601 A user ID, PIN, and a palm scan are all required to authenticate a system. Which of the following is this an example of?
C. Two-factor authentication
602 Which of the following would be disabled to prevent SPIM?
C. Instant messaging
603 A user sees an MD5 hash number beside a file that they wish to download. Which of the following BEST describes a hash?
B. A hash is a unique number that is generated based upon the files contents and should be verified after download
604 According to a good disaster recovery plan, which of the following must happen during a power outage before an uninterruptible power supply (UPS) drains its battery?
D. The backup generator activates
605 Which of the following would give a technician the MOST information regarding an external attack on the network?
B. NIDS
606 Which of the following would BEST prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers?
D. Time of day restriction
607 Which of the following would BEST ensure that users have complex passwords?
D. Domain password policy
608 A technician finds that a malicious user has introduced an unidentified virus to a single file on the network. Which of the following would BEST allow for the user to be identified?
B. Access logs
609 Which of the following would BEST allow an administrator to find the IP address of an external attacker?
B. Firewall logs
610 After performing a vulnerability analysis and applying a security patch, which of the following non-intrusive actions should an administrator take to verify that the vulnerability was truly removed?
C. Repeat the vulnerability scan
611 Which of the following could be used by a technician needing to send data while ensuring that any data tampering is easily detectible?
D. SHA-1
612 Which of the following BEST allows for a high level of encryption?
D. AES with ECC
613 Which of the following is the primary security risk associated with removable storage?
A. Confidentiality
614 After reading about the vulnerability issues with open SMTP relays, a technician runs an application to see if port 25 is open. This would be considered a:
D. port scan
615 A company?s accounting application requires users to be administrators for the software to function correctly. Because of the security implications of this, a network administrator builds a user profile which allows the user to still use the application but no longer requires them to have administrator permissions.
Which of the following is this an example of?
C. Security template
616 Which of the following backup techniques resets the archive bit and allows for the fastest recovery?
B. Full backup
617 The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Wednesday afternoon; how many tapes will the technician need to restore the data on the file server for Thursday morning?
D. Three
618 A company is addressing backup and recovery issues. The company is looking for a compromise between speed of backup and speed of recovery. Which of the following is the BEST recommendation?
A. Full backups weekly with differential backups daily
619 Which of the following would define document destruction requirements?
A. Storage and retention policies
620 Part of a standard policy for hardening workstations and servers should include applying the company security template and:
D. closing unnecessary network ports
621 Setting a baseline is required in which of the following? (Select TWO)
B. Anomaly-based monitoring
E. Behavior-based monitoring
622 Which of the following hidden programs gathers information with or without the users knowledge with the primary purpose of advertising?
D. Spyware
623 Which of the following provides best practice with a wireless network?
D. WPA with RADIUS
624 Which of the following sites has the means (E. g. equipment, software, and communications) to facilitate a full recovery within minutes?
D. Hot site
625 When conducting an environmental security assessment, which of the following items should be included in the assessment? (Select THREE)
A. HVAC
E. Utilities
F. Fire detection
626 Which of the following security steps must a user complete before access is given to the network?
D. Identification and authentication
627 When placing a NIDS onto the network, the NIC has to be placed in which of the following modes to monitor all network traffic?
C. Promiscuous
628 An administrator wants to obtain a view of the type of attacks that are being targeted against the network perimeter. The recommended placement of a NIDS would be:
A. outside the firewall
629 Once a system has been compromised, often the attacker will upload various tools that can be used at a later date. The attacker could use which of the following to hide these tools?
A. Rootkit
630 Which of the following is the perfect encryption scheme and is considered unbreakable when properly used?
B. One-time pad
631 When using a digital signature, the message digest is encrypted with which of the following keys?
B. Senders private key
632 Which of the following is the MOST basic form of IDS?
A. Signature
633 Which of the following BEST applies to steganography?
B. Algorithms are not used to encrypt data
634 Which of the following can steganography be used for?
C. Watermark graphics for copyright
635 Steganography could be used by attackers to:
C. hide and conceal messages in WAV files
636 Which of the following BEST describes how steganography can be accomplished in graphic files?
B. Replacing the least significant bit of each byte
637 An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Which of the following BEST meets these requirements?
D. Symmetric
638 Which of the following if used incorrectly would be susceptible to frequency analysis?
A. Transposition ciphers
639 An administrator in an organization with 33,000 users would like to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but are required by upper management for legal obligations. All of the following apply when determining the requirements for the logging server EXCEPT:
C. performance baseline and audit trails
640 Which of the following BEST describes when a hashing algorithm generates the same hash for two different messages?
B. A collision occurred
641 Which of the following is BEST known for self-replication in networks?
B. Worm
642 Which of the following security threats affects PCs and can have its software updated remotely by a command and control center?
D. Zombie
643 Multiple web servers are fed from a load balancer. Which of the following is this an example of?
C. Redundant servers
644 An outside auditor has been contracted to determine if weak passwords are being used on the network.
To do this, the auditor is running a password cracker against the master password file. Which of the following is this an example of?
B. Vulnerability assessment
645 Password crackers:
D. are sometimes able to crack both Windows and UNIX passwords
646 Logic bombs differ from worms in that:
A. logic bombs always have a date or time component
647 A firewall differs from a NIDS in which of the following ways?
B. A firewall operates on a rule list and a NIDS attempts to detect patterns
648 A vulnerability has recently been identified for a servers OS. Which of the following describes the BEST course of action?
A. Visit the operating system manufacturer?s website for a possible patch
649 Personal software firewalls can be updated automatically using:
B. group policy
650 An accountant has logged onto the company?s external banking website. An administrator using a TCP/IP monitoring tool discovers that the accountant was actually using a spoofed banking website. Which of the following could have caused this attack? (Select TWO)
A. Altered hosts file
D. DNS poisoning
651 Which of the following tools would be BEST for monitoring changes to the approved system baseline?
D. Enterprise performance monitoring software
652 All of the following security applications can proactively detect workstation anomalies EXCEPT:
C. NIDS
653 A periodic security audit of group policy can:
C. show that unnecessary services are blocked on workstations
654 Which of the following is the primary purpose of an audit trail?
C. To detect when a user changes security permissions
655 Which of the following describes a characteristic of the session key in an SSL connection?
C. It is symmetric
656 Which of the following describes the cryptographic algorithm employed by TLS to establish a session key?
D. Diffie-Hellman
657 Which of the following describes how TLS protects against man-in-the-middle attacks?
C. The client compares the actual DNS name of the server to the DNS name on the certificate
658 Which of the following is the primary purpose of removing audit logs from a server?
D. To protect against the log file being changed
659 Which of the following describes a common problem encountered when conducting audit log reviews?
C. The timestamp for the servers are not synchronized
660 A technician is conducting a web server audit and discovers that SSLv2 is implemented. The technician wants to recommend that the organization consider using TLS. Which of the following reasons could the technician use to support the recommendation?
C. SSLv2 is susceptible to man-in-the-middle attacks
661 A technician is conducting a password audit using a password cracking tool. Which of the following describes a BEST business practice when conducting a password audit?
A. Use password masking
662 Which of the following is a security risk when using peer-to-peer software?
B. Data leakage
663 Which of the following overwrites the return address within a program to execute malicious code?
B. Buffer overflow
664 Heaps and stacks are susceptible to which of the following?
D. Buffer overflows
665 All of the following are inline devices EXCEPT:
C. HIDS
666 Which of the following would a technician use to validate whether specific network traffic is indeed an attack?
D. Protocol analyzer
667 Which of the following creates an emulated or virtual environment to detect and monitor malicious activity?
B. Honeypot
668 A technician wants better insight into the websites that employees are visiting. Which of the following is BEST suited to accomplish this?
A. Proxy server
669 Bluetooth discover mode is similar to which of the following?
B. SSID broadcast
670 All of the following are Bluetooth threats EXCEPT:
A. a smurf attack
671 Which of the following is the BEST approach when reducing firewall logs?
B. Discard known traffic first
672 In which of the following logs would notation of a quarantined file appear?
B. Antivirus
673 Which of the following provides the MOST mathematically secure encryption for a file?
B. AES256
674 Which of the following encryption algorithms relies on the inability to factor large prime numbers?
B. RSA
675 All of the following provide a host active protection EXCEPT:
C. HIDS
676 Which of the following simplifies user and computer security administration?
C. Directory services
677 Which of the following is MOST likely to cause pop-ups?
C. Adware
678 Which of the following is MOST likely to open a backdoor on a system?
C. Trojan
679 If a company has a distributed IT staff, each being responsible for separate facilities, which of the following would be the BEST way to structure a directory information tree?
A. By location
680 A technician wants to be able to add new users to a few key groups by default, which of the following would allow this?
A. Template
681 Which of the following is a reason to use digital signatures?
D. Non-repudiation
682 All of the following are logical access control methods EXCEPT:
C. biometrics
683 Using the same initial computer image for all systems is similar to which of the following?
D. Configuration baseline
684
Which of the following has the LEAST amount of issues when inspecting encrypted traffic?
D. Antivirus
685 A technician has come across content on a server that is illegal. Which of the following should the technician do?
D. Stop and immediately follow company approved incident response procedures
686 Which of the following is a true statement in regards to incident response?
C. If a technician finds illegal content, they should follow company incident response procedures
687 If a technician is unable to get to a website by its address but the technician can get there by the IP address, which of the following is MOST likely the issue?
B. DNS server
688 Which of the following is placed in promiscuous mode, in line with the data flow, to allow a NIDS to monitor the traffic?
D. Sensor
689 In a NIDS, which of the following provides a user interface?
D. Console
690 An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following?
D. False positive
691 An instance where a biometric system identifies legitimate users as being unauthorized is called which of the following?
B. False rejection
692 An instance where a biometric system identifies users that are authorized and allows them access is called which of the following?
B. True positive
693 An instance where an IDS identifies malicious activity as being legitimate activity is called which of the following?
A. False negative
694 An instance where a biometric system identifies unauthorized users and allows them access is called:
C. false acceptance
695 When executing a disaster recovery plan the MOST important thing to consider is:
D. safety and welfare of personnel
696 When choosing a disaster recovery site, which of the following is the MOST important consideration?
C. The distance and size of the facility
697 Who should be notified FIRST before testing the disaster recovery plan?
D. Senior management
698 Which of the following BEST describes the disaster recovery plan?
A. A detailed process of recovering information or IT systems after a catastrophic event
699 Which of the following is the MOST important consideration when developing a disaster recovery plan?
C. Management buy-in
700 In order to provide management with a prioritized list of time critical business processes, an administrator would assist in conducting a: