What type of risk management is used when a risk is identified and evaluated, but it is determined that the cost of the technology needed to reduce the risk is too expensive and will not be purchased?

What type of risk management is used when a risk is identified and evaluated, but it is determined that the cost of the technology needed to reduce the risk is too expensive and will not be purchased?




a. Risk mitigation

b. Risk avoidance

c. Risk transference

d. Risk acceptance


Answer: d. Risk acceptance

Which of the security approach involves creating layers of security beginning with the points of access to a network and continuing with cascading layers of security at various points?

Which of the security approach involves creating layers of security beginning with the points of access to a network and continuing with cascading layers of security at various points?




a. Defense in depth

b. Least privilege

c. Separation of privileges

d. Security through obscurity


Answer: a. Defense in depth

What is an SSO system?

What is an SSO system?




a. Single sign-on

b. Single secure opening

c. Secure signal operation

d. Single secure operation


Answer: a. Single sign-on

Which valuation method puts a dollar value on an asset corresponding to the cost the organization would incur if the asset had to be replaced at market prices?

Which valuation method puts a dollar value on an asset corresponding to the cost the organization would incur if the asset had to be replaced at market prices?




a. Original cost valuation

b. Depreciated valuation

c. Qualitative valuation

d. Replacement cost valuation


Answer: d. Replacement cost valuation

Alan is a security administrator responsible for the protection of his company's Web site. He's particularly worried about the potential that malicious individuals might conduct a defacement attack and replace text somewhere on his site with information that might damage his company's reputation. What tool can best assist Alan in the detection of defacement attack?

Alan is a security administrator responsible for the protection of his company's Web site. He's particularly worried about the potential that malicious individuals might conduct a defacement attack and replace text somewhere on his site with information that might damage his company's reputation. What tool can best assist Alan in the detection of defacement attack?


a. Nessus

b. SAINT

c. SARA

d. Nmap

e. Tripwire


Answer: e. Tripwire

Which of the following activities does SAINT perform when conducting a security assessment?

Which of the following activities does SAINT perform when conducting a security assessment? (Choose all that apply.)



a. Scan for active hosts.

b. Identify services running on those hosts.

c. Check for known vulnerabilities.

d. Alert the administrator about altered files.

e. Report scan results to the auditor.

Answer:


a. Scan for active hosts.,
b. Identify services running on those hosts.,
c. Check for known vulnerabilities.,
e. Report scan results to the auditor.

What is the main purpose of the Tripwire security tool?

What is the main purpose of the Tripwire security tool?




a. Integrity assurance

b. Intrusion detection

c. Perimeter protection

d. Vulnerability scanning

e. Network Mapping


Answer: a. Integrity assurance

Which one of the following vulnerability scanning tools uses an open-source scripting language that allows administrators around the world to easily write vulnerability tests and share them with other security professionals?

Which one of the following vulnerability scanning tools uses an open-source scripting language that allows administrators around the world to easily write vulnerability tests and share them with other security professionals?




a. Nmap

b. SATAN

c. SAINT

d. Nessus

e. MBSA


Answer: d. Nessus

Which of the following are critical questions that must be addressed when developing a log analysis policy?

Which of the following are critical questions that must be addressed when developing a log analysis policy? (Choose all that apply.)




a. What anomalies should trigger immediate alerts?

b. How long must the deviation occur before registering an anomaly?

c. How much of a deviation from the norm represents an anomaly?

d. What is the impact of the logging on system performance?


Answer:


a. What anomalies should trigger immediate alerts?,
b. How long must the deviation occur before registering an anomaly?,
c. How much of a deviation from the norm represents an anomaly?

Which of the following are major reasons that extraneous events should not be logged? (Choose all that apply.)

Which of the following are major reasons that extraneous events should not be logged? (Choose all that apply.)




a. Overlogging can degrade system performance.

b. Someone must spend a lot of time reading the logs.

c. Critical events might not be logged.

d. Critical events might be overwritten.


Answer:


a. Overlogging can degrade system performance.,
b. Someone must spend a lot of time reading the logs.,
d. Critical events might be overwritten.

If your main goal in risk assessment is to find out the top five most critical risks to your organization, which method would you most likely choose?

If your main goal in risk assessment is to find out the top five most critical risks to your organization, which method would you most likely choose?




a. Quantitative risk assessment

b. Solomon-Chapple ranking system

c. P-ranking assessment method

d. Qualitative risk assessment


Answer: d. Qualitative risk assessment

What common threat is pervasive in UNIX and Windows and most often overlooked, but should be easy to fix?

What common threat is pervasive in UNIX and Windows and most often overlooked, but should be easy to fix?




a. IIS Web server vulnerabilities

b. RPC vulnerabilities

c. General authentication - accounts with no passwords or weak passwords

d. Internet Explorer weakness


Network Securityc. General authentication - accounts with no passwords or weak passwords

Which of the following are valid uses for keystroke monitoring?

Which of the following are valid uses for keystroke monitoring? (Choose all that apply.)




a. Surveillance of a user suspected of inappropriate activity

b. Testing and quality assurance

c. Information gathering

d. Routine activity monitoring


Answer:


a. Surveillance of a user suspected of inappropriate activity,
b. Testing and quality assurance,
c. Information gathering

Which of the following describes a system backup? (Choose all that apply.)

Which of the following describes a system backup? (Choose all that apply.)




a. The only way to recover from data loss

b. Possibly your best insurance

c. A potentially serious vulnerability

d. Near failure-proof


Answer:

b. Possibly your best insurance,
c. A potentially serious vulnerability

What is a Windows domain?

What is a Windows domain?




a. Trusted computers with exclusive user lists

b. A logical grouping of directory objects that can share security information

c. Closed networks that do not allow remote connections

d. Open networks with little security that allow anonymous connections


Answer: b. A logical grouping of directory objects that can share security information

UNIX security design is based on what basic concept?

UNIX security design is based on what basic concept?




a. Large market structure

b. Active Directory

c. File permissions

d. Access control lists


Answer: c. File permissions

What is a control?

What is a control?




a. A physical device that authenticates users

b. Any software that limits access to an object

c. A policy that provides information on how to secure a system

d. Any mechanism that limits access to an object


Answer: d. Any mechanism that limits access to an object

What resources do operating systems manage?

What resources do operating systems manage?




a. Encryption keys, storage devices, and network software

b. Primary and secondary storage, software configuration, processors, and communication standards

c. Primary and secondary storage, processors, input/output devices, and networking components

d. Input/output devices, firewalls, and network sniffers


Answer: c. Primary and secondary storage, processors, input/output devices, and networking components

Which of the following statements are true?

Which of the following statements are true?




a. Only hardware firewalls are capable of performing stateful inspection.

b. Only software firewalls are capable of performing stateful inspection.

c. Software firewalls are typically faster-performing than hardware firewalls.

d. Hardware firewalls are typically more expensive than software firewalls.


Answer: d. Hardware firewalls are typically more expensive than software firewalls.

Angie is the network administrator for a small e-commerce business. Her organization uses a screened subnet firewall approach. She's installing a Web server that contains information that should be accessible to external users. Where should she place the server?

Angie is the network administrator for a small e-commerce business. Her organization uses a screened subnet firewall approach. She's installing a Web server that contains information that should be accessible to external users. Where should she place the server?




a. On the Internet segment

b. On the intranet segment

c. On the DMZ segment

d. On the segment between the two firewalls


Answer: c. On the DMZ segment

Which of the following benefits are achieved by a proxy server?

Which of the following benefits are achieved by a proxy server? (Choose all that apply.)




a. Optimizes use of network bandwidth

b. Prevents denial of service attacks against the firewall

c. Eliminates the need for a Web browser

d. Hides the IP address of the true client

Answer:


a. Optimizes use of network bandwidth,
d. Hides the IP address of the true client

John is the security administrator for a network that has exclusive use of the 129.83.0.0 IP address range. The network is connected to a trusted network in another city that uses the 129.84.0.0 address range. He would like to configure egress filtering on his network. Which one of the following rules achieves that goal?

John is the security administrator for a network that has exclusive use of the 129.83.0.0 IP address range. The network is connected to a trusted network in another city that uses the 129.84.0.0 address range. He would like to configure egress filtering on his network. Which one of the following rules achieves that goal?




a. Block inbound traffic from any source with a 129.83.x.x address.

b. Block inbound traffic from the Internet with a 129.83.x.x address.

c. Block outbound traffic to the Internet with a 129.83.x.x address.

d. Block outbound traffic to the Internet without a 129.83.x.x address.


Answer: d. Block outbound traffic to the Internet without a 129.83.x.x address.

What characteristic makes a logic bomb different from a worm?

What characteristic makes a logic bomb different from a worm?




a. A logic bomb contains at least one virus, whereas a worm is a standalone program.

b. A logic bomb activates when a specific event occurs, whereas a worm executes whenever it is run.

c. A worm can contain dangerous code, whereas a logic bomb can only appear to be dangerous.

d. They are essentially the same.


Answer: b. A logic bomb activates when a specific event occurs, whereas a worm executes whenever it is run.

What is the main difference between a virus and a worm?

What is the main difference between a virus and a worm?




a. A virus can do more damage than a worm.

b. Worms work only in background mode.

c. A virus is a standalone program, whereas a worm requires a host program to infect.

d. A virus requires a host program to infect, whereas a worm is a standalone program.


Answer: d. A virus requires a host program to infect, whereas a worm is a standalone program.

Which is the best description of information system forensics?

Which is the best description of information system forensics?



a. The analysis of a system with the purpose of finding evidence of criminal activity

b. The analysis of system with the purpose of finding evidence of specific activity

c. The analysis of system with the purpose of finding evidence of any activity

d. The analysis of system with the purpose of finding evidence of inactivity


Answer: b. The analysis of system with the purpose of finding evidence of specific activity

What is evidence?

What is evidence?





a. Any hardware, software, or data that can be used to verify the identity or activity of an attacker

b. Any hardware, software, or data that is admissible in a court of law and used to verify the identity or activity of an attacker

c. Only hardware, software, or data collected by a law enforcement officer that can be used to verify the identity or activity of an attacker

d. Any hardware, software, or data that was collected during an incident investigation


Answer: a. Any hardware, software, or data that can be used to verify the identity or activity of an attacker

What is malicious code?

What is malicious code?




a. Executable code that contains hidden entry points for developers to use to bypass access controls

b. Any program, procedure, or other executable file that makes authorized modifications or triggers authorized actions

c. Any executable file that contains bugs

d. Any program, procedure, or other executable file that makes unauthorized modifications of triggers unauthorized actions


Answer: d. Any program, procedure, or other executable file that makes unauthorized modifications of triggers unauthorized actions

What is a system compromise?

What is a system compromise?




a. Any unauthorized access to a system

b. Unauthorized access to a system that results in data modification

c. Unauthorized access to a system that results in data disclosure

d. Any unauthorized access to a system that results in data loss


Answer: a. Any unauthorized access to a system

What is a scanning incident?

What is a scanning incident?




a. Systematically searching a computer system for installed software

b. Systematically dialing telephone numbers to find a modem that answers

c. Systematically searching a system of ports to see which ones are open

d. Systematically searching all executable files for embedded viruses


Answer: c. Systematically searching a system of ports to see which ones are open


What is an incident?

What is an incident?




a. Any violation of the security policy

b. Any violation of a law or regulation that involves a computer

c. Any attack that results in damage to data

d. Any attack that can be associated with an individual


Answer: a. Any violation of the security policy

Which of the following are common types of attacks?

Which of the following are common types of attacks? (Choose all that apply.)




a. Fun attacks

b. Financial attacks

c. Iterative attacks

d. Nonlinear attacks


Answer:

a. Fun attacks,
b. Financial attacks

What is a computer crime?

What is a computer crime?




a. Any violation of the security policy

b. Any attack that results in losses exceeding $5,000

c. Any attack that involves a violation of a law or regulation

d. Any attack on a public information system


Answer: c. Any attack that involves a violation of a law or regulation

What are the main goals of an attacker?

What are the main goals of an attacker?



a. To bring about data confidentiality, integrity, and availability

b. To bring about data disclosure, integrity, or destruction

c. aTo bring about data confidentiality, alteration, or destruction

d. To bring about data disclosure, alteration, or destruction


Answer: d. To bring about data disclosure, alteration, or destruction

What is an attack?

What is an attack?


a. An attempt to damage information system hardware

b. An attempt to gain unauthorized access to a system or to deny authorized users from accessing the system

c. An attempt to gain authorized access to an information system

d. An attempt to violate the disclosure property of a secure system


Answer: b. An attempt to gain unauthorized access to a system or to deny authorized users from accessing the system

What is the name of a single device that is based on a firewall but that has been expanded and improved to perform a wide variety of services, such as filtering, IPS, antivirus scanning, anti-spam filtering, VPN endpoint hosting, content filtering, load-balancing, and detailed logging?

What is the name of a single device that is based on a firewall but that has been expanded and improved to perform a wide variety of services, such as filtering, IPS, antivirus scanning, anti-spam filtering, VPN endpoint hosting, content filtering, load-balancing, and detailed logging?




A. Load balanced filtering

B. Port based network access (admission) control

C. Unified threat management

D. Multifactor authentication

E. IEEE 802.1x


Answer: C

What is the primary factor used to distinguish a great firewall enhancement from a marketing gimmick used to drive up sales?

What is the primary factor used to distinguish a great firewall enhancement from a marketing gimmick used to drive up sales?


A. Does the enhanced firewall cost the same or less than separate products?

B. Does the enhancement affect the operating speed of the firewall?

C. Does the enhancement operate as well as or better than the original firewall?

D. Does the enhancement require the purchase of a new firewall, or can it be added to existing products already deployed?

E. Does the enhancement have a reoccurring license or subscription fee?

Answer: C

What is the biggest issue or problem with an IDS?

What is the biggest issue or problem with an IDS?




A. False positives

B. Failing to operate at wirespeed

C. False negatives

D. Keeping the pattern database current

E. Using anomaly detection


Answer: C

Which of the following is an event found in a firewall log file that is a symptom of a rogue host operating within the private network?

Which of the following is an event found in a firewall log file that is a symptom of a rogue host operating within the private network?




A. Packets from a known malicious address

B. Packets from an unassigned internal address

C. Packets to an unknown port on an internal host

D. Packets in a serial grouping that attempt to access a sequential series of ports

E. Packets in a very large grouping that are all exactly the same directed toward a single target


Answer: B

You can use firewall logging to perform all of the following activities except:

You can use firewall logging to perform all of the following activities except:




A. Discovering new methods or techniques of attack

B. Creating a historical record of activity used for traffic and trend analysis

C. Tracking usage levels and times for load balancing

D. Stopping intrusions

E. Creating legally admissible evidence for use in prosecution


Answer: D

Which of the following is a default-deny rule?

Which of the following is a default-deny rule?




A. TCP ANY ANY ANY ANY Deny

B. TCP 192.168.42.0/24 ANY ANY ANY Deny

C. TCP ANY 192.168.42.0/24 ANY ANY Deny

D .TCP ANY ANY 192.168.42.0/24 ANY Deny

E. DENY TCP ANY ANY ANY ANY


Answer: A

What is the primary purpose of a post-mortem assessment review?

What is the primary purpose of a post-mortem assessment review?




A. Reducing costs

B. Adding new tools and resources

C. Placing blame on an individual

D. Learning from mistakes

E. Extending the length of time consumed by a task


Answer: D

Which of the following is a true statement with regard to compliance auditing?

Which of the following is a true statement with regard to compliance auditing?



A. Compliance auditing is a legally mandated task for every organization.

B. Compliance auditing ensures that all best practices are followed.

C. Compliance auditing creates a security policy.

D. Compliance auditing is an optional function for the financial and medical industries.

E. Compliance auditing verifies that industry specific regulations and laws are followed.


Answer: E

The purpose of a security checklist is:

The purpose of a security checklist is:




A. To keep an inventory of equipment in the event of a disaster

B. To create a shopping list for replacement parts

C. To ensure that all security elements are still effective

D. To complete the security documentation for the organization

E. To assess the completeness of the infrastructure


Answer: C

All of the following are common mistakes or security problems that should be addressed in awareness training except:

All of the following are common mistakes or security problems that should be addressed in awareness training except:




A. Opening e-mail attachments from unknown sources

B. Using resources from other subnets of which the host is not a member

C. Installing unapproved software on work computers

D. Failing to make backups of personal data

E. Walking away from a computer while still logged in


Answer: B

What is the only protection against data loss?

What is the only protection against data loss?




A. Integrity checking

B. Encryption

C. Traffic filtering

D. Backup and recovery

E. Auditing



Answer: D

A complete and comprehensive security approach needs to address or perform two main functions. The first is to secure assets and the second is:

A complete and comprehensive security approach needs to address or perform two main functions. The first is to secure assets and the second is:




A. Watch for violation attempts.

B. Prevent downtime.

C. Verify identity.

D. Control access to resources.

E. Design the infrastructure based on the organization's mission.

Answer: A

The purpose of physical security access control is to:

The purpose of physical security access control is to:




A. Grant access to external entities.

B. Prevent external attacks from coming through the firewall.

C. Provide teachable scenarios for training.

D. Limit interaction between people and devices.

E. Protect against authorized communications over external devices.


Answer: D

When performing node security on a router, all of the following are important concerns, except:

When performing node security on a router, all of the following are important concerns, except:




A. Blocking all directed IP broadcasts

B. Disabling echo, chargen, discard, and daytime

C. Watching for MAC spoofing

D. Dropping RFC 1918 addressed packets from the Internet

E. Enabling a warning banner for all attempted connections


Answer: C

What is the essential purpose or function of encryption?

What is the essential purpose or function of encryption?




A. Verifying integrity

B. Proving the identity of endpoints

C. Protecting content from unauthorized third parties

D. Maintaining performance

E. Validating parking


Answer: C

What is the essential purpose or function of accounting?

What is the essential purpose or function of accounting?





A. Detecting intrusions

B. Proving identity

C. Controlling access to assets

D. Recording the activities and events within a system

E. Throttling transactions


Answer: D

What is the essential purpose or function of authorization?

What is the essential purpose or function of authorization?




A. Granting or denying access to resources

B. Checking policy compliance

C. Identifying entities

D. Monitoring levels of utilization

E. Detecting spoofed content


Answer: A

What is the essential purpose or function of authentication?

What is the essential purpose or function of authentication?




A. Controlling access to resources

B. Monitoring for security compliance

C. Watching levels of performance

D. Verifying entity identity

E. Preventing distribution of malware


Answer: D

All of the following are true statements about system hardening except:

All of the following are true statements about system hardening except:





A. System hardening is a one-time process that does not need to be repeated on the same host.

B. System hardening removes or reduces many known vulnerabilities.

C. System hardening is different for each system with a unique function.

D. System hardening is dependent on the location or placement of a host within the seven common domains of an IT infrastructure.

E. Any system discovered to be out of compliance with system hardening guidelines should be quarantined until it can be repaired.



Answer: A

All of the following are elements of system hardening except:

All of the following are elements of system hardening except:




A. Removing unnecessary protocols, services, and applications

B. Implement ingress and egress filtering against spoofed addresses

C. Installing patches and updates

D. Configuring encryption for storage and communication

E. Installing antivirus and a host firewall


Answer: B

What is a primary benefit of system hardening?

What is a primary benefit of system hardening?




A. It reduces user performance.

B. It increases network throughput.

C. It decreases the attack surface.

D. It improves host ROI.

E. It tracks attempted intrusions.


Answer: C

Which of the following is a flaw or weakness that both static and dynamic addressing share?

Which of the following is a flaw or weakness that both static and dynamic addressing share?




A. The assignment server can go offline.

B. Changes require manual modification on each host.

C. Public queries will fail.

D. Hackers can spoof valid addresses.

E. The first half of the address identifies the NIC vendor.


Answer: D

How can static addresses be simulated with DHCP?

How can static addresses be simulated with DHCP?





A. Round robin assignment

B. Manual configuration on each host

C. Duplicate MAC addresses

D. Reservations

E. DNS reverse lookup


Answer: D

All of the following are elements of network design except:

All of the following are elements of network design except:




A. Satisfying security goals

B. Understanding of the seven domains of IT infrastructure

C. Implementing multiple layers of defense

D. Thorough research and planning

E. Utilizing a single vendor


Answer: E

What is involved in key escrow?

What is involved in key escrow?



Answer: The key is split in two halves, then encrypted by a third party

Which of the following does a digital certificate NOT contain?

Which of the following does a digital certificate NOT contain?




a. Name of the issuer
b. Expiration date of the public key
c. Serial number of the digital certificate
d. The hard-coded MAC address of the owner


Answer: d. The hard-coded MAC address of the owner

Which of the following is provided by a server digital certificate?

Which of the following is provided by a server digital certificate?




a. Authentication the author of a book
b. Integrity of the cryptographic connection
c. Secure email transmissions
d. Authentication of the web server


Answer: d. Authentication of the web server

Which of the following explains the importance of a "facilitator?"

Which of the following explains the importance of a "facilitator?"




a. A facilitator simplifies the use of digital certificates to end users
b. A facilitator speeds up the process of blacklisting untrusted certificates
c. A facilitator interconnects CAs within a bridge trust model
d. A facilitator expedites the certificate validation process


Answer: c. A facilitator interconnects CAs within a bridge trust model

Which of the following best describes TPM?

Which of the following best describes TPM?





a. An asymmetric key
b. Uses a 16-bit key
c. An advanced algorithm
d. A chip on a motherboard


Answer: d. A chip on a motherboard

Which of the following is NOT a benefit of USB device encryption?

Which of the following is NOT a benefit of USB device encryption?





a. Files moved to the USB are automatically encrypted
b. Administrators can lock a user out of the device during the next connection
c. Administrators can remotely initiate a self-destruct command to eliminate data
d. The USB device can encrypt the hard drive of an attacker when they attempt to access data


Answer: d. The USB device can encrypt the hard drive of an attacker when they attempt to access data

OTPs were originally used by whom?

OTPs were originally used by whom?



Answer: Resistance groups and operation teams during World War II

Using asymmetric cryptography practices, Alex wants to send Jessica an encrypted message that he received from Joel. Additionally, Jessica wants to verify the message came from Alex by viewing his digital signature. Whose keys would be used for what in this scenario?

Using asymmetric cryptography practices, Alex wants to send Jessica an encrypted message that he received from Joel. Additionally, Jessica wants to verify the message came from Alex by viewing his digital signature. Whose keys would be used for what in this scenario?



Answer: Jessica's public key will encrypt the message, Jessica's private key would be used to view the message, Alex's private key would be used to encrypt the digest, and Alex's public key would be used by Jessica to decrypt the digest.

What are the differences between a block cipher and a sponge function?

What are the differences between a block cipher and a sponge function?



Answer: A block cipher encrypts plaintext at a fixed size d. A block cipher encrypts plaintext at a fixed size whereas a sponge function takes an input string at any length

Passive RFID tags are powered by which of the following?

Passive RFID tags are powered by which of the following?




a. A WiMax connection
b. The signal coming from the transceiver
c. A voltaic battery
d. An extremely small power supply


Answer: b. The signal coming from the transceiver

Which of the following is considered OS hardening?

Which of the following is considered OS hardening?




a. Turning on the latest OS features
b. Using a cable lock
c. Keeping all applications updated
d. Disabling the guest account


Answer: d. Disabling the guest account

Which of the following correctly describes the importance of eliminating marks that classify a master key?

Which of the following correctly describes the importance of eliminating marks that classify a master key?




a. It is imperative to follow ideal key management procedures
b. An attacker will know which type of door locks the key opens
c. It allows for easier tracking of keys within an organization
d. The attacker will not be able to duplicate the key


Answer: a. It is imperative to follow ideal key management procedures

Which of the following is NOT an advantage to utilizing wrapper functions?

Which of the following is NOT an advantage to utilizing wrapper functions?




a. They allow programmers to concentrate on the essential purpose of the code module
b. They secure static environments
c.They provide error-correction of the existing code
d. They write error-checking methods

Answer: c. They provide error-correction of the existing code

Seismic sensors are used for which of the following?

Seismic sensors are used for which of the following?



a. Deterrent controls
b. Motion detection
c. Passive infrared light sensors
d. Barriers

Answer: b. Motion detection

Your organization wants to ensure that security controls continue to function, helping to maintain an appropriate security posture. Which of the following is the BEST choice to meet this goal?

Your organization wants to ensure that security controls continue to function, helping to maintain an appropriate security posture. Which of the following is the BEST choice to meet this goal?




A. Auditing logs
B. Routine audits
C. Continuous security monitoring
D. Vulnerability scans


Answer: C. Continuous security monitoring

Your organization's security policy states that administrators should follow the principle of least privilege. Which of the following tools can ensure that administrators are following the policy?

Your organization's security policy states that administrators should follow the principle of least privilege. Which of the following tools can ensure that administrators are following the policy?




A. User rights and permissions review
B. Risk assessment
C. Vulnerability assessment
D. Threat assessment


Answer: A. User rights and permissions review

Your organization recently hired an outside security auditor to review internal processes. The auditor identified several employees who had permissions for previously held jobs within the company. What should the organization implement to prevent this in the future?

Your organization recently hired an outside security auditor to review internal processes. The auditor identified several employees who had permissions for previously held jobs within the company. What should the organization implement to prevent this in the future?




A. Design reviews
B. Code reviews
C. Baseline review
D. User rights and permissions reviews


Answer: D. User rights and permissions reviews

Security administrators have recently implemented several security controls to enhance the network's security posture. Management wants to ensure that these controls continue to function as intended. Which of the following tools is the BEST choice to meet this goal?

Security administrators have recently implemented several security controls to enhance the network's security posture. Management wants to ensure that these controls continue to function as intended. Which of the following tools is the BEST choice to meet this goal?




A. Routine audit
B. Change management
C. Design review
D. Black box test


Answer: A. Routine audit

While analyzing a packet capture log, you notice the following entry: 16:12:50, src 10.80.1.5:3389, dst 192.168.1.100:8080, syn/ack Of the following choices, what is the BEST explanation of this entry?

While analyzing a packet capture log, you notice the following entry: 16:12:50, src 10.80.1.5:3389, dst 192.168.1.100:8080, syn/ack Of the following choices, what is the BEST explanation of this entry?




A. An HTTP connection attempt
B. An RDP connection attempt
C. An FTP connection attempt
D. A buffer overflow attack


Answer: B. An RDP connection attempt

A network administrator needs to identify the type of traffic and packet flags used in traffic sent from a specific IP address. Which of the following is the BEST tool to meet this need?

A network administrator needs to identify the type of traffic and packet flags used in traffic sent from a specific IP address. Which of the following is the BEST tool to meet this need?




A. UTM security appliance
B. Router logs
C. Protocol analyzer
D. Vulnerability scan


Answer: C. Protocol analyzer

A network administrator is troubleshooting a communication problem between a web server and a database server. Which of the following tools would MOST likely be useful in this scenario?

A network administrator is troubleshooting a communication problem between a web server and a database server. Which of the following tools would MOST likely be useful in this scenario?




A. Protocol analyzer
B. Port scanner
C. Switch
D. URL filter


Answer: A. Protocol analyzer

Your organization has hired a group of external testers to perform a black box penetration test. One of the testers asks you to provide information about your internal network. What should you provide?

Your organization has hired a group of external testers to perform a black box penetration test. One of the testers asks you to provide information about your internal network. What should you provide?




A. A list of IP ranges and the types of security devices operational on the network
B. Network diagrams but without internal IP addresses
C. Some network diagrams and some IP addresses, but not all
D. Nothing


Answer: D. Nothing


An organization has a legacy server within the DMZ. It is running older software that is not compatible with current patches, so it remains unpatched. Management accepts the risk on this system, but wants to know if attackers can access the internal network if they successfully compromise this server. Which of the following is the MOST appropriate test?

An organization has a legacy server within the DMZ. It is running older software that is not compatible with current patches, so it remains unpatched. Management accepts the risk on this system, but wants to know if attackers can access the internal network if they successfully compromise this server. Which of the following is the MOST appropriate test?




A. Vulnerability scan
B. Port scan
C. Code review
D. Pentest


Answer: D. Pentest

Your organization develops web application software, which it sells to other companies for commercial use. Your organization wants to ensure that the software isn't susceptible to common vulnerabilities, such as buffer overflow attacks and race conditions. What should the organization implement to ensure software meets this standard?

Your organization develops web application software, which it sells to other companies for commercial use. Your organization wants to ensure that the software isn't susceptible to common vulnerabilities, such as buffer overflow attacks and race conditions. What should the organization implement to ensure software meets this standard?




A. Input validation
B. Change management
C. Code review
D. Regression testing


Answer: C. Code review

A recent vulnerability stream-7 can reported that a web application server is missing some patches. However, after inspecting the server, you realize that the patches are for a protocol that administrators removed from the server. Which of the following is the BEST explanation for this disparity?

A recent vulnerability stream-7 can reported that a web application server is missing some patches. However, after inspecting the server, you realize that the patches are for a protocol that administrators removed from the server. Which of the following is the BEST explanation for this disparity?




A. False negative
B. False positive
C. Lack of patch management tools
D. The patch isn't applied


Answer: B. False positive

Lisa needs to identify if a risk exists on a web application and if attackers can potentially bypass security controls. However, she should not actively test the application. Which of the following is the BEST choice?

Lisa needs to identify if a risk exists on a web application and if attackers can potentially bypass security controls. However, she should not actively test the application. Which of the following is the BEST choice?




A. Perform a penetration test.
B. Perform a port scan.
C. Perform a vulnerability scan.
D. Perform traffic analysis with a sniffer.


Answer: C. Perform a vulnerability scan.

You need to perform tests on your network to identify missing security controls. However, you want to have the least impact on systems that users are accessing. Which of the following tools is the best to meet this need?

You need to perform tests on your network to identify missing security controls. However, you want to have the least impact on systems that users are accessing. Which of the following tools is the best to meet this need?




A. Code review
B. Vulnerability scan
C. Ping sweep
D. Penetration test


Answer: B. Vulnerability scan

You suspect that a database server used by a web application does not have current patches. Which of the following is the BEST action to take to verify the server has up-to-date patches?

You suspect that a database server used by a web application does not have current patches. Which of the following is the BEST action to take to verify the server has up-to-date patches?




A. Vulnerability scan
B. Port scan
C. Protocol analyzer
D. Host enumeration


Answer: A. Vulnerability scan

You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you've verified the servers have these patches installed. Which of the following BEST describes this?

You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you've verified the servers have these patches installed. Which of the following BEST describes this?




A. False negative
B. Misconfiguration on servers
C. False positive
D. Servers not hardened


Answer: C. False positive

Homer received an email advertising the newest version of a popular smartphone, which is not available elsewhere. It includes a malicious link. Which of the following principles is the email author using?

Homer received an email advertising the newest version of a popular smartphone, which is not available elsewhere. It includes a malicious link. Which of the following principles is the email author using?




A. Authority
B. Intimidation
C. Scarcity
D. Trust


Answer: C. Scarcity