Security MCQ: August 2018

Archive for August 2018

Which one of the following formulas best describes the relationship among the concepts of risk, threat, and vulnerability?

a. Threat = Vulnerability + Risk

b. Risk = Threat + Vulnerability

c. Threat = Vulnerability x Risk

d. Risk = Threat x Vulnerability

Answer: d. Risk = Threat x Vulnerability

What type of risk management is used when a risk is identified and evaluated, but it is determined that the cost of the technology needed to reduce the risk is too expensive and will not be purchased?

a. Risk mitigation

b. Risk avoidance

c. Risk transference

d. Risk acceptance

Answer: d. Risk acceptance

What category of common control categories does a locked door belong to?

a. Administrative

b. Logical

c. Physical

d. Technical

Answer: c. Physical

Assume you have developed a new cryptosystem that uses 4-bit keys. How many possible keys exist in your cryptosystem?

a. 8

b. 16

c. 32

d. 64

Answer: b. 16

Which of the following is not a disaster recovery facility?

a. Hot site

b. Warm site

c. Cold site

d. Cool site

Answer: d. Cool site

Which of the following terms describes the expected loss each time a given risk occurs?

a. ALE

b. AV

c. SLE

d. EF

Answer: c. SLE

There are two IP header fields that are important in datagram fragmentation and reassembly. One is Total Length, what is the other?

a. Type of Service

b. Offset

c. Source Address

d. Protocol

Answer: b. Offset

What is the term used to describe a set of external circumstances that may allow a vulnerability to be exploited?

a. Vulnerability

b. Risk

c. Threat

d. Valuation

Answer: c. Threat

What option of managing risk is used when an administrator takes preventative measures to reduce the risk posed to an asset?

a. Risk avoidance

b. Risk mitigation

c. Risk acceptance

d. Risk transference

Answer: b. Risk mitigation

What type of authentication do you use when you withdraw cash from an ATM?

a. Type 1 and Type 2

b. Type 1 and Type 3

c. Type 1

d. Type 2

Answer: a. Type 1 and Type 2

What term is used to describe the condition where users change roles within an organization but retain the access rights of their previous positions?

a. Access flow

b. Privilege creep

c. Unacceptable use

d. Permission net

Answer: b. Privilege creep

If you want to send a message to someone using an asymmetric cryptosystem what key should you use to encrypt the message?

a. Your public key

b. Your private key

c. The recipient's private key

d. The recipient's public key

Answer: d. The recipient's public key

A hacker gaining access to your system and reading confidential information is an action that constitutes which DAD component?

a. Disclosure

b. Alteration

c. Denial

d. Availability

Answer: a. Disclosure

Access control supports data confidentiality and what other security component?

a. Integrity

b. Denial

c. Availability

d. Disclosure

Answer: a. Integrity

What classification label is often applied to information that a company deems does not require classification protections?

a. Unclassified

b. Proprietary

c. Trade secret

d. Patent

Answer: a. Unclassified

What cryptographic goal attempts to prove that a message was sent from the person that sent it and was not forged?

a. Confidentiality

b. Nonrepudiation

c. Security through obscurity

d. Integrity

Answer: b. Nonrepudiation

Which of the security approach involves creating layers of security beginning with the points of access to a network and continuing with cascading layers of security at various points?

a. Defense in depth

b. Least privilege

c. Separation of privileges

d. Security through obscurity

Answer: a. Defense in depth

Which protocol is utilized by the ping command to determine whether a host is active on the network?

a. UDP

b. FTP

c. ICMP

d. IP

Answer: c. ICMP

If you receive a digitally signed message, what cryptographic key should you use to verify the digital signature?

a. The sender's public key

b. The sender's private key

c. Your private key

d. Your public key

Answer: a. The sender's public key

What is the default port used for a DNS server?

a. 23

b. 53

c. 43

d. 63

Answer: b. 53

What layer of the OSI model includes the encryption and decryption data transmitted over the network?

a. Application

b. Presentation

c. Transport

d. Data Link

Answer: b. Presentation

Access and activity monitoring supports what security principle?

a. Availability

b. Least privilege

c. Accountability

d. Liability

Answer: c. Accountability

Which of the security components of CIA fails when disclosure occurs?

a. Confidentiality

b. Availability

c. Integrity

d. None of the above

Answer: a. Confidentiality

Which CIA component involves protecting data from alteration by unauthorized users?

a. Confidentiality

b. Integrity

c. Availability

d. Alteration

Answer: b. Integrity

Which one of the types of policies we learned about should provide broad categories of data that will be protected under the policy?

a. Backup policy

b. Data retention policy

c. Acceptable use policy

d. Wireless device policy

Answer: b. Data retention policy

What type of policy should outline where the backup media should be stored?

a. Backup policy

b. Data retention policy

c. Acceptable use policy

d. Wireless device policy

Answer: a. Backup policy

Which one of the following types of attacks is not normally considered a malicious code object?

a. Virus

b. DoS

c. Worm

d. Trojan horse

Answer: b. DoS

What are the mechanisms we put in place to allow or disallow object access called?

a. subjects

b. objects

c. keys

d. controls

Answer: d. controls

Which of the following is not a hash function?

a. SHA-256

b. MD4

c. PGP

d. MD5

Answer: c. PGP

What type of extinguisher should be used on fires involving combustible metals?

a. Class A

b. Class B

c. Class C

d. Class D

Answer: d. Class D

What is an SSO system?

a. Single sign-on

b. Single secure opening

c. Secure signal operation

d. Single secure operation

Answer: a. Single sign-on

What government security classification applies to materials that if disclosed to unauthorized individuals, would cause damage to the national security of the United States?

a. Secret

b. Confidential

c. Sensitive

d. Top Secret

Answer: a. Secret

Which type of attack uses a list of common passwords to gain unauthorized access to sensitive objects?

a. Brute force attack

b. Spoofing attack

c. Dictionary attack

d. Smurf attack

Answer: c. Dictionary attack

Which cryptographic algorithm was designed to replace the outdated Data Encryption Standard?

a. RSA

b. IDEA

c. PGP

d. AES

Answer: d. AES

What is the rate at which a biometric device rejects valid subjects?

a. FAR

b. FRR

c. CER

d. CDC

Answer: b. FRR

Which valuation method puts a dollar value on an asset corresponding to the cost the organization would incur if the asset had to be replaced at market prices?

a. Original cost valuation

b. Depreciated valuation

c. Qualitative valuation

d. Replacement cost valuation

Answer: d. Replacement cost valuation

Which of the following threats is commonly considered to be the most dangerous?

a. Hackers

b. Malicious code

c. Insiders

d. Natural disasters

Answer: c. Insiders

Which general security principle dictates that no single user should have enough authority to commit a serious computer crime?

a. Defense in depth

b. Security through obscurity

c. Least privilege

d. Separation of privileges

Answer: d. Separation of privileges

T/F: The checklist review is the simplest and least labor-intensive of the DRP tests.

Answer: True

T/F: The TCP protocol operates at the Data Link OSI layer.

Answer: False

T/F: Warm sites contain all of the hardware, software, and data necessary to assume primary processing responsibility.

False

T/F: Asymmetric cryptosystems make use of both private and public keys.

True

T/F: Electronic emanations pose a significant threat to data confidentiality.

True

T/F: A TCP header includes information about that destination port used for the communication.

True

T/F: Symmetric cryptosystems can be used to achieve non repudiation.

Answer: False

Alan is a security administrator responsible for the protection of his company's Web site. He's particularly worried about the potential that malicious individuals might conduct a defacement attack and replace text somewhere on his site with information that might damage his company's reputation. What tool can best assist Alan in the detection of defacement attack?

a. Nessus

b. SAINT

c. SARA

d. Nmap

e. Tripwire

Answer: e. Tripwire

Which of the following activities does SAINT perform when conducting a security assessment?

Which of the following activities does SAINT perform when conducting a security assessment? (Choose all that apply.)

a. Scan for active hosts.

b. Identify services running on those hosts.

c. Check for known vulnerabilities.

d. Alert the administrator about altered files.

e. Report scan results to the auditor.

Answer:

a. Scan for active hosts.,
b. Identify services running on those hosts.,
c. Check for known vulnerabilities.,
e. Report scan results to the auditor.

What is the best source for obtaining vulnerability checklists for a particular operating system?

a. Friends and family

b. The operating system manufacturer

c. Unknown Internet sites

d. Books and periodicals

e. Cracker/hacker Web sites

Answer: b. The operating system manufacturer

What is the main purpose of the Tripwire security tool?

a. Integrity assurance

b. Intrusion detection

c. Perimeter protection

d. Vulnerability scanning

e. Network Mapping

Answer: a. Integrity assurance

What information security tool is designed specifically to detect services running on networked systems and has the capability to "fingerprint" those systems and services?

a. Nmap

b. SATAN

c. SAINT

d. Nessus

e. MBSA

Answer: c. SAINT

Which one of the following vulnerability scanning tools is specifically designed to detect security deficiencies in systems running the Windows operating system?

a. Nmap

b. SATAN

c. SAINT

d. Nessus

e. MBSA

Answer: e. MBSA

Which one of the following vulnerability scanning tools uses an open-source scripting language that allows administrators around the world to easily write vulnerability tests and share them with other security professionals?

a. Nmap

b. SATAN

c. SAINT

d. Nessus

e. MBSA

Answer: d. Nessus

What type of checklist provides high-level guidance on the conduct of a security audit for specific classes of systems?

a. Audit checklist

b. Debug checklist

c. Configuration checklist

d. Vulnerability checklist

e. Database checklist

Answer: a. Audit checklist

What type of checklist provides detailed information on the software that should be installed on different types of systems?

a. Audit checklist

b. Debug checklist

c. Configuration checklist

d. Vulnerability checklist

e. Database checklist

Answer: c. Configuration checklist

What type of UNIX syslog event is primarily of interest to software developers troubleshooting application?

a. LOG_CRIT

b. LOG_ALERT

c. LOG_EMERG

d. LOG_WARN

e. LOG_DEBUG

Answer: e. LOG_DEBUG

What type of UNIX syslog event normally requires the immediate notification of all system users?

a. LOG_CRIT

b. LOG_ALERT

c. LOG_EMERG

d. LOG_WARN

e. LOG_DEBUG

Answer: c. LOG_EMERG

_______ are commonly used to create an unalterable hard copy of system log files.

Answer: Printer logging

Which of the following log security technologies is prone to unauthorized interim modification of the log files?

a. Printer logging

b. Remote logging

c. Secure logging

d. Digitally signed logging

Answer: d. Digitally signed logging

Which of the following are critical questions that must be addressed when developing a log analysis policy?

Which of the following are critical questions that must be addressed when developing a log analysis policy? (Choose all that apply.)

a. What anomalies should trigger immediate alerts?

b. How long must the deviation occur before registering an anomaly?

c. How much of a deviation from the norm represents an anomaly?

d. What is the impact of the logging on system performance?

Answer:

a. What anomalies should trigger immediate alerts?,
b. How long must the deviation occur before registering an anomaly?,
c. How much of a deviation from the norm represents an anomaly?

Which of the following would be used to log the successful starting of a Windows service in Event Viewer?

a. Information event

b. Auditing event

c. Error event

d. Warning event

Answer: a. Information event

Which one of the following events may be triggered by an unsuccessful Windows logon attempt?

a. Information event

b. Auditing event

c. Error event

d. Warning event

Answer: b. Auditing event

Which of the following Event Viewer log files are found on all systems running the Windows operating system?

Which of the following Event Viewer log files are found on all systems running the Windows operating system? (Choose all that apply.)

a. Directory service log

b. System log

c. Security log

d. Application log

e. File replication service log

f. DNS server log

Answer:

b. System log,
c. Security log,
d. Application log

Which of the following are commonly used criteria to determine when log files should be overwritten? (Choose all that apply.)

a. Chronological time

b. Occurrence of a critical event

c. Size of a log file

d. Availability of backup media

Answer:

a. Chronological time,
c. Size of a log file

Which of the following are major reasons that extraneous events should not be logged? (Choose all that apply.)

a. Overlogging can degrade system performance.

b. Someone must spend a lot of time reading the logs.

c. Critical events might not be logged.

d. Critical events might be overwritten.

Answer:

a. Overlogging can degrade system performance.,
b. Someone must spend a lot of time reading the logs.,
d. Critical events might be overwritten.

_______ provide an easy way to standardize procedures for the performance of routine tasks (such as configuring a system) throughout an organization.

Answer: Checklists

What type of assessments should you perform when assessing your company's security risks?

What type of assessments should you perform when assessing your company's security risks? (Choose all that apply.)

a. Qualitative

b. Quality assurance

c. Quantitative

d. Quality of service

Answer:

a. Qualitative,
c. Quantitative

If your main goal in risk assessment is to find out the top five most critical risks to your organization, which method would you most likely choose?

a. Quantitative risk assessment

b. Solomon-Chapple ranking system

c. P-ranking assessment method

d. Qualitative risk assessment

Answer: d. Qualitative risk assessment

What common threat is pervasive in UNIX and Windows and most often overlooked, but should be easy to fix?

a. IIS Web server vulnerabilities

b. RPC vulnerabilities

c. General authentication - accounts with no passwords or weak passwords

d. Internet Explorer weakness

Network Securityc. General authentication - accounts with no passwords or weak passwords

Which of the following are valid uses for keystroke monitoring?

Which of the following are valid uses for keystroke monitoring? (Choose all that apply.)

a. Surveillance of a user suspected of inappropriate activity

b. Testing and quality assurance

c. Information gathering

d. Routine activity monitoring

Answer:

a. Surveillance of a user suspected of inappropriate activity,
b. Testing and quality assurance,
c. Information gathering

Which common operating system threat is nearly always due to sloppy programming practices?

a. Impersonation

b. Malicious code

c. Back doors

d. Bugs

Answer: d. Bugs

Which of the following describes a system backup? (Choose all that apply.)

a. The only way to recover from data loss

b. Possibly your best insurance

c. A potentially serious vulnerability

d. Near failure-proof

Answer:

b. Possibly your best insurance,
c. A potentially serious vulnerability

What structure does UNIX use to store file access permissions?

a. Mode field

b. Group Policy object

c. Domain

d. Trusted hosts file

Answer: a. Mode field

What is a Windows domain?

a. Trusted computers with exclusive user lists

b. A logical grouping of directory objects that can share security information

c. Closed networks that do not allow remote connections

d. Open networks with little security that allow anonymous connections

Answer: b. A logical grouping of directory objects that can share security information

UNIX security design is based on what basic concept?

a. Large market structure

b. Active Directory

c. File permissions

d. Access control lists

Answer: c. File permissions

Windows security design is based on what basic concept?

a. Large market structure

b. Active Directory

c. File permissions

d. Access control lists

Answer: b. Active Directory

What is a control?

a. A physical device that authenticates users

b. Any software that limits access to an object

c. A policy that provides information on how to secure a system

d. Any mechanism that limits access to an object

Answer: d. Any mechanism that limits access to an object

What is the common term for increasing the security level of a system by addressing all known vulnerabilities?

a. Securing

b. Hardening

c. Anchoring

d. Auditing

Answer: b. Hardening

What layer of software intercepts all resources access requests to perform authorization of the request?

a. Control

b. Security object service

c. Reference monitor

d. Security monitor

Answer: c. Reference monitor

What was the first area of security that many older operating systems addressed?

a. Confidentiality

b. Integrity

c. Availability

d. Encryption

Answer: a. Confidentiality

What resources do operating systems manage?

a. Encryption keys, storage devices, and network software

b. Primary and secondary storage, software configuration, processors, and communication standards

c. Primary and secondary storage, processors, input/output devices, and networking components

d. Input/output devices, firewalls, and network sniffers

Answer: c. Primary and secondary storage, processors, input/output devices, and networking components

Which one of the following rules protects the firewall itself from external attack?

a. Stealth rule

b. Denial rule

c. Cleanup rule

d. Firewall rule

Answer: a. Stealth rule

Which one of the following rules enforces the "Deny everything that is not explicitly allowed" policy?

a. Stealth rule

b. Denial rule

c. Cleanup rule

d. Firewall rule

Answer: c. Cleanup rule

Which one of the following firewall action results in an error message being returned to the originator of a packet?

a. Deny

b. Ignore

c. Log

d. Allow

Answer: a. Deny

How many connections should exist between a screened subnet and the protected internal network?

a. 0

b. 1

c. 2

d. 3 or more

Answer: a. 0

Which one of the following ports is likely to be the source port of a client request to view a Web page?

a. 25

b. 80

c. 110

d. 2194

Answer: d. 2194

Which of the following firewall topologies may be implemented with the use of only one firewall system?

Which of the following firewall topologies may be implemented with the use of only one firewall system? (Choose all that apply.)

a. Dual firewall

b. Screened subnet

c. Bastion host

d. Parameterized network

Answer:

b. Screened subnet,
c. Bastion host

What type of firewall always monitors a connection for the three-way handshaking process?

a. Hardware firewall

b. Packet filtering firewall

c. Software firewall

d. Stateful inspection firewall

Answer: d. Stateful inspection firewall

In a typical client/server communication, where the client requests a Web page from a server, how many different ports are involved?

a. 1

b. 2

c. 3

d. 4

Answer: c. 3

Which of the following statements are true?

a. Only hardware firewalls are capable of performing stateful inspection.

b. Only software firewalls are capable of performing stateful inspection.

c. Software firewalls are typically faster-performing than hardware firewalls.

d. Hardware firewalls are typically more expensive than software firewalls.

Answer: d. Hardware firewalls are typically more expensive than software firewalls.

Angie is the network administrator for a small e-commerce business. Her organization uses a screened subnet firewall approach. She's installing a Web server that contains information that should be accessible to external users. Where should she place the server?

a. On the Internet segment

b. On the intranet segment

c. On the DMZ segment

d. On the segment between the two firewalls

Answer: c. On the DMZ segment

Which of the following benefits are achieved by a proxy server?

Which of the following benefits are achieved by a proxy server? (Choose all that apply.)

a. Optimizes use of network bandwidth

b. Prevents denial of service attacks against the firewall

c. Eliminates the need for a Web browser

d. Hides the IP address of the true client

Answer:

a. Optimizes use of network bandwidth,
d. Hides the IP address of the true client

John is the security administrator for a network that has exclusive use of the 129.83.0.0 IP address range. The network is connected to a trusted network in another city that uses the 129.84.0.0 address range. He would like to configure egress filtering on his network. Which one of the following rules achieves that goal?

a. Block inbound traffic from any source with a 129.83.x.x address.

b. Block inbound traffic from the Internet with a 129.83.x.x address.

c. Block outbound traffic to the Internet with a 129.83.x.x address.

d. Block outbound traffic to the Internet without a 129.83.x.x address.

Answer: d. Block outbound traffic to the Internet without a 129.83.x.x address.

Which of the following security activities may be carried out by a router?

Which of the following security activities may be carried out by a router? (Choose all that apply.)

a. Packet filtering

b. Stateful inspection

c. Anti-spoofing

d. Intrusion detection

Answer:

a. Packet filtering,
c. Anti-spoofing

Which one of the following is NOT commonly used to prevent malicious activity from entering a network?

a. Router

b. Intrusion detection system

c. Firewall

d. Proxy server

Answer: b. Intrusion detection system

What is the minimum total number of network interface cards used in a dual firewall topology?

a. 2

b. 3

c. 4

d. 6

Answer: c. 4

Which type of attack involves an attempt to convince an authorized user to disclose secure data or allow unauthorized access?

a. Man-in-the-middle

b. Scanning

c. Social engineering

d. DoS

Answer: c. Social engineering

Which type of attack tries every possible combination of characters to guess a password?

a. DoS

b. Brute force

c. Scanning

d. Man-in-the-middle

Answer: b. Brute force

What characteristic makes a logic bomb different from a worm?

a. A logic bomb contains at least one virus, whereas a worm is a standalone program.

b. A logic bomb activates when a specific event occurs, whereas a worm executes whenever it is run.

c. A worm can contain dangerous code, whereas a logic bomb can only appear to be dangerous.

d. They are essentially the same.

Answer: b. A logic bomb activates when a specific event occurs, whereas a worm executes whenever it is run.

What is the main difference between a virus and a worm?

a. A virus can do more damage than a worm.

b. Worms work only in background mode.

c. A virus is a standalone program, whereas a worm requires a host program to infect.

d. A virus requires a host program to infect, whereas a worm is a standalone program.

Answer: d. A virus requires a host program to infect, whereas a worm is a standalone program.

Which is the best description of information system forensics?

a. The analysis of a system with the purpose of finding evidence of criminal activity

b. The analysis of system with the purpose of finding evidence of specific activity

c. The analysis of system with the purpose of finding evidence of any activity

d. The analysis of system with the purpose of finding evidence of inactivity

Answer: b. The analysis of system with the purpose of finding evidence of specific activity

What is evidence?

a. Any hardware, software, or data that can be used to verify the identity or activity of an attacker

b. Any hardware, software, or data that is admissible in a court of law and used to verify the identity or activity of an attacker

c. Only hardware, software, or data collected by a law enforcement officer that can be used to verify the identity or activity of an attacker

d. Any hardware, software, or data that was collected during an incident investigation

Answer: a. Any hardware, software, or data that can be used to verify the identity or activity of an attacker

What is malicious code?

a. Executable code that contains hidden entry points for developers to use to bypass access controls

b. Any program, procedure, or other executable file that makes authorized modifications or triggers authorized actions

c. Any executable file that contains bugs

d. Any program, procedure, or other executable file that makes unauthorized modifications of triggers unauthorized actions

Answer: d. Any program, procedure, or other executable file that makes unauthorized modifications of triggers unauthorized actions

What is a system compromise?

a. Any unauthorized access to a system

b. Unauthorized access to a system that results in data modification

c. Unauthorized access to a system that results in data disclosure

d. Any unauthorized access to a system that results in data loss

Answer: a. Any unauthorized access to a system

What is a scanning incident?

a. Systematically searching a computer system for installed software

b. Systematically dialing telephone numbers to find a modem that answers

c. Systematically searching a system of ports to see which ones are open

d. Systematically searching all executable files for embedded viruses

Answer: c. Systematically searching a system of ports to see which ones are open

What is an incident?

a. Any violation of the security policy

b. Any violation of a law or regulation that involves a computer

c. Any attack that results in damage to data

d. Any attack that can be associated with an individual

Answer: a. Any violation of the security policy

Which of the following are common types of attacks?

Which of the following are common types of attacks? (Choose all that apply.)

a. Fun attacks

b. Financial attacks

c. Iterative attacks

d. Nonlinear attacks

Answer:

a. Fun attacks,
b. Financial attacks

What is a computer crime?

a. Any violation of the security policy

b. Any attack that results in losses exceeding $5,000

c. Any attack that involves a violation of a law or regulation

d. Any attack on a public information system

Answer: c. Any attack that involves a violation of a law or regulation

What are the main goals of an attacker?

a. To bring about data confidentiality, integrity, and availability

b. To bring about data disclosure, integrity, or destruction

c. aTo bring about data confidentiality, alteration, or destruction

d. To bring about data disclosure, alteration, or destruction

Answer: d. To bring about data disclosure, alteration, or destruction

What is an attack?

a. An attempt to damage information system hardware

b. An attempt to gain unauthorized access to a system or to deny authorized users from accessing the system

c. An attempt to gain authorized access to an information system

d. An attempt to violate the disclosure property of a secure system

Answer: b. An attempt to gain unauthorized access to a system or to deny authorized users from accessing the system

Which one of the following ports is likely to be the source port of a client request to view a Web page?

a. 25

b. 80

c. 110

d. 2194

Answer: d. 2194

All of the following avenues of accessing a firewall's management interface should be limited, restricted, or disabled except:

A. Wireless

B. Telnet

C. Public facing NIC interface

D. Port 80 Web

E. Private network NIC interface

Answer: E

The most important configuration element related to a firewall's management interface is:

A. Access over wireless is prevented.

B. Access through a network interface is enabled.

C. Access is encrypted.

D. Access through a CON port is allowed.

E. Physical access to the device is controlled.

Answer: C

What is the name of a single device that is based on a firewall but that has been expanded and improved to perform a wide variety of services, such as filtering, IPS, antivirus scanning, anti-spam filtering, VPN endpoint hosting, content filtering, load-balancing, and detailed logging?

A. Load balanced filtering

B. Port based network access (admission) control

C. Unified threat management

D. Multifactor authentication

E. IEEE 802.1x

Answer: C

What is the primary factor used to distinguish a great firewall enhancement from a marketing gimmick used to drive up sales?

A. Does the enhanced firewall cost the same or less than separate products?

B. Does the enhancement affect the operating speed of the firewall?

C. Does the enhancement operate as well as or better than the original firewall?

D. Does the enhancement require the purchase of a new firewall, or can it be added to existing products already deployed?

E. Does the enhancement have a reoccurring license or subscription fee?

Answer: C

What form of encryption allows a firewall to filter based on the original source and destination address?

What form of encryption allows a firewall to filter based on the original source and destination address? (Assume the firewall is located along the path between session endpoints.)

A. Tunnel mode

B. VPN remote access encryption

C. Transport mode

D. VPN LAN-to-LAN encryption

E. Header encryption

F. Item List Clickable

Answer: C

When a firewall is able to process packets, filter malicious code, and transmit authorized communications onward to their destination without introducing latency or lag, this is known as operating at

Answer: Wirespeed

Which of the following limitations or potential weaknesses of a firewall cannot be fixed or corrected with the application of an update or patch?

A. Programming bug or flaw

B. Firewalking

C. Buffer overflow vulnerability

D. Fragmentation

E. Denial of service due to traffic from external sources

Answer: E

The performance of what type of communication session can be improved using caching on a firewall?

A. Instant messaging

B. Remote access

C. E-mail

D. Time synchronization

E. Web

Answer: E

Which of the following is not related to improving or maintaining the performance of a firewall?

A. Native antivirus scanning

B. Round-robin task assignment

C. Caching

D. Fair queuing session management

E. Load balancing

Answer: A

Which of the following is not a limitation or potential weakness of a firewall?

A. Firewalking

B. Software bugs or flaws

C. Using first match apply rule systems

D. Fragmentation attacks

E. Internal code connecting to an external service

Answer: C

What is the biggest issue or problem with an IDS?

A. False positives

B. Failing to operate at wirespeed

C. False negatives

D. Keeping the pattern database current

E. Using anomaly detection

Answer: C

Which of the following is an event found in a firewall log file that is a symptom of a rogue host operating within the private network?

A. Packets from a known malicious address

B. Packets from an unassigned internal address

C. Packets to an unknown port on an internal host

D. Packets in a serial grouping that attempt to access a sequential series of ports

E. Packets in a very large grouping that are all exactly the same directed toward a single target

Answer: B

All of the following events appearing in a firewall log warrant investigation by an administrator except:

A. Firewall host reboot

B. A connection attempt to the firewall host

C. Detection of an attack attempt

D. Inbound packets with spoofed internal source addresses

E. An internal user accessing a public Web site

Answer: E

Which of the following is a highly recommended method or technique for keeping firewall logs secure and uncorrupted?

A. Storing them in binary form

B. Using 15,000 RPM hard drives

C. Recording only important events

D. Centralized logging

E. Using timestamps

Answer: D

You can use firewall logging to perform all of the following activities except:

A. Discovering new methods or techniques of attack

B. Creating a historical record of activity used for traffic and trend analysis

C. Tracking usage levels and times for load balancing

D. Stopping intrusions

E. Creating legally admissible evidence for use in prosecution

Answer: D

When an organization first deploys a firewall and chooses to begin logging activity, what should you include in the log file?

A. Only malicious traffic

B. Only DoS traffic

C. Only dropped packets

D. Only allowed packets

E. All events

Answer: E

What mechanism allows a firewall to hand off authentication to a dedicated service hosted on a different system?

A. IEEE 802.11

B. RFC 1918

C. IEEE 802.1x

D. RFC 1492

E. IEE 802.3

Answer: C

The default-deny rule appears where in the rule set?

A. First

B. After any explicit Allow rules

C. Anywhere

D. Last

E. After any explicit Deny rules

Answer: D

Which of the following is a default-deny rule?

A. TCP ANY ANY ANY ANY Deny

B. TCP 192.168.42.0/24 ANY ANY ANY Deny

C. TCP ANY 192.168.42.0/24 ANY ANY Deny

D .TCP ANY ANY 192.168.42.0/24 ANY Deny

E. DENY TCP ANY ANY ANY ANY

Answer: A

Which of the following is a firewall rule that prevents internal users from accessing public FTP sites?

A. TCP ANY ANY ANY FTP Deny

B. TCP 192.168.42.0/24 ANY ANY 21 Deny

C. TCP 21 192.168.42.0/24 ANY ANY Deny

D. TCP ANY ANY 192.168.42.0/24 21 Deny

E. TCP FTP ANY ANY Deny

Answer: B

What is the primary purpose of a post-mortem assessment review?

A. Reducing costs

B. Adding new tools and resources

C. Placing blame on an individual

D. Learning from mistakes

E. Extending the length of time consumed by a task

Answer: D

The purpose of a post-mortem assessment review is to learn from mistakes, improve the process in future events, and avoid a recurrence of the same mistakes. True or False

Answer: True

What is the key factor that determines how valuable and relevant a vulnerability assessment's report is?

A. Timeliness of the database

B. Whether the product is open sourced

C. The platform hosting the scanning engine

D. The time of day the scan is performed

E. The available bandwidth on the network

Answer: A

Vulnerability scanning focuses on mitigating known exploitable weaknesses or vulnerabilities in deployed systems. True or False?

Answer: False

Which of the following is not typically considered a form of network security assessment in terms of how well existing security stands up to current threats?

A. Configuration scan

B. Compliance audit

C. Vulnerability assessment

D. Ethical hacking

E. Penetration testing

Answer: B

Which of the following is a true statement with regard to compliance auditing?

A. Compliance auditing is a legally mandated task for every organization.

B. Compliance auditing ensures that all best practices are followed.

C. Compliance auditing creates a security policy.

D. Compliance auditing is an optional function for the financial and medical industries.

E. Compliance auditing verifies that industry specific regulations and laws are followed.

Answer: E

Which of the following is not a potential hazard when installing patches or updates?

A. Resetting configuration back to factory defaults

B. Reducing security

C. Bricking the device

D. Installing untested code

E. Improving resiliency against exploits

Answer: E

The purpose of a security checklist is:

A. To keep an inventory of equipment in the event of a disaster

B. To create a shopping list for replacement parts

C. To ensure that all security elements are still effective

D. To complete the security documentation for the organization

E. To assess the completeness of the infrastructure

Answer: C

The best network security management tools include all of the following except:

A. Complete inventory of equipment

B. Written security policy

C. Expensive commercial products

D. Logical organization map

E. Change documentation

Answer: C

All of the following are common mistakes or security problems that should be addressed in awareness training except:

A. Opening e-mail attachments from unknown sources

B. Using resources from other subnets of which the host is not a member

C. Installing unapproved software on work computers

D. Failing to make backups of personal data

E. Walking away from a computer while still logged in

Answer: B

What is the only protection against data loss?

A. Integrity checking

B. Encryption

C. Traffic filtering

D. Backup and recovery

E. Auditing

Answer: D

Which of the following types of security components are important to install on all hosts?

A. Firewall

B. Antivirus

C. Whole hard drive encryption

D. Spyware defenses

E. All of these

Answer: E

The task of compartmentalization is focused on assisting with what overarching security concern?

A. Limiting damage caused by intruders

B. Filtering traffic based on volume

C. Controlling access based on location

D. Supporting transactions through utilization

E. Assessing security

Answer: A

Incident response is the planned reaction to negative situations or events. Which of the following is not a common step or phase in an incident response?

A. Containment

B. Recovery

C. Eradication

D. Detection

E. Assessment

Answer: E

A complete and comprehensive security approach needs to address or perform two main functions. The first is to secure assets and the second is:

A. Watch for violation attempts.

B. Prevent downtime.

C. Verify identity.

D. Control access to resources.

E. Design the infrastructure based on the organization's mission.

Answer: A

The purpose of physical security access control is to:

A. Grant access to external entities.

B. Prevent external attacks from coming through the firewall.

C. Provide teachable scenarios for training.

D. Limit interaction between people and devices.

E. Protect against authorized communications over external devices.

Answer: D

A firewall host that fails and reverts to a state where all communication between the Internet and the DMZ is cut off displays a type of defense known as:

A. Default permit

B. Explicit deny

C. Fail-close

D. Egress filtering

E. Security through obscurity

Answer: C

Which of the following cannot be performed adequately using an automated tool?

A. Checking for current patches

B. Confirming configuration settings

C. Vulnerability assessment

D. Scanning for known weaknesses

E. Ethical hacking

Answer: E

All of the following are elements of an effective network security installation except:

A. Backup and restoration

B. User training and awareness

C. Compliance auditing

D. Security checklist

E. Unplanned downtime

Answer: E

All of the following are examples of network security management best practices except:

A. Using multifactor authentication

B. Backing up

C. HavBacking up a business continuity plan

D. Prioritizing

E. Spending each year's budget in full

Answer: E

All of the following are examples of network security management best practices except:

A. Avoiding remote access

B. Purchasing equipment from a single vendor

C. Using whole hard drive encryption

D. Implementing IPSec

E. Hardening internal and border devices

Answer: B

All of the following are examples of network security management best practices except:

A. Writing a security policy

B. Obtaining senior management endorsement

C. Filtering Internet connectivity

D. Providing fast response time to customers

E. Implementing defense in depth

Answer: D

When configuring node security on a switch, all of the following are important elements except:

A. Enabling keystroke logging

B. Limiting access to management interfaces

C. Monitoring for ARP flooding

D. Upgrading to SNMP v3

E. Using a final version of firmware

Answer: A

When performing node security on a router, all of the following are important concerns, except:

A. Blocking all directed IP broadcasts

B. Disabling echo, chargen, discard, and daytime

C. Watching for MAC spoofing

D. Dropping RFC 1918 addressed packets from the Internet

E. Enabling a warning banner for all attempted connections

Answer: C

Which of the following is a protection against a single point of failure?

A. Encryption

B. Filtering

C. Auditing

D. Redundancy

E. VPNs

Answer: D

A remote host has all of the following additional security issues or concerns in comparison with a local host except:

A. Potential exposure to unfiltered Internet

B. Poor end user training

C. Greater risk of physical theft

D. Possible lack of patches and updates

E. Additional interaction with external entities

Answer: B

What is the essential purpose or function of encryption?

A. Verifying integrity

B. Proving the identity of endpoints

C. Protecting content from unauthorized third parties

D. Maintaining performance

E. Validating parking

Answer: C

What is the essential purpose or function of accounting?

A. Detecting intrusions

B. Proving identity

C. Controlling access to assets

D. Recording the activities and events within a system

E. Throttling transactions

Answer: D

What is the essential purpose or function of authorization?

A. Granting or denying access to resources

B. Checking policy compliance

C. Identifying entities

D. Monitoring levels of utilization

E. Detecting spoofed content

Answer: A

What is the essential purpose or function of authentication?

A. Controlling access to resources

B. Monitoring for security compliance

C. Watching levels of performance

D. Verifying entity identity

E. Preventing distribution of malware

Answer: D

Which of the following is not usually part of the system hardening process?

A. Updating hardware firmware or BIOS

B. Installing additional RAM

C. Configuring a backup process

D. Configuring account lockout

E. Replacing outdated device drivers

Answer: B

System hardening should be applied to all of the following except:

A. Clients

B. Servers

C. Switches

D. Routers

E. Cable adapters

Answer: E

All of the following are true statements about system hardening except:

A. System hardening is a one-time process that does not need to be repeated on the same host.

B. System hardening removes or reduces many known vulnerabilities.

C. System hardening is different for each system with a unique function.

D. System hardening is dependent on the location or placement of a host within the seven common domains of an IT infrastructure.

E. Any system discovered to be out of compliance with system hardening guidelines should be quarantined until it can be repaired.

Answer: A

All of the following are elements of system hardening except:

A. Removing unnecessary protocols, services, and applications

B. Implement ingress and egress filtering against spoofed addresses

C. Installing patches and updates

D. Configuring encryption for storage and communication

E. Installing antivirus and a host firewall

Answer: B

What is a primary benefit of system hardening?

A. It reduces user performance.

B. It increases network throughput.

C. It decreases the attack surface.

D. It improves host ROI.

E. It tracks attempted intrusions.

Answer: C

Which of the following is a flaw or weakness that both static and dynamic addressing share?

A. The assignment server can go offline.

B. Changes require manual modification on each host.

C. Public queries will fail.

D. Hackers can spoof valid addresses.

E. The first half of the address identifies the NIC vendor.

Answer: D

How can static addresses be simulated with DHCP?

A. Round robin assignment

B. Manual configuration on each host

C. Duplicate MAC addresses

D. Reservations

E. DNS reverse lookup

Answer: D

Why would a network implement public addresses internally instead of private addresses?

A. To avoid the use of NAT

B. To be able to custom subnet

C. To maintain isolation from the Internet

D. To prevent external initiation of communications with internal hosts

E. To reduce costs

Answer: A

Which of the following is a benefit of private addressing that is not present in public addressing?

A. Isolation from the Internet

B. Subnetting

C. Use of IPv6

D. Routing traffic

E. Filtering by source and designation address

Answer: A

Personal bias, tradition, and sunk cost should always guide your security design decisions. If it isn't broken, don't fix it. True or False?

Answer: False

All of the following are elements of network design except:

A. Satisfying security goals

B. Understanding of the seven domains of IT infrastructure

C. Implementing multiple layers of defense

D. Thorough research and planning

E. Utilizing a single vendor

Answer: E

Which of the following is not an important factor when included as part of network design?

A. Usability

B. Capacity

C. Obscurity

D. Growth

E. Defense in depth

Answer: C

Which IT infrastructure domain does not require firewalls to be included as part of its network design?

A. Workstation Domain

B. LAN Domain

C. User Domain

D. Remote Access Domain

E. System/Application Domain

Answer: C

What is the purpose of suspending a digital certificate rather than revoking it?

Answer: To limit use of a certificate after an employee temporarily leaves

How does an attacker successfully alter a message that was sent with a digital certificate?

Answer: By intercepting a message, creating imposter keys, and sending the modified message

What is concerning about entry-level certificates?

Answer: They only authenticate that an institution has a specific domain name

On which of the following devices is IPsec likely to be implemented?

a. Network Analyzer
b. Router
c. Hub
d. Switch

Answer: Router

Which of the following is used to digitally sign a certificate?

a. RA
b. CA Private key
c. CSR
d. CA Public key

Answer: b. CA Private key

If a browser cannot connect to the OSCP responder, what does the browser receive in return?

Answer: Soft-fail

Why would an administrator NOT renew a key?

Answer: Renewing keys continues their lifespan, making them less reliable

What is involved in key escrow?

Answer: The key is split in two halves, then encrypted by a third party

A hierarchical trust model signs digital certificate authorities with how many keys?

Answer: 1

PKI consists of all of the following EXCEPT what?

a. Software
b. Practices
c. People
d. Procedures

Answer: b. Practices

Which of the following does a digital certificate NOT contain?

a. Name of the issuer
b. Expiration date of the public key
c. Serial number of the digital certificate
d. The hard-coded MAC address of the owner

Answer: d. The hard-coded MAC address of the owner

How can an EV SSL help users avoid dangerous sites?

Answer: By displaying the address bar in red

Why is a pre-master secret an important component of a web browser and web server handshake?

Answer: The pre-master secret is used to create a master key, which can then create session keys for symmetric encryption

Why would an administrator choose to use multiple Registration Authorities when processing certificate requests?

Answer: Using one CA can be inconvenient when entities are located in different geographical areas

Public Key Cryptography Standards are based on which of the following?

a. TLS/SSL
b. Blowfish hash
c. Digital Signatures
d. RSA public key algorithm

Answer: d. RSA public key algorithm

Where are private keys NOT stored?

Answer: Within digital certificates

How are TLS and SSL currently different in regards to security?

Answer: TLS v1.2 is considered more secure than any version of SSL

What is the biggest difference between a CA and an RA?

Answer: Certificate Authorities can generate public key certificates

Which of the following is provided by a server digital certificate?

a. Authentication the author of a book
b. Integrity of the cryptographic connection
c. Secure email transmissions
d. Authentication of the web server

Answer: d. Authentication of the web server

Which of the following explains the importance of a "facilitator?"

a. A facilitator simplifies the use of digital certificates to end users
b. A facilitator speeds up the process of blacklisting untrusted certificates
c. A facilitator interconnects CAs within a bridge trust model
d. A facilitator expedites the certificate validation process

Answer: c. A facilitator interconnects CAs within a bridge trust model

NTRUEncrypt is based on which cryptography method?

Answer: Lattice-based

"Plaintext" is a term that is best described as what?

Answer: Data in an unencrypted form

Which of the following is an advantage of the Keccak algorithm?

Answer: It is a compact algorithm that could be considered ideal for smaller devices and appliances

What is a benefit of using a combination of symmetrical and asymmetrical cryptography when transferring data across the internet?

Answer: Asymmetrical cryptography is necessary to establish a secure connection and symmetrical cryptography can enhance the speed of the data transmission after the fact

Why is a homoalphabetic substitution considered a stream cipher?

Answer: It encrypts one plaintext character at a time

Which of the following encryption algorithms has not been successfully attacked?

a. MD2
b. 3DES
c. AES
d. SHA-0

Answer: c. AES

Which of the following best describes TPM?

a. An asymmetric key
b. Uses a 16-bit key
c. An advanced algorithm
d. A chip on a motherboard

Answer: d. A chip on a motherboard

Which of the following is NOT a benefit of USB device encryption?

a. Files moved to the USB are automatically encrypted
b. Administrators can lock a user out of the device during the next connection
c. Administrators can remotely initiate a self-destruct command to eliminate data
d. The USB device can encrypt the hard drive of an attacker when they attempt to access data

Answer: d. The USB device can encrypt the hard drive of an attacker when they attempt to access data

How is a hash algorithm limited in functionality?

Answer: It cannot be decrypted

OTPs were originally used by whom?

Answer: Resistance groups and operation teams during World War II

Why would a security administrator use perfect forward secrecy instead of other key exchange solutions?

Answer: If compromised it can only expose the content of a single message

An encrypted digest is produced from what?

Answer: Hash algorithm

What is the disadvantage of RSA compared to most symmetrical algorithms?

Answer: RSA is complicated and slower than other algorithms

Using asymmetric cryptography practices, Alex wants to send Jessica an encrypted message that he received from Joel. Additionally, Jessica wants to verify the message came from Alex by viewing his digital signature. Whose keys would be used for what in this scenario?

Answer: Jessica's public key will encrypt the message, Jessica's private key would be used to view the message, Alex's private key would be used to encrypt the digest, and Alex's public key would be used by Jessica to decrypt the digest.

What are the differences between a block cipher and a sponge function?

Answer: A block cipher encrypts plaintext at a fixed size d. A block cipher encrypts plaintext at a fixed size whereas a sponge function takes an input string at any length

Which solution is ideal for encrypting an entire hard drive of a PC?

Answer: BitLocker

A digital signature does NOT provide which of the following?

a. Availability
b. Redundancy
c. Integrity
d. Nonrepudiation

Answer: b. Redundancy

How does SHA-1 differ from the MD4 algorithm?

Answer: MD4 creates a digest length of 128 bit whereas SHA-1's digest length is 160 bits

What type of system is blowfish designed to run efficiently on?

Answer: 32-bit systems

Why does RC4 consume more processing power than RC5?

Answer: RC4 is a stream cipher and RC5 is a block cipher

Why would an administrator allow an application exception through a software firewall instead of opening the application's port?

Answer: The port is closed when not in use

Cipher locks are susceptible to which security threat?

Answer: Shoulder Surfing

Passive RFID tags are powered by which of the following?

a. A WiMax connection
b. The signal coming from the transceiver
c. A voltaic battery
d. An extremely small power supply

Answer: b. The signal coming from the transceiver

Which of the following is considered OS hardening?

a. Turning on the latest OS features
b. Using a cable lock
c. Keeping all applications updated
d. Disabling the guest account

Answer: d. Disabling the guest account

What is a benefit of having an automated patch update service instead of configuring clients to install updates independently?

Answer: An automated patch update service can allow an administrator to test the patch within their environment before causing a network-wide problem

Fuzzing inputs random data into a program to accomplish which of the following?

a. Input validation
b. Output encoding
c. Trap errors in the application code
d. Cross-site request forgery

Answer: c. Trap errors in the application code

A mantrap can be useful in physical security by preventing what?

Answer: Tailgating

Televisions, HVAC controllers, and ATMs are all examples of what?

Answer: Embedded systems

What is an advantage to an alarmed carrier PDS over a hardened carrier PDS?

Answer: An alarmed carrier PDS can sense vibrations with optical fibers

Which of the following can use fingerprinting to distinguish critical data from unimportant data?

a. Data Loss Prevention
b. Proximity reader
c. Antivirus
d. Embedded system

Answer: a. Data Loss Prevention

Which of the following can use fingerprinting to distinguish critical data from unimportant data?

a. Data Loss Prevention
b. Proximity reader
c. Antivirus
d. Embedded system

Answer: a. Data Loss Prevention

Which of the following can use fingerprinting to distinguish critical data from unimportant data?

a. Data Loss Prevention
b. Proximity reader
c. Antivirus
d. Embedded system

Answer: a. Data Loss Prevention

Which of the following correctly describes the importance of eliminating marks that classify a master key?

a. It is imperative to follow ideal key management procedures
b. An attacker will know which type of door locks the key opens
c. It allows for easier tracking of keys within an organization
d. The attacker will not be able to duplicate the key

Answer: a. It is imperative to follow ideal key management procedures

Why is dynamic heuristic detection considered more of a robust antivirus scanning method than static analysis?

Answer: Dynamic heuristic detection is more capable of preventing zero day attacks

Why would a Server 2008 R2 DNS server have a different security baseline than a Windows XP client?

Answer: If systems perform different functions, security settings can restrict one function but not the other

Which of the following is the most restrictive anti-spam technique?

a. Popup blocking
b. Whitelisting
c. Blacklisting
d. Bayesian filtering

Answer: b. Whitelisting

Which of the following security controls provides a substitute for normal controls that cannot be used?

a. Deterrent controls
b. Compensating controls
c. Detective controls
d. Corrective controls

Answer: b. Compensating controls

How is a hotfix different from other operating system fixes?

Answer: A hotfix can relate to a specific customer

Which of the following is NOT an advantage to utilizing wrapper functions?

a. They allow programmers to concentrate on the essential purpose of the code module
b. They secure static environments
c.They provide error-correction of the existing code
d. They write error-checking methods

Answer: c. They provide error-correction of the existing code

Seismic sensors are used for which of the following?

a. Deterrent controls
b. Motion detection
c. Passive infrared light sensors
d. Barriers

Answer: b. Motion detection

Your organization wants to ensure that security controls continue to function, helping to maintain an appropriate security posture. Which of the following is the BEST choice to meet this goal?

A. Auditing logs
B. Routine audits
C. Continuous security monitoring
D. Vulnerability scans

Answer: C. Continuous security monitoring

Your organization's security policy states that administrators should follow the principle of least privilege. Which of the following tools can ensure that administrators are following the policy?

A. User rights and permissions review
B. Risk assessment
C. Vulnerability assessment
D. Threat assessment

Answer: A. User rights and permissions review

Your organization recently hired an outside security auditor to review internal processes. The auditor identified several employees who had permissions for previously held jobs within the company. What should the organization implement to prevent this in the future?

A. Design reviews
B. Code reviews
C. Baseline review
D. User rights and permissions reviews

Answer: D. User rights and permissions reviews

Security administrators have recently implemented several security controls to enhance the network's security posture. Management wants to ensure that these controls continue to function as intended. Which of the following tools is the BEST choice to meet this goal?

A. Routine audit
B. Change management
C. Design review
D. Black box test

Answer: A. Routine audit

While analyzing a packet capture log, you notice the following entry: 16:12:50, src 10.80.1.5:3389, dst 192.168.1.100:8080, syn/ack Of the following choices, what is the BEST explanation of this entry?

A. An HTTP connection attempt
B. An RDP connection attempt
C. An FTP connection attempt
D. A buffer overflow attack

Answer: B. An RDP connection attempt

A network administrator needs to identify the type of traffic and packet flags used in traffic sent from a specific IP address. Which of the following is the BEST tool to meet this need?

A. UTM security appliance
B. Router logs
C. Protocol analyzer
D. Vulnerability scan

Answer: C. Protocol analyzer

A network administrator is troubleshooting a communication problem between a web server and a database server. Which of the following tools would MOST likely be useful in this scenario?

A. Protocol analyzer
B. Port scanner
C. Switch
D. URL filter

Answer: A. Protocol analyzer

Your organization has hired a group of external testers to perform a black box penetration test. One of the testers asks you to provide information about your internal network. What should you provide?

A. A list of IP ranges and the types of security devices operational on the network
B. Network diagrams but without internal IP addresses
C. Some network diagrams and some IP addresses, but not all
D. Nothing

Answer: D. Nothing

Testers do not have access to product documentation or any experience with an application. What type of test will they MOST likely perform?

A. Gray box
B. White box
C. Black box
D. Black hat

Answer: C. Black box

An organization has a legacy server within the DMZ. It is running older software that is not compatible with current patches, so it remains unpatched. Management accepts the risk on this system, but wants to know if attackers can access the internal network if they successfully compromise this server. Which of the following is the MOST appropriate test?

A. Vulnerability scan
B. Port scan
C. Code review
D. Pentest

Answer: D. Pentest

Your organization develops web application software, which it sells to other companies for commercial use. Your organization wants to ensure that the software isn't susceptible to common vulnerabilities, such as buffer overflow attacks and race conditions. What should the organization implement to ensure software meets this standard?

A. Input validation
B. Change management
C. Code review
D. Regression testing

Answer: C. Code review

A recent vulnerability stream-7 can reported that a web application server is missing some patches. However, after inspecting the server, you realize that the patches are for a protocol that administrators removed from the server. Which of the following is the BEST explanation for this disparity?

A. False negative
B. False positive
C. Lack of patch management tools
D. The patch isn't applied

Answer: B. False positive

Lisa needs to identify if a risk exists on a web application and if attackers can potentially bypass security controls. However, she should not actively test the application. Which of the following is the BEST choice?

A. Perform a penetration test.
B. Perform a port scan.
C. Perform a vulnerability scan.
D. Perform traffic analysis with a sniffer.

Answer: C. Perform a vulnerability scan.

You need to perform tests on your network to identify missing security controls. However, you want to have the least impact on systems that users are accessing. Which of the following tools is the best to meet this need?

A. Code review
B. Vulnerability scan
C. Ping sweep
D. Penetration test

Answer: B. Vulnerability scan

You suspect that a database server used by a web application does not have current patches. Which of the following is the BEST action to take to verify the server has up-to-date patches?

A. Vulnerability scan
B. Port scan
C. Protocol analyzer
D. Host enumeration

Answer: A. Vulnerability scan

You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you've verified the servers have these patches installed. Which of the following BEST describes this?

A. False negative
B. Misconfiguration on servers
C. False positive
D. Servers not hardened

Answer: C. False positive

You want to identify all of the services running on a server. Which of the following tools is the BEST choice to meet this goal?

A. Penetration test
B. Protocol analyzer
C. Sniffer
D. Port scanner

Answer: D. Port scanner

You need to calculate the expected loss of an incident. Which of the following value combinations would you MOST likely use?

A. ALE and ARO
B. ALE and SLE
C. SLE and ARO
D. ARO and ROI

Answer: A. ALE and ARO

You need to calculate the ALE for a server. The value of the server is $3,000, but it has crashed 10 times in the past year. Each time it crashed, it resulted in a 10 percent loss. What is the ALE?

A. $300
B. $500
C. $3,000
D. $30,000

Answer: C. $3,000

Which of the following is most closely associated with residual risk?

A. Risk acceptance
B. Risk avoidance
C. Risk deterrence
D. Risk mitigation
E. Risk transference

Answer: A. Risk acceptance

Homer received an email advertising the newest version of a popular smartphone, which is not available elsewhere. It includes a malicious link. Which of the following principles is the email author using?

A. Authority
B. Intimidation
C. Scarcity
D. Trust

Answer: C. Scarcity