Security MCQ: September 2017

Archive for September 2017

Which of the following pseudocodes can be used to handle program exceptions?

A. If program detects another instance of itself, then kill program instance.

B. If user enters invalid input, then restart program.

C. If program module crashes, then restart program module.

D. If user's input exceeds buffer length, then truncate the input.

Answer: C

A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?

A. Availability

B. Integrity

C. Confidentiality

D. Fire suppression

Answer: A

Which of the following could cause a browser to display the message below? "The security certificate presented by this website was issued for a different website's address."

A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs.

B. The website is using a wildcard certificate issued for the company's domain.

C. HTTPS://127.0.01 was used instead of HTTPS://localhost.

D. The website is using an expired self-signed certificate.

Answer: C

A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?

A. 20

B. 21

C. 22

D. 23

Answer: B

Which of the following would Pete, a security administrator, MOST likely implement in order to allow employees to have secure remote access to certain internal network services such as file servers?

A. Packet filtering firewall

B. VPN gateway

C. Switch

D. Router

Answer: B

Matt, the security administrator, notices a large number of alerts on the NIDS. Upon further inspection, it is determined that no attack has really taken place. This is an example of a:

A. false negative.

B. true negative.

C. false positive.

D. true positive.

Answer: C

Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?

A. HIPS

B. NIDS

C. HIDS

D. NIPS

Answer: A

Which of the following protocols would be used to verify connectivity between two remote devices at the LOWEST level of the OSI model?

A. DNS

B. SCP

C. SSH

D. ICMP

Answer: D

An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?

A. CRL

B. Non-repudiation

C. Trust models

D. Recovery agents

Answer: B

Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. Which of the following activities is MOST appropriate?

A. War dialing

B. War chalking

C. War driving

D. Bluesnarfing

Answer: C

Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task?

A. HIDS

B. Firewall

C. NIPS

D. Spam filter

Answer: C

Sara, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following?

A. Acceptable Use Policy

B. Physical security controls

C. Technical controls

D. Security awareness training

Answer: D

Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected?

A. Application design

B. Application security

C. Initial baseline configuration

D. Management of interfaces

Answer: C

After Matt, a user enters his username and password at the login screen of a web enabled portal, the following appears on his screen:

`Please only use letters and numbers on these fields'

Which of the following is this an example of?

A. Proper error handling

B. Proper input validation

C. Improper input validation

D. Improper error handling

Answer: B

Which of the following is an example of multifactor authentication?

A. Credit card and PIN

B. Username and password

C. Password and PIN

D. Fingerprint and retina scan

Answer: A

Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?

A. Record time offset

B. Clean desk policy

C. Cloud computing

D. Routine log review

Answer: B

Which of the following can be used to mitigate risk if a mobile device is lost?

A. Cable lock

B. Transport encryption

C. Voice encryption

D. Strong passwords

Answer: D

Which of the following protocols is used to authenticate the client and server's digital certificate?

A. PEAP

B. DNS

C. TLS

D. ICMP

Answer: C

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?

A. HIPS

B. Antivirus

C. NIDS

D. ACL

Answer: A

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?

A. Recovery agent

B. Certificate authority

C. Trust model

D. Key escrow

Answer: A

Which of the following controls should be used to verify a person in charge of payment processing is not colluding with anyone to pay fraudulent invoices?

A. Least privilege

B. Security policy

C. Mandatory vacations

D. Separation of duties

Answer: C

Which of the following provides the HIGHEST level of confidentiality on a wireless network?

A. Disabling SSID broadcast

B. MAC filtering

C. WPA2

D. Packet switching

Answer: C

An ACL placed on which of the following ports would block IMAP traffic?

A. 110

B. 143

C. 389

D. 465

Answer: B

Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?

A. CCTV system access

B. Dial-up access

C. Changing environmental controls

D. Ping of death

Answer: C

Which of the following defines an organization goal for acceptable downtime during a disaster or other contingency?

A. MTBF

B. MTTR

C. RTO

D. RPO

Answer: C

Which of the following defines a business goal for system restoration and acceptable data loss?

A. MTTR

B. MTBF

C. RPO

D. Warm site

Answer: C

Which of the following can use RC4 for encryption? (Select TWO).

A. CHAP

B. SSL

C. WEP

D. AES

E. 3DES

Answer: B & C.

Which of the following can be used in code signing?

A. AES

B. RC4

C. GPG

D. CHAP

Answer: C

An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame. Which of the following strategies would the administrator MOST likely implement?

A. Full backups on the weekend and incremental during the week.

B. Full backups on the weekend and full backups every day.

C. Incremental backups on the weekend and differential backups every day.

D. Differential backups on the weekend and full backups every day.

Answer: A

A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?

A. RADIUS

B. TACACS+

C. Kerberos

D. LDAP

Answer: B

Why is it important for a penetration tester to have established an agreement with management as to which systems and processes are allowed to be tested?

A. Penetration test results are posted publicly, and some systems tested may contain corporate secrets.

B. Penetration testers always need to have a comprehensive list of servers, operating systems, IP subnets, and department personnel prior to ensure a complete test.

C. Having an agreement allows the penetration tester to look for other systems out of scope and test them for threats against the in-scope systems.

D. Some exploits when tested can crash or corrupt a system causing downtime or data loss.

Answer: D

Which of the following is the below pseudo-code an example of? IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT

A. Buffer overflow prevention

B. Input validation

C. CSRF prevention

D. Cross-site scripting prevention

Answer: B

Elliptic curve cryptography: (Select TWO)

A. is used in both symmetric and asymmetric encryption.

B. is used mostly in symmetric encryption.

C. is mostly used in embedded devices.

D. produces higher strength encryption with shorter keys.

E. is mostly used in hashing algorithms.

Answer: C & D.

When checking his webmail, Matt, a user, changes the URL's string of characters and is able to get into another user's inbox. This is an example of which of the following?

A. Header manipulation

B. SQL injection

C. XML injection

D. Session hijacking

Answer: D

Which of the following should Matt, a security administrator, include when encrypting smartphones? (Select TWO).

A. Steganography images

B. Internal memory

C. Master boot records

D. Removable memory cards

E. Public keys

Answer: B & D.

Which of the following components MUST be trusted by all parties in PKI?

A. Key escrow

B. CA

C. Private key

D. Recovery key

Answer: B

Which of the following is used to certify intermediate authorities in a large PKI deployment?

A. Root CA

B. Recovery agent

C. Root user

D. Key escrow

Answer: A

In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO).

A. Take hashes

B. Begin the chain of custody paperwork

C. Take screen shots

D. Capture the system image

E. Decompile suspicious files

Answer: A & D.

A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts?

A. Confidentiality

B. Availability

C. Succession planning

D. Integrity

Answer: B

Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?

A. Penetration test

B. Code review

C. Vulnerability scan

D. Brute Force scan

Answer: C

Which of the following assessments would Pete, the security administrator, use to actively test that an application's security controls are in place?

A. Code review

B. Penetration test

C. Protocol analyzer

D. Vulnerability scan

Answer: B

Configuring the mode, encryption methods, and security associations are part of which of the following?

A. IPSec

B. Full disk encryption

C. 802.1x

D. PKI

Answer: A

In which of the following scenarios is PKI LEAST hardened?

A. The CRL is posted to a publicly accessible location.

B. The recorded time offsets are developed with symmetric keys.

C. A malicious CA certificate is loaded on all the clients.

D. All public keys are accessed by an unauthorized user.

Answer: C

Privilege creep among long-term employees can be mitigated by which of the following procedures?

A. User permission reviews

B. Mandatory vacations

C. Separation of duties

D. Job function rotation

Answer: A

Use of group accounts should be minimized to ensure which of the following?

A. Password security

B. Regular auditing

C. Baseline management

D. Individual accountability

Answer: D

A username provides which of the following?

A. Biometrics

B. Identification

C. Authorization

D. Authentication

Answer: B

Which of the following access controls enforces permissions based on data labeling at specific levels?

A. Mandatory access control

B. Separation of duties access control

C. Discretionary access control

D. Role based access control

Answer: A

Which of the following would MOST likely ensure that swap space on a hard disk is encrypted?

A. Database encryption

B. Full disk encryption

C. Folder and file encryption

D. Removable media encryption

Answer: B

Which of the following provides the MOST protection against zero day attacks via email attachments?

A. Anti-spam

B. Anti-virus

C. Host-based firewalls

D. Patch management

Answer: A

Which of the following defines when Pete, an attacker, attempts to monitor wireless traffic in order to perform malicious activities?

A. XSS

B. SQL injection

C. Directory traversal

D. Packet sniffing

Answer: D

Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue?

A. Spam filter

B. Protocol analyzer

C. Web application firewall

D. Load balancer

Answer: B

A system administrator decides to use SNMPv3 on the network router in AuthPriv mode. Which of the following algorithm combinations would be valid?

A. AES-RC4

B. 3DES-MD5

C. RSA-DSA

D. SHA1-HMAC

Answer: B

Which of the following is a difference between TFTP and FTP?

A. TFTP is slower than FTP.

B. TFTP is more secure than FTP.

C. TFTP utilizes TCP and FTP uses UDP.

D. TFTP utilizes UDP and FTP uses TCP.

Answer: D

To reduce an organization's risk exposure by verifying compliance with company policy, which of the following should be performed periodically?

A. Qualitative analysis

B. Quantitative analysis

C. Routine audits

D. Incident management

Answer: C

Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

A. Incident management

B. Clean desk policy

C. Routine audits

D. Change management

Answer: D

Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server?

A. SSLv2

B. SSHv1

C. RSA

D. TLS

Answer: D

Jane, the security administrator, needs to be able to test malicious code in an environment where it will not harm the rest of the network. Which of the following would allow Jane to perform this kind of testing?

A. Local isolated environment

B. Networked development environment

C. Infrastructure as a Service

D. Software as a Service

Answer: A

Which of the following algorithms has well documented collisions? (Select TWO).

A. AES

B. MD5

C. SHA

D. SHA-256

E. RSA

Answer: B & C.

Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO).

A. 10.4.4.125

B. 10.4.4.158

C. 10.4.4.165

D. 10.4.4.189

E. 10.4.4.199

Answer: C & D.

Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?

A. Connect the WAP to a different switch.

B. Create a voice VLAN.

C. Create a DMZ.

D. Set the switch ports to 802.1q mode.

Answer: B

To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?

A. Management

B. Administrative

C. Technical

D. Operational

Answer: C

Which of the following may significantly reduce data loss if multiple drives fail at the same time?

A. Virtualization

B. RAID

C. Load balancing

D. Server clustering

Answer: B

Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?

A. Logic bomb

B. Worm

C. Trojan

D. Adware

Answer: C

An employee is granted access to only areas of a network folder needed to perform their job. Which of the following describes this form of access control?

A. Separation of duties

B. Time of day restrictions

C. Implicit deny

D. Least privilege

Answer: D

A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?

A. Account lockout policy

B. Account password enforcement

C. Password complexity enabled

D. Separation of duties

Answer: D

The security administrator wants each user to individually decrypt a message but allow anybody to encrypt it. Which of the following MUST be implemented to allow this type of authorization?

A. Use of CA certificate

B. Use of public keys only

C. Use of private keys only

D. Use of public and private keys

Answer: D

A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?

A. The request needs to be sent to the incident management team.

B. The request needs to be approved through the incident management process.

C. The request needs to be approved through the change management process.

D. The request needs to be sent to the change management team.

Answer: C

Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?

A. Malicious code on the local system

B. Shoulder surfing

C. Brute force certificate cracking

D. Distributed dictionary attacks

Answer: A

A certificate authority takes which of the following actions in PKI?

A. Signs and verifies all infrastructure messages

B. Issues and signs all private keys

C. Publishes key escrow lists to CRLs

D. Issues and signs all root certificates

Answer: D

Which of the following BEST describes a common security concern for cloud computing?

A. Data may be accessed by third parties who have compromised the cloud platform

B. Antivirus signatures are not compatible with virtualized environments

C. Network connections are too slow

D. CPU and memory resources may be consumed by other servers in the same cloud

Answer: A

Which of the following BEST describes a protective countermeasure for SQL injection?

A. Eliminating cross-site scripting vulnerabilities

B. Installing an IDS to monitor network traffic

C. Validating user input in web applications

D. Placing a firewall between the Internet and database servers

Answer: C

Which of the following is a hardware based encryption device?

A. EFS

B. TrueCrypt

C. TPM

D. SLE

Answer: C

A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?

A. Password history

B. Password logging

C. Password cracker

D. Password hashing

Answer: C

Which of the following can be used by a security administrator to successfully recover a user's forgotten password on a password protected file?

A. Cognitive password

B. Password sniffing

C. Brute force

D. Social engineering

Answer: C

Which of the following application security testing techniques is implemented when an automated system generates random input data?

A. Fuzzing

B. XSRF

C. Hardening

D. Input validation

Answer: A

A security administrator is observing congestion on the firewall interfaces and a high number of half open incoming connections from different external IP addresses. Which of the following attack types is underway?

A. Cross-site scripting

B. SPIM

C. Client-side

D. DDoS

Answer: D

Which of the following devices would MOST likely have a DMZ interface?

A. Firewall

B. Switch

C. Load balancer

D. Proxy

Answer: A

Employee badges are encoded with a private encryption key and specific personal information. The encoding is then used to provide access to the network. Which of the following describes this access control type?

A. Smartcard

B. Token

C. Discretionary access control

D. Mandatory access control

Answer: A

Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access?

A. Registration

B. CA

C. CRL

D. Recovery agent

Answer: C

A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?

A. Firewall

B. Application

C. IDS

D. Security

Answer: D

Which of the following would be used when a higher level of security is desired for encryption key storage?

A. TACACS+

B. L2TP

C. LDAP

D. TPM

Answer: D

Which of the following steps should follow the deployment of a patch?

A. Antivirus and anti-malware deployment

B. Audit and verification

C. Fuzzing and exploitation

D. Error and exception handling

Answer: B

In regards to secure coding practices, why is input validation important?

A. It mitigates buffer overflow attacks.

B. It makes the code more readable.

C. It provides an application configuration baseline.

D. It meets gray box testing standards.

Answer: A

After verifying that the server and database are running, Jane, the administrator, is still unable to make a TCP connection to the database. Which of the following is the MOST likely cause for this?

A. The server has data execution prevention enabled

B. The server has TPM based protection enabled

C. The server has HIDS installed

D. The server is running a host-based firewall

Answer: D

A targeted email attack sent to Sara, the company's Chief Executive Officer (CEO), is known as which of the following?

A. Whaling

B. Bluesnarfing

C. Vishing

D. Dumpster diving

Answer: A

Which of the following can prevent an unauthorized person from accessing the network by plugging into an open network jack?

A. 802.1x

B. DHCP

C. 802.1q

D. NIPS

Answer: A

All of the following are valid cryptographic hash functions EXCEPT:

A. RIPEMD.

B. RC4.

C. SHA-512.

D. MD4.

Answer: B

Which of the following devices is BEST suited for servers that need to store private keys?

A. Hardware security module

B. Hardened network firewall

C. Solid state disk drive

D. Hardened host firewall

Answer: A

In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access? (Select TWO).

A. Subnetting

B. NAT

C. Firewall

D. NAC

E. VPN

Answer: C & E.

A password history value of three means which of the following?

A. Three different passwords are used before one can be reused.

B. A password cannot be reused once changed for three years.

C. After three hours a password must be re-entered to continue.

D. The server stores passwords in the database for three days.

Answer: A

What is used along with an encryption algorithm (cipher) to encode and decode data?

a. Ciphertext
b. Key
c. Cipher
d. Cleartext

Answer: B

When using ______ cryptography, two people decide on a mutual key in a safe or secure way in order to exchange encrypted data with one another.

a. Public key
b. Private key
c. Multiple key
d. Symmetric key

Answer: A

Using symmetric key encryption alone, data is vulnerable to a man-in-the-middle attack.

True
False

Answer: True

The length of an encryption key is important because:

a. The length determines the maximum number of possible keys that an attacker will have to try before the correct key is discovered
b. Every additional bit of data added to the key makes it easier to discover the correct encryption key
c. The length determines the method that has to be used when attempting to decrypt data
d. None of the above

Answer: A

The lowest level of attack or simplest attack for cracking an encryption key would be a dictionary attack, which is basically trying to crack a key by trial and error.

True
False

Answer: False

Which of the following is an example of a brute force attack?

a. Using known facts about the person in an effort to guess the correct password/key
b. Contacting a responsible party (like a 'help desk' or customer support) and attempting to use deception in the hopes that someone will divulge the correct password/key
c. Trying every combination of letters and numbers until the correct password/key is found
d. Analyzing the encrypted data in an effort to deduce the correct password/key

Answer: C

Secure Sockets Layer or SSL, which uses a encryption algorithm, is the encryption technique that is used by Secure HTTP, thus enabling e-commerce.

a. private key
b. single key
c. public key
d. symmetric key

Answer: C

What is a public key?

a. An encryption key that is made by a publicly available software utility
b. An encryption key that is accidentally exposed to the public
c. An encryption key published on a network
d. An encryption key that is deliberately made available to anyone that wants it so that they may transmit encrypted data to the key's owner/creator

Answer: D

It is important to use reputable certificate authorities since:

a. An attacker could trick a less-known certificate authority into giving them customer information
b. Only those that have been in business long enough actually have the appropriate resources to encrypt and decrypt data
c. An attacker could pose as a certificate authority or a certificate authority could be in alliance with an attacker
d. None of the above

Answer: C

Which of the following is true?

a. Keys that are longer than 8 bits require considerable processing time, making them unattractive for most applications
b. Key length does not affect modern security
c. A key length of 128 bits provides significant security for most applications
d. A key length of 32 bits is highly effective for most security applications

Answer: C

Which of the following is true?

a. Software encryption is much more secure than hardware encryption
b. Hardware encryption is more vulnerable to tampering than software encryption
c. Software encryption is more vulnerable to tampering than hardware encryption
d. None of the above

Answer: C

What happens when signing a document with a digital signature?

a. A person's message is encrypted with a private key and then hashed to a message digest to form the actual signature
b. A person's message is hashed to a message digest and then compared to a newly created message digest. Both digests are encrypted with a private key to form the actual signature
c. A person's message is hashed to a message digest and then encrypted with a private key to form the actual signature
d. None of the above

Answer: C

An encryption function takes ciphertext and a key as input and returns cleartext, provided the correct key is used.

True
False

Answer: False

Why must a private key not be stored with the data it has encrypted?

a. The preferred place to store a private key is on the same system as the data it has encrypted.
b. To prevent the key from accidentally being lost due to human error
c. To prevent the key from being accessed by untrusted employees
d. If an attacker is able to hack into that system, they will have everything they need to read the sensitive information.

Answer: D

The words sunny day are encrypted to produce the text wnta lia. Which of the following is considered to be the cleartext in this example?

a. Sunny day
b. Wndda lia
c. Cleartext is not used in this example
d. The method used to encrypt the word

Answer: A

A(n) ______ function takes data and a secret key as input and uses the secret key to scramble/encode the data, producing ciphertext that cannot be deciphered by anyone other than the appropriate parties.

a. decryption
b. encryption
c. hash
d. cleartext

Answer: B

Certificate Authorities assure involved parties that the right people are sending or receiving the correct information by:

a. Distributing public and private keys with digital signatures to the sender and the receiver to be verified during the transfer process
b. Distributing symmetric keys to the sender and the receiver to be verified during the transfer process
c. Requesting digital signatures of both the sender and the receiver to be sent for verification during the initialization of the communication process
d. None of the above

Answer: A

What is a certificate authority (CA)?

a. An organization that offers free encryption and decryption services
b. An organization that offers free digital signature services
c. An organization that certifies public keys as being legitimate by signing public keys with their private key
d. A third party that certifies organizations as having appropriate information security policies

Answer: C

By acting as the creators and distributors of ______, certificate authorities use public key encryption to prevent man-in-the-middle attacks.

a. Digitally signed public keys
b. Digitally signed encryption keys
c. Digitally signed public and private keys
d. Digitally signed ciphers

Answer: C

A simple Caesar cipher uses a shift to encrypt while the XOR cipher needs a key to encrypt.

True
False

Answer: True

___ is the technical term for the encryption algorithm used to encrypt or decrypt a piece of data.

a. Key
b. Hash
c. Cipher
d. Cryptography

Answer: A

A hash function is:

a. A one-way function that mathematically manipulates the input data to create an output value
b. A one-way function that uses a cipher to produce a piece of data that helps to encrypt other data
c. A one-way function that creates a random number as a digital signature
d. A two-way function that, used in conjunction with a key, takes cleartext and encrypts it into ciphertext

Answer: A

Which of the following statements is true?

a. Symmetric key encryption uses the same key while public key encryption uses two different keys for each person
b. Symmetric key encryption requires that keys are distributed ahead of time, while public key encryption requires that keys are discovered during the communications process
c. In public key encryption, one key is available for the public to encrypt their messages, but only the creator of that public key can decrypt the messages with their private key
d. All of the above are correct

Answer: D

A cracked encryption key is a key that:

a. Has been entered into the cipher or encryption system
b. Has been discovered by some method and is now compromised
c. Has been delivered by some method to a second party for safe communications
d. Has been encrypted by a cipher and is now safe from the discovery of others

Answer: B

The study of encrypting data so that confidentiality between two parties is maintained is known as:

a. Cipher processing
b. Hashing
c. Cryptography
d. Encryption

Answer: C

Which of the following could best help an attack to successfully occur on an encryption system?

a. Public key encryption
b. A short encryption key length
c. A long encryption key length
d. A single 256 bit key length

Answer: B

Regarding cryptography, what is a private key?

a. An encryption key that is kept confidential and used to decrypt data that has been encrypted with the corresponding public key in public key cryptography
b. An encryption key that is purposely made available to anyone that wants it so that they may transmit encrypted data to the key's creator
c. An encryption key that is created and shared between two or more parties for secure communication
d. None of the above

Answer: A

When encrypting a storage device, which is the most secure place to store a key?

a. On a separate (from the encrypted device) and secured storage device
b. A key should not be stored
c. On the storage device, unencrypted with the encrypted data
d. On the storage device, encrypted along with the data

a. On a separate (from the encrypted device) and secured storage device

Which of the following uses public key cryptography?

• ROT 13
• XOR
• Secure Sockets Layer (SSL)
• Secure Protocol Layer

Answer: Secure Sockets Layer (SSL)

In order to avoid using a certificate authority that is in alliance with an attacker, it is recommended that you:

• Avoid using certificate authorities
• Use certificate authorities that implement symmetric key encryption
• Use certificate authorities that are well known and reputable
• Use certificate authorities that originate in your local area

Answer: Use certificate authorities that are well known and reputable

A ______ key should be kept secure because it can be worth a lot of money since it can decrypt valuable data.

• Private
• Short
• Public
• Simplex

Answer: Private

How does symmetric key cryptography differ from public key cryptography?

• Symmetric key uses the same key for encryption and decryption
• Symmetric key uses two different keys for encryption and decryption
• Public key secures data so it can travel over public networks
• Symmetric key always ensures the data is preserved after decryption

Answer: Symmetric key uses the same key for encryption and decryption

______ serve as third parties that can verify the true identity of a person during encrypted communications.

• Cipher Authorities
• Verification Authorities
• Government Authorities
• Certificate Authorities

Answer: Certificate Authorities

The ideal location to store a private key is:

• On a stand-alone computer system that is not networked
• On the same network as the cipher
• It is not safe to store a private key
• On the same server as the data decryption software

Answer: On a stand-alone computer system that is not networked

By acting as the creators and distributors of digitally signed encryption keys, Certificate Authorities use public key encryption to:

• Prevent data decryption
• Prevent man-in-the-middle attacks
• Create a problem-less security measure
• Screen falsified documents

Answer: Prevent man-in-the-middle attacks

What is a private key?

• An encryption key that is accidentally exposed to the public
• An encryption key kept secret by the owner
• An encryption key that is made by a publicly available software utility
• An encryption key purposefully made available to transmit encrypted data

Answer: An encryption key kept secret by the owner

What is a digital signature?

• A cryptographic value attached to data to certify the integrity of the data
• A certified public key used for public key encryption
• A name typed on a document
• A scanned copy of a person's signature

Answer: A cryptographic value attached to data to certify the integrity of the data

An output value produced by a mathematical function that utilizes the data input, especially in the use of creating digital signatures, is referred to as a:

• Protocol
• Ciphertext
• Hash
• Cipher

Answer: Hash

If an attacker discovers another person's private encryption key, then they have successfully ________.

• Ciphered the system
• Hashed the key
• Cracked the key
• Encrypted the system

Answer: Cracked the key

Blowfish and data encryption standard or DES are examples of algorithms that use:

• Multiple key encryption
• Symmetric key encryption
• Asymmetric key encryption
• Public key encryption

Answer: Symmetric key encryption

When using ________ encryption, two people decide on a mutual encryption key in order to securely exchange data with one another.

• Private key
• Mutual key
• Public key
• Symmetric key

Answer: Symmetric key

In order to double the amount of time it would take an attacker to crack an encryption key, you could:

• Add one bit to the length of the encryption key
• Remove one bit from the encryption key length
• You can only do this by adding a second encryption key
• Create a new encryption key once a week

Answer: Add one bit to the length of the encryption key

With modern technology, an encryption key with a length of 128 bits would:

• Take one year to crack
• Take an effectively infinite time to crack
• Take one week to crack
• Take one day to crack

Answer: Take an effectively infinite time to crack

A ________ key is an encryption key made available to anyone wanting to transmit data to the key's creator.

• Private
• Secure
• Public
• Master

Answer: Public

A(n) ________ function takes ciphertext (data that has been encrypted) and a secret key as input and uses the secret key to decode the data back into the original, unaltered cleartext.

• Encryption
• Decryption
• Hash
• Routing

Answer: Decryption

______ is the piece of data that is used to encrypt or decrypt a message or other blocks of data.

• Hash function
• Cipher
• Cleartext
• Key

Answer: Key

The word hellow is encrypted into the text ydssm. Which of the following is considered the cyphertext in this example?

• Ciphertext is not used in this example
• ydssm
• Hello
• The method used to encrypt the word

Answer: ydssm

A(n) ___________ function basically works as a black box, where cleartext and a key go in, and ciphertext comes out.

• Decryption
• Encryption
• Hash
• Cleartext

Answer: Encryption

Both the XOR (Exclusive OR) cipher and the ROT 13 Caesar Cipher are examples which use:

• Double key encryption
• Public key encryption
• Single key encryption
• Transmitted key encryption

Answer: Single key encryption

____ is the term that describes the study of encoding data so it is kept confidential between two parties.

• Encryption
• Cryptography
• Cipher
• Decryption

Answer: Cryptography

Which of the following is one definition of the word "cipher"?

• Data that has been successfully encrypted AND decrypted
• The data that is output from the encryption function/process
• The algorithm or method used to encrypt/decrypt data
• The data is output from a hashing function

Answer: The algorithm or method used to encrypt/decrypt data

A ___________ analyzes data and produces a unique value based on that data. It is used in the creation of digital signatures.

• Hash function
• Key
• Cipher
• Cleartext

Answer: Hash function

Plaintext or cleartext is the term for:

• The algorithm used to encrypt or decrypt data or text
• The data or text that has been encrypted
• Data used to encrypt or decrypt other data or text
• The data or text that is not encrpted
• The data or text that is not encrypted

_____ is the term given to data or text that has been encoded.

• Cleartext
• Key
• Codetext
• Ciphertext

Answer: Ciphertext

A hash function is:

a. A one-way function that uses a cipher to produce a piece of data that helps to encrypt other data
b. A two-way function that, used in conjunction with a key, takes cleartext and encrypts it into ciphertext
c. A one-way function that creates a random number as a digital signature
d. A one-way function that mathematically manipulates the input data to create an output value

Answer: D

The encryption of storage devices is desired because:

a. It is cheaper than encryption of a few specific files
b. The encryption performed by software is extremely unreliable
c. It is important to ensure data will not be exposed to unauthorized parties
d. None of the above

Answer: C

The data or text that has been encrypted or encoded is referred to as:

a. Key
b. Hash function
c. Cleartext
d. Ciphertext

Answer: D

Secure Sockets Layer, TLS and Pretty Good Privacy are examples of algorithms that use what type of encryption?

a. Symmetric key encryption
b. Public key encryption
c. Single key encryption
d. Private key encryption

Answer: B

What could happen if an attacker were to plant a virus on a system that encrypted data in software?

a. The virus could interfere with the encryption process
b. The virus could potentially discover the encryption key
c. Both A and B
d. None of the above

Answer: C

Ideally, where should encryption keys be stored?

a. On a physically separate system from the encrypted data
b. On the same system as the encrypted data
c. On a non-networked, physically secured storage device
d. On a seperate CD/DVD, clearly labeled and available for anyone that wants to use it

Answer: C

Which of the following are commonly used examples that implement symmetric key encryption?

a. Digital signatures
b. Secure Socket Layer (SSL)
c. Blowfish
d. Data Encryption Standard or DES
e. Pretty Good Privacy

Answer: B, C & D.

How is public key cryptography different than symmetric key cryptography?

a. Public key cryptography secures data so that it can travel over public networks like the internet
b. Symmetric key cryptography uses the same key for both encryption and decryption
c. Symmetric key cryptography always ensures that the data is unchanged after decryption
d. None of the above

Answer: B

Why is the length of an encryption key important?

a. Shorter keys are less secure, meaning the data can be decrypted by an attacker
b. Key length doesn't matter
c. Data encrypted with longer keys can require more network bandwidth to transmit
d. Longer keys are less efficient, causing wasted space

Answer: A

Regarding cryptography, a private key should be kept secure since:

a. It can be used to access sensitive information AND it can be used to encrypt data so that the original authors cannot read it
b. It can be used to access sensitive information
c. It can change daily, requiring the previous key to unlock it
d. It can be used to encrypt data so that the original authors cannot read it

Answer: B

Cryptography is:

a. A mathematical function that utilizes the data input to produce a value based on that data
b. The process of converting cleartext into ciphertext
c. The study of encoding data so that confidentiality of communications can be maintained between two parties
d. The encryption algorithm used to encrypt or decrypt a piece of data

Answer: C

A brute force attack works by:

a. Analyzing the encrypted data in an effort to deduce the correct password/key
b. Using a list of common words or expressions in an effort to guess the correct password/key
c. Using known facts about the person in an effort to guess the correct password/key
d. Trying every combination of letters and numbers until the correct password/key is found

Answer: D

What is the recommended minimum key length for most applications and ciphers?

a. 256 bits
b. 32 bits
c. 56 bits
d. 128 bits

Answer: D

It is best for a private key to be stored on the same server as the data decryption software.

True
False

Answer: False

How does a valid digital signature assure the recipient that the document has not been tampered with?

a. The digital signature was encrypted using the recipient's public key
b. The digital signature is transmitted in a separate message from the document
c. A valid digital signature cannot assure the recipient the document has not been tampered with
d. The hash contained in the digital signature was encrypted with the sender's private key and could not have been modified without making the signature invalid. If the signature is valid, then the data must not have been tampered with.

Answer: D

________ is the process of transforming cleartext into ciphertext.

a. Decryption Incorrect
b. Cryptography
c. Cipher
d. Encryption

Answer: D

An encryption key that is used by anyone in order to encrypt a file and send it to the owner of the encryption key so that the owner may decode it is referred to as:

a. A hashed key
b. A symmetric key
c. A public key
d. A private key

Answer: C

Symmetric key encryption requires keys to be distributed prior to communicating with the other party (i.e. the key is computed ahead of time, before initiating any communications).

True
False

Answer: False

A simple Caesar cipher uses a shift to encrypt while the XOR cipher needs a key to encrypt.

True
False

Answer: True

The process of converting ciphertext to plaintext is known as:

a. Cryptography
b. Encryption
c. Decryption
d. Cipher processing

Answer: C

Symmetric key encryption gets its name because:

a. Both parties must initiate the ciphering software in order to exchange data
b. The involved parties must use two keys derived from the same cipher in order to exchange data
c. The involved parties must use different encryption keys at the same time to exchange data
d. Both parties must use the same encryption key to exchange data

Answer: D

The encryption algorithm used to encrypt or decrypt a piece of data is referred to as a:

a. Cipher
b. Hash
c. Ciphertext
d. Key

Answer: A

What happens when verifying a document with a digital signature?

a. A message is decrypted with a corresponding public key to create a message digest, and then another message digest is created and compared to the received message digest to verify the sender
b. A message is decrypted with the receiver's private key to create a message digest, and then another message digest is created and compared to the received message digest to verify the sender
c. A message is decrypted with a public key and then hashed to determine if it is an authentic message from the proposed sender
d. A message is decrypted with a corresponding public key, and then the digital attachment is examined to see if it is in fact a scan of the sender's signature

Answer: A

An encryption function takes cleartext and a key as input and returns ciphertext.

Answer: True

What do digital signatures provide?

a. Assurance that the stated author is the actual person that created the information
b. Security by ensuring that only the intended recipients will be able to read the data
c. Assurance that the data does not contain any viruses or malware
d. Assurance that the stated author is the actual person that created the information, as well as assurance that the information has not been modified

Answer: D

What advantages are there to performing encryption in software, rather than hardware?

a. No additional hardware is required
b. It can be done faster
c. It can be done more efficiently
d. None of the above

Answer: A

Two people can verify they are communicating with each other by using a ____________, which verifies each party's identity by being the distributor of public and private keys that both parties use. These keys are digitally signed so both parties can be assured they are communicating with each other.

a. Hash Authority
b. Certificate Authority
c. Signature Authority
d. Digital Signature

Answer: B

When should a key or certificate be renewed?

a. Every year
b. Every quarter
c. Just before it expires
d. Just after it expires

Answer: C

Which of the following is a description of a key-stretching technique?

a. Salting input before hashing
b. Generating a random number, and then using a trapdoor one-way function to derive a related key
c. Adding iterative computations that increase the effort involved in creating the improved result
d. Using a challenge-response dialogue

Answer: C

From a private corporate perspective, which of the following is most secure?

a. Decentralized key management
b. Centralized key management
c. Individual key management
d. Distributed key management

Answer: B

When a subject or end user requests a certificate, they must provide which of the following items? (Choose all that apply.)

a. Proof of identity
b. A hardware storage device
c. A public key
d. A private key
a. Proof of identity

Answer: C

Certificates have what single purpose?

a. Proving identity
b. Proving quality
c. Providing encryption security
d. Exchanging encryption keys

Answer: A

Digital signatures can be created using all but which of the following?

a. Asymmetric cryptography
b. Hashing
c. Key escrow
d. Symmetric cryptography

Answer: C

The security service that protects the secrecy of data, information, or resources is known as what?

a. Integrity
b. Authentication
c. Non-repudiation
d. Confidentiality

Answer: D

Diffie-Hellman is what type of cryptographic system?

a. Asymmetric
b. Symmetric
c. Hashing
d. Certificate authority

Answer: A

Which of the following symmetric-encryption algorithms offers the strength of 168-bit keys?

a. Data Encryption Standard
b. Triple DES
c. Advanced Encryption Standard
d. IDEA

Answer: B

Which of the following is most directly associated with providing or supporting perfect forward secrecy?

a. PBKDF2
b. ECDHE
c. HMAC
d. OCSP

Answer: B

Which of the following is an example of a Type 2 authentication factor?

a. Something you have, such as a smart card, an ATM card, a token device, or a memory card
b. Something you are, such as fingerprints, voice print, retina pattern, iris pattern, face shape, palm topology, or hand geometry
c. Something you do, such as type a passphrase, sign your name, or speak a sentence
d. Something you know, such as a password, personal identification number (PIN), lock combination, passphrase, mother's maiden name, or favorite color

Answer: A

Federation is a means to accomplish _____.

a. Accountability logging
b. ACL verification
c. Single sign-on
d. Trusted OS hardening

Answer: C

Which of the following is not a benefit of single sign-on?

a. The ability to browse multiple systems
b. Fewer usernames and passwords to memorize
c. More granular access control
d. Stronger passwords

Answer: C

In a MAC environment, when a user has clearance for assets but is still unable to access those assets, what other security feature is in force?

a. Principle of least privilege
b. Need to know
c. Privacy
d. Service-level agreement

Answer: B

LDAP operates over what TCP ports?

a. 636 and 389
b. 110 and 25
c. 443 and 80
d. 20 and 21

Answer: A

Which of the following technologies can be used to add an additional layer of protection between a directory services-based network and remote clients?

a. SMTP
b. RADIUS
c. PGP
d. VLAN

Answer: B

Which is the strongest form of password?

a. More than eight characters
b. One-time use
c. Static
d. Different types of keyboard characters

Answer: B

Kerberos is used to perform what security service?

a. Authentication protection
b. File encryption
c. Secure communications
d. Protected data transfer

Answer: A

What mechanism is used to support the exchange of authentication and authorization details between systems, services, and devices?

a. Biometric
b. Two-factor authentication
c. SAML
d. LDAP

Answer: C

What method of access control is best suited for environments with a high rate of employee turnover?

a. MAC
b DAC
c. RBAC
d. ACL

Answer: C

Which security stance will be most successful at preventing malicious software execution?

a. Deny by exception
b. Whitelisting
c. Allow by default
d. Blacklisting

Answer: B

In order to ensure that whole-drive encryption provides the best security possible, which of the following should not be performed?

a. Screen lock the system overnight.
b. Require a boot password to unlock the drive.
c. Lock the system in a safe when it is not in use.
d. Power down the system after use.

Answer: A

Which of the following is not true in regards to NoSQL?

a. Can support SQL expressions
b. It is a relational database
c. Supports hierarchies or multilevel nesting/referencing
d. Does not support ACID

Answer: B

The most commonly overlooked aspect of mobile phone eavesdropping is related to _____.

a. Wireless networking
b. Storage device encryption
c. Overhearing conversations
d. Screen locks

Answer: C

The most effective means to reduce the risk of losing the data on a mobile device, such as a notebook computer, is _____.

a. Encrypt the hard drive.
b. Minimize sensitive data stored on the mobile device.
c. Use a cable lock.
d. Define a strong logon password.

Answer: B

What is a security risk of an embedded system that is not commonly found in a standard PC?

a. Power loss
b. Access to the Internet
c. Control of a mechanism in the physical world
d. Software flaws

Answer: C

When a vendor releases a patch, which of the following is the most important?

a. Installing the patch immediately
b. Setting up automatic patch installation
c. Allowing users to apply patches
d. Testing the patch before implementation

Answer: D

What technology provides an organization with the best control over BYOD equipment?

a. Encrypted removable storage
b. Mobile device management
c. Geo-tagging
d. Application whitelisting

Answer: B

Which of the following is not a way to prevent or protect against XSS?

a. Input validation
b. Defensive coding
c. Allowing script input
d. Escaping metacharacters

Answer: C

What technique or method can be employed by hackers and researchers to discover unknown flaws or errors in software?

a. Dictionary attacks
b. Fuzzing
c. War dialing
d. Cross-site request forgery

Answer: B

What is a significant difference between vulnerability scanners and penetration testing?

a. One tests both the infrastructure and personnel.
b. One only tests internal weaknesses.
c. One only tests for configuration errors.
d. One is used to find problems before hackers do.

Answer: A

What is an asset?

a. An item costing more than $10,000
b. Anything used in a work task
c. A threat to the security of an organization
d. An intangible resource

Answer: B

What tool is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network?

a. Firewall
b. IDS
c. Router
d. Honeypot

Answer: D

A security template can be used to perform all but which of the following tasks?

a. Capture the security configuration of a master system
b. Apply security settings to a target system
c. Return a target system to its precompromised state
d. Evaluate compliance with security of a target system

Answer: C

What type of virus is able to regenerate itself if a single element of its infection is not removed from a compromised system?

a. Polymorphic
b. Armored
c. Retro
d. Phage

Answer: D

A pirated movie-sharing service was discovered operating on company equipment. Administrators do not know who planted the service or who the users are. What technique could be used to attempt to trace the identity of the users?

a. Typo squatting
b. Integer overflow
c. Watering hole attack
d. Ransomware

Answer: C

If user awareness is overlooked, what attack is more likely to succeed?

a. Man-in-the-middle
b. Reverse hash matching
c. Physical intrusion
d. Social engineering

Answer: D

Which of the following is a denial-of-service attack that uses network packets that have been spoofed so that the source and destination address are that of the victim?

a. Land
b. Teardrop
c. Smurf
d. Fraggle

Answer: A

A rootkit has been discovered on your mission-critical database server. What is the best step to take to return this system to production?

a. Reconstitute it.
b. Run an antivirus tool.
c. Install an HIDS.
d. Apply vendor patches.

Answer: A

What communications technique can a hacker use to identity the product that is running on an open port facing the Internet?

a. Credentialed penetration test
b. Intrusive vulnerability scan
c. Banner grabbing
d. Port scanning

Answer: C

Which of the following is a security control type that is not usually associated with or assigned to a security guard?

a. Preventive
b. Detective
c. Corrective
d. Administrative

Answer: D

You run a full backup every Monday. You also run a differential backup every other day of the week. You experience a drive failure on Friday. Which of the following restoration procedures should you use to restore data to the replacement drive?

a. Restore the full backup and then each differential backup.
b. Restore the full backup and then the last differential backup.
c. Restore the differential backup.
d. Restore the full backup.

Answer: B

What is the proper humidity level or range for IT environments?

a. Below 40 percent
b. 40 percent to 60 percent
c. Above 60 percent
d. 20 percent to 80 percent

Answer: B

An organization has a high-speed fiber Internet connection that it uses for most of its daily operations, as well as its offsite backup operations. This represents what security problem?

a. Single point of failure
b. Redundant connections
c. Backup generator
d. Offsite backup storage

Answer: C

What form of recovery site requires the least amount of downtime before mission-critical business operations can resume?

a. Cold
b. Warm
c. Hot
d. Offsite

Answer: D

When is business continuity needed?

a. When new software is distributed
b. When business processes are interrupted
c. When a user steals company data
d. When business processes are threatened

Answer: D

When a user signs a(n) _____, it's a form of consent to the monitoring and auditing processes used by the organization.

a. Acceptable use policy
b. Privacy policy
c. Separation of duties policy
d. Code of ethics policy

Answer: A

Evidence is inadmissible in court if which of the following is violated or mismanaged?

a. Chain of custody
b. Service-level agreement
c. Privacy policy
d. Change management

Answer: A

Which of the following is more formal than a handshake agreement but not a legal binding contract?

a. SLA
b. BIA
c. DLP
d. MOU

Answer: D

Which of the following risk-assessment formulas represents the total potential loss a company may experience within a single year due to a specific risk to an asset?

a. EF
b. SLE
c. ARO
d. ALE

Answer: D

What mechanism of wireless security is based on AES?

a. TKIP
b. CCMP
c. LEAP
d. WEP

Answer: B

What type of wireless antenna can be used to send or receive signals in any direction?

a. Cantenna
b. Yagi
c. Rubber duck
d. Panel

Answer: C

A goal of NAC is which of the following?

a. Reduce social engineering threats
b. Map internal private addresses to external public addresses
c. Distribute IP address configurations
d. Reduce zero-day attacks

Answer: D