Ques-1. Which of the following describes APIs for devices such as smartcards that contain other cryptographic information?

A. PKCS #11
B. PKCS #13 C. PKCS #4 D. PKCS #2 Ans-A (PKCS #11) Ques-2. Your company is in a process of setting up a management system on your network, and you want to use SNMP. You have to allow this traffic through a router. Which UDP ports you have to open?

A. 161
B. 139 C. 138

D. 162
Ans-A,D (161,162) Ques-3. Which of the following are used to verify the status of a certificate?

A. OCSP B. CRL
C. OSPF D. ACL Ans-A,B (OCSP), (CRL) Ques-4. what type of algorithm does the MD series of encryption algorithm used? A. Asymmetric Encryption Algorithm B. Digital Signature

C. Hashing Algorithm
D. All of the above Ans-C Ques-5. trey research has implemented a wireless network. which of the following options would you use to grant access to authorized wireless users? A. Biometric

B. WEP
C. LEAP D. SSL

Ans-B (WEP) Ques-6. Michael, the CTO of a new company, wants to deploy asymmetric encryption for all users in his company. Identify the asymmetric algorithm that is the de-facto standard for public key encryption? A. DES

B. RSA
C. Diffie-Helman D. AES Ans-B (RSA) Ques-7. Woodgrove bank has an elaborate security infrastructure for its corporate data network, which is used by over 300 employees. Each employee needs to be issued a pair of private and public keys to use. Which option would be the safest way of issuing the keys to each user?

A. Issue each user a smart card with key information embedded in it.
B. Request each user to scribble the keys on a personal notebook. C. Put each key in a key Escrow. D. Ask the users to copy the keys on their computers. Ans-A Ques-8. Tom uses DES for encrypting on this companys network. He has been advised by the CTO of the company to use a stronger encryption mechanism. Which of the following options uses variable key lengths to replace DES? A. Blowfish B. IDEA C. Triple-DES

D. AES
Ans-D (AES) Ques-9. Francesca is working out a strategy for fire protection of a server room in a call center. The server room is occupied by dozens of employees around the clock. Which of the following options represents the best method for fire suppression? A. In case of fire, the server room should be flooded with Halon gas. B. In case of fire, the server room should be flooded with water.

C. In case of fire, the server room should be flooded with a nontoxic inert gas.
D. In case of fire, evacuate all oxygen from the server room by using vacuum pumps Ans-C

Ques-10. An attacker has compromised your PBX system. The attacker has made many long distance calls. How can you, the administrator protect the PBX system from future attacks with no extra equipment cost? (Choose two correct options.) A. Deploy smart card authentication.

B. Educate users about PBX security.

C. Use Layer 3 switching devices.

D. Program system exclusion lists.

Ans-D,B Ques-11. You want to monitor and remotely manage the services that are running on all client workstations within the organizations network. Which User Datagram Protocol(UDP) will you use to remotely manage workstations? A. SMTP B. RTSP

C. SNMP
D. DHCP Ans-C (SNMP) Ques-12. Recently, there has been a packet sniffing attack on the companys FTP server. You want to encrypt all file transfers to your FTP server on the internet. How will you achieve this? A. Use Anonymous FTP B. Use FTP for file transfer C. Encrypt all files on the FTP server

D. Implement Secure FTP

Ans-D Ques-13. Wingtip toys is using dial-up lines as part of a remote access solution. All remote access users are within the local calling area. You are a security consultant and need to advise the client on the disadvantages of using dial-up lines as part of a remote access solution. Which of the following options will you choose to state?(Choose two correct options).

A. Lower productivity B. War dialing

C. Higher cost of long-distance connections D. Susceptibility to sniffing Ans-A,B

Ques-14. Fourth coffee, a small coffee company, maintains its daily sales record using a computer system. Tom the proprietor of the company, consolidates these records once a month to generate a monthly sales report. Toms home is 60 miles from the company. Which one of the following options would be the optimal cost-effective solution to protect this data?

A. Make regular backups of all data on the machine, and store it at Toms home.
B. Create a mirror server with hot backups. Use this server immediately in case of disaster. C. Create a backup server. Update this server once a week, and use it in case of disaster. D. Make regular backups of all data on the machine, and preserve it in a shelf next to the machine for easy access. Ans-A Ques-15. Datum corporation is a leading ISP and web hosting provider.Which type of humongous insurance most likely to sign with datum corporation? A. An ISP SLA

B. An application service provider SLA

C. A data center SLA D. A LAN SLA Ans- B Ques-16. TOM a security expert, has been assigned the task of securing physical access to the ro0om of the server that contains classified government documents. Which of the following biometric schemes will best suite his requirements? A. Speech recognition B. Face recognition C. Hand geometry

D. Retinal scan
Ans-D Ques-17. Lucerne publishing works with freelance authors. Nancy, the editor-in-charge, needs to frequently exchange online documents with these authors. What would you suggest as the best algorithm for Nancy? A. DES B. Asymmetric key

C. Secure hash
D. Symmetric key Ans- C

Ques-18. Fourth coffee uses FTP to transfer files. The company wants an SSL/TLS-based solution to protect file transfers. Which of the following options would be required to implement this solution?

A. Secure FTP-enabled software on the FTP client B. Secure FTP-enabled software on the FTP server C. A certificate authority
D. Kerberized FTP-enabled software on the FTP client and FTP server Ans-A,B,C Ques-19. John is the administrator of contoso ltd. The company has 1500 users on its network. The company policy requires evidence to be collected when user breach the security terms of the organization. What should John do before data is preserved in the organization as evidence? A. B. C. D. Ans-D Ques-20. Which functionality should lucrene publishing consider to allow multiple hosts to share a single ip address? A. VLAN B. VPN C. Firewall Advise user of system monitioring Monitor the phone calls Review the e-mails Define the chain of custody

D. NAT
Ans- D Ques-21. Your organization uses LDAP to organize data in a hierarchical fashion. What are the ways in which the LDAP servers are compromised by the attackers? A. Enumerating files on servers B. Exploiting incorrectly configured shares

C. Packet sniffing D. Information gathering

Ans-C,D Ques-22. Coho Vineyard needs to install a public Web server. Where would you suggest this web server be installed so that the internal network is protected from intruders? A. In the intranet B. In the VPN

C. In the perimeter network

D. In the extranet Ans-C Ques-23. The administrator of contoso ltd. Recently installed a new DNS server, DNS-ROOT on the network. DNS-ROOT will be used to resolve internet hosts name to IP addresses for clients on the local network. How should the administrator enforce security to allow DNS zone transfers only from the DNS server of the ISP? A. Enable packet filtering on all computers B. Enable packet filtering for all outgoing traffic C. Configure an access control list to include only the ip address of DNS-ROOT

D. Configure an access control list to include only the ip address of the ISPs DNS server
Ans-D Ques-24. To reduce hoax e-mail, you need to create an written policy. This policy will be circulated to all users in the organization. Which of the following should be included in the policy?

A. Report all words of urgency, warnings and virus alerts appearing in the subject line of e-mail to technical support
B. Report any e-mail containing no subject heading line C. Report all e-mail received by all users in the organization that contain words of urgency, warnings and virus alerts in the subject line D. Report any e-mail that contains instructions to delete files to all users in the organization Ans-A Ques-25. Your company has a Net Ware server to authenticate users. Users are required to provide unique password for five different applications on the network. You want to eliminate the redundancy of using multiple password mechanisms. How will you accomplish this? A. B. C. D. Ans-B Ques-26. Your Web server must support server-side include (SSI) for certain common gateway interface (CGI) programs to function properly. Knowing that support for SSI can be a security risk, what corrective action can you take to protect the Web server? A. Ensure that you use client-side Java script to preprocess data fed into the CGI program Set a common password age and length limit for all applications Implement single sign-on for authenting users Manually set the same user password for all applications and for all users Instruct users to use the same password for all applications

B. Turn off SSI on the script directories C. Limit CGI programs to specific directories D. Turn on SSI on the web server and the script directories Ans-B,C Ques-27. John is a network administrator of Trey Research, has installed a new security component to encrypt all the data on the network. What should John do to educate his users about the new security component and allow them actively participate by providing opinions?

A. Create a security awareness program

B. Stick posters and flyers on the building C. Deploy logon access banners D. Communicate through e-mail Ans- A Ques-28. An electronics company with 60 employees has been issued a certificate from a private certificate authority (CA) setup within the company. Which option would be the best solution for providing for the revocation of a certificate for an employee? A. Choose one employee who can revoke certificates for everyone. B. Certification revocation is dangerous and should not be supported at all.

C. A group of responsible employees has to be identified to revoke certificates.

D. Let all employees revoke their own certificate when required. Ans-C Ques-29. South bridge video wants to enable encryption and digital signing of e-mail messages. The company wants to use an external PKI service provider to generate certificates. To achieve this, what type of clients should the company run? A. SMTP relay-enabled

B. S/MIME-enabled
C. PGP-enabled D. POP-enabled Ans- B Ques-30. You installed a new Microsoft windows 2000 server on your network. This server is used to store user files. These files are required to be encrypted for security reasons. How will you ensure that files stored by all users are encrypted? A. Use NTFS

B. Use EFS

C. Use third party software D. Use Disk Quota Ans-B Ques-31.