1. What is 3DES based on?

    D. Symmetric key-based algorithm.
  2. What is used for verifying whether or not a digital certificate is valid?

    B. CRL
  3. Which of the following is an example of a DoS attack?

    A. Your Web server has gone into a loop trying to service a client request.
  4. Which of the following is the most secure method to determine unique identification of an employee?

    C. Biometric.
  5. Which of the following describes a differential backup?

    D.  It backs up only the information modified or added since the last full backup.

    • What is the type of testing that ignores the internal workings of a system and focuses on only its outputs?
    • A. Penetration testing.
    • B. Black box testing.
    • C. White box testing.
    • D. Gray box testing.

    B. Black box testing.
  6. What important planning document should an organization create, maintain, and test in preparation for a catastrophic event?

    D. Disaster recovery plan.
  7. Which of the following backup strategies would provide the most efficient recovery from a disaster in which the data servers for a
    business are lost?

    D. Weekly full backups and daily differential backups.
  8. Who should perform penetration testing on a network?

    D.  An independent, outside consultant or service.
  9. Management insists that the organization's recovery plans must include the requirement for all critical data and systems to be operational to the beginning of the business day within one hour of failure, regardless of the event occurring. Which of the following metrics would you NOT use in a disaster recovery plan to state these requirements?

    • B.  EoD.
    • Which of the following is NOT a programming code quality testing tool or method?
    • A. Dynamic program analysis.
    • B. Fuzzing.
    • C. Penetration testing.
    • D. Sandboxing.

    C. Penetration testing.
  10. What type of system testing looks for vulnerabilities in a system or network and then attempts to exploit them?

    B. Penetration testing.
  11. Which of the following is NOT a component or feature of a TOS?

    C. SQL injection attack.
  12. What is the system development method that combines software development and data center operations?

    A.  DevOps.
  13. What is the name of the hardware-based cryptology processor in a system's security setup?

    • A.
    • Trusted platform module (TPM).

    • What term refers to an actual server on which virtualization software runs, creates, and manages virtual machines?
    • A. Virtual host.
    • B. Virtual private server.
    • C. Virtual guest.
    • D. Virtual machine.

    A. Virtual host.
  14. What type of an attack may start on a virtual server but could threaten a physical host?
    A. VMware.
    B. Sandbox.
    C. VM escape.
    D. Cloud bursting.
    C. VM escape.
  15. You access your email through a cloud-based email service. What type of service are you using?

    A. SaaS.
  16. The delivery of services in which as-needed resources, software, communications, security, and data are available on-demand to a user over the Internet defines what technology?

    D.  Cloud computing.
  17. After reviewing the hardware inventory in the IT data center, senior management cites that many of the servers are underutilized,and it sees this as a waste of resources. What do you recommend to improve this situation?

    D.  Implement virtualization.

    • What acronym refers to an environment in which employees provide their own mobile communication devices?
    • A. BYOD.
    • B. OOB.
    • C. MSM.
    • D. OTP.

    A. BYOD.
  18. Text messaging makes a mobile device especially susceptible to what type of vulnerability?

    A. Signal interception.
  19. Your company wishes to limit its risk for unauthorized access to confidential company data that may be stored on the tablet
    computers it issues to employees. Which of the following methods would guarantee that an unauthorized person couldn't access data on a lost or stolen tablet?

    D. Data wiping.
  20. What security system involves the use of an analog-to-digital converter (ADC) and either hardware-based encryption or software-based encryption for the transmission of converted signals using the ZRTP protocol?

    D. Secure voice.
  21. What form of security policies typically includes measures like secured possession, remote reporting, screen locks, and storage

    C. External security.
  22. Which of the following is not a system type common to data loss prevention systems?

    A. Archival DLP.
  23. What is provided by a digital security process that verifies the identity and integrity of a message sender along with the origin of protected data?

    B. Non-repudiation.
  24. With which DLP system is data in motion (DiM) most associated?

    B. Network DLP.
  25. Which data security policies set the standards to ensure that data remains in its original form without modification, corruption, or loss?

    C. Data integrity.
  26. What digital entity facilitates verification of a claim that a specific public key belongs to a specific individual?

    A. Digital signature.

    • You are in charge of PKI certificates. What should you implement so that stolen certificates cannot be used?
    • A. CA.
    • B. SSL.
    • C. CRL.
    • D. TLS.

    C. CRL.
  27. In what type of encryption do both the sender and the receiver use the same key?

    B. Symmetric.
  28. What is the international standard for digital certificates?

    B. ISO X.509.
  29. You have an issue in your company with users claiming they did not receive email messages, while other users claim they were sent. What PKI component helps you to prove the dates and times of messages sent on the network?

    A. Non-repudiation.
  30. Which of the PKI trust models requires only a single CA certificate?

    D. Hierarchical.
  31. What secret key type is shared by two parties over a secured channel before it's actually needed or used?

    C. A pre-shared key (PSK).
  32. Which function will always produce a fixed-length value regardless of the length of the original data?

    D. Hash algorithm.
  33. What is the standard used by the U.S. government to generate signatures for authenticating electronic documents?

    A. DSA.
  34. Which encryption algorithm is most commonly used in small wireless devices, such as smartphones?

    C. Elliptic curve.
  35. An encryption system encrypts data prior to transmitting it across the network. The receiving end of the transmission decrypts the data. If the two systems are both using a symmetric algorithm, what do you know about the keys in this scenario?

    C. The system uses the same key to encrypt and decrypt data.
  36. You are designing a new Web application service for your company. An initial design review reveals a number of attack surfaces not identified in the initial baseline for the application, including unneeded network services that are enabled. What should you do?

    C. Remove unneeded service from the design
  37. Which of the following is the least intrusive way of checking an environment for know software flaws?

    B. Vulnerability Scanner
  38. After a system risk assessment, the cost to mitigate a risk is higher than the expected loss if the threat materializes. In this situation, which of the following is the better course of action?

    B. Accept the risk
  39. After completing a risk assessment, a security administrator recommends that the network owner take actions to prevent future security incidents. Which of the following describes this type of action?

    B. Risk Mitigation
  40. What is likely your best course of action when a vulnerability is identified on an operating system?

    B. Visit the OS manufacturer's website for information and a patch.
  41. What security authorization policy should be applied to ensure that new users are limited to only the rights needed to perform their assigned duties?

    D. Principle of least privilege
  42. If you're using username and password authentication, which of the following should you work to avoid?

    D. Weak passwords.
  43. What type of group account is limited to a single computer?

    B. local computer
  44. What is the primary benefit of an account lockout policy?

    A. To prevent unauthorized users from having unlimited attempts to guess a password.
  45. What user account type is able to operate a computer and open, create, and save documents, but cannot manipulate system settings?

    C. Restricted Account
  46. What principle of internal security limits users or groups to only the objects and resources they require to perform their duties?

    A. Principle of least privilege.
  47. The ACL statement "access-list 10 deny any" is an example of what type of access control policy?

    C. Implicit deny.
  48. What type of access control policy limits requesters to only the privileges and permissions associated with the performance of their
    job function?
    A. Role-based access control.
    B. Mandatory access control.
    C. Rules-based access control.
    D. Discretionary access control.
    A. Role-based access control.
  49. What internal control principle is intended to prevent theft and misappropriation, and limits access to secured objects?

    D. Separation of duties.
  50. What international standard defines a security specification for operating systems and access control?

    A. Common Criteria.
  51. A user enters a username and password to a standard login function. What process is taking place?

    B. Single-factor authentication.
  52. Which of the elements in the CIA triad provides that data are only accessible by appropriate, authorized, and trusted users?

    C. Confidentiality.
  53. What is the category of devices that uniquely identify people through their physiological or behavioral traits?

    B. Biometrics
  54. What is the correct order of access control processes?
    A. Authentication, identification, authorization.
    B. Authentication, authorization, identification.
    C. Authorization, authentication, identification.
    D. Identification, authorization, authentication.
    A. Authentication, identification, authorization.
  55. What is the client/server authentication protocol that provides mutual authentication capabilities?

    B. Kerberos.

    What is the access control step that verifies that a user is who he or she claims to be?
  56. A. Qualification.
    • B. Identification.
    • C. Authentication.
    • D. Authorization.

    C. Authentication.
  57. What is the security model that determines whether a user can enter a space and obtain secured objects?

    A. Access control.
  58. A user should be aware of which parts of an organization's security policies?
    A. The security policies applicable to the user and the effects of security breaches.
    B. Only the security policies that deal with computers.
    C. Only physical security policies.
    D. Only the user account and password policies.
    A. The security policies applicable to the user and the effects of security breaches.
  59. What is created by a flaw in an application that could be exploited by an external attacker?

    C. Vulnerability.
  60. What type of encryption uses only a single encryption key to both encrypt and decrypt data?
    A. Symmetric encryption.
    B. Asynchronous stream encryption.
    C. Asymmetric encryption.
    D. Hash algorithm.
    A. Symmetric encryption.
  61. On which of the following encryption concepts is PKI based?

    B. Asymmetric encryption.
  62. To ensure that data at rest, data in motion and data in use retain their integrity without unauthorized modification, removal, or corruption, what system should be in place as part of a data security policy?

    D. Data loss prevention.
  63. What is the type of messages that are sent to mobile devices by application publishers to provide information, advertising, or service or product offers?

    A. Push notification.
  64. What term refers to the delivery of applications as a service in which resources, software, and data are available to the application and a host via the Internet?

    D. Cloud computing.
  65. Which of the following best describes the principle of least privilege?

    D. Restrict a user's access privileges to only those needed by the user for a specific function.
  66. What form of security testing attempts to exploit known or identified vulnerabilities?
    A. Penetration testing.
    B. Functional testing.
    C. Gray box testing.
    D. Vulnerability scanning.
    A. Penetration testing.
  67. What is a DoS attack that sends a flood of synchronization (SYN) requests and never sends the final acknowledgment (ACK)?

    C. SYN flood.

    • What security mechanism sits on the network boundary and blocks network attacks and attempts to repair any damage they do?
    • A. Proxy server.
    • B. Intrusion Detection System (IDS).
    • C. Intrusion prevention system (IPS).
    • D. Firewall.

    C. Intrusion prevention system (IPS).
  68. What is the focus of computer and network security?

    B. Preserving confidentiality, integrity, availability.
  69. What security process confirms a user's identity?

    B. Intrusion detection and intrusion prevention.
  70. What are the two main methods we can use to monitor the security of a network?

    B. Intrusion detection and intrusion prevention.
  71. Which of the following is not a type of stateful inspection?

    A. Packet routing.
  72. Devices like firewalls, proxy servers, and routers control, manage, and monitor networking events using what form of management?

    C. Rule-based management.
  73. What IEEE standard defines interface port-based access control and authentication services?

    A. IEEE 802.1x.
  74. What is the military-sounding name for a special-purpose subnet that services public access requests and receives unauthorized or
    unidentified traffic?

    D. DMZ (demilitarized zone).
  75. What TCP/IP service replaces a packet's private IP address with a public IP address before forwarding the packet onto the public

    B. NAT (network address translation).
  76. What technology creates a simulated version of a computing environment?

    D. Virtualization.
  77. Which of the active versions of IP requires the use of IPSec?

    B. IPv6.
  78. Which one of the following is NOT a protocol or service associated with IEEE 802.1x?

    D. Remote Authentication Dial-In User Service (RADIUS).
  79. Which one of the following is an authentication method that implements IEEE 802.1x security standards?

    B. EAP.
  80. What wireless network security protocol provides strong encryption using pre-shared keys?

    B. WPA2.
  81. What are the two protocols implemented by IPSec?

    D. AH and ESP.
  82. What security controls provide for the detection of unauthorized access, theft, or alteration of data resources?

    B. Data loss prevention (DLP) controls.
  83. What is the term used for the probability of a potential threat becoming a security incident?

    B. Risk.
  84. What type of control methods are intended to mitigate or correct any harm done by the exploitation of a system vulnerability?

    B. Corrective.
  85. What is the process that identifies the probability of threats becoming incidents?

    B. Risk analysis
  86. What is the security policy that restricts the access authorization of a user to only the resources required to do his or her job?

    B. The principle of least privilege.
  87. What is the term we use to describe the priority, from high to low, for capturing data on an affected device?

    D. Order of volatility.
  88. When performing forensic testing and analysis, which version of a suspected system's data should you always use?

    D. An exact copy or data image.
  89. What are the first objectives of a security incident first responder?

    D. Assess damage and control loss.
  90. Which type of data typically requires special software or hardware tools to capture?

    C. Latent data.
  91. To what list does forensic hashing compare the hash value of a document or file to determine if the file is unaffected?

    D. KFF.

    • Who should assume responsibility for conducting user awareness training?
    • A. Outside consultants.
    • B. The users' managers.
    • C
    • D. The user.

    C. Secure network administration.
  92. What term describes information that may identify an individual user?

    A. PII.
  93. What process divides data into groups depending on the level of protection or security the information requires?

    D. Information classification.
  94. What physical security method involves a space between two interlocking doorways?

    D. Mantrap.
  95. What fire suppression chemical extinguishes Class C electrical fires?

    D. Halon.

    • What is the name of the well-defined plan that details the processes we would use to recover the IT infrastructure after it was destroyed by a hurricane?
    • A. Disaster recovery plan (DRP).
    • B. Succession plan.
    • C. Business impact analysis (BIA).
    • D. Business interruption plan.

    A. Disaster recovery plan (DRP).
  96. What policy should all network users fully understand and abide by to prevent viruses and malware from getting onto the network?

    C. Acceptable use policy (AUP).
  97. What term describes the inadvertent admission of an intruder through a locked door that an authorized key holder has opened?

    D. Tailgating.
  98. What term describes the act of enticing users to provide private or confidential information via email or a website?

    C. Phishing.
  99. What term describes a system, function, or department that may fail and cause other systems, functions, or departments to fail?
    A. Pretexting.
    B. Peer-to-peer networking (P2P).
    C. Quid pro quo.
    D. Single point of failure (SPOF).
  100. Which of the following provides guidelines, designs, and plans for a secure system or network?

    B. Reference architecture.
  101. Which of the RAID standards provides only disk mirroring?

    C. RAID 1.
  102. What is a layered security controls approach called?

    D. Defense-in-depth.
  103. What type of component has the capability to withstand failures and errors and continue providing service?

    B. Fault-tolerant.
  104. What is the term that describes the capability of an IT system to increase or decrease its capacities and services without
    significantly impacting its operations or security?

    D. Elasticity.
  105. What attack modifies root name servers to associate invalid or malicious addresses with valid URLs?

    C. DNS poisoning.
  106. What type of malware attack seizes control of a computer and its resources and demands money to release them?

    C. Ransomware.
  107. What type of DDoS attack requests a network server to send large amounts of data to a spoofed IP address?

    A. Amplification.
  108. What type of attack occurs when a user or an application acquires an unearned or undeserved privilege beyond an assigned privilege set?

    B. Privilege escalation.
  109. What type of Trojan malware creates a backdoor through which a remote attacker can gain administrative control of a system or

    D. A remote-access Trojan (RAT).
  110. Which of the following is not a common source of RF interference?

    A. Wireless network APs and device connectors from different manufacturers.
  111. What device can an attacker use to intercept data from network packets, such as usernames, passwords, MAC addresses, and SSID, to mount an active attack on a network?

    D. Packet sniffer.
  112. A basic wireless network is composed of three primary components: an access point, a wireless node, and what?

    C. An Internet gateway.
  113. What is the wireless device that serves as the primary communications hub or switch on a wireless network in infrastructure mode?

    A. Network access point.

    • What attack classi􀃖cation includes an XSS attack?
    • A. XML injection attack.
    • B. Code injection attack.
    • C. Header manipulation attack.
    • D. Command injection attack.

    B. Code injection attack.
  114. What is the most secure device or system failure option?

    D. Fail-secure.
  115. To what item or application is a malicious add-on attached?

    C. Web browser.
  116. What is the term for the security measures put in place to scare off an attacker or to ward off an attack?

    B. Deterrence.
  117. Which of a system's log files contains entries on login or logout activities, including failed login attempts?
    Application log.
    B. Access log.
    C. Audit log.
    D. Security log.
    D. Security log.

    • What system scans system activities to identify and report potential unauthorized activity?
    • A. Intrusion detection system (IDS).
    • B. MAC filtering.
    • C. Intrusion prevention system (IPS).
    • D. Protocol analyzer.

    A. Intrusion detection system (IDS).
  118. Which type of group account provides its user accounts with a common set of security settings?

    B. Security group.
  119. What security system scans system activity to identify and block potential intrusions?

    D. Intrusion prevention system (IPS).
  120. What tool can system administrators use to capture and view packets on an active network?

    B. Protocol analyzer.
  121. What type of IDPS would detect system resource misuse based on an event being outside normal activities?

    B. Anomaly-based.
  122. What does authentication do?

    D) Confirms the identity of a user.
  123. What methods monitor a network for the possible penetration of security measures?

    B. Intrusion detection and intrusion prevention
  124. Packet filter, circuit-level gateway, and application-level gateway are all forms of what?

    B. Stateful inspection.
  125. What form of security management do firewalls implement?

    A. Rule-based management.
  126. What TCP/IP service enables a LAN to use private IP addresses for internal traffic and public IP addresses for external traffic?

    B. NAT.
  127. What computing technology has the capability to simulate an operating system, a server, a storage device, or other network

    D. Virtualization.
  128. What IPv6 protocol set provides for the secure exchange of packets at the Network or IP layer?

    C. IPSec.
  129. Which mode of IPSec should you use to assure the integrity and confidentiality of data within the same LAN?

    B. ESP transport mode.
  130. What IEEE standard defines Extensible Authentication Protocol?

    C. IEEE 802.1x.
  131. What element of a security policy limits an employee's access to only those records or assets she needs to do her job?

    A. Principle of least privilege.
  132. What type of risk control provides a method or strategy for handling the aftermath of a potential security event?

    C. Contingency.
  133. Which one of the following is NOT a resource protected by data loss prevention (DLP) controls?

    C. Database management systems.
  134. What is the correct order of the following incident response steps?

    B. C, B, E, A, D.
  135. Which of the following has the highest (most important) order of volatility?

    D. Main memory.
  136. What is the chronological documentation of the seizure, custody, control, transfer, analysis, and disposition of any evidence,
    physical or digital, gathered during the investigation of an incident?

    C. Chain of custody.
  137. What do HVAC systems maintain inside a secured data center?

    C. Temperature and relative humidity.
  138. What process categorizes information by its sensitivity, access, protection, and regulation?

    D. Information classification.
  139. What is the fire class for an electrical fire?

    A. Class C.
  140. What emergency plan should include procedures and guidelines for restoring applications, data, hardware, communications, and
    making the mission essential IT infrastructure available as soon as possible?

    B. Disaster recovery plan (DRP).
  141. A user on your network receives an email advising her to visit a company's website to confirm her name, address, phone number,
    and account number with the company. What type of social engineering could this email likely be?

    C. Phishing.
  142. What network model allows employees to connect and use personal devices on an organization's network?

    B. Bring Your Own Device (BYOD).
  143. Which of the following concepts is NOT associated with a system with very low downtime?

    C. Defense-in-depth.
  144. Which RAID technology implements both disk striping and disk mirroring?

    B. RAID 10.
  145. What guideline describes a network architecture that segments a network into security zones?

    B. Secure network architecture.
  146. What TCP/IP Layer 3 protocol is most associated with a Denial-of-Service attack?

    A. ICMP.
  147. In what type of cryptographic attack does an attacker attempt to find two data strings that produce the same hash result from a
    common hash function?

    D. Hash collision attack.
  148. What is the general term for software designed to perform damage, destruction, nuisance, and collect personal or private

    D. Malware.
  149. In what type of attack does an attacker add an unauthorized device to a wireless network to gain access to a wired network to
    which a wireless network access point is connected?

    D. Insertion attack.
  150. What term describes an unauthorized network access point inserted into a wireless network?

    C. Rogue access point.
  151. What device is a helpful tool for network administrators for troubleshooting network issues and an attacker's tool for intercepting
    data packets on a network?

    A. Packet sniffer.
  152. What form of attack inserts programming code, data, formatting, or commands into an existing document or file?

    A. Code injection attack.
  153. What type of HTTP cookie remains on a user's computer between sessions with a speci􀃖c website?

    D. Persistent cookie.
  154. What must an attacker do to gain the credentialing necessary to navigate inside of a network or system?

    D. Achieve escalation of privileges
  155. Which of the following is NOT something a protocol analyzer can assist an administrator in identifying?

    D. Identity of intruders.
  156. Of the security system types that you can use to screen system activity for unauthorized events and incidents, which one will
    identify a potential threat and attempt to block it?

    A. Intrusion prevention system (IPS).
  157. An employee's network account permissions and rights are the same as those for all of the other administrative assistants in the
    company. What is the basis of the assigned permissions?

    D. Role-based.

    • Which of the following is not a common source of RF interference?
    • A. Wireless network APs and device connectors from different manufacturers.
    • B. Two APs sharing the same channel setting.
    • C. Non-network devices transmitting on the same bandwidth as the wireless network APs.
    • D. Ungrounded electrical motors.

    A. Wireless network APs and device connectors from different manufacturers.
  158. What device can an attacker use to intercept data from network packets, such as usernames, passwords, MAC addresses, and SSID, to mount an active attack on a network?

    D. Packet sniffer.
  159. A basic wireless network is composed of three primary components: an access point, a wireless node, and what?

    A. An Internet gateway.
  160. What form of attack involves an attacker inserting a wireless device into a wireless network, intercepting messages between two network nodes, and transmitting altered or replaced messages?

    C. Man-in-the-middle attack.
  161. What is the wireless device that serves as the primary communications hub or switch on a wireless network in infrastructure mode?

    A. Network access point.
Card Set
All of them 1