501 Which of the following describes penetration testing?
A. Simulating an actual attack on a network
502 When an IDS is configured to match a specific traffic pattern, then which of the following is this referring to?
D. Signature-based
503 An application that gets downloaded onto a system by appearing to be a useful tool for cleaning out duplicate contacts in a user?s emails would be considered:
B. a Trojan
504 Installing an application on every desktop in a company?s network that watches for possible intrusions would be an example of:
A. a HIDS
505 An administrator suspects an issue retrieving files on the network and accesses the file server?s performance monitor to check the results against:
C. the performance baseline
506 An administrator runs a tool checking SMTP, DNS, POP3, and ICMP packets on the network. This is an example of which of the following?
D. A protocol analyzer
507 A company runs a backup after each shift and the main concern is how quickly the backups are completed between shifts. Recovery time should be kept to a minimum. The administrator decides that backing up all the data that has changed during the last shift is the best way to go. This would be considered a:
C. differential backup
508 Users should be able to access their email and several secure applications from any workstation on the network. Additionally, the administrator has implemented an authentication system requiring the use of a username, password, and a company issued smart card. Which of the following is this an example of?
C. SSO
509 Both the client and the server authenticate before exchanging data. This is an example of:
B. mutual authentication
510 Which of the following could be used to institute a tunneling protocol for security?
C. IPSec
511 Which of the following is an encryption program used to secure email and voice over the Internet?
A. PGP
512 Which of the following is used for securing communication between a client and a server?
D. NTLM
513 Which of the following processes are used to monitor and protect the DNS server?
C. Check DNS records regularly
514 Which of the following is the MOST effective method for stopping a phishing attempt?
B. User education
515 A corporation has a contractual obligation to provide a certain amount of system uptime to a client. Which of the following is this contract an example of?
A. SLA
516 Which of the following would allow for a network to remain operational after a T1 failure?
A. Redundant ISP
517 Which of the following asymmetric encryption algorithms was utilized FIRST?
C. DES
518 A ticket granting server is an important concept in which of the following authentication models?
A. Kerberos
519 Which of the following is an example of two-factor authentication?
C. Smart card and PIN
520 Which of the following could physically damage a device if a long term failure occurred?
D. HVAC
521 Which of the following is the easiest way to disable a 10Base2 network?
C. Remove a terminator
522 Which of the following is the BEST method for securing the data on a coaxial network?
B. Run all cables through a conduit
523 Which of the following is the weakest password?
B. Indu5tr1als
524 Which of the following is the GREATEST security risk regarding removable storage?
A. Confidentiality of data
525 Which of the following mimics a legitimate program in order to steal sensitive data?
D. Trojan
526 Which of the following allows for a user to have only the minimum level of access required for their job duties?
D. Least privilege
527 A manager needs to control employee overtime. Which of the following would BEST allow for the manager to control when the employees are on the network?
B. Time of day restriction
528 Which of the following BEST describes hashing?
D. Computing a unique mathematic identifier in order to detect change during transport
529 Which of the following is MOST likely to crash a workstation?
D. Penetration test
530 Which of the following is the critical piece of an encrypted communication that must be kept secret?
D. The initial salt value
531 A PC is rejecting push updates from the server; all other PCs on the network are accepting the updates successfully. Which of the following should the administrator check FIRST?
D. Local firewall
532 Which of the following describes an encrypted connection across public communication lines?
C. VPN
533 After a period of high employee turnover, which of the following should be implemented?
D. A review of user access and rights
534 All PCs in a network share a single administrator ID and password. When the administrator attempts to remotely control a users PC the attempt fails. Which of the following should the administrator check FIRST?
B. The HIPS on the remote PC
535 All of the following are considered key exchange protocols EXCEPT:
A. SAFER
536 Which of the following keys is generally applied FIRST to a message digest to provide non-repudiation using asymmetric cryptography?
C. Private key of the sender
537 Which of the following describes a weakness of the hash functions?
C. Collision
538 All of the following are organizational policies that reduce the impact of fraud EXCEPT:
D. password complexity rules
539 A technician is conducting a forensics analysis on a computer system. Which of the following should be done FIRST?
A. Get a binary copy of the system
540 A technician noticed a remote attack taking place on a system. Which of the following should be done FIRST?
D. Follow the incident management procedure in place
541 Which of the following IDS generally follows a learning process?
D. Anomaly-based IDS
542 Which of the following algorithms is faster when encrypting data?
A. Symmetric key algorithms
543 Which of the following is a reason why DNS logs should be archived?
C. For use in an investigation in the future
544 Which of the following is a best practice for securing log files?
B. Copy or save the logs to a remote log server
545 Which of the following logs shows when the workstation was last shutdown?
A. System
546 Which of the following is a best practice auditing procedure?
B. Review user access and rights
547 Which of the following tools is commonly used to detect security anomalies on a host?
B. A file system integrity checker
548 Snort, TCPDump and Wireshark are commonly used for which of the following?
C. Network sniffing
549 Which of the following would typically require the use of a network protocol analyzer?
A. Determining why authentication between two machines failed
550 Which of the following security related anomalies are MOST likely to be detected by a protocol analyzer?
A. Many malformed or fragmented packets
551 Users and computers are generally grouped into domains for security purposes. Which of the following is a common attribute used to determine which domain a user or computer belongs to?
B. Location
552 Malware that uses virtualization techniques can be difficult to detect because of which of the following?
A. The malware may be running at a more privileged level than the antivirus software
553 Which of the following is a reason why virtualization techniques are often used to implement a honeynet?
D. To reduce the number of physical devices needed
554 Which of the following is an industry standard for remote logging?
D. syslog
555 Audit trails are used for which of the following?
C. Accountability
556 Which of the following can be used to centrally manage security settings?
D. Group policy
557 Which of the following is a best practice disaster recovery strategy?
D. Test the recovery plan
558 Which of the following activities is MOST closely associated with DLL injection?
B. Penetration testing
559 Which of the following is true about penetration testing or vulnerability assessments?
A. Penetration testing exploits a vulnerability
560 Which of the following is a security risk of not password protecting the BIOS?
B. The system may be changed to boot from alternative media
561 Executing proper logging procedures would be the proper course of action in which of the following scenarios? (Select TWO)
A. Need to prevent access to a file or folder
B. Need to know which files have been accessed
C. Need to know who is logging on to the system
D. Need to prevent users from logging on to the system
E. Need to capture monitor network traffic in real time
B. Need to know which files have been accessed
C. Need to know who is logging on to the system
562 Executing proper logging procedures would facilitate which of the following requirements?
A. Investigate suspicious queries to the DNS server
563 Which of the following is a concern when setting logging to a debug level?
B. The log may fill up with extraneous information
564 Which of the following should be considered when executing proper logging procedures? (Select TWO)
A. The information that is needed to reconstruct events
E. The amount of disk space required
565 Which of the following malicious activities might leave traces in a DNS log file?
B. Poisoning
566 Which of the following NAC scanning types is the LEAST intrusive to the client?
A. Agentless
567 Common settings configured on an Internet content filtering device are database update settings, log settings and which of the following?
B. Content rules
568 Which of the following activities commonly involves feedback from departmental managers or human resources?
D. User access and rights review
569 While auditing a list of active user accounts, which of the following may be revealed?
C. Accounts that need to be removed
570 Which of the following is the BEST option for securing an email infrastructure?
D. Set up an email proxy in the DMZ and the email server in the internal network
571 Which of the following provides the BEST mechanism for non-repudiation?
A. Digital signatures
572 Which of the following is the BEST logical access control method for controlling system access on teams working in shifts?
B. Time of day restrictions
573 Which of the following key types does Kerberos use?
A. Asymmetric keys
574 Which of the following are recommended security measures when implementing system logging procedures? (Select TWO)
D. Apply retention policies on the log files
D. Perform hashing of the log files
575 Which of the following should be considered when implementing logging controls on multiple systems? (Select TWO)
A. VLAN segment of the systems
B. Systems clock synchronization
C. Systems capacity and performance
D. External network traffic
E. Network security zone of the systems
B. Systems clock synchronization
C. Systems capacity and performance
576 Which of the following BEST describes actions pertaining to user account reviews? (Select TWO)
A. User account reports are periodically extracted from systems and employment verification is performed
C. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization
577 All of the following are attributes of an x.509 certificate EXCEPT:
D. the symmetric key of the owner
578 A user complains that pop-up windows continuously appear on their screen with a message stating that they have a virus and offering to see a program that will remove it. The technician is skeptical because the antivirus definitions on the machine are up-to-date. Which of the following BEST describes what the user is seeing?
B. Adware
579 The GREATEST security concern in regards to data leakage with USB devices is:
A. physical size
580 Which of the following is the main difference between a substitution cipher and a transposition cipher when used to encode messages?
C. One replaces blocks with other blocks while the other rearranges only
581 All of the following can be found in the document retention policy EXCEPT:
B. password complexity rules
582 Which of the following reduces effectiveness when deploying and managing NIPS?
A. Encrypting all network traffic
583 Which of the following authentication methods prevents a replay attack from occurring?
C. Kerberos
584 To prevent disk integrity errors due to small line-power fluctuations, a system administrator should install which of the following?
D. Line conditioner
585 Which of the following is the BEST way to mass deploy security configurations to numerous workstations?
C. Security templates
586 Virtual machines are MOST often used by security researchers for which of the following purposes?
C. To provide an environment where malware can be executed with minimal risk to equipment and software
587 Which of the following is a password cracker?
D. Cain & Abel
588 Which of the following characteristics of RAID increases availability?
B. Mirroring
589 A document shredder will BEST prevent which of the following?
A. Dumpster diving
590 Which of the following would BEST prevent the spread of a hoax?
D. User education
591 Which of the following is a term referring to the situation when a programmer leaves an unauthorized entry point into a program or system?
D. Back door
592 Which of the following refers to a system that is unable to accept new TCP connections due to a SYN flood attack?
C. DoS
593 Which of the following would refer to a key fob with a periodically changing number that is used as part of the authentication process?
B. Physical token
594 Which of the following is the MOST common method of one-factor authentication?
B. User ID and password
595 An attorney demands to know exactly who had possession of a piece of evidence at a certain time after seizure. Which of the following documents would provide this?
D. Chain of custody
596 Which of the following prevents damage to evidence during forensic analysis?
D. Read-only drive connectors
597 Which of the following is a drawback of using PAP authentication?
D. PAP sends all passwords across the network as clear text
598 Which of the following BEST describes using a third party to store the public and private keys?
C. Key escrow
599 Which of the following requires the server to periodically request authentication from the client?
C. CHAP
600 A biometric fingerprint scanner is an example of which of the following?
