Which of the following should risk assessments be based upon as a best practice? A. A quantitative measurement of risk and impact and asset value B. An absolute measurement of threats C. A qualitative measurement of risk and impact D. A survey of annual loss and potential threats and asset value A. A
risk management concept where operations resume at some capacity, despite the presence of a failure, is known as: B. Risk adverse C. Risk redundancy D. Fault tolerance D. Fault tolerance Which type of intrusion detection may terminate processes or redirect traffic upon detection of a possible intrusion? B. Passive C. Adaptive D. Redirective A. At what layer of the TCP/IP model do devices such as ATM, switches, and bridges operate, as well as protocols PPP and ARP? B. Data-link C. Network D. Transport B. Which of the following would explain the difference between a public key and a private key? B. The private key is only used by the client and kept secret while the public key is available to all. C. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related. D. The public key is only used by the client while the private key is available to all. Both keys are mathematically related. B. The private key is only used by the client and kept secret while the public key is available to all. Which of the following creates separate logical networks? B. NAC C. NAT D. DMZ A. Subnetting Which layer of the TCP/IP model is equivalent to the Session, Presentation, and Application layers of the
OSI model? B. Network C. Transport D. Application D. Application Which of the following intrusion detection systems uses statistical analysis to detect intrusions? A. Knowledge B. Signature C. Honeynet D. Anomaly D. Anomaly Which of the following encryption algorithms
relies on the inability to factor large prime numbers? B. Elliptic curve C. AES256 D. RSA D. RSA When would it be appropriate to use time of day restrictions on an account? A. As an added security measure when employees work set schedules B. To eliminate attack attempts of the network during peak hours C. In order to ensure false positives are not received during baseline testing D. To ensure the DMZ is not overloaded during server maintenance A. As an added security measure when employees work set schedules Which of the following is the MOST proficient for encrypting large amounts of data? B. Hashing algorithms C. Symmetric key algorithms D. Asymmetric key algorithms C. Symmetric key algorithms Which of the following is described as a high-level blueprint outlining accepted practices to help build sound policies and procedures for an organization? B. Reference Topology C. Standards Architecture D. Standards Framework D. Standards Framework Administrators should always investigate or refer to which of the following to block the use of previously issued PKI credentials that have expired or otherwise become invalid? A. CA B. PKI C. Escrow D. CRL D. CRL An attacker can implant a rootkit into a picture by which of the following? A. Virus B. Steganography C. Worm D. Trojan Horse B. Steganography Which of the following would be a best practice to prevent users from being vulnerable to social engineering? A. Provide thorough and frequent user awareness training B. Provide a service level agreement that addresses social engineering issues C. Have a solid acceptable use policy in place with a click through banner D. Have users sign both the acceptable use policy and security based HR policy A. Provide thorough and frequent user awareness training The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Thursday afternoon. How many tapes will the technician need to restore the data on the file server for Friday morning? B. Three C. Two D. One A. Four
Which of the following was enacted to protect the privacy and security of medical information? B. PHI Act C. HMPPA D. HIPPA D. HIPPA Mobile device security policies and technologies are used how in relation to operational practices and policies? B. Instead of C. As an option of D. No relation A. In parallel of Which of the following mobile device deployment models permits users to choose the device that the organization will purchase for them? B. BYOD C. CYOD D. COPE C. CYOD Which of the following must be used when setting up a DMZ? B. NIDS C. Proxy D. Honeypot A. Router Which of the following should be implemented when there is a period of high employee turnover? B. A review of storage and retention policies C. A review of NTLM hashes on the domain servers D. A review of group policies A. A review of user access and rights Which of the following describes when the
claimed identity of a user is validated? B. Validation C. Authentication D. Identification C. Authentication The marketing staff wants to supply pens with attached USB drives to clients. In the past this client has been victimized by social engineering attacks that led to a loss of sensitive data. The security administrator instructs the marketing staff not to supply the USB pens due to which of the following? A. The cost associated with distributing a large volume of the USB pens B. The security costs associated with securing the USB drives over time C. The security risks associated with combining USB drives and cell phones on a network D. The risks associated with the large capacity of USB drives and their concealable nature D. The risks associated with the large capacity of USB drives and their concealable nature Which of the following is a vulnerability scanner? B. SolarWinds C. AirSnort D. Microsoft Baseline Security Analyzer D. Microsoft Baseline Security Analyzer Which of the following attacks would allow an attacker to capture HTTP requests and send back a spoofed page? B. Replay C. Phishing D. Teardrop A. TCPIP hijacking Which of the following is an example of restricting access to files based on the identity of the user or group? A. Mandatory Access Control B. Discretionary Access Control C. Certificate Revocation List D. Public Key Infrastructure B. Discretionary Access Control Which of the following id a detailed collection of technical controls and requirements to accomplish the security objectives of an organization? A. Network Flowchart xx B. Reference Guides xx C. Reference Architecture D. Network Architecture xx C. Reference Architecture Which of the following could adversely impact an entire network if it were unavailable when using single signon? B. Authentication server C. Biometrics D. Workstation B. Authentication server Which of the following is not a Bluetooth threat? B. Smurf attack C. Discovery mode D. Bluesnarfing B. Smurf attack Which of the following provides the MOST comprehensive redundancy with the
least amount of downtime for an entire site? B. Hot site C. Cold site D. Warm site B. Hot site New weapon research and development programs would MOST likely be classified as: B. Confidential C. For Official Use Only D. Internal A. Top Secret Which cloud
computing service model is described as utilizing virtualization and a pay for what you use model? B. Platform as a Service (PaaS) xx C. Software as a Service (SaaS) xx D. Virtualization as a Service (VaaS) xx A. Infrastructure as a Service (IaaS) Virtualized applications such as virtualized browsers are capable of protecting the underlying operating
system from which of the following? B. Malware installation from the Internet site of a suspect C. Man in the middle attacks D. Phishing and spam attacks B. Malware installation from the Internet site of a suspect Which of the following is a common correlation engine that aggregates logs and events from multiple devices on a network into one
system? B. Firewall C. IDS D. SIEM D. SIEM Which of the following network filtering devices will rely on signature updates to be effective? B. Proxy server C. Honeynet D. Firewall A. NIDS Which of the following will not reduce EMI? B. Physical shielding C. Overhauling worn motors xx D. Physical location xx A. Humidity control Which of the following occurs when the same result is created by hashing two different files? B. A collision C. A duplication D. A pseudo random event B. A collision Someone that is dumpster diving
would be MOST interested in which of the following? B. Receipts from the supply store C. User education manual D. Business card of computer contractor D. Business card of computer contractor The IP address and MAC address of a rogue device within the local network might best be revealed by which of the following logs? B. Security logs C. DHCP logs D. DNS logs C. DHCP logs The cloud computing delivery model that is owned, managed and operated by the organization is: B. Organizational C. Private D. Public C. Private Which of the following mobile deployment models is the most security minded, where the organization purchases the device and personal use is prohibited? A. Corporate owned, personally enabled B. Choose your own device C. Corporate owned D. Bring your own, corporate managed C. Corporate owned Which of the following would you use to provide partners access to services without granting access to an organizations entire network? B. Intranet C. Extranet D. Externalnet C. Extranet Which of the following protocols is used to ensure secure transmissions on port 443? B. Telnet C. HTTPS D. SFTP C. HTTPS Which of the following types of file sets can be used to compare the characteristics of known instances of malware that the antivirus software
detected? B. Dynamic Library C. Text D. Signature D. Signature The MOST secured hashing algorithm is which of the B. MD5 C. SHA 1 D. LANMAN B. MD5 If an organization wants to ensure the demand for services is accommodated, and builds in the
ability to provision or de-provision resources as needed to support those services, it has employed the concept of: B. Continuous monitoring C. Fault tolerance D. On-demand assets A. Scalability Which of the following describes a tool used by organizations to verify whether or not a staff member has been participating in malicious activity? B. Time of day restrictions C. Mandatory vacations D. Implicit allow C. Mandatory vacations Which procedure should be done first if a remote attack on a system is detected by a technician? B. Disconnect the system from the network C. Contain the attack D. Respond to the attacker A. Follow the incident management procedure in place If you were setting up an IDS with the desire to detect exploits for unknown or unreleased vulnerabilities which type of IDS would you use? B. Signature detection C. Either would detect A. Anomaly detection Which of the following is responsible for the amount of residual risk? B. The DRP coordinator C. Senior management D. The security technician C. Senior management Which of the following roles is responsible for implementing security controls for access, storage, and transmission of data? B. Data Steward C. Data custodian D. Data technician xx C. Data custodian Which of the following labels describes information that does not have access restrictions? B. Nonclassified C. Unclassified D. All of the above E. None of the above D. All of the above What is the lowest classification level and is assigned to information that has the potential to be damaging if disclosed? B. Top Secret C. Confidential D. Private C. Confidential Which of the following tools can be used to confirm that multiple PCs are infected with a zombie? B. Antivirus C. Port scan D. Spyware B. Antivirus A technique utilized by hackers to identify unsecured
wireless network locations to other hackers is which of the following? B. Bluesnarfing C. War driving D. War dialing A. War chalking Which of the following is used to check software or hardware for configuration anomalies? B. Anomaly file C. Secure Baselines D. Integrity checker C. Secure Baselines A device is being selected by an administrator to secure an internal network segment from external traffic. Which of the following devices could be selected to provide security to the network segment? B. HIDS xx C. NIPS D. Internet content filter xx C. NIPS Which of the following is a true statement concerning NIDS? B. A NIDS is installed on the proxy server. C. A NIDS monitors and analyzes network traffic for possible intrusions. D. A NIDS is normally installed on the email server. C. A NIDS monitors and analyzes network traffic for possible intrusions. Which of the following is an example of the security mitigation technique of changing
roles every couple of months? B. Separation of duties C. Job rotation D. Mandatory vacations C. Job rotation A new wireless network is being implemented by a technician for an organization. All of the following wireless vulnerabilities should be considered by the technician EXCEPT: B. Rogue access points C. SSID broadcasts D. 802.11 mode D. 802.11 mode A possible security risk associated with mobile devices is which of the following? B. Domain kiting C. Cross site scripting D. Input validation A. Bluesnarfing Implementing screen filters would reduce which of the following risks? B. Man in the middle attacks C. Shoulder surfing D. Replay attacks C. Shoulder surfing As a DMZ is a publicly accessible network containing servers with public information, strong security and monitoring are not required. B. False B. False Which of the following is a reason to use a Faraday cage? B. To find rogue access points C. To allow wireless usage D. To minimize weak encryption A. To mitigate data emanation Which of the following contains hardware systems similar to the affected organization but does not host live data? B. Warm site C. Cold site D. Hot site B. Warm site With Virtual Desktop Infrastructure, VDI, application deployment model, user applications and data are stored: B. On a remote server C. In the user's iCloud account D. On the user's desktop workstation B. On a remote server Which of the following is described as a practice where a variety of
tools and applications are used to automatically detect, and alert, to suspected security concerns? B. Automated monitoring C. Continuous validation D. Secure automation A. Continuous monitoring Which of the following lists the software development phases in the correct order? B. Production, Testing, Deployment, Staging C. Development, Testing, Production, Staging D. Development, Testing, Staging, Production D. Development, Testing, Staging, Production Packets from a computer outside the network are being dropped on the way to a computer inside the network. Which of the following would be MOST useful to determine the cause of this? B. HIDS log C. System log D. Security log A. Firewall log The MOST difficult security concern to detect when contractors enter a secured facility is which of the following? B. Rogue access points being installed C. Removing mass storage iSCSI drives D. Copying sensitive information with cellular phones D. Copying sensitive information with cellular phones The primary purpose of a load balancer is to: B. Block blacklisted content or web pages for a firewall C. Expand servers and resources when needed D. Capture packets for monitoring and analyzing C. Expand servers and resources when needed Which of the following attacks is MOST likely the cause when a user
attempts to go to a website and notices the URL has changed? B. DLL injection C. ARP poisoning D. DDoS attack A. DNS poisoning Which type of firewall is able to monitor network traffic by looking at traffic behavior and patterns? B. Stateful C. State D. Stateless B. Stateful A design flaw in a new application was discovered by a software manufacturer. Company management decided to continue manufacturing the product with the flaw rather than recalling the software. Which of the following risk management strategies was adopted? B. Risk mitigation C. Risk transfer D. Risk avoidance A. Risk acceptance An isolated, virtualized
environment used for testing new software is known as a: B. Sandbox C. Testbox D. Evalbox B. Sandbox An area of the network infrastructure that allows a technician to place public facing systems into it without compromising the entire infrastructure is which of the following? B. NAT C. VPN D. VLAN A. DMZ The antivirus software on a server repeatedly flags an approved application that the HR department has installed on their local computers as a threat. This is an example of: B. False negative C. True negative D. False positive D. False positive The web camera of a system can be controlled by which of the following attacks? A. Cross site scripting B. XML C. ActiveX component D. SQL injection C. ActiveX component Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as: A. Adware B. Malware C. Ransomware D. Spyware B. Malware Which of the following statements apply to the definition of a computer virus? (Select 3 answers) A. A self-replicating computer program containing malicious segment B. Requires its host application to be run to make the virus active C. A standalone malicious computer program that replicates itself over a computer network D. Can run by itself without any interaction E. Attaches itself to an application program or other executable components F. A self-contained malicious program or code that does need a host to propagate itself A. A self-replicating computer program containing malicious segment B. Requires its host application to be run to make the virus active E. Attaches itself to an application program or other executable component Which of the terms listed below refers to an example of a crypto-malware? A. Backdoor B. Ransomware C. Keylogger D. Rootkit B. Ransomware Malware that restricts access to a computer system by encrypting files or locking the entire system down until the user performs requested action is known as: A. Grayware B. Adware C. Ransomware D. Spyware C. Ransomware A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called: A. Spyware B. Worm C. Trojan D. Spam B. Worm A type of software that performs unwanted and harmful actions in disguise of a legitimate and useful program is known as a Trojan horse. This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code that the user is unaware of. A. True B. False A. True A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as: A. Rootkit B. Spyware C. Backdoor D. Trojan A. Rootkit Which of the following answers lists an example of spyware? A. Keylogger B. Vulnerability scanner C. Computer Worm D. Packet Sniffer A. Keylogger What is adware? A. Unsolicited or undesired electronic messages B. Malicious program that sends copies of itself to other computers on the network C. Software that displays advertisements D. Malicious software that collects information about users without their knowledge C. Software that displays advertisements Malicious software collecting information about users without their knowledge/consent is known as: A. Crypto-malware B. Adware C. Ransomware D. Spyware D. Spyware A malware-infected networked host under remote control of a hacker is commonly referred to as: A. Trojan B. Worm C. Bot D. Honeypot C. Bot Which of the terms listed below applies to a collection of intermediary compromised systems that are used as a platform for a DDoS attack? A. Honeynet B. Botnet C. Quarantine network D. Malware B. Botnet Which type of Trojan enables unauthorized remote access to a compromised system? A. pcap B. RAT C. MaaS D. pfSense B. RAT Malicious code activated by a specific event is called: A. backdoor B. Logic bomb C. Dropper D. Retrovirus B. Logic bomb Which of the following answers refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system? A. Logic bomb B. Trojan Horse C. Rootkit D. Backdoor D. Backdoor An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is referred to as: A. Shoulder surfing B. Privilege escalation C. Social Engineering D. Penetration testing C. Social Engineering A fraudulent email requesting its recipient to reveal sensitive information (e.g. user name and password) used later by an attacker for the purpose of identity theft is an example of: (Select all that apply) A. Phishing B. Watering hole attack C. Social Engineering D. Bluejacking E. Vising A. Phishing C. Social Engineering A social engineering technique whereby attackers under disguise of legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as: A. Phishing B.Privilege Escalation C. Backdoor access D. Shoulder Surfing A. Phishing Phishing scams targeting a specific group of people are referred to as: A. Vishing B. Spear phishing C. Spoofing D. Whaling B. Spear phishing Phishing scams targeting people holding high positions in an organization or business are known as: A. Vishing B. Bluesnarfing C. Whaling D. Bluejacking E. Pharming C. Whaling The practice of using a telephone system to manipulate user into disclosing confidential information is called: A. Whaling B. Spear phishing C. Vishing D. Pharming C. Vishing What is tailgating? A. Acquiring unauthorized access to confidential information. B. Looking over someone's shoulder to get information C. Gaining unauthorized access to restricted areas by following another person D. Manipulating a user into disclosing confidential information C. Gaining unauthorized access to restricted areas by following another person Which social engineering attack relies on identity theft? A. Impersonation B. Dumpster diving C. Watering hole attack D. Shoulder surfing A. Impersonation In computer security, the term "Dumpster diving" is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks. A. True B. False A. True A situation in which an unauthorized person can view another user's display or keyboard to learn their password or other confidential information is referred to as: A. Spear phishing B. Tailgating C. Shoulder surfing D. Spoofing C. Shoulder Surfing Privacy filter (a.k.a. privacy screen) is a protective overlay placed on the computer screen that narrows the viewing angle, so the screen content is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy filter is one of the countermeasures against shoulder surfing. A. True B. False A. True An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of: A. Vishing B. Impersonation C. Virus Hoax D. Phishing C. Virus Hoax Which of the terms listed below refers to a platform used for watering hole attacks? A. Mail gateways B. Websites C. PBX systems D. Web Browsers B. Websites Which social engineering principles apply to the following attack scenario? (Select 3 answers) An attacker impersonates a company's managing staff member to manipulate a lower rank employee into disclosing confidential data. The attacker informs the victim that the information is essential for a task that needs to be completed within the business hours on the same day and mentions potential financial losses for the company in case the victim refuses to comply. A. Urgency B. Familiarity C. Authority D. Consensus E. Intimidation F. Scarcity A. Urgency C. Authority E. Intimidation Which social engineering principles apply to the following attack scenario? (Select 3 answers) An attacker impersonating a software beta tester replies to a victim's post in a forum thread discussing the best options for affordable productivity software. A while later, he/she follows up by sending the victim private message mentioning the discussion thread and offering free access to a closed beta version of a fake office app. A. Authority B. Intimidation C. Consensus D. Scarcity E. Familiarity F. Trust G. Urgency D. Scarcity E. Familiarity F. Trust Which social engineering principle applies to the following attack scenario? While conducting a web research that would help in making a better purchasing decision, a user visits series of Facebook pages and blogs containing fake reviews and testimonials in favor of a paid app intentionally infected with malware. A. Scarcity B. Authority C. Consensus D. Intimidation E. Urgency C. Consensus An attempt to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn't have time or resources to handle legitimate requests is called: A. Bluesnarfing B. MITM attack C Session Hijacking D. DoS attack D. DoS attack As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform the attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet. A. True B. False A. True Which of the following attacks relies on intercepting and altering data sent between two networked hosts? A. Zero-day attack B. MITM attack C. Watering hole attack D. Replay Attack B. MITM attack A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is known as: A. IV attack B. SQL injection C. Buffer overflow D. Fuzz test C. Buffer overflow Entry fields of web forms lacking input validation are vulnerable to what kind of attacks? A. Replay Attacks B. SQL injection attacks C. Brute-force attacks D. Dictionary attacks B. SQL injection attacks Which of the answers listed below refers to a common target of cross-site scripting (XSS)? A. Physical security B. Alternate sites C. Dynamic web pages D. Removable storage C. Dynamic web pages Cross-site request forgery (CSRF/XSRF) is a security exploit that allows for infecting a website with malicious code. The malicious code, often in the form of JavaScript, can then be sent to the unsuspecting user and executed via the user's web browser application. A. True B. False B. False Which type of attack allows for tricking a user into sending unauthorized commands to a web application? (Select 2 answers) A. IRC B. CSRF C. XSS D. XSRF ECSR B. CSRF D. XSRF
Which of the following facilitate(s) privilege escalation attacks? (Select all that apply) A. System/application vulnerability B. Distributed Denial of Service (DDoS) C. Social engineering techniques D. Attribute-Based Access Control (ABAC) E. System/application misconfiguration A. System/application vulnerability C. Social engineering techniques E. System/application misconfiguration An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attacker's IP address instead of the IP address of the default gateway. Based on the given info, which type of attack is taking place in this scenario? A. ARP poisoning B. Replay attack C. Cross-site request forgery D. DNS poisoning A. ARP poisoning Which of the attack types listed below relies on the amplification effect? A. Zero-day attack B. DDoS attack C. Brute-Force attack D. MITM attack B. DDoS attack Remapping a domain name to a rogue IP address is an example of what kind of exploit? A. DNS poisoning B. Domain hijacking C. ARP poisoning D. URL hijacking A. DNS poisoning The term "Domain hijacking" refers to a situation in which a domain registrant due to unlawful actions of third parties loses control over his/her domain name. A. True B. False A. True Which of the terms listed below refers to a computer security exploit that takes advantage of vulnerabilities in a user's web browser application? A. MTTR B. MITM C. MTBF D. MITB D. MITB A type of attack aimed at exploiting vulnerability that is present in already released software but unknown to the software developer is called: A. Xmas attack B. Zero-day attack C. IV attack Replay attack B. Zero-day attack A replay attack occurs when an attacker intercepts user data and tries to use this information later to impersonate the user to obtain unauthorized access to resources on a network. A. True B. False A. True A technique that allows an attacker to authenticate to a remote server without extracting a cleartext password from the digest and use the digest instead of a password credential is known as: A. Pass the hash B. Replay attack C. Hash collision D. Rainbow table A. Pass the hash In computer security, the term "Clickjacking" refers to a malicious technique of tricking a user into clicking on something different from what the user thinks they are clicking on. A. True B. False A. True In a session hijacking attack, a hacker takes advantage of the session ID stored in: A. Key escrow B. Digital signature C. Cookie D. Firmware C. Cookie The term "URL hijacking" (a.k.a. "Typosquatting") refers to a practice of registering misspelled domain name closely resembling other well established and popular domain name in hopes of getting Internet traffic from users who would make errors while typing in the URL in their web browsers. A. True B. False A. True A modification introduced to a computer code that changes its external behavior (e.g. to maintain compatibility between a newer OS and an older version of application software) is called: A. Shimming B. DLL injection C. Refactoring D. Backdoor A. Shimming The practice of optimizing existing computer code without changing its external behavior is known as: A. DLL injection B. Shimming C. Data Execution Prevention (DEP) D. Refactoring D. Refactoring Which of the terms listed below refer(s) to software/hardware driver manipulation technique(s) that might be used to enable malware injection? (Select all that apply) A. Refactoring B. Sandboxing C. Fuzz testing D. Shimming E. Sideloading A. Refactoring D. Shimming IP spoofing and MAC spoofing rely on falsifying what type of address? A. Broadcast address B. Source address C. Loopback address D. Destination address B. Source address Which of the following security protocols is the least susceptible to wireless replay attacks? A. WPA2-CCMP B. WPA-TKIP C. WPA2-PSK D. WPA-CCMP E. WPA2-TKIP A. WPA2-CCMP A type of wireless attack designed to exploit vulnerabilities of WEP is known as: A. MITM attack B. Smurf attack C. IV attack D. Xmas attack C. IV attack The term "Evil twin" refers to a rogue Wireless Access Point (WAP) set up for eavesdropping or stealing sensitive user data. Evil twin replaces the legitimate access point and by advertising its own presence with the same Service Set Identifier (SSID, a.k.a. network name) appears as a legitimate access point to connecting hosts. A. True B. False A. True A wireless jamming attack is a type of: A. Cryptographic attack B. Denial of Service (DoS) attack C. Brute-force attack D. Downgrade attack B. Denial of Service (DoS) attack A solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security settings and add new devices to an existing network is known as: A. WPA B. WPS C. WEP D.WAP B. WPS Which of the wireless technologies listed below are deprecated and should not be used due to their known vulnerabilities? (Select 2 answers) A. WPS B. WAP C. WPA2 D. WEP A. WPS D. WEP The practice of sending unsolicited messages over Bluetooth is called: A SPIM B Bluejacking C. Vishing D. Bluesnarfing B. Bluejacking Gaining unauthorized access to a Bluetooth device is referred to as: A. Phishing B. Bluejacking C. Tailgating D. Bluesnarfing D. Bluesnarfing Which of the following wireless technologies enables identification and tracking of tags attached to objects? A. WTLS B. GPS C. RFID D. WAF C. RFID What is the name of a technology used for contactless payment transactions? A. NFS B. SDN C. PED D. WAP A. NFS A wireless disassociation attack is a type of: A. Downgrade attack B. Brute-force attack C. Denial of Service (DoS) attack D. Cryptographic attack C. Denial of Service(DoS) attack Which cryptographic attack relies on the concepts of probability theory? A. KPA B. Brute-Force C. Dictionary D. Birthday D. Birthday Which of the acronyms listed below refers to a cryptographic attack where the attacker has access to both the plaintext and its encrypted version? A. KEK B. POODLE C. KPA D. CSRF C. KPA Rainbow tables are lookup tables used to speed up the process of password guessing. A. True B. False A. True Which of the following answers refers to the contents of a rainbow table entry? A. Hash/Password B. IP address/Domain name C. Username/Password D/ Account name/Hash A. Hash/Password Which password attack takes advantage of a predefined list of words? A. Birthday attack B. Replay attack C. Dictionary attack D. Brute-force attack C. Dictionary attack An attack against encrypted data that relies heavily on computing power to check all possible keys and passwords until the correct one is found is known as: A. Replay attack B. Brute-force attack C. Dictionary attack D. Birthday attack B. Brute-force attack One of the measures for bypassing the failed logon attempt account lockout policy is to capture any relevant data that might contain the password and brute force it offline. A. True B. False A. True A situation where cryptographic hash function produces two different digests for the same data input is referred to as hash collision. A. True B. False B. False Which of the following answers lists an example of a cryptographic downgrade attack? A. MITM B. KPA C. POODLE D. XSRF C. POODLE Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply) A. IPsec B. MPLS C. PAP D. Kerberos E. CHAP A. IPsec D. Kerberos E. CHAP Which of the cryptographic algorithms listed below is the least vulnerable to attacks A. AES B. DES C. RC4 D. 3DES A. AES Which of the following cryptographic hash functions is the least vulnerable to attacks? A. SHA-1 B. RIPEMD C. SHA-512 D. MD5 C. SHA-512
Which statements best describe the attributes of a script kiddie? (Select 2 answers) A. Motivated by money B. Low level of technical sophistication C. Motivated by ideology D. High level of technical sophistication E. Lack of extensive resources/funding B. Low level of technical sophistication E. Lack of extensive resources/funding A person who breaks into a computer network or system for a politically or socially motivated purpose is typically described as: A. insider B. Competitor C. Hacktivist D. Script Kiddie C. Hacktivist Which of the following terms best describes a threat actor type whose sole intent behind breaking into a computer system or network is monetary gain? A. Hacktivist B. Script Kiddie C. Organized crime D. Competition C. Organized crime Which statements best describe the attributes of an APT? (Select 3 answers) A. Lack of extensive resources/funding B. High level of technical sophistication C. Extensive amount of resources/funding D. Threat actors are individuals E. Low level of technical sophistication F. Threat actors are governments/nation states B. High level of technical sophistication C. Extensive amount of resources/funding F. Threat actors are governments/nation states Which term best describes a disgruntled employee abusing legitimate access to company's internal resources? A. Script kiddie B. Insider threat C. Hacktivist D. Organized crime B. Insider threat
Which of the following terms best describes a type of threat actor that engages in illegal activities to get the know-how and gain market advantage? A. Insiders B. Nation states/APT C. Organized crime D. Competitors D. Competitors Which of the statements listed below describe the purpose behind collecting OSINT? (Select 3 answers) A. Gaining advantage over competitors B. Passive reconnaissance in penetration testing C. Application whitelisting/blacklisting D. Preparation before launching a cyberattack E. Disabling unnecessary ports and services F. Active reconnaissance in penetration testing A. Gaining advantage over competitors B. Passive reconnaissance in penetration testing D. Preparation before launching cyberattacks In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system. A. True B. False B. False In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting. A. True B. False B. False In penetration testing, the practice of using one compromised system as a platform for further attacks on other systems on the same network is known as: A. Initial exploitation B. Pivoting C. Escalation of privilege D. Gray-box testing B. Pivoting
Penetration test of a computer system without the prior knowledge on how the system that is to be tested works is commonly referred to as black-box testing. A. True B. False A. True Penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called: A. Black-hat hacking B. White-box testing C. Black-box testing D. White-hat hacking B. White-box testing Which of the following terms is used to describe a type of penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system? A. Black-box testing B. Fuzz testing C. Gray-box testing D. White-box testing C. Gray-box Penetration testing: (Select all that apply) A. Bypasses security controls B. Only identifies lack of security controls C. Actively tests security controls D. Exploits vulnerabilities E. Passively tests security controls A. Bypasses security controls C. Actively tests security controls D. Exploits vulnerabilities Vulnerability scanning: (Select all that apply) A. Identifies lack of security controls B. Actively tests security controls C. Identifies common misconfigurations D. Exploits vulnerabilities E. Passively tests security controls A. Identifies lack of security controls C. Identifies common misconfigurations E. Passively tests security controls A malfunction in preprogrammed sequential access to a shared resource is described as: A. Race condition B. Buffer overflow C. Memory leak D. Pointer dereference A. Race condition Which of the terms listed below refers to a software that no longer receives continuing support? A. OEM B. SDLC C. EOL D. SPoF D. EOL Which of the following factors pose the greatest risk for embedded systems? (Select 2 answers) A. Lack of user training B. Inadequate vendor support C. System sprawl D. Default configurations E. Improper input handling B. Inadequate vendor support D. Default configurations A situation in which a web form field accepts data other than expected (e.g. server commands) is an example of: A. Zero-day vulnerability B. Improper input validation C. Default configuration D. Improper error B. Improper input validation After feeding an input form field with incorrect data, a hacker gets access to debugger info providing extensive description of the error. This situation is an example of: A. Fuzz testing B. Improper input handling C. Brute-force attack D. Improper error handling D. Improper error handling A predefined username/password on a brand new wireless router is an example of: A. Default configuration B. Misconfiguration C. Zero-day vulnerability D. Architecture/design weakness A. Default configuration Which of the answers listed below describes the result of a successful DoS attack? A. Code injection B. Resource exhaustion C. Identity theft D. Privilege escalation B. Resource exhaustion What is the best countermeasure against social engineering? A. AAA protocols B. User autentication C. Strong passwords D. User education D. User education
Which of the following violates the principle of least privilege? A. Onboarding process B. Improperly configured accounts C. Shared accounts for privileged users D. Time-of-day restrictions B. Improperly configured accounts An e-commerce store app running on an unpatched web server is an example of: A. Architecture/design weakness B. Risk acceptance C. Vulnerability business process D. Security through obscurity C. Vulnerable business process The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks. A. True B. False A. True A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called: A. Memory leak B. Buffer overflow C. DLL injection D. Integer overflow A. Memory leak Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it? A. Buffer overflow B. Pointer dereference C. Memory leak D. Integer overflow D. Integer Overflow A situation in which an application writes to or reads from an area of memory that it is not supposed to access is referred to as: A. DLL injection B. Buffer overflow C. Memory leak D. Integer overflow B. Buffer overflow Which of the following terms describes an attempt to read a variable that stores a null value? A. Integer overflow B. Pointer dereference C. Buffer overflow D. Memory leak B. Pointer Dereference A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as: A. DLL B. ISO C. EXE D. INI A. DLL Which of the terms listed below describes a type of attack that relies on executing a library of code? A. Memory leak B. DLL injection C. Pointer dereference D. Buffer B. DLL injection In the IT industry, the term "System sprawl" is used to describe poor hardware resource utilization. A. True B. False A. True An effective asset management process provides countermeasures against: (Select all that apply) A. System Sprawl B. Race Conditions C. Undocumented assets D. Architecture and design weaknesses E. User errors A. System sprawl C. Undocumented assets D. Architecture and design weaknesses Zero-day attack exploits: A. New accounts B. Patch software C. Vulnerability that is present in already released software developer D. Well known vulnerability C. Vulnerability that is present in already released software developer A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called: A. Antivirus B. Firewall C. Antispyware D. Malware B. Firewall Which of the following applies to a request that doesn't match the criteria defined in an ACL? A. Group Policy B. Implicit deny rule C. Transitive trust D. Context-aware authentication B. Implicit deny rule Stateless inspection is a firewall technology that keeps track of network connections and based on the collected data determines which network packets should be allowed through the firewall. A. True B. False B. False Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet? A. VPN concentrator B. Load balancer C. Managed switch D. Multilayer switch A. VPN concentrator VPNs can be either remote-access (used for connecting networks) or site-to-site (used for connecting a computer to a network) A. True B. False B. False Which of the IPsec modes provides entire packet encryption? A Tunnel B. Payload C. Transport D. Default A. Tunnel An IPsec mode providing encryption only for the payload (the data part of the packet) is known as: A. Protected Mode B. Tunnel mode C. Transport mode D. Safe mode C. Transport Mode Which part of the IPsec protocol suite provides authentication and integrity? A. CRC B. AH C. SIEM D. AES B. AH Which of the IPsec protocols provides authentication, integrity, and confidentiality? A. AES B. SHA C. AH D. ESP D. ESP Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by allowing users simultaneously make use of both the VPN and public network links? A. Tethering B. Split tunnel C. Load balancing D. Full tunnel B. Split tunnel Examples of secure VPN tunneling protocols include: (Select 2 answers) A. bcrypt B. SCP C. IPsec D. WEP E. TLS C. IPsec E. TLS The term "Always-on VPN" refers to a type of persistent VPN connection the starts automatically as soon as the computer detects a network link. A. True B. False A. True A network device designed for managing the optimal distribution of workloads across multiple computing resources is known as: A. Layer 3 Switch B. Access Point C. Load Balancer D. Domain controller C. Load Balancer Which of the terms listed below refers to a method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server? A. Round-robin method B. Active-active configuration C. Session affinity D. Least connection method C. Session affinity In a round-robin method, each consecutive request is handled by: (Select best answer) A. First server in a cluster B. Next server in a cluster C. Least utilized server in a cluster D. Last server in a cluster B. Next server in a cluster In a weighted round-robin method, each consecutive request is handled in a rotational fashion, but servers with higher specs are designated to process more workload. A. True B. False A. True In active-passive mode, load balancers distribute network traffic across: A. All servers B. Servers marked as active C. Least utilized servers D. Servers marked as passive B. Servers marked as active In active-active mode, load balancers distribute network traffic across: A. Least utilized servers B. None of the servers C. All servers D. Most utilized servers C. All servers An IP address that doesn't correspond to any actual physical network interface is called a virtual IP address (VIP/VIPA). A. True B. False A. True What type of IP address would be assigned to a software-based load balancer to handle an Internet site hosted on several web servers, each with its own private IP address? A. IPv4 address B. Virtual IP address C. Non-routable IP address D. IPv6 address B. Virtual IP address An infrastructure device designed for connecting wireless/wired client devices to a network is commonly referred to as: A. Captive portal B. Access Point (AP) C. Intermediate Distribution Frame (IDF) D. Active hub B. Access Point (AP) Which of the following acronyms is used as a unique identifier for a WLAN (a wireless network name)? A. BSS B. SSID C. ESS D. IBSS B. SSID Disabling SSID broadcast: A. Is one of the measures used in securing wireless networks B. Makes a WLAN harder to discover C. Blocks access to a WAP D. Prevents wireless clients from accessing the network B. Makes a WLAN harder to discover A network security access control method whereby the 48-bit physical address assigned to each network card is used to determine access to the network is known as: A. MAC filtering B. Network Address Translation (NAT) C. Static IP addressing D. Network Access Control (NAC) A. MAC filtering Which of the tools listed below would be of help in troubleshooting signal loss and low wireless network signal coverage? A. Logical network diagram B. Protocol analyzer C. WAP power level controls D. Physical network diagram C. WAP power level controls Frequency bands for IEEE 802.11 networks include: (Select 2 answers) A. 5.0 GHz B. 2.4 GHz C. 5.4 GHz D. 2.0 GHz A. 5.0 GHz B. 2.4 GHz C. 5.4 GHz D. 2.0 GHz A common example of channel overlapping in wireless networking could be the 2.4 GHz band used in 802.11 networks, where the 2.401 - 2.473 GHz frequency range is used for allocating 11 channels, each taking up a 22-MHz portion of the available spectrum. Setting up a wireless network to operate on a non-overlapping channel (1, 6, and 11 in this case) allows multiple networks to coexist in the same area without causing interference. A. True B. False A. True Which of the following answers refers to a common antenna type used as a standard equipment on most Access Points (APs) for indoor Wireless Local Area Network (WLAN) deployments? A. Dipole antenna B. Dish antenna C. Unidirectional antenna D. Yagi antenna A. Dipole antenna Which of the antenna types listed below provide a 360-degree horizontal signal coverage? (Select 2 answers) A. Unidirectional antenna B. Dipole antenna C. Dish antenna D. Omnidirectional antenna E Yagi antenna B. Dipole antenna D. Omnidirectional antenna Which of the following answers refer to highly directional antenna types used for long-range point-to-point bridging links? (Select 2 answers) A. Dipole antenna B. Omnidirectional antenna C. Dish antenna D. Non-directional antenna E. Unidirectional antenna C. Dish antenna E. Unidirectional antenna An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against: A. War chalking B. Tailgating C. War driving D. Shoulder surfing C. War driving A type of architecture in which most of the network configuration settings of an Access Point (AP) are set and managed with the use of a central switch or controller is called: A. Thin AP B. Infrastructure mode C. Fat AP D. Ad hoc mode A. Thin AP The term "Fat AP" refers to a stand-alone Access Point (AP) device type offering extended network configuration options that can be set and managed after logging in to the device. A. True B. False A. True A technology that allows for real-time analysis of security alerts generated by network hardware and applications is known as: A. LACP B. DSCP C. SIEM D. LWAPP C. SIEM Which of the following statements describing the functionality of SIEM is not true? A. Data can be collected from many different sources B. Collected data can be processed into actionable information C. Automated alerting and triggers D. Time synchronization E. Event deduplication F. Use of rewriteable storage media F. Use of rewriteable storage media Which of the terms listed below refers to computer data storage systems, data storage devices, and data storage media that can be written to once, but read from multiple times? A. DVD-RW B. Tape library C. Floppy disk D. WORM D. WORM Which of the following acronyms listed refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network? A. DRP B. DHE C. DLP D. DEP C. DLP
Which functionality allows a DLP system to fulfill its role? A. Motion detection B. Environmental monitoring C. Content inspection D. Loop protection C. Content inspection Which of the answers listed below refer(s) to security solution(s) that can be implemented as a function of a DLP system? (Select all that apply) A. USB blocking B. Virtualization C. Email monitoring D. Directory services E. Cloud based security A. USB blocking C. Email monitoring E. Cloud-based security A type of computer security solution that allows to define and enforce network access policies is known as: A. NAC B. NIDS C. NFC D. NAT A. NAC Which of the following answers refer to the implementations of NAC? (Select 2 answers) A. IPsec B. MAC filter C. BYOD D. 802.1X E. HIDS/HIPS B. MAC filter D. 802.1X A company's security policy requires all employee devices to have a software installed that would run as a background service on each device and perform host security health checks before granting/denying it access to the corporate intranet. Based on the given description, which of the answers listed below can be used to describe the software's features? (Select 2 answers) A. Agentless B. Dissolvable C. Agent-based D. Permanent C. Agent-based D. Permanent What type of security measures can be implemented on an MX gateway? (Select all that apply) A. Encryption B. Security guards C. DLP D. Motion Detection E. Spam filter A. Encryption C. DLP E. Spam filter What type of device would be the most convenient for interconnecting two or more physically separated network segments? A. Wireless bridge B. Layer 3 switch C. Wireless Access Point (WAP) D. Cable modem A. Wireless bridge
SSL/TLS accelerators are used to decode secure communication links for the purpose of content inspection. A. True B. False B. False An SSL decryptor card is a type of dedicated hardware device that improves performance of a server by taking over computational tasks related to handling of encrypted network traffic. A. True B. False B. False A type of device that translates data between different communication formats is called: A. Multilayer switch B. Media gateway C. Protocol analyzer D. Media converter B. Media gateway Which of the answers listed below refers to a piece of hardware and associated software/firmware designed to provide cryptographic functions? A. HSM B. EFS C. STP D. WAF A. HSM A software tool used for capturing and examining contents of the network traffic is known as: A. Port scanner B. Honeypot C Protocol analyzer D. Vulnerability scanner C. Protocol analyzer Which of the following is a GUI packet sniffer? A. pfSense B. Nmap C. tcpdump D. Wireshark D. Wireshark Which of the following is a CLI packet sniffer? A. Nmap B. tcpdump C. OpenVAS D. Wireshark B. tcpdump What is Nmap? A. Network scanner B. Exploitation framework C. Protocol analyzer D. Password cracker A. Network scanner Which of the tools listed below would be used to detect a rogue AP? A. HIDS B. Vulnerability scanner C. Packet sniffer D. Wireless scanner D. Wireless scanner Which of the following tools would be used to perform a site survey? A. pfSense B. Wireless Scanner C. OpenVAS D. Nmap B. Wireless scanner Examples of password cracking software include: (Select 2 answers) A. Security Onion B. John the Ripper C. Cain & Abel D. Back Orfice E. tcpdump B. John the Ripper C. Cain & Abel Which of the tools listed below offers the functionality of a vulnerability scanner? A. Roo B. OpenVAS C. Wireshark D. pfsense B. OpenVAS Which of the following tools offers the functionality of a configuration compliance scanner? A. Zenmap B. Roo C. Nessus D. DBAN C. Nessus Which of the answers listed below is an example of exploitation framework? A. tcpdump B. Metasploit C. Security Onion D. OpenVAS B. Metasploit What is the name of a Linux distribution commonly used as a target system for practicing penetration testing techniques? A. Kali Linux B. Debian C. Metasploitable D. Red Hat E. SELinux C. Metasploitable Which of the terms listed below refers to a method for permanent and irreversible removal of data stored on a memory device? A. Sanitization B. High-level formatting C. Recycle Bin (MS Windows) D. Partitioning A. Sanitization What is the purpose of steganography? A. Checking data integrity B. Calculating hash values C. Hiding data within another piece of data D. Data encryption C. Hiding data within another piece of data A monitored host containing no valuable data specifically designed to detect unauthorized access attempts is known as: A. UTM appliance B. Tojan horse C. Captive portal D. Honeypot D. Honeypot Which of the following terms is used to describe a text message containing system information details displayed after connecting to a service on a server? A. Log B. Trap C. Signature D. Banner D. Banner The practice of connecting to an open port on a remote host to gather more information about its configuration is known as: A. Phishing B. Bluesnarfing C. Banner grabbing D. eDiscovery C. Banner grabbing A command-line utility used for checking the reachability of a remote network host is called: A. ping B. tracert C. dig D. netstat A. ping A security technician was asked to configure a firewall so that the protected system would not send echo reply packets. What type of traffic should be blocked on the firewall to accomplish this task? A. SRTP B. ICMP D. CCMP D. SNMP B. ICMP What is the name of a command-line utility that allows for displaying protocol statistics and current TCP/IP network connections? A. ipconfig B. tracert C. netstat D. traceroute C. netstat Netstat is a command-line utility which can be used for: A. Displaying active TCP/IP connections B. Testing the reachability of a remote host C. Displaying intermediary points on the packet route D. Viewing the TCP/IP configuration details A. Displaying active TCP/IP connections Which netstat parameter allows to display all connections and listening ports? A. -a B. -p C. -e D. -r A. -a Which netstat parameter displays addresses and port numbers in numerical form? A. -b B. -n C. -q D. -r B. -n A network command-line utility in MS Windows that tracks and displays the route taken by an IP packet on its way to another host is called: A. ping B. traceroute C. dig D. tracert
D. tracert A Linux command-line utility for displaying intermediary points (routers) an IP packet is passed through on its way to another network node is known as: A. nbtstat B. traceroute C. netstat D. tracert B. traceroute Which of the following CLI tools is used to troubleshoot DNS-related problems? A. arp B. nslookup C. tracert D. pathping B. nslookup Domain information groper (dig) and nslookup are command-line tools used for DNS queries. Both utilities are available on Windows and Linux. Of the two, nslookup is the preferred tool on UNIX-like systems; dig is the default DNS query tool for MS Windows. A. True B. False B. False
ARP is used to perform what kind of resolution? A. IP to FQDN B. MAC to IP C. IP to MAC D. FQDN to IP C. IP to MAC Which command in MS Windows displays a table consisting of IP addresses and their resolved physical addresses? A. arp -e B. netstat -n C. nslookup D. arp -a D. arp -a
What is the name of a Windows command-line utility that can be used to display TCP/IP configuration settings? A. ifconfig B. nslookup C. ipconfig D. netstat C. ipconfig Used without any parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters. A. True B. False A. True Which of the following answers lists an ipconfig command parameter used for displaying the full TCP/IP configuration information for all adapters? A. -a B. /? C. /all D /-a C. /all Which ipconfig parameter allows to view the physical address of a Network Interface Card (NIC)? A. -S srcaddr B. /all C. -i address D. eth_addr B. /all Which of the following command-line commands in MS Windows are used for resetting the DHCP configuration settings for all adapters? (Select 2 answers) A. ifconfig eth0 down B. ipconfig /release C. ifconfig eth0 up D. ipconfig /renew B. ipconfig /release D. ipconfig /renew What is the name of a Linux command-line utility that can be used to display TCP/IP configuration settings? A. ifconfig B. netstat C. nslookup D. ipconfig B. netstat The ip command in Linux is the preferred replacement for: A. netstat B. ifconfig C. nslookup D. ipconfig B. ifconfig Which of the answers listed below refers to a command-line packet capturing utility? A. netcat B. Zenmap C. tcpdump D. Nmap C. tcpdump Which of the following command-line tools is used for discovering hosts and services on a network? A. Nmap B. netcat C. Zenmap D. tcpdump A. Nmap Which of the command-line utilities listed below can be used to perform a port scan? (Select 2 answers) A. Zenmap B. Nmap C. tcpdump D. netcat E. nslookup B. Nmap D. netcat A command-line tool that can be used for banner grabbing is called: A. tcpdump B. netcat C. Nmap D. Wireshark B. netcat Which of the following authentication protocols transmits passwords over the network in an unencrypted form and is therefore considered unsecure? A. RADIUS B. PAP C. TACACS+ D. CHAP B. PAP FTP, HTTP, IMAP4, LDAP, POP3, SNMPv1, SNMPv2, and Telnet are all examples of network protocols that send data in clear text. A. True B. False A. True A security solution designed to detect anomalies in the log and event data collected from multiple network devices is known as: A HIDS B. PCAP C. HIPS D. SIEM D. SIEM Which of the following security measures would be of help in troubleshooting user permission issues? (Select 2 answers) A. Password complexity B. Principle of least privilege C. Password history D. Permissions auditing and review E. Multifactor authentication B. Principle of least privilege D. Permissions auditing and review The term "Segmentation fault" refers to: (Select 2 answers) A. Error handling technique B. Access violation C. Zero-day vulnerability D. Memory management E. Input validation technique B. Access violation D. Memory management Which of the tools listed below can be used troubleshooting certificate issues? (Select 2 answers) A. CIRT B. CRC C. OCSP D. CRL E. OSPF C. OSCP D. CRL A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as: A. DEP B. RADIUS C. DLP D. PGP C. DLP The importance of changing default user names and passwords can be illustrated on the example of certain network devices (such as for example routers) which are often shipped with default and well-known admin credentials that can be looked up on the web. A. True B. False A. True Which of the following answers list(s) example(s) of weak security configuration(s)? (Select all that apply) A. DES B. WPA2 C. SHA-1 D. WEP E. SHA-512 F. WPS A. DES C. SHA-1 D. WEP F. WPS A set of rules enforced in a network that restricts the use to which the network may be put is known as: A. SLA B. AUP C. MOU D. SOW B. AUP Which of the security measures listed below would be effective against the malicious insider threat? (Select 3 answers) A. DLP system B. Principle of least privilege C. Time-of-day restrictions D. Strong authentication E. Usage auditing and review A. DLP system B. Principle of least privilege E. Usage auditing and review What is the best countermeasure against social engineering? A. Strong authentication B. Permission auditing and review C. User awareness training D. Password complexity C. User awareness training What are the drawbacks of running an unauthorized software in a corporate environment? A. Potential malware propagation problem B. Inadequate support from the in-house IT department C. Violation of software licensing agreements D. All of the above D. All of the above Usage auditing and application whitelisting are the countermeasures against: A. Unauthorized software B. Social engineering C. Weak security configurations D. Misconfigured software A. Unauthorized software One of the best practices for malware removal involves the process of isolation of files and applications suspected of containing malware to prevent further execution and potential harm to the user's system. This process is referred to as: A. Quarantine B. Content filtering C. Protected mode D. Blacklisting A. Quarantine The SFC utility in MS Windows: A. Encrypts files and folders B. Checks file integrity and restores corrupted system files C. Displays information about system hardware and software configuration D. Starts Windows programs from command-line interface B. Checks file integrity and restores corrupted system files Hash functions allow for mapping large amounts of data content to a small string of characters. The result of hash function provides the exact "content in a nutshell" (in the form of a string of characters) derived from the main content. In case there's any change to the data after the original hash was taken, the next time when hash function is applied, the resulting hash value calculated after content modification will be different from the original hash. In computer forensics procedures, comparing hashes taken at different stages of evidence handling process ensures that the evidence hasn't been tampered with and stays intact. A. True B. False A. True Which of the following acronyms refers to a network security solution combining the functionality of a firewall with additional safeguards such as URL filtering, content inspection, or malware inspection? A. MTU B. WPA C. UTM D. WAP C. UTM An OS security feature designed to ensure safe memory usage by applications is known as: A. DEP B. DLP C. DSU D. DRP A. DEP Which of the acronyms listed below refers to a firewall controlling access to a web server? A. WEP B. WAP C. WPS D. WAF D. WAF Which of the following mobile connectivity methods provides the best coverage? A. Cellular B. Wi-Fi C. SATCOM D. ANT E. Infrared C. SATCOM The process of establishing connection between Bluetooth devices (for example between a Bluetooth enabled headset and a Bluetooth enabled mobile phone) is commonly referred to as: A. Linking B. Three-way handshake C. Crosstalk D. Pairing D. Pairing Which of the answers listed below refers to a technology that enables carrying out mobile payment transactions with the use of the physical phone device? A. WAP B. NFC C. IR D. RFC B. NFC A wireless connectivity technology primarily used in low-powered sports and fitness mobile devices is known as: A. USB B. WTLS C. UAV D. ANT D. ANT Which of the answers listed below refers to a security countermeasure that allows to erase data on a lost or stolen mobile device? A. Remote lock B. Degaussing C. Low-level formatting D. Remote wipe D. Remote wipe |