• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/111

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

111 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)

Which of the following uses both a public and private key?

A. RSA

A. RSA


B. AES


C. MD5


D. SHA

Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?

D. 3DES

A. ECC


B. RSA


C. SHA


D. 3DES

A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator

A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.

A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.


B. Obtain the vendor’s email and phone number and call them back after identifying the number of systems affected by the patch.


C. Give the caller the database version and patch level so that they can receive help applying the patch.


D. Call the police to report the contact about the database systems, and then check system logs for attack attempts.

The datacenter manager is reviewing a problem with a humidity factor that is too low. Which of the following environmental problems may occur?

B. Static electricity

A. EMI emanations


B. Static electricity


C. Condensation


D. Dry-pipe fire suppression

A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized? (Select TWO).

D. SCP


E. SSH

A. RDP


B. SNMP


C. FTP


D. SCP


E. SSH

A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate?

D. Availability

A. Authentication


B. Integrity


C. Confidentiality


D. Availability

Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).

A. Virtual switch


F. VLAN

A. Virtual switch


B. NAT


C. System partitioning


D. Access-list


E. Disable spanning tree


F. VLAN

Which of the following BEST describes a demilitarized zone?

A. A buffer zone between protected and unprotected networks.

A. A buffer zone between protected and unprotected networks.


B. A network where all servers exist and are monitored.


C. A sterile, isolated network segment with access lists.

XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night. The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?

D. Clean desk policy

A. Social media policy


B. Data retention policy


C. CCTV policy


D. Clean desk policy

The administrator would like to implement hardware assisted full disk encryption on laptops. Which of the following would MOST likely be used to meet this goal?

A. TPM

A. TPM


B. USB Drive


C. Key Escrow


D. PKI

Jane, a security administrator, wants to harden the web server. Which of the following could she perform to accomplish this task?

B. Disable unnecessary services

A. Implement remote sanitization


B. Disable unnecessary services


C. Install mantraps in the datacenter


D. Compare baseline configurations

Which of the following policies could be implemented to help prevent users from displaying their login credentials in open view for everyone to see?

B. Clean desk

A. Privacy


B. Clean desk


C. Job rotation


D. Password complexity

Pete, the system administrator, has concerns regarding users losing their company provided smartphones. Pete’s focus is on equipment recovery. Which of the following BEST addresses his concerns?

C. Enable GPS tracking.

A. Enforce device passwords.


B. Use remote sanitation.


C. Enable GPS tracking.


D. Encrypt stored data.

A security administrator wants to deploy security controls to mitigate the threat of company employees’ personal information being captured online. Which of the following would BEST serve

A. Anti-spyware

A. Anti-spyware


B. Antivirus


C. Host-based firewall


D. Web content filter

Which of the following statements is MOST likely to be included in the security awareness training about P2P?

D. P2P may cause excessive network bandwidth.

A. P2P is always used to download copyrighted material.


B. P2P can be used to improve computer system response.


C. P2P may prevent viruses from entering the network.


D. P2P may cause excessive network bandwidth.

A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?

D. Business impact analysis

A. Succession plan


B. Continuity of operation plan


C. Disaster recovery plan


D. Business impact analysis

After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service?

B. Disaster recovery plan

A. Succession planning


B. Disaster recovery plan


C. Information security plan


D. Business impact analysis

Which of the following wireless protocols could be vulnerable to a brute-force password attack? (Select TWO).

A. WPA2-PSK


E. WPA - LEAP

A. WPA2-PSK


B. WPA – EAP - TLS


C. WPA2-CCMP


D. WPA – CCMP


E. WPA - LEAP


F. WEP

An auditor is given access to a conference room to conduct an analysis. When they connect their laptop’s Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue?

C. Network Access Control

A. Ethernet cable is damaged B. The host firewall is set to disallow outbound connections C. Network Access Control


D. The switch port is administratively shutdown

Which of the following types of trust models is used by a PKI?

D. Centralized

A. Transitive


B. Open source


C. Decentralized


D. Centralized

A security architect has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?

C. Clustering

A. Warm site


B. Load balancing


C. Clustering


D. RAID

A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

A. Patch management

A. Patch management


B. Application hardening


C. White box testing


D. Black box testing

Which of the following offers the LEAST amount of protection against data theft by USB drives?

D. Cloud computing

A. DLP


B. Database encryption


C. TPM


D. Cloud computing

A security analyst has been informed that the development team has plans to develop an application which does not meet the company’s password policy. Which of the following should be done NEXT?

B. Tell the application development manager to code the application to adhere to the company’s password policy.

A. Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant. B. Tell the application development manager to code the application to adhere to the company’s password policy.


C. Ask the application development manager to submit a risk acceptance memo so that the issue can be documented.


D. Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded.

A security administrator develops a web page and limits input into their fields on the web page as well as filters special characters in output. The administrator is trying to prevent which of the following attacks?

B. XSS

B. XSS


C. Fuzzing


D. Pharming

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30. Which of the following was used to perform this attack?

D. Proxy

A. SQL injection


B. XML injection


C. Packet sniffer


D. Proxy

Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server?

C. Baselines

A. MAC filter list


B. Recovery agent


C. Baselines


D. Access list

When a new network drop was installed, the cable was run across several fluorescent lights. The users of the new network drop experience intermittent connectivity. Which of the following environmental controls was MOST likely overlooked during installation?

B. EMI shielding

A. Humidity sensors


B. EMI shielding


C. Channel interference


D. Cable kinking

An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?

C. EAP-TLS

A. WEP


B. LEAP


C. EAP-TLS


D. TKIP

A security analyst noticed a colleague typing the following command:
‘Telnet some-host 443’
Which of the following was the colleague performing?

B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack.


B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.


C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead.


D. A mistaken port being entered because telnet servers typically do not listen on port 443.

An information bank has been established to store contacts, phone numbers and other records. An application running on UNIX would like to connect to this index server using port 88. Which of the following authentication services would this use this port by default?

A. Kerberos

A. Kerberos


B. TACACS+


C. Radius


D. LDAP

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application’s task. Which of the following is the security administrator practicing in this example?

C. Access control lists

A. Explicit deny


B. Port security


C. Access control lists


D. Implicit deny

Which of the following BEST describes a SQL Injection attack?

A. The attacker attempts to have the receiving server pass information to a back-end database

A. The attacker attempts to have the receiving server pass information to a back-end database
B. The attacker attempts to have the receiving server run a payload using programming commonly found on web servers.


C. The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage.


D. The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.

Digital signatures are used for ensuring which of the following items? (Select TWO).

B. Integrity


C. Non-Repudiation

A. Confidentiality


B. Integrity


C. Non-Repudiation


D. Availability


E. Algorithm strength

Matt, an administrator, is concerned about the wireless network being discovered by war driving. Which of the following can be done to mitigate this?

B. Disable all SSID broadcasting.

A. Enforce a policy for all users to authentic through a biometric device.


B. Disable all SSID broadcasting.


C. Ensure all access points are running the latest firmware.


D. Move all access points into public access areas.

A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario?

C. Disaster recovery exercise

A. Site visit to the backup data center


B. Disaster recovery plan review C. Disaster recovery exercise


D. Restore from backup

Which of the following are restricted to 64-bit block sizes? (Select TWO).

B. DES


E. 3DES

A. PGP


B. DES


C. AES256


D. RSA


E. 3DES


F. AES

Used in conjunction, which of the following are PII? (Select TWO).

D. Birthday


E. Full name

B. Favorite movie


C. Pet’s name


D. Birthday


E. Full name

Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?

A. Check the referrer field in the HTTP header

A. Check the referrer field in the HTTP header


B. Disable Flash content


C. Use only cookies for authentication


D. Use only HTTPS URLs

Which of the following practices is used to mitigate a known security vulnerability?

B. Patch management

A. Application fuzzing


B. Patch management


C. Password cracking


D. Auditing security logs

Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?

B. Application fuzzing

B. Application fuzzing


C. ID badge


D. Application configuration baseline

When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?

C. CA

A. Trust models


B. CRL


C. CA


D. Recovery agent

An administrator values transport security strength above network speed when implementing an SSL VPN. Which of the following encryption ciphers would BEST meet their needs?

D. AES128

A. SHA256


B. RC4


C. 3DES


D. AES128

All of the following are encryption types EXCEPT:

D. RADIUS

B. SMIME


C. File and folder


D. RADIUS

Which of the following is used by Matt, a security administrator, to lower the risks associated with electrostatic discharge, corrosion, and thermal breakdown?

A. Temperature and humidity controls

A. Temperature and humidity controls


B. Routine audits


C. Fire suppression and EMI shielding


D. Hot and cold aisles

When integrating source material from an open source project into a highly secure environment, which of the following precautions should prevent hidden threats?

B Code review

A. Design review


B Code review


C. Risk assessment


D. Vulnerability scan

Which of the following would MOST likely belong in the DMZ? (Select TWO).

C. Web servers


D. SMTP gateways

B. Backup servers


C. Web servers


D. SMTP gateways


E. Laptops

When verifying file integrity on a remote system that is bandwidth limited, which of the following tool combinations provides the STRONGEST confidence?

B. MD5 and SHA-1

A. MD5 and 3DES


B. MD5 and SHA-1


C. SHA-256 and RSA


D. SHA-256 and AES

Requiring technicians to report spyware infections is a step in which of the following?

C. Incident management

A. Routine audits


B. Change management


C. Incident management


D. Clean desk policy

An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?

C. Data classification

A. Business continuity planning B. Quantitative assessment


C. Data classification


D. Qualitative assessment

Which of the following is mainly used for remote access into the network?

D. RADIUS

C. Kerberos


D. RADIUS

Which of the following types of data encryption would Matt, a security administrator, use to encrypt a specific table?

C. Database

A. Full disk


B. Individual files


C. Database


D. Removable media

Several users’ computers are no longer responding normally and sending out spam email to the users’ entire contact list. This is an example of which of the following?

C. Worm outbreak

A. Trojan virus


B. Botnet


C. Worm outbreak


D. Logic bomb

Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?

C. Impersonation

A. Phishing


B. Shoulder surfing


C. Impersonation


D. Tailgating

A company replaces a number of devices with a mobile appliance, combining several functions. Which of the following descriptions fits this new implementation? (Select TWO)

C. All-in-one device


E. Single point of failure

A. Cloud computing


B. Virtualization


C. All-in-one device


D. Load balancing


E. Single point of failure

Which of the following risks could IT management be mitigating by removing an all-in-one device?

C. Single point of failure

A. Continuity of operations


B. Input validation


C. Single point of failure


D. Single sign on

Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?

D. Train employees on risks associated with social engineering attacks and enforce policies.

A. Train employees on correct data disposal techniques and enforce policies.


B. Only allow employees to enter or leave through one door at specified times of the day.


C. Only allow employees to go on break one at a time and post security guards 24/7 at each entrance.


D. Train employees on risks associated with social engineering attacks and enforce policies.

Which of the following concepts defines the requirement for data availability?

C. Disaster recovery planning

A. Authentication to RADIUS


B. Non-repudiation of email messages


C. Disaster recovery planning


D. Encryption of email messages

Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?

D. The system is virtualized.

A. The system is running 802.1x. B. The system is using NAC.


C. The system is in active-standby mode.


D. The system is virtualized.

Sara, a security administrator, is noticing a slow down in the wireless network response. Sara
launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway?

A. IV attack

A. IV attack


B. Interference


C. Blue jacking


D. Packet sniffing

Pete, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board.
INSERT INTO message ‘
This is an example of which of the following?

A. XSS attack

A. XSS attack


B. XML injection attack


C. Buffer overflow attack


D. SQL injection attack

Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?

B. Sandboxing

A. Least privilege


B. Sandboxing


C. Black box


D. Application hardening

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?

A. HIPS

A. HIPS


B. Antivirus


C. NIDS


D. ACL

Jane, an IT administrator, is implementing security controls on a Microsoft Windows based kiosk used at a bank branch. This kiosk is used by the public for Internet banking. Which of the following controls will BEST protect the kiosk from general public users making system changes?

A. Group policy implementation

A. Group policy implementation B. Warning banners


C. Command shell restrictions


D. Host based firewall

Sara, the Chief Information Officer (CIO), has tasked the IT department with redesigning the network to rely less on perimeter firewalls, to implement a standard operating environment for client devices, and to disallow personally managed devices on the network. Which of the following is Sara’s GREATEST concern?

B. Data exfiltration

A. Malicious internal attacks


B. Data exfiltration


C. Audit findings

Which of the following data loss prevention strategies mitigates the risk of replacing hard drives that cannot be sanitized?

C. Full disk encryption

A. Virtualization


B. Patch management


C. Full disk encryption


D. Database encryption

Which of the following does Jane, a software developer, need to do after compiling the source code of a program to attest the authorship of the binary?

B. Use Jane’s private key to sign the binary

A. Place Jane’s name in the binary metadata


B. Use Jane’s private key to sign the binary


C. Use Jane’s public key to sign the binary


D. Append the source code to the binary

The annual loss expectancy can be calculated by:

B. Multiplying the annualized rate of return and the single loss expectancy.

A. Dividing the annualized rate of return by single loss expectancy.


B. Multiplying the annualized rate of return and the single loss expectancy.


C. Subtracting the single loss expectancy from the annualized rate of return.

Which of the following should Jane, the security administrator, do FIRST when an employee reports the loss of a corporate mobile device?

D. Remotely initiate a device wipe

A. Remotely lock the device with a PIN


B. Enable GPS location and record from the camera


C. Remotely uninstall all company software


D. Remotely initiate a device wipe

An application company sent out a software patch for one of their applications on Monday. The company has been receiving reports about intrusion attacks from their customers on Tuesday. Which of the following attacks does this describe?

A. Zero day

A. Zero day


B. Directory traversal


C. Logic bomb


D. Session hijacking

Which of the following protocols would be implemented to secure file transfers using SSL?

D. FTPS

C. SFTP


D. FTPS

Which of the following provides the LEAST availability?

A. RAID 0

A. RAID 0


B. RAID 1


C. RAID 3


D. RAID 5

FTP/S uses which of the following TCP ports by default?

D. 989 and 990

A. 20 and 21


B. 139 and 445


C. 443 and 22


D. 989 and 990

Which of the following are used to implement VPNs? (Select TWO).

B. IPsec


D. SNMP

A. SFTP


B. IPSec


C. HTTPS


D. SNMP


E. SSL

A company recently implemented a TLS on their network. The company is MOST concerned with:

A. Confidentiality

A. Confidentiality


B. Availability


C. Integrity


D. Accessibility

Which of the following describes how an attacker can send unwanted advertisements to a mobile device?

B. Bluejacking

A. Man-in-the-middle


B. Bluejacking

A network device that protects an enterprise based only on source and destination addresses is BEST described as:

D. Simple packet filtering.

A. IDS.


B. ACL.


C. Stateful packet filtering.


D. Simple packet filtering.

A human resources employee receives an email from a family member stating there is a new virus going around. In order to remove the virus, a user must delete the Boot.ini file from the system immediately. This is an example of which of the following?

A. Hoax

A. Hoax


B. Spam


C. Whaling


D. Phishing

A third party application has the ability to maintain its own user accounts or it may use single signon. To use single sign-on, the application is requesting the following information: OU=Users, DC=Domain, DC=COM. This application is requesting which of the following authentication services?

C. LDAP

A. TACACS+


B. RADIUS


C. LDAP


D. Kerberos

Power and data cables from the network center travel through the building’s boiler room. Which of the following should be used to prevent data emanation?

B. EMI shielding

A. Video monitoring


B. EMI shielding


C. Plenum CAT6 UTP


D. Fire suppression

Which of the following must a security administrator implement to isolate public facing servers from both the corporate network and the Internet?

C. DMZ

A. NAC


B. IPSec


C. DMZ


D. NAT

Which of the following protocols provides fast, unreliable file transfer?

A. TFTP

A. TFTP


B. SFTP


C. Telnet


D. FTPS


Which of the following digital certificate management practices will ensure that a lost certificate is not compromised?

D. CRL

A. Key escrow


B. Non-repudiation


C. Recovery agent


D. CRL

A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room?

C. Impersonation

A. Man-in-the-middle


B. Tailgating


C. Impersonation


D. Spoofing

A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?

D. Only USB devices supporting encryption are to be used.

A. Internet networks can be accessed via personally-owned computers.


B. Data can only be stored on local workstations.


C. Wi-Fi networks should use WEP encryption by default. D. Only USB devices supporting encryption are to be used.

Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________.

B. Shared keys, private keys

A. Public keys, one time


B. Shared keys, private keys


C. Private keys, session keys


D. Private keys, public keys

The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand?

B. Geographically disparate site redundant datacenter

A. Warm site implementation for the datacenter


B. Geographically disparate site redundant datacenter


C. Localized clustering of the datacenter


D. Cold site implementation for the datacenter

A security technician needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should be opened? (Select TWO).

C. TCP 53


E. UDP 53

A. TCP 21


B. TCP 23


C. TCP 53


D. UDP 23


E. UDP 53

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?

C. All users have read access to the file.

A. All users have write access to the directory.


B. Jane has read access to the file.


C. All users have read access to the file.
D. Jane has read access to the directory.

An IT security technician is actively involved in identifying coding issues for her company. Which ofthe following is an application security technique that can be used to identify unknown weaknesses within the code?

C. Fuzzing

A. Vulnerability scanning


B. Denial of service


C. Fuzzing


D. Port scanning

Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?

A. Hard drive encryption

A. Hard drive encryption


B. Infrastructure as a service


C. Software based encryption


D. Data loss prevention

Which of the following is a vulnerability associated with disabling pop-up blockers?

D. Another browser instance may execute malicious code

A. An alert message from the administrator may not be visible


B. A form submitted by the user may not open


C. The help window may not be displayed


D. Another browser instance may execute malicious code

Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?

A. SHA1

A. SHA1


B. MD2


C. MD4


D. MD5

A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user’s digital certificate. Which of the following will help resolve the issue? (Select TWO).

A. Revoke the digital certificate


D. Issue a new digital certificate

A. Revoke the digital certificate B. Mark the key as private and import it


C. Restore the certificate using a CRL


D. Issue a new digital certificate


E. Restore the certificate using a recovery agent

A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO).

B. Change Control Policy


D. Regression Testing Policy

A. Patch Audit Policy


B. Change Control Policy


C. Incident Management Policy D. Regression Testing Policy


E. Escalation Policy


F. Application Audit Policy

During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?

B. Account disablement

A. Account recovery


B. Account disablement

A system administrator has concerns regarding their users accessing systems and secured areas using others’ credentials. Which of the following can BEST address this concern?

C. Implement biometric readers on laptops and restricted areas.

A. Create conduct policies prohibiting sharing credentials. B. Enforce a policy shortening the credential expiration timeframe.


C. Implement biometric readers on laptops and restricted areas.


D. Install security cameras in areas containing sensitive systems.

A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?

D. Authentication

A. Single sign-on


B. Authorization


C. Access control


D. Authentication

Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following?

A. Clustering

A. Clustering


B. RAID


C. Load balancing


D. Virtualization

Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?

A. Internal account audits

A. Internal account audits


B. Account disablement


C. Time of day restriction


D. Password complexity

To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended?

D. AES

A. SHA


B. MD5


C. Blowfish


D. AES

A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior?

B. Enforce a minimum password age policy.

A. Assign users passwords based upon job role.


B. Enforce a minimum password age policy.


C. Prevent users from choosing their own passwords.


D. Increase the password expiration time frame.

The systems administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this risk?

A. Enforce password rules requiring complexity.

A. Enforce password rules requiring complexity.


B. Shorten the maximum life of account passwords.


C. Increase the minimum password length.


D. Enforce account lockout policies.

Pete, a security analyst, has been tasked with explaining the different types of malware to hiscolleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware?

B. Botnets are a subset of malware which are used as part of DDoS attacks.

A. Viruses are a subset of botnets which are used as part of SYN attacks.


B. Botnets are a subset of malware which are used as part of DDoS attacks.


C. Viruses are a class of malware which create hidden openings within an OS.


D. Botnets are used within DR to ensure network uptime and viruses are not.

A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles?

B. Perform user group clean-up

A. Leverage role-based access controls.


B. Perform user group clean-up.


C. Verify smart card access controls.


D. Verify SHA-256 for password hashes.

A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue?

C. DNS

A. HTTP


B. DHCP


C. DNS


D. NetBIOS

The system administrator has been notified that many users are having difficulty connecting to the company’s wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?

D. An unauthorized access point has been configured to operate on the same channel.

A. The certificate used to authenticate users has been compromised and revoked.


B. Multiple war drivers in the parking lot have exhausted all available IPs from the pool to deny access.


C. An attacker has gained access to the access point and has changed the encryption keys.


D. An unauthorized access point has been configured to operate on the same channel.

The systems administrator wishes to implement a hardware-based encryption method that could also be used to sign code. They can achieve this by:

A. Utilizing the already present TPM.

A. Utilizing the already present TPM.


B. Configuring secure application sandboxes.


C. Enforcing whole disk encryption. D. Moving data and applications into the cloud.

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?

C. Firewalls

A. Sniffers


B. NIDS


C. Firewalls

One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring?

B. Set up a performance baseline

A. Set up a protocol analyzer


B. Set up a performance baseline


C. Review the systems monitor on a monthly basis


D. Review the performance monitor on a monthly basis