Newtork Security 232
A user copies files from her desktop computer to a USB flash device
and puts the device into her pocket. Which of
the following
security risks are most pressing?
Confidentiality
Integrity
Availability
Non-repudiation
Confidentiality
Smart phones with cameras and internet capabilities pose a risk to which security concept?
Confidentiality
Integrity
Non-repudiation
Availability
Confidentiality
By definition, which security concept ensures that only authorized parties can access data?
Confidentiality
Non-repudiation
Authentication
Integrity
Confidentiality
Your computer system is a participant in an asymmetric cryptography
system. You've created a message to send to another user. Before
transmission, you hash the message and encrypt the hash using your
private key. You then attach
this encrypted hash to your message
as a digital signature before sending it to the other user.
In this example, what protection does the hashing activity provide?
Availability
Confidentiality
Integrity
Non-repudiation
Integrity
Which of the following is an example of an internal threat?
A server back door allows an attacker on the internet to gain access to the intranet site.
A user accidentally deletes the new product designs.
A water pipe in the server room breaks.
A delivery man is able to walk into a controlled area and steal a laptop
A user accidentally deletes the new product designs.
What is the greatest threat to the confidentiality of data in most secure organizations?
Operator error
USB devices
Malware
Hacker-intrusion
USB devices
Which of the following is the correct definition of a threat?
Instance of exposure to losses from an attacker
The likelihood of an attack taking advantage of a vulnerability
Absence or weakness of a safeguard that could be exploited
Any potential danger to the confidentiality, integrity, or availability of information or systems
Any potential danger to the confidentiality, integrity, or availability of information or systems
Which of the following is an example of a vulnerability?
Virus infection
A misconfigured server
Denial of service attack
Unauthorized access to confidential resources
A misconfigured server
By definition, which security concept uses the ability to prove that a sender sent an encrypted message?
Privacy
Integrity
Non-repudiation
Authentication
Non-repudiation
Which of the following is not a valid concept to associate with integrity?
Prevent the unauthorized change of data
Ensure that your systems record the real information when collecting data
Control access to resources to prevent unwanted access
Protect your environment so it maintains the highest source of truth
Control access to resources to prevent unwanted access
Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government?
Hacktivist
Script kiddie
Insider
Nation-state
Competitor
Hacktivist
Which of the following is the best definition of the term hacker?
The most organized, well-funded, and dangerous type of threat actor.
A general term used to describe any individual who uses their
technical knowledge to gain unauthorized access
to an organization.
A threat actor who lacks skills and sophistication but wants to impress their friends or garner attention.
A threat actor whose main goal is financial gain.
Any individual whose attacks are politically motivated.
A general term used to describe any individual who uses their
technical knowledge to gain unauthorized access
to an organization.
The IT manager in your organization proposes taking steps to protect
against a potential threat actor. The proposal
includes the
following:
• Create and follow onboarding and off-boarding
procedures
• Employ the principle of least privilege
•
Have appropriate physical security controls in place
Which type of threat actor do these steps guard against?
Script Kiddie
Insider
Competitor
Hacktivist
Insider
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems.
What is the best defense against script kiddie attacks?
Implement email filtering systems.
Have appropriate physical security controls in place.
Properly secure and store data backups.
Build a comprehensive security approach that uses all aspects of threat prevention and protection.
Keep systems up-to-date and use standard security practices.
Keep systems up-to-date and use standard security practices.
Which of the following is a security approach that combines multiple
security controls and defenses and is sometimes
called defense in depth?
Cumulative security
Perimeter security
Countermeasure
security
Network security
Layered security
Layered security
Which of the following reduce the risk of a threat agent being able to exploit a vulnerability?
Implementation of VLANs
Countermeasures
manageable
network plans
Secure data transmissions
Countermeasures
Which of the following is the single greatest threat to network security?
Email phishing
Weak passwords
Employees
Insecure physical access to network resources
Employees
Which type of media preparation is sufficient for media that will be
reused in different security contexts within your
organization?
Formatting
Deletion
Sanitization
Destruction
Sanitization
Which of the following is an example of privilege escalation?
Mandatory vacations
Principle of least privilege
Separation of duties
Creeping privileges
Creeping privileges
Which security principle prevents any one administrator from having
sufficient access to compromise the security of
the overall IT solution?
Separation of duties
Principle of least privilege
Dual
administrator accounts
Need to know
Separation of duties
You assign access permissions so that users can only access the
resources required to accomplish their specific work
tasks. Which
security principle are you complying with?
Cross-training
Job rotation
Principle of least
privilege
Need to know
Principle of least privilege
An access control list (ACL) contains a list of users and allowed
permissions. What is it called if the ACL
automatically prevents
access to anyone who is not on the list?
Explicit allow
Explicit deny
Implicit deny
Implicit allow
Implicit deny
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal?
Mandatory vacations
Implicit deny
Separation of duties
Job rotation
Least privilege
Separation of duties
You are concerned that the accountant in your organization might have
the chance to modify financial information and
steal from the
company. You want to periodically have another person take over all
accounting responsibilities to
catch any irregularities.
Which security principle are you implementing by periodically shifting accounting responsibilities?
Job rotation
Need to know
Separation of duties
Least privilege
Explicit deny
Job rotation
You want to implement an access control list where only the users you
specifically authorize have access to the resource. Anyone not on the
list should be prevented from having access.
Which of the
following methods of access control will the access list use?
Implicit allow, explicit deny
Implicit allow, implicit deny
Explicit allow, explicit deny
Explicit allow, implicit deny
Explicit allow, implicit deny
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?
Ownership
Clearance
Need to know
Least privilege
Separation of duties
Need to know
What is the primary purpose of separation of duties?
Increase the difficulty of performing administration
Grant a greater range of control to senior management
Inform managers that they are not trusted
Prevent conflicts of interest
Prevent conflicts of interest
Separation of duties is an example of which type of access control?
Preventive
Compensative
Detective
Corrective
Preventive
Need to know access is required to access which types of resources?
Low-security resources
high-security
resources
Resources with unique ownership
Compartmentalized resources
Compartmentalized resources
When a cryptographic system is used to protect the data
confidentiality, what actually takes place?
The data is
protected from corruption or change
Unauthorized users are prevented from viewing or accessing the resource
Transmitting the encrypted data is prohibited
The
data is available for access whenever authorized users need it
Unauthorized users are prevented from viewing or accessing the resource
Which type of cipher changes the position of the characters in a plain text message?
Block
Steam
Transposition
Substituion
Transposition
Which is the cryptography mechanism that hides secret communications within various forms of data?
Codes
Steganography
Polyinstantiation
Signals
Steganography
Which of the following is not a valid example of steganography?
Hiding text messages within graphical images
Microdots
Digital watermarking
Encrypting a data file with an
encryption key
Encrypting a data file with an encryption key
Which of the following encryption methods combines a random value with plain text to produce ciphertext?
Steganography
One-time pad
Transposition
Elliptic curve
One-time pad
What is the cryptography method of recovering original data that has
been encrypted without having access to the key
used in the
encryption process?
Steganography
Ciphertext
Cryptanalysis
Algorithm
Cryptanalysis
Which of the following tools would you use to validate the bandwidth
on your network and identify when the
bandwidth is significantly
below what it should be?
Load tester
Protocol analyzer
Throughput tester
Packet sniffer
Throughput tester
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation.
Which of the following must you configure in order to see all of the network traffic?
Configure the network interface to use port mirroring mode
Configure the network interface to use promiscuous mode
Configure the network interface to use protocol analysis mode
Configure the network interface to enable logging
Configure the network interface to use promiscuous mode
You want to examine the data on your network to find out if any of
the following are happening:
• Users are connecting to
unauthorized websites
• Cleartext passwords are allowed by
protocols or services
• Unencrypted traffic that contains
sensitive data is on the network
Which of the following tools would you use?
Protocol analyzer
System logging
Load tester
Throughput tester
Protocol analyzer
Which of the following tools would you use to simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email?
Protocol analyzer
Packet sniffer
Load tester
Throughput tester
Load tester
Which of the following accurately describes what a protocol analyzer is used for? (Select two.)
A device that can simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email.
A passive device that is used to copy frames and allow you to view frame contents.
A device that allows you to capture, modify, and retransmit frames (to perform an attack).
A device that does not allow you to capture, modify, and retransmit frames (to perform an attack).
A device that measures the amount of data that can be transferred through a network or processed by a device.
A passive device that is used to copy frames and allow you to view frame contents.
A device that does not allow you to capture, modify, and retransmit frames (to perform an attack).
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?
Restore and repair any damage
Deploy new countermeasures
Update the security policy
Back up all logs and audits
regarding the incident
Back up all logs and audits regarding the incident
Which of the following is an important aspect of evidence gathering?
Backing up all log files and audit trails
Restoring damaged data from backup media
Purging
transaction logs
Monitoring user access to compromised systems
Backing up all log files and audit trails
During a recent site survey, you found a rogue wireless access point
on your network. Which of the following actions should you take first
to protect your network while still preserving evidence?
See who is connected to the access point and attempt to find the
attacker
Run a packet sniffer to monitor traffic to and from the
access point
Disconnect the access point from the network
Connect to the access point and examine its logs for information
Disconnect the access point from the network
You have discovered a computer that is connected to your network and
was used for an attack. You have disconnected the computer from the
network to isolate it and stop the attack.
What should
you do next?
Stop all running processes
Clone the
hard drive
make a hash of the hard drive
Perform a memory dump
Perform a memory dump
You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first?
remove the hard drive
Turn off the system
Document
what's on the screen
Stop all running processes
Document what's on the screen
Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?
File directory listing
Hashing
Photographs
Serial number notation
Hashing
When duplicating a drive for forensic investigation purposes, which of the following copying methods is most appropriate?
File-by-file copying
Active sector cloning
Bit-level
cloning
drive mirroring
Bit-level cloning
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?
Write a log file to the media
Create a checksum using a
hashing algorithm
Enable write protection
Reset the file
attributes on the media to read-only
Create a checksum using a hashing algorithm
You manage the network for your company. You have recently discovered
information on a computer hard drive that might indicate evidence of
illegal activity. You want to perform forensic activities on the disk
to see what kind of information it contains.
What should
you do first?
Fire the employee who uses the computer
Run forensic tools to examine the hard drive contents
Obtain a search warrant
Make a bit-level copy of the disk
Make a bit-level copy of the disk
What is the best definition of a security incident?
Interruption of productivity
Compromise of the CIA of
resources
Violation of a security policy
criminal activity
Violation of a security policy
What is the most important element related to evidence in addition to the evidence itself?
Photographs of the crime scene
Completeness
Witness
testimony
Chain of custody document
Chain of custody document
The chain of custody is used for which purposes?
Retaining evidence integrity
Detailing the timeline between
creation and discovery of evidence
Identifying the owner of the
evidence
Listing people coming into contact with evidence
Listing people coming into contact with evidence
You have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?
CPS (certificate practice statement)
FIPS-140
Rules of
evidence
Chain of custody
Chain of custody
Which of the following is defined as a contract that prescribes the
technical support or business parameters a provider will bestow to its
client?
Mutual aid agreement
Certificate practice
statement
Service level agreement
Final audit report
Service level agreement
HIPAA is a set of federal regulations that define security
guidelines. What do HIPAA guidelines protect?
Integrity
Privacy
Availability
Non-repudiation
Privacy
What is a service level agreement (SLA)?
A guarantee of
a specific level of service
An agreement to support another
company in the event of a disaster
A contract with an ISP for a
specific level of bandwidth
A contract with a legal entity to
limit your asset loss liability
A guarantee of a specific level of service
A Service Level Agreement (SLA) defines the relationship and
contractual responsibilities of providers and service recipients.
Which of the following characteristics are most important when
designing an SLA? (Select two.)
Industry standard
templates for all SLAs to ensure corporate compliance
Detailed provider responsibilities for all continuity and
disaster recovery mechanisms.
Employee vetting
procedures that don't apply to contract labor.
Clear and
detailed descriptions of penalties if the level of service is not provided.
Detailed provider responsibilities for all continuity and disaster
recovery mechanisms.
Clear and detailed descriptions of
penalties if the level of service is not provided.
You plan to implement a new security device on your network. Which of
the following policies outlines the process you should follow before
implementing that device?
Change management
Acceptable use
SLA
Resource allocation
Change management
When you inform an employee that they are being terminated, what is
the most important activity?
Giving them two weeks'
notice
Allowing them to collect their personal items
Disabling their network access
Allowing them to complete
their current work projects
Disabling their network access
What is the most effective way to improve or enforce security in any
environment?
Requiring two-factor authentication
Enforcing account lockout
Disabling Internet access
Providing user-awareness training
Providing user-awareness training
You have a set of DVD-RW discs that have been used to archive files
for your latest development project. You need to dispose of the discs.
Which of the following methods should you use to best
prevent data extraction from the discs?
Write junk data
over the discs seven times
Shred the disks
Delete the
data on the discs
Degauss the disks
Shred the disks
Which of the following best describes the concept of due care or due
diligence?
Security through obscurity is best
accomplished by port stealthing.
Reasonable precautions
based on industry best practices are utilized and documented.
Legal disclaimers are constantly and conspicuously displayed on
all systems.
Availability supersedes security unless
physical harm is likely.
Reasonable precautions based on industry best practices are utilized and documented.
Which of the following is an example of a strong password?
Robert694
a8bT11$yi
at9iov45a
desktop#7
a8bT11$yi
Which of the following is a recommendation to use when a specific
standard or procedure does not exist?
Baseline
Guideline
Procedure
Standard
Guideline
Which of the following is the best protection against security
violations?
Defense-in-depth
Fortress mentality
Bottom-up decision-making
Monolithic security
Defense-in-depth
What is the primary purpose of source code escrow?
To
obtain change rights over software after the vendor goes out of
business
To provide a backup copy of the software to use
for recovery in the event of a disaster
To obtain
resale rights over software after the vendor goes out of business
To hold funds in reserve for unpredicted costs before paying the fees of the programmer
To obtain change rights over software after the vendor goes out of business
Change control should be used to oversee and manage changes over what
aspect of an organization?
IT hardware and software
Physical environment
Every aspect
Personnel and policies
Every aspect
You have recently discovered that a network attack has compromised
your database server. The attacker may have stolen customer credit
card numbers. You have stopped the attack and implemented security
measures to prevent the same incident from occurring in the future.
What else might you be legally required to do?
Contact your customers to let them know about the security
breach
Perform additional investigations to identify the
attacker
Delete personally identifiable information from your
computers
Implement training for employees who handle personal information
Contact your customers to let them know about the security breach
Which of the following is not an appropriate response to a risk
discovered during a risk analysis?
Acceptance
Assignment
Mitigation
Denial
Denial
Which of the following best defines Single Loss Expectancy (SLE)?
The total monetary loss associated with a single
occurrence of a threat
The total cost of all
countermeasures associated with protecting against a given
vulnerability
The monetary value of a single employee's
loss of productivity due to a successful attack
The
statistical probability of a malicious event
The total monetary loss associated with a single occurrence of a threat
What is the average number of times that a specific risk is likely to
be realized in a single year?
Annualized rate of
occurrence
Annualized loss expectancy
Estimated maximum
downtime
Exposure factor
Annualized rate of occurrence
Your company has developed and implemented countermeasures for the
greatest risks to their assets. However, there is still some risk
left. What is the remaining risk called?
Exposure
Residual risk
Risk
Loss
Residual risk
Which of the following statements is true regarding risk analysis?
(Select two.)
Exposure factor is the percent of the
asset lost from an unsuccessful threat attack.
Annualized Rate of Occurrence (ARO) identifies how often the
successful threat attack will occur in a single year.
The value of an asset is the worth of a resource to the
organization excluding qualitative values.
Don't
implement a countermeasure if the cost is greater than loss.
Annualized Rate of Occurrence (ARO) identifies how often the
successful threat attack will occur in a single year.
Don't implement a countermeasure if the cost is greater than loss.
When would choosing to do nothing about an identified risk be
acceptable?
When the threat is most likely to come from
an internal source instead of an external source
When
the threat is likely to occur less than once per year
When the asset is an intangible asset instead of a tangible
asset
When the cost of protecting the asset is greater
than the potential loss
When the cost of protecting the asset is greater than the potential loss
If an organization shows sufficient due care, which burden is
eliminated in the event of a security breach?
Negligence
Asset loss
Investigation
Liability
Negligence
You have conducted a risk analysis to protect a key company asset.
You identify the following values:
• Asset value 400
•
Exposure factor 75
• Annualized rate of occurrence .25
What is the Annualized Loss Expectancy (ALE)?
25
75
100
175
475
Asset value (AV) x exposure factor (EF) x Annualized Rate of Occurrence (ARO)
400 x 75% x .25 = 75
When conducting a risk assessment, how is the Annualized Rate of
Occurrence (ARO) calculated?
Multiply the Single Loss
Expectancy (SLE) by the Annual Loss Expectancy (ALE).
Through historical data provided by insurance companies and
crime statistics.
Multiply the Single Loss Expectancy
(SLE) by the standard annual deviation.
Divide the
static variable by the probability index.
Through historical data provided by insurance companies and crime statistics.
Purchasing insurance is what type of response to risk?
Acceptance
Deployment of a countermeasure
Rejection
Transference
Transference
To determine the value of the company assets, an anonymous survey was
used to collect the opinions of all senior and mid-level managers.
Which asset valuation method was used?
Asset
classification
Sensitivity vs. risk
Comparative
Delphi method
Delphi method
You have conducted a risk analysis to protect a key company asset.
You identify the following values:
• Asset value 400
•
Exposure factor 75
• Annualized Rate of Occurrence .25
What is the Single Loss Expectancy (SLE)?
100
300
475
30000
The Single Loss Expectancy (SLE) is the asset value (AV) multiplied by the exposure factor (EF), with the EF being a percentage of the asset value that is lost. In this example, SLE 400 x 75% 300.
Which type of Data Loss Prevention system is usually installed near
the network perimeter to detect sensitive data that is being
transmitted in violation of organizational security policies?
Network DLP
Chinese Wall
Endpoint DLP
File
level DLP
Network DLP
Which type of data loss prevention system can be configured to block
unauthorized email messages from being sent and, therefore, being
subject to email retention rules?
File-Level DI-P
Cloud DLP
Endpoint DLP
Network DLP
Endpoint DLP
Which of the following is not an accepted countermeasure to
strengthen a cryptosystem?
Implement long key spaces
Implement strong systems with redundant encipherment
Use
strong passwords
Keep the cryptosystem a secret
Keep the cryptosystem a secret
When recovering from a disaster, which services should you stabilize
first?
Mission-critical
Outside communications
Financial
support
Least business-critical
Mission-critical
In business continuity planning, what is the primary focus of the
scope?
Recovery time objective
Business processes
Company
assets
Human life and safety
Business processes
What is the primary goal of business continuity planning?
Maintaining business operations with reduced or restricted
infrastructure capabilities or resources
Protecting an organization from major computer services failure
Minimizing the organization's risk of service delays and
interruptions
Minimize decision-making during the development process
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
When is a BCP or DRP design and development actually completed?
Only after implementation and distribution
Never
Once senior management approves
Only after testing
Never
You are a database administrator and the first responder for database
attacks. You have decided to test one part of your current Business
Continuity Plan (BCP) with two other database professionals.
Which type of BCP test is this considered?
Succession planning
Tabletop exercise
Medium
exercise
Complex exercise
Tabletop exercise
You have recently been hired as the new network administrator for a
startup company. The company's network was implemented
prior to
your arrival. One of the first tasks you need to complete in your new
position is to develop a Manageable Network plan for the network.
You have already completed the first and second milestones, in
which documentation procedures were identified and the network was
mapped. You are now working on the third milestone, identifying ways
to protect the network
Which tasks should you complete as a part of this milestone?
(Select two.)
Physically secure high-value systems
Apply critical
patches whenever they are released
Create an approved
application list for each network device
Identify and document
each user on the network
Set account expiration dates
Physically secure high-value systems
Identify and document each user on the network
You have hired 10 new temporary workers who will be with the company
for three months. You want to make sure that after that time the user
accounts cannot be used for login.
What should you do?
Configure account lockout in Group Policy
Configure
account expiration in the user accounts
Configure day/time
restrictions in the user accounts
Configure account policies in
Group Policy
Configure account expiration in the user accounts
As you go through the process of making your network more manageable,
you discover that employees in the sales department are on the same
network segment as the human resources department.
Which of the following steps can be used to isolate these
departments?
Move the sales department into the DMZ
Implement the
principle of least privilege for the human resources department
Create a separate VLAN for each department
Identify the
choke points in your network
Create a separate VLAN for each department
What is the primary countermeasure to social engineering?
Heavy management oversight
A written security policy
Traffic filters
Awareness
Awareness
How can an organization help prevent social engineering attacks?
(Select two.)
Publish and enforce clearly-written security policies.
Educate employees on the risks and countermeasures.
Close
all unneeded ports on firewalls.
Implement IPsec on all critical systems.
Publish and enforce clearly-written security policies.
Educate
employees on the risks and countermeasures.
Which of the following attacks tricks victims into providing
confidential information (such as identity information or login
credentials) through emails or websites that impersonate an online
entity that the victim trusts?
Adware
Phishing
Man-in-the-middle
Session hijacking
Phishing
Which of the following is a common social engineering attack?
Distributing hoax virus information emails
Distributing false
information about your organization's financial status
Using a
sniffer to capture network traffic
Logging on with stolen credentials
Distributing hoax virus information emails
You have just received a generic-looking email that is addressed as
coming from the administrator of your company.
The email says
that, as part of a system upgrade, you are to go to a website and
enter your user name and password at a new website so you can manage
your email and spam using the new service.
What should you do?
Delete the email.
Open a web browser and type the URL included in the email.
Follow the directions to enter your login credentials.
Verify that the email was sent by the administrator and that
this new service is legitimate.
Click on the link in the email and follow the directions to
enter your login information.
Click on the link in the email and look for company graphics or
information before entering the login information.
Verify that the email was sent by the administrator and that this new service is legitimate.
Dumpster diving is a low-tech way of gathering information that may
be useful in gaining unauthorized access or as a starting point for
more advanced attacks. How can a company reduce the risk associated
with dumpster diving?
Secure all terminals with screensaver passwords
Mandate
the use of Integrated Windows Authentication
Establish and
enforce a document destruction policy
Create a strong password policy
Establish and enforce a document destruction policy
Which of the following are examples of social engineering? (Select
two.)
War dialing
Port scanning
Shoulder
surfing
Dumpster diving
Shoulder surfing
Dumpster diving
Which of the following social engineering attacks use Voice over IP (VolP) to gain sensitive information?
Tailgating
Spear phishing
Masquerading
Vishing
Vishing
A senior executive reports that she received a suspicious email
concerning a sensitive internal project that is behind production. The
email was sent from someone she doesn't know, and he is asking for
immediate clarification on several of the project's details so the
project can get back on schedule.
Which type of attack best describes the scenario?
Masquerading
MAC spoofing
Whaling
Passive
Whaling
The receptionist received a phone call from an individual claiming to
be a partner in a high-level project and is requesting sensitive
information. The individual is engaging in which type of social
engineering?
Commitment
Social validation
Authority
Persuasive
Authority
You've just received an email message explaining that a new and
serious malicious code threat is ravaging across the internet. The
message contains detailed information about the threat, its source
code, and the damage it can inflict. The message states that you can
easily detect whether or not you have already been a victim of this
threat by the presence of three files in the WVindowsXSystem32 folder.
As a countermeasure, the message suggests that you delete these three
files from your system.
In response to this message, which action should you take first?
Delete the indicated files if present
Verify the
information on well-known malicious code threat management websites
Distribute the message to everyone in your address book
Reboot the system
Perform a complete system backup
Verify the information on well-known malicious code threat management websites
What is the weakest point in an organization's security
infrastructure?
Physical structure
Procedures
People
Technology
People
Which of the following is not a form of social engineering?
Impersonating a user by logging on with stolen credentials
Impersonating a manager over the phone
A virus hoax email
message
Impersonating a utility repair technician
Impersonating a user by logging on with stolen credentials
What is another name for a back door that was accidentally left in a
product by the manufacturer?
Security patch
Root kit
Maintenance hook
Trojan horse
Maintenance hook
Which of the following is an action that must take place during the
release stage of the SDLC?
Certification, accreditation, and auditing are performed.
Vendors develop and release patches in response to exploited
vulnerabilities that have been discovered.
Testing of the software for bugs.
The product goes into major production and is developed by programmers.
Vendors develop and release patches in response to exploited vulnerabilities that have been discovered.
Which of the following program writing development modes is a method
that allows for optimal control over coherence, security, accuracy,
and comprehensibility?
Waterfall planning
Object-oriented programming
Clean
room
Structured programming
Structured programming
How often should change control management be implemented?
At regular intervals throughout the year.
Only when a
production system is altered greatly.
Only when changes are made
that affect senior management.
Any time a production system is altered.
Any time a production system is altered.
In which phase of the system life cycle is security integrated into
the product?
Project initiation
Installation
Software development
Maintenance
Project initiation
In which phase of the system life cycle is software testing
performed? (Choose Two)
Installation
System design specifications
Software
development and coding
Functional design analysis and planning
Installation
Software development and coding
What is the primary purpose of imposing software lifecycle management
concepts?
Increase the quality of software
Decrease development overhead
Reduce product returns
Increase interoperability
Increase the quality of software
What is the primary purpose of forcing employees to take mandatory
one-week minimum vacations every year?
To prevent the buildup of significant vacation time
To cut
costs on travel
To check for evidence of fraud
To test
their knowledge of security
To check for evidence of fraud
A code of ethics does all but which of the following?
Establishes a baseline for managing complex situations
Serves as a reference for the creation of acceptable use
policies
Clearly defines courses of action to take when a
complex issue is encountered
Improves the professionalism of
your organization as well as your profession
Clearly defines courses of action to take when a complex issue is encountered
Which of the following are typically associated with human resource
security policies? (Select two.)
Background checks
SLA
Termination
Change
management
Password policies
Background checks
Termination
Which of the following is not part of security awareness training?
Familiarize employees with the security policy
Communicate standards, procedures, and baselines that apply to the
employee's job
Employee agreement documents
Establish
reporting procedures for suspected security violations
Employee agreement documents
Over the last month, you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment?
Terminate all offenders
Reduce all employee permissions and
privileges
Initiate stronger auditing
Improve and hold new
awareness sessions
Improve and hold new awareness sessions
As you help a user with a computer problem, you notice that she has
written her password on a note stuck to her computer monitor. You
check the password policy of your company and find that the following
settings are currently required:
• Minimum password length 10
• Minimum password age 4
• Maximum password age 30
•
Password history 6
• Require complex passwords that include
numbers and symbols
• Account lockout clipping level 3
Which of the following is the best action to take to make
remembering passwords easier so that she no longer has to write the
password down?
Remove the complex password requirement
Decrease the
minimum password length
Implement end-user training
Increase the account lockout clipping level
Increase the
maximum password age
Implement end-user training
You have installed antivirus software on computers at your business.
Within a few days, however, you notice that one computer has a virus.
When you question the user, she says she installed some software a few
days ago, but it was supposed to be a file compression utility. She
admits she did not scan the file before running it.
What should you add to your security measures to help prevent
this from happening again?
User awareness training
Close unused firewall ports
Proxy server
Account lockout
User awareness training
Which of the following defines two-man control?
Certain
tasks should be dual-custody in nature to prevent a security breach.
An employee is granted the minimum privileges required to
perform the position's duties.
A situation in which multiple employees conspire to commit fraud
or theft.
For any task in which vulnerabilities exist, steps within the
tasks are assigned to different positions with different management.
Certain tasks should be dual-custody in nature to prevent a security breach.
Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information?
Acceptable use agreement
Non-compete agreement
Employee
monitoring agreement
Non-disclosure agreement
Non-disclosure agreement
Your company security policy requires separation of duties for all
network security matters. Which of the following scenarios best
describes this concept?
Security policy authors may never fraternize with system
administration personnel
Every change to the default system image requires concurrent
processing by multiple domain controllers.
Only the security officer can implement new border router rule
sets.
The system administrator configures remote access privileges and
the security officer reviews and activates each account.
The system administrator configures remote access privileges and the security officer reviews and activates each account.
Which of the following is not a protection against collusion?
Principle of least privilege
Separation of duties
Cross-training
Two-man control
Cross-training
Which of the following is not an element of the termination process?
Disable all network access
Return company property
Exit interview
Dissolution of the NDA
Dissolution of the NDA
When you inform an employee that they are being terminated, what is
the most important activity?
Disable their network access
Allow them to complete their
current work projects
Give them two week s notice
Allow
them to collect their personal items
Disable their network access
The best way to initiate solid administrative control over an organization's employees .s to have what element in place?
Mandatory vacations in one-week increments
Rotation of duties
Distinct job descriptions
An acceptable use policy
Distinct job descriptions
A smart phone was lost at the airport. There is no way to recover the
device. Which if the following will ensure data confidentiality on the
device?
TPM
Remote wipe
Screen lock
GPS
Remote wipe
Which of the following are not reasons to remote wipe a mobile
device?
The device is inactive for a period of time.
The device is
stolen or lost.
The device is locked and someone has entered
multiple incorrect passwords or PINs.
The device is being
assigned to another user
The device is inactive for a period of time.
Which of the following mobile device security considerations disables
the ability to use the device after a short period of inactivity?
Screen lock
TPM
GPS
Remote wipe
Screen lock
Over the last several years, the use of mobile devices within your
organization has increased dramatically. Unfortunately, many
department heads circumvented your information systems procurement
policies and directly purchased tablets and smartphones for their
employees without authorization. As a result, there is a proliferation
of devices within your organization without accountability. You need
to get things under control and begin tracking your organization's
devices.
How should you do this?
Join the devices to your organization's domain.
Implement a mobile endpoint management (MEM) solution.
Apply security-related Group Policy settings to the devices
using a Group Policy object.
Require users to sign an acceptable use policy before allowing
them to use mobile devices for work-related tasks.
Implement a mobile endpoint management (MEM) solution.
Your organization has recently purchased 20 tablet devices for the
Human Resource department to use for training sessions. You are
concerned that these devices could represent a security risk to your
network and want to strengthen their security profile as much as
possible.
Which actions should you take? (Select two)
Install the devices in your organization's directory services
tree.
Configure a Group Policy object (GPO) containing mobile
device-specific security settings.
Enable device encryption.
Implement storage segmentation.
Enable device encryption.
Implement storage segmentation
Your organization entered into an Interoperability Agreement (IA)
with another organization a year ago. As a part of this agreement, a
federated trust was established between your domain and the partner
domain. The partnership has been in the ongoing operations phase for
almost nine months now.
As a security administrator, which tasks should you complete
during this phase? (Select two.)
Verify compliance with the IA documents
Disable user and groups accounts used by the partner
organization to access your organization's data
Conduct periodic vulnerability assessments
Draft an MOU document
Negotiate the BPO agreement
Verify compliance with the IA documents
Conduct periodic
vulnerability assessments
Your organization is in the process of negotiating an
Interoperability Agreement (IA) with another organization. As a part
of this agreement, the partner organization proposes that a federated
trust be established between your domain and their domain. This
configuration will allow users in their domain to access resources in
your domain and Vice versa.
As a security administrator, which tasks should you complete
during this phase? (Select two.)
Reset all passwords used by the third party to access data or
applications on your network.
Conduct security audits on the partner organization.
Identify how data will be shared.
Identify how data ownership will be determined.
Verify compliance with the IA documents.
Identify how data will be shared.
Identify how data ownership will be determined.
Your company is preparing to enter into a partner relationship with
another organization. It will be necessary for the information systems
used by each organization to connect and integrate with each other.
Which of the following is of primary importance as you take
steps to enter into this partner relationship?
Ensure that all aspects of the relationship are agreed upon in
writing
Ensure that both organizations have similar incident response
procedures
Ensure that the integration process maintains the security of
each organization's network
Ensure that the integration process maintains the security of each organization's network
You are about to enter your office building through a back entrance. A man dressed as a plumber asks you to let him in so he can fix the restroom.
What should you do?
Let him in and help him find the restroom, then let him work.
Let him in.
Tell him no and quickly close the door.
Direct him to the front entrance and instruct him to check in
with the receptionist.
Direct him to the front entrance and instruct him to check in with the receptionist.
Which of the following are solutions that address physical security?
(Select two.)
Escort visitors at all times
Disable
guest accounts on computers
Implement complex passwords
Scan all floppy disks before use
Require identification
and name badges for all employees
Escort visitors at all times
Require identification and name badges for all employees
Which of the following is not an example of a physical barrier access
control mechanism?
Biometric locks
Mantrap
One-time passwords
Fences
One-time passwords
Which of the following can be used to stop piggybacking at a front
entrance where employees should swipe smart cards to gain entry?
Use key locks rather than electronic locks
Deploy a
mantrap
Use weight scales
Install security cameras
Deploy a mantrap
Which option is a secure doorway that can be used in coordination
with a mantrap to allow easy egress from a secured environment while
actively preventing re-entrance through the exit portal?
Turnstiles
Egress mantraps
Locked doors with
interior unlock push bars
Electronic access control doors
Turnstiles
What is the primary benefit of CCTV?
Expand the area visible by security guards
Provide a
corrective control
Reduce the need for locks and sensors on
doors
Increase security protection throughout an environment
Expand the area visible by security guards
You want to use CCTV to increase your physical security. You want the ability to remotely control the camera position.
Which camera type should you choose?
C-mount
PTZ
Dome
Bullet
PTZ
You want to use CCTV to increase the physical security of your
building. Which of the following camera types would offer the sharpest
image at the greatest distance under the lowest lighting conditions?
400 resolution, 10mm, .05 LUX
400 resolution, 10mm, 2 LUX
500 resolution, 50mm, 2 LUX
500 resolution, 50mm, .05 LUX
When you select cameras, be aware of the following
characteristics:
• The resolution is rated in the number of
lines included in the image. In general, the higher the resolution,
the sharper the image.
• The focal length measures the
magnification power of a lens. The focal length controls the distance
that the camera can see, as well as how much detail can be seen at a
specific range. A higher focal length lets you see more detail at a
greater distance.
• LUX is a measure of the sensitivity to
light. The lower the number, the less light is necessary for a clear
Image.
500 resolution, 50mm, .05 LUX
When you select cameras, be aware of the following
characteristics:
• The resolution is rated in the number of
lines included in the image. In general, the higher the resolution,
the sharper the image.
• The focal length measures the
magnification power of a lens. The focal length controls the distance
that the camera can see, as well as how much detail can be seen at a
specific range. A higher focal length lets you see more detail at a
greater distance.
• LUX is a measure of the sensitivity to
light. The lower the number, the less light is necessary for a clear
Image.
Which of the following CCTV camera types lets you adjust the distance
that the camera can see (in other words, zoom in or out)?
Varifocal
Fixed
C-mount
Infrared
Varifocal
Which of the following allows for easy exit of an area in the event
of an emergency, but prevents entry? (Select two.)
Anti-passback system
Mantrap
Double-entry door
Turnstile
PTZ CCTV
Double-entry door
Turnstile
Which of the following controls is an example of a physical access
control method?
Locks on doors
Passwords
Access control lists with
permissions
Hiring background checks
Smart cards
Locks on doors
Which of the following is the most important thing to do to prevent
console access to the router?
Set console and enable secret passwords
Implement an
access list to prevent console connections
Disconnect the
console cable when not in use
Keep the router in a locked room
Keep the router in a locked room
• When you enter the facility, a receptionist greets you and directs
you down the hallway to the office manager's cubicle. The receptionist
uses a notebook system that is secured to her desk with a cable lock.
• The office manager informs you that the organization's servers
are kept in a locked closet. Only she has the key to the closet. When
you arrive on site, you will be required to get the key from her to
access the closet.
• She informs you that server backups are
configured to run each night. A rotation of external USB hard disks
are used as the backup media.
• You notice that the
organization's network switch is kept in an empty cubicle adjacent to
the office manager's workspace.
• You notice that a
router/firewall/content filter all-in-one device has been implemented
in the server closet to protect the internal network from external
attacks.
Which security-related recommendations should you make to this
client? (Select two.)
Use separate dedicated network perimeter security devices
instead of an all-in-one device
Replace the key lock on the
server closet with a card reader
Relocate the switch to the
locked server closet
Control access to the work area with
locking doors and card readers
Replace the USB hard disks used
for server backups with a tape drive
• Relocate the switch to the locked server closet. Keeping it in a
cubicle could allow an attacker to configure port mirroring on the
switch and capture network traffic.
• Control access to the work
area with locking doors and card readers. Controlling access to the
building is critical to prevent unauthorized people from gaining
access to computers.
• When you enter the facility, a receptionist greets you and escorts
you through a locked door to the work area, where the office manager
sits.
• The office manager informs you that the organization's
servers are kept in a locked closet. An access card is required to
enter the server closet.
• She informs you that server backups
are configured to run each night. A rotation of tapes is used as the
backup media.
• You notice the organization's network switch is
kept in the server closet.
• You notice that a
router/firewall/content filter all-in-one device has been implemented
in the server closet to protect the internal network from external
attacks.
• The office manager informs you that her desktop
system will no longer boot and asks you to repair or replace it,
recovering as much data as possible in the process. You take the
workstation back to your office to work on it.
What security-related recommendations should you make to this
client?
Replace the tape drive used for backups with external USB hard
disks.
Keep the network infrastructure devices (switch and
all-in-one device) in a locked room separate from network servers.
Implement a hardware checkout policy.
Upgrade the server
closet lock to a biometric authentication system.
Implement a hardware checkout policy.
A malicious user in your organization was able to use the Trinity
Rescue Kit to change the password on a department manager's computer
in the finance department. The user was able to copy data containing
bank account information and social security numbers. The user then
destroyed the data by resetting the computer. The department manager
was at lunch at the time and had enabled the lock screen to require a
password to gain access to the computer.
Which additional measure should the manager have taken to
prevent data theft?
The data should have been backed up so it could be restored
after it was destroyed.
The computer should have been kept in a
physically secure location.
The computer should have been bolted
to the desk.
The sensitive data on the computer should have been encrypted
The computer should have been kept in a physically secure location.
An attacker is using an eavesdropping technique called Van Eck
phreaking on a networking closet.
Which of the following describes what the attacker is doing?
Collecting electronic emissions
Connecting to an open
Ethernet port
Capturing data transmissions
Connecting to
an open switch port
Collecting electronic emissions
Van Eck phreaking.
A Faraday cage can be used to prevent this type of attack.
Your networking closet contains your network routers, switches,
bridges, and some servers. You want to make sure an attacker is not
able to gain physical access to the equipment in the networking closet
and prevent anyone from reconfiguring the network to set up remote
access or backdoor access.
Which of the following measures are the best way to secure your
networking equipment from unauthorized physical access? (Select two)
Place your networking equipment in a locked cage.
Place
your networking equipment in a Van Eck cage.
Place your
networking equipment in a room that requires key card entry.
Place your networking equipment in a TEMPEST cage.
Place your networking equipment in a locked cage.
Place your networking equipment in a room that requires key card entry.
One of the ways attackers can access unencrypted data being
transmitted on your network is by collecting electronic em.ssions that
come from your networking closet or Ethernet cables.
Which of the following is NOT a good solution to this problem?
User ethernet port locking devices
Configure all data
transmissions to be encrypted
Place your network closet inside a
Faraday cage
Employing a protective distribution system, or PDS
Configure all data transmissions to be encrypted
Physical security is an obvious requirement for network security, but
it is often easy to overlook or forget to plan for it.
Which of the following is NOT a benefit of physical security?
Employee passwords are stronger.
Terrorists cannot walk in
off the street and change the network configuration.
Network
resources are safer from natural disasters.
Untrained employees
cannot misuse equipment.
Sensitive data is protected from
unauthorized access.
Employee passwords are stronger.
To keep your data center safe, you have done the following:
•
Restricted physical access to employees who strictly need to get in
the data center.
• Required employees to enter a password using
a pin pad to enter the data center.
• Deployed a Faraday cage to
keep sensitive network devices safe from external electrical fields.
Which of the following measures will NOT improve physical
security in the data center?
Place all servers in secured cabinets.
Set up video
surveillance in the data center.
Implement a checkout policy.
Grant employee access to hardware on a need to know basis.
Implement a checkout policy.
You walk by the server room and notice that a fire has started. What
should you do first?
Grab a fire extinguisher and try to put out the fire.
Call
the fire department.
Make sure everyone has cleared the area.
Turn on the overhead sprinklers.
Make sure everyone has cleared the area.
Which of the following fire extinguisher types is best used for the
electrical fires that might result when working with computer
components?
Class A
Class B
Class C
Class D
Class C
Which of the following fire extinguisher suppressant types is best
used for electrical fires that might result when working with computer
components?
Dry powder
Water-based
Carbon dioxide (C02)
Soda acid
Carbon dioxide (C02)
Which of the following fire extinguisher types poses a safety risk to
users in the area? (Select two.)
Water
Halon
Foam
C02
Halon
C02
What is the recommended humidity level for server rooms?
10% or lower
30%
50%
70% or higher
50%
Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees.
What should you do to help reduce problems?
Add a de-humidifier to the server room
Add line conditioners
in the server room
Add a hum-cffier to the server room
Add
a separate A/C unit in the server room
Add a separate A/C unit in the server room
You maintain the network for an industrial manufacturing company. You
are concerned about the dust in the area getting into server
components and affecting network availability.
Which of the following should you implement?
Line conditioner
Positive pressure system
Backup
generator
Negative pressure system
UPS
Positive pressure system
- air to be forced out through doors and windows
Which of the following statements about ESD is NOT correct?
One of the greatest threats to computer equipment is ESD.
ESD is much more likely to occur when the relative humidity is
above 50%.
Measuring the moisture content in the air can be helpful in
avoiding ESD.
ESD damage is more likely to occur in low humidity
ESD is much more likely to occur when the relative humidity is above 50%.