Académique Documents
Professionnel Documents
Culture Documents
(Choose two.)
establishing early warning systems
changing operating systems
hiring hackers
shutting down the network
sharing cyber Intelligence information
2. What does the acronym IoE represent?
Internet of Everyday
Insight into Everything
Intelligence on Everything
Internet of Everything
3. What name is given to a amateur hacker?
blue team
red hat
script kiddie
black hat
4. Pick three types of records that cyber criminals would be
interested in stealing from organizations. (Choose three.)
game
rock
employment
food
education
flight
medical
5. What is the workforce framework category that includes highly
specialized review and evaluation of incoming cybersecurity
information to determine if it is useful for intelligence?
Oversight and Development
Protect and Defend
Analyze
Securely Provision
6. What name is given to hackers who hack for a cause?
white hat
blue hat
hacker
hactivist
7. What does the term BYOD represent?
bring your own decision
buy your own disaster
bring your own disaster
bring your own device
1
8. What does the term vulnerability mean?
a computer that contains sensitive information
a method of attack to exploit a target
a weakness that makes a target susceptible to an attack
a known target or victim machine
a potential threat that a hacker creates
9. What type of attack uses many systems to flood the resources
of a target, thus making the target unavailable?
ping sweep
DDoS
spoof
DoS
10. What is an example of an Internet data domain?
Palo Alto
Juniper
Cisco
Linkedin
11. What type of an attack can disable a computer by forcing it
to use memory or by overworking its CPU?
exhaustion
algorithm
DDoS
APT
12. What are two common hash functions? (Choose two.)
Blowfish
ECC
RC4
SHA
MD5
RSA
13. What service determines which resources a user can
access along with the operations that a user can perform?
authentication
biometric
accounting
token
authorization
14. What type of cybersecurity laws protect you from an
organization that might want to share your sensitive data?
confidentiality
nonrepudiation
authentication
privacy
integrity
2
15. What three design principles help to ensure high
availability? (Choose three.)
eliminate single points of failure
provide for reliable crossover
ensure confidentiality
check for data consistency
use encryption
detect failures as they occur
16. For the purpose of authentication, what three methods are
used to verify identity? (Choose three.)
something you know
something you do
something you have
where you are
something you are
17. What is a secure virtual network called that uses the public
network?
IPS
IDS
MPLS
NAC
Firewall
VPN
18. What mechanism can organizations use to prevent
accidental changes by authorized users?
SHA-1
backups
version control
hashing
encryption
19. What is a method of sending information from one device
to another using removable media?
wired
infrared
LAN
packet
wireless
sneaker net
20. What are the three foundational principles of the
cybersecurity domain? (Choose three.)
policy
integrity
availability
confidentiality
security
encryption
3
21. What are three access control security services? (Choose
three.)
access
authentication
repudiation
authorization
accounting
availability
22. Which two methods help to ensure data integrity? (Choose
two.)
availability
data consistency checks
privacy
hashing
authorization
repudiation
23. What three tasks are accomplished by a comprehensive
security policy? (Choose three.)
useful for management
defines legal consequences of violations
is not legally binding
gives security staff the backing of management
vagueness
sets rules for expected behavior
24. What two methods help to ensure system availability?
(Choose two.)
integrity checking
system backups
up-to-date operating systems
system resiliency
fire extinguishers
equipment maintenance
25. What principle prevents the disclosure of information to
unauthorized people, resources, and processes?
integrity
confidentiality
nonrepudiation
accounting
availability
26. What are the three states of data? (Choose three.)
suspended
in-cloud
at rest
in-transit
in-process
encrypted
4
27. What name is given to any changes to the original data
such as users manually modifying data, programs processing
and changing data, and equipment failures?
deletion
modification
dissemination
corruption
backup
integrity
28. What is identified by the first dimension of the
cybersecurity cube?
goals
safeguards
rules
tools
knowledge
5
2. What type of attack targets an SQL database using the input
field of a user?
buffer overflow
SQL injection
XML injection
Cross-site scripting
3. Which two reasons describe why WEP is a weak protocol?
(Choose two.)
WEP uses the same encryption features as Bluetooth.
Everyone on the network uses a different key.
The key is static and repeats on a congested network.
The default settings cannot be modified.
The key is transmitted in clear text.
4. What is the difference between a virus and a worm?
Viruses hide in legitimate programs but worms do not.
Worms self-replicate but viruses do not.
Viruses self-replicate but worms do not.
Worms require a host file but viruses do not.
5. A criminal is using software to obtain information about the
computer of a user. What is the name of this type of software?
phishing
adware
spyware
virus
6. What is the meaning of the term logic bomb?
a malicious worm
a malicious program that uses a trigger to awaken the malicious code
a malicious virus
a malicious program that hides itself in a legitimate program
7. What is the term used when a malicious party sends a fraudulent
email disguised as being from a legitimate, trusted source?
Trojan
vishing
phishing
backdoor
social engineering
8. What are two ways to protect a computer from malware?
(Choose two.)
Empty the browser cache.
Use antivirus software.
Delete unused software.
Keep software up to date.
Defragment the hard disk.
6
9. What occurs on a computer when data goes beyond the limits of
a buffer?
a buffer overflow
a system exception
an SQL injection
cross-site scripting
10. What is the term used to describe an email that is targeting
a specific person employed at a financial institution?
spam
vishing
spear phishing
target phishing
spyware
11. An attacker is sitting in front of a store and wirelessly
copies emails and contact lists from nearby unsuspecting user
devices. What type of attack is this?
RF jamming
smishing
bluejacking
bluesnarfing
12. What are two of the tactics used by a social engineer to
obtain personal information from an unsuspecting target?
(Choose two.)
intimidation
compassion
honesty
urgency
integrity
13. What are two common indicators of spam mail? (Choose
two.)
The email has keywords in it.
The email has misspelled words or punctuation errors or both.
The email is from your supervisor.
The email is from a friend.
The email has no subject line.
The email has an attachment that is a receipt for a recent purchase.
14. Which term describes the sending of a short deceptive
SMS message used to trick a target into visiting a website?
spam
smishing
grayware
impersonation
7
15. A computer is presenting a user with a screen requesting
payment before the user data is allowed to be accessed by the
same user. What type of malware is this?
a type of logic bomb
a type of virus
a type of worm
a type of ransomware
16. What is the name for the type of software that generates
revenue by generating annoying pop-ups?
spyware
trackers
pop-ups
adware
17. What does a rootkit modify?
Microsoft Word
Notepad
screen savers
programs
operating system
18. What is the name given to a program or program code that
bypasses normal authentication?
virus
worm
ransomware
Trojan
8
4. Which three devices represent examples of physical access
controls? (Choose three.)
swipe cards
firewalls
locks
routers
servers
video cameras
5. What term is used to describe the technology that replaces
sensitive information with a nonsensitive version?
retracting
hiding
blanking
whiteout
masking
6. Which type of cipher is able to encrypt a fixed-length block of
plaintext into a 128-bit block of ciphertext at any one time?
transform
hash
symmetric
stream
block
7. What encryption algorithm uses the same pre-shared key to
encrypt and decrypt data?
hash
asymmetric
one-time pad
symmetric
8. What type of cipher encrypts plaintext one byte or one bit at a
time?
block
hash
enigma
stream
elliptical
9. What cryptographic algorithm is used by the NSA and includes
the use of elliptical curves for digital signature generation and
key exchange?
ECC
RSA
AES
El-Gamal
IDEA
9
10. What is the term used to describe the science of making
and breaking secret codes?
impersonation
spoofing
factorization
cryptology
jamming
11. Which three processes are examples of logical access
controls? (Choose three.)
guards to monitor security screens
firewalls to monitor traffic
swipe cards to allow access to a restricted area
fences to protect the perimeter of a building
intrusion detection system (IDS) to watch for suspicious network activity
biometrics to validate physical characteristics
12. What term is used to describe concealing data in another
file such as a graphic, audio, or other text file?
hiding
steganography
obfuscation
masking
13. What are three examples of administrative access
controls? (Choose three.)
hiring practices
intrusion detection system (IDS)
policies and procedures
background checks
guard dogs
encryption
14. Which three protocols use asymmetric key algorithms?
(Choose three.)
Telnet
Secure Shell (SSH)
Advanced Encryption Standard (AES)
Pretty Good Privacy (PGP)
Secure File Transfer Protocol (SFTP)
Secure Sockets Layer (SSL)
15. A warning banner that lists the negative outcomes of
breaking company policy is displayed each time a computer
user logs in to the machine. What type of access control is
implemented?
detective
preventive
masking
deterrent
10
16. Which two terms are used to describe cipher keys?
(Choose two.)
key space
key randomness
keylogging
key length
17. Match the type of multifactor authentication with the
description.
a security key fob ————> something you have
a fingerprint scan ————> something you are
a password ————> something you know
18. Match the description with the correct term. (Not all targets
are used.)
steganography —————> hiding data within an audio file
steganalysis ——————> discovering that hidden information exists within a graphic
file
social steganography ——–> creating a message that says one thing but means something
else to a specific audience
obfuscation ——————> making a message confusing so it is harder to understand
Other Incorrect Match Options:
replacing sensitive information in a file with nonsensitive information
19. Which asymmetric algorithm provides an electronic key
exchange method to share the secret key?
WEP
DES
RSA
Diffie-Hellman
hashing
20. What encryption algorithm uses one key to encrypt data
and a different key to decrypt data?
asymmetric
one-time pad
transposition
symmetric
11
2. A user is instructed by a boss to find a better method to secure
passwords in transit. The user has researched several means to
do so and has settled on using HMAC. What are the key
elements needed to implement HMAC?
secret key and message digest
symmetric key and asymmetric key
IPsec and checksum
message digest and asymmetric key
3. Which method tries all possible passwords until a match is
found?
rainbow tables
brute force
cloud
cryptographic
birthday
dictionary
4. An investigator finds a USB drive at a crime scene and wants to
present it as evidence in court. The investigator takes the USB
drive and creates a forensic image of it and takes a hash of both
the original USB device and the image that was created. What is
the investigator attempting to prove about the USB drive when
the evidence is submitted in court?
The data in the image is an exact copy and nothing has been altered by the process.
An exact copy cannot be made of a device.
The investigator found a USB drive and was able to make a copy of it.
The data is all there.
5. What are three type of attacks that are preventable through the
use of salting? (Choose three.)
lookup tables
phishing
reverse lookup tables
rainbow tables
guessing
social engineering
shoulder surfing
6. A user has been asked to implement IPsec for inbound external
connections. The user plans to use SHA-1 as part of the
implementation. The user wants to ensure the integrity and
authenticity of the connection. What security tool can the user
use?
ISAKMP
MD5
HMAC
SHA256
12
7. A user downloads an updated driver for a video card from a
website. A warning message pops up saying the driver is not
approved. What does this piece of software lack?
code recognition
digital signature
source code
valid ID
8. What is the purpose of CSPRNG?
to prevent a computer from being a zombie
to secure a web site
to process hash lookups
to generate salt
9. A user has created a new program and wants to distribute it to
everyone in the company. The user wants to ensure that when
the program is downloaded that the program is not changed
while in transit. What can the user do to ensure that the program
is not changed when downloaded?
Turn off antivirus on all the computers.
Encrypt the program and require a password after it is downloaded.
Install the program on individual computers.
Create a hash of the program file that can be used to verify the integrity of the file after it
is downloaded.
Distribute the program on a thumb drive.
10. A recent email sent throughout the company stated that
there would be a change in security policy. The security officer
who was presumed to have sent the message stated the
message was not sent from the security office and the company
may be a victim of a spoofed email. What could have been added
to the message to ensure the message actually came from the
person?
hashing
digital signature
non-repudiation
asymmetric key
11. A recent breach at a company was traced to the ability of a
hacker to access the corporate database through the company
website by using malformed data in the login form. What is the
problem with the company website?
lack of operating system patching
poor input validation
bad usernames
weak encryption
13
12. What are three validation criteria used for a validation rule?
(Choose three.)
encryption
type
range
size
key
format
13. A user is connecting to an e-commerce server to buy some
widgets for a company. The user connects to the site and
notices there is no lock in the browser security status bar. The
site does prompt for a username and password and the user is
able to log in. What is the danger in proceeding with this
transaction?
The user is using the wrong browser to perform the transaction.
The site is not using a digital certificate to secure the transaction, with the result that
everything is in the clear.
The certificate from the site has expired, but is still secure.
Ad blocker software is preventing the security bar from working properly, and thus there
is no danger with the transaction.
14. Identify three situations in which the hashing function can
be applied. (Choose three.)
PKI
IPsec
CHAP
DES
PPoE
WPA
15. What is the standard for a public key infrastructure to
manage digital certificates?
x.509
PKI
NIST-SP800
x.503
14
16. A user is evaluating the security infrastructure of a
company and notices that some authentication systems are not
using best practices when it comes to storing passwords. The
user is able to crack passwords very fast and access sensitive
data. The user wants to present a recommendation to the
company on the proper implementation of salting to avoid
password cracking techniques. What are three best practices in
implementing salting? (Choose three.)
Salts should be short.
The same salt should be used for each password.
A salt should not be reused.
A salt must be unique.
Salts are not an effective best practice.
A salt should be unique for each password.
17. A user is the database administrator for a company. The
user has been asked to implement an integrity rule that states
every table must have a primary key and that the column or
columns chosen to be the primary key must be unique and not
null. Which integrity requirement is the user implementing?
referential integrity
domain integrity
anomaly integrity
entity integrity
18. What are three NIST-approved digital signature
algorithms? (Choose three.)
ECDSA
RSA
SHA256
MD5
DSA
SHA1
19. Alice and Bob use the same password to login into the
company network. This means both would have the exact same
hash for their passwords. What could be implemented to prevent
both password hashes from being the same?
RSA
peppering
salting
pseudo-random generator
15
20. What is the step by step process for creating a digital
signature?
Create a SHA-1 hash; encrypt the hash with the private key of the sender; and bundle the
message, encrypted hash, and public key together to signed document.
Create a message digest; encrypt the digest with the private key of the sender; and bundle
the message, encrypted digest, and public key together in order to sign the document.
Create a message; encrypt the message with a MD5 hash; and send the bundle with a
public key.
Create a message digest; encrypt the digest with the public key of the sender; and bundle
the message, encrypted digest, and public key together to sign the document.
21. A user is purchasing a new server for the company data
center. The user wants disk striping with parity on three disks.
Which RAID level should the user implement?
5
1+0
0
1
22. A user is asked to create a disaster recovery plan for a
company. The user needs to have a few questions answered by
management to proceed. Which three questions should the user
ask management as part of the process of creating the plan?
(Choose three.)
How long does the process take?
Where does the individual perform the process?
Can the individual perform the process?
Who is responsible for the process
What is the process?
Does the process require approval?
23. A user was hired by a company to provide a highly
available network infrastructure. The user wants to build
redundancy into the network in case of a switch failure, but
wants to prevent Layer 2 looping. What would the user
implement in the network?
Spanning Tree Protocol
GLBP
VRRP
HSRP
24. A security breach has happened at a major corporation.
The incident team has responded and executed their incident
response plan. During which phase are lessons learned applied?
preparation
containment
recovery
analyze
post-incident
16
detection
25. A team has been asked to create an incident response plan
for security incidents. In what phase of an incident response
plan does the team get management approval of the plan?
analysis
post-incident
detection
containment
preparation
recovery
26. A user is asked to perform a risk analysis of a company.
The user asks for the company asset database that contains a
list of all equipment.The user uses this information as part of a
risk analysis. Which type of risk analysis could be performed?
qualitative
hardware
exposure factor
quantitative
27. A user is evaluating the network infrastructure of a
company. The user noted many redundant systems and devices
in place, but no overall evaluation of the network. In a report, the
user emphasized the methods and configurations needed as a
whole to make the network fault tolerant. What is the type of
design the user is stressing?
availability
comprehensive
resilient
spanning tree
28. A user has completed a six month project to identify all
data locations and catalog the location. The next step is to
classify the data and produce some criteria on data sensitivity.
Which two steps can the user take to classify the data? (Choose
two.)
Determine permissions for the data.
Determine the user of the data.
Treat all the data the same.
Determine how often data is backed up.
Identify sensitivity of the data.
Establish the owner of the data.
17
29. A user needs to add redundancy to the routers in a
company. What are the three options the user can use? (Choose
three.)
HSRP
VRRP
IPFIX
STP
RAID
GLBP
30. A user is asked to evaluate the data center to improve
availability for customers. The user notices that there is only
one ISP connection, some of the equipment is out of warranty,
there are no spare parts, and no one was monitoring the UPS
which was tripped twice in one month. Which three deficiencies
in high availability has the user identified? (Choose three.)
single points of failure
failure to detect errors as they occur
failure to design for reliability
failure to identify management issues
failure to prevent security incidents
failure to protect against poor maintenance
31. A company is concerned with traffic that flows through the
network. There is a concern that there may be malware that
exists that is not being blocked or eradicated by antivirus. What
technology can be put in place to detect potential malware traffic
on the network?
IDS
firewall
IPS
NAC
32. A user is a consultant who is hired to prepare a report to
Congress as to which industries should be required to maintain
five nine availability. Which three industries should the user
include in a report? (Choose three.)
retail
public safety
finance
food service
healthcare
education
18
33. A user is asked to evaluate the security posture of a
company. The user looks at past attempts to break into the
company and evaluates the threats and exposures to create a
report. Which type of risk analysis could the user perform?
objective
subjective
qualitative
opinion
34. A user is running a routine audit of the server hardware in
the company data center. Several servers are using single drives
to host operating systems and multiple types of attached
storage solutions for storing data. The user wants to offer a
better solution to provide fault tolerance during a drive failure.
Which solution is best?
tape backup
offsite backup
UPS
RAID
35. A user was hired as the new security officer. One of the
first projects was to take inventory of the company assets and
create a comprehensive database. Which three pieces of
information would the user want to capture in an asset
database? (Choose three.)
passwords
hardware network devices
users
workstations
groups
operating systems
36. A user is redesigning a network for a small company and
wants to ensure security at a reasonable price. The user deploys
a new application-aware firewall with intrusion detection
capabilities on the ISP connection. The user installs a second
firewall to separate the company network from the public
network. Additionally, the user installs an IPS on the internal
network of the company. What approach is the user
implementing?
risk based
attack based
layered
structured
19
37. The CEO of a company is concerned that if a data breach
should occur and customer data is exposed, the company could
be sued. The CEO makes the decision to buy insurance for the
company. What type of risk mitigation is the CEO implementing?
reduction
mitigation
avoidance
transference
20
5. A company wants to implement biometric access to its data
center. The company is concerned with people being able to
circumvent the system by being falsely accepted as legitimate
users. What type of error is false acceptance?
Type II
CER
false rejection
Type I
6. An administrator of a small data center wants a flexible, secure
method of remotely connecting to servers.Which protocol would
be best to use?
Telnet
Secure Copy
Remote Desktop
Secure Shell
7. Which service will resolve a specific web address into an IP
address of the destination web server?
ICMP
DHCP
NTP
DNS
8. Which three items are malware? (Choose three.)
Apt
attachments
virus
Trojan horse
keylogger
email
9. The CIO wants to secure data on company laptops by
implementing file encryption. The technician determines the
best method is to encrypt each hard drive using Windows
BitLocker. Which two things are needed to implement this
solution? (Choose two.)
backup
password management
EFS
at least two volumes
USB stick
TPM
21
10. A user makes a request to implement a patch management
service for a company. As part of the requisition the user needs
to provide justification for the request. What three reasons can
the user use to justify the request? (Choose three.)
the need for systems be directly connected to the Internet
no opportunities for users to circumvent updates
the likelihood of storage savings
the ability to obtain reports on systems
the ability to control when updates occur
the ability of users to select updates
11. The manager of desktop support wants to minimize
downtime for workstations that crash or have other software-
related issues. What are three advantages of using disk cloning?
(Choose three.)
can provide a full system backup
creates greater diversity
easier to deploy new computers within the organization
ensures system compatibility
ensures a clean imaged machine
cuts down on number of staff needed
12. A user is asked to analyze the current state of a computer
operating system. What should the user compare the current
operating system against to identify potential vulnerabilities?
a pentest
a blacklist
a baseline
a whitelist
a vulnerability scan
13. What is the difference between an HIDS and a firewall?
An HIDS works like an IPS, whereas a firewall just monitors traffic.
An HIDS blocks intrusions, whereas a firewall filters them.
An HIDS monitors operating systems on host computers and processes file system
activity. Firewalls allow or deny traffic between the computer and other systems.
A firewall allows and denies traffic based on rules and an HIDS monitors network traffic.
A firewall performs packet filtering and therefore is limited in effectiveness, whereas an
HIDS blocks intrusions.
14. What are three types of power issues that a technician
should be concerned about? (Choose three.)
blackout
flicker
brownout
spike
spark
fuzzing
22
15. A new PC is taken out of the box, started up and connected
to the Internet. Patches were downloaded and installed.
Antivirus was updated. In order to further harden the operating
system what can be done?
Remove unnecessary programs and services.
Turn off the firewall.
Give the computer a nonroutable address.
Remove the administrator account.
Disconnect the computer from the network.
Install a hardware firewall.
16. The company has many users who telecommute. A
solution needs to be found so a secure communication channel
can be established between the remote location of users and the
company. What is a good solution for this situation?
fiber
VPN
modem
T1
PPP
17. Why should WEP not be used in wireless networks today?
its use of clear text passwords
its age
easily crackable
its lack of encryption
its lack of support
18. A user calls the help desk complaining that the password
to access the wireless network has changed without warning.
The user is allowed to change the password, but an hour later,
the same thing occurs. What might be happening in this
situation?
user error
password policy
rogue access point
weak password
user laptop
19. An intern has started working in the support group. One
duty is to set local policy for passwords on the workstations.
What tool would be best to use?
grpol.msc
password policy
secpol.msc
system administration
account policy
23
20. The manager of a department suspects someone is trying
to break into computers at night. You are asked to find out if this
is the case. What logging would you enable?
Windows
syslog
operating system
audit
21. After a security audit for an organization, multiple accounts
were found to have privileged access to systems and devices.
Which three best practices for securing privileged accounts
should be included in the audit report? (Choose three.)
No one should have privileged access.
Enforce the principle of least privilege.
Secure password storage.
Only managers should have privileged access.
Reduce the number of privileged accounts.
Only the CIO should have privileged access.
24
4. A security professional is asked to perform an analysis of the
current state of a company network. What tool would the
security professional use to scan the network only for security
risks?
vulnerability scanner
malware
packet analyzer
pentest
5. A consultant is hired to make recommendations on managing
device threats in a company. What are three general
recommendations that can be made? (Choose three.)
Enforce strict HR policies.
Disable administrative rights for users.
Remove content filtering.
Enable media devices.
Enable automated antivirus scans.
Enable screen lockout.
6. What three services does CERT provide? (Choose three.)
enforce software standards
develop tools, products, and methods to analyze vulnerabilities
develop tools, products, and methods to conduct forensic examinations
create malware tools
resolve software vulnerabilities
develop attack tools
7. What are two items that can be found on the Internet Storm
Center website? (Choose two.)
InfoSec reports
historical information
InfoSec job postings
current laws
8. What can be used to rate threats by an impact score to
emphasize important vulnerabilities?
CERT
ACSC
NVD
ISC
9. A breach occurs in a company that processes credit card
information. Which industry specific law governs credit card
data protection?
PCI DSS
ECPA
SOX
GLBA
25
10. Why is Kali Linux a popular choice in testing the network
security of an organization?
It is a network scanning tool that prioritizes security risks.
It can be used to intercept and log network traffic.
It can be used to test weaknesses by using only malicious software.
It is an open source Linux security distribution and contains over 300 tools.
11. A company is attempting to lower the cost in deploying
commercial software and is considering a cloud based service.
Which cloud based service would be best to host the software?
RaaS
SaaS
PaaS
IaaS
12. An organization has implemented a private cloud
infrastructure. The security administrator is asked to secure the
infrastructure from potential threats. What three tactics can be
implemented to protect the private cloud? (Choose three.)
Update devices with security fixes and patches.
Hire a consultant.
Disable firewalls.
Test inbound and outbound traffic.
Disable ping, probing, and port scanning.
Grant administrative rights.
13. A school administrator is concerned with the disclosure of
student information due to a breach. Under which act is student
information protected?
FERPA
HIPPA
CIPA
COPPA
14. What are the three broad categories for information
security positions? (Choose three.)
definers
doers
seekers
monitors
builders
creators
15. What are two potential threats to applications? (Choose
two.)
data loss
social engineering
power interruptions
unauthorized access
26
16. If a person knowingly accesses a government computer
without permission, what federal act laws would the person be
subject to?
GLBA
ECPA
SOX
CFAA
17. A company has had several incidents involving users
downloading unauthorized software, using unauthorized
websites, and using personal USB devices. The CIO wants to put
in place a scheme to manage the user threats. What three things
might be put in place to manage the threats? (Choose three.)
Disable CD and USB access.
Monitor all activity by the users.
Provide security awareness training.
Use content filtering.
Change to thin clients.
Implement disciplinary action.
18. What are three disclosure exemptions that pertain to the
FOIA? (Choose three.)
public information from financial institutions
confidential business information
non-geological information regarding wells
information specifically non-exempt by statue
national security and foreign policy information
law enforcement records that implicate one of a set of enumerated concerns
Unauthorized visitors have entered a company office and are walking
around the building. What two measures can be implemented to
prevent unauthorized visitor access to the building? (Choose two.)
Establish policies and procedures for guests visiting the building.
Conduct security awareness training regularly.
Lock cabinets.
Prohibit exiting the building during working hours.
27
2. Technologies like GIS and IoE contribute to the growth of large
data stores. What are two reasons that these technologies
increase the need for cybersecurity specialists? (Choose two.)
They require 24-hour monitoring.
They collect sensitive information.
They contain personal information.
They increase processing requirements.
They require more equipment.
They make systems more complicated.
3. Which two groups of people are considered internal attackers?
(Choose two.)
ex-employees
amateurs
black hat hackers
hacktivists
trusted partners
4. Which methods can be used to implement multifactor
authentication?
IDS and IPS
tokens and hashes
VPNs and VLANs
passwords and fingerprints
5. Which technology should be used to enforce the security policy
that a computing device must be checked against the latest
antivirus update before the device is allowed to connect to the
campus network?
NAC
VPN
SAN
NAS
6. A security specialist is asked for advice on a security measure
to prevent unauthorized hosts from accessing the home network
of employees. Which measure would be most effective?
Implement a firewall.
Implement intrusion detection systems.
Implement a VLAN.
Implement RAID.
7. Which technology can be used to ensure data confidentiality?
hashing
identity management
RAID
Encryption
28
8. An organization allows employees to work from home two days
a week. Which technology should be implemented to ensure
data confidentiality as data is transmitted?
VPN
VLANS
RAID
SHS
9. What are the two most effective ways to defend against
malware? (Choose two.)
Implement a VPN.
Implement strong passwords.
Install and update antivirus software.
Implement RAID.
Implement network firewalls.
Update the operating system and other application software.
10. An executive manager went to an important meeting. The
secretary in the office receives a call from a person claiming that
the executive manager is about to give an important
presentation but the presentation files are corrupted. The caller
sternly recommends that the secretary email the presentation
right away to a personal email address. The caller also states
that the executive is holding the secretary responsible for the
success of this presentation. Which type of social engineering
tactic would describe this scenario?
familiarity
intimidation
trusted partners
urgency
11. Which statement describes a distributed denial of service
attack?”
An attacker sends an enormous quantity of data that a server cannot handle.
An attacker views network traffic to learn authentication credentials.
An attacker builds a botnet comprised of zombies.
One computer accepts data packets based on the MAC address of another computer.
12. What type of attack will make illegitimate websites higher
in a web search result list?
DNS poisoning
browser hijacker
spam
SEO poisoning
29
13. What is a nontechnical method that a cybercriminal would
use to gather sensitive information from an organization?
man-in-the-middle
social engineering
pharming
ransomeware
14. A penetration testing service hired by the company has
reported that a backdoor was identified on the network. What
action should the organization take to find out if systems have
been compromised?
Look for usernames that do not have passwords.
Look for unauthorized accounts.
Look for policy changes in Event Viewer.
Scan the systems for viruses.
15. Users report that the database on the main server cannot
be accessed. A database administrator verifies the issue and
notices that the database file is now encrypted. The organization
receives a threatening email demanding payment for the
decryption of the database file. What type of attack has the
organization experienced?
DoS attack
Trojan horse
ransomeware
man-in-the-middle attack
16. A user has a large amount of data that needs to be kept
confidential. Which algorithm would best meet this requirement?
RSA
Diffie-Hellman
3DES
ECC
17. What happens as the key length increases in an encryption
application?
Keyspace decreases exponentially.
Keyspace increases exponentially.
Keyspace decreases proportionally.
Keyspace increases proportionally.
18. Which algorithm will Windows use by default when a user
intends to encrypt files and folders in an NTFS volume?
RSA
DES
AES
3DES
30
19. Before data is sent out for analysis, which technique can
be used to replace sensitive data in nonproduction
environments to protect the underlying information?
data masking substitution
steganography
software obfuscation
steganalysis
20. In which situation would a detective control be warranted?
when the organization needs to repair damage
after the organization has experienced a breach in order to restore everything back to a
normal state
when the organization needs to look for prohibited activity
when the organization cannot use a guard dog, so it is necessary to consider an alternative
21. An organization plans to implement security training to
educate employees about security policies. What type of access
control is the organization trying to implement?
administrative
technological
physical
logical
22. An organization has implemented antivirus software. What
type of security control did the company implement?
deterrent control
detective control
recovery control
compensative control
23. Passwords, passphrases, and PINs are examples of which
security term?
authorization
access
authentication
identification
24. An organization has determined that an employee has been
cracking passwords on administrative accounts in order to
access very sensitive payroll information. Which tools would
you look for on the system of the employee? (Choose three)
password digest
reverse lookup tables
lookup tables
rouge access points
algorithm tables
rainbow tables
31
25. What technique creates different hashes for the same
password?
SHA-256
HMAC
CRC
salting
26. Which hashing technology requires keys to be exchanged?
HMAC
salting
MD5
AES
27. You have been asked to implement a data integrity
program to protect data files that need to be electronically
downloaded by the sales staff. You have decided to use the
strongest hashing algorithm available on your systems. Which
hash algorithm would you select?
SHA-1
AES
MD5
SHA-256
28. What kind of integrity does a database have when all its
rows have a unique identifier called a primary key?
entity integrity
referential integrity
domain integrity
user-defined integrity
29. Technicians are testing the security of an authentication
system that uses passwords. When a technician examines the
password tables, the technician discovers the passwords are
stored as hash values. However, after comparing a simple
password hash, the technician then discovers that the values
are different from those on other systems. What are two causes
of this situation? (Choose two.)
The systems use different hashing algorithms.
Both systems use MD5.
Both systems scramble the passwords before hashing.
One system uses hashing and the other uses hashing and salting.
One system uses symmetrical hashing and the other uses asymmetrical hashing.
30. Alice and Bob are using a digital signature to sign a
document. What key should Alice use to sign the document so
that Bob can make sure that the document came from Alice?
public key from Bob
private key from Alice
private key from Bob
32
username and password from Alice
31. The X.509 standards defines which security technology?
digital certificates
security tokens
strong passwords
biometrics
32. What is it called when an organization only installs
applications that meet its guidelines, and administrators
increase security by eliminating all other applications?
asset standardization
asset identification
asset classification
asset availability
33. Being able to maintain availability during disruptive events
describes which of the principles of high availability?
single point of failure
system resiliency
fault tolerance
uninterruptible services
34. An organization has recently adopted a five nines program
for two critical database servers. What type of controls will this
involve?
stronger encryption systems
remote access to thousands of external users
limiting access to the data on these systems
improving reliability and uptime of the servers
35. What approach to availability provides the most
comprehensive protection because multiple defenses
coordinate together to prevent attacks?
layering
obscurity
diversity
limiting
36. The team is in the process of performing a risk analysis on
the database services. The information collected includes the
initial value of these assets, the threats to the assets and the
impact of the threats. What type of risk analysis is the team
performing by calculating the annual loss expectancy?
qualitative analysis
loss analysis
protection analysis
quantitative analysis
33
37. Which two values are required to calculate annual loss
expectancy? (Choose two.)
asset value
exposure factor
frequency factor
annual rate of occurrence
single loss expectancy
quantitative loss value
38. An organization wants to adopt a labeling system based on
the value, sensitivity, and criticality of the information. What
element of risk management is recommended?
asset identification
asset availability
asset standardization
asset classification
39. What approach to availability involves using file
permissions?
layering
simplicity
obscurity
limiting
40. What are two incident response phases? (Choose two.)
prevention and containment
containment and recovery
mitigation and acceptance
detection and analysis
risk analysis and high availability
confidentiality and eradication
41. What Windows utility should be used to configure
password rules and account lockout policies on a system that is
not part of a domain?
Local Security Policy tool
Event Viewer security log
Active Directory Security tool
Computer Management
42. In a comparison of biometric systems, what is the
crossover error rate?
rate of false negatives and rate of false positives
rate of false positives and rate of acceptability
rate of rejection and rate of false negatives
rate of acceptability and rate of false negatives
34
43. What describes the protection provided by a fence that is 1
meter in height?
It deters casual trespassers only.
The fence deters determined intruders.
It offers limited delay to a determined intruder.
It prevents casual trespassers because of its height.
44. Mutual authentication can prevent which type of attack?
wireless poisoning
man-in-the-middle
wireless sniffing
wireless IP spoofing
45. Which protocol would be used to provide security for
employees that access systems remotely from home?
SSH
WPA
Telnet
SCP
46. Which technology can be used to protect VoIP against
eavesdropping?
encrypted voice messages
strong authentication
SSH
ARP
47. Which three protocols can use Advanced Encryption
Standard (AES)? (Choose three.)
WPA
802.11q
802.11i
TKIP
WPA2
WEP
48. HVAC, water system, and fire systems fall under which of
the cybersecurity domains?
network
user
device
physical facilities
49. Which national resource was developed as a result of a
U.S. Executive Order after a ten-month collaborative study
involving over 3,000 security professionals?
ISO OSI model
NIST Framework
ISO/IEC 27000
the National Vulnerability Database (NVD)
35
50. Which cybersecurity weapon scans for use of default
passwords, missing patches, open ports, misconfigurations,
and active IP addresses?
packet sniffers
vulnerability scanners
password crackers
packet analyzers
36
6. What are three states of data during which data is vulnerable?
(Choose three.)
purged data
stored data
data in-process
data encrypted
data decrypted
data in-transit
7. Which technology can be used to ensure data confidentiality?
hashing
identity management
encryption
RAID
8. A cybersecurity specialist is working with the IT staff to
establish an effective information security plan. Which
combination of security principles forms the foundation of a
security plan?
secrecy, identify, and nonrepudiation
confidentiality, integrity, and availability
technologies, policies, and awareness
encryption, authentication, and identification
9. What are the two most effective ways to defend against
malware? (Choose two.)
Implement strong passwords.
Implement a VPN.
Implement RAID.
Update the operating system and other application software.
Implement network firewalls.
Install and update antivirus software.
10. What is an impersonation attack that takes advantage of a
trusted relationship between two systems?
man-in-the-middle
spoofing
spamming
sniffing
11. Users report that the network access is slow. After
questioning the employees, the network administrator learned
that one employee downloaded a third-party scanning program
for the printer. What type of malware might be introduced that
causes slow performance of the network?
virus
worm
spam
phishing
37
12. Which statement describes a distributed denial of service
attack?”
An attacker views network traffic to learn authentication credentials.
An attacker builds a botnet comprised of zombies.
An attacker sends an enormous quantity of data that a server cannot handle.
One computer accepts data packets based on the MAC address of another computer.
13. What type of application attack occurs when data goes
beyond the memory areas allocated to the application?
buffer overflow
RAM Injection
SQL injection
RAM spoofing
14. What type of attack has an organization experienced when
an employee installs an unauthorized device on the network to
view network traffic?
sniffing
spoofing
phishing
spamming
15. A penetration testing service hired by the company has
reported that a backdoor was identified on the network. What
action should the organization take to find out if systems have
been compromised?
Look for policy changes in Event Viewer.
Scan the systems for viruses.
Look for unauthorized accounts.
Look for usernames that do not have passwords.
16. The IT department is tasked to implement a system that
controls what a user can and cannot do on the corporate
network. Which process should be implemented to meet the
requirement?
user login auditing
a biometric fingerprint reader
observations to be provided to all employees
a set of attributes that describes user access rights
17. Smart cards and biometrics are considered to be what type
of access control?
administrative
technological
logical
physical
38
18. Which access control should the IT department use to
restore a system back to its normal state?
compensative
preventive
corrective
detective
19. A user has a large amount of data that needs to be kept
confidential. Which algorithm would best meet this requirement?
3DES
ECC
RSA
Diffie-Hellman
20. Alice and Bob use a pre-shared key to exchange a
confidential message. If Bob wants to send a confidential
message to Carol, what key should he use?
the private key of Carol
the public key of Bob
the same pre-shared key he used with Alice
a new pre-shared key
21. What happens as the key length increases in an encryption
application?
Keyspace increases proportionally.
Keyspace decreases exponentially.
Keyspace decreases proportionally.
Keyspace increases exponentially.
22. In which situation would a detective control be warranted?
when the organization needs to repair damage
when the organization needs to look for prohibited activity
when the organization cannot use a guard dog, so it is necessary to consider an alternative
after the organization has experienced a breach in order to restore everything back to a
normal state
23. An organization has implemented antivirus software. What
type of security control did the company implement?
recovery control
deterrent control
compensative control
detective control
24. You have been asked to describe data validation to the
data entry clerks in accounts receivable. Which of the following
are good examples of strings, integers, and decimals?
800-900-4560, 4040-2020-8978-0090, 01/21/2013
male, $25.25, veteran
female, 9866, $125.50
yes/no 345-60-8745, TRF562
39
25. Which hashing technology requires keys to be exchanged?
salting
AES
HMAC
MD5
26. Your organization will be handling market trades. You will
be required to verify the identify of each customer who is
executing a transaction. Which technology should be
implemented to authenticate and verify customer electronic
transactions?
data hashing
symmetrical encryption
digital certificates
asymmetrical encryption
27. What technology should be implemented to verify the
identity of an organization, to authenticate its website, and to
provide an encrypted connection between a client and the
website?
digital signature
digital certificate
asymmetric encryption
salting
28. Alice and Bob are using a digital signature to sign a
document. What key should Alice use to sign the document so
that Bob can make sure that the document came from Alice?
private key from Bob
private key from Alice
username and password from Alice
public key from Bob
29. What is a feature of a cryptographic hash function?
Hashing requires a public and a private key.
The hash function is a one-way mathematical function.
The output has a variable length.
The hash input can be calculated given the output value.
30. A VPN will be used within the organization to give remote
users secure access to the corporate network. What does IPsec
use to authenticate the origin of every packet to provide data
integrity checking?
salting
HMAC
CRC
Password
40
31. Which hashing algorithm is recommended for the
protection of sensitive, unclassified information?
MD5
SHA-256
3DES
AES-256
32. Your risk manager just distributed a chart that uses three
colors to identify the level of threat to key assets in the
information security systems. Red represents high level of risk,
yellow represents average level of threat and green represents
low level of threat. What type of risk analysis does this chart
represent?
quantitative analysis
exposure factor analysis
loss analysis
qualitative analysis
33. What is it called when an organization only installs
applications that meet its guidelines, and administrators
increase security by eliminating all other applications?
asset classification
asset availability
asset standardization
asset identification
34. Keeping data backups offsite is an example of which type
of disaster recovery control?
management
preventive
detective
corrective
35. What are two incident response phases? (Choose two.)
detection and analysis
confidentiality and eradication
prevention and containment
mitigation and acceptance
containment and recovery
risk analysis and high availability
41
36. The team is in the process of performing a risk analysis on
the database services. The information collected includes the
initial value of these assets, the threats to the assets and the
impact of the threats. What type of risk analysis is the team
performing by calculating the annual loss expectancy?
quantitative analysis
qualitative analysis
loss analysis
protection analysis
37. What approach to availability provides the most
comprehensive protection because multiple defenses
coordinate together to prevent attacks?
obscurity
limiting
layering
diversity
38. Being able to maintain availability during disruptive events
describes which of the principles of high availability?
fault tolerance
system resiliency
single point of failure
uninterruptible services
39. There are many environments that require five nines, but a
five nines environment may be cost prohibitive. What is one
example of where the five nines environment might be cost
prohibitive?
department stores at the local mall
the New York Stock Exchange
the U.S. Department of Education
the front office of a major league sports team
40. Which risk mitigation strategies include outsourcing
services and purchasing insurance?
reduction
avoidance
acceptance
transfer
41. Which utility uses the Internet Control Messaging Protocol
(ICMP)?
NTP
ping
RIP
DNS
42
42. Which technology can be used to protect VoIP against
eavesdropping?
strong authentication
encrypted voice messages
ARP
SSH
43. What Windows utility should be used to configure
password rules and account lockout policies on a system that is
not part of a domain?
Local Security Policy tool
Event Viewer security log
Computer Management
Active Directory Security tool
44. In a comparison of biometric systems, what is the
crossover error rate?
rate of false positives and rate of acceptability
rate of false negatives and rate of false positives
rate of rejection and rate of false negatives
rate of acceptability and rate of false negatives
45. Which protocol would be used to provide security for
employees that access systems remotely from home?
WPA
SSH
SCP
Telnet
46. Which three protocols can use Advanced Encryption
Standard (AES)? (Choose three.)
WPA
TKIP
WPA2
802.11i
802.11q
WEP
47. Mutual authentication can prevent which type of attack?
wireless poisoning
wireless sniffing
wireless IP spoofing
man-in-the-middle
48. Which website offers guidance on putting together a
checklist to provide guidance on configuring and hardening
operating systems?
CERT
The National Vulnerability Database website
The Advanced Cyber Security Center
Internet Storm Center
43
49. Which threat is mitigated through user awareness training
and tying security awareness to performance reviews?
user-related threats
device-related threats
cloud-related threats
physical threats
50. HVAC, water system, and fire systems fall under which of
the cybersecurity domains?
device
network
physical facilities
user
44