401 To facilitate compliance with the Internet use portion of the corporate acceptable use policy, an administrator implements a series of proxy servers and firewalls. The administrator further recommends installation of software based firewalls on each host on the network. Which of the following would have provided an alternative simpler solution?
A. Internet content filter
402 The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the following?
D. The risks associated with the large capacity of USB drives and their concealable nature
403 USB drives create a potential security risk due to which of the following?
B. Potential for software introduction
404 As a best practice, risk assessments should be based upon which of the following?
B. A quantitative measurement of risk, impact and asset value
405 Which of the following is a cryptographic hash function?
A. SHA
406 From a security standpoint, which of the following is the BEST reason to implement performance monitoring applications on network systems?
C. To detect availability degradations caused by attackers
407 All of the following are methods used to conduct risk assessments EXCEPT:
A. disaster exercises
408 After conducting a risk assessment, the main focus of an administrator should be which of the following?
D. To ensure risk mitigation activities are implemented
409 Which of the following is a BEST practice when implementing a new system?
C. Disable unneeded services
410 When installing and securing a new system for a home user which of the following are best practices? (Select THREE)
B. Use a strong firewall
C. Apply all system patches
F. Apply all service packs
411 Which of the following describes a logic bomb?
A. A piece of malicious code that executes based on an event or date
412 Which of the following is a prerequisite for privilege escalation to occur?
D. The attacker must have already gained entry into the system
413 Which of the following is an example of an attack that executes once a year on a certain date?
D. Logic bomb
414 Which of the following is the GREATEST threat to highly secure environments?
D. USB devices
415 Management has asked a technician to prevent data theft through the use of portable drives. Which of the following should the technician implement?
D. Disable USB drives
416 A technician has been informed that many of the workstations on the network are flooding servers. Which of the following is the MOST likely cause of this?
C. Worm
417 Which of the following BEST describes a way to prevent buffer overflows?
C. Apply all security patches to workstations
418 Which of the following is a security reason to implement virtualization throughout the network infrastructure?
C. To isolate the various network services and roles
419 Which of the following is a reason to use a Faraday cage?
A. To mitigate data emanation
420 Weak encryption is a common problem with which of the following wireless protocols?
C. WEP
421 Which of the following describes a tool used by organizations to verify whether or not a staff member has been involved in malicious activity?
A. Mandatory vacations
422 Which of the following is a cross-training technique where organizations minimize collusion amongst staff?
C. Job rotation
423 Which of the following will allow a technician to restrict a user?s access to the GUI?
B. Group policy implementation
424 Which of the following is the MOST common logical access control method?
A. Usernames and password
425 Which of the following verifies control for granting access in a PKI environment?
D. Certificate authority
426 Which of the following explains the difference between a public key and a private key?
B. The private key is only used by the client and kept secret while the public key is available to all
427 Which of the following is a countermeasure when power must be delivered to critical systems no matter what?
C. Backup generator
428 Which of the following is the MOST important step to conduct during a risk assessment of computing systems?
D. The identification of missing patches
429 Which of the following tools will allow a technician to detect security-related TCP connection anomalies?
A. Performance monitor
430 Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition?
D. Anomaly-based
431 Which of the following systems is BEST to use when monitoring application activity and modification?
C. HIDS
432 Which of the following is the MOST important thing to consider when implementing an IDS solution?
D. The personnel to interpret results
433 Which of the following is the FIRST step in the implementation of an IDS?
B. Document the existing network
434 Which of the following encryption algorithms is used for encryption and decryption of data?
D. RC5
B. Transport and Tunnel
436 Which of the following would a technician use to check data integrity?
C. Message authentication code
437 Which of the following are the functions of asymmetric keys?
B. Encrypt, sign, decrypt and verify
438 Which of the following is the purpose of the AH?
D. Provides integrity
439 Which of the following describes the insertion of additional bytes of data into a packet?
B. Padding
440 Which of the following is true regarding authentication headers (AH)?
D. The authentication information is a keyed hash based on all of the bytes in the packet
C. 8021x
442 The method of controlling how and when users can connect in from home is called which of the following?
C. Remote access policy
443 Which of the following is the main limitation with biometric devices?
A. They are expensive and complex
444 Who is ultimately responsible for the amount of residual risk?
A. The senior management
445 Which of the following typically use IRC for command and control activities?
B. Botnets
446 When designing a firewall policy, which of the following should be the default action?
A. Implicit deny
447 If hashing two different files creates the same result, which of the following just occurred?
D. A collision
448 Which of the following type of protection is hashing used to provide?
D. Integrity
449 All of the following are part of the disaster recovery plan EXCEPT:
A. patch management software
450 Which of the following is MOST likely to make a disaster recovery exercise valuable?
D. Learning from the mistakes of the exercise
451 Which of the following allows directory permissions to filter down through the sub-directory hierarchy?
B. Inheritance
452 Which of the following access control models BEST follows the concept of separation of duties?
D. Role-based access control (RBAC)
453 Which of the following would MOST likely prevent a PC application from accessing the network?
D. Host-based firewall
454 A technician is investigating intermittent switch degradation. The issue only seems to occur when the buildings roof air conditioning system runs. Which of the following would reduce the connectivity issues?
D. Shielding
455 A technician tracks the integrity of certain files on the server. Which of the following algorithms provide this ability?
B. SHA-1
456 Which of the following describes the standard load for all systems?
C. Configuration baseline
457 When testing a newly released patch, a technician should do all of the following EXCEPT:
B. deploy immediately using Patch Management
458 A botnet zombie is using HTTP traffic to encapsulate IRC traffic. Which of the following would detect this encapsulated traffic?
C. Anomaly-based IDS
459 Documentation review, log review, rule-set review, system configuration review, network sniffing, and file integrity checking are examples of:
A. passive security testing techniques
460 To determine whether a system is properly documented and to gain insight into the systems security aspects that are only available through documentation is the purpose of:
B. passive security testing techniques
461 Which of the following BEST describes external security testing?
B. Conducted from outside the organizations security perimeter
462 Port scanners can identify all of the following EXCEPT:
B. vulnerabilities
463 All of the following are limitations of a vulnerability scanner EXCEPT:
C. it generates less network traffic than port scanning
464 Which of the following can BEST aid in preventing a phishing attack?
B. Conducting user awareness training
465 A travel reservation company conducts the majority of its transactions through a public facing website.
Any downtime to this website results in substantial financial damage for the company. One web server is connected to several distributed database servers. Which of the following describes this scenario?
C. Single point of failure
466 Which of the following is MOST commonly used to secure a web browsing session?
D. HTTPS
467 One of the reasons that DNS attacks are so universal is DNS services are required for a computer to access:
A. the Internet
468 One of the security benefits to using virtualization technology is:
A. if an instance is compromised the damage can be compartmentalized
469 A virtual server implementation attack that affects the:
D. RAM will affect all virtual instances
470 An administrator wants to set up a new web server with a static NAT. Which of the following is the BEST reason for implementing NAT?
C. Hides the organizations internal network addressing scheme
471 Which of the following is the BEST reason for an administrator to use port address translation (PAT) instead of NAT on a new corporate mail gateway?
D. PAT allows external users to access the mail gateway on pre-selected ports
472 Which of the following describes a static NAT?
A. A static NAT uses a one to one mapping
473 Which of the following if disabled will MOST likely reduce, but not eliminate the risk of VLAN jumping?
A. DTP on all ports
474 An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Which of the following could BEST be used to confirm the administrator?s suspicions?
A. Firewall logs
475 Restricting access to files based on the identity of the user or group is an example of which of the following?
A. DAC
476 Restricting access to files based on the identity of the user or group and security classification of the information is an example of which of the following?
D. MAC
477 A new Internet content filtering device installed in a large financial institution allows IT administrators to log in and manage the device, but not the content filtering policy. Only the IT security operation staff can modify policies on the Internet filtering device. Which of the following is this an example of?
D. Role-Based Access Control (RBAC)
478 Which of the following would BEST describe a disaster recovery plan (DRP)?
C. Addresses the recovery of an organizations IT infrastructure
479 Which of the following is the primary objective of a business continuity plan (BCP)?
A. Addresses the recovery of an organizations business operations
480 A software manufacturer discovered a design flaw in a new application. Rather than recall the software, management decided to continue manufacturing the product with the flaw. Which of the following risk management strategies was adopted by management?
B. Risk acceptance
481 Which of the following BEST describes an application or string of code that cannot automatically spread from one system to another but is designed to spread from file to file?
D. Virus
482 Which of the following is considered an independent program that can copy itself from one system to another and its main purpose is to damage data or affect system performance?
A. Worm
483 All of the following are considered malware EXCEPT:
B. spam
484 Which of the following NIDS configurations is solely based on specific network traffic?
A. Signature-based
485 Which of the following only looks at header information of network traffic?
A. Packet filter
486 Which of the following access control methods could the administrator implement because of constant hiring of new personnel?
C. Role-based
487 When using a single sign-on method, which of the following could adversely impact the entire network?
C. Authentication server
488 RADIUS uses all of the following authentication protocols EXCEPT:
A. L2TP
489 A HIDS is installed to monitor which of following?
D. System files
490 Which of the following intrusion detection systems uses statistical analysis to detect intrusions?
B. Anomaly
491 Which of the following intrusion detection systems uses well defined models of how an attack occurs?
D. Signature
492 Which of the following is a system that will automate the deployment of updates to workstations and servers?
A. Patch management
493 A user is concerned with the security of their laptops BIOS. The user does not want anyone to be able to access control functions except themselves. Which of the following will make the BIOS more secure?
A. Password
494 Which of the following is a method to apply system security settings to all workstations at once?
B. A security template
495 Which of the following would be a method of securing the web browser settings on all network workstations?
C. Group policy
496 Which of the following is a limitation of a HIDS?
A. Someone must manually review the logs
497 A technician has implemented a new network attached storage solution for a client. The technician has created many shares on the storage. Which of the following is the MOST secure way to assign permissions?
D. Least privilege
498 Which of the following is an example of a trust model?
C. Managing the CA relationships
499 Which of the following is the common mail format for digitally signed and encrypted messages?
B. S/MIME
500 Which of the following is the common way of implementing cryptography on network devices for encapsulating traffic between the device and the host managing them?
