Combined Questions

Question: 2 [Preplogic Question: 11344-1066]

What is required to successfully join an 802.11 Wireless LAN (WLAN)?

Select the best answer. A. WPA

B. WEP

C. SSID

D. TLS

Correct Answer: Correct Answer: Correct Answer: Correct Answer: C Explanations: Explanations: Explanations: Explanations:

A. A. A. A. WPA

Incorrect. WPA is not strictly required to join 802.11 networks; this is necessary only where such security is enforced. B. B. B. B. WEP

Incorrect. Wired Equivalent Privacy (WEP) is a retired algorithmic solution to secure wireless networks. It has since been replaced by WPA. C. C. C. C. SSID

Correct. Service Set Identifiers (SSIDs) are logical labels given to wireless devices broadcasted to wireless client devices. This is the basis upon which wireless networks aredesignated and connected. D. D. D. D. TLS

Incorrect. Transport Layer Security (TLS) is a network protocol that provides

of 2


cryptographic security against cleartext transmissions. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

of 2


Which of the following protocols would you typically use to establish VPN connectivity?

Select the TWO best answers. A. PPTP

B. L2TP

C. SLIP

D. PPP

Correct Answer: Correct Answer: Correct Answer: Correct Answer: A, B Explanations: Explanations: Explanations: Explanations:

A. A. A. A. PPTP

Correct. Point-to-Point Tunneling Protocol (PPTP) provides encrypted tunneling for IP traffic. B. B. B. B. L2TP

Correct. Layer 2 Tunneling Protocol (L2TP) is used by ISPs to operate VPNs over the Internet network. C. C. C. C. SLIP

Incorrect. Serial Line Internet Protocol (SLIP) is an obsolete compromise between direct-connect and dial-up network access. D. D. D. D. PPP

Incorrect. Point-to-Point Protocol (PPP) provides encapsulation of data packets sent across a Wide Area Network (WAN) link.

Page 1 of 2

student

Typewritten Text

Point to point tunneling protocol: VPN

student

Typewritten Text

student

Typewritten Text

student

Typewritten Text

student

Typewritten Text

student

Typewritten Text

student

Typewritten Text

student

Typewritten Text

Layer 2 Tunneling Protocol - VPN

student

Typewritten Text

Serial Line Internet protocol: Replaced by PPP

student

Typewritten Text

student

Typewritten Text

Point to Point Protocol: Remote Access via Dialup


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [remoteaccesstochap.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following is a strongly recommended method for authenticating users?

Select the best answer. A. Tokens

B. Passwords

C. Multi-factor

D. Biometrics


A. A. A. A. Tokens

Incorrect. Three common methods of user authentication are tokens, passwords, and biometrics. Tokens are physical devices that use random codes to verify the identification. By themselves, tokens aren't the most secure---and therefore most strongly recommended---method of authentication. B. B. B. B. Passwords

Incorrect. Three common methods of user authentication are tokens, passwords, and biometrics. Passwords are the most common method of authentication, where the correct password must be provided for successful authentication. By themselves, passwords aren't the most secure---and therefore most strongly recommended---method of authentication. C. C. C. C. Multi-factor

Correct. Multi-factor uses a combination of authentication methods in place of or in

Page 1 of 2


conjunction with traditional usernames and passwords. With more than a single method used for authentication, a system admin can be sure that their network is as secure as possible. D. D. D. D. Biometrics

Incorrect. Three common methods of user authentication are tokens, passwords, and biometrics. Biometrics relies on a physical attribute of a user for authentication. While biometric authentication is very strong in its own right, a single method of authentication will never be as strong as one that employs multiple means. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [summaryofauthenticationmethods.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


As network administrator, you are responsible for implementing additional devices to expand coverage to new departments. What do you install to deliver packets based on IP addresses and TCP/UDP payloads?

Select the best answer. A. Switch

B. Gateway

C. Router

D. Bridge


A. A. A. A. Switch

Incorrect. A switch is concerned with connecting networks based on data link (Layer 2) forwarding decisions. B. B. B. B. Gateway

Incorrect. A gateway device provides unified access between users and resources and may translate protocols, but is incorrect for basing routing needs. C. C. C. C. Router

Correct. A router can base routing decisions based on IP address and protocol payload information. D. D. D. D. Bridge

Incorrect. A network bridge is concerned with connecting network segments at the data

Page 1 of 2

student

Typewritten Text

Layer 2 DATA LINK LAYER

student

Typewritten Text

ALL 7 LAYERS OF THE OSI MODEL

student

Typewritten Text

LAYER 3: NETWORK LAYER

student

Typewritten Text

LAYER 2: DATA LINK LAYER


link (Layer 2) portion of the OSI TCP/IP reference model. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


What is the most common security issue with a modem?

Select the best answer. A. It can be used to circumvent the firewall.

B. Its slow speed makes monitoring impractical.

C. It also operates in fax mode.

D. It utilizes an AT command set.

Correct Answer: Correct Answer: Correct Answer: Correct Answer: A Explanations: Explanations: Explanations: Explanations:

A. A. A. A. It can be used to circumvent the firewall.

Correct. Rogue modems undermine security because they open unchecked paths that bypass firewalls. B. B. B. B. Its slow speed makes monitoring impractical.

Incorrect. Slow throughput rates should not adversely affect monitoring applications, so this is not a direct security implication. C. C. C. C. It also operates in fax mode.

Incorrect. There may be associative issues with the fax machine itself, but this is not a prominent security issue with modems in general. D. D. D. D. It utilizes an AT command set.

Incorrect. This command set is necessary for operating modems and does not pose a security threat.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


What is a brute force attack against a message digest called?

Select the best answer. A. Birthday attack

B. Denial of Service

C. Social engineering

D. Dictionary attack.


A. A. A. A. Birthday attack

Correct. The birthday method is a brute force attack used to find hash collisions, or incorrect inputs that produce similar hash results. B. B. B. B. Denial of Service

Incorrect. A DoS attack disrupts service availability or network connectivity so that others are unable to use either. C. C. C. C. Social engineering

Incorrect. A social engineering attack uses finesse (the opposite of brute force) to deceive users or administrators into revealing sensitive information or delivering resource access to an unauthorized party. D. D. D. D. Dictionary attack.

Incorrect. While a dictionary attack is a brute force attack, it is not done against a

Page 1 of 2


message digest, but rather a way of cracking passwords by issuing repeated attempts based on a dictionary of words, phrases and common passwords. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following attacks involves appearing as an authorized source to gain accessinto a network?

Select the best answer. A. Masquerading

B. Brute force

C. Man in the Middle

D. IP spoofing

Correct Answer: Correct Answer: Correct Answer: Correct Answer: D Explanations: Explanations: Explanations: Explanations:

A. A. A. A. Masquerading

Incorrect. A masquerading attack involves physically impersonating another to attain actual access to servers or network equipment and other authorized resources. B. B. B. B. Brute force

Incorrect. A brute force attack seeks to obtain credentials so that unauthorized users may access authorized personnel resources. C. C. C. C. Man in the Middle

Incorrect. An MitM attack intervenes on trusted communications between private parties to obtain confidential or sensitive information. D. D. D. D. IP spoofing

Correct. A spoofing attack occurs when an individual attempts to provide false

Page 1 of 2


information about their identity to gain access to a network or system. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


Among the following attack scenarios, which is described as a disruption of connectivity or services for legitimate users?

Select the best answer. A. Session hijacking

B. IP spoofing

C. Session replay

D. Denial of Service


A. A. A. A. Session hijacking

Incorrect. Session hijacking is when an attacker intervenes and co-opts an established connection. B. B. B. B. IP spoofing

Incorrect. Session spoofing occurs when an attacker masquerades as a trusted source to gain privileged access. C. C. C. C. Session replay

Incorrect. A replay attack utilizes previously-recorded traffic (with modified time-sensitive parameters) to recreate authenticated sessions. D. D. D. D. Denial of Service

Correct. A DoS attack (and its amplified cousin DDoS) refer to attacks that deny

Page 1 of 2


availability or connectivity for legitimate users. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure References: References: References: References: 1. Audio Explanation [devicetoweak.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following are good security practices that contribute towards hardening of an operating system?

Select the TWO best answers. A. Remove all accounts except guest and administrator.

B. Remove unnecessary services.

C. Remove unnecessary accounts.

D. Rename administrative accounts

E. Restore anonymous FTP

Correct Answer: Correct Answer: Correct Answer: Correct Answer: B, C Explanations: Explanations: Explanations: Explanations:

A. A. A. A. Remove all accounts except guest and administrator.

Incorrect. While eliminating unnecessary and unused system accounts is good practice, there is little security benefit in eradicating all legitimate accounts. B. B. B. B. Remove unnecessary services.

Correct. Having few operational services in use at all times reduces the effective number of entrypoints a potential attacker has into a target network or server. C. C. C. C. Remove unnecessary accounts.

Correct. Removal of unnecessary and particularly unused accounts reduces the number of available avenues an attacker can take into the system. D. D. D. D. Rename administrative accounts

Page 1 of 2


Incorrect. This practice is called security through obscurity?which is to say no security whatsoever. Though widely practiced, it adds no security. E. E. E. E. Restore anonymous FTP

Incorrect. Operation of FTP servers does not provide a hardened environment. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Systems Security References: References: References: References: 1. Audio Explanation [hardeningtopatch.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


A network-based Intrusion Detection System (NIDS) may utilize one or several strategies to detect malicious traffic. Which capability provides signature-matching, stateful inspection and applies RFC rules?

Select the best answer. A. Heuristic analysis

B. Pattern matching

C. Stateful inspection

D. Protocol decode analysis


A. A. A. A. Heuristic analysis

Incorrect. A heuristic analysis engine uses signatures but also statistically analyzes traffic based on the idea that certain patterns may be detected a few times before being labeled as suspicious. B. B. B. B. Pattern matching

Incorrect. A pattern matching network IDS (NIDS) operate like antivirus software using a database of signatures to identify security threats. C. C. C. C. Stateful inspection

Incorrect. A stateful inspection engine goes a step beyond pattern matching to maintain session states and reassemble fragmented transmissions. D. D. D. D. Protocol decode analysis

Page 1 of 2


Correct. A protocol analyzer enhances stateful inspection by applying Request For Comment (RFC) rules to identify suspicious traffic patterns. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


Among the following answers, which explains why a router can limit the damage caused by sniffing and Man-in-the-Middle (MitM) attacks?

Select the best answer. A. Denial of Service protection

B. Subnet segmentation

C. Subnet broadcast

D. Distributed Denial of Service protection

Correct Answer: Correct Answer: Correct Answer: Correct Answer: B Explanations: Explanations: Explanations: Explanations:

A. A. A. A. Denial of Service protection

Incorrect. Select routers provide protection against DoS attacks, but these methods do not prevent sniffing and MitM attacks. B. B. B. B. Subnet segmentation

Correct. Due to MAC-based switching, endpoints on a subnet segmented by a router cannot directly listen to general conversations unless MAC flooding or cache poisoning techniques are used. C. C. C. C. Subnet broadcast

Incorrect. A subnet-based network broadcast system only facilitates sniffing and MitM, which are localized attacks. D. D. D. D. Distributed Denial of Service protection

Incorrect. Certain routers are capable of protecting networks against DDoS attacks, but

Page 1 of 2


select countermeasures have no bearing on sniffing or MitM attacks. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure References: References: References: References: 1. Audio Explanation [spoofingtodos.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Your company is allocated a single IP address and needs three internal servers accessible and available to the Internet. What service can you employ to satisfy this requirement?

Select the best answer. A. DHCP

B. DNS

C. NAT

D. FTP

Correct Answer: C Explanations:

A. DHCP

Incorrect. Dynamic Host Configuration Protocol (DHCP) facilitates the automatic allocation and assignment of IP addresses. B. DNS

Incorrect. Domain Name Service (DNS) provides numeric-to-name-based resolutions for IP addresses. C. NAT

Correct. Network Address Translation (NAT) establishes a means of connecting multiple clients and mediating connections to the Internet. D. FTP

Incorrect. File Transfer Protocol (FTP) enables directory-based remote file sharing, which

Page 1 of 2


does not facilitate connection sharing. Exam Objective: Network Infrastructure Notes:

Page 2 of 2


As an independent security consultant you are tasked with auditing security on a company network where only the CIO and CTO know you're present. You identify yourselfas a help desk team member and successfully gain access to a secure space. Name this attack.

Select the best answer. A. Denial of Service

B. Replay attack

C. Spoofing attack

D. Social engineering


A. A. A. A. Denial of Service

Incorrect. A DoS attack neither involves nor includes gaining physical access to a secure space, so this answer is incorrect. B. B. B. B. Replay attack

Incorrect. A replay attack involves reissuing recorded data over a network in an attempt to gain electronic access to remote resources. C. C. C. C. Spoofing attack

Incorrect. A spoofing attack involves false identification as above, but is conducted against computing and routing devices via the network. D. D. D. D. Social engineering

Page 1 of 2


Correct. A successful social engineering attempt results in an unauthorized party gainingauthorized access to secure spaces. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Organizational Security References: References: References: References: 1. Audio Explanation [trickerytophishing.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Your network implements digital certificates. One of the users has been terminated. What should be done with the user's certificate?

Select the best answer. A. The certificate should be deleted.

B. The certificate should be assigned to the user filling the position.

C. The certificate should be revoked.

D. Nothing. The certificate will eventually expire.


A. A. A. A. The certificate should be deleted.

Incorrect. In order to mark the certificate as invalid it must be revoked, not deleted. B. B. B. B. The certificate should be assigned to the user filling the position.

Incorrect. A certificate cannot be assigned to another user. C. C. C. C. The certificate should be revoked.

Correct. Revoking a certificate makes that certificate invalid. If a user leaves an organization, the certificate should be revoked so it can no longer be used. D. D. D. D. Nothing. The certificate will eventually expire.

Incorrect. All certificates have an expiration date. However, letting the certificate simply expire compromises security. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Cryptography References: References: References: References: 1. Audio Explanation [digitaltotacacs.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Layer 2 Tunneling Protocol (L2TP) and PPTP both operate at which layer of the OSI TCP/IP model?

Select the best answer. A. Data link layer

B. Physical layer

C. Transport layer

D. Network layer

Correct Answer: A Explanations:

A. Data link layer

Correct. L2TP and the PPTP are both Layer 2 (data link) protocols. These technologies create a secure communication channel over an insecure connection. B. Physical layer

Incorrect. L2TP and PPTP do not operate at Layer 1 of the OSI TCP/IP model. C. Transport layer

Incorrect. L2TP and PPTP do not operate at Layer 4 of the OSI model. D. Network layer

Incorrect. L2TP and PPTP do not operate at Layer 3 of the OSI model. Exam Objective:

Page 1 of 2


Network Infrastructure Notes:

Page 2 of 2


Which of the following choices is NOT a good policy to include in an Acceptable Use Policy (AUP)?

Select the best answer. A. Default password choices

B. Acceptable password length

C. Password change frequency

D. Permissible password characters


A. A. A. A. Default password choices

Correct. Among all answer choices, this one does not properly reflect AUP practices. B. B. B. B. Acceptable password length

Incorrect. An AUP outlines usage practices for administratively-managed network resources including acceptable password policy. C. C. C. C. Password change frequency

Incorrect. AUPs define several criteria for acceptable password selection including the interval at which passwords change. D. D. D. D. Permissible password characters

Incorrect. An AUP can outline several acceptable practices regarding password selections including valid character sets.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Organizational Security References: References: References: References: 1. Audio Explanation [legislativetopassword.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Security baselines always include what of the following answer choices?

Select the best answer. A. Operational standards

B. Automatic enforcement

C. Minimum standards

D. Protocol formats


A. A. A. A. Operational standards

Incorrect. Federal, regulatory and security compliance standards are generally part of anysecurity baseline, but operational standards may not be. B. B. B. B. Automatic enforcement

Incorrect. As oral and written guidelines, security baselines require supportive applications and services for automatic enforcement. C. C. C. C. Minimum standards

Correct. Security baselines always establish a minimum level of appropriate security standards. D. D. D. D. Protocol formats

Incorrect. Security baselines are not designed with protocol format considerations, but may include specifications for particular format usage.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Organizational Security Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following statements is true regarding computer cookies?

Choose all that apply. A. Cookies store locally as ordinary text files.

B. Cookies identify a client browser to a server computer.

C. Cookies are obtained through client browser requests.

D. Cookies must always be accepted by client browsers.


A. A. A. A. Cookies store locally as ordinary text files.

Correct. A cookie file is usually stored as a local text file, but other formats are possible. B. B. B. B. Cookies identify a client browser to a server computer.

Correct. A cookie file keeps track of user-authenticated session data for individual server identification purposes. C. C. C. C. Cookies are obtained through client browser requests.

Incorrect. A cookie file is typically issued by the server to identify the client and not requested by the client software. D. D. D. D. Cookies must always be accepted by client browsers.

Incorrect. Many applications are designed to use cookies but there is no strict requirement demanding their acceptance. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Systems Security Notes: Notes: Notes: Notes:

Page 2 of 2


What encryption protocol would you employ to secure access to and transmission through an 802.11 wireless network?

Select the best answer. A. WAP

B. WEP

C. WPA

D. WTLS


A. A. A. A. WAP

Incorrect. The Wireless Application Protocol (WAP) enables access and interaction with various information services through mobile phones and other wireless devices. B. B. B. B. WEP

Incorrect. Wired Equivalent Privacy (WEP) is a deprecated (i.e., not recommended for use) standard for encrypting wireless transmissions, but inherent design flaws make it unsuitable for modern security needs. C. C. C. C. WPA

Correct. Wi-Fi Protected Access implements the 802.11i standard to protect wireless networks with greater strength and reliability than the former WEP standard. D. D. D. D. WTLS

Incorrect. Wireless TLS provides the cryptographic security layer and authentication for

Page 1 of 2


Wireless Access Protocol (WAP) devices. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure References: References: References: References: 1. Audio Explanation [ssltosecuremail.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


The type of access control that uses security labels is _________.

Select the best answer. A. MAC

B. DAC

C. RBAC

D. ACL


A. A. A. A. MAC

Correct. Security labels used in Mandatory Access Control (MAC) ensure that a single security clearance isn't granted access across the system. B. B. B. B. DAC

Incorrect. Discretionary Access Control (DAC) is the most common form, one that doesn't require labels or labeling for access attributes. C. C. C. C. RBAC

Incorrect. Role-Based Access Control (RBAC) utilizes security concepts that correspond directly to a user's job function and status, but makes no use of label schemes. D. D. D. D. ACL

Incorrect. An Access Control List (ACL) contains entries (not labels) for subjects and their specified object permissions.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [separationtolabels.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Among the following choices, which is NOT a consideration for utilizing virtualization technology in enterprise environments?

Select the best answer. A. Isolation between computing domains and platforms.

B. Logical partitioning of existing physical resources.

C. Enhanced resource allocation and utilization.

D. Impenetrability from any real or imagined threat.


A. A. A. A. Isolation between computing domains and platforms.

Incorrect. Virtualization enables the isolation of core servers and services to mitigate risk and counteract holistic attacker-based control over combined systems. B. B. B. B. Logical partitioning of existing physical resources.

Incorrect. Virtualization provides the ability to create several distinct operating system instances running concurrently on the same hardware. C. C. C. C. Enhanced resource allocation and utilization.

Incorrect. Virtualization improves how existing physical resources are assigned and used, making for optimal usage of configured devices. D. D. D. D. Impenetrability from any real or imagined threat.

Correct. Virtualization is not designed to defend against sources or variations of attack,

Page 1 of 2


so this answer is completely incorrect. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Systems Security References: References: References: References: 1. Audio Explanation [virtulizationtechnology.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


A company has asked you, and independent security consultant, to improve their current password security practices. What standard provides a fairly strong level of security for password creation?

Select the best answer. A. Minimum 8 characters, only alphabetic and numeric characters.

B. Maximum 14 characters, including alphanumerics and punctuation.

C. Minimum 8 characters, based on portion of the login name.

D. Minimum 8 characters, including alphanumerics, mixed case and punctuation.


A. A. A. A. Minimum 8 characters, only alphabetic and numeric characters.

Incorrect. This most basic answer excludes many other strength-enhancing properties of password selection, making this a poor choice. B. B. B. B. Maximum 14 characters, including alphanumerics and punctuation.

Incorrect. While this answer reflects decent password choices, it does not reflect fairly strong security practices. C. C. C. C. Minimum 8 characters, based on portion of the login name.

Incorrect. No security mechanism is truly effective with weak password selections. Using a part of the known username in the presumably unknown password dramatically reduces the effectiveness of most password systems. D. D. D. D. Minimum 8 characters, including alphanumerics, mixed case and punctuation.

Page 1 of 2


Correct. Medium-strength password security requirements enforce entries 8-13 characters in length using a combination of all available characters and cases (upper and lower). Exam Objective: Exam Objective: Exam Objective: Exam Objective: Organizational Security References: References: References: References: 1. Audio Explanation [comparisontodomain.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Almost no integrity checking exists in TACACS+ making it susceptible to which of the following attacks?

Select the best answer. A. IP spoofing

B. Replay attack

C. Denial of Service

D. Brute force


A. A. A. A. IP spoofing

Incorrect. An IP spoofing attack forges sender addresses to appear like trusted addresses to manipulate trust-based systems. B. B. B. B. Replay attack

Correct. A protocol replay attack utilizes previously-recorded data (with modified parameters) to recreate a session or manipulate a service, which TACACS+ does not check against. C. C. C. C. Denial of Service

Incorrect. A DoS attack blocks access to applications or services such that no user?authorized or otherwise?may obtain access. D. D. D. D. Brute force

Incorrect. A brute force attack cycles through password entries in attempt to obtain

Page 1 of 2


access to protected resources. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [digitaltotacacs.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following is the standard that provides for extensible authentication over both wired and wireless media links?

Select the best answer. A. 802.11

B. 802.1x

C. 802.3

D. 802.16


A. A. A. A. 802.11

Incorrect. The 802.11 specification standardizes features, formats and functions for wireless network devices. B. B. B. B. 802.1x

Correct. The 802.1x specification sets the standard for port-based network access control for authentication purposes. C. C. C. C. 802.3

Incorrect. The 802.3 specification standardizes sublayer properties of Ethernet network technologies. D. D. D. D. 802.16

Incorrect. The 802.16 specification standardizes broadband wireless access for use in

Page 1 of 2


Wireless Metropolitan Area Networks (WMAN). Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


LDAP requires ____ port number ____ to be open on the firewall.

Select the best answer. A. TCP, 398.

B. TCP, 389.

C. UDP, 388.

D. UDP, 399.


A. A. A. A. TCP, 398.

Incorrect. UDP port 398 is used for Kryptolan, according to IANA port assignment. B. B. B. B. TCP, 389.

Correct. TCP port 389 is used for LDAP. C. C. C. C. UDP, 388.

Incorrect. UDP port 388 is used by Unidata LDM, according to IANA port assignment. D. D. D. D. UDP, 399.

Incorrect. UDP port 399 is used for ISO transport class 2, according to IANA port assignment. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control

Page 1 of 2


Notes: Notes: Notes: Notes:

Page 2 of 2


What is a logic bomb?

Select the best answers. A. Time-delayed malicious code.

B. Event-driven malicious code.

C. Self-replicating malicious code.

D. Brute-force malicious code.


A. A. A. A. Time-delayed malicious code.

Correct. Logic bombs can be pre-programmed to occur at a specific time and/or date with either minor (humorous) or major (damaging) consequence. B. B. B. B. Event-driven malicious code.

Correct. Logic bombs can be pre-programmed to occur based on some pre-defined event, such as the running of some application or navigating to some website. C. C. C. C. Self-replicating malicious code.

Incorrect. Logic bombs are not inherently self-replicating; this is the nature of a virus. A logic bomb is designed to activate at some pre-determined moment in time. D. D. D. D. Brute-force malicious code.

Incorrect. Logic bombs are not involved with brute-force attacks; this is the nature of login service-based attacks. Logic bombs are tailored to become active at a particular

Page 1 of 2


period. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Systems Security References: References: References: References: 1. Audio Explanation [threatstoprivilege.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following security control categories does job rotation qualify?

Select the best answer. A. Corrective

B. Detective

C. Compensating

D. Recovery


A. A. A. A. Corrective

Incorrect. A corrective control either remedies arising circumstances or restore conditions to a former known-good state following a catastrophic event. B. B. B. B. Detective

Correct. Job rotation most likely benefits directive controls over all other categories listed because it can help expose security violations. C. C. C. C. Compensating

Incorrect. These security controls provide alternatives to normal controls that are rendered inoperable or inaccessible. D. D. D. D. Recovery

Incorrect. Like corrective controls, recovery controls initiate remedy procedures or facilitate recovery from failure conditions.

Page 1 of 2



Page 2 of 2


Which of the following is NOT true about password security?

Select the best answer. A. Passwords are kept secret at all times.

B. Passwords are of a minimum sufficient length.

C. Passwords are of a minimum sufficient strength.

D. Passwords are generated of personal possessions or preferences.


A. A. A. A. Passwords are kept secret at all times.

Incorrect. Any password should be kept secret, which protects the identities of users on privileged systems. B. B. B. B. Passwords are of a minimum sufficient length.

Incorrect. All passwords should conform to certain best practice security policies, including enforcement of a minimum-length requirement. C. C. C. C. Passwords are of a minimum sufficient strength.

Incorrect. All passwords should conform to a minimum allowable strength to include letters, numbers, symbols and possibly other non-traditional characters. D. D. D. D. Passwords are generated of personal possessions or preferences.

Correct. Unfortunately, this memory-saving trick undermines security best practices by providing easily-guessed (or brute-forced) password choices.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure References: References: References: References: 1. Audio Explanation [comparisontodomain.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


A network with paths reserved for two or more parties for the duration of a session and then switched to a different set of parties for use, is called a ____ network.

Select the best answer. A. packet-switched

B. terminal server

C. circuit-switched

D. virtual private


A. A. A. A. packet-switched

Incorrect. On packet-switched networks, paths are not fixed. Instead, the message is broken into portions called "packets." Each packet can take a different route to the destination. At the destination, the packets are recompiled into the original message. B. B. B. B. terminal server

Incorrect. Terminal services provide PCs, printers, and other "terminals" with a common connection point on a LAN or WAN. Path type is not so critical, nor does it specifically define terminal services. C. C. C. C. circuit-switched

Correct. Circuit-switched networks are the only ones in which paths are reserved to particular users and not released until those users are done. D. D. D. D. virtual private

Page 1 of 2


Incorrect. A Virtual Private Network (VPN) uses an existing, public information access infrastructure (usually the Internet) to provide remote clients with secure connection to a main network. Path type is not so critical, nor does it specifically define a VPN. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following answers describes the crucial difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)?

Select the best answer. A. Only DAC disallows direct file copies.

B. Only DAC is classified as DoD "B" level security.

C. DAC is also known as the "lattice-based control" model.

D. Only MAC disallows direct file copies.


A. A. A. A. Only DAC disallows direct file copies.

Incorrect. Under DAC, a user allowed to access a file can copy a file. B. B. B. B. Only DAC is classified as DoD "B" level security.

Incorrect. Dept. of Defense (DoD) standards for system security certifies MAC, not DAC, as level B classification. C. C. C. C. DAC is also known as the "lattice-based control" model.

Incorrect. Bell-LaPadula created a security model commonly referred to as the lattice-based control model. D. D. D. D. Only MAC disallows direct file copies.

Correct. Under MAC, users with access aren't necessarily permitted to copy files. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Access Control References: References: References: References: 1. Audio Explanation [dactorulebased.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


An Acceptable Use Policy (AUP) should be considered ________ but ________.

Select the best answer. A. mandatory for contractors; advisable for employees

B. mandatory for employees; advisable for contractors

C. recommended for everyone; generally not required

D. mandatory for users; applicable to anyone


A. A. A. A. mandatory for contractors; advisable for employees

Incorrect. An AUP should be applied equally and consistently among users of protected network resources. B. B. B. B. mandatory for employees; advisable for contractors

Incorrect. Any AUP establishes acceptable baseline behaviors and expectations for users utilizing protected network resources. C. C. C. C. recommended for everyone; generally not required

Incorrect. Any AUP deserves equal and indifferent application to all users, which is required anywhere authorized access safeguards protected resources. D. D. D. D. mandatory for users; applicable to anyone

Correct. An AUP should be applied evenly and consistently to users who access protected network resources, including administrators.

Page 1 of 2



Page 2 of 2


Which of the following answer choices is NOT part of the Public Key Infrastructure (PKI)?

Select the best answer. A. Symmetric keys

B. Encryption software

C. Certificate Authority

D. Key pairs


A. A. A. A. Symmetric keys

Correct. The only incorrect element listed is symmetric keys. PKI uses asymmetric (public/private) key pairs for encryption. B. B. B. B. Encryption software

Incorrect. PKI uses a combination of software, encryption technologies and security services that enable enterprises to protect the security of communication and business transactions along with proprietary data. C. C. C. C. Certificate Authority

Incorrect. PKI uses a trusted third-party CA that establishes both credibility and validity of certificate holders, and issues those to subscribers of the digitally-signed messages that utilizes relevant encryption keys. D. D. D. D. Key pairs

Incorrect. PKI uses public and private key pairs for the decryption and encryption of

Page 1 of 2


messages, respectively. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [publictoca.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


What are the two primary types of symmetric algorithms?

Choose TWO. A. Block cipher

B. Public key

C. Stream cipher

D. Digital signature

Correct Answer: Correct Answer: Correct Answer: Correct Answer: A, C Explanations: Explanations: Explanations: Explanations:

A. A. A. A. Block cipher

Correct. Symmetric cryptography uses block ciphers that take entire chunks of data and encrypt or decrypt them as a single unit. B. B. B. B. Public key

Incorrect. Public key cryptography is one of the primary branches of asymmetric encryption. C. C. C. C. Stream cipher

Correct. Symmetric cryptography also uses stream ciphers that perform bit-by-bit encryption and decryption routines. D. D. D. D. Digital signature

Incorrect. Creating digital signatures and digitally signed documents is a secondary branch of asymmetric encryption.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [symmetrictokeymanage.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Ensuring that an individual does not possess greater access capabilities than is necessary to complete his/her job is best described by which of the following concepts?

Select the best answer. A. Due care

B. Separation of duties

C. Rotation of duties

D. Least privilege


A. A. A. A. Due care

Incorrect. Due care implies that all policies and procedures are carried out with full understanding and best practices. B. B. B. B. Separation of duties

Incorrect. Separation of duties ensures that no single user has full access to all resources. At least two users are required to complete critical, high security tasks. This concept reduces sabotage, espionage, fraud, and corruption. C. C. C. C. Rotation of duties

Incorrect. Rotation of duties ensures that tasks can be performed by several users, with similar goals to duty separation (prevention of sabotage, espionage, fraud, and corruption). D. D. D. D. Least privilege

Page 1 of 2


Correct. The concept of least privilege ensures that users have only the required level of access to complete their jobs. Due care implies that all policies and procedures are carried out with full understanding and best practices. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Organizational Security References: References: References: References: 1. Audio Explanation [besttoneed.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


A symmetric algorithm uses which of the following?

Select the best answer. A. A public/private key and (typically) a non-secret algorithm.

B. A shared secret and (typically) a secret algorithm.

C. A shared secret and (typically) a non-secret algorithm.

D. A public/private key and (typically) a secret algorithm.


A. A public/private key and (typically) a non-secret algorithm.

Incorrect. A public/private encryption key scheme is also known as an asymmetric system because the mathematical keys are different. The public key can be distributed freely (and in the case of Pretty Good Privacy (PGP), needs to be widely distributed), while a private key must be very tightly controlled. B. A shared secret and (typically) a secret algorithm.

Incorrect. Symmetric cryptography algorithms are also known as "shared secret," because the same secret key both encrypts and decrypts a document. Both the sender and receiver must share the secret, hence the term "shared secret", making such algorithms useless in the real world. C. A shared secret and (typically) a non-secret algorithm.

Correct. Symmetric cryptography algorithms are also known as "shared secret," because the same secret key both encrypts and decrypts a document. Both the sender and

Page 1 of 2


receiver must share the secret, hence the term "shared secret." Symmetric algorithms are typically non-secret so that standardized programs may be used. D. A public/private key and (typically) a secret algorithm.

Incorrect. A public/private encryption key scheme is also known as an asymmetric system because the mathematical keys are different. The public key can be distributed freely (and in the case of Pretty Good Privacy (PGP), needs to be widely distributed), while a private key must be very tightly controlled. Exam Objective: Cryptography Notes:

Page 2 of 2


Change management involves several separate processes encompassing several more separate procedures. Which aspect ensures that changes occur with minimal interruption to existing infrastructure?

Select the best answer. A. Change staging

B. Change notification

C. Change request

D. Change scheduling


A. A. A. A. Change staging

Incorrect. All change staging aids the change scheduling process and is a written plan that describes various actions taken throughout various stages of change request deployment. B. B. B. B. Change notification

Incorrect. Any change notification may be conducted be email or circulation of the actual change request itself to participating parties. C. C. C. C. Change request

Incorrect. A change request should involve some paperwork as an initial step in documenting, scheduling and processing change. D. D. D. D. Change scheduling

Page 1 of 2


Correct. Scheduling change requests ensures that no implementation or operation issues arise during peak usage hours. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Organizational Security References: References: References: References: 1. Audio Explanation [changetopii.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Firewalls can be configured in any number of ways, but which of the following choices only applies to application-level firewalls?

Select the best answer. A. Source address

B. Protocol flags

C. User ID

D. Destination port


A. A. A. A. Source address

Incorrect. A connection's source address is inspected by network-level firewalls, which are mostly concerned with lower-level network stack details. B. B. B. B. Protocol flags

Incorrect. A connection's protocol flags are inspected by low-level network firewalls, where granular firewall rules are applied. C. C. C. C. User ID

Correct. An application-level firewall proxy connections and apply firewall-like rules to network traffic. D. D. D. D. Destination port

Incorrect. The destination port specifies the designated service requested by a remote

Page 1 of 2


client, which is not a specific property of application-level firewalls. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure References: References: References: References: 1. Audio Explanation [systemtofirewall.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following authentication protocols uses TCP as its method of transport?

Select the best answer. A. IPSec

B. TLS

C. 802.11

D. TACACS+


A. A. A. A. IPSec

Incorrect. IPSec protocols operate at the network layer (Layer 3) of the OSI TCP/IP reference model. This answer is incorrect. B. B. B. B. TLS

Incorrect. The TLS cryptographic security protocol is an application layer entry in the TCP/IP reference model. This answer is incorrect. C. C. C. C. 802.11

Incorrect. The 802.11 standard is a data-link layer (Layer 2) protocol specification. Therefore, this answer is incorrect. D. D. D. D. TACACS+

Correct. TACACS+ uses TCP/IP as its means of conveyance across a network. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Network Infrastructure References: References: References: References: 1. Audio Explanation [digitaltotacacs.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


All digital certificates possess a number of associated data variables. From the list provided, select the option that is NOT included in such certificates.

Select the best answer. A. Sender's social security number.

B. Certificate version number.

C. Issuing certificate authority.

D. Certificate expiration date.


A. A. A. A. Sender's social security number.

Correct. Nowhere does a digital certificate contain personally identifiable information such as social security numbers, state ID or driver's license data, etc. B. B. B. B. Certificate version number.

Incorrect. Every digital certificate contains a version number for identification and compatibility purposes. C. C. C. C. Issuing certificate authority.

Incorrect. Each digital certificate indicates the issuing authority. D. D. D. D. Certificate expiration date.

Incorrect. All digital certificates signify a valid period of operation after which time they are to be cancelled and revoked.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [digitaltotacacs.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


A passive Network Intrusion Detection System (NIDS) will NOT perform which of the following tasks?

Select the best answer. A. Trigger monitoring system alerts.

B. Display threat detection in real-time.

C. Trigger firewall rules or blacklist activation.

D. Create an SNMP trap.


A. A. A. A. Trigger monitoring system alerts.

Incorrect. Even a passive NIDS is capable of real-time reporting for events and incidents. B. B. B. B. Display threat detection in real-time.

Incorrect. Passive NIDS can report observed threats in real-time. C. C. C. C. Trigger firewall rules or blacklist activation.

Correct. Active NIDS are best-suited for engaging other applications or actively repelling attacks when threats are detected. D. D. D. D. Create an SNMP trap.

Incorrect. This is entirely possible with a passive NIDS. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Network Infrastructure References: References: References: References: 1. Audio Explanation [toolstofirewalls.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Among the following AES finalists, which one is officially chosen as the standard algorithm?

Select the best answer. A. Twofish

B. Serpent

C. RC6

D. Rijndael


A. A. A. A. Twofish

Incorrect. Twofish is a shared-key 128-bit block cipher created by Bruce Schneier, a world-renowned cryptographer. B. B. B. B. Serpent

Incorrect. Serpent is a symmetric key 128-bit block cipher of variable key size developed at Cambridge University. C. C. C. C. RC6

Incorrect. RC6 is a shared-key 128-bit block cipher supporting variable key sizes developed by RSA. D. D. D. D. Rijndael

Correct. Rijndael is a symmetric key variable-length block cipher developed jointly by Joan

Page 1 of 2


Daemen and Vincent Rijmen and chosen by the US Government as the Advanced Encryption Standard. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [symmetrictokeymanage.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following represent IP Security (IPSec) protocols?

Choose all that apply. A. PPTP

B. L2F

C. TLS

D. ESP

E. AH

Correct Answer: Correct Answer: Correct Answer: Correct Answer: D, E Explanations: Explanations: Explanations: Explanations:

A. A. A. A. PPTP

Incorrect. Point-to-Point Tunneling Protocol (PPTP) is used primarily in older VPN technologies. B. B. B. B. L2F

Incorrect. The Layer 2 Forwarding (L2F) protocol is used primarily in older VPN technologies. C. C. C. C. TLS

Incorrect. While SSL and TLS are used for newer VPN technologies, they are not supportive of IPSec. D. D. D. D. ESP

Page 1 of 2


Correct. Encapsulating Security Payload (ESP) is one of two supported IPSec protocols. E. E. E. E. AH

Correct. Authentication Header (AH) is another supported IPSec protocol. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [ipsectossh.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


The Challenge Authentication Handshake Protocol (CHAP) typically employs which of thefollowing encryption protocols?

Select the best answer. A. RC4

B. MD5

C. AES

D. DES


A. A. A. A. RC4

Incorrect. RC4 is a symmetrical key encryption method designed to transform text and data in static files. B. B. B. B. MD5

Correct. A message digest or hash is produced to create unique signatures for data inputs, which CHAP uses for authentication. C. C. C. C. AES

Incorrect. The Advanced Encryption Standard (AES) is a symmetric block cipher used for many cryptography purposes but not used by CHAP. D. D. D. D. DES

Incorrect. The Data Encryption Standard is a retired symmetric cryptography standard

Page 1 of 2


that established a jump-off point for modern cryptographic algorithms. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [remoteaccesstochap.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Head office employees are permitted access into select portions of branch office networks from the external side of the firewall. What type of topology is this?

Select the best answer. A. DMZ

B. Intranet

C. Extranet

D. Internet


A. A. A. A. DMZ

Incorrect. A demilitarized zone (DMZ) is neutral ground that serves as a buffer between intranets and the Internet. B. B. B. B. Intranet

Incorrect. An intranet is accessible only to members within the parameters of the organizational network. C. C. C. C. Extranet

Correct. An extranet is an extension to intranets that allows users outside the private scope of the network to access private (internal) resources. D. D. D. D. Internet

Incorrect. The Internet is a publicly accessible network open to anyone at anytime from

Page 1 of 2


any place. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following is a great security concern regarding remote access service (RAS)?

Select the best answer. A. Anyone with a modem and login credentials can access the network.

B. RAS uses numerous communication protocols.

C. RAS cannot perform account lockouts for multiple failed login attempts.

D. RAS does not provide encrypted authentication protocols.


A. A. A. A. Anyone with a modem and login credentials can access the network.

Correct. RAS offers numerous security measures, but there is no protection against an authorized person possessing unauthorized credentials. B. B. B. B. RAS uses numerous communication protocols.

Incorrect. This is true of RAS, but these protocols can be disabled as necessary. This is anon-issue and therefore incorrect. C. C. C. C. RAS cannot perform account lockouts for multiple failed login attempts.

Incorrect. RAS can and should be configured to handle account lockouts according to some policy-defined threshold. D. D. D. D. RAS does not provide encrypted authentication protocols.

Incorrect. RAS provides CHAP and MS-CHAP, which are both encrypted authentication

Page 1 of 2


protocols. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [authenticationtoras.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Virtual Private Network (VPN) protocols come in several forms. Which of the following is NOT a VPN protocol?

Select the best answer. A. PPTP

B. SNMP

C. L2TP

D. IPSec

E. SSH


A. A. A. A. PPTP

Incorrect. VPNs create secure "virtual" networks across public networks by wrapping and un-wrapping network traffic. Typically, this is known as tunneling. Common VPN protocols include: PPTP, L2TP, SSH, and IPSec. B. B. B. B. SNMP

Correct. Simple Network Management Protocol (SNMP) is a network management protocol that can report anomalies in a network. This makes SNMP the correct choice. C. C. C. C. L2TP

Incorrect. Common VPN protocols include: PPTP, L2TP, SSH and IPSec. D. D. D. D. IPSec

Page 1 of 2


Incorrect. Common VPN protocols include: PPTP, L2TP, SSH and IPSec. E. E. E. E. SSH

Incorrect. Common VPN protocols include: PPTP, L2TP, SSH and IPSec. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [remoteaccesstochap.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


What is a commonly overlooked security issue regarding the storage and processing of confidential data on mobile platforms?

Select the best answer. A. Unprotected data at rest.

B. Unprotected data in motion.

C. Unsupervised data at rest.

D. Unmonitored data in motion.


A. A. A. A. Unprotected data at rest.

Correct. Identity theft is a constant threat whenever employees and contractors carry sensitive or confidential data offsite unencrypted, which is then stolen and accessible through other systems. B. B. B. B. Unprotected data in motion.

Incorrect. There are several cross-platform methods of providing protected data in motion, which generally employs standardized encryption protocols (i.e., SSL/TLS). C. C. C. C. Unsupervised data at rest.

Incorrect. When the system is powered-on, it provides supervision over how data is accessed and handled. D. D. D. D. Unmonitored data in motion.

Incorrect. Particularly with VPNs, there are methods for monitoring client access to

Page 1 of 2


protected network resources. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [comparativetosingle.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following is NOT a component of high-availability?

Select the best answer. A. RAID

B. Fail-over devices

C. UPS

D. Surge protector


A. A. A. A. RAID

Incorrect. Redundant Array of Inline Disks (RAID) are an element in a greater overall strategy to enhance uptime and availability. B. B. B. B. Fail-over devices

Incorrect. Network and server equipment that takes over in the event of primary component failure is supportive of high-availability initiatives. C. C. C. C. UPS

Incorrect. An Uninterruptible Power Supply (UPS) provides the necessary "offline" power backup that organizations needs when the power goes out. D. D. D. D. Surge protector

Correct. Though necessary and beneficial, a surge protector does not itself support high-availability best practices.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Systems Security References: References: References: References: 1. Audio Explanation [conceptstowarmsite.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


When would a cookie be a security issue?

Select the best answer. A. When the cookie stores credit information.

B. When it's a "magic cookie".

C. When it becomes deleted.

D. Cookies are never a security issue.


A. A. A. A. When the cookie stores credit information.

Correct. Cookies store data in a plain text format. Cookies can only contain information that was provided by the user to the web server. B. B. B. B. When it's a "magic cookie".

Incorrect. Magic cookies and a web server work with unique data (user's email address or a "magic number" understood by the web server). This data is matched with page requests to give the web session a "state" that can help track where the user has been on the web site. C. C. C. C. When it becomes deleted.

Incorrect. A cookie cannot reveal data when it is deleted, so deleting a cookie does not present a security issue. D. D. D. D. Cookies are never a security issue.

Incorrect. Cookies store data in a plain text format. Cookies can only contain information

Page 1 of 2


that was provided by the user to the web server. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Systems Security Notes: Notes: Notes: Notes:

Page 2 of 2


The 802.11 standard defines which of the following authentication methods?

Select the best answers. A. Open authentication

B. Password authentication

C. Shared-key authentication

D. Biometrics

Correct Answer: Correct Answer: Correct Answer: Correct Answer: A, C Explanations: Explanations: Explanations: Explanations:

A. A. A. A. Open authentication

Correct. The 802.11 standard supports two authentication methods: Open authentication, and Shared-key authentication. With open authentication, anyone can communicate with the access point. B. B. B. B. Password authentication

Incorrect. 802.11 does not define biometric and password authentication methods. C. C. C. C. Shared-key authentication

Correct. The 802.11 standard supports two authentication methods: Open authentication, and Shared-key authentication. With open authentication, anyone can communicate with the access point. D. D. D. D. Biometrics

Incorrect. 802.11 does not define biometric and password authentication methods.

Page 1 of 2



Page 2 of 2


A user is able to create new files on a given workstation and establish permissions for thenewly-created file. This is an example of what access control method?

Select the best answer. A. Mandatory

B. Role-based

C. Discretionary

D. Rule-based


A. A. A. A. Mandatory

Incorrect. Mandatory access is controlled by application and/or operating system platforms, not end-users or creators. B. B. B. B. Role-based

Incorrect. Role-based access is determined by job function and resource availability is defined accordingly. C. C. C. C. Discretionary

Correct. Discretionary access is controlled at the discretion of the file owner or originator. D. D. D. D. Rule-based

Incorrect. Rule-based access controls commonly apply mandatory access controls defined according to object or subject sensitivity levels.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [dactorulebased.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following is NOT an advantage of using Network Address Translation (NAT)?

Select the best answer. A. Maximizing utilization of a restrictive public addressing scheme.

B. Connectivity among networks where internal addressing conflicts.

C. Hiding internal routing structures from external sources.

D. Assigning addresses to publicly-accessible servers.


A. A. A. A. Maximizing utilization of a restrictive public addressing scheme.

Incorrect. NAT is capable of rewriting internal addresses as originating from a common IP source from an external perspective. B. B. B. B. Connectivity among networks where internal addressing conflicts.

Incorrect. NAT resolves routing conflicts between combined internal networks. C. C. C. C. Hiding internal routing structures from external sources.

Incorrect. NAT effectively hides large internal network spaces from direct discovery by external sources. D. D. D. D. Assigning addresses to publicly-accessible servers.

Correct. NAT is an improper choice for delivering services from internal servers to external clients.

Page 1 of 2



Page 2 of 2


In terms of change management, which portion is a written plan that details various deployment stages for platform and product roll-outs?

Select the best answer. A. Change notification

B. Change request

C. Change staging

D. Change scheduling


A. A. A. A. Change notification

Incorrect. Any change notification may be conducted be email or circulation of the actual change request itself to participating parties. B. B. B. B. Change request

Incorrect. A change request should involve some paperwork as an initial step in documenting, scheduling and processing change. C. C. C. C. Change staging

Correct. All change staging aids the change scheduling process and is a written plan that describes various actions taken throughout various stages of change request deployment. D. D. D. D. Change scheduling

Incorrect. Scheduling change requests ensures that no implementation or operation

Page 1 of 2


issues arise during peak usage hours. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Organizational Security References: References: References: References: 1. Audio Explanation [changetopii.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


A dictionary attack can be made more difficult to successfully conduct by doing which of the following?

Select the TWO best answers. A. Using passwords that combine random letters, numbers and special characters.

B. Using passwords that contain particularly long input sequences.

C. Using convenient passwords that contain proper names and nouns.

D. Using passwords that are machine-generated and user-independent.

Correct Answer: Correct Answer: Correct Answer: Correct Answer: A, D Explanations: Explanations: Explanations: Explanations:

A. A. A. A. Using passwords that combine random letters, numbers and special characters.

Correct. Password-guessing algorithms transform combinations of predictable and presumable word choices, and strong password selection is the best defense. B. B. B. B. Using passwords that contain particularly long input sequences.

Incorrect. There is a trade-off between convenience and security, with longer passwords providing no more luxury than safety in certain cases. C. C. C. C. Using convenient passwords that contain proper names and nouns.

Incorrect. Most weak password choices use associative words (e.g., personal interests, pet or relative names), dictionary words or other conveniently-recalled though terribly insecure alphanumeric patterns. D. D. D. D. Using passwords that are machine-generated and user-independent.

Correct. Strong password selections can be automatically generated for any user

Page 1 of 2


through specially-designed and designated software. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Assesments and Audits Notes: Notes: Notes: Notes:

Page 2 of 2


Attackers are classified according to the types of systems they target. What classificationlabel best fits an attacker who targets phone systems?

Select the best answer. A. Attacker

B. Phreaker

C. Hacker

D. Cracker


A. A. A. A. Attacker

Incorrect. The generically ascribed term "attacker" does not specifically describe the nature of attack, which is required for this question. B. B. B. B. Phreaker

Correct. A phone phreaker specifically targets phone systems and manipulates them criminally in the manner of a cracker. C. C. C. C. Hacker

Incorrect. Traditionally, a hacker is one who explores and expands on the concepts or parameters of technology to overcome its shortcomings or improvise on its functionality. D. D. D. D. Cracker

Incorrect. Informed security experts properly identify computer system and network

Page 1 of 2


intruders as "crackers" to connote the criminal nature of their business (i.e., safecracking). Exam Objective: Exam Objective: Exam Objective: Exam Objective: Systems Security Notes: Notes: Notes: Notes:

Page 2 of 2


You are assigned to implement a firewall that checks initializing network sessions against administrative policy. Once approved, this one-time check never occurs again to maintain high-priority upload and download performance. What type should you implement?

Select the best answer. A. Circuit level

B. Packet level

C. Application level

D. Proxy firewall


A. A. A. A. Circuit level

Correct. A circuit level firewall determines the validity of the session when the session is first created. After the session is created, checking is not performed, since the session as a whole has been termed valid and within configured limits. B. B. B. B. Packet level

Incorrect. A packet level firewall performs a check on every packet entering the firewall to validate that the specified packets have been approved for passing through the firewall, or the packets are blocked. Packet rules are configured based on IP addresses, port numbers, and other packet attributes. C. C. C. C. Application level

Incorrect. An application level firewall allows or denies access based on the application

Page 1 of 2


being used to gain access through the firewall. D. D. D. D. Proxy firewall

Incorrect. A proxy firewall may perform one-time lookups on cached items along with user authentication, but not in the described manner. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure References: References: References: References: 1. Audio Explanation [applicationstofirewalls.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which type of malicious code is introduced to a system by unsuspecting users as apparently innocent, legitimate and useful software?

Select the best answer. A. Logic bomb

B. Virus

C. Worm

D. Trojan horse

Correct Answer: D Explanations:

A. Logic bomb

Incorrect. A logic bomb is any aberrant code that relies on date or event triggers to activate its payload. It is often delivered in the manner of a virus, but does not (by definition) self-replicate. B. Virus

Incorrect. A virus is any self-replicating code that is typically designed to corrupt or destroy data outright. C. Worm

Incorrect. A worm is self-replicating code that is designed to spread across computer terminals and network nodes in a self-assisted fashion. D. Trojan horse

Correct. Computer Trojan horses, like their namesake, are the malicious payload to

Page 1 of 2


some unassuming program. Accordingly, unsuspecting users unthinkingly introduce themto their computer systems. Exam Objective: Systems Security References: 1. Audio Explanation [threatstoprivilege.mp3] Notes:

Page 2 of 2


An Access Control List (ACL) cannot protect a network from ________.

Select the best answer. A. unauthorized access

B. network intrusion

C. malicious software

D. unauthorized usage


A. A. A. A. unauthorized access

Incorrect. The purpose of an ACL is to protect access to privileged resources. B. B. B. B. network intrusion

Incorrect. To an extent, ACLs prevent basic forms of network intrusion with regard to the accessing the devices that directly use them or traffic passing through them. C. C. C. C. malicious software

Correct. Unfortunately, ACLs are completely ignorant of good or bad software and cannot protect against their usage and installation even by authorized users. D. D. D. D. unauthorized usage

Incorrect. An ACL can prohibit access to privileged resources, even unto authorized users with inadequate permissions. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Access Control References: References: References: References: 1. Audio Explanation [comparisontodomain.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following describes the term "cross-certificate model?"

Select the best answer. A. Each user creates certificates for the people they know.

B. Each user has a list of public keys for all the CAs the user trusts.

C. Each CA creates a certificate for the CA of confirmed equivalent strength, with only one root public key.

D. It restricts access based on the policy under which the certificate is issued.


A. A. A. A. Each user creates certificates for the people they know.

Incorrect. This is the Web of Trust model, the simplest security model, as used by Pretty Good Privacy (PGP). Each user creates certificates for the people they know, and there is no central authority. Trust decisions are made independently for each certificate user. B. B. B. B. Each user has a list of public keys for all the CAs the user trusts.

Incorrect. The Browser Trust-List model is also known as the CA list. Each user has a list of public keys for all the CAs the user trusts. C. C. C. C. Each CA creates a certificate for the CA of confirmed equivalent strength, with only one root public key.

Correct. Different "change of trust" models exist, which demonstrate the transitive properties of trust. In the Cross Certificate model, each CA creates certificates and has a single route to the public key, but each root key is local to the CA. D. D. D. D. It restricts access based on the policy under which the certificate is issued.

Page 1 of 2


Incorrect. The Policy Trust List Model restricts access based on the policy under which the certificate is issued. This is one of the changes made in version 3 of X.509. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography Notes: Notes: Notes: Notes:

Page 2 of 2


Which type of security topology creates an isolated LAN segment that integrates with a designated application gateway, uses only a single interface and doesn't require a subnet?

Choose all that apply. A. Screened host gateway

B. Circuit-level gateway

C. Bastion host

D. Screened subnet gateway

Correct Answer: Correct Answer: Correct Answer: Correct Answer: A, D Explanations: Explanations: Explanations: Explanations:

A. A. A. A. Screened host gateway

Correct. This packet-filtering routing device screens traffic and integrates specifically witha designated internal application gateway. B. B. B. B. Circuit-level gateway

Incorrect. Circuit-level architecture intervenes on session-oriented communications to monitor for suspicious handshaking requests or protocol exchanges. C. C. C. C. Bastion host

Incorrect. A bastion host is dual-homed (contains two network interfaces) and secures communications through selectable criteria (ports, protocols, etc.). D. D. D. D. Screened subnet gateway

Correct. Screened subnet architecture includes two screened host gateway devices that

Page 1 of 2


isolate the LAN from the Internet to create a DMZ between them. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


An Acceptable Use Policy (AUP) comprises many elements, but which of the following choices does NOT apply?

Select the best answer. A. Policy checking by legal council.

B. Policies are reasonable and narrow.

C. Policy carefully considers restrictive access.

D. Policy is written without a legal advisor.


A. A. A. A. Policy checking by legal council.

Incorrect. A lawyer can assist in the authoring and ensuring that written policy is reasonable and within the definition of law. B. B. B. B. Policies are reasonable and narrow.

Incorrect. Legal council is needed to create legally-enforceable policies, so a lawyer can help you create reasonable and narrow terms and conditions. C. C. C. C. Policy carefully considers restrictive access.

Incorrect. Any AUP should carefully consider the assets it protects and all necessary protective countermeasures. D. D. D. D. Policy is written without a legal advisor.

Correct. The only way to legally effect an AUP is with the assistance of a lawyer.

Page 1 of 2



Page 2 of 2


What are the "three A's" of computer forensics?

Select the best answer. A. Authentication, Authorization, Accounting

B. Auditing, Authorization, Accounting

C. Acquire, Analyze, Arrest

D. Acquire, Authenticate, Analyze


A. A. A. A. Authentication, Authorization, Accounting

Incorrect. These three elements represent another "triple A" of security that forms the basis for access control. B. B. B. B. Auditing, Authorization, Accounting

Incorrect. Only the last two components form a "triple A" security principle, but this one is related to access control not forensics. C. C. C. C. Acquire, Analyze, Arrest

Incorrect. Among these choices, only the first two capture principles related to computer forensics. D. D. D. D. Acquire, Authenticate, Analyze

Correct. Computer forensics requires strict and proper handling of evidence to be admissible in a court of law.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Organizational Security References: References: References: References: 1. Audio Explanation [incedenttochain.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


In terms of message digest algorithms, what does the phrase hash collision mean?

Select the best answer. A. Duplicate hash values for different documents.

B. Ascertaining the contents of a program or message from the hash value alone.

C. The process of computing the hash value.

D. There is no such thing as a collision when discussing hash algorithms.


A. A. A. A. Duplicate hash values for different documents.

Correct. Collision is the term used when a hashing algorithm does not ensure an even distribution of hash values. B. B. B. B. Ascertaining the contents of a program or message from the hash value alone.

Incorrect. It is not possible to ascertain the contents of a message or program from the hash value alone. C. C. C. C. The process of computing the hash value.

Incorrect. Computing the hash value is a process called hashing. D. D. D. D. There is no such thing as a collision when discussing hash algorithms.

Incorrect. Collision is the term used when a hashing algorithm does not ensure an even distribution of hash values. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Cryptography Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following is the correct terminology used to describe a network that allows a third party (usually a business partner) to have controlled access to a corporate network?

Select the best answer. A. Intranet

B. Internet

C. Gateway

D. Extranet


A. A. A. A. Intranet

Incorrect. An intranet is usually an environment that utilizes similar technologies to that used for the Internet; however, the difference is that an Intranet hosts private corporate information (may even be confidential) and is only accessible by corporate employees. B. B. B. B. Internet

Incorrect. An intranet is usually an environment that utilizes similar technologies to that used for the Internet; however, the difference is that an Intranet hosts private corporate information (may even be confidential) and is only accessible by corporate employees. C. C. C. C. Gateway

Incorrect. A gateway is not a network, but a host (usually a router) that connects two or more networks together. D. D. D. D. Extranet

Page 1 of 2


Correct. An extranet is a network that usually provides secure connectivity over leased lines or a VPN to allow a business partner or other trusted third party controlled access to a corporate network. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure References: References: References: References: 1. Audio Explanation [legislativetopassword.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Your company implements smartcard authentication for enhanced security alongside traditional usernames and passwords. What type of authentication is being used?

Select the best answer. A. Mutual authentication

B. Multi-factor authentication

C. Biometric authentication

D. Cryptographic authentication


A. A. A. A. Mutual authentication

Incorrect. Mutual authentication occurs when both parties must verify their identity before communicating. B. B. B. B. Multi-factor authentication

Correct. Multi-factor authentication relies on another process other than, or in addition to, the traditional usernames and passwords. C. C. C. C. Biometric authentication

Incorrect. Biometric security relies on a physical user attributes for authentication. D. D. D. D. Cryptographic authentication

Incorrect. Cryptographic security employs encryption for authentication purposes, but makes no direct specification as to what users use to authenticate.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [summaryofauthenticationmethods.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


A fire suppression plan should perform what action when a fire is detected?

Select the best answer. A. Automatically backup data.

B. Monitor the environment for smoke contamination.

C. Orderly shutdown of active servers.

D. Monitor the environment for excessive heat.


A. Automatically backup data.

Incorrect. By the time a building has caught fire, it's too late to consider backing up mission-critical data. B. Monitor the environment for smoke contamination.

Incorrect. Most systems monitor for smoke emission and other signifying elements of fire but this action isn't planned in response to such an outbreak. C. Orderly shutdown of active servers.

Correct. Fire damage is usually minimal and generally recoverable for data servers, provided that files are saved and servers shutdown. D. Monitor the environment for excessive heat.

Incorrect. As part of an ongoing protection plan, fire suppression systems monitor for environmental heat and other events that signify a fire.

Page 1 of 2


Exam Objective: Organizational Security Notes:

Page 2 of 2


Which of the following is the most important element in offsite archival storage?

Select the best answer. A. Scheduled backups

B. Validated backups

C. Differential backups

D. Incremental backups


A. A. A. A. Scheduled backups

Incorrect. Backup processes are usually automated as part of some greater maintenance and management process. B. B. B. B. Validated backups

Correct. Ensuring that data is accurate and correct is the most vital aspect of creating offsite backups. C. C. C. C. Differential backups

Incorrect. Using a differential backup format bears little importance in the scheme of offsite backup archives. D. D. D. D. Incremental backups

Incorrect. Using incremental backups is of little importance for offsite backups. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Organizational Security Notes: Notes: Notes: Notes:

Page 2 of 2


Security experts often label an attacker according to the types of attacks they perform or systems they penetrate. What is the associative label for a non-malicious individual who might violate security rules or bypass restrictions?

Select the best answer. A. Cracker

B. Phreaker

C. Hacker

D. Attacker


A. A. A. A. Cracker

Incorrect. Informed security experts properly identify computer system and network intruders as "crackers" to connote the criminal nature of their business (i.e., safecracking). B. B. B. B. Phreaker

Incorrect. A phone phreaker specifically targets phone systems and manipulates them criminally in the manner of a cracker. C. C. C. C. Hacker

Correct. Traditionally, a hacker is one who explores and expands on the concepts or parameters of technology to overcome its shortcomings or improvise on its functionality. D. D. D. D. Attacker

Page 1 of 2


Incorrect. The generically ascribed term "attacker" does not specifically describe the nature of attack, which is required for this question. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Systems Security Notes: Notes: Notes: Notes:

Page 2 of 2


What is the definition of blind FTP?

Select the best answer. A. A user cannot download from the FTP site.

B. A user cannot upload to the FTP site.

C. A user cannot see the names of files in an FTP site.

D. All choices are correct.


A. A. A. A. A user cannot download from the FTP site.

Incorrect. They can only download a file if they know the name. If they upload a file, the name will not appear in the directory. B. B. B. B. A user cannot upload to the FTP site.

Incorrect. Since a user can upload and download (assuming they know what they are looking for or sending) choices involving 'cannot upload or download' are wrong. C. C. C. C. A user cannot see the names of files in an FTP site.

Correct. Blind FTP means that users cannot filenames in the site's directories. They can only download a file if they know the name. If they upload a file, the name will not appear in the directory. D. D. D. D. All choices are correct.

Incorrect. In blind FTP setups, users may still upload and download files provided they

Page 1 of 2


know what to look for. This means only one answer choice is correct. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


Organizational security policy is designed and delivered in a variety of different ways. What sort of policy does federal law influence?

Select the best answer. A. Informative

B. Administrative

C. Regulatory

D. Advisory


A. A. A. A. Informative

Incorrect. All policies are informative to some extent on some subject, so this is an incorrect choice for federally-regulated policy. B. B. B. B. Administrative

Incorrect. All policies are administratively defined and enforced, so this is an incorrect choice for federally-regulated policy. C. C. C. C. Regulatory

Correct. Federal law effects and enforces regulated policies within organizations, such as HIPAA and SOX. D. D. D. D. Advisory

Incorrect. To some extent, all policies advise on specific or general subject matter.

Page 1 of 2



Page 2 of 2


The popular RSA asymmetric cryptography implementation is based on which of the following algorithms?

Select the best answer. A. El Gamal

B. Digital Signature Algorithm

C. Diffie-Hellman

D. Data Encryption Standard


A. A. A. A. El Gamal

Incorrect. El Gamal encryption is an asymmetric key algorithm for public-key cryptography that?like RSA?is itself based on another fundamental implementation. There is no direct connection between El Gamal and RSA. B. B. B. B. Digital Signature Algorithm

Incorrect. The Digital Signature Algorithm (DSA) is a two phase key generation algorithm used for the secure signing of electronic messages. There is no direct connection between DSA and RSA. C. C. C. C. Diffie-Hellman

Correct. The Diffie-Hellman shared secret key exchange is an exemplary cryptographic protocol upon which other algorithms (e.g., El Gamal, RSA) are based. D. D. D. D. Data Encryption Standard

Page 1 of 2


Incorrect. The Data Encryption Standard (DES) is a deprecated cipher block algorithm bywhich all subsequent symmetric key algorithms are compared, but has no direct connection to RSA. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [encryptiontorsa.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


What is an application of cryptography?

Select the best answer. A. Secure communication.

B. Email transfers.

C. FTP transfers.

D. User identification.


A. A. A. A. Secure communication.

Correct. Secure communication is the ability to communicate between endpoints without exposing any confidential data to unintended parties. Cryptography is the use of encryption to allow for secure communications to occur. B. B. B. B. Email transfers.

Incorrect. Email transfers are by and large cleartext transmissions that require additional cryptographic software components to provide security. C. C. C. C. FTP transfers.

Incorrect. FTP transfers, in their native form, provide no cryptographic capability, hence the development of Secure FTP (SFTP). D. D. D. D. User identification.

Incorrect. User identification, in most scenarios, generally does not use cryptographic

Page 1 of 2


protocols. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [generaltohashing.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


The first step in creating a digital signature for a message is by computing the hash value of the message with which of the following choices?

Select the best answer. A. MD5

B. 3DES

C. AES

D. IDEA


A. A. A. A. MD5

Correct. MD5 is an algorithm that calculates message digests by computing input data. B. B. B. B. 3DES

Incorrect. Triple Data Encryption Standard (3DES) is a symmetric key block cipher derived from DES. C. C. C. C. AES

Incorrect. Advanced Encryption Standard (AES) is a symmetric key block cipher superior to DES and alternate to RSA. D. D. D. D. IDEA

Incorrect. International Data Encryption Algorithm (IDEA) is a symmetric key block cipher standard.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [generaltohashing.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


What security hardware device connects to a motherboard to validate identities and operating parameters of devices used in trusted computing environments?

Select the best answer. A. TLS

B. USB

C. TPM

D. BIOS


A. A. A. A. TLS

Incorrect. Transport Layer Security (TLS) is a descendent of earlier cryptographic transmission protocols, but is not hardware-integrated in most cases. B. B. B. B. USB

Incorrect. While the Universal Serial Bus (USB) facilitates all kinds of pluggable security accessories, no removable media device is entrusted with this delicate task. C. C. C. C. TPM

Correct. The Trusted Platform Module (TPM) isolates security data from all other components on a computing platform and generates hardware-specific details about the hardware it occupies. D. D. D. D. BIOS

Incorrect. The Basic Input/Output System (BIOS) kickstarts the computer into operation

Page 1 of 2


before handling by the operating system, and cannot reliably perform this task. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [comparativetosingle.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


What type of wireless attack makes unauthorized access to Bluetooth devices?

Select the best answer. A. Blue snarfing

B. Blue jacking

C. Blue bugging

D. Blue screening


A. A. A. A. Blue snarfing

Correct. A blue snarfing attack involves covert access for the purpose of siphoning data?addresses, calendars, contacts, personal information, etc. B. B. B. B. Blue jacking

Incorrect. A blue jacking attack requires near proximity and a discoverable Bluetooth receiver to issue unsolicited messages to an unsuspecting recipient. C. C. C. C. Blue bugging

Incorrect. A blue bugging attack requires the hacking into and subsequent control over a Bluetooth device without notification to the user. D. D. D. D. Blue screening

Incorrect. To "blue screen" means a dated Windows platform (e.g., Windows XP, Windows 2000) has encountered an unrecoverable error condition.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure References: References: References: References: 1. Audio Explanation [vulnerabilitiestobluejacking.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


What is the maximum data transmission rate for Gigabit Ethernet (GbE)?

Select the best answer. A. 10 TB/s

B. 100 Mbit/s

C. 1000 Mbit/s

D. 1000 Gbit/s


A. A. A. A. 10 TB/s

Incorrect. For better or worse, GbE equipment is incapable of reaching 10 Terabyte per second speed ratings. B. B. B. B. 100 Mbit/s

Incorrect. Fast Ethernet has a maximum rated line speed of 100 Mbit/s. C. C. C. C. 1000 Mbit/s

Correct. GbE equipment has a maximum rated wire speed of 1000 Mbit/s. D. D. D. D. 1000 Gbit/s

Incorrect. A one-thousand gigabit per second connection is equivalent to 1 Tbit/s transferspeeds, which is not within the capacity of GbE. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


A ________ allows verification that a specific public key actually belongs to a specific individual.

Select the best answer. A. Handshake

B. Authentication code

C. Password

D. Certificate


A. A. A. A. Handshake

Incorrect. A Handshake is an electronic acknowledgement that does not actually verify the user. B. B. B. B. Authentication code

Incorrect. An Authentication code does not verify a specific individual's right to a particular public key (though you should compare this to "authorization"). C. C. C. C. Password

Incorrect. There is no password authentication used in the verification of public keys. D. D. D. D. Certificate

Correct. Certificates are digital documents that are issued by Certificate Authorities to allow verification that a specific public key actually does belong to a specific individual.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [summaryofauthenticationmethods.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


You suspect that a user may be attempting to access a resource for which they are not authorized. Which of the following may be useful in confirming your suspicions?

Select the best answer. A. Question the user.

B. Investigate security logs.

C. Monitor network traffic.

D. Verify configured permissions.


A. A. A. A. Question the user.

Incorrect. If a user knowingly attempts to access a resource for which they are unauthorized, they are unlikely to admit it. B. B. B. B. Investigate security logs.

Correct. Where auditing is enabled, security logs should contain unauthorized login and access attempts. C. C. C. C. Monitor network traffic.

Incorrect. Protocol analyzers or sniffers observe network traffic but do not provide detailed login and access trails. D. D. D. D. Verify configured permissions.

Incorrect. Verifying the permissions configured on resources is a good security practice,

Page 1 of 2


but it will not tell you if someone has gained unauthorized access. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Assesments and Audits Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following occupational roles is most susceptible to attack on a casual basis?

Select the best answer. A. Helpdesk support

B. Research analyst

C. Security officer

D. Maintenance engineer


A. A. A. A. Helpdesk support

Correct. Social engineering is a security issue that cannot be directly addressed through technological means, and targets apparently vulnerable personnel. Helpdesk interacts with countless end-users and can likely be fooled by any of them. B. B. B. B. Research analyst

Incorrect. This position might be susceptible to espionage or eavesdropping, but is not a likely target for attack. C. C. C. C. Security officer

Incorrect. An aspect of being a security officer is to prevent and possibly restrain an attacker, which is less likely to happen on a casual basis. D. D. D. D. Maintenance engineer

Incorrect. While susceptible like any other group, maintenance engineers spend the least

Page 1 of 2


contact with end-users and are least likely targets of attack. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Organizational Security References: References: References: References: 1. Audio Explanation [trickerytophishing.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


A network that exceeds the constraints of a LAN, and yet does not reach the definition ofa WAN, may be called a ________.

Select the best answer. A. An intranet

B. MAN

C. Extranet

D. VLAN


A. A. A. A. An intranet

Incorrect. An intranet is a network available to certain users from within an organization, such as a company network available only to internal users. An intranet is not what you get when your LAN has grown beyond LAN but has not approached WAN proportions. B. B. B. B. MAN

Correct. Metropolitan or Municipal Area Network (MAN) typically exceeds a LAN's limitations (generally deemed to be contained within a single building), yet they do not actually become a Wide Area Network (WAN). Quite commonly, a MAN is limited to a single city or campus. C. C. C. C. Extranet

Incorrect. An extranet is a private network that has a portion set aside for limited public access. An extranet is not what you get when your LAN has grown beyond LAN but has

Page 1 of 2


not approached WAN proportions. D. D. D. D. VLAN

Incorrect. A virtual LAN (VLAN) logically segregates separate local network segments to behave as physically separate segments. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure Notes: Notes: Notes: Notes:

Page 2 of 2


You position an intermediate network appliance to act as a liaison between the Internet and internal clients. All outgoing requests are rewritten to appear as though sourced from a single address. What device does this?

Select the best answer. A. Firewall

B. Proxy server

C. Access point

D. Web server


A. A. A. A. Firewall

Incorrect. A firewall places rule-based restrictions to selectively permit or prohibit types of traffic. B. B. B. B. Proxy server

Correct. A proxy server plays middleman to internal clients and external servers while protecting the private infrastructure from public view. C. C. C. C. Access point

Incorrect. An access point does not rewrite internal addresses to appear as though all clients originate from a common source. D. D. D. D. Web server

Incorrect. A Web server is utilized as an endpoint unto itself, not as a waypoint through

Page 1 of 2


which internal clients commonly access external resources. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Network Infrastructure References: References: References: References: 1. Audio Explanation [toolstofirewalls.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


What should you carefully consider when archiving data to tape backups?

Select the best answer. A. Compatibility with secure erase utilities.

B. Lifespan of accessible storage data.

C. Interoperability with cryptographic applications.

D. Maintaining onsite storage for easy accessibility.


A. A. A. A. Compatibility with secure erase utilities.

Incorrect. Since tape is unconcerned with data formatting and processing (only storage), there's no reason to seek compatibility with erasure programs. B. B. B. B. Lifespan of accessible storage data.

Correct. Tape, being a magnetic storage medium, is prone to magnetic interference, eventual weakening and dust-born dysfunction. C. C. C. C. Interoperability with cryptographic applications.

Incorrect. Tape storage isn't concerned with actual data format so much as storing it in archival tape format. D. D. D. D. Maintaining onsite storage for easy accessibility.

Incorrect. Where applicable, tape archives are preferably stored offsite to avoid natural and man-made incidents from destroying or disturbing them.

Page 1 of 2



Page 2 of 2


You want to build an encrypted tunnel within an existing network currently utilizing Point-to-Point Tunneling Protocol (PPTP). PPTP is known to be faulty and inherently insecure. What two protocols do you recommend instead?

Select the best answers. A. L2TP

B. IPSec

C. MS-CHAP

D. CHAP


A. A. A. A. L2TP

Correct. Layer 2 Tunneling Protocol (L2TP) is one of two standards-based replacements for PPTP. B. B. B. B. IPSec

Correct. IP Security (IPSec) is one of two standards-based replacements for PPTP. C. C. C. C. MS-CHAP

Incorrect. Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) exists in two versions, both of which implement PPTP. D. D. D. D. CHAP

Incorrect. Challenge-Handshake Authentication Protocol (CHAP) is a demonstrably weak

Page 1 of 2


authentication method for Point-to-Point Protocol (PPP) networks. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [pptptohttp.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Syslog is found natively on which operating system platforms?

Select the TWO best answers. A. Linux

B. Windows Vista

C. UNIX

D. Windows Server 2008

Correct Answer: A, C Explanations:

A. Linux

Correct. Syslog is native to Linux and UNIX platforms (including derivatives and offshoots). B. Windows Vista

Incorrect. Windows platforms utilize several different logging facilities (events, errors, etc.) but none of them natively contain syslog. C. UNIX

Correct. Syslog is native to Linux and UNIX platforms (including derivatives and offshoots). D. Windows Server 2008

Incorrect. Windows platforms utilize several different logging facilities (events, errors, etc.) but none of them natively contain syslog.

Page 1 of 2


Exam Objective: Assesments and Audits Notes:

Page 2 of 2


Symmetric algorithms may use a shared secret key, but which of the following answer choices actually utilizes a private key?

Select the best answer. A. 3DES

B. RSA

C. IDEA

D. AES


A. A. A. A. 3DES

Incorrect. Data Encryption Standard (DES) is the benchmark against which all other symmetric key algorithms are compared. 3DES cycles DES three times to enlarge the originally small (56-bit) keyspace, retaining its symmetric nature. B. B. B. B. RSA

Correct. Authors Rivest-Shamir-Adleman (RSA) originated this public-key cryptography standard as the first known suitable for digital signing and data encryption. It marks the first great advance in public-key cryptography. C. C. C. C. IDEA

Incorrect. International Data Encryption Standard (IDEA) is a block cipher algorithm and is grouped among the top symmetric key cryptography standards. D. D. D. D. AES

Page 1 of 2


Incorrect. Advanced Encryption Standard (AES) or Rijndael is a standardized block cipher and remains among the more popular symmetric key cryptography algorithms. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [encryptiontorsa.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following is NOT an element found within a digital certificate?

Select the best answer. A. Subscriber's private key.

B. X.509 Version

C. Unique serial number of the particular certificate.

D. Period of validity


A. A. A. A. Subscriber's private key.

Correct. Certificates use asymmetrical encryption. The creator's private key must remain secret. Digital certificates must include: an expiration date, the unique serial number of a certificate, and because there are different versions of X.509, the version number. B. B. B. B. X.509 Version

Incorrect. Digital certificates must include: an expiration date, the unique serial number of a certificate, and because there are different versions of X.509, the version number. C. C. C. C. Unique serial number of the particular certificate.

Incorrect. Digital certificates must include: an expiration date, the unique serial number of a certificate, and because there are different versions of X.509, the version number. D. D. D. D. Period of validity

Incorrect. Digital certificates must include: an expiration date, the unique serial number of

Page 1 of 2


a certificate, and because there are different versions of X.509, the version number. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography References: References: References: References: 1. Audio Explanation [publictoca.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Confidentiality enforced through asymmetric encryption requires that you obtain a recipient's ________ key to encrypt the message, which is then decrypted using the recipient's ________ key.

Select the best answer. A. private, public

B. public, private

C. shared secret, shared secret

D. session key, session key


A. A. A. A. private, public

Incorrect. Asymmetric encryption requires first the recipient's public key and then the private key, in that order. B. B. B. B. public, private

Correct. Asymmetric encryption requires first the recipient's public key and then the private key, in that order. C. C. C. C. shared secret, shared secret

Incorrect. Shared secret keys are used in the Diffie-Hellman key agreement protocol. D. D. D. D. session key, session key

Incorrect. Session keys are randomly generated to be used one time only. They are used

Page 1 of 2


in symmetric encryption and decryption. They are not used in asymmetric encryption. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following techniques is considered a commercial application of steganography?

Select the best answer. A. XOR encryption

B. Hash summation

C. Checksum calculation

D. Digital watermarking


A. A. A. A. XOR encryption

Incorrect. Using XOR instructions on data is a primitive and fairly useless method of encoding data, as it does not actually require encryption routines. B. B. B. B. Hash summation

Incorrect. Calculating hashes is a commercial and non-commercial solution to verifying digital signatures to verify data integrity. C. C. C. C. Checksum calculation

Incorrect. Checksum calculation is a precursor to modern hash calculation techniques, which are comparatively much stronger. D. D. D. D. Digital watermarking

Correct. A digital watermark is a "plain sight" information hiding strategy used to verify

Page 1 of 2


the original author or designer of a digital work. Exam Objective: Exam Objective: Exam Objective: Exam Objective: Cryptography Notes: Notes: Notes: Notes:

Page 2 of 2


S/MIME uses which of the following for sender authentication and message privacy in email communications?

Select the best answer. A. PGP

B. MD5

C. X.509V3

D. RC4


A. PGP

Incorrect. Pretty Good Privacy (PGP) is similar to X.509V3 in that both use public/private keys; however, PGP has no centralized server. B. MD5

Incorrect. MD5 creates a 128-bit or 160-bit (SHA-1) algorithm to confirm a message has not been modified. It cannot confirm sender authentication. C. X.509V3

Correct. Secure/MIME uses X.509V3, otherwise known as digital certificates, for sender authentication and message privacy in email communications. D. RC4

Incorrect. RC4 is a symmetrical encryption algorithm.

Page 1 of 2


Exam Objective: Cryptography Notes:

Page 2 of 2


An Access Control List (ACL) cannot protect a network from ________.

Select the best answer. A. unauthorized access

B. network intrusion

C. malicious software

D. unauthorized usage


A. A. A. A. unauthorized access

Incorrect. The purpose of an ACL is to protect access to privileged resources. B. B. B. B. network intrusion

Incorrect. To an extent, ACLs prevent basic forms of network intrusion with regard to the accessing the devices that directly use them or traffic passing through them. C. C. C. C. malicious software

Correct. Unfortunately, ACLs are completely ignorant of good or bad software and cannot protect against their usage and installation even by authorized users. D. D. D. D. unauthorized usage

Incorrect. An ACL can prohibit access to privileged resources, even unto authorized users with inadequate permissions. Exam Objective: Exam Objective: Exam Objective: Exam Objective:

Page 1 of 2


Access Control References: References: References: References: 1. Audio Explanation [comparisontodomain.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following choices explains an important aspect to remember when using a Virtual Private Network (VPN)?

Select the best answer. A. IPSec must be used.

B. NIDS must be used.

C. Compatible OSs must be used.

D. Connectivity is dictated by the Internet.

Correct Answer: D Explanations:

A. IPSec must be used.

Incorrect. IPSec is optional, not required; others include PPTP and L2TP. B. NIDS must be used.

Incorrect. Network Intrusion Detection Systems are optional for VPN setups. C. Compatible OSs must be used.

Incorrect. A VPN solution should operate seamlessly across diverse operating systems whenever applicable. D. Connectivity is dictated by the Internet.

Correct. VPNs typically utilizes publicly-shared network media to establish connectivity. Exam Objective:

Page 1 of 2


Access Control References: 1. Audio Explanation [remoteaccesstochap.mp3] Notes:

Page 2 of 2


Kerberos uses ________ encryption and produces ________ session key(s).

Select the best answer. A. asymmetric, two

B. symmetric, two

C. asymmetric, one

D. symmetric, one


A. A. A. A. asymmetric, two

Incorrect. Authenticated users connect to the ticket-granting services of an authentication server (AS). B. B. B. B. symmetric, two

Correct. Authenticated users are granted a ticket generated by a symmetric encryption algorithm that creates separate session keys. C. C. C. C. asymmetric, one

Incorrect. With Kerberos, users are granted a dual-session key ticket based on symmetric encryption algorithms. D. D. D. D. symmetric, one

Incorrect. Under Kerberos, both the end-user connection and the authentication server (AS) are bound to a two-part session key.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [remoteaccesstochap.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2


Which of the following is NOT true about tokens?

Select the best answer. A. Tokens are considerably more secure than passwords.

B. Tokens are both asynchronous and synchronous in nature.

C. Tokens are a form of single sign-on.

D. Tokens provide a one-time password.


A. A. A. A. Tokens are considerably more secure than passwords.

Incorrect. Since tokens utilize randomly generated one-time passphrases, they are absolutely stronger than reusable password choices. B. B. B. B. Tokens are both asynchronous and synchronous in nature.

Incorrect. Asynchronous tokens are automatically-generated one-time passphrases that expire; synchronous tokens are entered within a valid timeframe. C. C. C. C. Tokens are a form of single sign-on.

Correct. A token system does not support SSO authentication, which directly conflicts with one-time password requirements. D. D. D. D. Tokens provide a one-time password.

Incorrect. In addition, it's also automatically generated to avoid weak user-based choices and can be time-limited to expire after some designated period.

Page 1 of 2


Exam Objective: Exam Objective: Exam Objective: Exam Objective: Access Control References: References: References: References: 1. Audio Explanation [lockstosurveillance.mp3] Notes: Notes: Notes: Notes:

Page 2 of 2

Combined Questions

Documents

Transcript of Combined Questions