Which of the following operates on the HIGHEST layer of the OSI model, and is the most effective at blocking application attacks?

Which of the following operates on the HIGHEST layer of the OSI model, and is the most effective at blocking application attacks?

A.IDS
B. Router
C. WAF(Web application firewall)
D. Stateless firewall


Answer: C

Network administrators connect to a legacy server using Telnet. They want to secure these transmissions using encryption at a lower layer of the OSI model. What could they use?

Network administrators connect to a legacy server using Telnet. They want to secure these transmissions using encryption at a lower layer of the OSI model. What could they use?

AIPv4
B. IPv6
C. SSH
D. SFTP


Answer: B

Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?

Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?

A.VLAN
B. Firewall
C. DMZ
D. WAF


Answer: C

Your organization wants to combine some of the security controls used on the network. What could your organization implement to meet this goal?

Your organization wants to combine some of the security controls used on the network. What could your organization implement to meet this goal?

A. SSO
B. UTM
C. VPN
D. VLAN


Answer: B

Your organization wants to prevent users from accessing file sharing web sites. Which of the following choices will meet this need?

Your organization wants to prevent users from accessing file sharing web sites. Which of the following choices will meet this need?

A.Content inspection
B. Malware inspection
C. URL filter
D. Web application firewall


Answer: C

You have detected DNS requests and zone transfer requests coming through the firewall and you need to block them. Which of the following would meet this goal? (Select TWO. Each answer is a full solution)

Your network currently has a dedicated firewall protecting access to a web server. It is currently configured with the following two rules in the ACL along with an implicit allow rule at the end:
PERMIT TCP ANY ANY 443
PERMIT TCP ANY ANY 80

You have detected DNS requests and zone transfer requests coming through the firewall and you need to block them. Which of the following would meet this goal? (Select TWO. Each answer is a full solution) 

A. Add the following rule to the firewall: DENY TCP ALL ALL 53.
B. Add the following rule to the firewall: DENY UDP ALL ALL 53.
C. Add the following rule to the firewall: DENY TCP ALL ALL 25.
D. Add the following rule to the firewall: DENY IP ALL ALL 53.
E. Change the implicit allow rule to implicit deny.


Answer: D & E

Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. What would BEST meet this need?

Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. What would BEST meet this need? 

A. PAT and NAT
B. DMZ and VPN
C. VLANs and 802.1x
D. Routers and Layer 3 switches


Answer: C

A network technician incorrectly wired switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future?

A network technician incorrectly wired switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future?

A. Install an IDS.
B. Only use Layer 2 switches.
C. Install SNMP on the switches
D. Implement STP or RSTP


Answer: D

Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on your internal network. Which of the following choices is the BEST option?

Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on your internal network. Which of the following choices is the BEST option?

A. Implement subnetting.
B. Implement secure zone transfers.
C. Block outgoing traffic on UDP port 53.
D. Add a WAF.


Answer: B

You need to reboot your DNS server. Of the following choices, which type of server are you MOST likely to reboot?

You need to reboot your DNS server. Of the following choices, which type of server are you MOST likely to reboot?

A. Unix server
B. Apache server
C. BIND server
D. Web server


Answer: C

You need to divide a single Class B IP address range into several ranges. What would you do?

You need to divide a single Class B IP address range into several ranges. What would you do? 

A. Subnet the Class
B IP address range.
B. Create a virtual LAN.
C. Create a DMZ.
D. Implement STP.


Answer: A

Lisa wants to manage and monitor the switches and routers in her network. Which of the following protocols would she use?

Lisa wants to manage and monitor the switches and routers in her network. Which of the following protocols would she use?

A. Telnet
B. SSH
C. SNMP(Simple network management protocol)
D. DNS


Answer: C

You need to enable the use of NetBIOS through a firewall. Which ports should you open?

You need to enable the use of NetBIOS through a firewall. Which ports should you open?

A. 137 through 139
B. 20 and 21
C. 80 and 443
D. 22 and 338


Answer: A

You need to prevent the use of TFTP through your firewall. Which port would you block?

You need to prevent the use of TFTP through your firewall. Which port would you block?

A.TCP 69
B. UDP 69
C. TCP 21
D. UDP 21


Answer: B

You recently learned that a network router has TCP ports 22 and 80 open, but the organization's security policy mandates that these should not be accessible. What should you do?

You recently learned that a network router has TCP ports 22 and 80 open, but the organization's security policy mandates that these should not be accessible. What should you do?

A. Disable the FTP and HTTP services on the router.
B. Disable the DNS and HTTPS services on the router.
C. Disable the SSH and HTTP services on the router.
D. Disable the Telnet and Kerberos services on the router.


Answer: C

Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. What protocol is the BEST choice?

Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. What protocol is the BEST choice?

A. TLS (Transport Layer Security)
B. SMTP
C. HTTP
D. SSH


Answer: A

You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task?

You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task?

A. FTPB.
B. SNMP
C. SFTP
D. SSH


Answer: C

You are configuring a host-based firewall so that it will allow SFTP(Secure file transfer protocol)connections. Which of the following is required?

You are configuring a host-based firewall so that it will allow SFTP(Secure file transfer protocol)connections. Which of the following is required? 

A.Allow UDP 21
B. Allow TCP 21
C. Allow TCP 22
D. Allow UDP 22


Answer: C

What is the default port for SSH(Secure shell)?

What is the default port for SSH(Secure shell)?

A.22
B. 23
C. 25
D. 80


Answer: A

What protocol does IPv6 use for hardware address resolution?

What protocol does IPv6 use for hardware address resolution?

A. ARP
B. NDP
C. RDP
D. SNMP


Answer: B

Of the following choices, which one is a cloud computing option that allows customers to apply patches to the operating system?

Of the following choices, which one is a cloud computing option that allows customers to apply patches to the operating system?

A. Hybrid cloud
B.Software as a Service
C. Infrastructure as a Service
D. Private


Answer: C

Management wants to ensure that employees do not print any documents that include customer PII. Which of the following solutions would meet this goal?

Management wants to ensure that employees do not print any documents that include customer PII. Which of the following solutions would meet this goal? 

A. HSM
B. TPM
C. VLAN
D. DLP


Answer: D

You are comparing different encryption methods. Which method includes a storage root key?

You are comparing different encryption methods. Which method includes a storage root key? 

A. HSM
B. NTFS
C.VSAN
D. TPM


Answer: D

Bart copied an encrypted file from his desktop computer to his USB drive and discovered that the copied file isn't encrypted. He asks you what he can do to ensure file he's encrypted remain encrypted when he copies them to a USB drive. What would you recommend as the BEST solution to this problem?

Bart copied an encrypted file from his desktop computer to his USB drive and discovered that the copied file isn't encrypted. He asks you what he can do to ensure file he's encrypted remain encrypted when he copies them to a USB drive. What would you recommend as the BEST solution to this problem?

A. Use file-level encryption
B. Convert the USB to FAT32
C. Use whole disk encryption on the desktop computer
D. Use whole disk encryption on the USB drive


Answer: D

Your organization hosts a web site with a back-end database. The database stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?

Your organization hosts a web site with a back-end database. The database stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?

A. Full database encryption
B. Whole disk encryption
C. Database column encryption
D. File- level encryption



Answer: C

Your company is planning on implementing a policy for users so that they can connect their mobile devices to the network. However, management wants to restrict network access for these devices. They should have Internet access and be able to access some internal servers, but management wants to ensure that they do not have access to the primary network where company-owned devices operate. Which of the following will BEST meet this goal?

Your company is planning on implementing a policy for users so that they can connect their mobile devices to the network. However, management wants to restrict network access for these devices. They should have Internet access and be able to access some internal servers, but management wants to ensure that they do not have access to the primary network where company-owned devices operate. Which of the following will BEST meet this goal? 

A. WPA2 Enterprise
B. VPN
C. GPS
D. VLAN


Answer: D

Which of the following represents a primary security concern when authorizing mobile devices on a network?

Which of the following represents a primary security concern when authorizing mobile devices on a network?

A. Cost of the device
B. Compatibility
C. Virtualization
D. Data Security


Answer: D

Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?

Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?

A. Asset tracking
B. Screen lock
C. Mobile device management
D. GPS tracking


Answer: B

Your company provides electrical and plumbing services to home owners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?

Your company provides electrical and plumbing services to home owners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?

A. Mobile device management
B. Disabling unused features
C. Remote wiping
D. GPS tracking


Answer: C

Which of the following is the MOST likely negative result if administrators do not implement access controls correctly on an encrypted USB hard drive?

Which of the following is the MOST likely negative result if administrators do not implement access controls correctly on an encrypted USB hard drive?

A. Data can be corrupted.
B. Security controls can be bypassed.
C. Drives can be geo-tagged.
D. Data is not encrypted


Answer: B

Your company has recently provided mobile devices to several employees. A security manager has expressed concerns related to data saved on these devices. Which of the following would BEST address these concerns?

Your company has recently provided mobile devices to several employees. A security manager has expressed concerns related to data saved on these devices. Which of the following would BEST address these concerns?

A. Disabling the use of removable media
B. Installing an application that tracks the location of the device
C. Implementing a BYOD policy
D. Enabling geo-tagging


Answer: A

Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further,they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future?

Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further,they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future?

A. Create an internal CA.
B. Implement WPA2 Enterprise.
C. Implement patch management processes.
D. Configure the SCADA within a VLAN.


Answer: D

Administrators ensure server operating systems are updated at least once a month with relevant patches, but they do not track other software updates. Of the following choices, what is the BEST choice to mitigate risks on these servers?

Administrators ensure server operating systems are updated at least once a month with relevant patches, but they do not track other software updates. Of the following choices, what is the BEST choice to mitigate risks on these servers?

A. Application change management
B. Application patch management
C. Whole disk encryption
D. Application hardening


Answer: B

A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?

A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?

A. Virtualization
B. Sandboxing
C. IDS
D. Patch management


Answer: D

You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?

You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?

A. Take a snapshot of the VM before deploying the new application.
B. Take a snapshot of the VM after deploying the new application.
C. Apply blacklisting techniques on the server for the new applications.
D. Back up the server after installing the new application


Answer: A

An IT department recently had its hardware budget reduced, but the organization still expects them to maintain availability of services. Of the following choices, what would BEST help them maintain availability with a reduced budget?

An IT department recently had its hardware budget reduced, but the organization still expects them to maintain availability of services. Of the following choices, what would BEST help them maintain availability with a reduced budget?

A. Failover clusters
B. Virtualization
C. Bollards
D. Hashing


Answer: B

Your organization wants to ensure that employees do not install or play operating system games, such as solitaire and FreeCell, on their computers. Which of the following is the BEST choice to prevent?

Your organization wants to ensure that employees do not install or play operating system games, such as solitaire and FreeCell, on their computers. Which of the following is the BEST choice to prevent?

A. Security policy
B. Application whitelisting
C. Anti-malware software
D. Antivirus software


Answer: B

Maggie is compiling a list of approved software for desktop operating systems within a company. What is the MOST likely purpose of this list?

Maggie is compiling a list of approved software for desktop operating systems within a company. What is the MOST likely purpose of this list?

A. Host software baseline
B. Baseline reporting
C. Application configuration baseline
D. Code review


Answer: A

You need to monitor the security posture of several servers in your organization and keep a security administrator aware of their status. Which of the following tasks will BEST help you meet this goal?

You need to monitor the security posture of several servers in your organization and keep a security administrator aware of their status. Which of the following tasks will BEST help you meet this goal?

A. Establishing baseline reporting
B. Determining attack surface
C. Implementing patch management
D. Enabling sandboxing


Answer: A

Your organization wants to improve the security posture of internal database servers. Of the following choices, what provides the BEST solution?

Your organization wants to improve the security posture of internal database servers. Of the following choices, what provides the BEST solution?

A.Opening ports on a server's firewall
B. Disabling unnecessary services
C. Keeping systems up to date with current patches
D. Keeping systems up to date with current service packs


Answer: B

Which of the following choices provide authentication services for remote users and devises? (Select TWO)

Which of the following choices provide authentication services for remote users and devises? (Select TWO)

A. Kerberos
B. RADIUS
C. Secure LDAP
D. Diameter


Answer: B AND D

Users in your organization access your network from remote locations. Currently, the remote access solution uses RADIUS. However, the organization wants to implement a stronger authentication service that supports EAP. Which of the following choices BEST meets this goal?

Users in your organization access your network from remote locations. Currently, the remote access solution uses RADIUS. However, the organization wants to implement a stronger authentication service that supports EAP. Which of the following choices BEST meets this goal? 

A. TACACS+
B. Diameter
C. Kerberos
D. Secure LDAP


Answer: B

Which of the following provides authentication services and uses PPP?

Which of the following provides authentication services and uses PPP?

A. Diameter and biometrics
B. Kerberos and LDAP
C. SAML and SSPO
D. PAP and CHAP


Answer: D

Your organization recently made an agreement with third parties for the exchange of authentication and authorization information. The solution uses an XML- based open standard. Which of the following is the MOSt likely solution being implemented?

Your organization recently made an agreement with third parties for the exchange of authentication and authorization information. The solution uses an XML- based open standard. Which of the following is the MOSt likely solution being implemented?

A. RADIUS
B. Diameter
C. TACACS+
D. SAML


Answer: D

When you log on to your online bank account, you are also able to access a partners credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe?

When you log on to your online bank account, you are also able to access a partners credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe?

A. SSO
B. Same sign-on
C. SAML
D. Kerberos


Answer: A

Your network used authentication based on the X.500 specification. When encrypted, it uses TLS. Which authentication service is your network using?

Your network used authentication based on the X.500 specification. When encrypted, it uses TLS. Which authentication service is your network using?

A. SAML
B. Diameter
C. Kerberos
D. LDAO


Answer: D

A network includes a ticket-granting ticket server. Which of the following choices is the primary purpose of this server?

A network includes a ticket-granting ticket server. Which of the following choices is the primary purpose of this server?

A. Authentication
B. Identification
C. Authorization
D. Access Control


Answer: A

Which of the following authentication services use tickets for user credentials?

Which of the following authentication services use tickets for user credentials?

A. RADIUS
B. Diameter
C. Kerberos
D. LDAP


Answer: C

Your network infrastructure requires users to authenticate with something they are and something they know. Which of the following choices BEST describes this authentication method?

Your network infrastructure requires users to authenticate with something they are and something they know. Which of the following choices BEST describes this authentication method?

A.Passwords
B. Dual-factor
C. Biometrics
D. Diameter


Answer: B

The security manager at your company recently updated the security policy. One of the changes requires dual-factor authentication. Which of the following will meet this requirement?

The security manager at your company recently updated the security policy. One of the changes requires dual-factor authentication. Which of the following will meet this requirement?

A. Hardware token and PIN
B. Fingerprint scan and retina scan
C. Password and PIN
D. Smart card


Answer: A

When users log on to their computers, they are required to enter a username, a password, and a PIN. Which of the following choices BEST describes this?

When users log on to their computers, they are required to enter a username, a password, and a PIN. Which of the following choices BEST describes this?

A. Single-factor authentication
B. Two-factor authentication
C. Multifactor authentication
D. Mutual authentication


Answer: A

Which type of authentication is a fingerprint scan?

Which type of authentication is a fingerprint scan?

A. Something you have
B. Biometric
C. PAP
D. One-time password


Answer: B

Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?

Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?

A. HOTP
B. TOTP
C. CAC
D. Kerberos


Answer: B

A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password ?

A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password ?

A. Verify the user's original password.
B. Disable the user's account.
C. Verify the user's identity.
D. Enable the user's account


Answer: C

Your organization has a password policy with a password history value of 12. What does this indicated?

Your organization has a password policy with a password history value of 12. What does this indicated? 

A.Your password must be at least 12 characters long.
B. Twelve different passwords must be used before reusing the same pass
C. Passwords must be changed every 12 days
D. Passwords cannot be changed until 12 days have passed



Answer: B

You are logging on to your bank's web site using your email address and a password. What is the purpose of the email address in this example?

You are logging on to your bank's web site using your email address and a password. What is the purpose of the email address in this example?

A. Identification
B. Authentication
C. Authorization
D. Availability


Answer: A

Management at your company recently decided to implement additional lighting and fencing around the property. Which security goal is your company MOST likely pursing?

Management at your company recently decided to implement additional lighting and fencing around the property. Which security goal is your company MOST likely pursing? 

A. Confidentiality
B. Integrity
C. Availability
D. Safety


Answer: D

Your organization recently implemented two servers that act as failover devices for each other. Which security goal is your organization pursuing?

Your organization recently implemented two servers that act as failover devices for each other. Which security goal is your organization pursuing?

A.Safety
B.Integrity
C. Confidentiality
D. Availability


Answer: D

You want to ensure that messages sent from administrators to managers arrive unchanged. Which security goal are you addressing?

You want to ensure that messages sent from administrators to managers arrive unchanged. Which security goal are you addressing? 

A. Confidentiality
B. Integrity
C. Availability
D. Authentication


Answer: B

Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs?

Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs? 

A. Hashing
B. Digital Signature
C. Encryption
D. Certificate


Answer: C

Of the various forms of standardized RAIDs, which two are the most commonly implemented?

Of the various forms of standardized RAIDs, which two are the most commonly implemented?

A) RAIDs 1 and 2
B) RAIDs 3 and 5
C) RAIDs 1 and 5
D) RAIDs 2 and 5


Answer: C) RAIDs 1 and 5

At a minimum, RAID 3 requires ________ drive(s).

At a minimum, RAID 3 requires ________ drive(s). 

A) 2
B) 3
C) 1
D) 5


Answer: B) 3

Unlike RAID 1, which has no automated error correcting mechanism, RAID ________ uses parity for data recovery.

Unlike RAID 1, which has no automated error correcting mechanism, RAID ________ uses parity for data recovery.

A) 1
B) 2
C) 3
D) 5


Answer: C) 3

ECC stands for ________.

ECC stands for ________.

A) enhanced communications control
B) end communications center
C) error correcting code
D) error control code


Answer: C) error correcting code

Unlike a mirrored RAID 1, a ________ RAID 1 has separate hard drive controllers for each hard drive.

Unlike a mirrored RAID 1, a ________ RAID 1 has separate hard drive controllers for each hard drive.

A) triple
B) duplexed
C) copied
D) single


Answer: B) duplexed

_______ uses data stripping at the byte level, but with the addition of parity checking.

_______ uses data stripping at the byte level, but with the addition of parity checking. 

A) RAID 0
B) RAID 1
C) RAID 2
D) RAID 3


Answer: D) RAID 3

In a mirrored RAID 1, a single hard drive controller is used to manage ________ hard drive(s).

In a mirrored RAID 1, a single hard drive controller is used to manage ________ hard drive(s).

A) 2
B) 3
C) 1
D) more than 4


Answer: A) 2

____ can be implemented with disk mirroring or disk duplexing.

______ can be implemented with disk mirroring or disk duplexing. 

A) RAID 1
B) RAID 2
C) RAID 3
D) RAID 4


Answer: A) RAID 1

A ________ is preferred for large data records because multiple drives can be read in parallel if a large record spans more than one drive.

A ________ is preferred for large data records because multiple drives can be read in parallel if a large record spans more than one drive.

A) block-level stripping
B) byte-level stripping
C) bit-level stripping
D) None of the above


Answer: B) byte-level stripping

Simple disk stripping usually uses block-level stripping but can also be configured for ________-level stripping.

Simple disk stripping usually uses block-level stripping but can also be configured for ________-level stripping.

A) bit
B) byte
C) gigabit
D) None of the above


Answer: B) byte

RAID Level ________ is referred to as simple disk stripping.

RAID Level ________ is referred to as simple disk stripping. 

A) 0
B) 1
C) 3
D) 5


Answer: A) 0

The six standardized RAID levels are ________.

The six standardized RAID levels are ________. 

A) 0 to 100
B) 1 to 20
C) 1 to 10
D) 0 to 5


Answer: D) 0 to 5

For an added expense, RAID drive arrays can support ________ drives.

For an added expense, RAID drive arrays can support ________ drives. 

A) midline swappable
B) warm swappable
C) hot swappable
D) cold swappable


Answer: C) hot swappable

SCSI stands for ________.

SCSI stands for ________.

A) Sessioned Conversation Stateful Interaction
B) Symmetrical Confidential Session Interface
C) Small Computer System Interface
D) Stateful Cipher System Integration


Answer: C) Small Computer System Interface

RAID is also sometimes referred to as ________.

RAID is also sometimes referred to as ________. 

A) Redundant Array of Independent Devices
B) Responsive and Instrumental Devices
C) Responsive Asymmetrical Internal Devices
D) Reactive Alternative Internal Devices


Answer: A) Redundant Array of Independent Devices

RAID stands for ________.

RAID stands for ________.

A) Responsive Asymmetrical Internal Devices
B) Redundant Array of Inexpensive Devices
C) Reactive Alternative Internal Devices
D) Researched and Investigative Discoveries


Answer: B) Redundant Array of Inexpensive Devices

An integrated security system should incorporate preventive, detective, and ________ measures that are internal and external to the enterprise.

An integrated security system should incorporate preventive, detective, and ________ measures that are internal and external to the enterprise.

A) reactive
B) expensive
C) extraneous
D) networked


Answer: A) reactive

In order for a Disaster Recovery Plan to work, some degree of ________ is required.

In order for a Disaster Recovery Plan to work, some degree of ________ is required.

A) repudiation
B) inconsistency
C) redundancy
D) scanning


Answer: C) redundancy

A network is both ________ and ________ vulnerable.

A network is both ________ and ________ vulnerable. 

A) clerically, systematically
B) sensically, instantly
C) logically, physically
D) publicly, privately


Answer: C) logically, physically

Which of the following is NOT one of the four types of filtering that a firewall can perform?

Which of the following is NOT one of the four types of filtering that a firewall can perform? 

A) application
B) stateful packet inspection
C) packet
D) markup


Answer: D) markup

A successful cipher must make it difficult for an encrypted message to be viewed in its ________ form, without the use of the cryptographic key.

A successful cipher must make it difficult for an encrypted message to be viewed in its ________ form, without the use of the cryptographic key.

A) cryptography
B) cleartext
C) cryogenics
D) cryotext



Answer: B) cleartext

______ is the science of ensuring that data and information cannot be easily understood or modified by unauthorized individuals.

______ is the science of ensuring that data and information cannot be easily understood or modified by unauthorized individuals.

A) Cryptography
B) Cleartexting
C) Cryogenics
D) Cipher Texting


Answer: A) Cryptography

Which of the following is NOT one of the CAIN components?

Which of the following is NOT one of the CAIN components?

A) disaster protection
B) confidentiality
C) integrity
D) access


Answer: A) disaster protection

A(n) ________ is an alternative facility where an organization can restore all or a portion of its business-critical systems within a short amount of time.

A(n) ________ is an alternative facility where an organization can restore all or a portion of its business-critical systems within a short amount of time.

A) certified holder
B) alter ego
C) hot spot
D) Caesar cipher


Answer: C) hot spot

DRP stands for ________.

DRP stands for ________. 

A) digital recovery plan
B) dividing rumor protocol
C) disaster recovery plan
D) dichotic recovery protocol


Answer: C) disaster recovery plan

_______ is an application that searches out Internet-connected devices looking for open well-known port service accesses.

_______ is an application that searches out Internet-connected devices looking for open well-known port service accesses.

A) Port scanning
B) Proxy searcher
C) Packet integration
D) Infrastructure finder


Answer: A) Port scanning

SPI stands for ________.

SPI stands for ________. 

A) stateful packet inspection
B) scan packet integration
C) session packet inspection
D) scanning proxy integration


Answer: A) stateful packet inspection

A(n) ________, also called a circuit-level gateway, evaluates not only a packet's source and destination addresses, but also the circuits that have been established for the packet's communication.

A(n) ________, also called a circuit-level gateway, evaluates not only a packet's source and destination addresses, but also the circuits that have been established for the packet's communication.

A) application firewall fence
B) digital recovery plan
C) stateful packet inspection
D) circuit filtering firewall


Answer: D) circuit filtering firewall

________ are also called proxy firewalls or application-layer gateways.

________ are also called proxy firewalls or application-layer gateways. 

A) Encryption firewalls
B) Address firewalls
C) Application firewalls
D) Disaster firewalls


Answer: C) Application firewalls

What is the term for the attack that occurs when a filter is tricked into believing a packet is coming from an addressed device different from its true originating source?

What is the term for the attack that occurs when a filter is tricked into believing a packet is coming from an addressed device different from its true originating source?

A) cipher filtering
B) encryption siting
C) address spoofing
D) integrity searching


Answer: C) address spoofing

DMZ stands for ________.

DMZ stands for ________. 

A) digital machine zone
B) deviced machine zone
C) demilitarized zone
D) disaster machination zone


Answer: C) demilitarized zone

As a barrier between the outside world and the enterprise, a(n) ________ is configured to keep out unauthorized individuals who are attempting to attack or penetrate the enterprise.

As a barrier between the outside world and the enterprise, a(n) ________ is configured to keep out unauthorized individuals who are attempting to attack or penetrate the enterprise. 

A) infrastructure
B) certificate
C) firewall
D) cipher


Answer: C) firewall

PKI stands for ________.

PKI stands for ________. 

A) Proxy Key Infrastructure
B) Public Key Infrastructure
C) Public Kinetic Infrastructure
D) Private Key Infrastructure


Answer: B) Public Key Infrastructure

A(n) ________ key is a key pair that is renewed, or changed, periodically.

A(n) ________ key is a key pair that is renewed, or changed, periodically. 

A) session
B) plan
C) packet
D) integrated


Answer: A) session

With asymmetric ciphers, two separate keys are used. What are they?

With asymmetric ciphers, two separate keys are used. What are they?

A) an integrated key and a non-integrated key
B) a public key and a private key
C) a packet key and an open key
D) a symmetrical key and an asymmetrical key


Answer: B) a public key and a private key

The two major branches of cryptography into which ciphers generally fall are ________.

The two major branches of cryptography into which ciphers generally fall are ________.

A) integrated and non-integrated
B) encrypted and unencrypted
C) symmetric and asymmetric
D) filtered and unfiltered


Answer: C) symmetric and asymmetric

The Caesar cipher, or mapping, used what language as the alphabet?

The Caesar cipher, or mapping, used what language as the alphabet? 

A) Gaelic
B) Spanish
C) Italian
D) Latin



Answer: D) Latin

In combination with the cipher, what is used to encode and decode data?

In combination with the cipher, what is used to encode and decode data? 

A) a card
B) a key
C) a signature
D) a certificate


Answer: B) a key

A(n) ________ is the systematic attempt by an unauthorized individual to discover the cleartext form of the data from its encrypted form.

A(n) ________ is the systematic attempt by an unauthorized individual to discover the cleartext form of the data from its encrypted form.

A) exchange
B) crypt
C) attack
D) switch



Answer: C) attack

What is the term used for a cryptographic method that uses a key pair, one key to encode data and a second different key to decode?

What is the term used for a cryptographic method that uses a key pair, one key to encode data and a second different key to decode?

A) Session Key
B) Asymmetric Cipher
C) Public Key Infrastructure
D) Cryptanalysis


Answer: B) Asymmetric Cipher

In order to transform the data from cleartext to a scrambled or "encrypted" form, ________ is used.

In order to transform the data from cleartext to a scrambled or "encrypted" form, ________ is used.

A) a Session Key
B) cleartext
C) a Public Key Infrastructure
D) a cipher


Answer: D) a cipher

Data in its raw form is referred to as being "plaintext" or ________.

Data in its raw form is referred to as being "plaintext" or ________. 

A) alphabetical
B) symmetrical
C) cryptogram
D) cleartext


Answer: D) cleartext

_____ is the science of ensuring that data and information cannot be easily understood or modified by unauthorized individuals.

_____ is the science of ensuring that data and information cannot be easily understood or modified by unauthorized individuals.

A) Cryptology
B) Cipherism
C) Symmetry
D) Cleartexting


Answer: A) Cryptology

What is the term used for the activity of rendering data useless to anyone who might wrongfully intercept it?

What is the term used for the activity of rendering data useless to anyone who might wrongfully intercept it?

A) de-scrambling
B) mixing
C) scrambling
D) messing


Answer: C) scrambling

What two things are common means of providing for verification that those who are accessing enterprise data are authorized to do so?

What two things are common means of providing for verification that those who are accessing enterprise data are authorized to do so?

A) scanning and authorization
B) repudiation and digital certificates
C) authorization and backup certificates
D) authentication and digital certificates


Answer: D) authentication and digital certificates

Every data communication has ________.

Every data communication has ________. 

A) a digifier and a resender
B) sender and a receiver
C) a user and a recipient
D) a scrambler and a cryptographer


Answer: B) sender and a receiver

In relation to enterprise security, ________ means that only those who have the right to do so can modify data and information.

In relation to enterprise security, ________ means that only those who have the right to do so can modify data and information.

A) interrogation
B) visuality
C) virtuality
D) integrity


Answer: D) integrity

A common means of authentication is a requirement that each user of the enterprise has an authorized ________.

A common means of authentication is a requirement that each user of the enterprise has an authorized ________.

A) name and userid
B) userid and password
C) password and passkey
D) fault and tolerance



Answer: B) userid and password

One way to assure availability of data is to implement forms of ________ for fault tolerance.

One way to assure availability of data is to implement forms of ________ for fault tolerance. 

A) scrambling
B) redundancy
C) communication
D) digication


Answer: B) redundancy

______ confirms that the user attempting to use a networked resource has been given appropriate rights and privileges to that resource.

_______ confirms that the user attempting to use a networked resource has been given appropriate rights and privileges to that resource.

A) Authentication
B) Propriation
C) Condemnation
D) Cessation


Answer: A) Authentication