1. Which of the following instruction detection systems uses statistical analysis to detect intructions?

a. Honeynet

b. Anomaly

c. Signature

d. Knowledge

2. One of the reasons that DNS attacks are so universal is DNS services are required for a

computer to access:
a. WLANs

b. WANs

c. LANs

d. the Internet

3. Which of the following should be implemented to have all worktations and servers isolated in

their own broadcast domains? a. VLANs 4. Which technolory allows a connection to made between two networks using a secure protocol? a. Turnneling
5. The technology that allows a connection to be made between two networks using a secure

protocol . a. Turnneling 6. A popular method for breaking a network into smaller private network is called?
a. VLAN 7. Which of the following would be the easiest to use in detection of a DDoS attack?

a. Performance monitor
8. Which of the following tools will allow a technican to detect security-related TCP connection

anomalies? a. Logical token c. Performance monitor b. Public key infrastructure d. Trusted platform module

9. Documentation review, log review, rule-set review, system configuration review, network sniffing, and file integrity checking are examples of: a. Active security testing techniques. b. Black box testing techniques. c. Invasive security testing techniques. d. Passive security testing techniques. 10. USB drives create a potential security risk due to which of the following?

a. Potential for software introduction b. Large storare capacity c. Operating system incompatibility d. Widespread use 11. An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Which of the following could BEST be used to confirm the administractors suspitions?
a. HIDS log

b. Firewall logs

c. Proxy logs

d. AV server logs

12. Which of the following is the GREATEST threat to highly secure environments? a. USB devices b. BIOS configuration

c. RSA256

d. Network attached storage

13. Which of the following describes the standard load for all systems?
a. Group policy

b. Configuration baseline

c. Security template Patch

management
14. Which of the following is the MOST important step to coduct during a risk assessment of

the computing systems? a. The indentification of mantraps b. The indentification of USB drives c. The indentification of missing patches d. The indentification of disgruntled staff members
15. Which of the following BEST describes a way to prevent buffer overflows?

a. Apply security temblates enterprise widE. b. Apply group policy management techinques. c. Apply all security patches to workstations. d. Monitor P2P program usage through content filters. 16. An adminirator is selecting a device to secure an interal nextwork segment from tracffic external to the segment. Which of the following devices could be selected to provide security to the network segment?
a. DMZ

b. HIDS

c. Interenet content filter

d. NIPS

17. Which of the following is a security reason to implement virtualization throughout the

network infrastructure?

a. To isolate the various network services and roles b. To centralize the patch management of network servers c. To implement additional network services at a lower cost d. To analyze the various network traffic with protocol analyzers 18. Which of the following is a security trait of a virtual machine? a. Provides additional resources for testing b. Provides a restricted environment for executing code c. Provides a real- time access to all system processes d. Provides real-only area for executing code
19. An administrator has developed an OS install that will implement the tightest security

controls possible. In orfer to quickly replicate these cotrols on all systems, which of the following should be established? a. Create a boot disk for the operating system. b. Implement OS hardening procedures. c. Create an image from the OS install d. Taske screen shots of the configuration options. 20. Which of the following allows attackers to gain control over the web camera of a system? a. SQL injection b. Active X component c. Cross-site scripting d. XML 21. Kerberos use which of the following trusted entities to issue tickets? a. Internet Key Exchange b. B. Certificate Authority c. Key Distribution Center d. Ticket Granting System 22. Which of the following is a reason to use a Faraday cage? a. To minimize weak encryption b. To allow wrireless usage

c. To mitigate data emanation d. To find rogue acess points 23. Management has asked a technician to prevent data theft throught the use of portable drives. Which of the following should the technician implement? a. Implement a biometric system. b. Disable USB drives. c. Install a CCTV sytem. d. Use security templates. 24. An administrator wants to replace telnet with a more security protocol to manage a network device. Which of the following should be implemented on the network?
a. SNMP

b. SSH

c. SFTP

d. SMTP

25. When assigning permissions, which of the following concepts should be applied to enable a

person to perform their job task? a. Least privilege 26. Which of the following principles should be applied when assigning permissions? b. Least privilege 27. A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do? a. Input validation 28. Which of the following would MOST likely prevent a PC application from accessing the network? a. Host-based firewall 29. Which of the following is a software bundle containing multiple security fixes? a. Service pack 30. Accessing a system or application using permisstions from another users account is a from of which of the following? a. Privilege escalation 31. To facilitate complitate compliance with Internet use portion of the corporate acceptable use policy, an administrator implements a series of proxy servers and firewalls. simpler solution?

a. Internet content filter 32. How would a technician implement a security patch in an enterprise environment? a. Download the patch from the vendors secure website, test the patch and install it on all workstations. 33. Which of the following is a reason to implement security logging on a DNS server? a. To monitor unauthorized zone transfers 34. Which of the following is an example of security personnel that administer access control functions, but do not administer audit functions? a. Separation of duties 35. A technician is implementing a new wireless network for an organization. The technician should be concerned with all of the following wireless vulnerabilities EXCEPT: a. 802.11 mode. 36. Which protocal operates on 2.4GHz and has a bandwidth of 1Mbps or 2Mbps? a. 802.11 37. Which of thew following can an attacker use to gathe information on a system without having a user ID or password? a. Null session 38. When is the BEST time to update antiviruts definitions? a. As the definitions become available from vedor 39. A technician is reviewing the logical acess control method an organization uses. One of the senior managers requests that the technician prevent staff .. to meet managements request? a. Time of day retictions 40. Which of the following BEST describes the term war driving?
a. Driving from point to point with a laptop and an antemma to find unsecured wireless access points.

41. User A is a member of the payroll security group. Each member of the group should have read/write permissions to a share. User A was trying to update a file but . A could not acess the file? a. Rights are not set correctly 42. _____ is used to process requests from an outside network and evaluate whether the request is forwarded or not a. Proxy firewall

43. Your system log files report an ongoing attempt to gain acess to a single account. This attempt has been unsuccessful to the point. What type of attack are you most likely experiencing? a. Password guessing attack 44. Network monitors, otherwise called _____ a. A sniffer 45. Some examples of hardening techniques include all of the following EXCEPT: a. Running weekly spyware applications 46. A technician is working on an end users desktop which has been having performance issues. The technician notices.the NIC. A good the desktop would be: a. nelstart 47. an administractor is running a network monitoring application that look for behaviors on the network outside the established. This is typical of a (n): a. Anomaly-based tool 48. Which of the following is a collection of fixes for an application of operating system that has been trsted by the vendor? a. A service patck 49. An antivirus server keeps flagging an approved application that the marketing department has installed on their loal computers as a threat. This is an example of: a. False positive 50. Which file system was primarity intended for desktop system use and offers limited security? a. FAT 51. Which file system is used in NetWare servers? a. NSS 52. Which action should be performed to harden workstations anservers? a. Install only needed sofware 53. What is the prcess of improving security in a NOS referred to as? a. Hardening 54. Which of the following can be used to implement a procedure to control inbound an outbound traffic on a network segment?

a. ACL 55. If a certificate has been compromised, which of the following should be done? a. Put the certificate on the CRL 56. When deloying 50 new workstations on the network, which of the following should be completed FIRST? a. Apply the baseline configuration. 57. A user wants to implement secure LDAP on the network. Which of the following port numbers secure LDAP use by default? a. 636 58. Which of the following access control methods includes swiching work assignment at preset intervals? a. Job rotation 59. Which of the following would an attaker use to footint a system/ A. Port scanner 60. If a user attempts to go to a website and notices the URL has chaned, which of the following attacks is MOST likely the cause? a. DNS poisoning 61. An administrator wants to proactively collect information on attackers and their attempted methods of gaining acess to the internal network. Which of the following would allow the administrator to do this? a. Honeyport 62. Which of the following is a single server thet is a setup in the DMZ or outer perimeter in order to distract attackers? a. Honeyport 63. Which of the following network tools would provide the information on what an attacker is doing to compromise a system? a. Honeyport 64. Which of the following requires an update to the baseline after installing new software on a machine? a. Behavior-based HIDS

65. Which of the following allows technician to correct a specific issue with a solution that has not bean fully tested? a. Hotfix 66. Which of the following practices is MOST relevant to protecting against operating system security flaws? a. Patch management 67. Which of the following network filtering devices will rely on signature updates to be effective? a. NIDS 68. Which of the folowing is a way to manage operating system updates? a. Change management 69. A programmer has decided to alter the server variable tn the coding of an authentication function for a proprietary. Should be followed? a. Change management 70. Which of the following can be used as a means for dual-factor authentication? a. Iris scan and proximity card 71. Which of the following is a method of encrypting email? a. S/MME 72. Which of the following is a best practice for coding applications in a secure manner? a. Input validation 73. Which of the following allows a techinician to view the security permission of a file? a. The access control list 74. Which of the following allows a person to find public wireless access points? a. SSID broadcast 75. Which of the following is not used for cryptography? a. Access 76. With regard to hash encryption, which of the following is true? a. Hash encryption uses 128 bits 77. Which algorithms can best encrpt large amounts of data?

a. Symmetric key algorithms 78. What is the PKI trust model that allows for trust between two or more root CA systems called? a. Bridge 79. Which of the following is an example of an asymmetric algorithm?
a. RSA (Rivest Shamir Adelman)

80. When using a single sign-on method, which of the following could adversely impact the entire network? a. Authentication server 81. Which of the following represents the best method of protecting passwords stored on the authentication server? a. Hash the server password 82. ____ defines the certificate formats and fileds for public keys a. The X.509 standard 83. With regard to a X509 v.3 certificate, which of the following is NOT a filed? a. Private key 84. Which of the following terms refers to the prevention of unauthorized disclosure of key? a. Access control 85. What is the process of determining who owns a particular database file called? a. Accountability 86. Which of the following allows directory permissions to filter down through the sub-directory hierarchy? a. inheritance
87. which of the following is a common algorithm used to verify the integrity of data from a

remote user through the creation of 128- bit hash from a data input? a. MD5 (Message Digest 5)
88. Which of the following if disabled will MOST likely reduce, but not eliminate the risk of

VLAN jumping? a. DTP on all ports 89. Which of the following is the primary objective of business continuity plan (BCP)?

a. Addresses the recovery of an organizations business operations 90. Which of the following is an example of a trust model? a. Managing the CA relationships 91. Which of the following is the MOST efficient way that an administrator can retrict network access to certain ports enterprise wide? a. ACL 92. An administrator is responsiblevfor a server which has been attacked .. incident? a. Implement the server as a vitual server instance 93. Which of the foolwing authentication models uses a tim stamp to prevent the risk associated with a relay attack? a. Kerberos
94. Youve been assigned to mentor a junior .KDC.

a. Kerberos 95. Which of the authentication method uses a KDC to accomplish authentication? a. Kerberos 96. All of the following should be indentifiled within the penetration testing scope of work EXCEPT: a. A complete list af all network vulnerabilites 97. Which of the following protocols can be implemented as an alternative to the overhead of a VPN? a. SSL
98. To combat transaction fraud, a bank has implement that all bank customers enter a different,

unique code MOST accomplish this? a. One-time password 99. Which of the following hasing algorithms is the MOST secure? a. MD5 100. An adminstrator is asked to improve the physical security of a data center lacated inside the office building. The data center .could be implemented? a. Mantrap

101. An administrator recomends that management establish a trusted third party central .. Best describes ..recommendation? a. Key escrow 102. Which of the following logs would reval activites related to an ACL?

a. Firewall 103. Which of the following encryption algorithms has the largest overhead?

a. 3DES 104. Which of the following disaster recover . Live site goes down?

a. Cold site 105. Of the following services, which one would be most likely to utilize a retinal scan?

a. Authertication
106. You want to istall a server in the netword area that provides web services to Internet

clients.. accomplish this? a. Istall the server in a DMZ

107. Which authentication method provides credentials that are only valid during a single session? a. Tokens

108. Which of the following services or protocols should be avoided in a network if possible?
a. Telnet

109.
a. 110.

Your company provides medical data to doctors .session? Tokens ___is process by which digital information assets are protected

a. Information Security 111. A user just complained to you that his system has been infected with a new virus

a. Venifying that the most currrent virus definition file is installed

112.

Which of the following is an exsample of two-factor authentication for an information

system? a. ATM card and PIN 113. Which of the following would be useful in detemining what accessed during an external attack?

a. System logs 114. Of the following types os security, which would be primarily concerned with

a. Physical security
115.

Which access method is primary based on presstablished access?

a. MAC 116. A new director of information technolory has been hired, which of the following?

a. Asset identification 117. Which of the following is NOT a valid access cotrol mechanism?

a. SAC (Subjective Access Control) 118. Which of the following is not an example of a security zone?

a. NAT 119. Which authentication method sends a challenge back to the client that is encryted and sent back to the server? a. CHAP 120. Which technology relies on physical attribute of the user for authentication?

a. Biometrics

121.

Which authentication uses more than one authentication process for logon?

a. Multi-factor
122.

One of the vice presidents of the company calls a meeting with information

a. Biometrics
123.

Goals of Information Security:

a. All of them 123. Your office administractor is being trained to perform server backups. Which authentication method would be ideal for this situation? a. RBAC 124. continuos opration of computing systems is called what? a. Availability 125. Which of the following is an area of the network infrastruture that allos a technician to plance public facing system into it without compromising the entire infrastructure?

a. DMZ 126. After acquiring another copony, your organization is in a unque position to create a new . Type of security zone? a. NAT 126.1 which of the following protocols allows an organization to present a sigle TCP/IP address to the Internet while utilizing private IP addressing acrossthe LAN? a. NAT 126. 2. An administrator wants to setup their network with only one public IP address. Which of the following would allow for this? a. NAT 126.3. A user has decided that they do not want an internet LAN segement to use public IP . User want to implement? a. NAT 127. _____ is an unauthorized access to a network a. A threat 128. which of the following would BEST describe a disaster recovery plan (DRP)? a. Addresses the recovery of an organizations IT infrastructure. 129. ____ is a weakness in a system, such as mis-configured hardware or software, poor design, user carelessness a. A vulnerability 130. Protection of data from unauthorized disclosure to a third party is called what? a. Confidentiality 141. Which of the following is MOST likely to make a disater rcovery exercise valuale? a. Learning from the mistakes of the exercise 142. which of the following IP address is within the private adress range? a. 192.168.0.10 143. One of the security benefits to using virtuaization technology is: a. if an instance is compomised the damage can be compartmentalized. 144. You have been asked to present the types of threats your organization could face from hackers. Which of the following would best catgorize this information?

a. Threat indentification 145. How should a company test the integrity of its backup data? a. By retoring part of the backup 146. Which of the following is an explot against a device where only the hardware model and manufacturer are known? a. Default passwords 147. Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem? a. A vulnerability scanner 148. Choose correct statement: a. Network based IDSs (Intrustion Detection System) are usually passive devices that listen on a network wire without interfering with the normal operation of a a network 149. which of the following allows a person to find public wireless access points a. SSID broadcast. 150. Which of the following if disabled will MOST likely reduce, but not eliminate the risk of VLAN jumping? a. DTP on all ports 151. a firewall operating as a ____ will pass or block traffic to specific addresses based on the type of application a. Packet filter 152. Which of the following is a primary cuinerability of a wireless enviroment? a. Site surey 153. Which of the following allows for the highest level of security at time of login? a. two-factor aultentication 154. Sending continuos TCP requests to a device and ignoring the return information util the device ceases to accept new connections is an example of which of the following? a. DoS 155. Which of the following methods is used to perform denial of service (DoS) attack? a. Botnet 156.Which of the following BEST describes ARP?

a. Discoving the MAC address of a device from the IP address 157. An administractor notices that former temporaty employees accounts are still active on a domain..happening? a. Implement an account expiration date for tempory employees 158. Which of the following will propagate itseft without any user interaction? a. Worm 159. A user needs to verify that a patch file downloaded from a third party has not been modifiedbeen modified? a. Compare the final MD5 hash with the original. 160. Weak encryption is a common problem with of the following wireless protocols? a. WEP 161. ____ is an interface thet is used to connect to a device a. Port 162. Which of the following tools would be used to review network traffic for clear text passwords? a. Protocol analyzer 162.1 A technician needs to detect staff members that are connecting to an unauthorized could be used? a. Protocol analyzer 163. End users are complaining about receiving a lot of email from online vendors and pharmacies. Which of the following is this an example of? a. Spam 164. which of the vfollowing type of attacks would allow an attacker to capture HTTP request and send back a spoofed page? a. TCP/IP hijacking 165. Which of the following media is the LEAST likely to be successfully tapped into? a. Fiber optic cable 166. Which of the following would be BEST to use to apply corporaty securyty to a device? a. A security template 167. What is the process of indentifying the configuration of your network called?

a. Scanning 168. What is the maximum data transmission rate of IEEE (Institure of Electinical an Electinics Engineers) 802.11b? a. 11Mbps (Megabits per second) 169. A company uses a policy of assigning passwords to users, by defualt the passwords are .. this password.. example of? a. Weak passwords