201 A user does not understand why the domain password policy is so stringent. Which of the following BEST demonstrates the security basis for the password policy?
A. Explain how easy it is for a hacker to crack weak passwords
202 A company needs to have multiple servers running low CPU utilization applications. Which of the following is the MOST cost efficient method for accomplishing this?
C. Install a single high end server, running multiple virtual servers
203 A programmer creates an application to accept data from a website. A user places more information than the program expects in the input field resulting in the back end database placing the extra information into the database. Which of the following is this an example of?
B. SQL injection
204 Which of the following security threats is MOST commonly associated with a targeted distributed denial of service (DDoS)?
B. Botnets
205 A developer added code to a financial system designed to transfer money to a foreign bank account on a specific time and date. The code would activate only if human resources processed the developers termination papers. The developer implemented which of the following security threats?
C. Logic bomb
206 A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. It has been suggested that the company purchase a product which could decrypt the SSL session, scan the content and then repackage the SSL session without staff knowing. Which of the following type of attacks is similar to this product?
C. Man-in-the-middle
207 After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST course of action?
C. Accept the risk
208 A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance each year that workstations would be compromised if not adequately protected. If workstations are compromised it will take three hours to restore services for the 30 staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following is the annual loss expectancy (ALE)?
D. $7,290
209 A technician is deciding between implementing a HIDS on the database server or implementing a NIDS. Which of the following are reasons why a NIDS may be better to implement? (Select TWO).
A. Many HIDS require frequent patches and updates
B. Many HIDS are not able to detect network attacks
C. Many HIDS have a negative impact on system performance
D. Many HIDS only offer a low level of detection granularity
E. Many HIDS are not good at detecting attacks on database servers
B. Many HIDS are not able to detect network attacks
C. Many HIDS have a negative impact on system performance
210 Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?
A. Office laptop connected to a home user?s network
211 Virtualized applications, such as virtualized browsers, are capable of protecting the underlying operating system from which of the following?
B. Malware installation from suspects Internet sites
212 A flat or simple role-based access control (RBAC) embodies which of the following principles?
C. Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a member of the role
213 A number of unauthorized staff has been entering the data center by piggybacking authorized staff. The CIO has mandated that this behavior stops. Which of the following is the BEST technology to install at the data center to prevent piggybacking?
D. Mantrap
214 Which of the following is a security threat that hides its processes and files from being easily detected?
B. Rootkit
215 Security templates are used for which of the following purposes? (Select TWO).
A. To ensure that email is encrypted by users of PGP
B. To ensure that PKI will work properly within the company?s trust model
C. To ensure that performance is standardized across all servers
D. To ensure that all servers start from a common security configuration
E. To ensure that servers are in compliance with the corporate security policy
D. To ensure that all servers start from a common security configuration
E. To ensure that servers are in compliance with the corporate security policy
216 Frequent signature updates are required by which of the following security applications? (Select TWO).
A. Antivirus
E. IDS
217 When choosing an antivirus product, which of the following are the MOST important security considerations? (Select TWO).
C. The frequency of signature updates
E. The number of viruses the software can detect
218 Three generally accepted activities of patch management are: determining which patches are needed, applying the patches and which of the following?
A. Auditing for the successful application of the patches
219 In which of the following situations would it be appropriate to install a hotfix?
B. A patch is not available and workarounds do not correct the problem
220 Social engineering, password cracking and vulnerability exploitation are examples of which of the following?
C. Penetration testing
221 If an administrator does not have a NIDS examining network traffic, which of the following could be used to identify an active attack?
D. Protocol analyzer
222 Configuration baselines should be taken at which of the following stages in the deployment of a new system?
D. After initial configuration
223 Which of the following practices should be implemented to harden workstations and servers?
D. Install only needed software
224 Which of the following is a mechanism that prevents electromagnetic emanations from being captured?
B. Faraday cage
225 Which of the following describes the difference between a secure cipher and a secure hash?
D. A cipher can be reversed, a hash cannot
226 Which of the following physical threats is prevented with mantraps?
C. Piggybacking
227 Which of the following BEST describes the differences between SHA-1 and MD5?
D. SHA-1 produces few collisions than MD5
228 Which of the following BEST applies in the secure disposal of computers?
C. Computer media must be sanitized
229 Which of the following BEST describes the differences between RADIUS and TACACS?
C. TACACS separates authentication, authorization and auditing capabilities
230 Which of the following BEST describes the differences between RADIUS and TACACS?
C. TACACS encrypts client-server negotiation dialog
231 Which of the following authentication mechanisms performs better in a secure environment?
A. TACACS because it encrypts client-server negotiation dialogs
232 To evaluate the security compliance of a group of servers against best practices, which of the following BEST applies?
D. Run a vulnerability assessment tool
233 Which of the following is a problem MOST often associated with UTP cable?
C. Crosstalk
234 An administrator notices on the monthly firewall log that many of the internal PCs are sending packets on a routine basis to a single external PC. Which of the following BEST describes what is occurring?
C. The remote PC has a zombie master application running and the local PCs have a zombie slave application running
235 An administrator notices that a PC is sending an unusual amount of email at odd times of the day. Which of the following should the administrator check for FIRST?
B. A SMTP open relay
236 Which of the following would a password cracker help an administrator to find?
B. Weak passwords
237 Which of the following is setup within a router?
A. DMZ
238 Which of the following would BEST allow for fast, highly secure encryption of a USB flash drive?
B. AES256
239 When is the correct time to discuss the appropriate use of electronic devices with a new employee?
C. At time of hire
240 Which of the following could BEST assist in the recovery of a crashed hard drive?
D. Forensics software
241 Which of the following facilitates the creation of an unencrypted tunnel between two devices?
B. L2TP
242 Which of the following allows for a secure connection to be made through a web browser?
D. SSL
243 Which of the following is the BEST order in which crucial equipment should draw power?
D. UPS line conditioner, UPS battery, and backup generator
244 Which of the following would require a pre-sharing of information before a home user could attach to a neighbors wireless adapter?
D. SSID broadcasting disabled
245 Which of the following would BEST allow an administrator to quickly find a rogue server on the network?
C. A network mapper
246 Which of the following would BEST allow an administrator to quickly find a PC with a blank database administrator password?
D. Vulnerability scanner
247 An administrator is backing up all server data nightly to a local NAS device. Which of the following additional steps should the administrator take for protection from disaster in the case the primary site is permanently lost?
D. Backup all data at a preset interval to tape and store those tapes at a sister site in another city
248 Which of the following is the MOST intrusive on a network?
D. Penetration testing
249 A single sign-on requires which of the following?
A. A unified trust model
250 All of the following are where backup tapes should be kept EXCEPT:
D. near a power line
251 All of the following require periodic updates to stay accurate EXCEPT:
B. pop-up blocker applications
252 Which of the following is the quickest method to create a secure test server for a programmer?
C. Create a virtual server on existing equipment
253 Which of the following is a collection of fixes for an application or operating system that has been tested by the vendor?
D. A service pack
254 Which of the following usually applies specifically to a web browser?
C. Pop-up blocker
255 Pre-shared keys apply to which of the following?
A. PGP
256 Which of the following is a risk associated with a virtual server?
C. If the physical server crashes, all of the local virtual servers go offline immediately
257 Which of the following exploits is only triggered by a specific date or time key?
D. Logic bomb
258 Threats to a network could include: (Select TWO)
A. penetration testing
B. network audits
C. disgruntled employees
D. dial-up access
E. disabled user accounts
C. disgruntled employees
D. dial-up access
259 An antivirus server keeps flagging an approved application that the marketing department has installed on their local computers as a threat. This is an example of:
D. false positive
260 A vendor releases an application update to a recent service pack that addresses problems being experienced by some end users. This update would be considered a:
C. hotfix
261 A technician is working on an end users desktop which has been having performance issues. The technician notices there seems to be a lot of activity on the NIC. A good tool to quickly check the current network connections of the desktop would be:
B. netstat
262 A company has an issue with field users logging into VPN to connect to the mail server, and leaving their computers connected while in public places. The administrator needs to prevent both unauthorized access to the company email and data, and limit the impact on the VPN server. Which of the following BEST achieves this goal?
B. Use group policy to lock computers after five minutes of inactivity, and limit VPN connections to one hour
263 The service provided by message authentication code (MAC) hash is:
C. integrity
264 An administrator is running a network monitoring application that looks for behaviors on the network outside the standard baseline that has been established. This is typical of a(n):
C. anomaly-based tool
265 Some examples of hardening techniques include all of the following EXCEPT:
A. running weekly spyware applications
266 An administrator wants to block users from accessing a few inappropriate websites as soon as possible. The existing firewall allows blocking by IP address. To achieve this goal the administrator will need to:
D. upgrade to a URL based filter to achieve the desired result
267 A CRL contains a list of which of the following type of keys?
A. Both public and private keys
268 A user logs into their network with a smart card. Which of the following keys is used?
C. Private key
269 An administrator wants to ensure that when an employee leaves the company permanently, that the company will have access to their private keys. Which of the following will accomplish this?
B. Store the keys in escrow
270 When a server and workstation communicate via SSL, which of the following keys are being used? (Select TWO)
A. Public key
C. Session key
271 A user is going to dispose of some old hard drives. Which of the following should the user do to the drives before disposing of them?
B. Use a certified wipe program to erase data
272 A user wants to implement very tight security controls for technicians that seek to enter the user?s datacenter. Which of the following solutions offers the BEST security controls?
A. Biometric reader and smartcard
273 Which of the following concepts, requires users and system processes to be assigned minimum levels of permission to carry out the assigned task?
C. Least privilege
274 When using discretionary access control (DAC), who determines access and what privileges they have?
C. Owner
275 Which of the following is a security benefit of mandatory vacations?
B. Detecting fraud
276 The data custodian in an organization is responsible for:
B. recoverability of the data
277 Which of the following organizational documentation describes how tasks or job functions should be conducted?
C. Procedures
278 Which of the following organizational documentation provides high level objectives that change infrequently?
D. Policy
279 Which of the following sites can be online the QUICKEST and does not require data restoration from backup media to ensure the production data is as current as possible?
A. Mirrored site
280 Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE).
E. Certificates
D. URLs
E. Content
281 The primary function of risk management in an organization is to reduce risk to a level:
A. the organization will accept
282 Which of the following BEST describes risk analysis?
A. Evaluation and assessment
283 A financial institution performed a risk assessment on the DLT backup system used to store customer account details. The main risk highlighted was the long-term retention of electronically stored data. Which of the following is the MOST likely reason for the risk being raised?
D. Compatibility of media and application systems
284 Which of the following hashing techniques is commonly disabled to make password cracking more difficult?
B. NTLM
285 An organization has recently implemented a work from home program. Employees need to connect securely from home to the corporate network. Which of the following encryption technologies might BEST accomplish this?
D. IPSec
286 The use of a physical token, PIN and a password during authentication is an example of which of the following?
B. Two-factor authentication
287 Port 3535 is typically blocked for outbound traffic on a company?s LAN. An end-user has recently purchased a legitimate business program that needs to make outbound calls using this port. Which of the following steps should a technician take to allow this? (Select TWO)
C. Open the port on the company?s firewall
D. Open the port on the user?s personal software firewall
288 Which of the following describes software that is often written solely for a specific customer?s application?
D. Hotfix
289 A security manager believes that too many services are running on a mission critical database server. Which of the following tools might a security analyst use to determine services that are running on the server, without logging into the machine?
B. Port scanner
290 A manufacturing corporation has decided to send a highly sensitive message to one of their suppliers. The message is concealed inside a JPEG image of a beach resort. Which of the following is this an example of?
B. Steganography
291 Which of the following encryption methods is often used along with L2TP?
B. IPSec
292 An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause?
A. DoS
293 Which of the following methods will help to identify when unauthorized access has occurred?
A. Implement previous logon notification
294 Ensuring administrators have both a regular user account and a privileged user account is an example of applying which security principle?
D. Least privilege
295 All of the following are steps in the incident response process EXCEPT:
D. repudiation
296 Which of the following is an example of two-factor authentication for an information system?
B. ATM card and PIN
297 Which of the following describes a spanned switch port in the context of IDS traffic analysis?
B. An association of a set of source ports with a single destination port
298 A technician is performing an assessment on a router and discovers packet filtering is employed. Which of the following describes a security concern with stateless packet filtering?
B. Packet payload is not checked
299 Which of the following describes the process of comparing cryptographic hash functions of system executables, configuration files, and log files?
D. File integrity auditing
300 Which of the following is a cryptographic representation of non-repudiation?