1. Harmful programs used to disrupt computer operation, gather sensitive
information, or gain unauthorized access to computer systems are commonly
referred to as:
A. Adware
B. Malware
C. Ransomware
D. Spyware
2. Which of the following answers refers to malicious software performing
unwanted and harmful actions in disguise of a legitimate and useful
program?
A. Trojan horse
B. Spyware
C. Logic bomb
D. Adware
3. What is adware?
A. Unsolicited or undesired electronic messages
B. Malicious program that sends copies of itself to other computers on the
network
C. Software that displays advertisements
D. Malicious software that collects information about users without their
knowledge
4. A collection of software tools used by a hacker to mask intrusion and
obtain administrator-level access to a computer or computer network is
known as:
A. Backdoor
B. Botnet
C. Rootkit
D. Armored virus
5. Which type of Trojan enables unauthorized remote access to a
compromised system?
A. pcap
B. RAT
C. MaaS
D. pfSense
6. Which of the following answers refers to an undocumented way of gaining
access to a program, online service, or an entire computer system?
A. Tailgating
B. Rootkit
C. Trojan horse
D. Backdoor
7. Phishing scams targeting selected individuals/groups of users are
referred to as:
A.
B.
C.
D.
Vishing
Spear phishing
MITM attack
Whaling
8. What is tailgating?
A. Looking over someone's shoulder to get information
B. Scanning for unsecured wireless networks while driving in a car
C. Manipulating a user into disclosing confidential information
D. Gaining unauthorized access to restricted areas by following another
person
9. An email message containing a warning related to a non-existent
computer security threat, asking a user to delete system files falsely
identified as malware, and/or prompting them to share the message with
others would be an example of:
A. Vishing
B. Impersonation
C. Virus hoax
D. Phishing
10. Which of the following attacks uses multiple compromised computer
systems against its target?
A. Spear phishing
B. DoS
C. Watering hole attack
D. DDoS
11. A type of exploit that relies on overwriting contents of memory to
cause unpredictable results in an application is called:
A. IV attack
B. SQL injection
C. Buffer overflow
D. Fuzz test
12. Zero-day attack exploits:
A. New accounts
B. Patched software
C. Vulnerability that is present in already released software but unknown
to the software developer
D. Well known vulnerability
13. A replay attack occurs when an attacker intercepts user credentials
and tries to use this information later for gaining unauthorized access to
resources on a network.
A. True
B. False
14. URL hijacking is also referred to as:
A. Session hijacking
B. Sandboxing
C. Typo squatting
D. Shoulder surfing
15. Which of the following terms refers to a rogue AP?
A. Computer worm
B. Backdoor
C. Evil twin
D. Trojan horse
16. Which of the following technologies simplifies configuration of new
wireless networks by providing non-technical users with a capability to
easily configure network security settings and add new devices to an
existing network?
A. WPA
B. WPS
C. WEP
D. WAP
17. The practice of sending unsolicited messages over Bluetooth is known
as:
A. Bluejacking
B. Vishing
C. Bluesnarfing
D. Phishing
18. Gaining unauthorized access to a Bluetooth device is referred to as:
A. Xmas attack
B. Bluesnarfing
C. Bluejacking
D. Pharming
19. Which of the terms listed below is used to describe an unskilled
individual exploiting computer security loopholes with the use of code and
software written by someone else?
A. Script kiddie
B. Black hat hacker
C. Hactivist
D. White hat hacker
20. Which of the following facilitate(s) privilege escalation attacks?
(Select all that apply)
A. System/application vulnerability
B. Distributed Denial of Service (DDoS)
C. Social engineering techniques
D. Attribute-Based Access Control (ABAC)
E. System/application misconfiguration
21. A penetration test conducted with the use of prior knowledge on how
the system that is to be tested works is known as:
A. White hat
B. Sandbox
C. White box
D. Black box
22. Penetration testing: (Select all that apply)
A. Bypasses security controls
B. Only identifies lack of security controls
C. Actively tests security controls
D. Exploits vulnerabilities
E. Passively tests security controls
23. An antivirus software identifying non-malicious code as a virus due to
faulty virus signature file is an example of:
A. Fault tolerance
B. False positive error
C. Incident isolation
D. False negative error
24. Which of the terms listed below refers to a situation where no alarm
is raised when an attack has taken place?
A. False negative
B. True positive
C. False positive
D. True negative
25. Which of the following answers refers to a set of rules that specify
which users or system processes are granted access to objects as well as
what operations are allowed on a given object?
A. CRL
B. NAT
C. BCP
D. ACL
26. Which IPsec mode provides whole packet encryption?
A. Tunnel
B. Payload
C. Transport
D. Host-to-host
27. Which type of IDS relies on known attack patterns in order to detect
an intrusion?
A. Behavior-based
B. Heuristic/behavioral
C. Signature-based
D. AD-IDS
28. A protocol that provides protection against switching loops is called:
A. UTP
B. SSH
C. STP
D. HMAC
29. Disabling SSID broadcast:
A. Is one of the measures used for securing networks
B. Makes a WLAN harder to discover
C. Blocks access to WAP
D. Prevents wireless clients from accessing the network
30. A network access control method whereby the 48-bit address assigned to
each network card is used to determine access to the network is known as:
A. EMI shielding
B. Hardware lock
C. MAC filter
D. Quality of Service (QoS)
31. Which of the acronyms listed below refers to a technology that allows
for real-time analysis of security alerts generated by network hardware
and applications?
A. LACP
B. DSCP
C. SIEM
D. LWAPP
32. A software or hardware based security solutions designed to detect and
prevent unauthorized use and transmission of confidential information
outside of a corporate network are referred to as:
A. AUP
B. DLP
C. UAT
D. LTO
33. Network Access Control (NAC) defines a set of rules enforced in a
network that the clients attempting to access the network must comply
with. With NAC, policies can be enforced before or after end-stations gain
access to the network. NAC can be implemented as Pre-admission NAC where a
host must, for example, be virus free or have patches applied before it
can be allowed to connect to the network, and/or Post-admission NAC, where
a host is being granted/denied permissions based on its actions after it
has been provided with the access to the network.
A. True
B. False
34. Which of the following tools would be used to check the contents of an
IP packet?
A. Protocol analyzer
B. Secure Shell (SSH)
C. SNMP agent
D. Port scanner
35. What is the most effective way for permanent removal of data stored on
a magnetic drive?
A. Quick format
B. Recycle bin
C. Degaussing
D. Low-level format
36. Steganography allows for:
A. Checking data integrity
B. Calculating hash values
C. Hiding data within another piece of data
D. Data encryption
37. A monitored host or network specifically designed to detect
unauthorized access attempts is known as:
A. Botnet
B. Rogue access point
C. Honeypot
D. Flood guard
38. The practice of connecting to an open port on a remote server to
gather more information about the service running on that port is referred
to as:
A. Bluejacking
B. Banner grabbing
C. Session hijacking
D. eDiscovery
39. What is the name of a command-line utility used for checking the
reachability of a remote host?
A. tracert
B. ping
C. nslookup
D. netstat
40. Windows command-line utility for displaying intermediary points on the
packet route is called:
A. ping
B. netstat
C. ipconfig
D. tracert
41. Which of the terms listed below refers to a security solution
implemented on an individual computer host monitoring that specific system
for malicious activities or policy violations?
A. NIPS
B. Content filter
C. Firewall
D. HIDS
42. Which of the following acronyms refers to a network security solution
combining the functionality of a firewall with additional safeguards such
as URL filtering, content inspection, or malware inspection?
A. MTU
B. STP
C. UTM
D. XML
43. An operating system security feature that ensures safe memory usage by
applications is known as:
A. DEP
B. DLP
C. DSU
D. DRP
44. Which of the terms listed below refers to a mobile device's capability
to share its Internet connection with other devices?
A. Pairing
B. Clustering
C. Tethering
D. Bonding
45. Which of the following acronyms refers to a policy of permitting
employees to bring personally owned mobile devices and to use those
devices for accessing privileged company information and applications?
A. BSOD
B. BYOD
C. JBOD
D. BYOB
46. What is the name of a secure replacement for Telnet?
A. ICMP
B. FTP
C. IPv6
D. SSH
47. A type of protocol used in network management systems to monitor
network-attached devices is known as:
A. SIP
B. SNMP
C. NetBIOS
D. RTP
48. Which version(s) of the SNMP protocol offer(s) only authentication
based on community strings sent in unencrypted form? (Select all that
apply)
A. SNMPv1
B. SNMPv2
C. SNMPv3
D. SNMPv4
49. A lightly protected subnet consisting of publicly available servers
placed on the outside of the company's firewall is known as:
A. VPN
B. Access Point (AP)
C. VLAN
D. DMZ
50. Which of the following solutions is used to hide the internal IP
addresses by modifying IP address information in IP packet headers while
in transit across a traffic routing device?
A. NAC
B. ACL
C. NAT
D. DMZ
51. A logical grouping of computers that may be physically located on
different parts of a LAN is called Virtual Local Area Network (VLAN).
A. True
B. False
52. In computer networks, a computer system or an application that acts as
an intermediary between another computer and the Internet is commonly
referred to as:
A.
B.
C.
D.
Load balancer
Web server
VPN concentrator
Proxy server
53. What is the name of a technology that allows for storing passwords,
certificates, or encryption keys in a hardware chip?
A. Encrypting File System (EFS)
B. Triple Digital Encryption Standard (3DES)
C. Trusted Platform Module (TPM)
D. Advanced Encryption Standard (AES)
54. Which of the answers listed below refers to a firmware interface
designed as a replacement for BIOS?
A. UEFI
B. ACPI
C. CMOS
D. USMT
55. One of the measures used in OS hardening includes disabling
unnecessary ports and services.
A. True
B. False
56. The term trusted OS refers to an operating system:
A. Admitted to a network through NAC
B. Implementing patch management
C. That has been authenticated on the network
D. With enhanced security features
57. An MS Windows account that enables users to have temporary access to a
computer without the capability to install software or hardware, change
settings, or create a user password is called:
A. Guest account
B. Temporary account
C. Standard account
D. Managed user account
58. Which of the answers listed below refers to a control system providing
the capability for real-time monitoring and gathering information related
to industrial equipment?
A. OVAL
B. SCADA
C. TACACS
D. SCAP
59. Which of the following solutions is used for controlling temperature
and humidity?
A. Faraday cage
B. UART
C. EMI shielding
D. HVAC
60. The practice of finding vulnerabilities in an application by feeding
it incorrect input is referred to as:
A. Patching
B. Exception handling
C. Application hardening
D. Fuzzing
61. A software application used to manage multiple guest operating systems
on a single host system is called:
A. ICS server
B. Hypervisor
C. UC server
D. Virtual switch
62. A cloud computing infrastructure type where applications are hosted
over a network (typically Internet) eliminating the need to install and
run the software on the customer's own computers is known as:
A. Thick client
B. SaaS
C. Virtualization
D. IaaS
63. In which of the cloud computing infrastructure types, clients, instead
of buying all the hardware and software, purchase computing resources as
an outsourced service from suppliers who own and maintain all the
necessary equipment?
A. IaaS
B. SaaS
C. P2P
D. PaaS
64. Which of the following cloud services would provide the best solution
for a web developer intending to create a web app?
A. SaaS
B. API
C. PaaS
D. IaaS
65. Which of the security controls listed below is used to prevent
tailgating?
A. Hardware locks
B. Mantraps
C. Video surveillance
D. EMI shielding
66. A set of physical characteristics of the human body that can be used
for identification and access control purposes is known as:
A. Biometrics
B. PII
C. Physical token
D. ID
67. Solutions providing the AAA functionality include: (Select all that
apply)
A.
B.
C.
D.
MSCHAP
RADIUS
PPTP
TACACS+
68. Which of the following is an example of a multifactor authentication?
A. Password and biometric scan
B. User name and PIN
C. Smart card and identification badge
D. Iris and fingerprint scan
69. An authentication subsystem that enables a user to access multiple,
connected system components (such as separate hosts on a network) after a
single login at only one of the components is known as:
A. SSO
B. SSH
C. SSL
D. SLA
70. An access control model in which every resource has a sensitivity
label matching clearance level assigned to a user is called:
A. RBAC
B. DAC
C. HMAC
D. MAC
71. A type of access control in computer security where every object has
an owner who at his/her own discretion determines what kind of permissions
other users can have to that object is known as:
A. MAC
B. ABAC
C. DAC
D. RBAC
72. Which of the following is an example of a biometric authentication?
A. Password
B. Smart card
C. Fingerprint scanner
D. User name
73. Which of the following answers refers to a key document governing the
relationship between two business organizations?
A. ISA
B. SLA
C. MoU
D. BPA
74. An agreement between a service provider and the user(s) defining the
nature, availability, quality, and scope of the service to be provided is
known as:
A. BPA
B. MoU
C. SLA
D. ISA
75. Which of the following answers refers to an agreement established
between the organizations that own and operate connected IT systems to
document the technical requirements of the interconnection?
A. ISA
B. SLA
C. MoU
D. BPA
76. A document established between two or more parties to define their
respective responsibilities in accomplishing a particular goal or mission
is called:
A. BPA
B. MoU
C. SLA
D. ISA
77. One of the goals behind the mandatory vacations policy is to mitigate
the occurrence of fraudulent activity within the company.
A. True
B. False
78. Which of the answers listed below refers to a concept of having more
than one person required to complete a given task?
A. Acceptable use policy
B. Job rotation
C. Multifactor authentication
D. Separation of duties
79. A sticky note with a password kept on sight in user's cubicle would be
a violation of which of the following policies?
A. Data labeling policy
B. Clean desk policy
C. User account policy
D. Password complexity
80. Which of the following acronyms refers to a set of rules enforced in a
network that restrict the use to which the network may be put?
A. OEM
B. AUP
C. UAT
D. ARO
81. A maximum acceptable period of time within which a system must be
restored after failure is referred to as:
A. Recovery Time Objective (RTO)
B. Mean Time To Restore (MTTR)
C. Maximum Tolerable Period of Disruption (MTPOD)
D. Mean Time Between Failures (MTBF)
82. Which of the terms listed below is used to describe the loss of value
to an asset based on a single security incident?
A. SLE
B. ARO
C. ALE
D. SLA
83. A type of risk assessment formula defining probable financial loss due
to a risk over a one-year period is known as:
A. ARO
B. ALE
C. SLE
D. BPA
84. In quantitative risk assessment, this formula is used for estimating
the likelihood of occurrence of a future threat.
A. ALE
B. SLA
C. ARO
D. SLE
85. Contracting out a specialized technical component when the company's
employees lack the necessary skills is an example of:
A. Risk deterrence
B. Risk avoidance
C. Risk acceptance
D. Risk transference
86. Disabling certain system functions or shutting down the system when
risks are identified is an example of:
A. Risk acceptance
B. Risk avoidance
C. Risk transference
D. Risk deterrence
87. In forensic procedures, a sequence of steps in which different types
of evidence should be collected is known as:
A. Order of volatility
B. Layered security
C. Chain of custody
D. Transitive access
88. In incident response procedures a process that ensures proper handling
of collected evidence is called:
A. Intrusion detection/notification
B. Chain of custody
C. MSDS documentation
D. Equipment grounding
89. Which of the following backup site types allows for fastest disaster
recovery?
A. Cold site
B. Hot site
C. Warm site
D. Cross-site
90. A cold site is the most expensive type of backup site for an
organization to operate.
A. True
B. False
91. Restoring data from an incremental backup requires: (Select 2 answers)
A. Copy of the last incremental backup
B. All copies of differential backups made since the last full backup
C. Copy of the last differential backup
D. All copies of incremental backups made since the last full backup
E. Copy of the last full backup
92. In computer security, the term dumpster diving is used to describe a
practice of sifting through trash for discarded documents containing
sensitive data.
Found documents containing names and surnames of the employees along with
the information about positions held in the company and other data can be
used to facilitate social engineering attacks. Having the documents
shredded or incinerated before disposal makes dumpster diving less
effective and also mitigates the risk of social engineering attacks.
A. True
B. False
93. Any type of information pertaining to an individual that can be used
to uniquely identify that individual is known as:
A. PIN
B. PII
C. ID
D. Password
94. What are the features of Elliptic Curve Cryptography (ECC)? (Select 2
answers)
A. Asymmetric encryption
B. Shared key
C. Suitable for small wireless devices
D. High processing power requirements
E. Symmetric encryption
95. Advanced Encryption Standard (AES): (Select all that apply)
A. Is a symmetric encryption algorithm
B. Uses 128-, 192-, and 256-bit keys
C. Is an asymmetric encryption algorithm
D. Uses block cipher algorithm
E. Requires multiple passes to encrypt data
96. Which of the following wireless encryption schemes offers the highest
level of protection?
A. WEP
B. WPA2
C. WAP
D. WPA
97. AES-based encryption mode implemented in WPA2 is known as:
A. CCMP
B. 3DES
C. TKIP
D. HMAC
98. Which of the answers listed below refers to a security solution
allowing administrators to block Internet access for users until they
perform required action?
A. Access logs
B. Mantrap
C. Post-admission NAC
D. Captive portal
99. Which of the following solutions would be the fastest in validating
digital certificates?
A. IPX
B. OCSP
C. CRL
D. OSPF
100. What is the name of a storage solution used to retain copies of
private encryption keys?
A. Trusted OS
B. Key escrow
C. Proxy
D. Recovery agent
ANSWERS
1. Answer: B. Malware
Explanation: The term malware (short for malicious software) describes a
wide category of harmful computer programs used to disrupt computer
operation, gather sensitive information, or gain unauthorized access to
computer systems.
2. Answer: A. Trojan horse
Explanation: Software that performs unwanted and harmful actions in
disguise of a legitimate and useful program is referred to as a Trojan
horse. This type of malware may act like a legitimate program and have all
the expected functionalities, but apart from that it will also contain a
portion of malicious code appended to it that the user is unaware of.
3. Answer: C. Software that displays advertisements
Explanation: Adware is a type of software that displays advertisements on
the user system, often in the form of a pop-up window. Unsolicited or
undesired electronic messages are known as spam. Malicious program that
sends copies of itself to other computers on the network is called a
computer worm (or simply a worm). Malicious software that collects
information about users without their knowledge is referred to as spyware.
4. Answer: C. Rootkit
Explanation: The term rootkit refers to a collection of software tools
used by a hacker to mask intrusion and obtain administrator-level access
to a computer or computer network.
5. Answer: B. RAT
Explanation: Remote Access Trojan (RAT) is a type of Trojan horse malware
that enables unauthorized remote access to a compromised system.
6. Answer: D. Backdoor
Explanation: The term backdoor refers to an undocumented way of gaining
access to a program, online service, or an entire computer system.
7. Answer: B. Spear phishing
Explanation: Phishing scams targeting selected individuals/groups of users
are referred to as spear phishing.
8. Answer: D. Gaining unauthorized access to restricted areas by following
another person
Explanation: The practice of gaining unauthorized access to restricted
areas by following another person is called tailgating. Looking over
someone's shoulder to get information is known shoulder surfing. The term
war driving refers to scanning for unsecured wireless networks while
driving in a car. Manipulating/deceiving users into disclosing
confidential information is known as social engineering.
9. Answer: C. Virus hoax
Explanation: An email message containing a warning related to a nonexistent computer security threat, asking a user to delete system files
falsely identified as malware, and/or prompting them to share the message
with others would be an example of a virus hoax.
10. Answer: D. DDoS
Explanation: As opposed to the simple Denial of Service (DoS) attacks that
usually are performed from a single system, a Distributed Denial of
Service (DDoS) attack uses multiple compromised computer systems to
perform an attack against its target. The intermediary systems that are
used as platform for the attack are the secondary victims of the DDoS
attack; they are often referred to as zombies, and collectively as a
botnet. The goal of DoS and DDoS attacks is to flood the bandwidth or
resources of a targeted system so that it becomes overwhelmed with false
requests and in result doesn't have time or resources to handle legitimate
requests.
11. Answer: C. Buffer overflow
Explanation: Buffer overflow is a type of exploit that relies on
overwriting contents of memory to cause unpredictable results in an
application.
12. Answer: C. Vulnerability that is present in already released software
but unknown to the software developer
Explanation: Zero-day attacks exploit vulnerabilities that are present in
already released software but unknown to the software developer.
13. Answer: A. True
Explanation: A replay attack occurs when an attacker intercepts user
credentials and tries to use this information later for gaining
unauthorized access to resources on a network.
14. Answer: C. Typo squatting
Explanation: URL hijacking is also known as typo squatting. The term
refers to a practice of registering misspelled domain name closely
resembling other well established and popular domain name in hopes of
getting Internet traffic from users who would make errors while typing in
the web address in their browsers.
15. Answer: C. Evil twin
Explanation: An access point (AP) deployed by a hacker in order to steal
user credentials or for the purpose of traffic eavesdropping is commonly
referred to as rogue access point or evil twin.
16. Answer: B. WPS
Explanation: Wi-Fi Protected Setup (WPS) is a network security standard
which simplifies configuration of new wireless networks by providing nontechnical users with a capability to easily configure network security
settings and add new devices to an existing network. WPS has known
vulnerabilities and disabling this functionality is one of the recommended
ways of securing the network.
17. Answer: A. Bluejacking
Explanation: Sending unsolicited messages over Bluetooth is known as
bluejacking.
18. Answer: B. Bluesnarfing
Explanation: Gaining unauthorized access to a Bluetooth device is referred
to as bluesnarfing.
19. Answer: A. Script kiddie
Explanation: Unskilled individuals exploiting computer security loopholes
with the use of code and software written by someone else are called
script kiddies.
20. Answers: A, C, and E. System/application vulnerability, Social
engineering techniques, and System/application misconfiguration
Explanation: Unpatched system/application vulnerabilities, social
engineering, and system/application configuration errors are all factors
facilitating privilege escalation attacks.
21. Answer: C. White box
Explanation: A penetration test conducted with the use of prior knowledge
on how the system that is to be tested works is known as white box
testing.
22. Answers: A, C, and D. Bypasses security controls, Actively tests
security controls, and Exploits vulnerabilities
Explanation: Penetration testing bypasses security controls and actively
tests security controls by exploiting vulnerabilities. Passive testing of
security controls, identification of vulnerabilities and missing security
controls or common misconfigurations are the characteristic features of
vulnerability scanning.
23. Answer: B. False positive error
Explanation: An antivirus software identifying non-malicious code as a
virus due to faulty virus signature file is an example of a false positive
error.
24. Answer: A. False negative
Explanation: A situation where no alarm is raised when an attack has taken
place is an example of a false negative error.
25. Answer: D. ACL
Explanation: An Access Control List (ACL) contains a set of rules that
specify which users or system processes are granted access to objects as
well as what operations are allowed on a given object.
26. Answer: A. Tunnel
Explanation: IPsec can be implemented in a host-to-host transport mode
(where only the payload of the IP packet is usually encrypted and/or
authenticated) or in a network tunnel mode (where the entire IP packet is
encrypted and/or authenticated).
27. Answer: C. Signature-based
Explanation: Signature-based Intrusion Detection System is a type of IDS
that relies on known attack patterns in order to detect intrusions.
28. Answer: C. STP
Explanation: Spanning Tree Protocol (STP) is used to prevent switching
loops. Switching loop occurs when there's more than one active link
between two network switches, or when two ports on the same switch become
connected to each other.
29. Answer: B. Makes a WLAN harder to discover
Explanation: Service Set Identifier (SSID) is another term for the name of
a Wireless Local Area Network (WLAN). Wireless networks advertise their
presence by regularly broadcasting the SSID in a special packet called
beacon frame. In wireless networks with disabled security features knowing
the network SSID is enough to get access to the network. SSID can be
hidden by disabling the SSID broadcast on the Wireless Access Point (WAP),
but hidden SSID makes a WLAN only harder to discover and is not a true
security measure. Wireless networks with hidden SSID can still be
discovered with the use of a packet sniffing software. Security measures
that help in preventing unauthorized access to a wireless network include
strong encryption schemes such as WPA and WPA2.
30. Answer: C. MAC filter
Explanation: Network Access Control (NAC) method based on the physical
address (MAC address) of the Network Interface Card (NIC) is called MAC
filtering or MAC address filtering. 48-bit MAC address is a unique number
assigned to every network adapter. Devices acting as network access points
can have certain MAC addresses blacklisted or whitelisted and based on the
entry on either of the lists grant or deny access to the network.
31. Answer: C. SIEM
Explanation: Security Information and Event Management (SIEM) solutions
are used for real-time analysis of security alerts generated by network
hardware and applications.
32. Answer: B. DLP
Explanation: Data Loss Prevention (DLP) solutions are software or hardware
based security solutions designed to detect and prevent unauthorized use
and transmission of confidential information outside of a corporate
network.
33. Answer: A. True
Explanation: Network Access Control (NAC) defines a set of rules enforced
in a network that the clients attempting to access the network must comply
with. With NAC, policies can be enforced before or after end-stations gain
access to the network. NAC can be implemented as Pre-admission NAC where a
host must, for example, be virus free or have patches applied before it
can be allowed to connect to the network, and/or Post-admission NAC, where
a host is being granted/denied permissions based on its actions after it
has been provided with the access to the network.
34. Answer: A. Protocol analyzer
Explanation: Protocol analyzer (also known as packet sniffer) is a tool
used for capturing and analyzing contents of network packets.
35. Answer: C. Degaussing
Explanation: Degaussing provides the most effective way for permanent
removal of data stored on a magnetic drive.
36. Answer: C. Hiding data within another piece of data
Explanation: Steganography allows for hiding data within another piece of
data.
37. Answer: C. Honeypot
Explanation: A monitored host or network specifically designed to detect
unauthorized access attempts is known as a honeypot. This type of system
contains no valuable data and is used to divert the attacker's attention
from the corporate network. Multiple honeypots set up on a network are
known as a honeynet.
38. Answer: B. Banner grabbing
Explanation: The practice of connecting to an open port on a remote server
to gather more information about the service running on that port is
referred to as banner grabbing.
39. Answer: B. ping
Explanation: Command-line utility used for checking the reachability of a
remote host is called ping. Ping operates by sending Internet Control
Message Protocol (ICMP) echo request packets to the destination host and
waiting for a reply.
40. Answer: D. tracert
Explanation: Windows command-line utility for displaying intermediary
points (routers) the packet is passed through on its way to a destination
host is called tracert. Command-line program for testing the reachability
of a remote host is called ping. Windows command-line program for
displaying TCP/IP configuration details is called ipconfig. Command-line
utility used for displaying active TCP/IP connections is called netstat.
41. Answer: D. HIDS
Explanation: Host Based Intrusion Detection System (HIDS) is a security
application designed to monitor and analyze the local computer system for
malicious or anomalous activity. Common examples of HIDS are antivirus
software and anti-spyware applications.
42. Answer: C. UTM
Explanation: The term Unified Threat Management (UTM) refers to a network
security solution (commonly in the form of a dedicated device called UTM
appliance) which combines the functionality of a firewall with additional
safeguards such as for example URL filtering, spam filtering, gateway
antivirus protection, intrusion detection or prevention, content
inspection, or malware inspection.
43. Answer: A. DEP
Explanation: Data Execution Prevention (DEP) is a security feature in
modern operating systems that monitors applications to make sure they use
system memory safely. In Microsoft environment, DEP is defined as a set of
hardware and software technologies that perform additional checks on
memory to help protect against malicious code exploits. If a program tries
to execute code from memory in an incorrect way, DEP closes the program.
44. Answer: C. Tethering
Explanation: The term tethering refers to a mobile device's capability to
share its Internet connection with other devices.
45. Answer: B. BYOD
Explanation: The term Bring Your Own Device (BYOD) refers to a policy of
permitting employees to bring personally owned mobile devices and to use
those devices for accessing privileged company information and
applications.
46. Answer: D. SSH
Explanation: Secure Shell (SSH) is a tunneling protocol for secure remote
login and other secure network services designed as a replacement for
Telnet and other insecure remote shells.
47. Answer: B. SNMP
Explanation: Simple Network Management Protocol (SNMP) is a UDP-based,
Application Layer protocol used in network management systems to monitor
network-attached devices. SNMP is typically integrated into most modern
network infrastructure devices such as routers, bridges, switches,
servers, printers, copiers, fax machines, and other network-attached
devices. An SNMP-managed network consists of three key components: a
managed device, a network-management software module that resides on a
managed device (Agent), and a network management system (NMS) which
executes applications that monitor and control managed devices and collect
SNMP information from Agents. All SNMP-compliant devices include a virtual
database called Management Information Base (MIB) containing information
about configuration and state of the device that can be queried by the
SNMP management station.
48. Answers: A and B. SNMPv1 and SNMPv2
Explanation: Of the three existing versions of the Simple Network
Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer
authentication based on community strings sent in unencrypted form (in
cleartext). SNMPv3 provides packet encryption, authentication, and hashing
mechanisms that allow for checking whether data has changed in transit.
49. Answer: D. DMZ
Explanation: In the context of computer security, the term Demilitarized
Zone (DMZ) refers to a lightly protected subnet consisting of publicly
available servers placed on the outside of the company's firewall.
50. Answer: C. NAT
Explanation: Network Address Translation (NAT) is a technology that
provides an IP proxy between a private Local Area Network (LAN) and a
public network such as the Internet. Computers on the private LAN can
access the Internet through a NAT-capable router which handles the IP
address translation. NAT hides the internal IP addresses by modifying IP
address information in IP packet headers while in transit across a traffic
routing device.
51. Answer: A. True
Explanation: A logical grouping of computers that may be physically
located on different parts of a LAN is called Virtual Local Area Network
(VLAN). VLANs allow computer hosts to act as if they were attached to the
same broadcast domain, regardless of their physical location. VLAN
membership can be configured through software instead of physically
relocating devices or connections, and VLANs are often created with the
use of switches equipped with additional software features.
52. Answer: D. Proxy server
Explanation: In computer networks, a computer system or an application
that acts as an intermediary between another computer and the Internet is
commonly referred to as a proxy server.
53. Answer: C. Trusted Platform Module (TPM)
Explanation: The Trusted Platform Module (TPM) is a specification,
published by the Trusted Computing Group (TCG), for a microcontroller that
can store secured information, and also the general name of
implementations of that specification. Trusted Platform Modules are
hardware based security microcontrollers that store keys, passwords and
digital certificates and protect this data from external software attacks
and physical theft. TPMs are usually embedded on the motherboard of a
personal computer or laptop, but they can also be used in other devices
such as mobile phones or network equipment. The nature of hardware-based
cryptography ensures that the information stored in hardware is better
protected from external attacks executed with the use of software.
54. Answer: A. UEFI
Explanation: Unified Extensible Firmware Interface (UEFI) is a firmware
interface designed as a replacement for BIOS. UEFI offers a variety of
improvements over BIOS including Graphical User Interface (GUI), mouse
support, network access capability, or security boot functionality
designed to prevent the loading of malware and unauthorized operating
systems during the computer start-up process.
55. Answer: A. True
Explanation: Disabling unnecessary ports and services is one of the
measures for securing an Operating System (OS) software.
56. Answer: D. With enhanced security features
Explanation: The term Trusted OS refers to an operating system with
enhanced security features. The most common access control model used in
Trusted OS is Mandatory Access Control (MAC). Examples of Trusted OS
implementations include Security Enhanced Linux (SELinux) and FreeBSD with
the TrustedBSD extensions.
57. Answer: A. Guest account
Explanation: An MS Windows account that enables users to have temporary
access to a computer without the capability to install software or
hardware, change settings, or create a user password is called Guest. Due
to the fact that the Guest account in Windows allows a user to log on to a
network, browse the Internet, and shut down the computer, it is
recommended to keep it disabled when it isn't needed.
58. Answer: B. SCADA
Explanation: Supervisory Control And Data Acquisition (SCADA) is a control
system providing the capability for real-time monitoring and gathering
information related to industrial equipment.
59. Answer: D. HVAC
Explanation: Heating, Ventilation, and Air Conditioning (HVAC) systems are
used for controlling temperature and humidity.
60. Answer: D. Fuzzing
Explanation: Finding vulnerability in an application by feeding it
incorrect input is known as fuzzing, or fuzz test.
61. Answer: B. Hypervisor
Explanation: A software application used to manage multiple guest
operating systems on a single host system is called hypervisor.
62. Answer: B. SaaS
Explanation: Software as a Service (SaaS) is a type of cloud computing
infrastructure where applications are hosted over a network (typically
Internet) eliminating the need to install and run the software on the
customer's own computers which simplifies maintenance and support.
Compared to conventional software deployment which requires licensing fee
and often investment in additional hardware on the client side, SaaS can
be delivered at a lower cost by providing remote access to applications
and pricing based on monthly or annual subscription fee.
63. Answer: A. IaaS
Explanation: Infrastructure as a Service (IaaS) is one of the cloud
computing infrastructure types where clients, instead of buying all the
hardware and software, purchase computing resources as an outsourced
service from suppliers who own and maintain all the necessary equipment.
The clients usually pay for computational resources on a per-use basis. In
IaaS, cost of the service depends on the amount of consumed resources.
64. Answer: C. PaaS
Explanation: Platform as a Service (PaaS) is a category of cloud computing
services providing cloud-based application development tools, in addition
to services for testing, deploying, collaborating on, hosting, and
maintaining applications.
65. Answer: B. Mantraps
Explanation: Mantraps are two-door entrance points connected to a guard
station. A person entering mantrap from the outside remains inside until
he/she provides authentication token required to unlock the inner door.
Mantraps are used to prevent tailgating, which is the practice of gaining
unauthorized access to restricted areas by following another person.
66. Answer: A. Biometrics
Explanation: In computer security, biometrics refers to physical
characteristics of the human body that can be used for identification and
access control purposes.
67. Answers: B and D. RADIUS and TACACS+
Explanation: Authentication, Authorization, and Accounting (AAA) is a
security architecture framework designed for verification of the identity
of a person or process (authentication), granting or denying access to
network resources (authorization), and tracking the services users are
accessing as well as the amount of network resources they are consuming
(accounting). Remote Authentication Dial-In User Service (RADIUS) and
Terminal Access Controller Access Control System Plus (TACACS+) are
examples of protocols providing the AAA functionality.
68. Answer: A. Password and biometric scan
Explanation: Authentication is proving user identity to a system.
Authentication process can be based on different categories of
authentication factors, including unique physical traits of each
individual such as fingerprints ("something you are"), physical tokens
such as smart cards ("something you have"), or user names and passwords
("something you know"). Additional factors might include geolocation
("somewhere you are"), or user-specific activity patterns such as for
example keyboard typing style ("something you do"). Multi-factor
authentication systems require implementation of authentication factors
from two or more different categories.
69. Answer: A. SSO
Explanation: An authentication subsystem that enables a user to access
multiple, connected system components (such as separate hosts on a
network) after a single login at only one of the components is known as
Single Sign-On (SSO). A single sign-on subsystem typically requires a user
to log in once at the beginning of a session, and then during the session
grants further access to multiple, separately protected hosts,
applications, or other system resources without further login action by
the user.
70. Answer: D. MAC
Explanation: Mandatory Access Control (MAC) is an access control model
where every resource has a sensitivity label matching a clearance level
assigned to a user (to be able to access the resource, user's clearance
level must be equal or higher than the sensitivity level assigned to the
resource). With mandatory access control users cannot set or change access
policies at their own discretion; labels and clearance levels can only be
applied and changed by an administrator.
71. Answer: C. DAC
Explanation: In Discretionary Access Control (DAC) model every object has
an owner who at his/her own discretion determines what kind of permissions
other users can have to that object. DAC is also referred to as an access
control method based on user identity.
72. Answer: C. Fingerprint scanner
Explanation: In computer security, user's identity can be verified either
by examining something that the user knows (a user name or password),
something that the user has (a physical object such as smart card), or
something that the user is (unique trait of every single person such as
finger print or pattern of a human eye iris). Biometric authentication
systems are based on examining the unique traits of a user and fingerprint
scanner is an example of a biometric device.
73. Answer: D. BPA
Explanation: Business Partners Agreement (BPA) is a key document governing
the relationship between two business organizations.
74. Answer: C. SLA
Explanation: An agreement between a service provider and the user(s)
defining the nature, availability, quality, and scope of the service to be
provided is known as Service Level Agreement (SLA).
75. Answer: A. ISA
Explanation: The term Interconnection Security Agreement (ISA) refers to
an agreement established between the organizations that own and operate
connected IT systems to document the technical requirements of the
interconnection.
76. Answer: B. MoU
Explanation: A document established between two or more parties to define
their respective responsibilities in accomplishing a particular goal or
mission is known as Memorandum of Understanding (MoU).
77. Answer: A. True
Explanation: One of the goals behind the mandatory vacations policy is to
mitigate the occurrence of fraudulent activity within the company.
78. Answer: D. Separation of duties
Explanation: A concept of having more than one person required to complete
a given task is known as separation of duties. By delegating tasks and
associated privileges for a specific process among multiple users this
internal control type provides a countermeasure against fraud and errors.
79. Answer: B. Clean desk policy
Explanation: A sticky note with a password kept on sight in user's cubicle
would be a violation of clean desk policy.
80. Answer: B. AUP
Explanation: Acceptable Use Policy (AUP) is a set of rules enforced in a
network that restrict the use to which the network may be put.
81. Answer: A. Recovery Time Objective (RTO)
Explanation: A maximum acceptable period of time within which a system
must be restored after failure is also known as Recovery Time Objective
(RTO). RTOs are established at the Business Impact Analysis (BIS) stage of
the Business Continuity Planning (BCP). The goal of a Business Impact
Analysis is to determine the impact of any disruption of the activities
that support the organization's key products and services. A key aspect of
determining the impact of a disruption is identifying the so called
Maximum Tolerable Period of Disruption (MTPOD), which is the maximum
amount of time that an enterprise's key products or services can be
unavailable or undeliverable after an event that causes disruption to
operations. The goal of Recovery Time Objective is to ensure that the
Maximum Tolerable Period of Disruption (MTPD) for each activity is not
exceeded.
82. Answer: A. SLE
Explanation: The term Single Loss Expectancy (SLE) is used to describe the
loss of value to an asset based on a single security incident.
83. Answer: B. ALE
Explanation: Annual Loss Expectancy (ALE) risk assessment formula defines
probable financial loss due to a risk over a one-year period.
84. Answer: C. ARO
Explanation: Annualized Rate of Occurrence (ARO) formula is an estimate
based on the historical data of how often a threat would be successful in
exploiting a vulnerability. In quantitative risk assessment, this term is
used for estimating the likelihood of occurrence of a future threat.
85. Answer: D. Risk transference
Explanation: Contracting out a specialized technical component when the
company's employees lack the necessary skills is an example of risk
transference.
86. Answer: B. Risk avoidance
Explanation: Disabling certain system functions or shutting down the
system when risks are identified is an example of risk avoidance.
87. Answer: A. Order of volatility
Explanation: In forensic procedures, a sequence of steps in which
different types of evidence should be collected is known as order of
volatility.
88. Answer: B. Chain of custody
Explanation: In incident response procedures a process that ensures proper
handling of collected evidence is called chain of custody.
89. Answer: B. Hot site
Explanation: A hot site is a type of backup site that allows for fastest
disaster recovery. Hot site constitutes a mirror copy of the original
site, with all the facilities, equipment, and data readily available for
use in case of emergency.
90. Answer: B. False
Explanation: A cold site is the least expensive type of backup site for an
organization to operate. It is a type of an alternate site that offers
only the basic facilities, which means that in case of emergency all the
equipment and data must be moved to the site first to make it operational.
91. Answers: D and E. All copies of incremental backups made since the
last full backup and Copy of the last full backup
Explanation: Restoring data from an incremental backup requires a copy of
the last full backup as well as all copies of incremental backups made
since the last full backup.
92. Answer: A. True
Explanation: In computer security, the term dumpster diving is used to
describe a practice of sifting through trash for discarded documents
containing sensitive data. Found documents containing names and surnames
of the employees along with the information about positions held in the
company and other data can be used to facilitate social engineering
attacks. Having the documents shredded or incinerated before disposal
makes dumpster diving less effective and also mitigates the risk of social
engineering attacks.
93. Answer: B. PII
Explanation: Personally Identifiable Information (PII) includes any type
of information pertaining to an individual that can be used to uniquely
identify that individual. Identity of a person can be established by
tracing their most basic attributes such as name, surname, phone number or
traditional mailing address, but also through their social security or
credit card numbers, IP or email addresses, or data collected via
biometric devices. Security of PII has become major concern for companies
and organizations due to the accessibility of this type of data over the
Internet, but also due to misuse of personal electronic devices such as
USB drives or smartphones that are easily concealable and can carry large
amounts of data.
94. Answers: A and C. Asymmetric encryption and Suitable for small
wireless devices
Explanation: Elliptic Curve Cryptography (ECC) is a type of asymmetric
encryption. ECC provides strong encryption while requiring less processing
power than other encryption methods which makes it suitable for small
wireless devices such as handhelds and cell phones.
95. Answers: A, B, and D. Is a symmetric encryption algorithm, Uses 128-,
192-, and 256-bit keys, and Uses block cipher algorithm
Explanation: Advanced Encryption Standard (AES) is a strong symmetric
encryption algorithm. AES uses block cipher algorithm with the block size
of 64 bits (compared to stream ciphers which process data by encrypting
individual bits, block cipher divides data into separate fragments and
encrypts each fragment separately). AES uses 128-, 192-, and 256-bit
encryption keys
96. Answer: B. WPA2
Explanation: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy
(WEP) are encryption standards designed for securing wireless networks.
WEP is an older standard and due to its vulnerabilities is not
recommended. WPA was designed as an interim replacement for WEP, and WPA2
was introduced as the official standard offering the strongest security of
the three.
97. Answer: A. CCMP
Explanation: Counter Mode Cipher Block Chaining Message Authentication
Code Protocol (CCMP) is an encryption mode implemented in the Wi-Fi
Protected Access II (WPA2) security protocol. CCMP relies on the Advanced
Encryption Standard (AES) providing much stronger security than the Wired
Equivalent Privacy (WEP) protocol and Temporal Key Integrity Protocol
(TKIP) implemented in Wi-Fi Protected Access (WPA).
98. Answer: D. Captive portal
Explanation: Captive portals allow administrators to block Internet access
for users until they perform required action. An example captive portal
could be a web page requiring authentication and/or payment (e.g. at a
public Wi-Fi hotpot) before a user is allowed to proceed and use the
Internet access service.
99. Answer: B. OCSP
Explanation: Online Certificate Status Protocol (OCSP) allows for querying
Certificate Authority (CA) for validity of a digital certificate. Another
solution for checking whether a certificate has been revoked is
Certificate Revocation List (CRL). CRLs are updated regularly and sent out
to interested parties. Compared to CRL, OCSP allows for querying the CA at
any point in time and retrieving information without any delay.
100. Answer: B. Key escrow
Explanation: Key escrow is a storage solution used to retain copies of private encryption keys.