An achievement in providing worldwide Internet security was the signing of certi

1. An achievement in providing worldwide Internet security was the signing of certificates
2. associated with which of the following protocols?
3.  
4. A.
5. TCP/IP
6.  
7. B.
8. SSL
9.  
10. C.
11. SCP
12.  
13. D.
14. SSH
15.  
16.  
17.  
18. A Chief Information Security Officer (CISO) wants to implement two-factor authentication
19. within the company. Which of the following would fulfill the CISO’s requirements?
20.  
21. A.
22. Username and password
23.  
24. B.
25. Retina scan and fingerprint scan
26.  
27. C.
28. USB token and PIN
29.  
30. D.
31. Proximity badge and token
32.  
33.  
34.  
35. Which of the following can a security administrator implement on mobile devices that will
36. help prevent unwanted people from viewing the data if the device is left unattended?
37.  
38. A.
39. Screen lock
40.  
41. B.
42. Voice encryption
43.  
44. C.
45. GPS tracking
46.  
47. D.
48. Device encryption
49.  
50.  
51.  
52. Which of the following would a security administrator implement in order to identify a
53. problem between two systems that are not communicating properly?
54.  
55. A.
56. Protocol analyzer
57.  
58. B.
59. Baseline report
60.  
61. C.
62. Risk assessment
63.  
64. D.
65. Vulnerability scan
66.  
67.  
68.  
69. A security administrator wants to perform routine tests on the network during working hours
70. when certain applications are being accessed by the most people. Which of the following
71. would allow the security administrator to test the lack of security controls for those
72. applications with the least impact to the system?
73.  
74. A.
75. Penetration test
76.  
77. B.
78. Vulnerability scan
79.  
80. C.
81. Load testing
82.  
83. D.
84. Port scanner
85.  
86.  
87.  
88. Which of the following should an administrator implement to research current attack
89. methodologies?
90.  
91. A.
92. Design reviews
93.  
94. B.
95. Honeypot
96.  
97. C.
98. Vulnerability scanner
99.  
100. D.
101. Code reviews
102.  
103.  
104.  
105. Which of the following can be implemented in hardware or software to protect a web server
106. from cross-site scripting attacks?
107.  
108. A.
109. Intrusion Detection System
110.  
111. B.
112. Flood Guard Protection
113.  
114. C.
115. Web Application Firewall
116.  
117. D.
118. URL Content Filter
119.  
120.  
121.  
122. Computer evidence at a crime scene is documented with a tag stating who had possession
123. of the evidence at a given time. Which of the following does this illustrate?
124.  
125. A.
126. System image capture
127.  
128. B.
129. Record time offset
130.  
131. C.
132. Order of volatility
133.  
134. D.
135. Chain of custody
136.  
137.  
138.  
139. A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has
140. been created for a frequently used application. She notifies the software vendor and asks
141. them for remediation steps, but is alarmed to find that no patches are available to mitigate
142. this vulnerability. Which of the following BEST describes this exploit?
143.  
144. A.
145. Malicious insider threat
146.  
147. B.
148. Zero-day
149.  
150. C.
151. Client-side attack
152.  
153.  
154. D.
155. Malicious add-on
156.  
157.  
158.  
159. A security administrator has concerns about new types of media which allow for the mass
160. distribution of personal comments to a select group of people. To mitigate the risks involved
161. with this media, employees should receive training on which of the following?
162.  
163. A.
164. Peer to Peer
165.  
166. B.
167. Mobile devices
168.  
169. C.
170. Social networking
171.  
172. D.
173. Personally owned devices
174.  
175.  
176.  
177. Which of the following preventative controls would be appropriate for responding to a
178. directive to reduce the attack surface of a specific host?
179.  
180. A.
181. Installing anti-malware
182.  
183. B.
184. Implementing an IDS
185.  
186. C.
187. Taking a baseline configuration
188.  
189. D.
190. Disabling unnecessary services
191.  
192.  
193.  
194.  
195.  
196. A security manager must remain aware of the security posture of each system. Which of the
197. following supports this requirement?
198.  
199. A.
200. Training staff on security policies
201.  
202. B.
203. Establishing baseline reporting
204.  
205. C.
206. Installing anti-malware software
207.  
208.  
209. D.
210. Disabling unnecessary accounts/services
211.  
212.  
213.  
214. A user attempting to log on to a workstation for the first time is prompted for the following
215. information before being granted access: username, password, and a four-digit security pin
216. that was mailed to him during account registration. This is an example of which of the
217. following?
218.  
219. A.
220. Dual-factor authentication
221.  
222. B.
223. Multifactor authentication
224.  
225. C.
226. Single factor authentication
227.  
228. D.
229. Biometric authentication
230.  
231.  
232.  
233. After analyzing and correlating activity from multiple sensors, the security administrator has
234. determined that a group of very well organized individuals from an enemy country is
235. responsible for various attempts to breach the company network, through the use of very
236. sophisticated and targeted attacks. Which of the following is this an example of?
237.  
238. A.
239. Privilege escalation
240.  
241. B.
242. Advanced persistent threat
243.  
244. C.
245. Malicious insider threat
246.  
247. D.
248. Spear phishing
249.  
250.  
251.  
252. A merchant acquirer has the need to store credit card numbers in a transactional database
253. in a high performance environment. Which of the following BEST protects the credit card
254. data?
255.  
256. A.
257. Database field encryption
258.  
259. B.
260. File-level encryption
261.  
262. C.
263. Data loss prevention system
264.  
265. D.
266. Full disk encryption
267.  
268. Which of the following is BEST used to capture and analyze network traffic between hosts
269. on the same network segment?
270.  
271. A.
272. Protocol analyzer
273.  
274. B.
275. Router
276.  
277. C.
278. Firewall
279.  
280. D.
281. HIPS
282.  
283. After a number of highly publicized and embarrassing customer data leaks as a result of
284. social engineering attacks by phone, the Chief Information Officer (CIO) has decided user
285. training will reduce the risk of another data leak. Which of the following would be MOST
286. effective in reducing data leaks in this situation?
287.  
288. A.
289. Information Security Awareness
290.  
291. B.
292. Social Media and BYOD
293.  
294. C.
295. Data Handling and Disposal
296.  
297. D.
298. Acceptable Use of IT Systems
299.  
300.  
301.  
302. Which of the following functions provides an output which cannot be reversed and converts
303. data into a string of characters?
304.  
305. A.
306. Hashing
307.  
308. B.
309. Stream ciphers
310.  
311. C.
312. Steganography
313.  
314. D.
315. Block ciphers
316.  
317.  
318.  
319. Which of the following is used to verify data integrity?
320.  
321. A.
322. SHA
323.  
324. B.
325. 3DES
326.  
327. C.
328. AES
329.  
330. D.
331. RSA
332.  
333.  
334.  
335. Access mechanisms to data on encrypted USB hard drives must be implemented correctly
336. otherwise:
337.  
338. A.
339. user accounts may be inadvertently locked out.
340.  
341. B.
342. data on the USB drive could be corrupted.
343.  
344. C.
345. data on the hard drive will be vulnerable to log analysis.
346.  
347. D.
348. the security controls on the USB drive can be bypassed.