Which of the following BEST describes both change and incident management?
Incident management is not a valid term in IT, however change management is
Change management is not a valid term in IT, however incident management is
Incident management and change management are interchangeable terms meaning the same thing
Incident management is for unexpected consequences, change management is for planned work
Which of the following account policy controls requires a user to enter a 15 character alpha-numerical password?
Disablement
Length
Expiration
Password complexity
Which of the following information types would be considered personally identifiable information?
First name and home address
Social security number
Date of birth
Full name, date of birth and address
Which of the following is the benefit of single file versus full disk encryption?
Encryption is preserved in full disk encryption when a file is copied from one media to another
Encryption is preserved in single file encryption when a file is copied from one media to another
Single file encryption provides better security when decrypting single files than full disk encryption when properly implemented and used
Full disk encryption provides better security when decrypting single files than single file encryption when properly implemented and used
Which of the following is another name for a CAC?
Token
RFID
MAC
PIV
Which of the following systems offers Trusted OS capabilities by default?
Windows Vista
Windows 7
SE Linux
Backtrack
Which of the following describes a common operational problem when using patch management software that results in a false sense of security?
Conflicts with vulnerability scans impede patch effectiveness
Distributed updates may fail to apply or may not be active until a reboot
Vendor patches are released too frequently consuming excessive network bandwidth
It is resource intensive to test all patches
Which of the following is BEST identified as an attacker who has or is about to use a Logic bomb?
Grey hat
Malicious insider
White hat
Black box
Which of the following is the BEST choice in regards to training staff members on dealing with PII?
PII requires public access but must be flagged as confidential
PII data breaches are always the result of negligent staff and punishable by law
PII must be handled properly in order to minimize security breaches and mishandling
PII must be stored in an encrypted fashion and only printed on shared printers
Which of the following processes are used to avoid employee exhaustion and implement a system of checks and balances?
Job rotation
Incident response
Least privilege
On-going security
When designing secure LDAP compliant applications, null passwords should NOT be allowed because:
null password can be changed by all users on a network
a null password is a successful anonymous bind
null passwords can only be changed by the administrator
LDAP passwords are one-way encrypted
A security administrator visits a remote data center dressed as a delivery person. Which of the following is MOST likely being conducted?
Social engineering
Remote access
Vulnerability scan
Trojan horse
Mobile devices used in the enterprise should be administered using:
encrypted networks and system logging
full disk encryption and central password management
vendor provided software update systems
centrally managed update services and access controls
The Chief Information Officer (CIO) wants to implement widespread network and hardware changes within the organization. The CIO has adopted an aggressive deployment schedule and does not want to bother with documentation, because it will slow down the deployment. Which of the following are the risks associated with not documenting the changes?
Undocumented networks might not be protected and can be used to support insider attacks
Documenting a network hinders production because it is time consuming and ties up critical resources
Documented networks provide a visual representation of the network for an attacker to exploit
Undocumented networks ensure the confidentiality and secrecy of the network topology
Which of the following could mitigate shoulder surfing?
Privacy screens
Hashing
Man traps
Screen locks
Which of the following passwords is the MOST complex?
5@rAru99
CarL8241g
j1l!1b5
l@ur0
Which of the following is being utilized when the BIOS and operating system’s responsibility is platform integrity?
SSL
USB encryption
Data loss prevention
TPM
Which of the following BEST describes a Buffer Overflow attack that allows access to a remote system?
The attacker attempts to have the receiving server run a payload using programming commonly found on web servers
The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage
The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information
The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload
A company fails to monitor and maintain the HVAC system in the datacenter. Which of the following is the MOST likely to affect availability of systems?
Employee productivity in a hot datacenter
Premature failure of components
Decreased number of systems in the datacenter
Increased utility costs
Which of the following protocols is defined in RFC 1157 as utilizing UDP ports 161 and 162?
SNMP
IPSec
TLS
Which of the following is LEAST likely to have a legitimate business purpose?
Metasploit
Vulnerability scanner
Steganography
Port scanner
Which of the following does full disk encryption on a laptop computer NOT protect against?
Confidentiality of the data
Key loggers
Theft of the data
Disclosure of the data
Which of the following passwords exemplifies the STRONGEST complexity?
Passw0rd
P@ssw0rd
Passwrd
passwordpassword
Which following port ranges would give a technician the MOST comprehensive port scan of a server?
1024-15000
0-99999
0-65535
0-1024
Which of the following attacks steals contacts from a mobile device?
Bluesnarfing
Smurf attack
Session hijacking
Bluejacking
Which of the following attacks sends unwanted messages to a mobile device?
A smurf attack relies on which protocol to perform a Denial of Service?
DNS
SMTP
ICMP
Which of the following allows for multiple operating systems to run on a single piece of hardware?
Virtualization
Port security
DMZ
A user name is an example of which of the following?
Identification
Authentication
Authorization
Access
The CRL contains a list of:
private keys
public keys
root certificates
valid certificates
Which of the following fall into the category of physical security measures? (Select all that apply)
Honeypot
Mantrap
Hardware lock
Software that performs unwanted and harmful actions in disguise of a legitimate and useful program is also referred to as:
Adware
Logic bomb
Spyware
The term Trusted OS refers to an operating system:
Admitted to a network through NAC
That has been authenticated on the network
Implementing patch management
With enhanced security features
Which of the following would be fastest in validating a digital certificate?
IPX
OCSP
OSPF
CRL
HTTPS runs on TCP port:
80
137
143
443
Paper shredder would help in preventing what kind of threats? (Select all that apply)
Tailgating
Dumpster diving
Zero-day attack
Penetration test with the prior knowledge on how the system that is to be tested works is also known as:
White box
Sandbox
What type of protocols ensure the privacy of a VPN connection?
Tunneling
Telnet
IPv6
Zero-day attack exploits:
Vulnerability that is present in already released software but unknown to the software developer
Patched software coding errors
Well known vulnerabilities
New accounts
An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login at only one of the components is also referred to as:
SSO
WAP
What is tailgating?
Gaining unauthorized access to restricted areas by following another person
Looking over someone's shoulder in order to get information
Manipulating a user into disclosing confidential information
Scanning for unsecured wireless networks while driving in a car
Which of the following are symmetric-key algorithms? (Select all that apply)
Diffie-Hellman
3DES
DES
RSA
AES
TCP port 22 is used by default by: (Select all that apply)
SFTP
SCP
FTP
SSH
A maximum acceptable period of time within which a system must be restored after failure is also known as:
Recovery Time Objective (RTO)
Maximum Tolerable Period of Disruption (MTPOD)
Meantime Between Failures (MTBF)
Meantime To Restore (MTTR)
Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply)
Kerberos
PAP
CHAP
NTP
A policy outlining ways of collecting and managing personal data is also known as:
Acceptable use policy
Audit policy
Privacy policy
Which of the following solutions is used for controlling temperature and humidity?
EMI shielding
HVAC
UART
Faraday cage
Sticky note with a password kept on sight in the user's cubicle would be a violation of which of the following policies?
User account policy
Clean desk policy
Data labeling policy
TCP port 23 is used by:
TFTP
A chronological record outlining persons in possession of an evidence is also referred to as:
Information classification
Evidence timeline
Data handling chain
Chain of custody
Which of the following acronyms refers to any type of information pertaining to an individual that can be used to uniquely identify that individual?
ID
PII
Password
PIN
Which of the following terms refers to a rogue access point?
Backdoor
Evil twin
Worm
A group of computers running malicious software under control of a hacker is also referred to as:
Ethernet
Intranet
Botnet
Subnet
Which IPsec mode provides whole packet encryption?
Host-to-host
Payload
Transport
Tunnel
Security measures that can be applied to mobile devices include: (Select all that apply)
Load balancing
Remote sanitation
Encryption and passwords
Voice encryption
Quality of Service (QoS)
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
Conduct surveys and rank the results.
Perform routine user permission reviews.
Implement periodic vulnerability scanning.
Disable user accounts that have not been used within the last two weeks.
Which of the following devices is BEST suited for servers that need to store private keys?
Hardware security module
Hardened network firewall
Solid state disk drive
Hardened host firewall
All of the following are valid cryptographic hash functions EXCEPT:
RIPEMD.
RC4.
SHA-512.
MD4.
In regards to secure coding practices, why is input validation important?
It mitigates buffer overflow attacks.
It makes the code more readable.
It provides an application configuration baseline.
It meets gray box testing standards.
Which of the following would be used when a higher level of security is desired for encryption key storage?
TACACS+
L2TP
LDAP
A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?
Firewall
Application
IDS
Security
Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access?
Registration
CA
Recovery agent
Employee badges are encoded with a private encryption key and specific personal information. The encoding is then used to provide access to the network. Which of the following describes this access control type?
Smartcard
Discretionary access control
Mandatory access control
Which of the following devices would MOST likely have a DMZ interface?
Switch
Load balancer
Proxy
Which of the following application security testing techniques is implemented when an automated system generates random input data?
Fuzzing
XSRF
Hardening
Input validation
Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file?
Cognitive password
Password sniffing
Brute force
A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?
Password history
Password logging
Password cracker
Password hashing
Certificates are used for: (Select TWO).
Client authentication.
WEP encryption.
Access control lists.
Code signing.
Password hashing.
Which of the following is a hardware based encryption device?
EFS
TrueCrypt
SLE
Which of the following BEST describes a protective countermeasure for SQL injection?
Eliminating cross-site scripting vulnerabilities
Installing an IDS to monitor network traffic
Validating user input in web applications
Placing a firewall between the Internet and database servers
Which of the following MOST interferes with network-based detection techniques?
Mime-encoding
Anonymous email accounts
A certificate authority takes which of the following actions in PKI?
Signs and verifies all infrastructure messages
Issues and signs all private keys
Publishes key escrow lists to CRLs
Issues and signs all root certificates
Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?
Malicious code on the local system
Shoulder surfing
Brute force certificate cracking
Distributed dictionary attacks
Separation of duties is often implemented between developers and administrators in order to separate which of the following?
More experienced employees from less experienced employees
Changes to program code and the ability to deploy to production
Upper level management users from standard development employees
The network access layer from the application access layer
A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?
The request needs to be sent to the incident management team.
The request needs to be approved through the incident management process.
The request needs to be approved through the change management process.
The request needs to be sent to the change management team.
