Comptia Security Guide To Network Security Fundamentals
315 questions across 0 topics. Use the find bar or section chips to jump to what you need.
Chapter 1
Introduction to Network Security
Ian recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users' needs. Which of these generally recognized security positions has Ian been offered?
a. Security administrator b. Security technician c. Security officer d. Security manager
Alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. She has decided to focus on the issue of widespread vulnerabilities. Which of the following would Alyona NOT include in her presentation?
a. Large number of vulnerabilities b. End-of-life systems c. Lack of vendor support d. Misconfigurations
Tatyana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. Which of the following configuration issues would NOT covered?
a. Default configurations b. Weak configurations c. Vulnerable business processes d. Misconfigurations
What is a race condition?
a. When a vulnerability is discovered and there is a race to see if it can be patched before it is exploited by attackers. b. When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences. c. When an attack finishes its operation before antivirus can complete its work. d. When a software update is distributed prior to a vulnerability being discovered.
Which the following is NOT a reason why it is difficult to defend against today's attackers?
a. Delay in security updating b. Greater sophistication of defense tools c. Increased speed of attacks d. Simplicity of attack tools
Which of the following is NOT true regarding security?
a. Security is a goal. b. Security includes the necessary steps to protect from harm. c. Security is a process. d. Security is a war that must be won at all costs.
Adone is attempting to explain to his friend the relationship between security and convenience. Which of the following statements would he use?
a. "Security and convenience are not related." b. "Convenience always outweighs security." c. "Security and convenience are inversely proportional." d. "Whenever security and convenience intersect, security always wins."
Which of the following ensures that only authorized parties can view protected information?
a. Authorization b. Confidentiality c. Availability d. Integrity
Which of the following is NOT a successive layer in which information security is achieved?
a. Products b. People c. Procedures d. Purposes
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.
a. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network. b. through a long-term process that results in ultimate security. c. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources. d. through products, people, and procedures on the devices that store, manipulate, and transmit the information.
Which of the following is an enterprise critical asset?
a. System software b. Information c. Outsourced computing services d. Servers, routers, and power supplies
Gunnar is creating a document that explains risk response techniques. Which of the following would he NOT list and explain in his document?
a. Extinguish risk b. Transfer risk c. Mitigate risk d. Avoid risk
Which act requires banks and financial institutions to alert their customers of their policies in disclosing customer information?
a. Sarbanes-Oxley Act (Sarbox) b. Financial and Personal Services Disclosure Act c. Health Insurance Portability and Accountability Act (HIPAA) d. Gramm-Leach-Bliley Act (GLBA)
Why do cyberterrorists target power plants, air traffic control centers, and water systems?
a. These targets are government-regulated and any successful attack would be considered a major victory. b. These targets have notoriously weak security and are easy to penetrate. c. They can cause significant disruption by destroying only a few targets. d. The targets are privately owned and cannot afford high levels of security.
Which tool is most commonly associated with nation state threat actors?
a. Closed-Source Resistant and Recurrent Malware (CSRRM) b. Advanced Persistent Threat (APT) c. Unlimited Harvest and Secure Attack (UHSA) d. Network Spider and Worm Threat (NSAWT)
An organization that practices purchasing products from different vendors is demonstrating which security principle?
a. Obscurity b. Diversity c. Limiting d. Layering
What is an objective of state-sponsored attackers?
a. To right a perceived wrong b. To amass fortune over of fame c. To spy on citizens d. To sell vulnerabilities to the highest bidder
Signe wants to improve the security of the small business where she serves as a security manager. She determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. What security principle does Signe want to use?
a. Obscurity b. Layering c. Diversity d. Limiting
What are industry-standard frameworks and reference architectures that are required by external agencies known as?
a. Compulsory b. Mandatory c. Required d. Regulatory
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
a. Cyberterrorists b. Competitors c. Brokers d. Resource managers
Chapter 2
Malware and Social Engineering Attacks
Which of the following is NOT a primary trait of malware?
a. Diffusion b. Circulation c. Infection d. Concealment
Which type of malware requires a user to transport it from one computer to another?
a. Worm b. Rootkit c. Adware d. Virus
Which of the mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?
a. Betamorphic b. Oligomorphic c. Polymorphic d. Metamorphic
Ebba received a message from one of her tech support employees. In violation of company policy, a user had downloaded a free program to receive weather reports, but the program had also installed malware on the computer that gave the threat actor unrestricted access to the computer. What type of malware had been downloaded?
a. Virus b. Ransonware c. RAT d. Trojan
Linnea's father called her to say that a message suddenly appeared on his screen that says his software license has expired and he must immediately pay $500 to have it renewed before control of the computer will be returned to him. What type of malware is this?
a. Persistent virusware b. Trojanware c. Blocking ransonware d. Lockoutware
Astrid's computer screen suddenly days that all files are now locked until money is transferred to a specific account, at which time she will receive a means to unlock the files. What type of malware has infected her computer?
a. Bitcoin malware b. Crypto-malware c. Blocking virus d. Networked worm
What is the name of the threat actor's computer that gives instructions to an infected computer?
a. Command and control (C&C) server b. Resource server c. Regulating Net Server (RNS) d. Monitoring and Infecting (M&I) server
Which of these could NOT be defined as a logic bomb?
a. If the company's stock price drops below $100, then credit Juni's account with 10 additional years of retirement credit. b. Erase all data if Matilda's name is removed from the list of employees. c. Reformat the hard drive three months after Sigrid left the company. d. Send spam email to Moa's inbox on Tuesday.
Which of the following is NOT correct about a rootkit?
a. A rootkit is able to hide its presence of the presence of other malware. b. A rootkit accesses "lower layers" of the operating system. c. A rootkit is always the payload of the Trojan. d. The risk of a rootkit is less today than previously. d. The risk of a rootkit is less today than previously.
Which of these is a general term used for describing software that gathers information without the user's consent?
a. Gatherware b. Adware c. Spyware d. Scrapeware
Which statement regarding a keylogger is NOT true?
a. Keyloggers can be used to capture passwords, credit card numbers, or personal information. b. Software keyloggers are generally easy to detect. c. Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port. d. Software keyloggers can be designed to send captured information automatically back to the attacker through the internet.
A watering hole attack is directed against __________.
a. wealthy individuals b. a smaller group of specific users c. all users of a large corporation d. attackers who send spam
__________ sends phishing message only to wealthy individuals.
a. Whaling b. Spear phishing c. Target phishing d. Microing
Lykke receives a call while working at the helpdesk from someone who needs his account reset immediately. When Lykke questions the caller, he says, "If you don't reset my account immediately, I will call your supervisor!" What psychological approach is the caller attempting to use Lykke?
a. Familiarity b. Scarcity c. Intimidation d. Consensus
Hedda pretends to be the help desk manager and called Steve to trick him into giving her his password. What social engineering attach has Hedda performed?
a. Aliasing b. Duplicity c. Impersonation d. Luring
How can an attacker use a hoax?
a. a hoax could convince a user that a bad Trojan is circulating and that he should change his security settings. b. By sending out a hoax, an attacker can convince a user to read his email more often. c. A user who receives multiple hoaxes count contact his supervisor for help. d. Hoaxes are not used by attackers today.
Which of these items retrieved through dumpster diving would NOT provide useful information?
a. Calendars b. Organizational charts c. Memos d. Books
__________ is following an authorized person through a secure door.
a. Tagging b. Tailgating c. Backpacking c. Caboosing
Each of these is a reason why adware is scorned EXCEPT __________.
a. it displays objectionable content b. it displays the attacker's programming skills c. it can interfere with a user's productivity d. it can cause a computer to crash or slow down
What is term used for a threat actor who controls multiple bots in a botnet?
a. Bot herder b. Zombie shepherd c. Rogue IRC d. Cyber-root
Chapter 3
Basic Cryptography
The Hashed Message Authentication code (HMAC) __________.
a. encrypts only the message b. encrypts only the key c. encrypts the key and the message d. encrypts the DHE key only
What is the latest version of the Secure Hash Algorithm?
a. SHA-2 b. SHA-3 c. SHA-4 d. SHA-5
Alexel was given a key to a substitution cipher. The key showed that the entire alphabet was rotated 13 steps. What type of cipher is this?
a. AES b. XANDA13 c. ROT13 d. Alphabetic
Abram was asked to explain to one of his coworkers the XOR cipher. he showed his coworkers and example of adding two bits, 1 and 1. What is the result of this sum?
a. 2 b. 1 c. 0 d. 16
Which of the following key exchanges uses the same keys each time?
a. Diffe-Hellman-RSA (DHRSA) b. Diffe-Hellman Ephemeral (DHE) c. Diffe-Hellman (DH) d. Ellipic-Curve Diffe-Hellman (ECDH)
Public key systems that are different for each session are called __________.
a. Public Key Exchange (PKE) b. perfect forward secrecy c. Elliptic Curve Diffe-Hellman (ECDH) d. Diffe-Hellman (DH)
What is data called that is to be encrypted by imputing it into a cryptographic algorithm?
a. Opentext b. Plaintext c. Cleartext d. Ciphertext
Which of these is NOT a basic security protection for information that cryptography can provide/
a. Authenticity b. Risk Loss c. Integrity d. Ciphertext
Which areas of a file CANNOT be used by steganography to hide data?
a. In areas that contain the content data itself b. In the file header fields that describes the file c. In data that is used to describe the content or structure of the actual data d. In the directory structure of the file system
Proving that a user sent an email message is known as ___________.
a. Non-repudiation b. Repudiation c. Integrity d. Availability
A(n) __________ is not decrypted but is only used for comparison purposes.
a. Key b. Stream c. Digest d. Algorithm
Which of these is NOT a characteristic of a secure hash algorithm?
a. Collision should be rare. b. A message cannot be produced from a predefined hash. c. The results of a hash function should not be reversed. d. The hash should always be the same fixed size.
Alyosha was explaining to a friend the importance of protecting a cryptographic key from cryptoanalysis. He said that the key should not relate in a simple way to the cipher text. Which protection is Alyosha describing?
a. Diffusion b. Confusion c. Integrity d. Chaos
Which of the these is the strongest symmetric cryptographic algorithm?
a. Data Encryption Standard b. Triple Data Encryption Standard c. Advanced Encryption Standard d. RC1
If Bob wants to send a secure message to Alice using a asymmetric algorithm, which key does he use to encrypt the message?
a. Alice's private key b. Bob's public key c. Alice's public key d. Bob's private key
Egor wanted to use a digital signature. Which of the following benefits will the digital signature not provide?
a. Verify the sender b. Prove the integrity of the message c. Verify the receiver d. Enforce nonrepudiation
Illya was asked to recommend the most secure asymmetric cryptographic algorithm to his supervisor. Which of the following did he choose?
a. SHA-2 b. ME-312 c. BTC-2 d. RSA
At a staff meeting one of the technicians suggested that the enterprise protect its new web server by hiding it and not telling anyone where it is located. Iosif raised his hand and said that security through obscurity was a poor idea. Why sis he say that?
a. It is an unproven approach and has never been tested. b. It would be too closely to have one isolated server by itself. c. It would be essential impossible to keep its location a secret from everyone. d. It depends too heavily upon non-repudiation in order for it to succeed.
What is a characteristic of the Trusted Platform Module (TPM)?
a. It provides cryptographic services in hardware instead of software b. It allows the user to boot a corrupted disk and repair it. c. It is available only on Windows computers running BitLocker. d. It includes a pseudorandom number generator (PRNG).
Which of these has an onboard key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption, and can back up sensitive material in encrypted form?
a. Trusted Platform Module (TPM) b. Hardware Security Module (HSM) c. Self-encrypting hard disk drives (SED) d. Encrypted hardware-based USB devices
Chapter 4
Advanced Cryptography and PKI
Which of the following is NOT a method for strengthening a key?
a. Randomness b. Cryptoperiod c. Length d. Variability
Which of the following clock ciphers XORs each block of plaintext with the previous block of ciphertext before being encrypted?
a. Electronic Code Book (ECB) b. Galois/Counter (GCM) c. Counter (CTR) d. Cipher Block Chaining (CBC)
What entity calls in crypto modules to perform cryptographic tasks?
a. Certificate Authority (CA) b. OCSP Chain c. Intermediate CA d. Cypto service provider
__________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.
a. Encrypted signatures b. Session keys c. Digital certificates d. Digital digests
Which of these is considered the strongest cryptographic transport protocol?
a. TLS v1.2 b. TLS v1.0 c. SSL v2.0 d. SSL v2.0
The strongest technology that would assure Alice that Bob is the sender of the message is a(n) __________.
a. digital signature b. encrypted signature c. digest d. digest certificate
A digital certificate associates __________.
a. a user's public key with his private key b. the user's identity with his public key c. a user's private key with the public key d. a private key with a digital signature
Digital certificates can be used for each of these EXCEPT __________.
a. to verify the authenticity of the Registration Authorizer. b. to encrypt channels to provide secure communication between clients and servers c. to verify the identity of clients and servers on the Web d. to encrypt messages for secure email communication
An entity that issues digital certificates is a __________.
a. certificate signatory (CS) b. digital signer (DN) c. certificate authority (CA) d. signature authority (SA)
A centralized directory of digital certificates is called a(n) ___________.
a. Digital Signature Permitted Authorization (DSPA) b. Digital Signature Approval List (DSAP) c. Certificate Repository (CR) d. Authorized Digital Signature (ADS)
__________ performs a real-time lookup of a digital certificate's status.
a. Certificate Revocation List (CRL) b. Real-Time CA Verification (RTCAV) c. Online Certificate Status Protocol (OCSP) d. CA Registry Database (CARD)
__________ is a protocol for securely accessing a remote computer.
a. Transport Layer Security (TLS) b. Secure Shell (SSH) c. Secure Sockets layer (SSL) d. Secure Hypertext Transport Protocol (SHTTP)
What is a value that can be used to ensure that hashed plaintext will not consistently result in the same digest?
a. Algorithm b. Initialization vector (IV) c. Nonce d. Salt
Which digital certificate displays the name of the entity behind the website?
a. Online Certificate Status Certificate b. Extended Validation (EV) Certificate c. Session Certificate d. X.509 Certificate
Which trust model has multiple CAs, one of which acts as a facilitator?
a. Bridge b. Hierarchical c. Distributed d. Web
Which statement is NOT true regarding hierarchical trust models?
a. It is designed for use on a large scale. b. The root signals all digital certificate authorities with a signal key. c. It assigns a single hierarchy with one master CA. d. The master CA is called the root.
Public key infrastructure (PKI) __________.
a. generates public/private keys automatically b. creates private key cryptography c. is the management of digital certificates d. requires the use of an RA instead of a CA
A(n) __________ is a published set of rules that govern the operation pf a PKI.
a. signature resource guide (SRG) b. enforcement certificate (EF) c. certificate practice statement (CPS) d. certificate policy (CP)
Which of these is NOT part of the certificate life cycle?
a. WXpiration b. Revocation c. Authorization d. Creation
__________ refers to a situation in which keys are managed by a third party, such as a trusted CA.
a. Key authorization b. Key escrow c. Remote key administration d. Trusted key authority
Chapter 5
Networking and Server Attacks
Which attacks intercepts communication between a web browser and the underlying computer?
a. Man-in-the-middle (MITM) b. Man-in-the-browser (MITB) c. Replay d. ARP poisoning
Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect?
a. Web server buffer and host DNS server b. Reply referrer and domain buffer b. Web browser and browser add-on d. Host table and external DNS server
Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about?
a. Privilege escalation b. Session replay c. Scaling exploit d. Amplification
Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser?
a. Extensions b. Scripts c. Plug-ins d. Add-ons
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack?
a. integer overflow b. buffer overflow c. number overflow d. heap overflow
What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another?
a. privilege escalation b. cross-site attack c. horizontal access attack d. transverse attack
Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks?
a. The complex nature of TCP/IP allows for too many ping sweeps to be blocked. b. Web application attacks use web browsers that cannot be controlled on a local computer. c. Network security devices cannot prevent attacks from web resources. d. Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
What is the difference between a DoS and a DDoS attack?
a. DoS attacks are faster than DDoS attacks b. DoS attacks use fewer computers than DDoS attacks c. DoS attacks do not use DNS servers as DDoS attacks do d. DoS attacks user more memory than a DDoS attack
John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing?
a. SQL b. XSS c. XSRF d. DDoS DNS
Which attack uses the user's web browser settings to impersonate that user?
a. XDD b. XSRF c. Domain hijacking d. Session hijacking
What is the basis of an SQL injection attack?
a. to expose SQL code so that it can be examined b. to have the SQL server attack client web browsers c. to insert SQL statements through unfiltered user input d. to link SQL servers into a botnet
Which action cannot be performed through a successful SQL injection attack?
a. discover the names of different fields in a table b. reformat the web application server's hard drive c. display a list of customer telephone numbers d. erase a database table
Attackers who register domain names that are similar to legitimate domain names are performing _____.
a. Address resolution b. HTTP manipulation c. HTML squatting d. URL hijacking
What type of attack involves manipulating third-party ad networks?
a. Session advertising b. Malvertising c. Clickjacking d. Directory traversal
Why are extensions, plug-ins, and add-ons considered to be security risks?
a. They are written in Java, which is a weak language. b. They have introduced vulnerabilities in browsers. c. They use bitcode. d. They cannot be uninstalled.
What is a session token?
a. XML code used in an XML injection attack b. a random string assigned by a web server c. another name for a third-party cookie d. a unique identifier that includes the user's email address
Which of these is not a DoS attack?
a. SYN flood b. DNS amplification c. smurf attack d. push flood
What type of attack intercepts legitimate communication and forges a fictitious response to the sender?
a. SIDS b. interceptor c. MITM d. SQL intrusion
A replay attack _____.
a. can be prevented by patching the web browser b. is considered to be a type of DoS attack c. makes a copy of the transmission for use at a later time d. replays the attack over and over to flood the server
DNS poisoning _____.
a. floods a DNS server with requests until it can no longer respond b. is rarely found today due to the use of host tables c. substitutes DNS addresses so that the computer is automatically redirected to another device d. is the same as ARP poisoning
Chapter 6
Network Security Devices , Design, and Technology
Isabella is a security support manager for a large enterprise. In a recent meeting, she was asked which of the standard networking devices already present on the network could be configured to supplement the specific network security hardware devices that were recently purchased. Which of these standard networking devices would Isabella recommend?
a. router b. hub c. virtual private network d. SIEM device
Ximena noticed that Sofia had created a network bridge on her new laptop between the unsecured wireless network and the organization's secure intranet. Ximena explained to Sofia the problem associated with setting up the bridge. What did Ximena tell Sofia?
a. A bridge will block packets between two different types of networks. b. A bridge cannot be used on any Internet connection. c. A bridge would block packets from reaching the Internet. d. A bridge could permit access to the secure wired network from the unsecured wireless network.
Which of these would NOT be a filtering mechanism found in a firewall ACL rule?
a. Source address b. Direction c. Date d. Protocol
Which of the following devices can identify the application that send packets and then make decisions about filtering based on it?
a. Internet content filter b. Application-based firewall c. Reverse proxy d. Web security gateway
Which function does an Internet content filter NOT perform?
a. Intrusion detection b. URL filtering c. Malware inspection d. Content inspection
How does network address translation (NAT) improve security?
a. It filters based on protocol. b. It discards unsolicited packets. c. It masks the IP address of the NAT device. d. NATs do not improve security.
Francisco was asked by a student intern to explain the danger of a MAC flooding attack on a switch. What would Francisco say?
a. Once the MAC address table is full the switch functions like a network hub. b. A MAC flooding attack with filter to the local host computer's MAC-to-IP address tables and prevent these hosts from reaching the network. c. In a defense of a MAC flooding attack network routers will freeze and not permit any incoming traffic. d. A MAC flooding attack will prevent load balances from identifying the correct VIP of the servers.
Which of the following devices is easiest for an attacker to take advantage of in order to capture and analyze packets?
a. Router b. Hub c. Switch d. Load Balancer
Sebastian was explaining to his supervisor why the enterprise needed to implement port security. His supervisor asked what security action a flood guard could do when a MAC flooding attack occurred. Which of the following was NOT an answer that was given by Sebastian?
a. Ignore the new MAC addresses while allowing normal traffic from the single pre-approved MAC address b. Cause the device to enter a fail-open mode. c. Record new MAC addresses up to a specific limit d. Block the port entirely
Which statement regarding a demilitarized zone (DMZ) is NOT true?
a. It can be configured to have one or two firewalls. b. It typically includes an email or web server. c. It provides an extra degree of security. d. It contains servers that are used only by internal network users.
Which statement about network address translation (NAT) is true?
a. It substitutes MAC addresses for IP addresses. b. It can be stateful or stateless. c. It can be found only on core routers. d. It removes private addresses when the packet leaves the network.
Which of these is NOT used in scheduling a load balancer?
a. The IP address of the destination packet b. Data within the application message itself c. Round-robin d. Affinity
In which of the following configurations are all the load balancers always active?
a. Active-active b. Active-passive c. Passive-active-passive d. Active-load-passive-load
Which device intercepts internal user requests and then processes those requests on behalf of the users?
a. Forward proxy server b. Reverse proxy server c. Host detection server d. Intrusion prevention device
Raul was asked to configure the VPN to preserve bandwidth. Which configuration would he choose?
a. Split tunnel b. Full tunnel c. Narrow tunnel d. Wide tunnel
Which device watches for attacks and sounds an alert only when one occurs?
a. Firewall b. Network intrusion detection system (NIDS) c. Network intrusion prevention system (NIPS) d. Proxy intrusion device
Which of the following is a multipurpose security device?
a. Hardware security module b. Unified Threat Management (UTM) c. Media gateway d. Intrusion Detection/Prevention (ID/P)
Which of the following CANNOT be used to hide information about the internal network?
a. Network address translation (NAT) b. Protocol analyzer c. Subnetter d. Proxy server
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)?
a. A NIDS provides more valuable information about attacks. b. There is no difference; a NIDS and a NIPS are equal. c. A NIPS can take actions more quickly to combat an attack. d. A NIPS is much slower because it uses protocol analysis.
Which is the most secure type of firewall?
a. Stateless packet filtering b. Stateful packet filtering c. Network intrusion detection system replay d. Reverse proxy analysis
Chapter 7
Administering a Secure Network
Which of the following TCP/IP protocols do not relate to security?
a. IP b. SNMP c. HTTPS d. FTP
Aideen sent an email to her supervisor explaining the Domain Name System Security Extensions (DNSSEC). Which of the following statements would Aideen have NOT included in her email?
a. It is fully supported in BIND9. b. It adds additional resource records. c. It adds message header information. d. It can prevent a DNS transfer attack.
What is the recommended secure protocol for voice and video applications?
a. Secure Real-time Transport Protocol (SRTP) b. Hypertext Transport Protocol Secure (HTTPS) c. Network Time Protocol (NTP) d. Secure/Multipurpose Internet Mail Extensions (S/MIME)
Which type of log can provide details regarding requests for specific files on a system?
a. Audit log b. Event log c. Access log d. SysFile log
Which type of device log contains the most beneficial security data?
a. Firewall log b. Email log c. Switch log d. Router log
Which type of cloud is offered to specific organizations that have common concerns?
a. Public cloud b. Hybrid cloud c. Private cloud d. Community cloud
Which of these is NOT correct about an SSL accelerator?
a. It can be a separate hardware card that inserts into a web server. b. It can be a separate hardware module. c. It should reside between the user's device and the web servers. d. It can only handle the SSL protocol.
Catriona needed to monitor network traffic. She did not have the resources to install an additional device on the network. Which of the following solutions would meet her needs?
a. Network tap b. Port mirroring c. Aggregation switch d. Correlation engine
Which version of Simple Network Management Protocol (SNMP) is considered the most secure?
a. SNMPv2 b. SNMPv3 c. SNMPv4 d.SNMPv5
Which Domain Name System (DNS) attack replaces a fraudulent IP address for a symbolic name?
a. DNS replay b. DNS masking c. DNS poisoning d. DNS forwarding
Which of these is the most secure protocol for transferring files?
a. FTPS b. SFTP c. TCP d. FTP
Which of the following can be used to prevent a buffer overflow attack?
a. DEP b. FIM c. VPN d. DNS
Which of the following is NOT a service model in cloud computing?
a. Software as a Service (SaaS) b. Hardware as a Service (HaaS) c. Platform as a Service (PaaS) d. Infrastructure as a Service (IaaS)
Eachna is showing a new security intern the log file from a firewall. Which of the following entries would she tell him do not need to be investigated?
a. Suspicious outbound connections b. IP addresses that are being rejected and dropped c. Successful logins d. IP addresses that are being rejected and dropped
Which type of hypervisor does not run on an underlying operating system?
a. Type I b. Type II c. Type III d. Type IV
Which application stores the user's desktop inside a virtual machine that resides on a server and is accessible from multiple locations?
a. Application cell b. Container c. VDE d. VDI
Kyle asked his supervisor which type of computing model was used when the enterprise first started. She explained that the organization purchased all the hardware and software necessary to run the company. What type of model was she describing to Kyle?
a. Virtual services b. Off-premises c. On-premises d. Hosted services
DNSSEC adds additional and message header information, which can be used to verify that the requested data has not been altered in transmission.
a. resource records b. field flags c. hash sequences d. zone transfers
What functions of a switch does a software defined network separate?
a. Host and virtual b. Control plane and physical plane c. RAM and hard drive d. Network level and resource level
Which of the following is NOT a security concern of virtualized environments?
a. Virtual machines must be protected from both the outside world and from other virtual machines on the same physical computer. b. Physical security appliances are not always designed to protect virtual systems. c. Virtual servers are less expensive than their physical counterparts. d. Live migration can immediately move one virtualized server to another hypervisor.
Chapter 8
Wireless Network Security
Which technology is predominately used for contactless payment systems?
a. Near field communication (NFC) b. Wireless local area network (WLAN) c. Bluetooth d. Radio Frequency ID (RFID)
Which of these Bluetooth attacks involves accessing unauthorized information through a Bluetooth connection?
a. Bluesnarfing b. Bluejacking c. Bluecreeping d. Bluestealing
What is a difference between NFC and RFID?
a. NFC is based on wireless technology while RFID is not. b. RFID is faster than NFC. c. RFID is designed for paper-based tags while NFC is not. d. NFC devices cannot pair as quickly as RFID devices.
Which of these technologies is NOT found in a wireless router?
a. Access point b. Router c. Dynamic host configuration protocol (DHCP) server d. Firewall
Why is a rogue AP a security vulnerability?
a. It uses the weaker IEEE 80211i protocol. b. It conflicts with other network firewalls and can cause them to become disabled. c. It allows an attacker to bypass network security configurations. d. It requires the use of vulnerable wireless probes on all mobile devices.
Which of these is NOT a risk when a home wireless router is not securely configured?
a. Only a small percentage of the total traffic can be encrypted. b. An attacker can steal data from any folder with file sharing enabled. c. User names, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker. d. Malware can be injected into a computer connected to the WLAN.
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable?
a. Push-button method b. PIN method c. Piconet method d. NFC method
Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to first agree to an Acceptable Use Policy (AUP) before continuing. What type of AP has he encountered?
a. Captive portal b. Web-based portal c. Rogue portal d. Authenticated portal
Which of the following is NOT a wireless peripheral protection option?
a. Update or replacing any vulnerable device b. Switch to a more fully tested Bluetooth model c. Install a network sensor to detect an attack d. Substitute a wired device
The primary design of a(n) _____ is to capture the transmissions from legitimate users.
a. rogue access point b. WEP c. evil twin d. Bluetooth grabber
Which of these is a vulnerability of MAC address filtering?
a. APs use IP addresses instead of MACs. b. The user must enter the MAC. c. MAC addresses are initially exchanged unencrypted. d. Not all operating systems support MACs.
Which of these is NOT a limitation of turning off the SSID broadcast from an AP?
a. Turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another. b. Some versions of operating systems favor a network that broadcasts an SSID over one that does not. c. Users can more easily roam from one WLAN to another. d. The SSID can easily be discovered, even when it is not contained in beacon frames, because it still is transmitted in other management frames sent by the AP.
What is the primary weakness of wired equivalent privacy (WEP)?
a. It functions only on specific brands of APs. b. Its usage creates a detectable pattern. c. It slows down a WLAN from 104 Mbpsto 16 Mbps. d. Initialization vectors (IVs) are difficult for users to manage.
WPA replaces WEP with _____.
a. WPA2 b. Temporal Key Integrity Protocol (TKIP) c. cyclic redundancy check (CRC) d. Message Integrity Check (MIC)
Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust?
a. Frequency band b. Channel selection c. RFID spectrum d. Channel width
A wireless LAN controller (WLC) was recently installed, and now Kelsey needs to purchase several new APs to be managed by it. Which type of AP should he purchase?
a. Controller AP b. Standalone AP c. Fat AP d. Any type of AP can be managed by a WLC.
AES-CCMP is the encryption protocol standard used in _____ .
a. WPA b. WPA2 c. IEEE 802.11 d. NFC
Elijah was asked by a student intern to explain the Extensible Authentication Protocol (EAP). What would be the best explanation of EAP?
a. It is the transport protocol used in TCP/IP for authentication. b. It is a framework for transporting authentication protocols. c. It is a subset of WPA2. d. It is a technology used by IEEE 802.11 for encryption.
Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend?
a. EAP-TLS b. EAP-TTLS c. EAP-SSL d. EAP-FAST
Which of these is NOT a type of wireless AP probe?
a. Wireless device probe b. WNIC probe c. Dedicated probe d. AP probe
Chapter 9
Client and Application Security
Which of the following is NOT a reason why supply chain infections are considered especially dangerous?
a. If the malware is planted in the ROM firmware of the device this can make it difficult or sometimes even impossible to clean an infected device. b. Users are receiving infected devices at the point of purchase and are completely unaware that a brand new device may be infected. c. It is virtually impossible to closely monitor every step in the supply chain. d. Supply chains take advantage of the trusted "chain of trust" concept.
Which type of operating system runs on a firewall, router, or switch?
a. Server OS b. Network OS c. Device OS d. Resource OS
Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow?
a. Barricade b. Fencing c. Roller barrier d. Type V controls
Which of the following is NOT a motion detection method?
a. Magnetism b. Radio frequency c. Moisture d. Infrared
Which type of residential lock is most often used for keeping out intruders?
a. Encrypted key lock b. Keyed entry lock c. Privacy lock d. Passage lock
A lock that extends a solid metal bar into the door frame for extra security is the _____.
a. triple bar lock b. deadman's lock c. full bar lock d. deadbolt lock
Which statement about a mantrap is true?
a. It is illegal in the United States. b. It monitors and controls two interlocking doors to a room. c. It is a special keyed lock. d. It requires the use of a cipher lock.
Which of the following is NOT a typical OS security configuration?
a. Employing least functionality b. Restricting patch management c. Disabling default accounts/passwords d. Disabling unnecessary ports and services
Which of the following can be used to secure a laptop or mobile device?
a. Mobile connector b. Cable lock c. Mobile chain d. Security tab
Which of the following is NOT a characteristic of an alarmed carrier PDS?
a. Requires periodic visual inspections b. Uses continuous monitoring c. Carrier can be hidden above the ceiling d. Eliminates the need to seal connections
Which of the following is NOT a memory vulnerability?
a. DLL injection b. Pointer deference c. Buffer overflow d. Variable overflow
Which stage is a "quality assurance" test that verifies the code functions as intended?
a. Production stage b. Testing stage c. Staging stage d. Development stage
Which model uses a sequential design process?
a. Waterfall model b. Rigid model c. Agile model d. Secure model
What allows for a single configuration to be set and then deployed to many or all users?
a. Snap-In Replication (SIR) b. Active Directory c. Group Policy d. Command Configuration
Which of the following is a cumulative package of all patches?
a. Rollup b. Service pack c. Patch d. Hotfix
Which of the following is NOT an advantage to an automated patch update service?
a. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. b. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. c. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. d. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.
How can an SDIO card be made secure?
a. Using the security mechanisms on a standard Wi-Fi network. b. Turning on patch updates to the SDIO card. c. Requiring a username before accessing the SDIO card. d. SDIO cards are natively secure and no security settings are needed.
How does heuristic detection detect a virus?
a. A virtualized environment is created and the code is executed in it. b. A string of bytes from the virus is compared against the suspected file. c. The bytes of a virus are placed in different "piles" and then used to create a profile. d. The virus signature file is placed in a suspended chamber before streaming to the CPU.
Which of these is a list of approved email senders?
a. Blacklist b. Whitelist c. Bluelist d. Yellowlist
Which of the following types of testing uses unexpected or invalid inputs?
a. Stress testing b. Dynamic analysis c. Static analysis d. Runtime testing
Chapter 10
Mobile and Embedded Device Security
Which technology is NOT a core feature of a mobile device?
a. Physical keyboard b. Small form factor c. Local non-removable data storage d. Data synchronization capabilities
Agape was asked to make a recommendation regarding short-range wireless technologies to be supported in a new conference room that was being renovated. Which of the following would she NOT consider due to its slow speed and its low deployment levels today?
a. ANT b. Bluetooth c. Infrared d. NFC
Calista is designing the specifications for new laptop computers to be purchased by her company. She is comparing the different types and sizes of USB connections found on the devices. Which type USB connection would she NOT find on a laptop? `
a. Type D b. Mini c. Micro d. Standard
In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support?
a. BYOD b. COPE c. CYOD d. Corporate-owned
Pakpao has been asked to provide research regarding a new company initiative to add Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Pakpao NOT list in his report as a factor in the frequency of Android firmware OTA updates?
a. Both OEMs and wireless carriers are hesitant to distribute Google updates because it limits their ability to differentiate themselves from competitors if all versions of Android start to look the same through updates. b. Because many of the OEMs had modified Android, they are reluctant to distribute updates that could potentially conflict with their changes. c. Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth it consumes on their wireless networks. d. Because OEMs and wireless carriers want to sell as many devices as possible, they have no financial incentive to update mobile devices that users would then continue to use indefinitely.
What is the process of identifying the geographical location of a mobile device?
a. Geotracking b. Geolocation c. geoID d. Geomonitoring
Which of these is NOT a risk of connecting a mobile device to a public network?
a. Public networks are beyond the control of the employee's organization. b. Replay attacks can occur on public networks. c. Public networks may be susceptible to man-in-the-middle attacks. d. Public networks are faster than local networks and can spread malware more quickly to mobile devices.
Paavo was reviewing a request by an executive for a new subnotebook computer. The executive said that he wanted USB OTG support and asked Paavo's opinion regarding its security. What would Paavo tell him about USB OTG security?
a. USB OTG uses strong security and the executive should have no concerns. b. Subnotebooks do not support USB OTG. c. An unsecured mobile device could infect other tethered mobile devices or the corporate network. d. Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device.
A friend of Ukrit told him that he has just downloaded and installed an app that allows him to circumvent the built-in limitations on his Apple iOS smartphone. What is this called?
a. Rooting b. Sideloading c. Jailbreaking d. Ducking
Which of the following technologies provides for pictures, video, or audio to be included in text messages?
a. MMS b. QR c. SMS d. ANT
What prevents a mobile device from being used until the user enters the correct passcode?
a. Swipe identifier (SW-ID) b. Screen lock c. Screen timeout d. Touch swipe
Gaetan has attempted to enter the passcode for his mobile device but keeps entering the wrong code. Now he is asked to enter a special phrase to continue. Which configuration setting is enabled on Gaetan's mobile device?
a. Reset to factory settings b. Extend lockout period c. Enable high security d. :Lock device
What does containerization do?
a. It splits operating system functions only on specific brands of mobile devices. b. It places all keys in a special vault. c. It slows down a mobile device to half speed. d. It separates personal data from corporate data.
What allows a device to be managed remotely?
a. Mobile device management (MDM) b. Mobile application management (MAM) c. Mobile resource management (MRM) d. Mobile wrapper management (MWM)
Which of these is NOT a security feature for locating a lost or stolen mobile device?
a. Remote lockout b. Last known good configuration c. Alarm d. Thief picture
What enforces the location in which an app can function by tracking the location of the mobile device?
a. Location resource management b. Geofencing c. GPS tagging d. Graphical Management Tracking (GMT)
Which of these is considered the strongest type of passcode to use on a mobile device?
a. Password b. PIN c. Fingerprint swipe d. Draw connecting dots pattern
Jabez needs to alert through an SMS text message those corporate users who have a specific brand and type of mobile device regarding a serious malware incident. What technology will she use?
a. MCM b. COPE c. MAM d. Push notification services
Which tool manages the distribution and control of apps?
a. MAM b. MDM c. MCM d. MFM
Which type of OS is typically found on an embedded system?
a. SoC b. RTOS c. OTG d. COPE
Chapter 11
Authentication and Account Management
Which authentication factor is based on a unique talent that a user possesses?
a. What you have b. What you are c. What you do d. What you know
Which of these is NOT a characteristic of a weak password?
a. A common dictionary word b. A long password c. Using personal information d. Using a predictable sequence of characters
Each of the following accounts should be prohibited EXCEPT:
a. Shared accounts b. Generic accounts c. Privileged accounts d. Guest accounts
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?
a. OAuth b. Open ID Connect c. Shibboleth d. NTLM
How is key stretching effective in resisting password attacks?
a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. It does not require the use of salts. d. The license fees are very expensive to purchase and use it.
Which of these is NOT a reason why users create weak passwords?
a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. Most sites force users to create weak passwords even though they do not want to.
What is a hybrid attack?
a. An attack that uses both automated and user input b. An attack that combines a dictionary attack with a mask attack c. A brute force attack that uses special tables d. An attack that slightly alters dictionary words
A TOTP token code is generally valid for what period of time?
a. Only while the user presses SEND b. For as long as it appears on the device c. For up to 24 hours d. Until an event occurs
What is a token system that requires the user to enter the code along with a PIN called?
a. Single-factor authentication system b. Token-passing authentication system c. Dual-prong verification system d. Multifactor authentication system
Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel?
a. Personal Identity Verification (PIV) card b. Secure ID Card (SIDC) c. Common Access Card (CAC) d. Government Smart Card (GSC)
Which of the following should NOT be stored in a secure password database?
a. Iterations b. Password digest c. Salt d. Plaintext password
Creating a pattern of where a user accesses a remote web account is an example of which of the following?
a. Keystroke dynamics b. Geolocation c. Time-Location Resource Monitoring (TLRM) d. Cognitive biometrics
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?
a. Dictionary attack b. Hybrid attack c. Custom attack d. Brute force attack
Which human characteristic is NOT used for biometric identification?
a. Retina b. Iris c. Height d. Fingerprint
_____ biometrics is related to the perception, thought processes, and understanding of the user.
a. Cognitive b. Standard c. Intelligent d. Behavioral
Using one authentication credential to access multiple accounts or applications is known as _____.
a. single sign-on b. credentialization c. identification authentication d. federal login
What is a disadvantage of biometric readers?
a. Speed b. Cost c. Weight d. Standards
Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password?
a. Rainbow attack b. Mask attack c. Rule attack d. Pass the hash attack
Why should the account lockout threshold not be set too low?
a. It could decrease calls to the help desk. b. The network administrator would have to reset the account manually. c. The user would not have to wait too long to have her password reset. d. It could result in denial of service (DoS) attacks.
Which one-time password is event-driven?
a. HOTP b. TOTP c. ROTP d. POTP
Chapter 12
Access Management
What is the current version of TACACS?
a. XTACACS b. TACACS+ c. TACACS v9 d. TRACACS
How is the Security Assertion Markup Language (SAML) used?
a. It allows secure web domains to exchange user authentication and authorization data. b. It is a backup to a RADIUS server. c. It is an authenticator in IEEE 802.1x. d. It is no longer used because it has been replaced by LDAP.
A RADIUS authentication server requires the ________ to be authenticated first.
a. authenticator b. user c. authentication server d. supplicant
Which of the following is NOT true regarding how an enterprise should handle an orphaned or dormant account?
a. A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization. b. Access should be ended as soon as the employee is no longer part of the organization. c. Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account. d. All orphaned and dormant accounts should be deleted immediately whenever they are discovered.
With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage?
a. RADIUS b. Lite RDAP c. DAP d. RDAP
Which of the following is NOT part of the AAA framework?
a. Authentication b. Access c. Authorization d. Accounting
What is the version of the X.500 standard that runs on a personal computer over TCP/IP?
a. Lite RDAP b. DAP c. LDAP d. IEEE X.501
Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking?
a. Privacy officer b. End-user c. Custodian d. Operator
Which access control model is the most restrictive?
a. DAC b. MAC c. Role-Based Access Control d. Rule-Based Access Control
Which type of access control model uses predefined rules that makes it flexible?
a. ABAC b. DAC c. MAC d. Rule-Based Access Control
Which can be used to establish geographical boundaries where a mobile device can and cannot be used?
a. Location-based policies b. Restricted access control policies c. Geolocation policies d. Mobile device policies
Which statement about Rule-Based Access Control is true?
a. It requires that a custodian set all rules. b. It is considered obsolete today. c. It dynamically assigns roles to subjects based on rules. d. It is considered a real-world approach by linking a user's job function with security.
Which of the following would NOT be considered as part of a clean desk policy?
a. Do not share passwords with other employees. b. Lock computer workstations when leaving the office. c. Place laptops in a locked filing cabinet. d. Keep mass storage devices locked in a drawer when not in use.
Which of these is a set of permissions that is attached to an object?
a. Access control list (ACL) b. Subject Access Entity (SAE) c. Object modifier d. Security entry designator
Which Microsoft Windows feature provides group-based access control for centralized management and configuration of computers and remote users who are using Active Directory?
a. Windows Registry Settings b. AD Management Services (ADMS) c. Group Policy d. Resource Allocation Entities
What can be used to provide both file system security and database security?
a. RBASEs b. LDAPs c. CHAPs d. ACLs
What is the least restrictive access control model?
a. DAC b. ABAC c. MAC d. Rule-Based Access Control
What is the secure version of LDAP?
a. LDAPS b. Secure DAP c. X.500 d. 802.1x
Which of the following is the Microsoft version of EAP?
a. EAP-MS b. MS-CHAP c. PAP-MICROSOFT d. AD-EAP
Which of the following involves rights given to access specific resources?
a. Identification b. Access c. Authorization d. Accounting
Chapter 13
Vulnerability Assessment and Data Security
At what point in a vulnerability assessment would an attack tree be utilized?
a. Vulnerability appraisal b. Risk assessment c. Risk mitigation d. Threat evaluation
Which of the following is NOT true about privacy?
a. Today, individuals can achieve any level of privacy that is desired. b. Privacy is difficult due to the volume of data silently accumulated by technology. c. Privacy is freedom from attention, observation, or interference based on your decision. d. Privacy is the right to be left alone to the degree that you choose.
Which of the following is NOT a risk associated with the use of private data?
a. Individual inconveniences and identity theft b. Associations with groups c. Statistical inferences d. Devices being infected with malware
Which of the following is NOT an issue raised regarding how private data is gathered and used?
a. The data is gathered and kept in secret. b. By law, all encrypted data must contain a "backdoor" entry point. c. Informed consent is usually missing or is misunderstood. d. The accuracy of the data cannot be verified.
Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm?
a. Vulnerability assessment b. Penetration test c. Vulnerability scan d. Risk appraisal
Which of these should NOT be classified as an asset?
a. Business partners b. Buildings c. Employee databases d. Accounts payable
Which of the following command-line tools tests a connection between two network devices?
a. Netstat b. Ping c. Nslookup d. Ifconfig
Which statement regarding vulnerability appraisal is NOT true?
a. Vulnerability appraisal is always the easiest and quickest step. b. Every asset must be viewed in light of each threat. c. Each threat could reveal multiple vulnerabilities. d. Each vulnerability should be cataloged.
Which of the following constructs scenarios of the types of threats that assets can face to learn who the attackers are, why they attack, and what types of attacks may occur?
a. Vulnerability prototyping b. Risk assessment c. Attack assessment d. Threat modeling
Which of the following tools is a Linux command-line protocol analyzer?
a. Wireshark b. Tcpdump c. IP d. Arp
Which of the following is a command-line alternative to Nmap?
a. Netcat b. Statnet c. Mapper d. Netstat
Which of these is NOT a state of a port that can be returned by a port scanner?
a. Open b. Busy c. Blocked d. Closed
Which of the following data sensitivity labels is the highest level of data sensitivity?
a. Ultra b. Confidential c. Private d. Secret
Which of the following data sensitivity labels has the lowest level of data sensitivity?
a. Unrestricted b. Public c. Free d. Open
Which of the following is NOT a function of a vulnerability scanner?
a. Detects which ports are served and which ports are browsed for each individual system b. Alerts users when a new patch cannot be found c. Maintains a log of all interactive network sessions d. Detects when an application is compromised
Which of the following must be kept secure as mandated by HIPAA?
a. PII b. PHI c. PHIL d. PLILP
Which statement regarding a honeypot is NOT true?
a. It is typically located in an area with limited security. b. It is intentionally configured with security vulnerabilities. c. It cannot be part of a honeynet. d. It can direct an attacker's attention away from legitimate servers.
Which of the following sends "probes" to network devices and examines the responses to evaluate whether a specific device needs remediation?
a. Active scanner b. Probe scanner c. Passive scanner d. Remote scanner
If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique?
a. Black box b. White box c. Gray box d. Blue box
If a software application aborts and leaves the program open, which control structure is it using?
a. Fail-safe b. Fail-secure c. Fail-open d. Fail-right
Chapter 14
Business Continuity
Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?
a. Disaster recovery planning b. IT contingency planning c. Business impact analysis planning d. Risk IT planning
Dilma has been asked with creating a list of potential employees serve in an upcoming tabletop exercise. Which employees will be on her list?
a. All employees b. Individuals on a decision-making level c. Full-time employees d. Only IT managers
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?
a. MTTR b. MTBR c. MTBF d. MTTI
Which of the following is NOT a category of fire suppression systems?
a. Water sprinkler system b. Wet chemical system c. Clean agent system d. Dry chemical system
Which of these is NOT required for a fire to occur?
a. A chemical reaction that is the fire itself b. A type of fuel or combustible material c. A spark to start the process d. Sufficient oxygen to sustain the combustion
An electrical fire like that would be found in a computer data center is known as what type of fire?
a. Class A b. Class B c. Class C d. Class D
Which level of RAID uses disk mirroring and is considered fault-tolerant?
a. Level 1 b. Level 2 c. Level 3 d. Level 4
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time?
a. Time Offset b. Civil time c. Daylight savings time d. Greenwich Mean Time (GMT)
What does the abbreviation RAID represent?
a. Redundant Array of IDE Drives b. Resilient Architecture for Interdependent Discs c. Redundant Array of Independent Drives d. Resistant Architecture of Inter-Related Data Storage
Which of these is an example of a nested RAID?
a. Level 1-0 b. Level 0-1 c. Level 0+1 d. Level 0/1
A(n) ________ is always running off its battery while the main power runs the battery charger.
a. Secure UPS b. Backup UPS c. Off-line UPS d. On-line UPS
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?
a. Cold site b. Warm site c. Hot site d. Replicated site
Which of the following can a UPS NOT perform?
a. Prevent certain applications from launching that will consume too much power b. Disconnect users and shut down the server c. Prevent any new users from logging on d. Notify all users that they must finish their work immediately and log off
Which of these is NOT a characteristic of a disaster recovery plan (DRP)?
a. It is updated regularly. b. It is a private document used only by top-level administrators for planning. c. It is written. d. It is detailed.
What does an incremental backup do?
a. Copies all files changed since the last full or incremental backup b. Copies selected files c. Copies all files d. Copies all files since the last full backup
Which question is NOT a basic question to be asked regarding creating a data backup?
a. What media should be used? b. How long will it take to finish the backup? c. Where should the backup be stored? d. What information should be backed up?
The chain of ________ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence.
a. Forensics b. Evidence c. Custody d. Control
What is the maximum length of time that an organization can tolerate between data backups?
a. Recovery time objective (RTO) b. Recovery service point (RSP) c. Recovery point objective (RPO) d. Optimal recovery timeframe (ORT)
When an unauthorized event occurs, what is the first duty of the computer forensics response team?
a. To log off from the server b. To secure the crime scene c. To back up the hard drive d. To reboot the system
Margaux has been asked to work on the report that will analyze the exercise results with the purpose of identifying strengths to be maintained and weaknesses to be addressed for improvement. What report will she be working on?
a. Identification of critical systems report b. Containment report c. Business continuity report d. After-action report
Chapter 15
Risk Migitation
Which of the following threats would be classified as the actions of a hactivist?
a. External threat b. Internal threat c. Environmental threat d. Compliance threat
Which of these is NOT a response to risk?
a. Mitigation b. Transference c. Resistance d. Avoidance
Agnella was asked to create a report that listed the reasons why a contractor should be provided penetration testing authorization. Which of the follow would she NOT list in her report?
a. Legal authorization b. Indemnification c. Limit retaliation d. Access to resources
Which of the following risk control types would use video surveillance systems and barricades to limit access to secure sites?
a. Operational b. Managerial c. Technical d. Strategic
Which of the following approaches to risk calculation typically assigns a numeric value (1‒10) or label (High, Medium, or Low) represents a risk?
a. Quantitative risk calculation b. Qualitative risk calculation c. Rule-based risk calculation d. Policy-based risk calculation
Which of the following is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?
a. MTTF b. MTTR c. FIT d. MTBF
Which of the following covers the procedures of managing object authorizations?
a. Asset management b. Task management c. Privilege management d. Threat management
Which statement does NOT describe a characteristic of a policy?
a. Policies define appropriate user behavior. b. Policies identify what tools and procedures are needed. c. Policies communicate a unanimous agreement of judgment. d. Policies may be helpful if it is necessary to prosecute violators.
Tomassa is asked to determine the expected monetary loss every time a risk occurs. Which formula will she use?
a. AV b. ARO c. ALE d. SLE
What is a collection of suggestions that should be implemented?
a. Policy b. Guideline c. Standard d. Code
Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research?
a. Deterrent control b. Preventive control c. Detective control d. Corrective control
Which statement is NOT something that a security policy must do?
a. State reasons why the policy is necessary. b. Balance protection with productivity. c. Be capable of being implemented and enforced. d. Be concise and easy to understand.
What describes is the ability of an enterprise data center to revert to its former size after expanding?
a. Scalability b. Elasticity c. Contraction d. Reduction
Which policy defines the actions users may perform while accessing systems and networking equipment?
a. End-user policy b. Acceptable use policy c. Internet use policy d. User permission policy
While traveling abroad, Giuseppe needs to use public Internet café computers to access the secure network. Which of the following non-persistence tools should he use?
a. Snapshot b. Live boot media c. Revert to known state d. Secure Configuration
Bria is reviewing the company's updated personal email policy. Which of the following will she NOT find in it?
a. Employees should not use company email to send personal email messages. b. Employees should not access personal email at work. c. Employees should not forward company emails to a personal email account. d. Employees should not give out their company email address unless requested.
For adult learners, which approach is often preferred?
a. Pedagogical b. Andragogical c. Institutional d. Proactive
Which of the following is NOT a security risk of social media sites for users?
a. Personal data can be used maliciously. b. Users may be too trusting. c. Social media security is lax or confusing. d. Social media sites use popup ads.
Which of the following is NOT a time employee training should be conducted?
a. After monthly patch updates. b. When a new computer is installed. c. During an annual department retreat. d. When an employee is promoted.
Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use?
a. SLA b. BPA c. ISA d. MOU
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials