Question 1 Creating a basic standard for application settings, securit settings, and acti!e ser!ices on e!er compan laptop "ould be considered### A. group policy B. baseline configuration C. patch management D. a security template Question $ All of t%e follo"ing are correct about &'A( E)CE(T* A. some implementations use x.!" certificates for securing communications B. some of the implementations use #efault TCP ports $%" an# &$& C. all attributes 'ill be encrypte# D. most of the implementations use the x.!! #irectory mo#el Question + ,%ic% of t%e follo"ing is a -e reason for using !irtual mac%ines in a test lab "%ere attac-ers or mal"are ma compromise a mac%ine. A. (asier for the attac)er to compromise the machine B. *ar#er for the attac)er to compromise the machine C. (asier to restore the system to the original state D. *ar#er to restore the system to the original state Question / ,%ic% of t%e follo"ing is more of an irritation t%an a securit t%reat. A. +oot)it B. A#'are C. Spy'are D. Tro,an Question 0 &east pri!ilege is defined as gi!ing access to information* A. base# on tenure at the company B. base# on sense of urgency from management C. that may be re-eale# to the public D. nee#e# to complete the tas) Question 1 ,%ic% of t%e follo"ing describes a piece of malicious code t%at is acti!ated "%en specified conditions are met. A. Tro,an B. Spy'are C. .ogic Bomb D. /irus Question 2 An administrator "is%es to enable net"or- auditing policies# ,%ic% of t%e follo"ing s%ould t%e securit administrator log. A. 0nly logon failures B. 0nly logon success C. Both logon successes an# logon failures D. 0nly logon failures for non1existent users Question 3 4rom a securit perspecti!e a performance baseline is 56ST useful for* A. #etecting performance anomalies that may be #ue to security breaches B. assuring that systems are 'or)ing to their optimal capacity C. )no'ing 'hen security scans are going to finish D. pre#icting the en# of useful life for the fire'all Question 7 A compan creates its o"n application t%at accesses t%e compan databases and re8uires a uni8ue login, based on t%e user9s domain account# T%e de!eloper %as an undocumented login for testing t%at does not need to be aut%enticated against t%e domain# ,%ic% of t%e follo"ing is a securit issue regarding t%is scenario. A. The login shoul# be the same as the #omain account for authentication purposes B. It can be use# as a bac)#oor into the company2s #atabases C. The application shoul# not be #eploye# if it is not fully teste# D. It is not consi#ere# best practice to ha-e a user remember multiple logins Question 1: In order to perform a TC( %i;ac-ing attac-, an attac-er "ould be re8uired to* A. ha-e a protocol analy3er intercept traffic bet'een t'o hosts B. )no' the IP a##resses of both hosts an# se4uence numbers of the TCP5IP pac)ets C. perform a man1in1the1mi##le attac) an# communicate #irectly 'ith t'o hosts D. obtain the 6AC a##ress of the both hosts
Question 1 7correspon#ing ob,ecti-e8 9.$: Creating a basic stan#ar# for application settings; security settings; an# acti-e ser-ices on e-ery company laptop 'oul# be consi#ere#... A. group policy B. baseline configuration C. patch management '# a securit template Question $ 7correspon#ing ob,ecti-e8 $.<: All of the follo'ing are correct about .DAP (=C(PT8 A. some implementations use x.!" certificates for securing communications B. some of the implementations use #efault TCP ports $%" an# &$& C# all attributes "ill be encrpted D. most of the implementations use the x.!! #irectory mo#el Question + 7correspon#ing ob,ecti-e8 9.&: >hich of the follo'ing is a )ey reason for using -irtual machines in a test lab 'here attac)ers or mal'are may compromise a machine? A. (asier for the attac)er to compromise the machine B. *ar#er for the attac)er to compromise the machine C# Easier to restore t%e sstem to t%e original state D. *ar#er to restore the system to the original state Question / 7correspon#ing ob,ecti-e8 9.9: >hich of the follo'ing is more of an irritation than a security threat? A. +oot)it <# Ad"are C. Spy'are D. Tro,an Question 0 7correspon#ing ob,ecti-e8 $.9: .east pri-ilege is #efine# as gi-ing access to information8 A. base# on tenure at the company B. base# on sense of urgency from management C. that may be re-eale# to the public '# needed to complete t%e tas- Question 1 7correspon#ing ob,ecti-e8 9.9: >hich of the follo'ing #escribes a piece of malicious co#e that is acti-ate# 'hen specifie# con#itions are met? A. Tro,an B. Spy'are C# &ogic <omb D. /irus Question 2 7correspon#ing ob,ecti-e8 @.&: An a#ministrator 'ishes to enable net'or) au#iting policies. >hich of the follo'ing shoul# the security a#ministrator log? A. 0nly logon failures B. 0nly logon success C# <ot% logon successes and logon failures D. 0nly logon failures for non1existent users Question 3 7correspon#ing ob,ecti-e8 @.@: Arom a security perspecti-e a performance baseline is 60ST useful for8 A# detecting performance anomalies t%at ma be due to securit breac%es B. assuring that systems are 'or)ing to their optimal capacity C. )no'ing 'hen security scans are going to finish D. pre#icting the en# of useful life for the fire'all Question 7 7correspon#ing ob,ecti-e8 B.: A company creates its o'n application that accesses the company #atabases an# re4uires a uni4ue login; base# on the user2s #omain account. The #e-eloper has an un#ocumente# login for testing that #oes not nee# to be authenticate# against the #omain. >hich of the follo'ing is a security issue regar#ing this scenario? A. The login shoul# be the same as the #omain account for authentication purposes <# It can be used as a bac-door into t%e compan9s databases C. The application shoul# not be #eploye# if it is not fully teste# D. It is not consi#ere# best practice to ha-e a user remember multiple logins Question 1: 7correspon#ing ob,ecti-e8 B.9: In or#er to perform a TCP hi,ac)ing attac); an attac)er 'oul# be re4uire# to8 A. ha-e a protocol analy3er intercept traffic bet'een t'o hosts <# -no" t%e I( addresses of bot% %osts and se8uence numbers of t%e TC(=I( pac-ets C. perform a man1in1the1mi##le attac) an# communicate #irectly 'ith t'o hosts D. obtain the 6AC a##ress of the both hosts