Exam Questions1. An organization is looking for a fltering
solution that will help eliminate some of the recent problems it
has had with viruses and worms. Which of the following best meets
this requirement?A. Intrusion detectionB. Malware inspectionC. oad
balancingD. Internet content flteringAnswer ! is correct. A malware
inspection flter is basicall" a web flter applied to tra#c that
uses the $%%& protocol. %he bod" of all $%%& requests and
responses is inspected. Malicious content is blocked while
legitimate content passes through unaltered.2. Which risk
management response is being implemented when a compan" purchases
insurance to protect against service outage?A. AcceptanceB.
AvoidanceC. MitigationD. %ransferenceAnswer ' is correct. %he
liabilit" of risk is transferred through insurance policies3. A
collection of compromised computers running software installed b" a
%ro(an horse or a worm is referred to as what?A. )ombieB. !otnetC.
$erderD. *irusAnswer ! is correct.4. Adding a token for ever"
&+,% or -.% request that is initiated from the browser to the
server can be used to mitigate which of the following attacks?A.
!u/er over0owB. 1ross2site request forger" 34,567C. 1ross2site
scriptingD. Input validation errorAnswer ! is correct. In order to
mitigate cross2site request forger" 34,567 attacks8 the most common
solution is to add a token for ever" &+,% or -.% request that
is initiated from the browser to the server.5. Which of the
following is one of the biggest challenges associated with database
encr"ption?A. Multi2tenanc"B. 9e" managementC. Weak authentication
componentsD. &latform supportAnswer ! is correct. +ne of the
biggest challenges associated with database encr"ption is ke"
management.6. Which form of access control enables data owners to
e:tend access rights to other logons?A. MA1B. 'A1C. 5ole2based
35!A17D. 5ule2based 35!A17Answer ! is correct. 'iscretionar" access
control 3'A17 s"stems enable data owners to e:tend access rights to
other logons. Mandator" access control 3MA17 s"stems require
assignment of labels to e:tend access8 making answer A incorrect.7.
In a decentralized ke" management s"stem8 the user is responsible
for which one of the following functions?A. 1reation of the private
and public ke"B. 1reation of the digital certifcateC. 1reation of
the 15D. 5evocation of the digital certifcateAnswer A is correct.
In a decentralized ke" s"stem8 the end user generates his or her
own ke" pair. %he other functions8 such as creation of the
certifcate8 158 and the revocation of the certifcate8are still
handled b" the certifcate authorit"8. What is the name given to the
s"stem of digital certifcates and certifcate authorities used for
public ke" cr"ptograph" over networks?A. &rotocol 9e"
Instructions 3&9I7B. &ublic 9e" .:tranet 3&9.7C.
&rotocol 9e" Infrastructure 3&9I7D. &ublic 9e"
Infrastructure 3&9I7Answer ' is correct. &ublic 9e"
Infrastructure describes the trust hierarch" s"stem for
implementing a secure public ke" cr"ptograph" s"stem over
%1&;I& networks.9. If ,all" wants to send a secure message
to Mark using public2ke" encr"ption but is not worried about sender
verifcation8 what does she need in addition to her original message
te:t?A. ,all"COC. >CMD. >FBAnswers A and ' are correct.
I'& ports >F> and >FB are used b" ,=M&.51. Gou are
implementing network access for several internal business units
that work with sensitive information on a small organizational
network. Which of the following would best mitigate risk associated
with users improperl" accessing other segments of the network
without adding additional switches?A. og anal"sisB. Access 1ontrol
istsC. =etwork segmentationD. &roper *A= managementAnswer ' is
correct. *A=s provide a wa" to limit broadcast tra#c in a switched
network. %his creates a boundar" and8 in essence8 creates multiple8
isolated A=s on one switch.52. Gour organization is e:ploring data
loss prevention solutions. %he proposed solution is a software
network solution installed near the network perimeter to monitor
for and 0ag polic" violations. %his solution is targeting which of
the following data states?A. In motionB. At restC. In useD. At
0u:Answer A is correct. &rotection of data in motion is
considered to be a network solution8 and either a hardware or
software solution is installed near the network perimeter to
monitor for and 0ag polic" violations.53. What is the frst step in
performing a basic forensic anal"sis?A. .nsure that the evidence is
acceptable in a court of lawB. Identif" the evidenceC. .:tract8
process8 and interpret the evidenceD. 'etermine how to preserve the
evidenceAnswer ! is correct. It is necessar" to frst identif" the
evidence thatis available to be collected.54. Which of the
following is not true regarding e:piration dates of certifcates?A.
1ertifcates ma" be issued for a week.B. 1ertifcates are issued onl"
at "earl" intervals.C. 1ertifcates ma" be issued for B? "ears.D.
1ertifcates must alwa"s have an e:piration date.Answer ! is
correct. 'igital certifcates contain a feld indicating the date to
which the certifcate is valid. %his date is mandator"8 and the
validit" period can var" from a short period of time up to a number
of "earsJ therefore8 answers A8 18 and ' are incorrect.55. Which of
the following statements are true when discussing ph"sical
securit"? 3,elect all correct answers.7A. &h"sical securit"
attempts to control access to data from Internet users.B.
&h"sical securit" attempts to control unwanted access to
specifed areas of a building.C. &h"sical securit" attempts to
control the e/ect of natural disasters on facilities and
equipment.D. &h"sical securit" attempts to control internal
emplo"ee access into secure areas.Answers !8 18 and ' are correct.
=atural disasters8 unwanted access8 and user restrictions are all
ph"sical securit" issues. &reventing Internet users from
getting to data is data securit"8 not ph"sical securit"J therefore8
answer A is incorrect.56. Which t"pe of authorization provides no
mechanism for unique logon identifcation?A. Anon"mousB. 9erberosC.
%A1A1,D. %A1A1,PAnswer A is correct. 'uring anon"mous access8 such
as requests to a public 6%& server8 unique identif" of the
requester is not determined and so cannot be used for personalized
logon identifcation.57. Which is the best rule2based access control
constraint to protect against unauthorized access when admins are
o/2dut"?A. east privilegeB. ,eparation of dutiesC. Account
e:pirationD. %ime of da"Answer ' is correct. %ime of da" rules
prevent administrative access requests during o/2hours when local
admins and securit" professionals are not on dut".58. Which of the
following protocols supports '.,8 C'.,8 51B8 and 5,AB encr"ption
along with 1$A& authentication8 but was not widel" adopted?A.
,2$%%&B. ,;MIM.C. $%%&D. &&%&Answer A is
correct. An alternative to $%%&, is the ,ecure
$"perte:t%ransport &rotocol 3,2$%%&78 which was developed
to support connectivit" for banking transactions and other secure
web communications. ,2$%%& was not adopted b" the earl" web
browserdevelopers 3for e:ample8 =etscape and Microsoft7 and so
remains less common than the $%%&, standard. Additionall"8
,2$%%& encr"pts individual messages so it cannot be used for
*&= securit".59. A new switch has been implemented in areas
where there is ver" little ph"sical access control. Which of the
following would the organization implement as a method for
additional checks in order to prevent unauthorized access?A. oop
protectionB. 6lood guardC. Implicit den"D. &ort securit"Answer
' is correct. &ort securit" is a a"er B tra#c control feature
on 1isco 1atal"st switches. It enables individual switch ports to
be confgured to allow onl" a specifed number of source MA1
addresses coming in through the port.60. %here have been some
sporadic connectivit" issues on the network. Which of the following
is the best choice to investigate these issues?A. &rotocol
anal"zerB. 1ircuit2level gatewa" logsC. ,pam flter applianceD. Web
application frewall logsAnswer A is correct. &rotocol anal"zers
help "ou troubleshoot network issues b" gathering packet2level
information across the network. %hese applications capture packets
and can conduct protocol decoding8 putting the information into
readable data for anal"sis.61. Which of the following t"pes of
attacks can be done b" either convincing the users to click on an
$%M page the attacker has constructed or insert arbitrar" $%M in a
target website that the users visit?A. !u/er over0owB. 1ross2site
request forger" 34,567C. 1ross2site scripting 344,7D. Input
validation errorAnswer ! is correct. %he ke" element to
understanding 4,56 is that attackers are betting that users have a
validated login cookie for the website alread" stored in their
browsers. All the" need to do is get the browsers to make a request
to the website on their behalf. %his can be done b" either
convincing the users to click on an $%Mpage the attacker has
constructed or inserting arbitrar" $%M in a target website that the
users visit.62. Which of the following standards is used in $,Ms?A.
&91, Q>>B. &91, QRC. A.,D. .6,Answer A is correct.
%he &91, Q>> standard provides for access to public and
private as"mmetric ke"s8 s"mmetric ke"s8 4.E?O certifcates8 and
application data. &91, Q>> is the de facto standardfor
platform applications8 although some newer $,Ms include more
advanced authentication and authorization models.63. Which of the
following algorithms is not an e:ample of a s"mmetric encr"ption
algorithm?A. 5i(ndaelB. 'i#e2$ellmanC. 51FD. A.,Answer ! is
correct. 'i#e2$ellman uses public and private ke"s8 so it is
considered an as"mmetric encr"ption algorithm. !ecause 5i(ndael and
A., are now one in the same8 the" both can be called s"mmetric
encr"ption algorithmsJ therefore8 answers A and ' are incorrect.64.
Which of the following best describes the process of encr"pting and
decr"pting data using an as"mmetric encr"ption algorithm?A. +nl"
the public ke" is used to encr"pt8 and onl" the private ke" is used
to decr"pt.B. %he public ke" is used to either encr"pt or
decr"pt.C. +nl" the private ke" is used to encr"pt8 and onl" the
public ke" is used to decr"pt.D. %he private ke" is used to decr"pt
data encr"pted with the public ke".Answer ' is correct. When
encr"pting and decr"pting data using an as"mmetric encr"ption
algorithm8 "ou use onl" the private ke" to decr"pt data encr"pted
with the public ke".65. Which one of the following defnes A&Is
for devices such as smart cards that contain cr"ptographic
information?A. &91, Q>>B. &91, Q>CC. &91, QDD.
&91, QBAnswer A is correct. &91, Q>>8 the
1r"ptographic %oken Interface ,tandards8 defnes an A&I named
1r"ptoki for devices holding cr"ptographic information.66. Which of
the following are steps that can be taken to harden 6%&
services?A. Anon"mous access to share fles of questionable or
undesirable content should be limited.B. 5egular review of networks
for unauthorized or rogue servers.C. %echnologies that allow
d"namic updates must also include access control and
authentication.D. Inauthorized zone transfers should also be
restricted.Answer A is correct. Anon"mous access to share fles of
questionable or undesirable content should be limited for proper
6%& server securit".67. A situation in which a program or
process attempts to store more data in a temporar" data storage
area than it was intended to hold is known as a what?A. !u/er
over0owB. 'enial of serviceC. 'istributed denial of serviceD.
,torage overrunAnswer A is correct. A bu/er over0ow occurs when a
program or process attempts to store more data in a bu/er than the
bu/er was intended to hold. %he over0ow of data can 0ow over into
other bu/ers overwriting or deleting data. A denial of service is a
t"pe of attack in which too much tra#c is sent to a host8
preventing it from responding to legitimate tra#c. A distributed
denial of service is similar8 but it is initiated through multiple
hostsJ therefore8 answers ! and 1 are incorrect. Although answer '
sounds correct8 it is not.68. %.M&.,% deals with which form of
environmental control?A. $*A1B. .MI shieldingC. $umidit"D.
1old2aisleAnswer ! is correct. %.M&.,% protections involve the
hardening of equipment against .MI broadcast and sensitivit".69.
Which of the following is included in hardening a host
operatings"stem?A. A polic" for antivirus updatesB. A polic" for
remote wipeC. An e#cient method to connect to remote sitesD. An
e/ective s"stem for fle2level securit"Answer ' is correct.
$ardening of the operating s"stem includes planning against both
accidental and directed attacks8 such as the use of fault2tolerant
hardware and software solutions. In addition8 it is important to
implement an e/ective s"stem for fle2level securit"8including
encr"pted fle support and secured fle s"stem selection that allows
the proper level of access control.70. Which of the following is
the preferred t"pe of encr"ption used in ,aa, platforms?A.
Application levelB. 'atabase levelC. Media levelD. $,M levelAnswer
A is correct. In an ,aa, environment8 application2level encr"ption
is preferred because the data is encr"pted b" the application
before being stored in the database or fle s"stem. %he advantage is
that it protects the data from the user all the wa" to storage.71.
,everal organizational users are e:periencing network and Internet
connectivit" issues. Which of the following would be most helpful
in troubleshooting where the connectivit" problems might e:ist?A.
,,B. I&secC. ,=M&D. %racerouteAnswer ' is correct.
%raceroute uses an I1M& echo request packet to fnd the path
between two addresses.72. An organization has an access control
list implemented on the border router8 but it appears that
unauthorized tra#c is still being accepted. Which of the following
would the organization implement to improve the blocking of
unauthorized tra#c?A. oop protectionB. 6lood guardC. Implicit
den"D. &ort securit"Answer 1 is correct. Implicit den" is an
access control practice wherein resource availabilit" is restricted
to onl" those logons e:plicitl" granted access.73. An asset is
valued at S>B8???J the threat e:posure factor of a risk a/ecting
that asset is BE@J and the annualized rate of occurrence is E?@.
What is the ,.?A. S>8E??B. SC8???C. SD8???D. SF8???Answer ! is
correct. %he single loss e:pectanc" 3,.7 is the product of the
value 3S>B8???7 and the threat e:posure 3.BE7 or SC8???.74.
Which form of fre suppression functions best in an Alaskan fre of
burning metals?A. 'r"2pipe sprinklerB. Wet2pipe sprinklerC. 1arbon
dio:ideD. 'r" powderAnswer ' is correct. 1ombustible metal fres
31lass '7 require sodium chloride and copper2based dr" powder
e:tinguishers. Although dr"2pipe would be preferable to wet2pipe
sprinklers in regions that e:perience ver" low temperatures such as
Alaska8 water is onl" appropriate for wood8 paper8 and trash
fres31lass A78 making answers A and ! incorrect75. While performing
regular securit" audits8 "ou suspect that "our compan" is under
attack and someone is attempting to use resources on "our network.
%he I& addresses in the log fles belong to a trusted partner
compan"8 however. Assuming an attack8 which of the following might
be occurring?A. 5epla"B. AuthorizationC. ,ocial engineeringD.
,poofngAnswer ' is correct. %he most likel" answer is spoofng
because thisenables an attacker to misrepresent the source of the
requests.76. Which mandator" access control label is appropriate
for generall" available data?A. A=+=GM+I,B. &I!I1C. ,.=,I%I*.D.
,.15.%Answer ! is correct. %he &I!I1 label can be applied to
generall" available data within MA1 access control environments77.
After a new switch was implemented8 some sporadic connectivit"
issues on the network have occurred. %he issues are suspected to be
device related. Which of the following would the organization
implement as a method for additional checks in order to prevent
issues?A. oop protectionB. 6lood guardC. Implicit den"D. &ort
securit"Answer A is correct. %he loop guard feature makes
additional checksin a"er B switched networks.78. Which of the
following is an e:ample of a false negative result?A. An authorized
user is granted access to a resource.B. An unauthorized user is
granted access to a resource.C. An authorized user is refused
access to a resource.D. An unauthorized user is refused access to a
resource.Answer 1 is correct. A false negative result involves
access refusal for an authorized user8 which makes answer '
incorrect. Answers A and ! are incorrect because the" represent
granted resource access.79. Which of the following is the best
choice for encr"pting large amounts of data?A. As"mmetric
encr"ptionB. ,"mmetric encr"ptionC. .lliptical curve encr"ptionD.
5,A encr"ptionAnswer ! is correct. &ublic ke" encr"ption is not
usuall" used to encr"pt large amounts of data8 but it does provide
an e/ective and e#cient means of sending a secret ke" from which to
do s"mmetric encr"ption thereafter8 which provides the best method
for e#cientl"encr"pting large amounts of data.80. Gou want to be
sure that the 6%& ports that are required for a contract
worker