Richard suspects that a denial of service attack is taking place on his network that utilizes a large amount of SSL communications. He wishes to monitor network activity using a packet sniffer to determine whether this traffic is present on his network. What destination port should he look for in the packet sniffer output to confirm the presence of this traffic?

Richard suspects that a denial of service attack is taking place on his network that utilizes a large amount of SSL communications. He wishes to monitor network activity using a packet sniffer to determine whether this traffic is present on his network. What destination port should he look for in the packet sniffer output to confirm the presence of this traffic?


a. 80
b. 110
c. 443
d. 8088


Answer: c. 443

Jim suspects that a fragmentation attack may be taking place on his network and wishes to conduct packet analysis to diagnose the problem. What specific headers will provide him with information useful in detecting a fragmentation attack?

Jim suspects that a fragmentation attack may be taking place on his network and wishes to conduct packet analysis to diagnose the problem. What specific headers will provide him with information useful in detecting a fragmentation attack? (Choose all that apply.)


a. Fragment number
b. Total length
c. Offset
d. Type of service
b. Total length,


Answer: c. Offset

If two computers are configured identically and attached to networks that differ only in the fact that one network utilizes twisted-pair cabling and the other uses fiber-optic cabling, which layer(s) of the OSI model are different between the two systems?

If two computers are configured identically and attached to networks that differ only in the fact that one network utilizes twisted-pair cabling and the other uses fiber-optic cabling, which layer(s) of the OSI model are different between the two systems? (Choose all that apply.)


a. Network
b. Physical
c. Data Link
d. Transport


Answer: b. Physical

Grace would like to send a message to Joe using digital signature technology. What portion of the message should she sign in order to obtain digital signature?

Grace would like to send a message to Joe using digital signature technology. What portion of the message should she sign in order to obtain digital signature?


a. The plaintext message
b. The ciphertext message
c. The plaintext message digest
d. The ciphertext message digest


Answer: c. The plaintext message digest

James recently received a secret message from Martha containing an order for custom services. He would like to be able to prove that Martha sent the message and that is could not be forged. What cryptographic goal is James attempting to achieve?

James recently received a secret message from Martha containing an order for custom services. He would like to be able to prove that Martha sent the message and that is could not be forged. What cryptographic goal is James attempting to achieve?


a. Confidentiality
b. Nonrepudiation
c. Security though obscurity
d. Integrity
e. Authentication


Answer: b. Nonrepudiation

What type of disaster recovery facility contains only the environmental support systems and telecommunications circuits necessary to establish an operational facility but none of the computing resources?

What type of disaster recovery facility contains only the environmental support systems and telecommunications circuits necessary to establish an operational facility but none of the computing resources?


a. Cold site
b. Warm site
c. Hot site
d. Mobile site


Answer: a. Cold site

Jan needs to build the business case for the implementation of a new firewall. She's confident that she can show that the new firewall will require less attention from the security staff and will result in significant manpower savings. She does not expect that there will be any change in the security posture of the organization based on this implementation, What type of approach is best suited to building the business case for this firewall?

Jan needs to build the business case for the implementation of a new firewall. She's confident that she can show that the new firewall will require less attention from the security staff and will result in significant manpower savings. She does not expect that there will be any change in the security posture of the organization based on this implementation, What type of approach is best suited to building the business case for this firewall?


a. Qualitative
b. Quantitative
c. Combination of qualitative and quantitative


Answer: b. Quantitative

What type of alternate processing facility generally contains all of the hardware, software, and data necessary to assume primary data processing responsibility for the organization in the event of a disaster?

What type of alternate processing facility generally contains all of the hardware, software, and data necessary to assume primary data processing responsibility for the organization in the event of a disaster?


a. Hot site
b. Mobile site
c. Warm site
d. Cold site


Answer: a. Hot site

Which of the following is one of the primary goals of an organization's disaster recovery plan?

Which of the following is one of the primary goals of an organization's disaster recovery plan?


a. Minimize the impact of a disaster on the organization.
b. Allow for the transfer of operations to an alternate site.
c. Maintain operations at the alternate sire for an extended period of time.
d. Provide for the efficient transition of operations back to the primary site when the disaster is resolved,


Answer: c. Maintain operations at the alternate sire for an extended period of time.

What general security principle, when applied to information security, would suggest the use of biometric access controls to safeguard extremely sensitive areas within a larger physical facility?

What general security principle, when applied to information security, would suggest the use of biometric access controls to safeguard extremely sensitive areas within a larger physical facility?


a. Least privilege
b. Separation of privileges
c. Defense in depth
d. Security through obscurity


Answer: c. Defense in depth

Which of the following types of individuals are normally included on the information security policy development committee? (Choose all that apply.)

Which of the following types of individuals are normally included on the information security policy development committee? (Choose all that apply.)


a. IT professionals
b. Administrative support staff members
c. Physical security representatives
d. Senior management representatives


Answer:

a. IT professionals,
c. Physical security representatives, and
d. Senior management representatives

An organization's data retention policy should, at minimum, cover which of the following topics?

An organization's data retention policy should, at minimum, cover which of the following topics? (Choose all that apply.)


a. Minimum length of time data should be retained
b. Maximum length of time data should be retained
c. Types of data covered by the policy
d. Data backup requirements


Answer:


a. Minimum length of time data should be retained
b. Maximum length of time data should be retained
c. Types of data covered by the policy

What type of information security policy document should define the procedures users should follow if they suspect misuse of corporate computing resources by an employee or other affiliate?

What type of information security policy document should define the procedures users should follow if they suspect misuse of corporate computing resources by an employee or other affiliate?


a. Backup policy
b. Data retention policy
c. Acceptable use policy
d. Confidentiality policy


Answer: c. Acceptable use policy

Which one of the following security principles explains a practice that security administrators should NOT follow when designing an information security program for their organization?

Which one of the following security principles explains a practice that security administrators should NOT follow when designing an information security program for their organization?


a. Defense in depth
b. Least privilege
c. Security through obscurity
d. Separation of privileges


Answer: c. Security through obscurity

Which statement best describes the principle of least privilege?

Which statement best describes the principle of least privilege?




a. Only allow the minimum number of defined users to access a system.
b. An object should allow only data owners to access it.
c. A subject should be granted only the permissions to accom - plish a task and nothing more.
d. An object should grant access only to subjects through one model and nothing more.


Answer: c. A subject should be granted only the permissions to accomplish a task and nothing more.

What are two types of non discretionary access control?

What are two types of non discretionary access control?


a. Role-based access control
b. Identity-based access control
c. Rule-based access control
d. Task-based access control
a. Role-based access control


Answer: d. Task-based access control

What type of model is identity-based access control?

What type of model is identity-based access control?




a. Mandatory access control
b. Discretionary access control
c. Nondiscretionary access control
d. Transitive-discretionary access control


Answer: b. Discretionary access control

What is a control?

What is a control?


a. Any potential barrier that protects your information from unauthorized access
b. Any data source that contains sensitive data
c. A user or program that attempts to access data on a secure system
d. A device for setting the security clearance of data


Answer: a. Any potential barrier that protects your information from

What is an SSO system?

What is an SSO system?


a. Single sign-on
b. Single secure opening
c. Secure signal operation
d. Single secure operation


Answer: a. Single sign-on

What is the best definition for the term authentication?

What is the best definition for the term authentication?




a. A subject presents credentials to claim an identity.
b. The access control system looks up permissions assigned to as subject.
c. The access control system searches a user database to see if the subject exists.
d. A subject provides additional information that should match information the access control system stores for that subject.


Answer: a. A subject presents credentials to claim an identity.

What is the access control subject?

What is the access control subject?


a. The passive entity that is the target of an access request
b. The active entity that initiates an access request
c. A specific type of access requested
d. The authentication service that processes the access request


Answer: b. The active entity that initiates an access request

Alex is the network administrator for an organization. He decides to implement a new firewall on the company's broadband Internet connection to prevent hackers from entering the network. What risk management technique is Alex practicing?

Alex is the network administrator for an organization. He decides to implement a new firewall on the company's broadband Internet connection to prevent hackers from entering the network. What risk management technique is Alex practicing?


a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance



Answer: a. Risk mitigation

Richard is responsible for evaluating whether his company should develop and host a Web site on the corporate network. He decides that the risk posed to the site by hackers overwhelms the benefit that would be gained from having the site and decides not to develop the site. What risk management technique is Richard practicing?

Richard is responsible for evaluating whether his company should develop and host a Web site on the corporate network. He decides that the risk posed to the site by hackers overwhelms the benefit that would be gained from having the site and decides not to develop the site. What risk management technique is Richard practicing?


a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance


Answer: b. Risk avoidance

Beth evaluated the potential risk of a hacker entering a specific system and decided that it did not justify the cost of purchasing an expensive intrusion detection system. What type of risk management is Beth practicing?

Beth evaluated the potential risk of a hacker entering a specific system and decided that it did not justify the cost of purchasing an expensive intrusion detection system. What type of risk management is Beth practicing?


a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance


Answer: d. Risk acceptance

A janitor cleaning the floor of an organization's data center accidentally tripped over a power cord and cut the power to a critical file server. Users who depend on that data to complete their job functions are unable to access it and must take time off from work until IT personnel arrive and restore power to the computer. What security principle is most involved in this incident?

A janitor cleaning the floor of an organization's data center accidentally tripped over a power cord and cut the power to a critical file server. Users who depend on that data to complete their job functions are unable to access it and must take time off from work until IT personnel arrive and restore power to the computer. What security principle is most involved in this incident?


a. Confidentiality
b. Integrity
c. Denial
d. Alteration


Answer: c. Denial

Matthew's manager Renee recently informed him that she was concerned about the possibility of a hacker tapping into their corporate database and altering customer records. What security goal is Renee concerned about achieving?

Matthew's manager Renee recently informed him that she was concerned about the possibility of a hacker tapping into their corporate database and altering customer records. What security goal is Renee concerned about achieving?




a. Confidentiality
b. Alteration
c. Integrity
d. Availability


Answer: c. Integrity

Your organization is preparing to deploy a web-based application, which will accept user input. Which of the following will test the reliability of this application to maintain availability and data integrity?

Your organization is preparing to deploy a web-based application, which will accept user input. Which of the following will test the reliability of this application to maintain availability and data integrity?



A. Secure coding
B. Input validation
C. Error handling
D. Fuzzing


Answer: D. Fuzzing

Your organization hosts a web site within a DMZ and the web site accesses a database server in the internal network. ACLs on firewalls prevent any connections to the database server except from the web server. Database fields holding customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server?

Your organization hosts a web site within a DMZ and the web site accesses a database server in the internal network. ACLs on firewalls prevent any connections to the database server except from the web server. Database fields holding customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server?



A. Theft of the database server
B. XML injection
C. SQL injection
D. Sniffing


Answer: C. SQL injection

Homer recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code:

Homer recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code:


<body onload="document.getElementByID('myform').submit()">
<form id="myForm" action="gcgapremium.com/purchase.php" method="post"
<input name="Buy Now" value="Buy Now" />
</form>
</body>

What is the MOST likely explanation?


A. XSRF
B. Buffer overflow
C. SQL injection
D. Fuzzing


Answer: A. XSRF

While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent?

While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent?



A. Sniffing
B. Spoofing
C. XSS
D. Pharming


Answer: C. XSS

Attackers have attacked an online web server using a SQL injection attack. Which of the following BEST describes this?

Attackers have attacked an online web server using a SQL injection attack. Which of the following BEST describes this?



A. The attacker is attempting to overload the system with unexpected data and access memory locations.
B. The attacker is attempting to impersonate a user using HTML code.
C. The attacker is sending random data into a program to see if the application will crash.
D. The attacker is attempting to pass commands to a back-end database server to access data.


Answer: D. The attacker is attempting to pass commands to a back-end database server to access data.

An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of x90 characters. What is MOST likely occurring?

An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of x90 characters. What is MOST likely occurring?



A. SQL injection
B. Buffer overflow
C. XML injection
D. Zero-day


Answer: B. Buffer overflow

While reviewing logs for a web application, a developer notices that it has crashed several times reporting a memory error. Shortly after it crashes, the logs show malicious code that isn't part of a known application. What is MOST likely occurring?

While reviewing logs for a web application, a developer notices that it has crashed several times reporting a memory error. Shortly after it crashes, the logs show malicious code that isn't part of a known application. What is MOST likely occurring?



A. Buffer overflow
B. XSS
C. Cross-site scripting
D. XML injection


Answer: A. Buffer overflow

Web developers are implementing error and exception handling in a web site application. Which of the following represents a best practice for this?

Web developers are implementing error and exception handling in a web site application. Which of the following represents a best practice for this?



A. Displaying a detailed error message but logging generic information on the error
B. Displaying a generic error message but logging detailed information on the error
C. Displaying a generic error message and logging generic information on the error
D. Displaying a detailed error message and logging detailed information on the error


Answer: B. Displaying a generic error message but logging detailed information on the error

An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?



A. Buffer overflow
B. Zero-day attack
C. Fuzzing
D. Session hijacking


Answer: B. Zero-day attack

Security analysts recently discovered that users in your organization are inadvertently installing malware on their systems after visiting the comptai.org web site. Users have a legitimate requirement to visit the comptia.org web site. What is the MOST likely explanation for this activity?

Security analysts recently discovered that users in your organization are inadvertently installing malware on their systems after visiting the comptai.org web site. Users have a legitimate requirement to visit the comptia.org web site. What is the MOST likely explanation for this activity?



A. Smurf
B. Typo squatting
C. Fuzzing
D. Replay


Answer: B. Typo squatting

A user complains that his system is no longer able to access the blogs.getcertifiedgetahead.com site. Instead, his browser goes to a different site. After investigation, you notice the following entries in the user's hosts file:

A user complains that his system is no longer able to access the blogs.getcertifiedgetahead.com site. Instead, his browser goes to a different site. After investigation, you notice the following entries in the user's hosts file:



127.0.0.1 localhost
72.52.230.233 blogs.getcertifiedgetahead.com

What is the BEST explanation for this entry?


A. A pharming attack
B. A whaling attack
C. Session hijacking
D. A phishing attack


Answer: A. A pharming attack

A network administrator needs to ensure the company's network is protected against smurf attacks. What should the network administrator do?

A network administrator needs to ensure the company's network is protected against smurf attacks. What should the network administrator do?



A. Install flood guards.
B. Use salting techniques.
C. Verify border routers block directed broadcasts.
D. Ensure protocols use timestamps and sequence numbers.


Answer: C. Verify border routers block directed broadcasts.

An IDS alerts on increased traffic. Upon investigation, you realize it is due to a spike in network traffic from several sources. Assuming this is malicious, what is the MOST likely explanation?

An IDS alerts on increased traffic. Upon investigation, you realize it is due to a spike in network traffic from several sources. Assuming this is malicious, what is the MOST likely explanation?



A. A smurf attack
B. A flood guard attack
C. A DoS attack
D. A DDoS attack


Answer: D. A DDoS attack