Term
A VPN typically provides a remote access link from one host to another over: |
|
Definition
|
|
Term
| The employees at the Johnson Company are using instant messaging on company networked computers. The most important security issue to address when using instant messaging is that instant messaging: |
|
Definition
| Communications are open and unprotected |
|
|
Term
| Which of the following would be BEST to do when network file sharing is needed. |
|
Definition
1. Set a disk quota 2. Place the share on a different volume than the operating system |
|
|
Term
| Which of the following programming techniques should be used to prevent buffer overflow attacks? |
|
Definition
|
|
Term
| A large company wants to deploy an FTP server to support file transfers between business customers and partners. Which of the following should the security specialist consider before making these changes? |
|
Definition
| FTP transfers data in an unencrypted format |
|
|
Term
| WEP uses which of the following stream ciphers? |
|
Definition
|
|
Term
| A common tool used for wireless sniffing and war driving is: |
|
Definition
|
|
Term
Which of the following is a common type of attack on web servers? |
|
Definition
|
|
Term
| Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? |
|
Definition
|
|
Term
| Spam is considered a problem even when deleted before being opened because spam: |
|
Definition
|
|
Term
In order to secure web-based communications, SSL uses |
|
Definition
1. Public-key cryptography 2. Symmetric cryptography |
|
|
Term
A URL for an internet site begins with 'https': rather than "http:' which is an indication that the website uses: |
|
Definition
|
|
Term
| A web server administrator should adopt which of the following preventative measures? |
|
Definition
| Apply the most recent manufacturer updates and patches to the server |
|
|
Term
| A web page becomes unresponsive whenever the embedded calendar control is used. Which of the following types of vulnerabilities is occurring. |
|
Definition
|
|
Term
| The Johnson Company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used? |
|
Definition
|
|
Term
| Which of the following would be the MOST important reason to apply updates? |
|
Definition
| Software is inherently insecure and as new vulnerabilities are found the vulnerabilites must be fixed. |
|
|
Term
| Which of the following types of firewalls provides inspection at layer 7 of the OSI model? |
|
Definition
|
|
Term
| A company implements an SMTP server on their firewall. This implementation would violate which of the following |
|
Definition
| Use of device as intended |
|
|
Term
A newly hired security specialist is asked to evaluate a companys network security. The security specialist discovers taht users have installed personal software; the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the first step to take? |
|
Definition
| Enforce the security policy |
|
|
Term
| Which of the following is most often used to allow a client or partner access to the network? |
|
Definition
|
|
Term
A demilitarized zone (DMZ) is a network segment that can be created by using: |
|
Definition
|
|
Term
| Stateful packet inspections is a methodology used by: |
|
Definition
|
|
Term
| Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? |
|
Definition
|
|
Term
| Giving each user or group of users only the access they need to do their jobs is an example of which of the following security principles? |
|
Definition
|
|
Term
| A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take? |
|
Definition
|
|
Term
| Which of the following portions of a company's network is between the Internet and an internal network. |
|
Definition
|
|
Term
| Which of the following may be a security issue during transport of stored tape media to an offsite storage location. |
|
Definition
|
|
Term
| A company's security specialist is securing a web server that is reachable from the internet. The web server is located in the core internal corporate network. The network cannot be redesigned and the server cannot be moved. Which of the following should the security specialist implement to secure the web server? (select 2) |
|
Definition
1. Host-based IDS 2. Host-based firewall |
|
|
Term
| When a patch is released for a server the administrator should? |
|
Definition
| Test the patch on a non-production server then install the patch to production. |
|
|
Term
| A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. Which of the following actions should the administrator take FIRST? |
|
Definition
| Disconnect the network cable |
|
|
Term
| An IDS sensor on a network is not capturing all the network data traffic. This may be happening because the sensor is connected to the network with a: |
|
Definition
|
|
Term
| Most current encryption schemes are based on: |
|
Definition
|
|
Term
| Message authentication codes are used to provide which service? |
|
Definition
|
|
Term
| The IPSec Security Association is managed by: |
|
Definition
|
|
Term
Which of the following protects the confidentiality of data making the data unreadable to those who don't have the correct key? |
|
Definition
|
|
Term
| A user has a sensitive message that needs to be sent in via email. The message needs to be protected from interception. Which of the following should be used when sending the email? |
|
Definition
|
|
Term
| Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? |
|
Definition
|
|
Term
| The most common Certificate Server port required for secure web page access is port: |
|
Definition
|
|
Term
| While Jim Jones is surfing, he encounters a pop-up window that prompts the user to download a browser plug-in. The pop-up window is a certificate which validates the identity of the plug-in developer. Which of the following BEST describes this type of certificates? |
|
Definition
| Software publisher certificates |
|
|
Term
| Secret key encyption is also known as |
|
Definition
|
|
Term
| Which of the following are types of certificate-based authentication? (Select two) |
|
Definition
1. Many-to-one mapping 2. One-to-one mapping |
|
|
Term
| Which of the following types of cryptography is typically used to provide an integrity check? |
|
Definition
|
|
Term
Which of the following refers to the ability to be reasonably certain that data is not disclosed to unintended persons? |
|
Definition
|
|
Term
| While reviewing the running services on a production server, an unknown service is observed. Which of the following actions should be taken? |
|
Definition
| Investigate the service and determine whether the service is necessary. |
|
|
Term
| Which of the following methods of password guessing typically requires the longest attack time? |
|
Definition
|
|
Term
| Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? |
|
Definition
|
|
Term
| Which of the following access control models uses subject and object labels? |
|
Definition
| Mandatory Access Control (MAC) |
|
|
Term
| A task-based control model is an example of which of the following? |
|
Definition
| Role Based Access Control (RBAC) |
|
|
Term
| Reusing a ticket, as a replay attack, in Kerberos authentication will not be successful because the tickets: |
|
Definition
|
|
Term
| Controlling access to information systems and associated networks is necessary for the preservation of their: |
|
Definition
| confidentiality, integrity and availability |
|
|
Term
| Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation? |
|
Definition
|
|
Term
| Which of the following steps is MOST often overlooked duringthe auditing process? |
|
Definition
| Reviewing event logs regularly |
|
|
Term
| The risks of social engineering can be decreased by implementing: (Select TWO) |
|
Definition
1. Security awareness training 2. Identity verification methods |
|
|
Term
A user downloads and installs a new screen saver and the program starts to rename and delete random files. Which of the following would be the BEST description of this program? |
|
Definition
|
|
Term
| Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? |
|
Definition
|
|
Term
| Turnstiles, double entry doors and security guards are all prevention measures for which of the following types of social engineering? |
|
Definition
|
|
Term
Which of the following types of malicious software travles across computer networks without requiring a user to distribute the software? |
|
Definition
|
|
Term
| Non-essential services are often appealing to attackers because non-essential services: (select TWO) |
|
Definition
1. are not typically configured correctly or secured 2. sustain attacks that go unnoticed |
|
|
Term
| A manager reports that users are receiving multiple emails from the account of a user who no longer works for the company. Which of the following would be the BEST way to determine whether the emails originated internally? |
|
Definition
| Look at the source IP address in the SMTP header of the emails. |
|
|
Term
| Audit log information can BEST be protected by (select 2) |
|
Definition
1. access controls that restrict usage 2. recording to write-once media |
|
|
Term
| Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? |
|
Definition
|
|
Term
| Which of the following is an inherent flaw of Discretionary Access Control (DAC) relating to security? |
|
Definition
| DAC relies only on the identity of the user or process, leaving room for a Trojan Horse. |
|
|
Term
Which of the following should be done if an audit recording fails in an information system? |
|
Definition
| Send an alert to appropriate personnel |
|
|
Term
| On a Windows host, which of the following event logs would contain failed logons? |
|
Definition
|
|
Term
| Kerberos uses which of the following ports by default? |
|
Definition
|
|
Term
| During a live response to an unauthorized access, a forensics specialist executes a command on the computer being investigated. Which of the following commands would be used to display the current network connections on the local computer? |
|
Definition
|
|
Term
| The first step in risk identification would be to identify. |
|
Definition
|
|
Term
| Which of the following would be an example of a high-availablity disk technology? |
|
Definition
|
|
Term
| Documentation describing a groups expected minimum behavior is known as: |
|
Definition
|
|
Term
| A companys new employees are asked to sign a document that describes the methods of and purposes for accessing the comanys IT system. Which of the following BEST describes the document? |
|
Definition
|
|
Term
| A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. This is an example of: |
|
Definition
|
|
Term
| Which of the following is a supression method for a Class C fire? |
|
Definition
|
|
Term
Which of the following is the BEST place to obtain a hotfix or patch for an application or system? |
|
Definition
| The manufacturer's website |
|
|
Term
| Communication is important to maintaining security because communication keeps: |
|
Definition
| the user commuity informed of threats |
|
|
Term
| Which of the following would be MOST important to have to ensure that a comapny will be able to recover in case of severe environmental trouble or destruction? |
|
Definition
|
|
Term
An important component of a good data retention policy is: |
|
Definition
|
|
Term
| Discretionary Access Control (DAC) depends on |
|
Definition
| owner defined permissions |
|
|
Term
| A security specialist for a large distributed network with numerous divisions is selecting an access control model. Employees in the human resource division need access to personnel information by not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? |
|
Definition
| Role Based Access Control (RBAC) |
|
|
Term
| The security of an encryption scheme depends on the secrecy of the: |
|
Definition
|
|
Term
| A host-based active IDS should be placed on a: |
|
Definition
|
|
Term
| Which of the following authentication methods requires that computers have time sources synchronized? |
|
Definition
|
|
Term
| Which of the following access control models would be MOST compatible with the concept of least privilege? |
|
Definition
| Mandatory Access Control (MAC) |
|
|
Term
Time stamps of audit records for multiple systems are BEST generated using which of the following types of system clocks? (select TWO) |
|
Definition
1. Synchronized 2. Internal |
|
|
Term
| Which of the following types of network monitoring activities would be used to obtain plain text user names an passwords? |
|
Definition
|
|
Term
Which of the following BEST describes IP spoofing? |
|
Definition
| Changing the apparent IP address of the source computer. |
|
|
Term
| Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? |
|
Definition
|
|
Term
| The process of increasing the security of an operating system from its normally installed state is called: |
|
Definition
|
|
Term
| The aid in preventing the execution of malicious code in email clients, which of the following should be done by the email administrator? |
|
Definition
| Spam and anti-virus filters should be used |
|
|
Term
| ACME issues Certificates as a Local Registration Autority and users report that emails sent outside ACME can not be validated by the recipients. Which fo the following actions should be taken? |
|
Definition
| Turn off the digitial signatures on emails going out of the organization |
|
|
Term
| Part of the backup media security includes: (select three) |
|
Definition
1. labeling each tape 2. storing all tapes in a safe location 3. scrubbing data from old tapes before disposing of the tapes. |
|
|
Term
| Pretty good Privacy (PGP) uses which of the following symmetric encryptions of message data and hashing methods? |
|
Definition
|
|
Term
| A security specialist is called to an onsite vacant office where an employees has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. Which of the following actions should the administrator take FIRST? |
|
Definition
| Disconnect the network cable |
|
|
Term
| Which of the following BEST describes the baseline process of securing devices on a network infrastructure? |
|
Definition
|
|
Term
| BSU wants to connect the network to a manufacturer's network to be able to order parts. Which of the following types of networks should BSU implement to provide the connection while limiting the services allowed over the connection? |
|
Definition
|
|
Term
| Which of the following are components of host hardening? (Select TWO) |
|
Definition
1. Disabling unnecessary services 2. Applying patches |
|
|
Term
| L2TP tunneling replies on which of the following for security? |
|
Definition
|
|
Term
| A security administrator tasked with confining sensitive data traffic to a specific subnet would do so by manipulating privilege policy based tables in the network-s: |
|
Definition
|
|
Term
| Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made in the IP header? |
|
Definition
|
|
Term
| Which of the following is the primary method of performing network hardening? |
|
Definition
| Disable any unnecessary ports and services |
|
|
Term
| A remote user has a laptop computer and wants to connect to a wireless network in a hotel. Which of the following should be implemented to protect the laptop computer when connecting to the hotel network: |
|
Definition
|
|
Term
| Bakur Industries wants to implement a VLAN. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network effciency. Which of the following issues should be discussed with senior management before VLAN implementation? |
|
Definition
| MAC addressing can be spoofed and DTP allows rogue network devices to configure ports. |
|
|
Term
| Kirat Refrigeration Services' web server needs to be accessible by remote users, business partners, and coporate users. Which of the following would be the BEST location for the web server? |
|
Definition
|
|
Term
| Fibor optic cable is considered safer than CAT5 because fiber optic cable: (Select TWO) |
|
Definition
1. Is not susceptible to interferences 2. Is hard to tap into |
|
|
Term
| Which of the following types of IDS uses known patterns to deteck malicious activity? |
|
Definition
|
|
Term
| Which of the following types of removable media is write-once and appropriate for archiving security logs? |
|
Definition
|
|
Term
| Which of the following ports are typically used by email clients? (select TWO) |
|
Definition
|
|
Term
| All of the following types of attacks can be detected by an IDS EXCEPT: |
|
Definition
|
|
Term
| A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take? |
|
Definition
|
|
Term
| Access controls based on security labels associated with each data item and each user are known as: |
|
Definition
| Mandatory Access Control (MAC) |
|
|
Term
| A user has received an email from a mortagage company asking for personal information including bank account numbers. This would BEST be described as: |
|
Definition
|
|
Term
| Which of the following connectivity is required for a web server that is hosting an SSL based web site? |
|
Definition
|
|
Term
| Which of the following types of attacks consist of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? |
|
Definition
|
|
Term
| Which of the following would be the BEST reason to disable unnecessary services on a server? |
|
Definition
| Attack surface and opportunity for compromise are reduced. |
|
|
Term
| Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? |
|
Definition
|
|
Term
| On a Windows host, which of the following event logs would contain failed logons? |
|
Definition
|
|
Term
| Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? |
|
Definition
a. Challenge Handshake authentication protocol (CHAP) b. Username/password c. Multifactor |
|
|
Term
| Which of the following access control models uses subjects and object labels? |
|
Definition
Mandatory Access Control (MAC) |
|
|
Term
| Which of the following methods of password guessing typically requires the longest attack time? |
|
Definition
|
|
Term
| A credential that has been digitally signed by a trusted authority is known as: |
|
Definition
|
|
Term
| Which of the following authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client. |
|
Definition
|
|
Term
| Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as: |
|
Definition
|
|
Term
| Which of the following is used to determine equipment status and modify the configuration or setting of network devices? |
|
Definition
|
|
Term
| Kerberos uses which of the followig ports by default? |
|
Definition
|
|
Term
| A user is assigned access rights explicity. This is a feature of which of the following access control models? |
|
Definition
| Discretionary Access Control (DAC) |
|
|
Term
| Audit log information can BEST be protected by: (select TWO). |
|
Definition
1. access controls that restrict usage 2. recording to write-once media |
|
|
Term
| A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models? |
|
Definition
| Role Based Access Control (RBAC) |
|
|
Term
| Which of the following types of malicious software copies itself by attaching to other porgrams on teh same host computer? |
|
Definition
|
|
Term
| Which of the following describes an attacker encouraging a person to perform an action in order to be successful? |
|
Definition
|
|
Term
| Which of the following types of attacks is targeting a web server if thousands of computers are simultaneiously sending hundreds of FIN packets with spoofed source IP addresses? |
|
Definition
|
|
Term
| Which of the following is the MOST effective social engineering defenseive strategy? |
|
Definition
|
|
Term
| Malicious port scanning is a method of attack to determine which of the following? |
|
Definition
| Mandatory Access Control (MAC) |
|
|
Term
| Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? |
|
Definition
|
|
Term
| A user has a sensitive message that needs to be sent via email. The message needs to be protected from interception. Which of the following should be used when sending the email? |
|
Definition
|
|
Term
| PKI provides non-repudiation by prividing third-party assurance of certificate: |
|
Definition
|
|
Term
| Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? |
|
Definition
|
|
Term
| Which of the following is the number of security associations in an IPSec encrypted session for each direction? |
|
Definition
|
|
Term
| Which of the following trust models would allow each user to create and sign certificates for the people they know? |
|
Definition
|
|
Term
| Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? |
|
Definition
|
|
Term
| Which of the following provides the MOST secure form of encryption? |
|
Definition
|
|
Term
| Which of the following would be achieved by using encryption? (Select THREE) |
|
Definition
1. Non-repudiation 2. Confidentiality 3. Integridty |
|
|
Term
| Which of the following types of encryption would be BEST to use for a large amount of data? |
|
Definition
|
|
Term
| Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. The model with no single trusted root is known as: |
|
Definition
|
|
Term
| A digitial signature is used for: |
|
Definition
Integrity and non-repudiation |
|
|
Term
Which of the following describes the validation of a message's origin? |
|
Definition
|
|
Term
| A JPEG file that contains a message in blue letters on a solid white background is published on a website. The file has slight variations in color on the edge of each letter which can be mapped to an ASCII table revealing a hidden message. The process known as: |
|
Definition
|
|
Term
| The authentication process where the user can access several resources without the need for multiple credentials is known as: |
|
Definition
|
|
Term
| Which of the following would be the minimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? |
|
Definition
| Perform multiple bit level overwrites |
|
|
Term
| Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media. |
|
Definition
|
|
Term
A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. This is an example of: |
|
Definition
|
|
Term
| Mark walks up to a group of people who have physical access to a network operations room. As some of the group enters the room. Mark walks into the room behind the group without providing credentials to gain access. Which of the following would BEST describe this activity? |
|
Definition
|
|
Term
| A security specialist is reviewing writable FTP directories and observes several files that viotate the company's security policy. In addition to checking the FTP server, the specialist should: |
|
Definition
| Contain the affected system, review logs for other compromises and report the situation. |
|
|
Term
| To preserve evidence for later use in court, which of the following needs to be documented? |
|
Definition
|
|
Term
| The first step in risk identification would be to identify: |
|
Definition
|
|
Term
| Following a disaster, which of the following functions should be returned first from the backup facility to the primary facility? |
|
Definition
|
|
Term
| An important component of a good data retention policy is: |
|
Definition
|
|
Term
| Which of the following describes the process by which a single user name and password can be entered access multiple computer applications |
|
Definition
|
|
Term
Which of the following is a major reason that social engineering attacks succeed? |
|
Definition
| Lack of security awareness |
|
|
Term
| Which of the following would be MOST important when designing a security awareness program? |
|
Definition
| Conducting user training sessions |
|
|
Term
Which of the following are important for password management? (select TWO) |
|
Definition
1. Changing the password often and not reusing the same password. 2. Using three of the four character sets |
|
|
Term
| Which of the following authentication methods requires that computers have time sources synchronized? |
|
Definition
|
|
Term
Default passwords in hardware and software should be changed: |
|
Definition
| When the hardware or software is turned on |
|
|
Term
| Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? |
|
Definition
|
|
Term
| The largest benifit gained by internally authorized security scanning would be: |
|
Definition
| finding vulnerabilities before the attackers do |
|
|
Term
| Which of the following would be BEST for deploying third-party application security updates on a network with 1,000 computers? |
|
Definition
Enterprise system management (ESM) |
|
|
Term
| Which of the following methods of authentication uses physical characteristics of a user to authenticat the user? |
|
Definition
|
|
Term
When using client side certificates, which of the following can be done to ensure that a computer can not access another company's web site? |
|
Definition
| Revoke the computer's certificate |
|
|
Term
| Which of the following describes an authorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? |
|
Definition
A man-in-the-middle attack |
|
|
Term
| During business hours, a company employee accesses retail sites unrelated to the employee's job from the workstation. Which of the following should be reviewed with this employee? |
|
Definition
|
|
Term
| Which of the following disaster recovery backup sites would be MOST difficult to test? |
|
Definition
|
|
Term
| Shopmart issues Certificates as a Local Registration Authority and user report that emails sent outside Shopmart can not be validated by teh recipients. Which of the following actions should be taken? |
|
Definition
| Turn off the digital signatures on emails going out of Shopmart |
|
|
Term
| Which of the following remote access processes is BEST described as matching user supplied credentials with those previously stored on a host server? |
|
Definition
|
|
Term
| Which of the following standards does S/MIME use to perform public key exchange and authentication? |
|
Definition
|
|
Term
| Which of the following security services are provided by digital signatures? (select THREE) |
|
Definition
1. Integrity 2. Authentication 3. Non-repudiation |
|
|
Term
| The purpose of SSID in a wireless network is to: |
|
Definition
|
|
Term
| SSL runs by default on which of the following ports? |
|
Definition
|
|
Term
| Pretty Good Privacy (PGP) uses which of the following symmetric encryptions of message data and hashing methods? |
|
Definition
|
|
Term
| Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (select TWO) |
|
Definition
1. Disabling SSID broadcasting 2. Charging the default SSID |
|
|
Term
| Poor programming techniques and lack of code review can lead to which of the following types of attacks? |
|
Definition
|
|
Term
| Which of the following is often misused by spyware to collect and report a user's activities? |
|
Definition
|
|
Term
| Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of Linux systems/etc/passwd files? |
|
Definition
| FTP configures to allow anonymous user access |
|
|
Term
| Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSec? |
|
Definition
|
|
Term
| To keep an 802.11x network from being automatically discovered, a user should: |
|
Definition
| turn off the SSID broadcast |
|
|
Term
A security specialist with a large company has seen an increase in the number of spam emails. A user tells the specialist that even though the user has unsubscribed from the lists, the problem seems to be worsening. Which of the following would be a possible cause? |
|
Definition
| Unsubscribe requests confirm email addresses |
|
|
Term
| IPSec works at which of the following layers of the TCP/IP model? |
|
Definition
|
|
Term
| Which of the following types of vulnerability operates by passing a program invalid data? |
|
Definition
|
|
Term
| Which of the following would be the MOST common method for attackers to spoof email? |
|
Definition
|
|
Term
| Which of the following programming techniques should be used to prevent buffer overflow attacks? |
|
Definition
|
|
Term
| Which of the following would be considered a detrimental effect of a virus hoax? (select TWO) |
|
Definition
1. Technical support resources are consumed by increased user calls. 2. Users are tricked into changing the system configuration. |
|
|
Term
| Which of the following would be BEST to do when network file sharing is needed? (Select TWO) |
|
Definition
1. Place the share on a different volume then the operating system 2. Set a disk quota |
|
|
Term
| In a classified environment, a clearance into a Top Secret compartment only allows access to certain information within that compartment. This is known as: |
|
Definition
|
|
Term
| ACME has a hierarchical-based concept of privilege management with administrators having full access, human resources personnel having slightly less access and managers having access to their own department files only. This is BEST described as: |
|
Definition
| Role Based Access Control (RBAC) |
|
|
Term
| Which of the follwoing would be the MOST effective backup site for disaster recovery? |
|
Definition
|
|
Term
| The process of predicting threats and vulerabilities to assets is known as threat: |
|
Definition
|
|
Term
| An enclosure that prevents radio frequency signals from emaneting out of a controlled environment is BEST described as which of the following? |
|
Definition
|
|
Term
| Which of the following sequence of steps should be contained in a computer incident response policy? |
|
Definition
| Preparation; detection and analysis; containment, eradication and recovery; post-incident activity |
|
|
Term
| Which of the following describes backig up files and software that have changed since the last full or incremental backup? |
|
Definition
|
|
Term
| A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy. In addition to checking the FTP server, the specialist should: |
|
Definition
| Contain the affected system, review logs for other compromises and report the situation |
|
|
Term
| Which of the following methods of documenting and storing a password is considered acceptable? |
|
Definition
| Writing the password on a piece of paper and storing the paper in a locked safe |
|
|
Term
| The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: |
|
Definition
| change control management |
|
|
Term
| Company intranet, newsletters, posters, login banners and e-mails would be good tools to utilize in a security: |
|
Definition
|
|
Term
| Human Resource department personnel should be trained about security policy: |
|
Definition
| Guidelines and enforcement |
|
|
Term
| An authentication system where a unique username and password is used to access multiple systems within an organization is an example of which of the following? |
|
Definition
|
|
Term
| Malicious software that travels across computer networks without user assistance is an example of a: |
|
Definition
|
|
Term
| When setting password rules, which of the following would lower the level of security of a network? |
|
Definition
| Complex passwords that users can not remotely change are randomly generated by the administrator and given to users. |
|
|
Term
| A user is assigned access rights explicity. This is a feature of which of the following access control models? |
|
Definition
| Discretionary Access control (DAC) |
|
|
Term
| Nmap has been run against a server and more open ports then expected have been discovered. Which of the following would be the FIRST step to take? |
|
Definition
| The process using the ports should be examined |
|
|
Term
| An employee receives a request from a person claiming to be an employee at a remote office location. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory; however, the caller claims there is an emergency and asks that the request be expedited. Which of the following would be the BEST action for the employee to take? |
|
Definition
| Follow established procedures and report any abnormal incidents. |
|
|
Term
| Which of the following types of authentication models uses a smart card and a User ID/password for accessing network resources? |
|
Definition
|
|
Term
| Which of the following would be MOST desirable when attacking encrypted data? |
|
Definition
|
|
Term
| Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? |
|
Definition
|
|
Term
| Which of the following should be doen if an audit recording falls in an information system. |
|
Definition
| Send an alert to the appropriate personnel |
|
|
Term
| Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? |
|
Definition
| Develop a security policy |
|
|
Term
| Social engineering attacks would be MOST effective in which of the following environments? (Select TWO). |
|
Definition
1. A public building that has shared office spaces. 2. A company with a help desk whose personnel have minimal training. |
|
|
Term
|
Definition
| virus and malware cataloging organizations |
|
|
Term
| A user is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models? |
|
Definition
| Role Based Access Control (RBAC) |
|
|
Term
| A person pretends to be a telecommunications repair technician, enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. The person connects a packet sniffer to teh network switch in the wiring closet and hides the sniffer behind the switch against the wall. This is an example of: |
|
Definition
|
|
Term
| Users are reporting that when attempting to access the companys web page on the Internet, the user is rerouted to a protest webpage. This is MOST likely: |
|
Definition
|
|
Term
| A workstation is being used as a zombie set to attack a web server on a certain date. The infected workstation is MOST likely part of a: |
|
Definition
|
|
Term
| Reusing a ticket, as a replay attack, in Kerberos authentication will not be successful because the tickets: |
|
Definition
|
|
Term
| A task based control model is an example of which of the following: |
|
Definition
| Role Based Access Code (RBAC) |
|
|
Term
| Which of the following is an internet flaw of Discretionary Access Control (DAC) relating to security? |
|
Definition
| DAC relies only on the identity of the user or process, leaving room for a Trojan horse. |
|
|
Term
| Which of the following access control models refers to assigning sensitivity labels to the user and the data? |
|
Definition
| Mandatory Access Control (MAC) |
|
|
Term
| Audit record storage capacity must be large enough to ensure that: |
|
Definition
| the storage is not exceeded |
|
|
Term
| In a certificate hierarchy, the ultimate authority is called the: |
|
Definition
| Root Certifying Authority (Root CA) |
|
|
Term
| A security system that uses labels to Identify objects and requires formal authorization to use is BEST described as: |
|
Definition
| Mandatory Access Control (MAC) |
|
|
Term
| Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation? |
|
Definition
|
|
Term
| Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? |
|
Definition
| Perform a vulnerability assessement |
|
|
Term
| A large company wants to deploy an FTP server to support file transfers between business customers and partners. Which of the following should the security specialist consider before making these changes? |
|
Definition
| FTP transfers data in an unencrypted format. |
|
|
Term
| Which of the following is often misused by spyware to collect and report a user's activities? |
|
Definition
|
|
Term
| The MOST common exploits of Interneto-exposed network services are due to: |
|
Definition
|
|
Term
| Which of the following would be MOST effective in preventing network traffic sniffing? |
|
Definition
Use switches instead of hubs |
|
|
Term
| Which of the following problems will MOST likely occur if an HTML-based email has a mislabeled MIME type, exe attachment? |
|
Definition
| the executable can automatically execute |
|
|
Term
| Which of the following uses private key/public key technology to secure web sites? |
|
Definition
|
|
Term
| Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? |
|
Definition
| A user must trust the public key that is received |
|
|
Term
Which of the following would be the MOST common method for attackers to spoof email? |
|
Definition
|
|
Term
| Open FTP file shares on servers can facilitate which of the following types of attacks? |
|
Definition
|
|
Term
| Which of the following VPN implementations consists of taking IPv6 security features and porting them IPv4? |
|
Definition
|
|
Term
| IPSec works at which of the following layers of the TCP/IP model? |
|
Definition
|
|
Term
| The concept of that a web script is run in its own environment and cannot interfere with any other process is known as a: |
|
Definition
|
|
Term
| A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? |
|
Definition
|
|
Term
| Which of the following would be needed to ensure that a user who has received an email cannot claim tha tthe email was not received? |
|
Definition
|
|
Term
| A URL for an Internet site begins with 'https:' which is an indication that this web site uses: |
|
Definition
|
|
Term
| The purpose of the SSID in a wireless network is to: |
|
Definition
|
|
Term
| A small manufacturing company wants to deploy secure wireless on their network. Which of the following wireless security protocols could be used? (Select TWO) |
|
Definition
|
|
Term
| Most current encryption schemes are based on: |
|
Definition
|
|
Term
Which of the following are types of certificate-based authentications? (Select two) |
|
Definition
1. Many-to-one mapping 2. One-to-one mapping |
|
|
Term
| Which of the following would be an example of a hardware device where keys can be stored? (select TWO) |
|
Definition
1. Smart card 2. PCMCIA card |
|
|
Term
| PKI is based on which of the following types of encryption? |
|
Definition
|
|
Term
| Which of the following provides the MOST secure form of encryption? |
|
Definition
|
|
Term
| Which of the following describes the validation of a message's origin? |
|
Definition
|
|
Term
| Which of the following is a critical element in private key technology? |
|
Definition
|
|
Term
| Which of the following trust models would allow each user to create and sign certificates for the people they knew? |
|
Definition
|
|
Term
| Message authentication codes are used to provide which service? |
|
Definition
|
|
Term
| Pretty Good Privacy (PCP) uses PKI Trust Model where no certificate authority (CA) is subordinate to another. The model with no single trusted root is known as: |
|
Definition
|
|
Term
| Which of the following correctly identifies some of the contents of an end user's X.509 certificate? |
|
Definition
| User public key, the certificate's serial number, and the certificate's validity dates. |
|
|
Term
The Diffie-Hellman encryption algorithm relies on which of the following? |
|
Definition
|
|
Term
| Non-repudiation is enforced by which of the following? |
|
Definition
|
|
Term
| Non-repudiation is enforced by which of the following? |
|
Definition
|
|
Term
| Which of the following would be the MOST important step take to recognize suspicious activity with audity logs? |
|
Definition
| Determine the usual activity. |
|
|
Term
| Which of the following freeware forensic tools are used to capture packet traffic from a network? |
|
Definition
|
|
Term
| A honeypot would be installed on a network to: |
|
Definition
| divert intruders from more vital assets |
|
|
Term
| The process of increasing the security of an operating system from its normally installed state is called: |
|
Definition
|
|
Term
| An SMTP server is the source of email spam in an organization. Which of the following is MOST likely the cause? |
|
Definition
| Anonymous relays have not been disabled. |
|
|
Term
| Which of the following protocols works with 802.1X to authenticate a client to a network? |
|
Definition
|
|
Term
| The mode of operation that allows the capture of network data that travels on all devices on a local Ethernet segment in addition to packets destined for the host machine is known as: |
|
Definition
|
|
Term
| Which of the following BEST describes IP spoofing? |
|
Definition
| Scanning a range of IP addresses |
|
|
Term
| A comapny has decided to allow onsite IT contractors to connect to the contractors home office through a VPN. Which of the following protocols would be allowed through the firewall AH and Encapsulating Security Protocol (ESP)? Select Two. |
|
Definition
|
|
Term
| When reviewing traces from an IDS the following entries are observed: Date Time Source IP Destination IP Port Type10/21 0900 192.1683, (etc). What of the following is MOST likely occurring? |
|
Definition
|
|
Term
| A computer system containing personal identification info is being implemented by a company's sales department. The sales department has requestd that the system become operational before a security review can be completed. Which of the following can be used to explain the reasons a security review must be completed? |
|
Definition
|
|
Term
| Which of the following access control models assigns rights based on job descriptions? |
|
Definition
| Role Based Access Control (RBAC) |
|
|
Term
Which of the following describes a semi-trusted location used to securely house public facing servers between the internet and the local network? |
|
Definition
|
|
Term
| Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? |
|
Definition
|
|
Term
| The first step in effectively implementing a firewall is: |
|
Definition
| developing a firewall policy |
|
|
Term
| Which of the following is MOST often used to allow a client or partner access to a network? |
|
Definition
|
|
Term
| Which of the following types of IDS uses known patterns to detect malicious activity? |
|
Definition
|
|
Term
| Which of the following ports are typically used by email clients? (Select two) |
|
Definition
|
|
Term
| Which of the following types of removable media is write-once and appropriate for archiving security logs? |
|
Definition
|
|
Term
| Which of the following is employed to allow distrusted hosts to connect to services inside a network without allowing the hosts direct access to the internal networks? |
|
Definition
|
|
Term
| Which of the following types of servers should be placed on a private network? |
|
Definition
|
|
Term
| A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used? |
|
Definition
|
|
Term
| Which of the following would be the MOST important reason to apply updates? |
|
Definition
| Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed. |
|
|
Term
| Which of the following BEST describes an attempt to transfer DNS zone data? |
|
Definition
|
|
Term
| A companys security specialist is securing a web server tha tis reachable from the internet. The web server is located in the core internal corporate network. The network cannot be redesigned and the server cannot be moved. Which of the following should the security specialist implement to secure the web server? (Select Two). |
|
Definition
1. Host-based IDS 2. Host-based firewall |
|
|
Term
|
Definition
| allow administrators a chance to ovserve an attack. |
|
|
Term
| An IDS has been employed to enhance security on a companys network. A security specialist has identified traffic from an internal host IP address accessing internal network resources from the Internet. Which of the following would MOST likely be the cause? |
|
Definition
| An unauthorized user is spoofing internal IP addresses. |
|
|
Term
| Which of the following are components fo host hardening? (select TWO) |
|
Definition
1. Disabling unnecessary services 2. Applying patches |
|
|
Term
| Which of the following may be a security issue during transport of stored tape media to an offsite storage location? |
|
Definition
|
|
