following allows multiple internal IP addresses to be mapped to one specific external IP address?
A. VLAN
B. NAT
C. NAC
D. PAT
D. PAT
Which of the following would Jane, a security administrator, use to encrypt transmissions from streaming video transmissions, keeping in mind that each bit must be encrypted as it comes across the network?
A. IDEA
B. AES
C. RC4
D. 3DES
C. RC4
Matt, a user, finds a flash drive in the parking lot and decides to see what is on it by using his company laptop. A few days later Matt reports his laptop is running slow and is unable to perform simple tasks. The security administrator notices several unauthorized applications have been installed. CPU usage is unusually high, and a collection of screenshots of Matt's recent activity has been transmitted over the network .This is an example of which of the following?
A. Backdoor
B. Logic bomb
C. Rootkit
D. Spyware
D. Spyware
Pete, the security administrator, found that several of the company's workstations are infected with a program aimed at stealing users' cookies and reporting them back to the malicious user. Which of the following attack types is the malicious user MOST likely to carry out with this information?
A. Man-in-the-middle
B. Session hijacking
C. Command injection
D. Trojan infection
B. Session hijacking
Sara, a security administrator, is implementing remote management for network infrastructure using SNMP. Which of the following statements is true about SNMP?
A. Read communities allow write permissions
B. Relays mail based on domain keys and access headers
C. SNMP communities are encrypted using PKI
D. Write communities allow both read and write permissions
D. Write communities allow both read and write permissions
Which of the following mitigation techniques is Pete, a security administrator, MOST likely to implement after the software has been released to the public?
A. Error and exception handling
B. Fuzzing
C. Secure coding
D. Patch management
D. Patch management
Which of the following BEST defines risk?
A. A threat will have a larger impact than anticipated
B. Remediation of a known vulnerability is cost prohibitive
C. A degree of probability of loss
D. A user leaves a system unsecure
C. A degree of probability of loss
Companies allowing remote access to internal systems or systems containing sensitive data should provide access using:
A. dial-up or broadband networks using passwords.
B. wireless networks using WPA encryption.
C. VPN with two factor authentication.
D. carrier based encrypted data networks
C. VPN with two factor authentication.
Which of the following is the proper order for incident response?
A. Detection, preparation, containment, eradication, recovery
B. Preparation, detection, containment, eradication, recovery
C. Preparation, detection, recovery, eradication, containment
D. Detection, containment, eradication, recovery, preparation
B. Preparation, detection, containment, eradication, recovery
Which of the following is considered the MOST secure wireless encryption measure to implement?
A. TKIP
B. CCMP
C. WPA2
D. WEP
C. WPA2
Sara, a security engineer, is testing encryption ciphers for performance. Which of the following ciphers offers strong encryption with the FASTEST speed?
A. 3DES
B. Blowfish
C. Serpent
D. AES256
B. Blowfish
A team is developing a new application with many different screens that users can access. The team decides to simplify access by creating just two internal application roles. One role is granted read-only access to the summary screen. The other role is granted update access to all screens.
This simplified access model may have a negative security impact on which of the following?
A. Remote access
B. Identity management
C. Least privilege
D. Authentication
C. Least privilege
Which of the following would be the BEST choice for attacking a complex password hash?
A. Man in the middle
B. Dictionary files
C. Rainbow tables
D. Brute-force intrusion
C. Rainbow tables
In order for Pete, a user, to logon to his desktop computer, he must provide his username, password, and use a common access card with a PIN. Which of the following authentication methods is Pete using?
A. Single factor
B. Two factor
C. Three factor
D. Four factor
B. Two factor
Which of the following is a reason why a company might deploy data encryption?
A. To maintain the integrity of the information
B. To keep information confidential
C. To prevent data corruption
D. To prevent backup tape theft
B. To keep information confidential
Which of the following would Sara, a security administrator, implement to divert and analyze attacks?
A. Protocol analyzer
B. DMZ
C. Port scanner
D. Honeypot
D. Honeypot
In PKI, the public key is used to:
A. decrypt the signature CRC.
B. decrypt an email message.
C. encrypt an email message.
D. encrypt the signature hash.
C. encrypt an email message.
Jane, a security technician, needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should Jane open? (Select TWO).
A. TCP 21
B. TCP 23
C. TCP 53
D. UDP 23
E. UDP 53
C. TCP 53
E. UDP 53
After a new firewall has been installed, devices cannot obtain a new IP address. Which of the
following ports should Matt, the security administrator, open on the firewall?
A. 25
B. 68
C. 80
D. 443
B. 68
The health care department is storing files with names, addresses, and social security numbers on a corporate file server. Matt, the security analyst, comes across this data in an audit. Which of the following has Matt discovered?
A. Personal identifiable information
B. Data classification rules
C. Data disposal procedures
D. Data handling rules
A. Personal identifiable information
Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?
A. SHA1
B. MD2
C. MD4
D. MD5
A. SHA1
Which of the following would Jane, a security administrator, use to authenticate remote users into the network?
A. RADIUS
B. XTACACS
C. TACACS
D. ACLs
A. RADIUS
A company wants to implement a policy that helps reduce employee stress and decrease the likelihood of security incidents caused by job dissatisfaction. Which of the following will MOST likely have a positive impact on the employee stress and job satisfaction?
A. Change management
B. Mandatory vacations
C. Due care
D. Service Level Agreements
B. Mandatory vacations
Pete would like to implement a new tape backup plan for HR to speed up the process of nightly backups on their file systems HR does not make many file alterations on Tuesday through Thursday. Pete does a full backup on Monday and again on Friday. Which of the following should Pete do to speed up the backups Tuesday through Thursday?
A. Incremental backups Tuesday through Thursday
B. Full backups Tuesday through Thursday
C. Differential backups Tuesday through Thursday
D. Differential backups Tuesday and Wednesday
A. Incremental backups Tuesday through Thursday
Sara, a user, needs to copy a file from a Linux workstation to a Linux server using the MOST secure file transfer method available. Which of the following protocols would she use?
A. SCP
B. FTP
C. SNMP
D. TFTP
A. SCP
Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?
A. ECC
B. RSA
C. SHA
D. 3DES
D. 3DES
Which of the following wireless attacks MOST likely targets a smart phone?
A. War driving
B. Whaling
C. IV attack
D. Bluesnarfing
D. Bluesnarfing
Which of the following host security procedures will facilitate in the identification of Advanced Persistent Threats (APT)?
A. Remote wipe
B. Group policy implementation
C. Host software baselining
D. Antivirus
C. Host software baselining
Jane, a security technician, has been called into a meeting with the management team who has a requirement for comprehensive vetting of specialized employees as part of the hiring process. Funding and resources are not an issue since staff members are in high risk positions and have access to sensitive data. Which of the following access control types BEST meets the requirement?
A. Rule based access control
B. Discretionary access control
C. Mandatory access control
D. Role based access control
C. Mandatory access control
A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verily the backup datacenter is prepared for such a scenario?
A. Site visit to the backup data center
B. Disaster recovery plan review
C. Disaster recovery exercise
D. Restore from backup
C. Disaster recovery exercise
Pete, the security administrator, would like all users connecting to the corporate SSL VPN router to have up-to-date patches and antivirus signatures verified prior to accessing the internal network. Which of the following would MOST likely be employed as the verification process?
A. The router ACL matches VPN traffic. The NAC server verifies antivirus signatures are supported and up-to-date.
B. The NAC server processes the authentication, and then it matches patches and antivirus signatures with its local database.
C. The access control server connects to the agent on the users’ client to set minimal accepted levels of patching and signatures allowed. The agent creates a token which the router can match for access.
D. The router sends queries to the access control server; the access control server handles proxy requests to third party patching and antivirus servers.
D. The router sends queries to the access control server; the access control server handles proxy requests to third party patching and antivirus servers.
In which of the following access control types does the operating system data classification determine who has access to certain resources?
A. Discretionary Access Control
B. Role based Access Control
C. Mandatory Access Control
D. Rule based Access Control
C. Mandatory Access Control
Sara, a security administrator, needs to simplify the management of access to remote files and folders. Which of the following can she implement to BEST accomplish this?
A. Group based ACLs
B. Creating multiple copies of the files and folders
C. Discretionary access control
D. User based ACLs
A. Group based ACLs
Matt, a security administrator, wants to implement a secure wireless network. Which of the following is the MOST secure wireless protocol?
A. WPA2
B. WPA
C. WEP
D. AES
A. WPA2
Which of the following protocols allows for the LARGEST address space?
A. IPX
B. IPv4
C. IPv6
D. Appletalk
C. IPv6
In order to justify the cost of a new security appliance, the administrator should do which of the following?
A. RIO analysis
B. Benchmarking
C. Market analysis
D. Usability testing
A. RIO analysis
Which of the following is responsible for masking the activity of an on-going attack from the administrator's operating system monitoring tools?
A. Rootkit
B. Botnet
C. Spyware
D. Trojan
A. Rootkit
Which of the following forms of FTP uses TLS to securely send information?
A. SCP
B. FTPS
C. SFTP
D. HTTPS
B. FTPS
Which of the following BEST allows Jane, a security administrator, to perform ongoing assessments of existing weaknesses within an enterprise?
A. Vulnerability scanning
B. NIPS
C. HIDS
D. Protocol analyzer
A. Vulnerability scanning
Jane, an attacker, compromises a payroll system and replaces a commonly executed application with a modified version which appears to run as normal but also executes additional functions. Which of the following would BEST describe the slightly modified application?
A. Trojan
B. Rootkit
C. Spyware
D. Adware
A. Trojan
To protect corporate data on removable media, a security policy should mandate that all removable devices use which of the following?
A. Full disk encryption
B. Application isolation
C. Digital rights management
D. Data execution prevention
A. Full disk encryption
Which of the following would allow Pete, a security analyst, to assess his company's proficiency with a particular security process?
A. Risk Assessment
B. Capability Maturity Model
C. Risk Calculation
D. Trusted Platform Module
B. Capability Maturity Model
The Chief Security Officer (CSO) informs Jane, the technician, that there is a new requirement for all data repositories where data must be encrypted when not in use. The CSO wants Jane to apply this requirement to all corporate servers. Which of the following data encryption types will BEST fill this requirement?
A. Mobile device encryption
B. Full disk encryption
C. Transport encryption
D. Database encryption
D. Database encryption
Which of the following should Pete, the security technician, use to secure DNS zone transfers?
A. VLAN
B. DIMSSEC
C. ACL
D. 802.1X
C. ACL
Matt, a network engineer, is implementing a VPN solution. Which of the following can Matt use to secure the user authentication session?
A. GPG
B. PGP
C. CHAP
D. RSA
C. CHAP
Sara, a user in the human resources department, requests a privacy screen for her monitor at work. Which of the following social engineering attack is Sara attempting to prevent?
A. Impersonation
B. Vishing
C. Shoulder surfing
D. Tailgating
C. Shoulder surfing