1. Thwarting cyber criminals includes which of the following?

(Choose two.)
 establishing early warning systems
 changing operating systems
 hiring hackers
 shutting down the network
 sharing cyber Intelligence information
2. What does the acronym IoE represent?
 Internet of Everyday
 Insight into Everything
 Intelligence on Everything
 Internet of Everything
3. What name is given to a amateur hacker?
 blue team
 red hat
 script kiddie
 black hat
4. Pick three types of records that cyber criminals would be
interested in stealing from organizations. (Choose three.)
 game
 rock
 employment
 food
 education
 flight
 medical
5. What is the workforce framework category that includes highly
specialized review and evaluation of incoming cybersecurity
information to determine if it is useful for intelligence?
 Oversight and Development
 Protect and Defend
 Analyze
 Securely Provision
6. What name is given to hackers who hack for a cause?
 white hat
 blue hat
 hacker
 hactivist
7. What does the term BYOD represent?
 bring your own decision
 buy your own disaster
 bring your own disaster
 bring your own device

1
8. What does the term vulnerability mean?
 a computer that contains sensitive information
 a method of attack to exploit a target
 a weakness that makes a target susceptible to an attack
 a known target or victim machine
 a potential threat that a hacker creates
9. What type of attack uses many systems to flood the resources
of a target, thus making the target unavailable?
 ping sweep
 DDoS
 spoof
 DoS
10. What is an example of an Internet data domain?
 Palo Alto
 Juniper
 Cisco
 Linkedin
11. What type of an attack can disable a computer by forcing it
to use memory or by overworking its CPU?
 exhaustion
 algorithm
 DDoS
 APT
12. What are two common hash functions? (Choose two.)
 Blowfish
 ECC
 RC4
 SHA
 MD5
 RSA
13. What service determines which resources a user can
access along with the operations that a user can perform?
 authentication
 biometric
 accounting
 token
 authorization
14. What type of cybersecurity laws protect you from an
organization that might want to share your sensitive data?
 confidentiality
 nonrepudiation
 authentication
 privacy
 integrity

2
15. What three design principles help to ensure high
availability? (Choose three.)
 eliminate single points of failure
 provide for reliable crossover
 ensure confidentiality
 check for data consistency
 use encryption
 detect failures as they occur
16. For the purpose of authentication, what three methods are
used to verify identity? (Choose three.)
 something you know
 something you do
 something you have
 where you are
 something you are
17. What is a secure virtual network called that uses the public
network?
 IPS
 IDS
 MPLS
 NAC
 Firewall
 VPN
18. What mechanism can organizations use to prevent
accidental changes by authorized users?
 SHA-1
 backups
 version control
 hashing
 encryption
19. What is a method of sending information from one device
to another using removable media?
 wired
 infrared
 LAN
 packet
 wireless
 sneaker net
20. What are the three foundational principles of the
cybersecurity domain? (Choose three.)
 policy
 integrity
 availability
 confidentiality
 security
 encryption

3
21. What are three access control security services? (Choose
three.)
 access
 authentication
 repudiation
 authorization
 accounting
 availability
22. Which two methods help to ensure data integrity? (Choose
two.)
 availability
 data consistency checks
 privacy
 hashing
 authorization
 repudiation
23. What three tasks are accomplished by a comprehensive
security policy? (Choose three.)
 useful for management
 defines legal consequences of violations
 is not legally binding
 gives security staff the backing of management
 vagueness
 sets rules for expected behavior
24. What two methods help to ensure system availability?
(Choose two.)
 integrity checking
 system backups
 up-to-date operating systems
 system resiliency
 fire extinguishers
 equipment maintenance
25. What principle prevents the disclosure of information to
unauthorized people, resources, and processes?
 integrity
 confidentiality
 nonrepudiation
 accounting
 availability
26. What are the three states of data? (Choose three.)
 suspended
 in-cloud
 at rest
 in-transit
 in-process
 encrypted

4
27. What name is given to any changes to the original data
such as users manually modifying data, programs processing
and changing data, and equipment failures?
 deletion
 modification
 dissemination
 corruption
 backup
 integrity
28. What is identified by the first dimension of the
cybersecurity cube?
 goals
 safeguards
 rules
 tools
 knowledge

29. What name is given to a storage device connected to a

network?
 NAS
 SAN
 RAID
 Cloud
 DAS
30. What are two methods that ensure confidentiality? (Choose
two.)
 authorization
 availability
 nonrepudiation
 authentication
 integrity
 encryption
31. What are three types of sensitive information? (Choose
three.)
 business
 published
 declassified
 public
 classified
 PII
1. What is a vulnerability that allows criminals to inject scripts into
web pages viewed by users?
 buffer overflow
 SQL injection
 XML injection
 Cross-site scripting

5
2. What type of attack targets an SQL database using the input
field of a user?
 buffer overflow
 SQL injection
 XML injection
 Cross-site scripting
3. Which two reasons describe why WEP is a weak protocol?
(Choose two.)
 WEP uses the same encryption features as Bluetooth.
 Everyone on the network uses a different key.
 The key is static and repeats on a congested network.
 The default settings cannot be modified.
 The key is transmitted in clear text.
4. What is the difference between a virus and a worm?
 Viruses hide in legitimate programs but worms do not.
 Worms self-replicate but viruses do not.
 Viruses self-replicate but worms do not.
 Worms require a host file but viruses do not.
5. A criminal is using software to obtain information about the
computer of a user. What is the name of this type of software?
 phishing
 adware
 spyware
 virus
6. What is the meaning of the term logic bomb?
 a malicious worm
 a malicious program that uses a trigger to awaken the malicious code
 a malicious virus
 a malicious program that hides itself in a legitimate program
7. What is the term used when a malicious party sends a fraudulent
email disguised as being from a legitimate, trusted source?
 Trojan
 vishing
 phishing
 backdoor
 social engineering
8. What are two ways to protect a computer from malware?
(Choose two.)
 Empty the browser cache.
 Use antivirus software.
 Delete unused software.
 Keep software up to date.
 Defragment the hard disk.

6
9. What occurs on a computer when data goes beyond the limits of
a buffer?
 a buffer overflow
 a system exception
 an SQL injection
 cross-site scripting
10. What is the term used to describe an email that is targeting
a specific person employed at a financial institution?
 spam
 vishing
 spear phishing
 target phishing
 spyware
11. An attacker is sitting in front of a store and wirelessly
copies emails and contact lists from nearby unsuspecting user
devices. What type of attack is this?
 RF jamming
 smishing
 bluejacking
 bluesnarfing
12. What are two of the tactics used by a social engineer to
obtain personal information from an unsuspecting target?
(Choose two.)
 intimidation
 compassion
 honesty
 urgency
 integrity
13. What are two common indicators of spam mail? (Choose
two.)
 The email has keywords in it.
 The email has misspelled words or punctuation errors or both.
 The email is from your supervisor.
 The email is from a friend.
 The email has no subject line.
 The email has an attachment that is a receipt for a recent purchase.
14. Which term describes the sending of a short deceptive
SMS message used to trick a target into visiting a website?
 spam
 smishing
 grayware
 impersonation

7
15. A computer is presenting a user with a screen requesting
payment before the user data is allowed to be accessed by the
same user. What type of malware is this?
 a type of logic bomb
 a type of virus
 a type of worm
 a type of ransomware
16. What is the name for the type of software that generates
revenue by generating annoying pop-ups?
 spyware
 trackers
 pop-ups
 adware
17. What does a rootkit modify?
 Microsoft Word
 Notepad
 screen savers
 programs
 operating system
18. What is the name given to a program or program code that
bypasses normal authentication?
 virus
 worm
 ransomware
 Trojan

1. What is the name of the method in which letters are rearranged

to create the ciphertext?
 enigma
 substitution
 transposition
 one-time pad
2. Which 128-bit block cipher encryption algorithm does the US
government use to protect classified information?
 Vignere
 AES
 Caesar
 3DES
 Skipjack
3. Which term describes the technology that protects software
from unauthorized access or modification?
 copyright
 access control
 trademark
 watermarking

8
4. Which three devices represent examples of physical access
controls? (Choose three.)
 swipe cards
 firewalls
 locks
 routers
 servers
 video cameras
5. What term is used to describe the technology that replaces
sensitive information with a nonsensitive version?
 retracting
 hiding
 blanking
 whiteout
 masking
6. Which type of cipher is able to encrypt a fixed-length block of
plaintext into a 128-bit block of ciphertext at any one time?
 transform
 hash
 symmetric
 stream
 block
7. What encryption algorithm uses the same pre-shared key to
encrypt and decrypt data?
 hash
 asymmetric
 one-time pad
 symmetric
8. What type of cipher encrypts plaintext one byte or one bit at a
time?
 block
 hash
 enigma
 stream
 elliptical
9. What cryptographic algorithm is used by the NSA and includes
the use of elliptical curves for digital signature generation and
key exchange?
 ECC
 RSA
 AES
 El-Gamal
 IDEA

9
10. What is the term used to describe the science of making
and breaking secret codes?
 impersonation
 spoofing
 factorization
 cryptology
 jamming
11. Which three processes are examples of logical access
controls? (Choose three.)
 guards to monitor security screens
 firewalls to monitor traffic
 swipe cards to allow access to a restricted area
 fences to protect the perimeter of a building
 intrusion detection system (IDS) to watch for suspicious network activity
 biometrics to validate physical characteristics
12. What term is used to describe concealing data in another
file such as a graphic, audio, or other text file?
 hiding
 steganography
 obfuscation
 masking
13. What are three examples of administrative access
controls? (Choose three.)
 hiring practices
 intrusion detection system (IDS)
 policies and procedures
 background checks
 guard dogs
 encryption
14. Which three protocols use asymmetric key algorithms?
(Choose three.)
 Telnet
 Secure Shell (SSH)
 Advanced Encryption Standard (AES)
 Pretty Good Privacy (PGP)
 Secure File Transfer Protocol (SFTP)
 Secure Sockets Layer (SSL)
15. A warning banner that lists the negative outcomes of
breaking company policy is displayed each time a computer
user logs in to the machine. What type of access control is
implemented?
 detective
 preventive
 masking
 deterrent

10
16. Which two terms are used to describe cipher keys?
(Choose two.)
 key space
 key randomness
 keylogging
 key length
17. Match the type of multifactor authentication with the
description.
 a security key fob ————> something you have
 a fingerprint scan ————> something you are
 a password ————> something you know
18. Match the description with the correct term. (Not all targets
are used.)
 steganography —————> hiding data within an audio file
 steganalysis ——————> discovering that hidden information exists within a graphic
file
 social steganography ——–> creating a message that says one thing but means something
else to a specific audience
 obfuscation ——————> making a message confusing so it is harder to understand
 Other Incorrect Match Options:
 replacing sensitive information in a file with nonsensitive information
19. Which asymmetric algorithm provides an electronic key
exchange method to share the secret key?
 WEP
 DES
 RSA
 Diffie-Hellman
 hashing
20. What encryption algorithm uses one key to encrypt data
and a different key to decrypt data?
 asymmetric
 one-time pad
 transposition
 symmetric

1. What is a strength of using a hashing function?

 It is a one-way function and not reversible.
 It is not commonly used in security.
 Two different files can be created that have the same output.
 It has a variable length output.
 It can take only a fixed length message.

11
2. A user is instructed by a boss to find a better method to secure
passwords in transit. The user has researched several means to
do so and has settled on using HMAC. What are the key
elements needed to implement HMAC?
 secret key and message digest
 symmetric key and asymmetric key
 IPsec and checksum
 message digest and asymmetric key
3. Which method tries all possible passwords until a match is
found?
 rainbow tables
 brute force
 cloud
 cryptographic
 birthday
 dictionary
4. An investigator finds a USB drive at a crime scene and wants to
present it as evidence in court. The investigator takes the USB
drive and creates a forensic image of it and takes a hash of both
the original USB device and the image that was created. What is
the investigator attempting to prove about the USB drive when
the evidence is submitted in court?
 The data in the image is an exact copy and nothing has been altered by the process.
 An exact copy cannot be made of a device.
 The investigator found a USB drive and was able to make a copy of it.
 The data is all there.
5. What are three type of attacks that are preventable through the
use of salting? (Choose three.)
 lookup tables
 phishing
 reverse lookup tables
 rainbow tables
 guessing
 social engineering
 shoulder surfing
6. A user has been asked to implement IPsec for inbound external
connections. The user plans to use SHA-1 as part of the
implementation. The user wants to ensure the integrity and
authenticity of the connection. What security tool can the user
use?
 ISAKMP
 MD5
 HMAC
 SHA256

12
7. A user downloads an updated driver for a video card from a
website. A warning message pops up saying the driver is not
approved. What does this piece of software lack?
 code recognition
 digital signature
 source code
 valid ID
8. What is the purpose of CSPRNG?
 to prevent a computer from being a zombie
 to secure a web site
 to process hash lookups
 to generate salt
9. A user has created a new program and wants to distribute it to
everyone in the company. The user wants to ensure that when
the program is downloaded that the program is not changed
while in transit. What can the user do to ensure that the program
is not changed when downloaded?
 Turn off antivirus on all the computers.
 Encrypt the program and require a password after it is downloaded.
 Install the program on individual computers.
 Create a hash of the program file that can be used to verify the integrity of the file after it
is downloaded.
 Distribute the program on a thumb drive.
10. A recent email sent throughout the company stated that
there would be a change in security policy. The security officer
who was presumed to have sent the message stated the
message was not sent from the security office and the company
may be a victim of a spoofed email. What could have been added
to the message to ensure the message actually came from the
person?
 hashing
 digital signature
 non-repudiation
 asymmetric key
11. A recent breach at a company was traced to the ability of a
hacker to access the corporate database through the company
website by using malformed data in the login form. What is the
problem with the company website?
 lack of operating system patching
 poor input validation
 bad usernames
 weak encryption

13
12. What are three validation criteria used for a validation rule?
(Choose three.)
 encryption
 type
 range
 size
 key
 format
13. A user is connecting to an e-commerce server to buy some
widgets for a company. The user connects to the site and
notices there is no lock in the browser security status bar. The
site does prompt for a username and password and the user is
able to log in. What is the danger in proceeding with this
transaction?
 The user is using the wrong browser to perform the transaction.
 The site is not using a digital certificate to secure the transaction, with the result that
everything is in the clear.
 The certificate from the site has expired, but is still secure.
 Ad blocker software is preventing the security bar from working properly, and thus there
is no danger with the transaction.
14. Identify three situations in which the hashing function can
be applied. (Choose three.)
 PKI
 IPsec
 CHAP
 DES
 PPoE
 WPA
15. What is the standard for a public key infrastructure to
manage digital certificates?
 x.509
 PKI
 NIST-SP800
 x.503

14
16. A user is evaluating the security infrastructure of a
company and notices that some authentication systems are not
using best practices when it comes to storing passwords. The
user is able to crack passwords very fast and access sensitive
data. The user wants to present a recommendation to the
company on the proper implementation of salting to avoid
password cracking techniques. What are three best practices in
implementing salting? (Choose three.)
 Salts should be short.
 The same salt should be used for each password.
 A salt should not be reused.
 A salt must be unique.
 Salts are not an effective best practice.
 A salt should be unique for each password.
17. A user is the database administrator for a company. The
user has been asked to implement an integrity rule that states
every table must have a primary key and that the column or
columns chosen to be the primary key must be unique and not
null. Which integrity requirement is the user implementing?
 referential integrity
 domain integrity
 anomaly integrity
 entity integrity
18. What are three NIST-approved digital signature
algorithms? (Choose three.)
 ECDSA
 RSA
 SHA256
 MD5
 DSA
 SHA1
19. Alice and Bob use the same password to login into the
company network. This means both would have the exact same
hash for their passwords. What could be implemented to prevent
both password hashes from being the same?
 RSA
 peppering
 salting
 pseudo-random generator

15
20. What is the step by step process for creating a digital
signature?
 Create a SHA-1 hash; encrypt the hash with the private key of the sender; and bundle the
message, encrypted hash, and public key together to signed document.
 Create a message digest; encrypt the digest with the private key of the sender; and bundle
the message, encrypted digest, and public key together in order to sign the document.
 Create a message; encrypt the message with a MD5 hash; and send the bundle with a
public key.
 Create a message digest; encrypt the digest with the public key of the sender; and bundle
the message, encrypted digest, and public key together to sign the document.
21. A user is purchasing a new server for the company data
center. The user wants disk striping with parity on three disks.
Which RAID level should the user implement?
 5
 1+0
 0
 1
22. A user is asked to create a disaster recovery plan for a
company. The user needs to have a few questions answered by
management to proceed. Which three questions should the user
ask management as part of the process of creating the plan?
(Choose three.)
 How long does the process take?
 Where does the individual perform the process?
 Can the individual perform the process?
 Who is responsible for the process
 What is the process?
 Does the process require approval?
23. A user was hired by a company to provide a highly
available network infrastructure. The user wants to build
redundancy into the network in case of a switch failure, but
wants to prevent Layer 2 looping. What would the user
implement in the network?
 Spanning Tree Protocol
 GLBP
 VRRP
 HSRP
24. A security breach has happened at a major corporation.
The incident team has responded and executed their incident
response plan. During which phase are lessons learned applied?
 preparation
 containment
 recovery
 analyze
 post-incident

16
  detection
25. A team has been asked to create an incident response plan
for security incidents. In what phase of an incident response
plan does the team get management approval of the plan?
 analysis
 post-incident
 detection
 containment
 preparation
 recovery
26. A user is asked to perform a risk analysis of a company.
The user asks for the company asset database that contains a
list of all equipment.The user uses this information as part of a
risk analysis. Which type of risk analysis could be performed?
 qualitative
 hardware
 exposure factor
 quantitative
27. A user is evaluating the network infrastructure of a
company. The user noted many redundant systems and devices
in place, but no overall evaluation of the network. In a report, the
user emphasized the methods and configurations needed as a
whole to make the network fault tolerant. What is the type of
design the user is stressing?
 availability
 comprehensive
 resilient
 spanning tree
28. A user has completed a six month project to identify all
data locations and catalog the location. The next step is to
classify the data and produce some criteria on data sensitivity.
Which two steps can the user take to classify the data? (Choose
two.)
 Determine permissions for the data.
 Determine the user of the data.
 Treat all the data the same.
 Determine how often data is backed up.
 Identify sensitivity of the data.
 Establish the owner of the data.

17
29. A user needs to add redundancy to the routers in a
company. What are the three options the user can use? (Choose
three.)
 HSRP
 VRRP
 IPFIX
 STP
 RAID
 GLBP
30. A user is asked to evaluate the data center to improve
availability for customers. The user notices that there is only
one ISP connection, some of the equipment is out of warranty,
there are no spare parts, and no one was monitoring the UPS
which was tripped twice in one month. Which three deficiencies
in high availability has the user identified? (Choose three.)
 single points of failure
 failure to detect errors as they occur
 failure to design for reliability
 failure to identify management issues
 failure to prevent security incidents
 failure to protect against poor maintenance
31. A company is concerned with traffic that flows through the
network. There is a concern that there may be malware that
exists that is not being blocked or eradicated by antivirus. What
technology can be put in place to detect potential malware traffic
on the network?
 IDS
 firewall
 IPS
 NAC
32. A user is a consultant who is hired to prepare a report to
Congress as to which industries should be required to maintain
five nine availability. Which three industries should the user
include in a report? (Choose three.)
 retail
 public safety
 finance
 food service
 healthcare
 education

18
33. A user is asked to evaluate the security posture of a
company. The user looks at past attempts to break into the
company and evaluates the threats and exposures to create a
report. Which type of risk analysis could the user perform?
 objective
 subjective
 qualitative
 opinion
34. A user is running a routine audit of the server hardware in
the company data center. Several servers are using single drives
to host operating systems and multiple types of attached
storage solutions for storing data. The user wants to offer a
better solution to provide fault tolerance during a drive failure.
Which solution is best?
 tape backup
 offsite backup
 UPS
 RAID
35. A user was hired as the new security officer. One of the
first projects was to take inventory of the company assets and
create a comprehensive database. Which three pieces of
information would the user want to capture in an asset
database? (Choose three.)
 passwords
 hardware network devices
 users
 workstations
 groups
 operating systems
36. A user is redesigning a network for a small company and
wants to ensure security at a reasonable price. The user deploys
a new application-aware firewall with intrusion detection
capabilities on the ISP connection. The user installs a second
firewall to separate the company network from the public
network. Additionally, the user installs an IPS on the internal
network of the company. What approach is the user
implementing?
 risk based
 attack based
 layered
 structured

19
37. The CEO of a company is concerned that if a data breach
should occur and customer data is exposed, the company could
be sued. The CEO makes the decision to buy insurance for the
company. What type of risk mitigation is the CEO implementing?
 reduction
 mitigation
 avoidance
 transference

1. A user is proposing the purchase of a patch management

solution for a company. The user wants to give reasons why the
company should spend money on a solution. What benefits
does patch management provide? (Choose three.)
 Patches can be chosen by the user.
 Computers require a connection to the Internet to receive patches.
 Patches can be written quickly.
 Administrators can approve or deny patches.
 Updates can be forced on systems immediately.
 Updates cannot be circumvented.
2. A user calls the help desk complaining that an application was
installed on the computer and the application cannot connect to
the Internet. There are no antivirus warnings and the user can
browse the Internet. What is the most likely cause of the
problem?
 computer firewall
 corrupt application
 permissions
 need for a system reboot
3. Companies may have different operation centers that handle
different issues with the IT operations. If an issue is related to
network infrastructure, what operation center would be
responsible?
 NOC
 SOC
 HVAC
 HR
4. Why is WPA2 better than WPA?
 mandatory use of AES algorithms
 reduced keyspace
 supports TKIP
 reduced processing time

20
5. A company wants to implement biometric access to its data
center. The company is concerned with people being able to
circumvent the system by being falsely accepted as legitimate
users. What type of error is false acceptance?
 Type II
 CER
 false rejection
 Type I
6. An administrator of a small data center wants a flexible, secure
method of remotely connecting to servers.Which protocol would
be best to use?
 Telnet
 Secure Copy
 Remote Desktop
 Secure Shell
7. Which service will resolve a specific web address into an IP
address of the destination web server?
 ICMP
 DHCP
 NTP
 DNS
8. Which three items are malware? (Choose three.)
 Apt
 attachments
 virus
 Trojan horse
 keylogger
 email
9. The CIO wants to secure data on company laptops by
implementing file encryption. The technician determines the
best method is to encrypt each hard drive using Windows
BitLocker. Which two things are needed to implement this
solution? (Choose two.)
 backup
 password management
 EFS
 at least two volumes
 USB stick
 TPM

21
10. A user makes a request to implement a patch management
service for a company. As part of the requisition the user needs
to provide justification for the request. What three reasons can
the user use to justify the request? (Choose three.)
 the need for systems be directly connected to the Internet
 no opportunities for users to circumvent updates
 the likelihood of storage savings
 the ability to obtain reports on systems
 the ability to control when updates occur
 the ability of users to select updates
11. The manager of desktop support wants to minimize
downtime for workstations that crash or have other software-
related issues. What are three advantages of using disk cloning?
(Choose three.)
 can provide a full system backup
 creates greater diversity
 easier to deploy new computers within the organization
 ensures system compatibility
 ensures a clean imaged machine
 cuts down on number of staff needed
12. A user is asked to analyze the current state of a computer
operating system. What should the user compare the current
operating system against to identify potential vulnerabilities?
 a pentest
 a blacklist
 a baseline
 a whitelist
 a vulnerability scan
13. What is the difference between an HIDS and a firewall?
 An HIDS works like an IPS, whereas a firewall just monitors traffic.
 An HIDS blocks intrusions, whereas a firewall filters them.
 An HIDS monitors operating systems on host computers and processes file system
activity. Firewalls allow or deny traffic between the computer and other systems.
 A firewall allows and denies traffic based on rules and an HIDS monitors network traffic.
 A firewall performs packet filtering and therefore is limited in effectiveness, whereas an
HIDS blocks intrusions.
14. What are three types of power issues that a technician
should be concerned about? (Choose three.)
 blackout
 flicker
 brownout
 spike
 spark
 fuzzing

22
15. A new PC is taken out of the box, started up and connected
to the Internet. Patches were downloaded and installed.
Antivirus was updated. In order to further harden the operating
system what can be done?
 Remove unnecessary programs and services.
 Turn off the firewall.
 Give the computer a nonroutable address.
 Remove the administrator account.
 Disconnect the computer from the network.
 Install a hardware firewall.
16. The company has many users who telecommute. A
solution needs to be found so a secure communication channel
can be established between the remote location of users and the
company. What is a good solution for this situation?
 fiber
 VPN
 modem
 T1
 PPP
17. Why should WEP not be used in wireless networks today?
 its use of clear text passwords
 its age
 easily crackable
 its lack of encryption
 its lack of support
18. A user calls the help desk complaining that the password
to access the wireless network has changed without warning.
The user is allowed to change the password, but an hour later,
the same thing occurs. What might be happening in this
situation?
 user error
 password policy
 rogue access point
 weak password
 user laptop
19. An intern has started working in the support group. One
duty is to set local policy for passwords on the workstations.
What tool would be best to use?
 grpol.msc
 password policy
 secpol.msc
 system administration
 account policy

23
20. The manager of a department suspects someone is trying
to break into computers at night. You are asked to find out if this
is the case. What logging would you enable?
 Windows
 syslog
 operating system
 audit
21. After a security audit for an organization, multiple accounts
were found to have privileged access to systems and devices.
Which three best practices for securing privileged accounts
should be included in the audit report? (Choose three.)
 No one should have privileged access.
 Enforce the principle of least privilege.
 Secure password storage.
 Only managers should have privileged access.
 Reduce the number of privileged accounts.
 Only the CIO should have privileged access.

1. An auditor is asked to assess the LAN of a company for

potential threats. What are three potential threats the auditor
may point out? (Choose three.)
 a misconfigured firewall
 unauthorized port scanning and network probing
 unlocked access to network equipment
 complex passwords
 locked systems
 the acceptable use policy
2. As part of HR policy in a company, an individual may opt-out of
having information shared with any third party other than the
employer. Which law protects the privacy of personal shared
information?
 GLBA
 PCI
 SOX
 FIRPA
3. As a security professional, there is a possibility to have access
to sensitive data and assets. What is one item a security
professional should understand in order to make informed
ethical decisions?
 partnerships
 potential gain
 laws governing the data
 cloud providers
 potential bonus

24
4. A security professional is asked to perform an analysis of the
current state of a company network. What tool would the
security professional use to scan the network only for security
risks?
 vulnerability scanner
 malware
 packet analyzer
 pentest
5. A consultant is hired to make recommendations on managing
device threats in a company. What are three general
recommendations that can be made? (Choose three.)
 Enforce strict HR policies.
 Disable administrative rights for users.
 Remove content filtering.
 Enable media devices.
 Enable automated antivirus scans.
 Enable screen lockout.
6. What three services does CERT provide? (Choose three.)
 enforce software standards
 develop tools, products, and methods to analyze vulnerabilities
 develop tools, products, and methods to conduct forensic examinations
 create malware tools
 resolve software vulnerabilities
 develop attack tools
7. What are two items that can be found on the Internet Storm
Center website? (Choose two.)
 InfoSec reports
 historical information
 InfoSec job postings
 current laws
8. What can be used to rate threats by an impact score to
emphasize important vulnerabilities?
 CERT
 ACSC
 NVD
 ISC
9. A breach occurs in a company that processes credit card
information. Which industry specific law governs credit card
data protection?
 PCI DSS
 ECPA
 SOX
 GLBA

25
10. Why is Kali Linux a popular choice in testing the network
security of an organization?
 It is a network scanning tool that prioritizes security risks.
 It can be used to intercept and log network traffic.
 It can be used to test weaknesses by using only malicious software.
 It is an open source Linux security distribution and contains over 300 tools.
11. A company is attempting to lower the cost in deploying
commercial software and is considering a cloud based service.
Which cloud based service would be best to host the software?
 RaaS
 SaaS
 PaaS
 IaaS
12. An organization has implemented a private cloud
infrastructure. The security administrator is asked to secure the
infrastructure from potential threats. What three tactics can be
implemented to protect the private cloud? (Choose three.)
 Update devices with security fixes and patches.
 Hire a consultant.
 Disable firewalls.
 Test inbound and outbound traffic.
 Disable ping, probing, and port scanning.
 Grant administrative rights.
13. A school administrator is concerned with the disclosure of
student information due to a breach. Under which act is student
information protected?
 FERPA
 HIPPA
 CIPA
 COPPA
14. What are the three broad categories for information
security positions? (Choose three.)
 definers
 doers
 seekers
 monitors
 builders
 creators
15. What are two potential threats to applications? (Choose
two.)
 data loss
 social engineering
 power interruptions
 unauthorized access

26
 16. If a person knowingly accesses a government computer
without permission, what federal act laws would the person be
subject to?
 GLBA
 ECPA
 SOX
 CFAA
17. A company has had several incidents involving users
downloading unauthorized software, using unauthorized
websites, and using personal USB devices. The CIO wants to put
in place a scheme to manage the user threats. What three things
might be put in place to manage the threats? (Choose three.)
 Disable CD and USB access.
 Monitor all activity by the users.
 Provide security awareness training.
 Use content filtering.
 Change to thin clients.
 Implement disciplinary action.
18. What are three disclosure exemptions that pertain to the
FOIA? (Choose three.)
 public information from financial institutions
 confidential business information
 non-geological information regarding wells
 information specifically non-exempt by statue
 national security and foreign policy information
 law enforcement records that implicate one of a set of enumerated concerns
Unauthorized visitors have entered a company office and are walking
around the building. What two measures can be implemented to
prevent unauthorized visitor access to the building? (Choose two.)
Establish policies and procedures for guests visiting the building.
Conduct security awareness training regularly.
Lock cabinets.
Prohibit exiting the building during working hours.

1. What is an example of early warning systems that can be used

to thwart cybercriminals?
 CVE database
 Infragard
 ISO/IEC 27000 program
 Honeynet project

27
2. Technologies like GIS and IoE contribute to the growth of large
data stores. What are two reasons that these technologies
increase the need for cybersecurity specialists? (Choose two.)
 They require 24-hour monitoring.
 They collect sensitive information.
 They contain personal information.
 They increase processing requirements.
 They require more equipment.
 They make systems more complicated.
3. Which two groups of people are considered internal attackers?
(Choose two.)
 ex-employees
 amateurs
 black hat hackers
 hacktivists
 trusted partners
4. Which methods can be used to implement multifactor
authentication?
 IDS and IPS
 tokens and hashes
 VPNs and VLANs
 passwords and fingerprints
5. Which technology should be used to enforce the security policy
that a computing device must be checked against the latest
antivirus update before the device is allowed to connect to the
campus network?
 NAC
 VPN
 SAN
 NAS
6. A security specialist is asked for advice on a security measure
to prevent unauthorized hosts from accessing the home network
of employees. Which measure would be most effective?
 Implement a firewall.
 Implement intrusion detection systems.
 Implement a VLAN.
 Implement RAID.
7. Which technology can be used to ensure data confidentiality?
 hashing
 identity management
 RAID
 Encryption

28
8. An organization allows employees to work from home two days
a week. Which technology should be implemented to ensure
data confidentiality as data is transmitted?
 VPN
 VLANS
 RAID
 SHS
9. What are the two most effective ways to defend against
malware? (Choose two.)
 Implement a VPN.
 Implement strong passwords.
 Install and update antivirus software.
 Implement RAID.
 Implement network firewalls.
 Update the operating system and other application software.
10. An executive manager went to an important meeting. The
secretary in the office receives a call from a person claiming that
the executive manager is about to give an important
presentation but the presentation files are corrupted. The caller
sternly recommends that the secretary email the presentation
right away to a personal email address. The caller also states
that the executive is holding the secretary responsible for the
success of this presentation. Which type of social engineering
tactic would describe this scenario?
 familiarity
 intimidation
 trusted partners
 urgency
11. Which statement describes a distributed denial of service
attack?”
 An attacker sends an enormous quantity of data that a server cannot handle.
 An attacker views network traffic to learn authentication credentials.
 An attacker builds a botnet comprised of zombies.
 One computer accepts data packets based on the MAC address of another computer.
12. What type of attack will make illegitimate websites higher
in a web search result list?
 DNS poisoning
 browser hijacker
 spam
 SEO poisoning

29
13. What is a nontechnical method that a cybercriminal would
use to gather sensitive information from an organization?
 man-in-the-middle
 social engineering
 pharming
 ransomeware
14. A penetration testing service hired by the company has
reported that a backdoor was identified on the network. What
action should the organization take to find out if systems have
been compromised?
 Look for usernames that do not have passwords.
 Look for unauthorized accounts.
 Look for policy changes in Event Viewer.
 Scan the systems for viruses.
15. Users report that the database on the main server cannot
be accessed. A database administrator verifies the issue and
notices that the database file is now encrypted. The organization
receives a threatening email demanding payment for the
decryption of the database file. What type of attack has the
organization experienced?
 DoS attack
 Trojan horse
 ransomeware
 man-in-the-middle attack
16. A user has a large amount of data that needs to be kept
confidential. Which algorithm would best meet this requirement?
 RSA
 Diffie-Hellman
 3DES
 ECC
17. What happens as the key length increases in an encryption
application?
 Keyspace decreases exponentially.
 Keyspace increases exponentially.
 Keyspace decreases proportionally.
 Keyspace increases proportionally.
18. Which algorithm will Windows use by default when a user
intends to encrypt files and folders in an NTFS volume?
 RSA
 DES
 AES
 3DES

30
19. Before data is sent out for analysis, which technique can
be used to replace sensitive data in nonproduction
environments to protect the underlying information?
 data masking substitution
 steganography
 software obfuscation
 steganalysis
20. In which situation would a detective control be warranted?
 when the organization needs to repair damage
 after the organization has experienced a breach in order to restore everything back to a
normal state
 when the organization needs to look for prohibited activity
 when the organization cannot use a guard dog, so it is necessary to consider an alternative
21. An organization plans to implement security training to
educate employees about security policies. What type of access
control is the organization trying to implement?
 administrative
 technological
 physical
 logical
22. An organization has implemented antivirus software. What
type of security control did the company implement?
 deterrent control
 detective control
 recovery control
 compensative control
23. Passwords, passphrases, and PINs are examples of which
security term?
 authorization
 access
 authentication
 identification
24. An organization has determined that an employee has been
cracking passwords on administrative accounts in order to
access very sensitive payroll information. Which tools would
you look for on the system of the employee? (Choose three)
 password digest
 reverse lookup tables
 lookup tables
 rouge access points
 algorithm tables
 rainbow tables

31
25. What technique creates different hashes for the same
password?
 SHA-256
 HMAC
 CRC
 salting
26. Which hashing technology requires keys to be exchanged?
 HMAC
 salting
 MD5
 AES
27. You have been asked to implement a data integrity
program to protect data files that need to be electronically
downloaded by the sales staff. You have decided to use the
strongest hashing algorithm available on your systems. Which
hash algorithm would you select?
 SHA-1
 AES
 MD5
 SHA-256
28. What kind of integrity does a database have when all its
rows have a unique identifier called a primary key?
 entity integrity
 referential integrity
 domain integrity
 user-defined integrity
29. Technicians are testing the security of an authentication
system that uses passwords. When a technician examines the
password tables, the technician discovers the passwords are
stored as hash values. However, after comparing a simple
password hash, the technician then discovers that the values
are different from those on other systems. What are two causes
of this situation? (Choose two.)
 The systems use different hashing algorithms.
 Both systems use MD5.
 Both systems scramble the passwords before hashing.
 One system uses hashing and the other uses hashing and salting.
 One system uses symmetrical hashing and the other uses asymmetrical hashing.
30. Alice and Bob are using a digital signature to sign a
document. What key should Alice use to sign the document so
that Bob can make sure that the document came from Alice?
 public key from Bob
 private key from Alice
 private key from Bob

32
  username and password from Alice
31. The X.509 standards defines which security technology?
 digital certificates
 security tokens
 strong passwords
 biometrics
32. What is it called when an organization only installs
applications that meet its guidelines, and administrators
increase security by eliminating all other applications?
 asset standardization
 asset identification
 asset classification
 asset availability
33. Being able to maintain availability during disruptive events
describes which of the principles of high availability?
 single point of failure
 system resiliency
 fault tolerance
 uninterruptible services
34. An organization has recently adopted a five nines program
for two critical database servers. What type of controls will this
involve?
 stronger encryption systems
 remote access to thousands of external users
 limiting access to the data on these systems
 improving reliability and uptime of the servers
35. What approach to availability provides the most
comprehensive protection because multiple defenses
coordinate together to prevent attacks?
 layering
 obscurity
 diversity
 limiting
36. The team is in the process of performing a risk analysis on
the database services. The information collected includes the
initial value of these assets, the threats to the assets and the
impact of the threats. What type of risk analysis is the team
performing by calculating the annual loss expectancy?
 qualitative analysis
 loss analysis
 protection analysis
 quantitative analysis

33
37. Which two values are required to calculate annual loss
expectancy? (Choose two.)
 asset value
 exposure factor
 frequency factor
 annual rate of occurrence
 single loss expectancy
 quantitative loss value
38. An organization wants to adopt a labeling system based on
the value, sensitivity, and criticality of the information. What
element of risk management is recommended?
 asset identification
 asset availability
 asset standardization
 asset classification
39. What approach to availability involves using file
permissions?
 layering
 simplicity
 obscurity
 limiting
40. What are two incident response phases? (Choose two.)
 prevention and containment
 containment and recovery
 mitigation and acceptance
 detection and analysis
 risk analysis and high availability
 confidentiality and eradication
41. What Windows utility should be used to configure
password rules and account lockout policies on a system that is
not part of a domain?
 Local Security Policy tool
 Event Viewer security log
 Active Directory Security tool
 Computer Management
42. In a comparison of biometric systems, what is the
crossover error rate?
 rate of false negatives and rate of false positives
 rate of false positives and rate of acceptability
 rate of rejection and rate of false negatives
 rate of acceptability and rate of false negatives

34
43. What describes the protection provided by a fence that is 1
meter in height?
 It deters casual trespassers only.
 The fence deters determined intruders.
 It offers limited delay to a determined intruder.
 It prevents casual trespassers because of its height.
44. Mutual authentication can prevent which type of attack?
 wireless poisoning
 man-in-the-middle
 wireless sniffing
 wireless IP spoofing
45. Which protocol would be used to provide security for
employees that access systems remotely from home?
 SSH
 WPA
 Telnet
 SCP
46. Which technology can be used to protect VoIP against
eavesdropping?
 encrypted voice messages
 strong authentication
 SSH
 ARP
47. Which three protocols can use Advanced Encryption
Standard (AES)? (Choose three.)
 WPA
 802.11q
 802.11i
 TKIP
 WPA2
 WEP
48. HVAC, water system, and fire systems fall under which of
the cybersecurity domains?
 network
 user
 device
 physical facilities
49. Which national resource was developed as a result of a
U.S. Executive Order after a ten-month collaborative study
involving over 3,000 security professionals?
 ISO OSI model
 NIST Framework
 ISO/IEC 27000
 the National Vulnerability Database (NVD)

35
50. Which cybersecurity weapon scans for use of default
passwords, missing patches, open ports, misconfigurations,
and active IP addresses?
 packet sniffers
 vulnerability scanners
 password crackers
 packet analyzers

1. A cybersecurity specialist is asked to identify the potential

criminals known to attack the organization. Which type of
hackers would the cybersecurity specialist be least concerned
with?
 black hat hackers
 gray hat hackers
 script kiddies
 white hat hackers
2. Which statement best describes a motivation of hacktivists?
 They are trying to show off their hacking skills.
 They are interested in discovering new exploits.
 They are curious and learning hacking skills.
 They are part of a protest group behind a political cause.
3. What is an example of early warning systems that can be used
to thwart cybercriminals?
 Infragard
 ISO/IEC 27000 program
 Honeynet project
 CVE database
4. Which technology should be used to enforce the security policy
that a computing device must be checked against the latest
antivirus update before the device is allowed to connect to the
campus network?
 SAN
 VPN
 NAC
 NAS
5. Which data state is maintained in NAS and SAN services?
 stored data
 data in-transit
 encrypted data
 data in-process

36
6. What are three states of data during which data is vulnerable?
(Choose three.)
 purged data
 stored data
 data in-process
 data encrypted
 data decrypted
 data in-transit
7. Which technology can be used to ensure data confidentiality?
 hashing
 identity management
 encryption
 RAID
8. A cybersecurity specialist is working with the IT staff to
establish an effective information security plan. Which
combination of security principles forms the foundation of a
security plan?
 secrecy, identify, and nonrepudiation
 confidentiality, integrity, and availability
 technologies, policies, and awareness
 encryption, authentication, and identification
9. What are the two most effective ways to defend against
malware? (Choose two.)
 Implement strong passwords.
 Implement a VPN.
 Implement RAID.
 Update the operating system and other application software.
 Implement network firewalls.
 Install and update antivirus software.
10. What is an impersonation attack that takes advantage of a
trusted relationship between two systems?
 man-in-the-middle
 spoofing
 spamming
 sniffing
11. Users report that the network access is slow. After
questioning the employees, the network administrator learned
that one employee downloaded a third-party scanning program
for the printer. What type of malware might be introduced that
causes slow performance of the network?
 virus
 worm
 spam
 phishing

37
12. Which statement describes a distributed denial of service
attack?”
 An attacker views network traffic to learn authentication credentials.
 An attacker builds a botnet comprised of zombies.
 An attacker sends an enormous quantity of data that a server cannot handle.
 One computer accepts data packets based on the MAC address of another computer.
13. What type of application attack occurs when data goes
beyond the memory areas allocated to the application?
 buffer overflow
 RAM Injection
 SQL injection
 RAM spoofing
14. What type of attack has an organization experienced when
an employee installs an unauthorized device on the network to
view network traffic?
 sniffing
 spoofing
 phishing
 spamming
15. A penetration testing service hired by the company has
reported that a backdoor was identified on the network. What
action should the organization take to find out if systems have
been compromised?
 Look for policy changes in Event Viewer.
 Scan the systems for viruses.
 Look for unauthorized accounts.
 Look for usernames that do not have passwords.
16. The IT department is tasked to implement a system that
controls what a user can and cannot do on the corporate
network. Which process should be implemented to meet the
requirement?
 user login auditing
 a biometric fingerprint reader
 observations to be provided to all employees
 a set of attributes that describes user access rights
17. Smart cards and biometrics are considered to be what type
of access control?
 administrative
 technological
 logical
 physical

38
18. Which access control should the IT department use to
restore a system back to its normal state?
 compensative
 preventive
 corrective
 detective
19. A user has a large amount of data that needs to be kept
confidential. Which algorithm would best meet this requirement?
 3DES
 ECC
 RSA
 Diffie-Hellman
20. Alice and Bob use a pre-shared key to exchange a
confidential message. If Bob wants to send a confidential
message to Carol, what key should he use?
 the private key of Carol
 the public key of Bob
 the same pre-shared key he used with Alice
 a new pre-shared key
21. What happens as the key length increases in an encryption
application?
 Keyspace increases proportionally.
 Keyspace decreases exponentially.
 Keyspace decreases proportionally.
 Keyspace increases exponentially.
22. In which situation would a detective control be warranted?
 when the organization needs to repair damage
 when the organization needs to look for prohibited activity
 when the organization cannot use a guard dog, so it is necessary to consider an alternative
 after the organization has experienced a breach in order to restore everything back to a
normal state
23. An organization has implemented antivirus software. What
type of security control did the company implement?
 recovery control
 deterrent control
 compensative control
 detective control
24. You have been asked to describe data validation to the
data entry clerks in accounts receivable. Which of the following
are good examples of strings, integers, and decimals?
 800-900-4560, 4040-2020-8978-0090, 01/21/2013
 male, $25.25, veteran
 female, 9866, $125.50
 yes/no 345-60-8745, TRF562

39
25. Which hashing technology requires keys to be exchanged?
 salting
 AES
 HMAC
 MD5
26. Your organization will be handling market trades. You will
be required to verify the identify of each customer who is
executing a transaction. Which technology should be
implemented to authenticate and verify customer electronic
transactions?
 data hashing
 symmetrical encryption
 digital certificates
 asymmetrical encryption
27. What technology should be implemented to verify the
identity of an organization, to authenticate its website, and to
provide an encrypted connection between a client and the
website?
 digital signature
 digital certificate
 asymmetric encryption
 salting
28. Alice and Bob are using a digital signature to sign a
document. What key should Alice use to sign the document so
that Bob can make sure that the document came from Alice?
 private key from Bob
 private key from Alice
 username and password from Alice
 public key from Bob
29. What is a feature of a cryptographic hash function?
 Hashing requires a public and a private key.
 The hash function is a one-way mathematical function.
 The output has a variable length.
 The hash input can be calculated given the output value.
30. A VPN will be used within the organization to give remote
users secure access to the corporate network. What does IPsec
use to authenticate the origin of every packet to provide data
integrity checking?
 salting
 HMAC
 CRC
 Password

40
31. Which hashing algorithm is recommended for the
protection of sensitive, unclassified information?
 MD5
 SHA-256
 3DES
 AES-256
32. Your risk manager just distributed a chart that uses three
colors to identify the level of threat to key assets in the
information security systems. Red represents high level of risk,
yellow represents average level of threat and green represents
low level of threat. What type of risk analysis does this chart
represent?
 quantitative analysis
 exposure factor analysis
 loss analysis
 qualitative analysis
33. What is it called when an organization only installs
applications that meet its guidelines, and administrators
increase security by eliminating all other applications?
 asset classification
 asset availability
 asset standardization
 asset identification
34. Keeping data backups offsite is an example of which type
of disaster recovery control?
 management
 preventive
 detective
 corrective
35. What are two incident response phases? (Choose two.)
 detection and analysis
 confidentiality and eradication
 prevention and containment
 mitigation and acceptance
 containment and recovery
 risk analysis and high availability

41
36. The team is in the process of performing a risk analysis on
the database services. The information collected includes the
initial value of these assets, the threats to the assets and the
impact of the threats. What type of risk analysis is the team
performing by calculating the annual loss expectancy?
 quantitative analysis
 qualitative analysis
 loss analysis
 protection analysis
37. What approach to availability provides the most
comprehensive protection because multiple defenses
coordinate together to prevent attacks?
 obscurity
 limiting
 layering
 diversity
38. Being able to maintain availability during disruptive events
describes which of the principles of high availability?
 fault tolerance
 system resiliency
 single point of failure
 uninterruptible services
39. There are many environments that require five nines, but a
five nines environment may be cost prohibitive. What is one
example of where the five nines environment might be cost
prohibitive?
 department stores at the local mall
 the New York Stock Exchange
 the U.S. Department of Education
 the front office of a major league sports team
40. Which risk mitigation strategies include outsourcing
services and purchasing insurance?
 reduction
 avoidance
 acceptance
 transfer
41. Which utility uses the Internet Control Messaging Protocol
(ICMP)?
 NTP
 ping
 RIP
 DNS

42
42. Which technology can be used to protect VoIP against
eavesdropping?
 strong authentication
 encrypted voice messages
 ARP
 SSH
43. What Windows utility should be used to configure
password rules and account lockout policies on a system that is
not part of a domain?
 Local Security Policy tool
 Event Viewer security log
 Computer Management
 Active Directory Security tool
44. In a comparison of biometric systems, what is the
crossover error rate?
 rate of false positives and rate of acceptability
 rate of false negatives and rate of false positives
 rate of rejection and rate of false negatives
 rate of acceptability and rate of false negatives
45. Which protocol would be used to provide security for
employees that access systems remotely from home?
 WPA
 SSH
 SCP
 Telnet
46. Which three protocols can use Advanced Encryption
Standard (AES)? (Choose three.)
 WPA
 TKIP
 WPA2
 802.11i
 802.11q
 WEP
47. Mutual authentication can prevent which type of attack?
 wireless poisoning
 wireless sniffing
 wireless IP spoofing
 man-in-the-middle
48. Which website offers guidance on putting together a
checklist to provide guidance on configuring and hardening
operating systems?
 CERT
 The National Vulnerability Database website
 The Advanced Cyber Security Center
 Internet Storm Center

43
49. Which threat is mitigated through user awareness training
and tying security awareness to performance reviews?
 user-related threats
 device-related threats
 cloud-related threats
 physical threats
50. HVAC, water system, and fire systems fall under which of
the cybersecurity domains?
 device
 network
 physical facilities
 user

44