Question 1
Question
Which of the following is seen as non-secure based on its ability to only store seven uppercase characters of
data making it susceptible to brute force attacks?
Question 2
Question
Which of the following should be used to help prevent device theft of unused assets?
Answer
-
HSM device
-
Locking cabinet
-
Device encryption
-
GPS tracking
Question 3
Question
Which of the following security practices should occur initially in software development?
Answer
-
Secure code review
-
Patch management
-
Fuzzing
-
Penetration tests
Question 4
Question
Which of the following uses tickets to identify users to the network?
Answer
-
RADIUS
-
LDAP
-
TACACS+
-
Kerberos
Question 5
Question
Which of the following file transfer protocols is an extension of SSH Protocol Version 2.0?
Question 6
Question
Due to sensitive data concerns, a security administrator has enacted a policy preventing the use of flash drives.
Additionally, which of the following can the administrator implement to reduce the risk of data leakage?
Answer
-
Enact a policy that all work files are to be password protected
-
Enact a policy banning users from bringing in personal music devices
-
Provide users with unencrypted storage devices that remain on-site
-
Disallow users from saving data to any network share
Question 7
Question
The security administrator implemented privacy screens, password protected screen savers, and hired a secure
shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate?
(Select TWO).
Answer
-
Whaling
-
Dumpster diving
-
Shoulder surfing
-
Tailgating
-
Impersonation
Question 8
Question
Performing routine security audits is a form of which of the following controls?
Answer
-
Preventive
-
Detective
-
Protective
-
Proactive
Question 9
Question
Which of the following web application security weaknesses can be mitigated by preventing the use of HTML
tags?
Question 10
Question
Which of the following access control technologies provides a rolling password for one-time use?
Question 11
Question
Which of the following would be the BEST action to perform when conducting a corporate vulnerability
assessment?
Answer
-
Document scan results for the change control board
-
Organize data based on severity and asset value
-
Examine the vulnerability data using a network analyzer
-
Update antivirus signatures and apply patches
Question 12
Question
Which of the following would allow traffic to be redirected through a malicious machine by sending false
hardware address updates to a switch?
Answer
-
ARP poisoning
-
MAC spoofing
-
pWWN spoofing
-
DNS poisoning
Question 13
Question
Which of the following devices would be installed on a single computer to prevent intrusion?
Answer
-
Host intrusion detection
-
Network firewall
-
Host-based firewall
-
VPN concentrator
Question 14
Question
Which of the following is a policy that would force all users to organize their areas as well as help in reducing
the risk of possible data theft?
Answer
-
Password behaviors
-
Clean desk policy
-
Data handling
-
Data disposal
Question 15
Question
A penetration test shows that almost all database servers were able to be compromised through a default
database user account with the default password. Which of the following is MOST likely missing from the
operational procedures?
Question 16
Question
Isolation mode on an AP provides which of the following functionality types?
Answer
-
Segmentation of each wireless user from other wireless users
-
Disallows all users from communicating directly with the AP
-
Hides the service set identifier
-
Makes the router invisible to other routers
Question 17
Question
Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?
Question 18
Question
Which of the following is MOST likely to be the last rule contained on any firewall?
Answer
-
IP allow any any
-
Implicit deny
-
Separation of duties
-
Time of day restrictions
Question 19
Question
During the analysis of malicious code, a security analyst discovers JavaScript being used to send random data
to another service on the same system. This is MOST likely an example of which of the following?
Question 20
Question
Which of the following is true about hardware encryption? (Select TWO).
Answer
-
It must use elliptical curve encryption
-
It requires a HSM file system
-
It only works when data is not highly fragmented
-
It is faster than software encryption
-
It is available on computers using TPM
Question 21
Question
Which of the following is an example of verifying new software changes on a test system?
Answer
-
User access control
-
Patch management
-
Intrusion prevention
-
Application hardening
Question 22
Question
Which of the following is a technical control?
Answer
-
System security categorization requirement
-
Baseline configuration development
-
Contingency planning
-
Least privilege implementation
Question 23
Question
Public keys are used for which of the following?
Answer
-
Decrypting wireless messages
-
Decrypting the hash of an electronic signature
-
Bulk encryption of IP based email traffic
-
Encrypting web browser traffic
Question 24
Question
Which of the following penetration testing types is performed by security professionals with limited inside
knowledge of the network?
Question 25
Question
Which of the following devices BEST allows a security administrator to identify malicious activity after it has
occurred?
Answer
-
Spam filter
-
IDS
-
Firewall
-
Malware inspection
Question 26
Question
Which of the following cloud computing concepts is BEST described as providing an Operating System on
which the customer can install your own applications or software on-demand ?
Question 27
Question
A security administrator wants to prevent users in sales from accessing their servers after 6:00 p.m., and
prevent them from accessing accounting's network at all times. Which of the following should the administrator
implement to accomplish these goals? (Select TWO).
Answer
-
Separation of duties
-
Time of day restrictions
-
Access control lists
-
Mandatory access control
-
Single sign-on
Question 28
Question
Which of the following environmental controls would BEST be used to regulate cooling and flow of air within a
datacenter?
Answer
-
Fire suppression
-
Video monitoring
-
EMI shielding
-
Hot and cold aisles
Question 29
Question
Which of the following is used when performing a quantitative risk analysis?
Answer
-
Focus groups
-
Asset value
-
Surveys
-
Best practice
Question 30
Question
Which of the following BEST describes the function of TPM?
Answer
-
High speed secure removable storage device
-
Third party certificate trust authority
-
Hardware chip that stores encryption keys
-
A trusted OS model
Question 31
Question
Which of the following PKI implementation element is responsible for verifying the authenticity of certificate
contents?
Answer
-
CRL
-
Key escrow
-
Recovery agent
-
CA
Question 32
Question
Which of the following describes an active attempt to identify weaknesses?
Answer
-
Vulnerability scanning
-
Zero day attack
-
Port scanning
-
Penetration testing
Question 33
Question
The security administrator is getting reports from users that they are accessing certain websites and are unable
to download anything off of those sites. The security administrator is also receiving several alarms from the IDS
about suspicious traffic on the network. Which of the following is the MOST likely cause?
Answer
-
NIPS is blocking activities from those specific websites
-
NIDS is blocking activities from those specific websites
-
The firewall is blocking web activity
-
The router is denying all traffic from those sites
Question 34
Question
Which of the following should be enabled to ensure only certain wireless clients can access the network?
Answer
-
DHCP
-
SSID broadcast
-
MAC filtering
-
AP isolation
Question 35
Question
Which of the following is the BEST standard for encryption on a wireless network?
Question 36
Question
Which of the following would you educate your employees about in order to prevent them to become victim of
an attacker attempting to obtain bank account information?
Question 37
Question
If a user wishes to receive a file encrypted with PGP, the user must FIRST supply which of the following to the
person who wishes to securely send the file:
Answer
-
public key
-
recovery agent
-
key escrow account
-
private key
Question 38
Question
Which of the following is a reason to perform a penetration test?
Answer
-
To passively test security controls within the enterprise
-
To provide training to white hat attackers
-
To identify all vulnerabilities and weaknesses within the enterprise
-
To determine the potential impact of a threat against the enterprise
Question 39
Question
Which of the following methods BEST describes the use of hiding data within other files?
Answer
-
Digital signatures
-
PKI
-
Transport encryption
-
Steganography
Question 40
Question
Which of the following BEST describes the proper method and reason to implement port security?
Answer
-
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional
devices from being connected to the network
-
Apply a security control which ties specific networks to end-device IP addresses and prevents new devices from being connected to the network
-
Apply a security control which ties specific ports to end-device MAC addresses and prevents all devices from being connected to the network
-
Apply a security control which ties specific ports to end-device IP addresses and prevents mobile devices from being connected to the network
Question 41
Question
Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an
email?
Question 42
Question
Which of the following is MOST likely to result in a data loss or compromise?
Answer
-
Accounting transferring confidential staff details via SFTP to the payroll department
-
Back office staff accessing and updating details on the mainframe via SSH
-
Encrypted backup tapes left unattended at reception for offsite storage
-
Developers copying data from production to the test environments via a USB stick
Question 43
Question
A security administrator has discovered through a password auditing software that most passwords can be
discovered by cracking the first seven characters and then cracking the second part of the password. Which of
the following is in use by the company?
Question 44
Question
Which of the following concepts ensures that the data is only viewable to authorized users?
Answer
-
Availability
-
Biometrics
-
Integrity
-
Confidentiality
Question 45
Question
Which of the following BEST describes an intrusion prevention system?
Answer
-
A system that stops an attack in progress
-
A system that allows an attack to be identified
-
A system that logs the attack for later analysis
-
A system that serves as a honeypot
Question 46
Question
A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that
was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their
wireless network breached last month. Which of the following is MOST likely causing the disconnections?
Answer
-
An attacker inside the company is performing a bluejacking attack on the user's laptop
-
Another user's Bluetooth device is causing interference with the Bluetooth on the laptop
-
The new access point was mis-configured and is interfering with another nearby access point
-
The attacker that breached the nearby company is in the parking lot implementing a war driving attack
Question 47
Question
Risk can be managed in the following ways EXCEPT:
Answer
-
mitigation
-
acceptance
-
elimination
-
transference
Question 48
Question
A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST
describes the required remediation action?
Answer
-
Change the server's SSL key and add the previous key to the CRL
-
Install a host-based firewall
-
Install missing security updates for the operating system
-
Add input validation to forms
Question 49
Question
While browsing the Internet, an administrator notices their browser behaves erratically, appears to download
something, and then crashes. Upon restarting the PC, the administrator notices performance is extremely slow
and there are hundreds of outbound connections to various websites. Which of the following BEST describes
what has occurred?
Answer
-
The PC has become part of a botnet
-
The PC has become infected with spyware
-
The PC has become a spam host
-
The PC has become infected with adware
Question 50
Question
Which of the following is a best practice when securing a switch from physical access?