Académique Documents
Professionnel Documents
Culture Documents
Version : V3.31
Build a foundation of knowledge which will be useful also after passing the exam.
Latest Version
We are constantly reviewing our products. New material is added and old material is revised. Free
updates are available for 90 days after the purchase. You should check your member zone at TestInside
1.Go to http://www.TestInside.com
3.The latest versions of all purchased products are downloadable from here. Just click the links.
Feedback
If you spot a possible improvement then please let us know. We always interested in improving product
quality.
Feedback should be send to sales(at)TestInside.com. You should include the following: Exam number,
Explanations
This product does not include explanations at the moment. If you are interested in providing explanations
A. Man-in-the-Middle
B. DDoS attack
C. MAC flooding
D. DNS poisoning
Answer: A
2. Which of the following should a technician recommend to prevent physical access to individual office
A. Video surveillance
B. Blockade
D. Mantrap
E. Perimeter fence
Answer: CD
3. An administrator in a small office environment has implemented an IDS on the network perimeter to
detect malicious traffic patterns. The administrator still has a concern about traffic inside the network
A. HIDS
B. A VLAN
C. A network router
D. An access list
Answer: A
A. IDEA
B. SHA-1
C. AES
D. DES
5. A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. It has been
suggested that the company purchase a product which could decrypt the SSL session, scan the content
and then repackage the SSL session without staff knowing. Which of the following type of attacks is similar
to this product?
A. Replay
B. Spoofing
C. TCP/IP hijacking
D. Man-in-the-middle
Answer: D
6. Which of the following could BEST assist in the recovery of a crashed hard drive?
A. Forensics software
B. Drive optimization
C. Drive sanitization
Answer: A
B. Steganographic keys
C. Private keys
D. Public keys
Answer: A
8. Which of the following BEST describes the form used while transferring evidence?
A. Booking slip
B. Affidavit
C. Chain of custody
Answer: C
A. Birthday
B. ARP poisoning
C. MAC flooding
D. Man-in-the-middle
Answer: D
10. The marketing department wants to distribute pens with embedded USB drives to clients. In the past
this client has been victimized by social engineering attacks which led to a loss of sensitive data. The
security administrator advises the marketing department not to distribute the USB pens due to which of the
following?
A. The risks associated with the large capacity of USB drives and their concealable nature
B. The security costs associated with securing the USB drives over time
C. The cost associated with distributing a large volume of the USB pens
D. The security risks associated with combining USB drives and cell phones on a network
Answer: A
Answer: D
12. When deploying 50 new workstations on the network, which of following should be completed FIRST?
D. Run OS updates.
Answer: C
13. A corporation has a contractual obligation to provide a certain amount of system uptime to a client.
A. PII
B. SLA
C. Due diligence
D. Redundancy
Answer: B
14. Snort, TCPDump and Wireshark are commonly used for which of the following?
A. Port scanning
B. Host monitoring
C. DDoS attacks
D. Network sniffing
Answer: D
15. Which of the following BEST describes using a third party to store the public and private keys?
B. Recovery agent
C. Key escrow
D. Registration authority
Answer: C
16. All of the following can be found in the document retention policy EXCEPT:
Answer: B
17. An instance where a biometric system identifies users that are authorized and allows them access is
A. False negative
B. True negative
C. False positive
D. True positive
Answer: D
18. Which of the following can be used to encrypt FTP or telnet credentials over the wire?
A. SSH
B. HTTPS
C. SHTTP
D. S/MIME
Answer: A
Answer: A
20. A company takes orders exclusively over the Internet. Customers submit orders via a web-based
application running on the external web server which is located on Network A. Warehouse employees use
an internal application, on its own server, to pick and ship orders, located on Network B. Any changes
made after the order is placed are handled by a customer service representative using the same internal
- NONE
The company wants to restrict warehouse employee access. Which of the following permissions is the
Answer: A
21. Which of the following is the difference between identification and authentication of a user?
A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a
system.
C. Identification proves who the user is and authentication is used to keep the users data secure.
D. Identification proves who the user is and authentication tells the user what they are allowed to do.
Answer: B
22. An administrator wishes to deploy an IPSec VPN connection between two routers across a WAN. The
administrator wants to ensure that the VPN is encrypted in the most secure fashion possible. Which of the
following BEST identifies the correct IPSec mode and the proper configuration?
Answer: A
Answer: D
A. Subnetting
B. Address hiding
C. VLAN management
Answer: B
25. While reviewing the firewall logs an administrator notices a number of unauthorized attempted
connections from 10.x.x.x on an unused port. Which of the following is the correct procedure to follow when
D. Block IP 10.x.x.x
Answer: C
26. Which of the following demonstrates the process of ensuring that both ends of the connection are in fact
A. Integrity
B. Identification
D. Non-repudiation
Answer: D
27. Which of the following is commonly used in a distributed denial of service (DDoS) attack?
A. Phishing
B. Adware
C. Botnet
D. Trojan
Answer: C
28. Which of the following is a best practice for coding applications in a secure manner?
A. Input validation
D. Cross-site scripting
Answer: A
29. Which of the following logical access controls would be MOST appropriate to use when creating an
A. ACL
B. Account expiration
D. Logical tokens
Answer: B
A. A port monitor utility shows that there are many connections to port 80 on the Internet facing web server.
B. A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization
D. The certificate for one of the web servers has expired and transactions on that server begins to drop
rapidly.
Answer: B
31. Which of the following access control methods gives the owner control over providing permissions?
Answer: D
32. Which of the following access control methods includes switching work assignments at preset intervals?
A. Job rotation
B. Mandatory vacations
C. Least privilege
D. Separation of duties
Answer: A
33. Which of the following authentication methods would MOST likely prevent an attacker from being able
A. TACACS
B. RAS
C. RADIUS
D. Kerberos
Answer: D
34. Which of the following allows an attacker to embed a rootkit into a picture?
A. Trojan horse
B. Worm
D. Virus
Answer: C
35. Which of the following allows an attacker to manipulate files by using the least significant bit(s) to
A. Steganography
B. Worm
C. Trojan horse
D. Virus
Answer: A
36. An administrator wants to setup their network with only one public IP address. Which of the following
A. DMZ
B. VLAN
C. NIDS
D. NAT
Answer: D
37. An administrator wants to proactively collect information on attackers and their attempted methods of
gaining access to the internal network. Which of the following would allow the administrator to do this?
A. NIPS
B. Honeypot
C. DMZ
D. NIDS
Answer: B
38. Which of the following allows a technician to correct a specific issue with a solution that has not been
fully tested?
B. Hotfix
C. Security roll-up
D. Service pack
Answer: B
39. A technician wants to regulate and deny traffic to websites that contain information on hacking. Which
B. Proxy
C. Protocol analyzer
D. NIDS
Answer: A
40. Which of the following would be the MOST secure choice to implement for authenticating remote
connections?
A. LDAP
B. 802.1x
C. RAS
D. RADIUS
Answer: D
41. Which of the following is the BEST way to reduce the number of accounts a user must maintain?
A. Kerberos
B. CHAP
C. SSO
D. MD5
Answer: C
42. Which of the following can be used as a means for dual-factor authentication?
Answer: D
43. Which of the following redundancy solutions contains hardware systems similar to the affected
A. Hot site
C. Warm site
D. Cold site
Answer: C
44. During the implementation of LDAP, which of the following will typically be changed within the
A. IP addresses
B. Authentication credentials
C. Non-repudiation policy
D. Network protocol
Answer: B
45. Which of the following security policies is BEST to use when trying to mitigate the risks involved with
A. The cell phone should require a password after a set period of inactivity.
B. The cell phone should only be used for company related emails.
Answer: A
A. NTLM
B. MD5
C. LANMAN
D. SHA-1
Answer: C
47. A technician needs to detect staff members that are connecting to an unauthorized website. Which of
A. Protocol analyzer
B. Bluesnarfing
D. HIDS
Answer: A
48. Which of the following is an example of security personnel that administer access control functions, but
A. Access enforcement
B. Separation of duties
C. Least privilege
D. Account management
Answer: B
49. How should a company test the integrity of its backup data?
Answer: C
A. Most privilege
B. Least privilege
C. Rule based
D. Role based
Answer: B
51. User A is a member of the payroll security group. Each member of the group should have read/write
permissions to a share. User A was trying to update a file but when the user tried to access the file the user
was denied. Which of the following would explain why User A could not access the file?
A. Privilege escalation
C. Least privilege
Answer: B
52. Which of the following threats is the MOST difficult to detect and hides itself from the operating system?
A. Rootkit
B. Adware
C. Spyware
D. Spam
Answer: A
53. Which of the following methods is used to perform denial of service (DoS) attacks?
A. Privilege escalation
B. Botnet
C. Adware
D. Spyware
Answer: B
A. Botnet
B. Logic Bomb
C. Trojan
D. Worm
Answer: C
55. Which of the following is a way to logically separate a network through a switch?
A. Spanning port
B. Subnetting
C. VLAN
D. NAT
Answer: C
56. Which of the following is an exploit against a device where only the hardware model and manufacturer
are known?
A. Replay attack
C. Privilege escalation
D. Default passwords
Answer: D
57. A technician is implementing a new wireless network for an organization. The technician should be
B. 802.11 mode.
C. weak encryption.
D. SSID broadcasts.
Answer: B
A. Performance monitor
B. Protocol analyzer
C. Router ACL
D. Network scanner
Answer: D
59. An organization is installing new servers into their infrastructure. A technician is responsible for making
sure that all new servers meet security requirements for uptime. In which of the following is the availability
requirements identified?
B. Performance baseline
D. Security template
Answer: A
60. After issuance a technician becomes aware that some keys were issued to individuals who are not
authorized to use them. Which of the following should the technician use to correct this problem?
A. Recovery agent
C. Key escrow
Answer: B
61. Which of following can BEST be used to determine the topology of a network and discover unknown
devices?
A. Vulnerability scanner
B. NIPS
C. Protocol analyzer
D. Network mapper
62. A technician is reviewing the logical access control method an organization uses. One of the senior
managers requests that the technician prevent staff members from logging on during non-working days.
Which of the following should the technician implement to meet managements request?
A. Enforce Kerberos
Answer: C
63. Which of the following BEST describes the term war driving?
A. Driving from point to point with a laptop and an antenna to find unsecured wireless access points.
B. Driving from point to point with a wireless scanner to read other users emails through the access point.
C. Driving from point to point with a wireless network card and hacking into unsecured wireless access
points.
D. Driving from point to point with a wireless scanner to use unsecured access points.
Answer: A
Answer: B
Answer: A
A. When the technician suspects that weak passwords exist on the network
C. When the technician has permission from the owner of the network
Answer: C
67. Which of the following is the MOST secure alternative for administrative access to a router?
A. SSH
B. Telnet
C. rlogin
D. HTTP
Answer: A
68. Which of the following creates a security buffer zone between two rooms?
A. Mantrap
B. DMZ
C. Turnstile
D. Anti-pass back
Answer: A
69. Kerberos uses which of the following trusted entities to issue tickets?
B. Certificate Authority
Answer: D
Answer: D
71. An unauthorized user intercepted a users password and used this information to obtain the companys
administrator password. The unauthorized user can use the administrators password to access sensitive
information pertaining to client data. Which of the following is this an example of?
A. Session hijacking
B. Least privilege
C. Privilege escalation
Answer: C
72. Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is
concerned that sensitive files can be copied to the USB drives. Which of the following mitigation
Answer: AC
73. An administrator has developed an OS install that will implement the tightest security controls possible.
In order to quickly replicate these controls on all systems, which of the following should be established?
Answer: B
74. A technician is testing the security of a new database application with a website front-end. The
technician notices that when certain characters are input into the application it will crash the server. Which
B. Implement an ACL
D. Input validation
Answer: D
75. A user has decided that they do not want an internal LAN segment to use public IP addresses. The user
wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the
A. IPSec
B. NAT
C. SSH
D. SFTP
Answer: B
C. Certificate authorities
Answer: B
A. LANMAN validation
B. Encrypt data
C. Kerberos authentication
Answer: D
78. A user is attempting to receive digitally signed and encrypted email messages from a remote office.
A. SMTP
B. S/MIME
C. ISAKMP
D. IPSec
Answer: B
A. ECC.
B. Rijndael.
C. 3DES.
D. RC4.
Answer: A
80. Which of the following is a way to encrypt session keys using SSL?
C. Session keys are sent in clear text because they are private keys.
Answer: B
Answer: B
82. Which of the following is done to ensure appropriate personnel have access to systems and networks?
(Select TWO).
Answer: BC
83. Antivirus software products detect malware by comparing the characteristics of known instances
A. Signature
B. Text
C. NIDS signature
D. Dynamic Library
Answer: A
84. When assigning permissions, which of the following concepts should be applied to enable a person to
A. Rule based
C. Least privilege
D. Role based
85. A user was trying to update an open file but when they tried to access the file they were denied. Which
of the following would explain why the user could not access the file?
Answer: C
86. A company uses a policy of assigning passwords to users, by default the passwords are based off of the
word $ervicexx, where xx is the last two numbers of the users cell phone number. The users are not
required to change this password. Which of the following is this an example of?
A. Default accounts
C. Back door
D. Weak passwords
Answer: D
87. Which of the following is a reason why a company should disable the SSID broadcast of the wireless
access points?
B. War driving
C. Weak encryption
D. Session hijacking
Answer: B
88. An administrator notices that former temporary employees accounts are still active on a domain.
Which of the following can be implemented to increase security and prevent this from happening?
Answer: B
89. Which of the following is the BEST place where the disaster recovery plan should be kept?
Answer: B
90. Which of the following is a required privilege that an administrator must have in order to restore a
A. Recovery agent
B. Registration authority
C. Domain administrator
D. Group administrator
Answer: A
A. AES
B. DES
C. 3DES
D. PGP
Answer: A
92. Which of the following requires a common pre-shared key before communication can begin?
Answer: B
93. Which of the following allows devices attached to the same switch to have separate broadcast
domains?
A. NAT
B. DMZ
C. NAC
D. VLAN
Answer: D
94. Which of the following allows for notification when a hacking attempt is discovered?
A. NAT
B. NIDS
C. Netflow
D. Protocol analyzer
Answer: B
95. When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?
A. An incorrect VLAN
B. SSID broadcasting
C. A repeater
D. A vampire tap
Answer: D
96. Which of the following allows a technician to scan for missing patches on a device without actually
A. A vulnerability scanner
B. Security baselines
D. Group policy
Answer: A
A. AES
B. DES
C. PGP
D. RSA
Answer: C
98. Sending continuous TCP requests to a device and ignoring the return information until the device
A. TCP/IP hijacking
B. DNS poisoning
C. Kiting
D. DoS
Answer: D
99. Which of the following would use a group of bots to stop a web server from accepting new requests?
A. DoS
B. DDoS
C. MAC
D. ARP
Answer: B
100. Using an asymmetric key cryptography system, where can a technician generate the key pairs?
A. A certificate authority
B. IETF
Answer: A
101. Which of the following allows a person to find public wireless access points?
A. Weak encryption
B. 802.1x
C. SSID broadcast
D. Data emanation
Answer: C
102. Which of the following allows a file to have different security permissions for users that have the same
Answer: C
103. Which of the following would be BEST to use to apply corporate security settings to a device?
A. A security patch
B. A security hotfix
C. An OS service pack
D. A security template
Answer: D
104. A user reports that a web based application is not working after a browser upgrade. Before the
upgrade, a login box would appear on the screen and disappear after login. The login box does not
appear after the upgrade. Which of the following BEST describes what to check FIRST?
Answer: B
105. A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm.
Which of the following would BEST diagnose which NIC is causing this problem?
B. A protocol analyzer
Answer: B
106. A company needs to have multiple servers running low CPU utilization applications. Which of the
A. Install multiple high end servers, sharing a clustered network operating system.
D. Install multiple low end servers, each running a network operating system.
Answer: C
107. After a system risk assessment was performed it was found that the cost to mitigate the risk was
higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST
course of action?
Answer: A
108. A small call center business decided to install an email system to facilitate communications in the office.
IT manager read there was a 90% chance each year that workstations would be compromised if not
adequately protected. If workstations are compromised it will take three hours to restore services for the 30
staff. Staff members in the call center are paid $90 per hour. If determining the risk, which of the following
A. $2,700
B. $4,500
C. $5,000
D. $7,290Pb
Answer: D
109. A small call center business decided to install an email system to facilitate communications in the office.
As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The
IT manager read there was a 90% chance each year that workstations would be compromised if not
adequately protected. If workstations are compromised it will take three hours to restore services for the 30
staff. Staff members in the call center are paid $90 per hour. If the anti-malware software is purchased,
A. $900
B. $2,290
C. $2,700
D. $5,000Pb
Answer: B
110. A technician is deciding between implementing a HIDS on the database server or implementing a
NIDS. Which of the following are reasons why a NIDS may be better to implement? (Select TWO).
111. Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a
laptop?
Answer: D
112. A flat or simple role-based access control (RBAC) embodies which of the following principles?
A. Users assigned to roles, permissions are assigned to groups, controls applied to groups and permissions
acquired by controls
B. Users assigned permissions, roles assigned to groups and users acquire additional permissions by
C. Roles applied to groups, users assigned to groups and users acquire permissions by being a member of
the group
D. Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a
Answer: D
113. Which of the following is a security threat that hides its processes and files from being easily detected?
A. Trojan
B. Adware
C. Worm
D. Rootkit
Answer: D
114. Frequent signature updates are required by which of the following security applications? (Select
TWO).
B. PGP
C. Firewall
D. PKI
E. IDS
Answer: AE
115. Social engineering, password cracking and vulnerability exploitation are examples of which of the
following?
A. Vulnerability assessment
B. Fingerprinting
C. Penetration testing
D. Fuzzing
Answer: C
116. Configuration baselines should be taken at which of the following stages in the deployment of a new
system?
Answer: D
117. Which of the following describes the difference between a secure cipher and a secure hash?
A. A hash produces a variable output for any input size, a cipher does not.
B. A cipher produces the same size output for any input size, a hash does not.
Answer: C
Answer: A
119. Which of the following BEST describes the differences between RADIUS and TACACS?
Answer: C
120. To evaluate the security compliance of a group of servers against best practices, which of the following
BEST applies?
Answer: C
121. Which of the following is a problem MOST often associated with UTP cable?
A. Fuzzing
B. Vampire tap
C. Crosstalk
D. Refraction
Answer: C
B. DMZ
C. OVAL
D. DDoS
Answer: B
123. Which of the following would allow for secure key exchange over an unsecured network without a
pre-shared key?
A. 3DES
B. AES
C. DH-ECC
D. MD5
Answer: C
124. Which of the following allows for a secure connection to be made through a web browser?
A. L2TP
B. SSH
C. SSL
D. HTTP
Answer: C
125. Which of the following would require a pre-sharing of information before a home user could attach to a
D. Encryption disabled
Answer: B
126. Which of the following would BEST allow an administrator to quickly find a rogue server on the
B. A network mapper
C. A protocol analyzer
Answer: B
A. Penetration testing
B. Protocol analyzers
C. Port scanners
D. Vulnerability testing
Answer: A
A. Multifactor authentication
B. One-factor authentication
Answer: D
129. All of the following are where backup tapes should be kept EXCEPT:
Answer: C
130. All of the following require periodic updates to stay accurate EXCEPT:
C. antivirus applications.
Answer: B
131. Which of the following is the quickest method to create a secure test server for a programmer?
Answer: B
132. Which of the following is a collection of fixes for an application or operating system that has been
A. A security template
B. A service pack
C. A patch
D. A hotfix
Answer: B
A. If the physical server crashes, all of the local virtual servers go offline immediately.
B. If the physical server crashes, all of the physical servers nearby go offline immediately.
Answer: A
A. IP spoofing
B. MAC filtering
D. Closed network
Answer: B
135. An antivirus server keeps flagging an approved application that the marketing department has installed
A. false negative.
B. false positive.
C. true negative.
D. true positive.
Answer: B
136. An administrator is running a network monitoring application that looks for behaviors on the network
outside the standard baseline that has been established. This is typical of a(n):
A. signature-based tool.
B. protocol analyzer.
C. honeynet.
D. anomaly-based tool.
Answer: D
137. Some examples of hardening techniques include all of the following EXCEPT:
Answer: B
138. An administrator wants to block users from accessing a few inappropriate websites as soon as
possible. The existing firewall allows blocking by IP address. To achieve this goal the administrator will need
to:
Answer: C
139. An administrator wants to ensure that when an employee leaves the company permanently, that the
company will have access to their private keys. Which of the following will accomplish this?
Answer: A
140. Which of the following organizational documentation describes how tasks or job functions should be
conducted?
A. Standards
B. Guideline
C. Policy
D. Procedures
Answer: D
Answer: B
142. Which of the following hashing techniques is commonly disabled to make password cracking more
A. NTLM
B. AES
C. OVAL
D. Kerberos
Answer: A
143. Which of the following describes software that is often written solely for a specific customers
application?
A. Rootkit
B. Hotfix
C. Service pack
D. Patch
Answer: B
144. A security manager believes that too many services are running on a mission critical database server.
Which of the following tools might a security analyst use to determine services that are running on the
A. OVAL
B. Port scanner
C. Protocol analyzer
D. NIDS
Answer: B
145. Which of the following encryption methods is often used along with L2TP?
A. S/MIME
B. SSH
C. 3DES
D. IPSec
Answer: D
146. An administrator is assigned to monitor servers in a data center. A web server connected to the
Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely
cause?
A. Spyware
B. Trojan
C. Privilege escalation
D. DoS
Answer: D
147. Ensuring administrators have both a regular user account and a privileged user account is an example
A. Need-to-know
C. Least privilege
Answer: C
148. Which of the following is an example of two-factor authentication for an information system?
Answer: A
149. A technician is performing an assessment on a router and discovers packet filtering is employed.
Which of the following describes a security concern with stateless packet filtering?
Answer: A
150. Which of the following is LEAST likely to help reduce single points of failure?
A. Mandatory vacations
B. Cross training
C. Clustered servers
Answer: A
151. Which of the following is LEAST effective when hardening an operating system?
A. Configuration baselines
C. Installing HIDS
Answer: C
152. Which of the following provides the MOST control when deploying patches?
A. Hotfix
B. Remote desktop
C. Patch management
D. Service packs
Answer: C
Answer: C
A. Compressed air
B. Tape recorder
C. Fingerprint cards
D. Digital camera
Answer: D
A. One
B. Two
C. Five
D. Seven
Answer: B
156. Which of the following terms is BEST associated with public key infrastructure (PKI)?
A. MD5 hashing
B. Symmetric key
C. Symmetric algorithm
D. Digital signatures
Answer: D
157. Which of the following is the LAST step to granting access to specific domain resources?
Answer: B
158. The staff must be cross-trained in different functional areas so that fraud can be detected. Which of the
A. Separation of duties
B. Implicit deny
C. Least privilege
D. Job rotation
Answer: D
159. Human Resources has requested that staff members be moved to different parts of the country into
A. Implicit deny
B. Separation of duties
C. Least privilege
D. Job rotation
Answer: D
160. An administrator is worried about an attacker using a compromised user account to gain administrator
A. Man-in-the-middle attack
B. Protocol analysis
C. Privilege escalation
D. Cross-site scripting
Answer: C
161. In regards to physical security, which of the following BEST describes an access control system which
implements a non-trusted but secure zone immediately outside of the secure zone?
A. Smart card
B. Defense-in-depth
C. Mantrap
D. DMZ
Answer: C
162. A technician notices delays in mail delivery on the mail server. Which of the following tools could be
A. Port scanner
B. Performance monitor
C. ipconfig /all
D. TFTP
Answer: B
163. During a risk assessment it is discovered that only one system administrator is assigned several tasks
critical to continuity of operations. It is recommended to cross train other system administrators to perform
A. DDoS
B. Privilege escalation
C. Disclosure of PII
Answer: D
164. Penetration testing should only be used once which of the following items is in place?
D. Written permission
Answer: D
165. An administrator recommends that management establish a trusted third party central repository to
maintain all employees private keys. Which of the following BEST describes the administrators
recommendation?
A. Registration
B. Certificate authority
D. Key escrow
Answer: D
166. To combat transaction fraud, a bank has implemented a requirement that all bank customers enter a
different, unique code to confirm every transaction. Which of the following is the MOST effective method
to accomplish this?
B. Elliptic curve
C. One-time password
D. Digital certificate
Answer: C
167. An administrator is responsible for a server which has been attacked repeatedly in the past. The only
recourse has been to reload the server from scratch. Which of the following techniques could be used to
Answer: B
168. According to company policy an administrator must logically keep the Human Resources department
separated from the Accounting department. Which of the following would be the simplest way to
accomplish this?
A. NIDS
B. DMZ
C. NAT
D. VLAN
Answer: D
A. CHAP
B. PKI
C. PGP
D. Kerberos
Answer: D
A. ARP Poisoning
B. DNS Poisoning
C. Replay
D. DoS
Answer: D
A. 25
B. 110
C. 161
D. 443
Answer: C
A. The firewall
Answer: C
173. Which of the following allows attackers to gain control over the web camera of a system?
B. SQL injection
C. Cross-site scripting
D. XML
Answer: A
174. Which of the following type of attacks sends out numerous MAC resolution requests to create a buffer
overflow attack?
A. Smurf
B. ARP poisoning
C. DDoS
D. DNS poisoning
Answer: B
175. Which of the following would a former employee MOST likely plant on a server that is not traceable?
A. Worm
B. Logic bomb
C. Trojan
D. Virus
Answer: B
176. Which of the following consists of markings outside a building that indicate the connection speed of a
A. War driving
B. War chalking
C. Blue jacking
D. Bluesnarfing
Answer: B
177. Which of the following could be used to capture website GET requests?
B. Protocol analyzer
C. Network mapper
D. Vulnerability scanner
Answer: B
178. Which of the following does the process of least privilege fall under?
A. Integrity
B. Non-repudiation
C. Confidentiality
D. Availability
Answer: C
A. SHA-1
B. LANMAN
C. NTLM
D. MD5
Answer: B
180. Which of the following encryption algorithms is decrypted in the LEAST amount of time?
A. RSA
B. AES
C. 3DES
D. L2TP
Answer: B
Answer: B
182. Identity proofing occurs during which phase of identification and authentication?
A. Testing
B. Verification
C. Authentication
D. Identification
Answer: D
183. Which of the following BEST describes the practice of dumpster diving?
A. Sorting through the garbage of an organization to obtain information used for configuration management.
B. Sorting through the garbage of an organization to obtain information used for a subsequent attack.
C. Sorting through the trash of an organization to obtain information found on their intranet.
D. Sorting through the trash of an organization to recover an old user ID badge previously used for an
attack.
Answer: B
Answer: B
185. To prevent the use of stolen PKI certificates on web servers, which of the following should an
A. Registration
C. CRL
D. Key escrow
Answer: C
186. Which of the following describes an implementation of PKI where a copy of a users private key is
A. Registration
B. Recovery agent
C. Key escrow
D. Asymmetric
Answer: C
187. All of the following are methods used to conduct risk assessments EXCEPT:
A. penetration tests.
B. security audits.
C. vulnerability scans.
D. disaster exercises.
Answer: D
A. The attacker has to create their own zero day attack for privilege escalation.
D. The attacker must have already gained entry into the system.
Answer: D
189. Management has asked a technician to prevent data theft through the use of portable drives. Which of
Answer: D
190. A technician has been informed that many of the workstations on the network are flooding servers.
A. Worm
B. Logic bomb
C. Virus
D. Spam
Answer: A
B. Patch application
C. Hotfix management
D. Change management
Answer: D
192. Which of the following BEST describes a way to prevent buffer overflows?
Answer: A
193. Which of the following describes a tool used by organizations to verify whether or not a staff member
A. Mandatory vacations
C. Implicit allow
Answer: A
194. Which of the following is the MOST common logical access control method?
C. Multifactor authentication
D. Security ID badges
Answer: B
195. Which of the following explains the difference between a public key and a private key?
A. The public key is only used by the client while the private key is available to all. Both keys are
mathematically related.
B. The private key only decrypts the data while the public key only encrypts the data. Both keys are
mathematically related.
C. The private key is commonly used in symmetric key decryption while the public key is used in
D. The private key is only used by the client and kept secret while the public key is available to all.
Answer: D
196. Which of the following is a countermeasure when power must be delivered to critical systems no
matter what?
A. Backup generator
D. Warm site
Answer: A
systems?
Answer: B
198. Which of the following tools will allow a technician to detect security-related TCP connection
anomalies?
A. Logical token
B. Performance monitor
Answer: B
199. Which of the following monitoring methodologies will allow a technician to determine when there is a
A. Signature-based
B. NIDS
C. Anomaly-based
D. NIPS
Answer: C
200. Which of the following is the MOST important thing to consider when implementing an IDS solution?
Answer: D
201. Which of the following is a list of discrete entries that are known to be benign?
A. Whitelist
B. Signature
C. Blacklist
D. ACL
Answer: A
202. Which of the following encryption algorithms is used for encryption and decryption of data?
A. MD5
B. SHA-1
C. NTLM
D. RC5
Answer: D
Answer: A
A. Integrity
B. Cryptographic randomness
C. Collision
D. Confidentiality
Answer: A
205. All of the following are part of the disaster recovery plan EXCEPT:
C. system backups.
Answer: D
206. Which of the following is MOST likely to make a disaster recovery exercise valuable?
D. Management participation
Answer: C
207. Which of the following would MOST likely prevent a PC application from accessing the network?
A. Virtualization
B. Host-based firewall
C. Antivirus
D. HIDS
Answer: B
208. A technician is investigating intermittent switch degradation. The issue only seems to occur when the
buildings roof air conditioning system runs. Which of the following would reduce the connectivity issues?
C. Shielding
Answer: C
209. A botnet zombie is using HTTP traffic to encapsulate IRC traffic. Which of the following would detect
B. Proxy server
C. Anomaly-based IDS
D. Rootkit
Answer: C
210. To determine whether a system is properly documented and to gain insight into the systems security
aspects that are only available through documentation is the purpose of:
Answer: C
A. Conducted from outside the perimeter switch but inside the firewall
B. Conducted from outside the building that hosts the organizations servers
D. Conducted from outside the perimeter switch but inside the border router
Answer: C
A. applications.
B. operating systems.
C. vulnerabilities.
D. active hosts.
Answer: C
Answer: D
Answer: A
215. Which of the following if disabled will MOST likely reduce, but not eliminate the risk of VLAN jumping?
A. LAN manager
B. ARP caching
D. TACACS
Answer: C
216. Which of the following would BEST describe a disaster recovery plan (DRP)?
Answer: D
217. Which of the following is the primary objective of a business continuity plan (BCP)?
Answer: A
218. A software manufacturer discovered a design flaw in a new application. Rather than recall the software,
management decided to continue manufacturing the product with the flaw. Which of the following risk
A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. Risk transfer
Answer: C
219. Which of the following is considered an independent program that can copy itself from one system to
another and its main purpose is to damage data or affect system performance?
A. Virus
B. Worm
C. Spam
D. Spyware
Answer: B
220. Which of the following access control methods could the administrator implement because of constant
A. Rule-based
B. Role-based
C. Discretionary
D. Decentralized
Answer: B
221. When using a single sign-on method, which of the following could adversely impact the entire
network?
B. Biometrics
C. Web server
D. Authentication server
Answer: D
A. CPU performance
B. NIC performance
C. System files
Answer: C
223. Which of the following intrusion detection systems uses statistical analysis to detect intrusions?
A. Signature
B. Honeynet
C. Anomaly
D. Knowledge
Answer: C
224. Which of the following is a system that will automate the deployment of updates to workstations and
servers?
A. Service pack
B. Remote access
C. Patch management
D. Installer package
Answer: C
225. Which of the following is a method to apply system security settings to all workstations at once?
A. Policy analyzer
C. Configuration baseline
D. A security template
Answer: D
226. Which of the following would be a method of securing the web browser settings on all network
workstations?
B. Group policy
C. Control panel
D. P2P software
Answer: B
227. Which of the following should be implemented to have all workstations and servers isolated in their
A. VLANs
B. NAT
C. Access lists
D. Intranet
Answer: A
228. Which of the following is the common mail format for digitally signed and encrypted messages?
A. SMTP
B. SSL
C. MIME
D. S/MIME
Answer: D
229. Which of the following is the common way of implementing cryptography on network devices for
encapsulating traffic between the device and the host managing them?
B. SNMP
C. SSH
D. SMTP
Answer: C
230. An application that gets downloaded onto a system by appearing to be a useful tool for cleaning out
A. spyware.
B. spam.
C. a worm.
D. a Trojan.
Answer: D
231. Installing an application on every desktop in a companys network that watches for possible intrusions
A. a HIDS.
C. hardening.
D. a NIDS.
Answer: A
232. Users should be able to access their email and several secure applications from any workstation on
the network. Additionally, the administrator has implemented an authentication system requiring the use of
a username, password, and a company issued smart card. Which of the following is this an example of?
B. SSO
C. ACL
D. Least privilege
Answer: B
233. Which of the following processes are used to monitor and protect the DNS server?
Answer: C
234. Which of the following is the MOST effective method for stopping a phishing attempt?
B. Paper shredders
C. User education
D. SPAM filters
Answer: C
235. Which of the following asymmetric encryption algorithms was utilized FIRST?
A. AES
B. Serpent
C. Whirlpool
D. DES
Answer: D
Answer: B
237. Which of the following could physically damage a device if a long term failure occurred?
B. HVAC
D. Shielding
Answer: B
238. Which of the following is the easiest way to disable a 10Base2 network?
A. Introduce crosstalk.
B. Install a zombie.
C. Remove a terminator.
Answer: C
239. Which of the following is the BEST method for securing the data on a coaxial network?
D. Run all new cables parallel to existing alternating current (AC) cabling.
Answer: B
A. Indu5tr1als
B. F%r3Walke3r
C. C0mpt!a2**8
D. P^s5W0rd
Answer: A
241. Which of the following mimics a legitimate program in order to steal sensitive data?
A. Botnet
B. Worm
D. Trojan
Answer: D
A. Encrypting the data payload and computing a unique mathematic identifier in order to detect change
during transport.
C. Encrypting the data payload and computing a unique mathematic identifier in order to prevent change
during transport.
Answer: D
A. Vulnerability assessment
B. Protocol analyzer
C. Penetration test
D. Network mapper
Answer: C
244. After a period of high employee turnover, which of the following should be implemented?
Answer: C
245. All PCs in a network share a single administrator ID and password. When the administrator attempts
to remotely control a users PC the attempt fails. Which of the following should the administrator check
FIRST?
Answer: C
246. All of the following are organizational policies that reduce the impact of fraud EXCEPT:
A. separation of duties.
C. job rotation.
D. escorting procedures.
Answer: B
Answer: A
248. Which of the following is a best practice for securing log files?
Answer: A
249. Which of the following logs might reveal the IP address and MAC address of a rogue device within the
local network?
A. Security logs
C. DNS logs
D. Antivirus logs
Answer: B
A. Mitigate vulnerabilities
Answer: B
251. Users and computers are generally grouped into domains for security purposes. Which of the following
is a common attribute used to determine which domain a user or computer belongs to?
A. MAC address
B. Location
C. Password
D. OS
Answer: B
A. ipfilter
B. RDP
C. rlogin
D. syslog
Answer: D
A. Availability
B. Accountability
D. Continuity
Answer: B
254. Which of the following is true about penetration testing or vulnerability assessments?
Answer: D
255. Executing proper logging procedures would be the proper course of action in which of the following
Answer: BC
256. Executing proper logging procedures would facilitate which of the following requirements?
Answer: B
257. Which of the following is a concern when setting logging to a debug level?
Answer: A
258. Which of the following malicious activities might leave traces in a DNS log file?
A. Hijacking
B. Poisoning
C. Caching
D. Phishing
Answer: B
259. Which of the following NAC scanning types is the LEAST intrusive to the client?
A. Open ID
B. Agent based
C. Agentless
D. ActiveX
Answer: C
260. While auditing a list of active user accounts, which of the following may be revealed?
Answer: D
261. Which of the following is the BEST logical access control method for controlling system access on
A. Separation of duties
B. Job rotation
Answer: C
262. Which of the following should be considered when implementing logging controls on multiple systems?
(Select TWO).
Answer: BC
B. Mirroring
C. Kiting
D. Low cost
Answer: B
D. the issuer.
Answer: A
265. Which of the following is the MOST common method of one-factor authentication?
C. Fingerprint reader
Answer: D
266. Which of the following prevents damage to evidence during forensic analysis?
Answer: C
267. Which of the following requires the server to periodically request authentication from the client?
A. EAP
B. CHAP
C. WPA2
D. RAS
Answer: B
A. P2P
B. ActiveX controls
C. Instant messaging
D. Internet mail
Answer: C
269. A user reports that pop-up windows continuously appear on their screen with a message stating that
they have a virus and offering to see a program that will remove it. The technician is skeptical because the
antivirus definitions on the machine are up-to-date. Which of the following BEST describes what the user
is seeing?
A. SQL injection
B. Spyware
Answer: C
270. Which of the following BEST allows for a high level of encryption?
Answer: A
271. Which of the following is the primary security risk associated with removable storage?
A. Availability
B. Confidentiality
C. Injection
D. Integrity
Answer: B
272. A company is addressing backup and recovery issues. The company is looking for a compromise
between speed of backup and speed of recovery. Which of the following is the BEST recommendation?
Answer: C
273. The GREATEST security concern in regards to data leakage with USB devices is:
A. speed.
B. physical size.
C. OS compatibility.
Answer: B
274. Once a system has been compromised, often the attacker will upload various tools that can be used at
a later date. The attacker could use which of the following to hide these tools?
A. Logic bomb
B. Rootkit
C. Virus
D. Trojan
Answer: B
275. Which of the following is the perfect encryption scheme and is considered unbreakable when properly
used?
B. Concealment cipher
C. One-time pad
D. Steganography
Answer: C
276. Which of the following is the main difference between a substitution cipher and a transposition cipher
A. One rearranges and replaces blocks while the other rearranges only.
B. One replaces blocks with other blocks while the other rearranges only.
C. One replaces blocks while the other rearranges and replaces only.
Answer: B
277. An application developer is looking for an encryption algorithm which is fast and hard to break if a large
key size is used. Which of the following BEST meets these requirements?
A. Transposition
C. Symmetric
D. Asymmetric
Answer: C
278. Multiple web servers are fed from a load balancer. Which of the following is this an example of?
A. RAID
B. Backup generator
C. Hot site
D. Redundant servers
Answer: D
Answer: D
Answer: B
A. group policy.
B. cookies.
C. cross-site scripting.
Answer: A
282. Which of the following tools would be BEST for monitoring changes to the approved system baseline?
Answer: B
Answer: D
284. Which of the following is a security risk when using peer-to-peer software?
A. Cookies
B. Multiple streams
C. Data leakage
D. Licensing
Answer: C
285. Which of the following overwrites the return address within a program to execute malicious code?
A. Buffer overflow
B. Rootkit
C. Logic bomb
D. Privilege escalation
Answer: A
A. NIPS.
B. firewalls.
C. HIDS.
D. routers.
Answer: C
287. Which of the following would a technician use to validate whether specific network traffic is indeed an
attack?
A. NIDS
B. Firewall
C. Honeypot
D. Protocol analyzer
Answer: D
288. Which of the following creates an emulated or virtual environment to detect and monitor malicious
activity?
A. Firewall
B. Honeypot
C. NIDS
D. NAC
Answer: B
289. A technician wants better insight into the websites that employees are visiting. Which of the following
A. Proxy server
B. DHCP server
C. DNS server
D. Firewall
290. Which of the following reduces effectiveness when deploying and managing NIPS?
B. Continued tuning
C. Network placement
Answer: A
A. bluesnarfing.
B. discovery mode.
C. blue jacking.
D. a smurf attack.
Answer: D
A. host-based firewall.
B. antivirus.
C. HIPS.
D. HIDS.
Answer: D
A. Botnet
B. Trojan
C. Logic bomb
D. Worm
Answer: B
A. By department
B. By location
C. By role
D. By name
Answer: B
295. A technician wants to be able to add new users to a few key groups by default, which of the following
A. Auto-population
B. Template
C. Default ACL
D. Inheritance
Answer: B
296. All of the following are logical access control methods EXCEPT:
A. biometrics.
B. ACL.
C. software token.
D. group policy.
Answer: A
297. Which of the following is placed in promiscuous mode, in line with the data flow, to allow a NIDS to
A. Console
B. Sensor
C. Filter
D. Appliance
Answer: B
298. An instance where an IDS identifies legitimate traffic as malicious activity is called which of the
following?
A. False positive
B. True negative
C. False negative
D. True positive
Answer: A
299. An instance where an IDS identifies malicious activity as being legitimate activity is called which of the
following?
A. False acceptance
B. False positive
C. False negative
D. False rejection
Answer: C
300. An instance where a biometric system identifies unauthorized users and allows them access is called:
A. false rejection.
B. false negative.
C. false acceptance.
D. false positive.
Answer: C
301. When executing a disaster recovery plan the MOST important thing to consider is:
Answer: D
302. To prevent disk integrity errors due to small line-power fluctuations, a system administrator should
A. Voltage regulator
B. Line conditioner
C. Battery backup
Answer: B
303. Which of the following is the MOST likely reason that an attacker would use a DoS attack?
A. The attacker is attempting to distract the company from the real underlining attack.
B. The attacker wants to prevent authorized users from using a certain service.
C. The attacker is working with outside entities to test the companys coding practices.
D. The attacker is working with inside entities to test the companys firewall.
Answer: B
304. Which of the following is a way to gather reconnaissance information from a printer resource?
A. HTTP
B. SMTP
C. RADIUS
D. SNMP
Answer: D
305. Which of the following will allow a technician to block certain HTTP traffic from company staff
members?
A. VLAN
B. Content filter
C. DMZ
D. NIDS
Answer: B
306. Which of the following will prevent a person from booting into removal storage media if the correct boot
Answer: A
307. Which of the following is the MOST effective application to implement to identify malicious traffic on a
server?
C. Antivirus software
D. HIDS software
Answer: D
308. Which of the following is the BEST way to mass deploy security configurations to numerous
workstations?
A. Security hotfix
B. Configuration baseline
C. Patch management
D. Security templates
Answer: D
309. Computer equipment has been stolen from a companys office. To prevent future thefts from occurring
and to safeguard the companys trade secrets which of the following should be implemented?
C. Multifactor authentication
Answer: D
310. Which of the following is the primary purpose for a physical access log in a data center?
Answer: D
311. Virtual machines are MOST often used by security researchers for which of the following purposes?
D. To provide an environment where malware can be executed with minimal risk to equipment and software
Answer: D
312. Which of the following are reasons to implement virtualization technology? (Select TWO).
Answer: AE
314. Which of the following is used to encrypt email and create digital signatures?
A. LDAP
B. HTTPS
C. S/MIME
D. RSA
Answer: C
D. AirSnort
Answer: C
A. Nessus
B. AirSnort
D. Wireshark
Answer: C
317. Which of the following would be used to push out additional security hotfixes?
A. Patch management
B. Configuration baseline
C. Cookies
Answer: A
Answer: A
319. Which of the following is a possible security risk associated with USB devices?
A. Domain kiting
B. Cross-site scripting
C. Input validation
D. Bluesnarfing
Answer: D
A. Firewall
B. HIDS
C. Antivirus
D. Pop-up blocker
Answer: D
A. Non-repudiation
B. Authorization
C. Authentication
D. Integrity
Answer: A
A. Access
C. Availability
D. Authorization
Answer: B
323. Which of the following protocols are used to secure e-commerce transactions? (Select TWO).
A. TLS
B. IPSec
C. SSH
D. SSL
E. RTP
Answer: AD
324. Which of the following encryption methods does SSH use during key exchange when securing a
A. Shared key
B. Asymmetric key
C. Symmetric key
D. Private key
Answer: B
325. Which of the following can be used to create a VPN? (Select TWO).
A. HTTPS
B. S/MIME
C. TLS
D. PPTP
E. IPSec
Answer: DE
326. Which of the following tools performs comprehensive tests against hosts to expose a range of known
A. Password crackers
B. Packet analyzer
C. Vulnerability scanners
D. Port scanners
Answer: C
327. There is a document on the shared network folder. User1 accesses the document to obtain data for
their own reports. User2 updates the document as data changes. User3 is a high-level executive who
needs to be able to alter the documents security settings and contents. Which of the following privileges
should each user have for the shared network folder, using the policy of least privileges?
B. User1: Read-Only, User2: Read and Write, User3: Read and Write
D. User1: Read and Write, User2: Read and Write, User3: Full-Control
Answer: C
A. Data is completely erased as soon as contact has been established from another device.
B. The target device has its data accessed or stolen from another Bluetooth device.
D. The target device is remotely accessed and unsolicited messages are sent.
Answer: B
329. Which of the following is the MOST effective way to minimize restoration time and conserve storage
A. Perform full backups weekly and differential backups nightly, with the tapes stored in a secure, off-site
location.
B. Perform full backups weekly and differential backups nightly, with the tapes stored in the server room for
quick access.
D. Perform full backups weekly and incremental backups nightly, with the tapes stored in a secure, off-site
location.
Answer: A
330. Which of the following is the MOST secure method to store log files?
Answer: D
Answer: D
332. When reviewing IP implementations, which of the following would a network mapper examine?
Answer: A
333. Which of the following terms describes malicious code that is normally used to gather personal
A. Spyware
C. Virus
D. Logic Bomb
Answer: A
334. Which of the following is an unwanted program that infects a host computer and normally reports the
contents of the hard drive or the users browsing habits to a remote source?
A. Spyware
B. Virus
C. Rootkit
D. Adware
Answer: A
335. Which of the following describes the process of using mathematical calculations to change cipher text
A. Encryption
B. Decryption
C. Cryptography
D. Steganography
Answer: B
336. Which of the following uses the same key to encrypt and decrypt?
A. Public key
B. Asymmetrical key
C. Symmetrical key
D. Authentication key
Answer: C
337. Which of the following describes the process of using mathematical calculations to change clear text
B. Decryption
C. Steganography
D. Cryptography
Answer: A
A. HTTPS
B. L2TP
C. FTP
D. IPSec
Answer: C
339. Which of the following is a way of limiting the effective range of a wireless network?
A. Shielding
B. Disabling SSID
C. Port filtering
D. MAC filtering
Answer: A
340. Which of the following is the practice of plotting access points with use of a wireless antenna and a
GPS program?
A. Blue jacking
B. Bluesnarfing
C. War driving
D. Data emanation
Answer: C
341. Which of the following terms BEST describes the process of stealing data from a Bluetooth enabled
phone?
B. Smurfing
C. Bluesnarfing
D. Blue jacking
Answer: C
342. A library provides automated pay per print copiers and printers. It is discovered that an employee has
been embezzling money from the coin boxes for many years. Which of the following might have helped
B. User education
C. Mandatory vacations
Answer: A
343. Data center fire suppression systems are MOST useful for which of the following situations?
Answer: A
344. A company takes orders exclusively over the Internet. Customers submit orders via a web-based
application running on the external web server which is located on Network A. Warehouse employees use
an internal application, on its own server, to pick and ship orders this is located on Network B. Any
changes made after the order is placed are handled by a customer service representative using the same
internal application. All information is stored in a database, which is also located on Network B.
- NONE
The company wants to restrict customer access as much as possible without impeding their ability to place
orders. Which of the following permissions is the MOST appropriate for the customers?
Answer: A
345. A company takes orders exclusively over the Internet. Customers submit orders via a web-based
application running on the external web server which is located on Network A. Warehouse employees use
an internal application, on its own server, to pick and ship orders, located on network B. Any changes
made after the order is placed are handled by a customer service representative using the same internal
- NONE
The company decides to add a separate database for the accounting department. The accounting staff
also needs access to the internal application and its database. Which of the following options is the MOST
cost-effective and provides the best protection for the accounting database as well as the internal
application?
A. Place the accounting database on Network B and the accounting employees on Network A.
D. Create a third network with the same access as Network B for the accounting database and employees.
Answer: B
346. A company takes orders exclusively over the Internet. Customers submit orders via a web-based
application running on the external web server which is located on network A. Warehouse employees use
an internal application, on its own server, to pick and ship orders, located on Network B. Any changes
made after the order is placed are handled by a customer service representative using the same internal
- NONE
The company wants to restrict customer service representative access as much as possible without
impeding their ability to place orders. Which of the following permissions is the MOST appropriate for the
Answer: B
347. The MOST reliable method to maintain integrity with digital media is to:
Answer: A
348. Which of the following should a technician do when preparing to clear data from SATA disks?
B. Use a drive wiping utility that ensures seven passes of all zeros.
C. Use a drive wiping utility that ensures three passes of all zeros.
Answer: A
349. To protect the confidentiality of data, the FINAL step in secure disposal of magnetic media is:
A. verification.
D. data categorization.
Answer: A
350. Which of the following monitoring methodologies would identify known viruses?
A. Behavior-based
B. Virus-based
C. Signature-based
D. Anomaly-based
Answer: C
351. A new employee on a business trip was reviewing several key documents while sitting in the lobby of
the airport. On return to the office, the administrator notified the employee that valuable company
information had been compromised. Which of the following concepts of social engineering occurred?
A. Dumpster diving
B. Shoulder surfing
C. Email hoax
Answer: B
A. Smurf attack
B. Birthday attack
C. Man-in-the-middle attack
D. Hybrid attack
Answer: D
353. Which of the following attacks would user education and awareness training help prevent? (Select
THREE).
A. Social Engineering
B. ARP Poisoning
C. Dumpster Diving
E. Phishing
F. DNS Poisoning
Answer: ACE
354. The Nmap utility can be used to complete which of the following tasks? (Select THREE).
A. Crack passwords as they are transmitted from one network location to another.
E. Determine what type of encryption is being used within a specified network range.
Answer: BCD
355. A user has requested access to a protected drive containing sensitive financial data. This user needs
Answer: B
356. Which of the following ways can a rootkit be removed from an infected system?
A. Boot into safe mode and run software which can identify and clean the infected file(s).
B. Run a scan on the infected system using software which can identify and clean the infected file(s).
C. Delete all temporary files residing on the system and update all antivirus definitions.
D. Boot the system with an USB drive that contains software which can identify and clean the infected
file(s).
Answer: D
357. Which of the following is the main security risk pertaining to mobile devices (e.g. cell phones or
laptops)?
B. Lack of encryption
Answer: D
358. Which of the following network protocols facilitates hiding internal addresses from the Internet?
A. DMZ
B. NAT
C. NAC
D. ARP
Answer: B
A. true positive.
B. false negative.
C. known anomalies.
D. false positive.
Answer: B
360. Antivirus software predominantly uses which of the following intrusion detection methodology?
A. Signature-based
B. Identity-based
C. Anomaly-based
D. Behavior-based
Answer: A
361. Which of the following BEST describes the process for preserving the integrity of forensic evidence?
A. Validation
B. Chain of custody
D. Authentication
Answer: B
362. Which of the following statements accurately describes the security advantage of VLANs?
Answer: C
363. Which of the following methodologies is being used if a monitoring tool is able to detect unusual
A. Definition-based
B. Signature-based
C. Performance-based
D. Anomaly-based
Answer: D
364. Which of the following is used to grant users appropriate rights to perform their duties?
A. Remote authentication
B. Separation of duties
C. Least privilege
D. Complex passwords
Answer: C
365. Which of the following security measures will prevent a user from changing the boot order on a
system?
Answer: B
A. Scheduled scan
B. On-access scan
C. Boot scan
Answer: B
367. Which of the following tools should be used to determine what services may be running on a
A. NIDS
B. Protocol analyzer
C. HIDS
D. Port scanner
Answer: D
368. Which of the following asymmetric keys is used to encrypt and decrypt a message?
A. Senders public key is used to encrypt. Senders public key is used to decrypt.
B. Recipients private key is used to encrypt. Senders private key is used to decrypt.
C. Senders public key is used to encrypt. Senders private key is used to decrypt.
D. Recipients public key is used to encrypt. Recipients private key is used to decrypt.
Answer: D
369. An organization needs data folders for all departments. No department personnel should have
permissions to view another departments folder. How should permissions be set up?
A. Create a role-based group for all departments. Create a folder for each department. Assign the group
B. Create a role-based group for all departments. Create a folder for each department. Assign the group
C. Create a role-based group for each department. Create a folder for each department. Assign the group
permissions to each groups own folder. Add users to the appropriate group.
D. Create a user for each department. Create a folder for each department. Assign the user permissions to
each folder.
Answer: C
370. A virus scanner that must have its virus definitions updated as new viruses are found is an example of
A. Keywords-based
B. Anomaly-based
D. Signature-based
Answer: D
A. Reusing a password
Answer: A
372. Which of the following tools would a technician use to analyze and observe network conditions, traffic
A. SMTP
B. NIPS
D. Protocol analyzer
Answer: D
373. Which of the following uses tickets to provide both authentication and encryption services?
A. RAS
B. Biometrics
C. Kerberos
D. SSH
Answer: C
374. An administrator finds that several employees have multiple forms of malware infection on their
computers. The administrator has found all of the infections came from visiting specific websites. Which of
the following is the BEST action to prevent infections from occurring through the same vector?
Answer: A
375. In order to clean and protect a computer system from malware, the BEST choice to clean and protect a
A. only run one single application that combats all of the software threats.
B. run the operating system within virtualization software without any additional security software.
Answer: D
376. Which of the following methods uses DNS lookup to block email messages sent from a server known
Answer: D
377. When reviewing logs for DNS kiting, which of the following would be the MOST important entries to
monitor?
Answer: D
378. Which of the following represents security issues when using WEP encryption?
Answer: D
379. Which of the following is a difference between a vulnerability assessment and a penetration test?
A. A penetration test presents a higher risk in regards to disrupting the usage of networks or systems.
B. Vulnerability assessment will often find fewer threats than a penetration test.
C. Vulnerability assessments are commonly performed without any knowledge of the targeted systems.
Answer: A
380. To examine a potentially dangerous piece of software, a security administrator runs the application
Answer: D
381. Which of the following is a risk associated with server-side scripting? (Select TWO).
Answer: AD
Answer: C
383. Which of the following is an effective method to identify the source of unauthorized zone transfers?
Answer: B
384. Which of the following is a cost-effective solution to test the effects of security policies in a large
Answer: B
385. Which of the following involves the attempt to bypass security features on a network?
A. Penetration testing
B. Vulnerability scanning
C. Performance monitoring
Answer: A
386. Which of the following social engineering techniques requires close physical proximity to a user?
A. Smurf attacks
C. Shoulder surfing
D. Dumpster diving
Answer: C
387. A technician needs to remove a worm from a users machine. Which of the following tools would MOST
A. HIDS
B. Anti-spyware
C. Antivirus
D. Anti-spam
Answer: C
388. An administrator wants to block access to the Internet unless a special configuration is entered into the
devices network properties. Which of the following would provide this functionality?
A. NIDS
B. Firewall
C. NIPS
D. Proxy server
Answer: D
389. A user must pass through a set of doors that enclose them in a specific area until properly
A. Hardware locks
D. Mantrap
Answer: D
390. Which of the following logical access controls helps protect against password attacks?
Answer: D
391. The audit team is conducting a review of user accounts. Which of the following logical controls would
A. USB token
B. Digital signatures
C. Account expiration
D. Private key
Answer: C
392. Which of the following BEST explains the importance of information security audit logs?
D. They can illustrate due diligence when creating new user accounts.
Answer: C
Answer: B
394. Which of the following protocols are used for remote access authentication?
A. SFTP
C. RADIUS
D. ARP
Answer: C
A. Phishing
B. Smurf attack
C. Replay attack
D. ARP poisoning
Answer: A
396. The accounting department has a specialized check printer. Checks are printed by the accounting
staff after receiving a check request from a manager. Which of the following groups needs access to this
printer?
C. Managers only
Answer: A
397. Which of the following is the MOST effective way to ensure that contractors do not connect to the
A. Account expiration
B. Password policy
Answer: A
398. A company wants to ensure that users only use their accounts between 8AM and 6PM Monday thru
A. Account expiration
B. Logical tokens
D. Group policies
Answer: C
399. The IT department has noticed that a user has been accessing their departments network share after
hours. While they have not seen any malicious behavior, this is against the security policy. The BEST way
A. restrict access to the share so that it is only available during business hours.
B. implement the least privilege policy and deny the users access to the share.
C. create a separate logon for the share that is not based on the domain account.
D. create a new group policy that would lock the workstations at the end of the day.
Answer: A
A. No encryption
B. No password authentication
C. Weak authentication
Answer: A
Answer: B
A. Host-based
B. IPSec
C. Anti-spam
D. Pop-up blocker
Answer: A
403. A user needs access to a drive to edit documents on a particular shared folder. According to the rule of
Answer: B
404. Which of the following is the state of a cold site prior to a disaster?
D. The site has all systems loaded with data from the latest backups.
Answer: C
405. Which of the following can be accomplished by using a HIDS but cannot be accomplished with just a
personal firewall?
A. Port blocking
Answer: D
406. Which of the following is a method to determine if a back door has been created on a computer?
B. A new port is opened up without any new applications having been installed to use this port.
D. A new service is started whenever attempts are made to connect to a wireless network.
Answer: B
407. Which of the following is the BEST way to read system logs?
Answer: C
B. Facilitates enumeration
C. Serves as a DMZ
Answer: A
409. Which of the following roles describes an agent who is a trusted entity by all parties involved in the key
exchange process?
A. Registration administrator
C. Cryptoanalyst
D. Recovery agent
Answer: B
are?
A. Enumeration
B. Non-repudiation
C. Authentication
D. Identification
Answer: B
411. Which of the following describes a host-based system that provides access control?
B. Antivirus software
C. HIDS
D. Pop-up blockers
Answer: A
412. Which of the following would be used to identify the users who are entering a secured area?
A. Mantrap
C. Biometric system
D. Hardware locks
Answer: C
A. 802.3x
B. CHAP
C. 802.1x
D. PAP
Answer: C
414. Which of the following encryption algorithms provides the LEAST amount of security?
B. WEP
C. DES
D. AES
Answer: C
415. Which of the following sends data packets to various IP ports on a host to determine the responsive
ports?
A. OVAL
B. Network sniffer
C. Protocol analyzer
D. Network mappers
Answer: D
B. HIDS can analyze information that was sent through encrypted channels.
Answer: B
417. An administrator wishes to hide the network addresses of an internal network when connecting to the
Internet. The MOST effective way to mask the network address of the users would be by passing the
traffic through a:
A. stateful firewall.
B. packet-filtering firewall.
C. NIPS.
D. NAT.
Answer: D
A. DES
B. Diffie-Hellman
C. RSA
D. 3DES
Answer: C
419. Which of the following is a potential danger when using a vulnerability scanner?
A. A malicious user may replay packets during the scan to compromise a target.
B. The scan may make attackers on a public network aware of the vulnerabilities.
D. The scan may cause excess network congestion and interfere with normal network traffic.
Answer: C
420. Which of the following data would be classified as sensitive information in a data classification policy?
(Select THREE).
B. Passwords
C. Username
D. Employer
F. Date of birth
Answer: ABE
421. Which of the following is the MOST effective way to suppress a fire at a data center?
Answer: C
422. Which of the following is the minimum acceptable length for RSA to protect e-commerce transactions?
A. 128
B. 512
C. 1024
D. 2048
Answer: C
A. AES
B. Diffie-Hellman
C. PKI
D. RSA
Answer: A
A. Latency
B. Escape
C. Viruses
D. Spyware
Answer: B
425. A user has to use a fingerprint scanner and enter a password to logon to their machine. This is an
A. Two-factor authentication
B. Single sign-on
C. Dual sign-on
D. Three-factor authentication
Answer: A
A. Daily
B. Bi-weekly
C. Weekly
D. Monthly
Answer: A
427. Which of the following tools are used for password cracking? (Select TWO).
B. Cain
C. Kismet
D. Nmap
E. Nessus
Answer: AB
428. A company runs a site which has a search option available to the general public. The network
administrator is reviewing the site logs one day and notices an IP address filling out a specific form on the
site at a rate of two submissions per second. Which of the following is the BEST option to stop this type of
abuse?
C. Disable ActiveX.
Answer: A
429. An administrator has been tasked with the job of assessing network security in an organization. The
administrator is advised that testing or analysis must have minimal impact on the network. Which of the
A. Social engineering
B. Vulnerability scanning
D. Buffer overflows
Answer: A
430. Which of the following makes it more difficult to identify internal address schemes?
A. VLAN
B. NAT
C. IPSec
D. DMZ
Answer: B
431. An administrator wants to harden the network against brute force and dictionary attacks. Which of the
Answer: B
432. To prove whether or not an email server can be compromised by an external attacker, which of the
A. Port scanner
B. Password cracker
C. Performance monitoring
D. Penetration testing
Answer: D
433. When visiting a secure website, the browser reports an error with the websites certificate. Which of
A. It is an S/MIME certificate.
C. The CA that issued the sites certificate is not trusted by the browser.
Answer: C
A. Shoulder surfing
B. Backup generator
C. Public key
D. Smart card
Answer: D
A. expired certificates.
C. user-forgotten keys.
Answer: C
436. Which of the following disadvantages should an administrator keep in mind when implementing VoIP?
A. The cost and operation scales to the size of the user base.
Answer: B
437. Which of the following physical security methods provide the BEST method of validating and tracking
B. Video surveillance
D. Photo ID
Answer: BE
438. Which of the following passwords would be the MOST difficult to crack?
A. Passw0rd
B. L0gin1
C. zAq12wsx!
D. ABC123def
Answer: C
439. An administrator suspects there is vulnerability on the network due to unexplained packet loss on one
node. Which of the following can be used to investigate the packet loss?
Answer: D
440. A corporation has employed a third-party company to perform black-box penetration on their network.
C. a test user account, but the company performs the network footprinting.
Answer: D
441. Which of the following is the BEST location for a proxy server?
A. On all servers
Answer: C
A. CA
B. Recovery agent
C. Trust models
D. CRL
Answer: A
443. Which of the following tools is used to determine the source of a network problem and establish
baselines?
A. Network mapper
B. Port scanner
C. Protocol analyzer
D. Vulnerability scanner
Answer: C
B. Security policy
C. Application logging
D. Configuration baseline
Answer: B
445. A small company has new rules regarding password strength. The technician sets all existing user
passwords to expire to ensure that all users update their passwords. Which of the following BEST
Answer: B
446. In order to access a company system, a user is required to provide a thumbprint scan as well as their
A. Two-factor authentication
B. Three-factor authentication
C. Single-factor authentication
D. Single sign-on
Answer: A
447. A performance monitoring system that reports deviation from a baseline is BEST described as:
A. a behavior-based system.
B. an anomaly-based system.
C. a signature-based system.
Answer: B
448. Which of the following should cause the MOST concern when evaluating DNS logs? (Select THREE).
B. A denied zone transfer request from one of the secondary DNS servers
E. A DNS request from an internal host for the companys web server address
F. A request from an external host for the companys web server address
Answer: ABC
Answer: D
D. Complete a ping sweep to verify which hosts are active on the network.
Answer: B
451. Which of the following BEST describes the differences between penetration testing and vulnerability
scanning?
Answer: D
452. Which of the following BEST describes the results of vulnerability scanning?
Answer: A
453. Which of the following BEST describes the security principle addressed through whole disk
A. Accountability
B. Integrity
C. Confidentiality
D. Availability
Answer: C
454. Which of the following would be a benefit of testing a program of an unknown source on a virtual
machine?
B. Virtual machines allow for faster performance, so the speed of benchmark testing is increased.
C. Virtual machines come equipped with a firewall by default, thus preventing outside contamination.
D. Virtual machines can easily be restored to an earlier point if the code is malicious or causes instability.
Answer: D
455. An administrator has configured server systems to keep detailed performance logs. When reviewing
the performance logs, which of the following would MOST likely indicate a security breach?
A. The performance logs indicate high CPU and disk usage during off peak hours.
B. The performance logs indicate CPU usage of near 100% several times during the working day.
D. Disk usage increases 30% at the same time each work day.
Answer: A
456. An administrator needs to ensure that a particular computer has access to port 80 so it can use the
Internet but also needs to ensure that no other ports can be used. Which of the following would allow this
B. Configure the firewall to allow port 80 and block all other ports.
457. Which of the following terms describes a case where the transmission between two or more nodes is
A. Null session
B. TCP hijacking
C. Web spoofing
D. DOS
Answer: B
458. When a user knows the originator of the key, this is an example of which of the following models?
A. Web of trust
B. Trusted introducer
C. Hierarchical trust
D. Direct trust
Answer: D
459. Which of the following models is an example of a root certificate based trust that validates other
A. Web of trust
B. Hierarchical trust
C. Direct trust
D. Trusted introducer
Answer: B
460. Which of the following trust models is an example of when a certificate becomes trusted by a group of
trusted sources?
A. Web of trust
B. Trusted introducer
C. Direct trust
Answer: B
461. An administrator wants to deploy a solution that will use a secret key to secure data transmissions.
A. Asymmetric encryption
B. Non-repudiation
C. Symmetric encryption
Answer: C
462. An administrator wants to ensure a high level of security between two nodes when a transmission is
taking place. Which of the following would provide the HIGHEST level of security?
Answer: C
463. A company has a problem with users inadvertently posting company information on the Internet. Which
of the following is the BEST method for the company to address it?
Answer: A
464. An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns.
A. An attacker using the phone remotely for spoofing other phone numbers
C. The Bluetooth enabled phone causing signal interference with the network
Answer: B
465. When implementing an HVAC system, a company needs to be aware of which of the following security
concerns?
Answer: B
466. Which of the following is the MOST important reason to verify the integrity of acquired data in a
forensic investigation?
B. To ensure that the MBR gets transferred successfully to the target media
C. To ensure that source data will fit on the specified target media
Answer: D
467. An administrator is made aware of a possible malware infection on one of the servers. The company
uses instant messaging software to keep all employees in contact with one another and the employees
receive constant messages from users outside the company. Which of the following is the MOST likely
A. Rootkit
B. SPIM
C. Trojan
D. Blue jacking
Answer: B
468. An administrator has just performed an audit on their network. The security administrator has not
allowed the results to be shown to the IT departmental staff. Which of the following BEST describes the
A. Least privilege
B. Job rotation
C. Separation of duties
D. Implicit deny
Answer: C
469. An administrator in an organization with 33,000 users would like to store six months of Internet proxy
logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but
are required by upper management for legal obligations. All of the following apply when determining the
Answer: C