Sec+C

Card Set Information

Author:
raschwe
ID:
267950
Filename:
Sec+C
Updated:
2014-03-26 11:44:49
Tags:
140331
Folders:

Description:
Review C
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user raschwe on FreezingBlue Flashcards. What would you like to do?


  1. Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens?

    A. TACACS+
    B. Biometrics
    C. Kerberos
    D. Smartcards
    A. TACACS+
    (this multiple choice question has been scrambled)
  2. A network administrator has recently updated their network devices to ensure redundancy is in place so that:

    A. switches can redistribute routes across the network.
    B. environmental monitoring can be performed.
    C. single points of failure are removed.
    D. hot and cold aisles are functioning.
    C. single points of failure are removed.
    (this multiple choice question has been scrambled)
  3. A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts?

    A. Clustering
    B. Backout contingency plan
    C. High availability
    D. Load balancing
    C. High availability
    (this multiple choice question has been scrambled)
  4. A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?

    A. User assigned privileges
    B. Password disablement
    C. Multiple account creation
    D. Group based privileges
    D. Group based privileges
    (this multiple choice question has been scrambled)
  5. A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?

    A. Smurf
    B. Replay
    C. DDoS
    D. Ping of Death
    B. Replay
    (this multiple choice question has been scrambled)
  6. Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?

    A. CRL
    B. HSM
    C. DLP
    D. TPM
    C. DLP
    (this multiple choice question has been scrambled)
  7. Which of the following is a measure of biometrics performance which rates the ability of a system to correctly authenticate an authorized user?

    A. Mean time to register
    B. Failure to capture
    C. Type II
    D. Template capacity
    C. Type II
    (this multiple choice question has been scrambled)
  8. A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?

    A. 4
    B. 3
    C. 1
    D. 2
    B. 3
    (this multiple choice question has been scrambled)
  9. A software development company wants to implement a digital rights management solution to protect its intellectual property. Which of the following should the company implement to enforce software digital rights?

    A. IPsec
    B. Transport encryption
    C. Public key infrastructure
    D. Non-repudiation
    C. Public key infrastructure
    (this multiple choice question has been scrambled)
  10. Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?

    PERMIT TCP ANY HOST 192.168.0.10 EQ 80
    PERMIT TCP ANY HOST 192.168.0.10 EQ 443

    A. It implements stateful packet filtering.
    B. It failed closed.
    C. It implements bottom-up processing.
    D. It implements an implicit deny.
    D. It implements an implicit deny.
    (this multiple choice question has been scrambled)
  11. Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data?

    A. Information classification training
    B. Personally owned device policy training
    C. Social networking use training
    D. Tailgating awareness policy training
    A. Information classification training
    (this multiple choice question has been scrambled)
  12. A security administrator is concerned about the strength of user's passwords. The company does not want to implement a password complexity policy. Which of the following can the security administrator implement to mitigate the risk of an online password attack against users with weak passwords?

    A. Increase the password history
    B. Increase the password length requirements
    C. Shorten the password expiration period
    D. Decrease the account lockout time
    C. Shorten the password expiration period
    (this multiple choice question has been scrambled)
  13. A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here?

    A. Separation of duties
    B. Same sign-on
    C. Least privilege
    D. Single sign-on
    B. Same sign-on
    (this multiple choice question has been scrambled)
  14. Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO).

    A. Scanning printing of documents.
    B. Scanning of outbound IM (Instance Messaging).
    C. Scanning copying of documents to USB.
    D. Scanning of SharePoint document library.
    E. Scanning of shared drives.
    F. Scanning of HTTP user traffic.
    • B. Scanning of outbound IM (Instance Messaging).
    • F. Scanning of HTTP user traffic.
  15. A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?

    A. DDoS
    B. Backdoor
    C. Spyware
    D. Logic bomb
    E. Smurf
    C. Spyware
    (this multiple choice question has been scrambled)
  16. A security administrator plans on replacing a critical business application in five years. Recently, there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement. Which of the following should the security administrator do in regards to the application?

    A. Transfer the risk replacing the application now instead of in five years
    B. Accept the risk and continue to enable the accounts each month saving money
    C. Avoid the risk to the user base allowing them to re-enable their own accounts
    D. Mitigate the risk by patching the application to increase security and saving money
    B. Accept the risk and continue to enable the accounts each month saving money
    (this multiple choice question has been scrambled)
  17. The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?

    A. User assigned privilege
    B. Discretionary access control
    C. Mandatory access control
    D. Rule based access control
    B. Discretionary access control
    (this multiple choice question has been scrambled)
  18. Purchasing receives a phone call from a vendor asking for a payment over the phone. The phone number displayed on the caller ID matches the vendor's number. When the purchasing agent asks to call the vendor back, they are given a different phone number with a different area code. Which of the following attack types isthis?

    A. Impersonation
    B. Whaling
    C. Hoax
    D. Spear phishing
    A. Impersonation
    (this multiple choice question has been scrambled)
  19. Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this?

    A. Vishing
    B. Hoax
    C. Whaling
    D. Phishing
    A. Vishing
    (this multiple choice question has been scrambled)
  20. The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help?

    A. Password Complexity
    B. Password Expiration
    C. Password Recovery
    D. Account Disablements
    C. Password Recovery
    (this multiple choice question has been scrambled)
  21. An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?

    A. RADIUS
    B. LDAP
    C. TACACS+
    D. Kerberos
    B. LDAP
    (this multiple choice question has been scrambled)
  22. An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?

    A. Change Control
    B. Change management
    C. User rights reviews
    D. Least privilege and job rotation
    C. User rights reviews
    (this multiple choice question has been scrambled)
  23. Which of the following is the default port for TFTP?

    A. 21
    B. 69
    C. 20
    D. 68
    B. 69
    (this multiple choice question has been scrambled)
  24. Which of the following concepts are included on the three sides of the "security triangle"? (Select THREE).

    A. Confidentiality
    B. Availability
    C. Integrity
    D. Authorization
    E. Authentication
    F. Continuity
    • A. Confidentiality
    • B. Availability
    • C. Integrity
  25. Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service?

    A. RAID
    B. Cold site
    C. Clustering
    D. Backup Redundancy
    C. Clustering
    (this multiple choice question has been scrambled)
  26. Which of the following security concepts identifies input variables which are then used to perform boundary testing?

    A. Secure coding
    B. Application hardening
    C. Fuzzing
    D. Application baseline
    C. Fuzzing
    (this multiple choice question has been scrambled)
  27. Users need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key?

    A. Public Key
    B. Digital Signature
    C. Private Key
    D. Session Key
    D. Session Key
    (this multiple choice question has been scrambled)
  28. Which of the following cryptographic related browser settings allows an organization to communicate securely?

    A. SSL 3.0/TLS 1.0
    B. 3DES
    C. HMAC
    D. Trusted Sites
    A. SSL 3.0/TLS 1.0
    (this multiple choice question has been scrambled)
  29. Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?

    A. To detail business impact analyses
    B. To reduce organizational IT risk
    C. To train staff on zero-days
    D. To ensure proper use of social media
    B. To reduce organizational IT risk
    (this multiple choice question has been scrambled)
  30. A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?

    A. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS
    B. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS
    C. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP
    D. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS
    A. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS
    (this multiple choice question has been scrambled)
  31. A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?

    A. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
    B. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
    C. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.
    D. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.
    B. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
    (this multiple choice question has been scrambled)
  32. A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:

    A. the NTP server works properly.
    B. HDD hashes are accurate.
    C. chain of custody is preserved.
    D. time offset can be calculated.
    D. time offset can be calculated.
    (this multiple choice question has been scrambled)
  33. While rarely enforced, mandatory vacation policies are effective at uncovering:

    A. Collusion between two employees who perform the same business function.
    B. Help desk technicians with oversight by multiple supervisors and detailed quality control systems.
    C. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.
    D. Acts of incompetence by a systems engineer designing complex architectures as a member of a team.
    C. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.
    (this multiple choice question has been scrambled)
  34. A company hires outside security experts to evaluate the security status of the corporate network. All of the company's IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?

    A. Vulnerability scanning
    B. White box testing
    C. Penetration testing
    D. WAF testing
    A. Vulnerability scanning
    (this multiple choice question has been scrambled)
  35. A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall?

    A. Job rotation
    B. Least privilege
    C. Time of day restrictions
    D. Mandatory vacations
    B. Least privilege
    (this multiple choice question has been scrambled)
  36. A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?

    A. SPAM
    B. SPIM
    C. Whaling
    D. Phishing
    E. Vishing
    D. Phishing
    (this multiple choice question has been scrambled)
  37. After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings?

    A. Rogue access points
    B. IV attack
    C. War chalking
    D. War dialing
    C. War chalking
    (this multiple choice question has been scrambled)
  38. The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available?

    A. Cloud computing
    B. Data Loss Prevention
    C. Full disk encryption
    D. HSM
    A. Cloud computing
    (this multiple choice question has been scrambled)
  39. After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).

    A. Recovery
    B. User assigned privileges
    C. Lockout
    D. Disablement
    E. Group based privileges
    F. Password expiration
    G. Password complexity
    • F. Password expiration
    • G. Password complexity
  40. A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive's laptop they notice several pictures of the employee's pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match. Which of the following describes how the employee is leaking these secrets?

    A. Social engineering
    B. Digital signatures
    C. Hashing
    D. Steganography
    D. Steganography
    (this multiple choice question has been scrambled)
  41. During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO).

    A. SSL 1.0
    B. RC4
    C. SSL 3.0
    D. AES
    E. DES
    F. TLS 1.0
    • A. SSL 1.0
    • E. DES
  42. Review the following diagram depicting communication between PC1 and PC2 on each side of a router.Analyze the network traffic logs which show communication between the two computers as captured by thecomputer with IP 10.2.2.10.

    DIAGRAM
    PC1 PC2
    [192.168.1.30]--------[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]---------[10.2.2.10]
    LOGS
    10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
    10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
    10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK

    Given the above information, which of the following can be inferred about the above environment?

    A. The web server listens on a non-standard port.
    B. 192.168.1.30 is a web server.
    C. The router implements NAT.
    D. The router filters port 80 traffic.
    C. The router implements NAT.
    (this multiple choice question has been scrambled)
  43. The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented?

    A. Hot site
    B. Load balancing
    C. Warm site
    D. Cold site
    C. Warm site
    (this multiple choice question has been scrambled)
  44. The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection. Which of the following has happened on the workstation?

    A. Known malware infection
    B. Session hijacking
    C. Cookie stealing
    D. Zero-day attack
    D. Zero-day attack
    (this multiple choice question has been scrambled)
  45. Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device's removable media in the event that the device is lost or stolen?

    A. Device password
    B. Screen locks
    C. Hashing
    D. Encryption
    D. Encryption
    (this multiple choice question has been scrambled)
  46. Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic?

    A. NAT
    B. Quality of service
    C. NAC
    D. Subnetting
    B. Quality of service
    (this multiple choice question has been scrambled)
  47. A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?

    A. ICMP
    B. NetBIOS
    C. DNS
    D. BGP
    B. NetBIOS
    (this multiple choice question has been scrambled)
  48. A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of 192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?

    A. Cross-site request forgery
    B. Brute force password attack
    C. Fuzzing
    D. Cross-site scripting
    A. Cross-site request forgery
    (this multiple choice question has been scrambled)
  49. Which of the following assets is MOST likely considered for DLP?

    A. Application server content
    B. USB mass storage devices
    C. Reverse proxy
    D. Print server
    B. USB mass storage devices
    (this multiple choice question has been scrambled)
  50. In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time?

    A. Import the recipient's public key
    B. Import the recipient's private key
    C. Export the sender's private key
    D. Export the sender's public key
    A. Import the recipient's public key
    (this multiple choice question has been scrambled)
  51. A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?

    A. Account lockout
    B. Password complexity
    C. Password recovery
    D. DoS
    A. Account lockout
    (this multiple choice question has been scrambled)
  52. A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

    A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
    B. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.
    C. Exploit security controls to determine vulnerabilities and mis-configurations.
    D. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.
    A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
    (this multiple choice question has been scrambled)
  53. A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?

    A. Ping the access point to discover the SSID of the network
    B. Capture client to access point disassociation packets to replay on the local PC's loopback
    C. Perform a dictionary attack on the access point to enumerate the WEP key
    D. Spoof the MAC address of an observed wireless network client
    D. Spoof the MAC address of an observed wireless network client
    (this multiple choice question has been scrambled)
  54. After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).

    A. To allow load balancing for cloud support
    B. To allow for business continuity if one provider goes out of business
    C. To eliminate a single point of failure
    D. To allow for a hot site in case of disaster
    E. To improve intranet communication speeds
    • B. To allow for business continuity if one provider goes out of business
    • C. To eliminate a single point of failure
  55. A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?

    A. The sub-interfaces are configured for VoIP traffic.
    B. The switch has several VLANs configured on it.
    C. The network uses the subnet of 255.255.255.128.
    D. The sub-interfaces each implement quality of service
    B. The switch has several VLANs configured on it.
    (this multiple choice question has been scrambled)
  56. Which of the following should be enabled in a laptop's BIOS prior to full disk encryption?

    A. RAID
    B. HSM
    C. TPM
    D. USB
    C. TPM
    (this multiple choice question has been scrambled)
  57. Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank's website, but not login. Which is the following is MOST likely the issue?

    A. The certificates have been installed on the CA
    B. The IP addresses of the clients have change
    C. The certificates have not been installed on the workstations
    D. The client certificate passwords have expired on the server
    C. The certificates have not been installed on the workstations
    (this multiple choice question has been scrambled)
  58. Digital Signatures provide which of the following?

    A. Authorization
    B. Confidentiality
    C. Integrity
    D. Authentication
    E. Availability
    C. Integrity
    (this multiple choice question has been scrambled)
  59. A user ID and password together provide which of the following?

    A. Authorization
    B. Auditing
    C. Authentication
    D. Identification
    C. Authentication
    (this multiple choice question has been scrambled)
  60. RADIUS provides which of the following?

    A. Authentication, Authorization, Availability
    B. Authentication, Accounting, Auditing
    C. Authentication, Authorization, Auditing
    D. Authentication, Authorization, Accounting
    D. Authentication, Authorization, Accounting
    (this multiple choice question has been scrambled)
  61. A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?

    A. Capture video traffic
    B. Tracking man hours
    C. Record time offset
    D. Chain of custody
    C. Record time offset
    (this multiple choice question has been scrambled)
  62. A recent computer breach has resulted in the incident response team needing to perform a forensics examination. Upon examination, the forensics examiner determines that they cannot tell which captured hard drive was from the device in question. Which of the following would have prevented the confusion experienced during this examination?

    A. Evidence labeling
    B. Chain of custody
    C. Hashing the evidence
    D. Perform routine audit
    A. Evidence labeling
    (this multiple choice question has been scrambled)
  63. An IT staff member was entering the datacenter when another person tried to piggyback into the datacenter as the door was opened. While the IT staff member attempted to question the other individual by politely asking to see their badge, the individual refused and ran off into the datacenter. Which of the following should the IT staff member do NEXT?

    A. Contact the onsite physical security team with a description of the individual
    B. Contact the forensics team for further analysis
    C. Chase the individual to determine where they are going and what they are doing
    D. Call the police while tracking the individual on the closed circuit television system
    A. Contact the onsite physical security team with a description of the individual
    (this multiple choice question has been scrambled)
  64. During a recent user awareness and training session, a new staff member asks the Chief Information SecurityOfficer (CISO) why the company does not allow personally owned devices into the company facilities. Which ofthe following represents how the CISO should respond?
    A. Company A views personally owned devices as creating an unacceptable risk to the organizational IT systems.
    B. Company A believes that staff members should be focused on their work while in the company's facilities.
    C. Company A has seen social engineering attacks against personally owned devices and does not allow their use.
    D. Company A has begun to see zero-day attacks against personally owned devices disconnected from the network.
    A. Company A views personally owned devices as creating an unacceptable risk to the organizational IT systems.
    (this multiple choice question has been scrambled)
  65. A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information". Which of the following should the user do NEXT?

    A. Contact the help desk and/or incident response team to determine next steps
    B. Reply back to the requestor to gain their contact information and call them
    C. Provide the requestor with the email information since it will be released soon anyway
    D. Contact their manager and request guidance on how to best move forward
    A. Contact the help desk and/or incident response team to determine next steps
    (this multiple choice question has been scrambled)
  66. Which of the following techniques enables a highly secured organization to assess security weaknesses in real time?

    A. Video surveillance
    B. Baseline reporting
    C. Continuous monitoring
    D. Access control lists
    C. Continuous monitoring
    (this multiple choice question has been scrambled)
  67. Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

    A. Strong passwords
    B. Error handling
    C. Fuzzing
    D. Patch management
    B. Error handling
    (this multiple choice question has been scrambled)
  68. Encryption of data at rest is important for sensitive information because of which of the following?

    A. Allows the remote removal of data following eDiscovery requests
    B. Renders the recovery of data harder in the event of user password loss
    C. Prevents data from being accessed following theft of physical equipment
    D. Facilitates tier 2 support, by preventing users from changing the OS
    C. Prevents data from being accessed following theft of physical equipment
    (this multiple choice question has been scrambled)
  69. Which of the following is synonymous with a server's certificate?

    A. Private key
    B. CRL
    C. Public key
    D. Recovery agent
    C. Public key
    (this multiple choice question has been scrambled)
  70. A network administrator noticed various chain messages have been received by the company. Which of the following security controls would need to be implemented to mitigate this issue?

    A. Antivirus
    B. Anti-spyware
    C. Host-based firewalls
    D. Anti-spam
    D. Anti-spam
    (this multiple choice question has been scrambled)
  71. Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

    A. SQL injection
    B. Buffer overflow and XSS
    C. Session hijacking and XML injection
    D. Cookies and attachments
    A. SQL injection
    (this multiple choice question has been scrambled)
  72. Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?

    A. HIPS on each virtual machine
    B. NIPS on the network
    C. HIDS on each virtual machine
    D. NIDS on the network
    A. HIPS on each virtual machine
    (this multiple choice question has been scrambled)
  73. A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?

    A. Honeynets
    B. Baseline reporting
    C. Penetration testing
    D. Vulnerability scanning
    A. Honeynets
    (this multiple choice question has been scrambled)
  74. Which of the following protocols is the security administrator observing in this packet capture?

    12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK

    A. SFTP
    B. HTTPS
    C. HTTP
    D. RDP
    D. RDP
    (this multiple choice question has been scrambled)
  75. Which of the following is true about asymmetric encryption?

    A. A message encrypted with a shared key, can be decrypted by the same key.
    B. A message encrypted with the public key can be decrypted with a shared key.
    C. A message encrypted with the public key can be decrypted with the private key.
    D. A message encrypted with the private key can be decrypted by the same key
    C. A message encrypted with the public key can be decrypted with the private key.
    (this multiple choice question has been scrambled)
  76. Which of the following is true about an email that was signed by User A and sent to User B?

    A. User A signed with their own private key and User B verified with User A's public key.
    B. User A signed with User B's private key and User B verified with their own public key.
    C. User A signed with their own public key and User B verified with User A's private key.
    D. User A signed with User B's public key and User B verified with their own private key.
    A. User A signed with their own private key and User B verified with User A's public key.
    (this multiple choice question has been scrambled)
  77. The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?

    A. Full disk encryption
    B. HPM technology
    C. DLP policy
    D. TPM technology
    C. DLP policy
    (this multiple choice question has been scrambled)
  78. Which of the following protocols encapsulates an IP packet with an additional IP header?

    A. IPSec
    B. SSL
    C. HTTPS
    D. SFTP
    A. IPSec
    (this multiple choice question has been scrambled)
  79. A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone's boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?

    A. Trojan
    B. Zero-day
    C. Rootkit
    D. Virus
    D. Virus
    (this multiple choice question has been scrambled)
  80. A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change onthe user's host:

    Old `hosts' file:
    127.0.0.1 localhost
    New `hosts' file:
    127.0.0.1 localhost
    5.5.5.5 www.comptia.com

    Which of the following attacks has taken place?

    A. Spear phishing
    B. Phishing
    C. Vishing
    D. Pharming
    D. Pharming
    (this multiple choice question has been scrambled)
  81. An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?

    A. Whaling attack
    B. Shoulder surfing
    C. Vishing attack
    D. Dumpster diving
    B. Shoulder surfing
    (this multiple choice question has been scrambled)
  82. A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place?

    A. Bluejacking
    B. Bluesnarfing
    C. War driving
    D. War chalking
    A. Bluejacking
    (this multiple choice question has been scrambled)
  83. An attacker attempted to compromise a web form by inserting the following input into the username field:

    admin)(|(password=*))

    Which of the following types of attacks was attempted?

    A. LDAP injection
    B. Command injection
    C. SQL injection
    D. Cross-site scripting
    A. LDAP injection
    (this multiple choice question has been scrambled)
  84. Which of the following is BEST carried out immediately after a security breach is discovered?

    A. Incident management
    B. Risk transference
    C. Access control revalidation
    D. Change management
    A. Incident management
    (this multiple choice question has been scrambled)
  85. Which of the following is a hardware-based security technology included in a computer?

    A. Trusted platform module
    B. Symmetric key
    C. Whole disk encryption
    D. Asymmetric key
    A. Trusted platform module
    (this multiple choice question has been scrambled)
  86. Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete's access to this site?

    A. Firewall
    B. Protocol analyzer
    C. Proxy server
    D. Internet content filter
    D. Internet content filter
    (this multiple choice question has been scrambled)
  87. How often, at a MINIMUM, should Sara, an administrator, review the accesses and right of the users on her system?

    A. Immediately after an employee is terminated
    B. Annually
    C. Every five years
    D. Every time they patch the server
    B. Annually
    (this multiple choice question has been scrambled)
  88. An administrator is concerned that a company's web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?

    A. Network sniffer
    B. Virus scan
    C. Risk assessment
    D. Vulnerability scan
    D. Vulnerability scan
    (this multiple choice question has been scrambled)
  89. An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?

    A. Implement time of day restrictions for all temporary employees.
    B. Implement an account expiration date for permanent employees.
    C. Implement a password expiration policy.
    D. Run a last logon script to look for inactive accounts.
    D. Run a last logon script to look for inactive accounts.
    (this multiple choice question has been scrambled)
  90. A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:

    A. Logic bomb.
    B. Adware application.
    C. Rootkit.
    D. Backdoor.
    D. Backdoor.
    (this multiple choice question has been scrambled)
  91. Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions?

    A. RADIUS
    B. TACACS
    C. XTACACS
    D. TACACS+
    D. TACACS+
    (this multiple choice question has been scrambled)
  92. Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).

    A. RC4
    B. 3DES
    C. AES
    D. MD5
    E. PGP
    F. Blowfish
    • B. 3DES
    • C. AES
    • F. Blowfish
  93. Which of the following devices will help prevent a laptop from being removed from a certain location?

    A. Remote data wipes
    B. GPS tracking
    C. Cable locks
    D. Device encryption
    C. Cable locks
    (this multiple choice question has been scrambled)

What would you like to do?

Home > Flashcards > Print Preview