EMT Practice Test

1. Question Content...


Question List

Question1: A company wants to ensure that all aspects if data are protected when sending to other sites within the
enterprise. Which of the following would ensure some type of encryption is performed while data is in
transit?

Question2: An internal audit has detected that a number of archived tapes are missing from secured storage. There
was no recent need for restoration of data from the missing tapes. The location is monitored by access
control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three
months. The access control system shows numerous valid entries into the storage location during that
time. The last audit was six months ago and the tapes were accounted for at that time. Which of the
following could have aided the investigation?

Question3: Joe, a company's network engineer, is concerned that protocols operating at the application layer of the
OSI model are vulnerable to exploitation on the network. Which of the following protocols should he
secure?

Question4: The Chief Information Officer (CIO) receives an anonymous threatening message that says "beware of the
1st of the year". The CIO suspects the message may be from a former disgruntled employee planning an
attack.
Which of the following should the CIO be concerned with?

Question5: A security administrator wants to check user password complexity. Which of the following is the
BEST tool to use?

Question6: An IT security technician is actively involved in identifying coding issues for her company.
Which of the following is an application security technique that can be used to identify unknown
weaknesses within the code?

Question7: A user reports being unable to access a file on a network share. The security administrator determines that
the file is marked as confidential and that the user does not have the appropriate access level for that file.
Which of the following is being implemented?

Question8: Certificates are used for: (Choose two.)

Question9: A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating
files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique?

Question10: A network inventory discovery application requires non-privileged access to all hosts on a network for
inventory of installed applications. A service account is created by the network inventory discovery
application for accessing all hosts. Which of the following is the MOST efficient method for granting the
account non-privileged access to the hosts?

Question11: An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the
message. Which of the following aspects of PKI BEST ensures the identity of the sender?

Question12: A quality assurance analyst is reviewing a new software product for security, and has complete access to
the code and data structures used by the developers.
Which of the following types of testing is this an example of?

Question13: Which of the following is built into the hardware of most laptops but is not setup for centralized
management by default?

Question14: Data execution prevention is a feature in most operating systems intended to protect against which type of
attack?

Question15: A malicious individual used an unattended customer service kiosk in a busy store to change the prices of
several products. The alteration was not noticed until several days later and resulted in the loss of several
thousand dollars for the store. Which of the following would BEST prevent this from occurring again?

Question16: A network administrator is configuring access control for the sales department which has high employee
turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales
department?

Question17: The act of magnetically erasing all of the data on a disk is known as:

Question18: A program has been discovered that infects a critical Windows system executable and stays dormant in
memory. When a Windows mobile phone is connected to the host, the program infects the phone's boot
loader and continues to target additional Windows PCs or phones. Which of the following malware
categories BEST describes this program?

Question19: Which of the following types of cryptography should be used when minimal overhead is necessary for a
mobile device?

Question20: A computer is suspected of being compromised by malware. The security analyst examines the computer
and finds that a service called Telnet is running and connecting to an external website over port 443. This
Telnet service was found by comparing the system's services to the list of standard services on the
company's system image. This review process depends on:

Question21: In an environment where availability is critical such as Industrial control and SCADA networks, which of the
following technologies in the MOST critical layer of defense for such systems?

Question22: In order to enter a high-security datacenter, users are required to speak the password into a voice
recognition system. Ann a member if the sales department over hears the password and upon speaks it
into the system. The system denies her entry and alerts the security team. Which of the following is the
MOST likely reason for her failure to enter the data center?

Question23: Which of the following can be performed when an element of the company policy cannot be enforced by
technical means?

Question24: When Ann an employee returns to work and logs into her workstation she notices that, several desktop
configuration settings have changed. Upon a review of the CCTV logs, it is determined that someone
logged into Ann's workstation. Which of the following could have prevented this from happening?

Question25: An administrator is building a development environment and requests that three virtual servers are cloned
and placed in a new virtual network isolated from the production network. Which of the following describes
the environment the administrator is building?

Question26: A company needs to provide web-based access to shared data sets to mobile users, while maintaining a
standardized set of security controls. Which of the following technologies is the MOST appropriate
storage?

Question27: The system administrator notices that many employees are using passwords that can be easily guessed or
are susceptible to brute force attacks.
Which of the following would BEST mitigate this risk?

Question28: Which of the following common access control models is commonly used on systems to ensure a "need to
know" based on classification levels?

Question29: Which of the following attacks impact the availability of a system? (Choose two.)

Question30: An internal auditing team would like to strengthen the password policy to support special characters.
Which of the following types of password controls would achieve this goal?

Question31: Two programmers write a new secure application for the human resources department to store personal
identifiable information. The programmers make the application available to themselves using an
uncommon port along with an ID and password only they know.
Which of the following is this an example of?

Question32: Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of
preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described
as the following:

Question33: Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all
computers that do credit card transactions. Which of the following should Pete implement to BEST achieve
this goal?

Question34: Which of the following would MOST likely involve GPS?

Question35: Joe, a user, reports to the system administrator that he is receiving an error stating his certificate has been
revoked. Which of the following is the name of the database repository for these certificates?

Question36: Attempting to inject 50 alphanumeric key strokes including spaces into an application input field that only
expects four alpha characters in considered which of the following attacks?

Question37: A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a
username and password to logon to a server.
Which of the following is these examples of?

Question38: Users have been reporting that their wireless access point is not functioning. They state that it allows slow
connections to the internet, but does not provide access to the internal network. The user provides the
SSID and the technician logs into the company's access point and finds no issues. Which of the following
should the technician do?

Question39: A company hires outside security experts to evaluate the security status of the corporate network. All of the
company's IT resources are outdated and prone to crashing. The company requests that all testing be
performed in a way which minimizes the risk of system failures. Which of the following types of testing
does the company want performed?

Question40: An administrator needs to renew a certificate for a web server. Which of the following should be submitted
to a CA?

Question41: Which of the following is characterized by an attacker attempting to map out an organization's staff
hierarchy in order to send targeted emails?

Question42: A system administrator has noticed that users change their password many times to cycle back to the
original password when their passwords expire. Which of the following would BEST prevent this behavior?

Question43: Employee badges are encoded with a private encryption key and specific personal information.
The encoding is then used to provide access to the network. Which of the following describes this access
control type?

Question44: Which of the following algorithms has well documented collisions? (Choose two.)

Question45: Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has
been tasked to identify the issue and report any findings. Which of the following is the FIRST step of action
recommended in this scenario?

Question46: Which of the following presents the STRONGEST access control?

Question47: A way to assure data at-rest is secure even in the event of loss or theft is to use:

Question48: Which of the following attacks involves the use of previously captured network traffic?

Question49: Full disk encryption is MOST effective against the following threats:

Question50: A security administrator must implement a wireless encryption system to secure mobile devices'
communication. Some users have mobile devices which only support 56-bit encryption. Which of the
following wireless encryption methods should be implemented?

Question51: Which of the following would be used as a secure substitute for Telnet?

Question52: Which of the following application attacks is used to gain access to SEH?

Question53: Timestamps and sequence numbers act as countermeasures against which of the following types of
attacks?

Question54: Joe, the system administrator, is setting up a wireless network for his team's laptops only and needs to
prevent other employees from accessing it. Which of the following would BEST address this?

Question55: After working on his doctoral dissertation for two years, Joe, a user, is unable to open his dissertation file.
The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor,
and can only be recovered by upgrading the antivirus software from the free version to the commercial
version. Which of the following types of malware is the laptop MOST likely infected with?

Question56: A CRL is comprised of.

Question57: A user was reissued a smart card after the previous smart card had expired. The user is able to log into the
domain but is now unable to send digitally signed or encrypted email. Which of the following would the user
need to perform?

Question58: Which of the following is a measure of biometrics performance which rates the ability of a system to
correctly authenticate an authorized user?

Question59: Which of the following types of encryption will help in protecting files on a PED?

Question60: Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?

Question61: A security administrator needs a locally stored record to remove the certificates of a terminated employee.
Which of the following describes a service that could meet these requirements?

Question62: A security administrator wants to perform routine tests on the network during working hours when certain
applications are being accessed by the most people. Which of the following would allow the security
administrator to test the lack of security controls for those applications with the least impact to the system?

Question63: Full disk encryption is MOST effective against the following threats:

Question64: Which of the following is a common coding error in which boundary checking is not performed?

Question65: A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created
for a frequently used application. She notifies the software vendor and asks them for remediation steps,
but is alarmed to find that no patches are available to mitigate this vulnerability.
Which of the following BEST describes this exploit?

Question66: A set of standardized system images with a pre-defined set of applications is used to build end-user
workstations. The security administrator has scanned every workstation to create a current inventory of all
applications that are installed on active workstations and is documenting which applications are out-of-date
and could be exploited. The security administrator is determining the:

Question67: Which of the following is the best practice for error and exception handling?

Question68: A user attempts to install a new and relatively unknown software program recommended by a colleague.
The user is unable to install the program, dispute having successfully installed other programs previously.
Which of the following is MOST likely the cause for the user's inability to complete the installation?

Question69: Which of the following authentication services combines authentication and authorization in a use profile
and use UDP?

Question70: Jane, a security administrator, has been tasked with explaining authentication services to the company's
management team. The company runs an active directory infrastructure. Which of the following solutions
BEST relates to the host authentication protocol within the company's environment?

Question71: Which of the following was based on a previous X.500 specification and allows either unencrypted
authentication or encrypted authentication through the use of TLS?

Question72: To ensure compatibility with their flagship product, the security engineer is tasked to recommend an
encryption cipher that will be compatible with the majority of third party software and hardware vendors.
Which of the following should be recommended?

Question73: One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is
physically stolen is to implement the following:

Question74: Which of the following is the MOST likely cause of users being unable to verify a single user's email
signature and that user being unable to decrypt sent messages?

Question75: Which of the following is where an unauthorized device is found allowing access to a network?

Question76: Which of the following is a hardware-based security technology included in a computer?

Question77: After a security incident involving a physical asset, which of the following should be done at the beginning?

Question78: Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile
device?

Question79: Which of the following, if properly implemented, would prevent users from accessing files that are
unrelated to their job duties? (Choose two.)

Question80: Which of the following actions in PKI takes a certificate authority?

Question81: A security administrator wants to block unauthorized access to a web server using a locally installed
software program. Which of the following should the administrator deploy?

Question82: Which of the following should Matt, a security administrator, include when encrypting smartphones?
(Choose two.)

Question83: If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A
trusts Organization C.
Which of the following PKI concepts is this describing?

Question84: A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show
repeated connection attempts from the following IPs:
1
1
2
2
0.10.3.16
0.10.3.23
12.178.24.26
17.24.94.83
These attempts are overloading the server to the point that it cannot respond to traffic. Which of the
following attacks is occurring?

Question85: A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of
a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak
shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate
laptop theft. Which of the following would provide the IT department with the BEST solution?

Question86: A security administrator is concerned about the strength of user's passwords. The company does not want
to implement a password complexity policy. Which of the following can the security Administrator
implement to mitigate the risk of an online password attack against users with weak passwords?

Question87: Which of the following technologies was developed to allow companies to use less-expensive storage
while still maintaining the speed and redundancy required in a business environment?

Question88: The string:
'
or 1=1-- -
Which of the following represents it?

Question89: During a security assessment, an administrator wishes to see which services are running on a remote
server. Which of the following should the administrator use?

Question90: DRAG DROP
Determine the types of attacks below by selecting an option from the dropdown list.
Determine the types of Attacks from right to specific action.
Select and Place

Question91: Users report that they are unable to access network printing services. The security technician checks the
router access list and sees that web, email, and secure shell are allowed. Which of the following is
blocking network printing?

Question92: A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change
on the user's host:
Old `hosts' file:
127.0.0.1 localhost
New `hosts' file:
127.0.0.1 localhost
5.5.5.5 www.comptia.com
Which of the following attacks has taken place?

Question93: A network administrator noticed various chain messages have been received by the company.
Which of the following security controls would need to be implemented to mitigate this issue?

Question94: Several users report to the administrator that they are having issues downloading files from the file server.
Which of the following assessment tools can be used to determine if there is an issue with the file server?

Question95: Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-
bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?

Question96: Which of the following types of authentication solutions use tickets to provide access to various resources
from a central location?

Question97: Which of the following is an important implementation consideration when deploying a wireless network
that uses a shared password?

Question98: The security team would like to gather intelligence about the types of attacks being launched against the
organization. Which of the following would provide them with the MOST information?

Question99: A large bank has moved back office operations offshore to another country with lower wage costs in an
attempt to improve profit and productivity. Which of the following would be a customer concern if the
offshore staff had direct access to their data?

Question100: A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the
following should be implemented to ensure that a malicious insider will not be able to successfully use ARP
spoofing techniques?

Question101: Suspicious traffic without a specific signature was detected. Under further investigation, it was determined
that these were false indicators. Which of the following security devices needs to be configured to disable
future false alarms?

Question102: When employees that use certificates leave the company they should be added to the following:

Question103: A computer is found to be infected with malware and a technician re-installs the operating system. The
computer remains infected with malware. This is an example of:

Question104: A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication
and the files the user is sending using only a user ID and a key pair. Which of the following methods would
achieve this goal?

Question105: An administrator uses a server with a trusted OS and is configuring an application to go into production
tomorrow, In order to make a new application work properly, the administrator creates a new policy that
labels the application and assigns it a security context within the trusted OS. Which of the following control
methods is the administrator using by configuring this policy?

Question106: Ann, a security administrator, is strengthening the security controls of the company's campus. Her goal is
to prevent people from accessing open locations that are not supervised, such as around the receiving
dock. She is also concerned that employees are using these entry points as a way of bypassing the
security guard at the main entrance. Which of the following should Ann recommend that would BEST
address her concerns?

Question107: In which of the following scenarios is PKI LEAST hardened?

Question108: Ann a network administrator has been tasked with strengthening the authentication of users logging into
systems in area containing sensitive information. Users log in with usernames and passwords, following by
a retinal scan. Which of the following could she implement to add an additional factor of authorization?

Question109: Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is
concerned that sensitive files can be copied to the USB drives. Which of the following mitigation
techniques would address this concern? (Choose two.)

Question110: Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the
following would provide the BEST level of protection?

Question111: Users in the HR department were recently informed that they need to implement a user training and
awareness program which is tailored to their department. Which of the following types of training would be
the MOST appropriate for this department?

Question112: Which of the following has a storage root key?

Question113: Which of the following types of application attacks would be used to specifically gain unauthorized
information from databases that did not have any input validation implemented?

Question114: A small company has a website that provides online customer support. The company requires an account
recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?

Question115: One of the findings of risk assessment is that many of the servers on the data center subnet contain data
that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of
their job function. Which of the following should the administrator do?

Question116: Which of the following is an advantage of implementing individual file encryption on a hard drive which
already deploys full disk encryption?

Question117: Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the
following BEST meets this need?

Question118: Which of the following must a user implement if they want to send a secret message to a coworker by
embedding it within an image?

Question119: What is a system that is intended or designed to be broken into by an attacker?

Question120: A new MPLS network link has been established between a company and its business partner.
The link provides logical isolation in order to prevent access from other business partners. Which of the
following should be applied in order to achieve confidentiality and integrity of all data across the link?

Question121: The system administrator has been notified that many users are having difficulty connecting to the
company's wireless network. They take a new laptop and physically go to the access point and connect
with no problems. Which of the following would be the MOST likely cause?

Question122: An agent wants to create fast and efficient cryptographic keys to use with Diffie-Hellman without using
prime numbers to generate the keys. Which of the following should be used?

Question123: Which of the following is an XML based open standard used in the exchange of authentication and
authorization information between different parties?

Question124: The help desk is experiencing a higher than normal amount of calls from users reporting slow response
from the application server. After analyzing the data from a packet capturing tool, the head of the network
engineering department determines that the issue is due, in part from the increase of personnel recently
hired to perform application development. Which of the following would BEST assist in correcting this
issue?

Question125: Which of the following describes the process of removing unnecessary accounts and services from an
application to reduce risk exposure?

Question126: The finance department works with a bank which has recently had a number of cyber attacks. The finance
department is concerned that the banking website certificates have been compromised. Which of the
following can the finance department check to see if any of the bank's certificates are still valid?

Question127: A process in which the functionality of an application is tested without any knowledge of the internal
mechanisms of the application is known as:

Question128: Which of the following techniques can be used to prevent the disclosure of system information resulting
from arbitrary inputs when implemented properly?

Question129: Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the
following BEST meets this need?

Question130: Which of the following is an authentication method that can be secured by using SSL?

Question131: How must user accounts for exiting employees be handled?

Question132: A security administrator examines a network session to a compromised database server with a packet
analyzer. Within the session there is a repeated series of the hex character 90 (x90).
Which of the following attack types has occurred?

Question133: Joe, an application developer, is building an external facing marketing site. There is an area on the page
where clients may submit their feedback to articles that are posted. Joe filters client-side JAVA input.

Question134: Which of the following steps of incident response does a team analyze the incident and determine steps to
prevent a future occurrence?

Question135: When confidentiality is the primary concern, and a secure channel for key exchange is not available, which
of the following should be used for transmitting company documents?

Question136: Ann, a security analyst, has discovered that her company has very high staff turnover and often user
accounts are not disabled after an employee leaves the company. Which of the following could Ann
implement to help identify accounts that are still active for terminated employees?

Question137: The system administrator is reviewing the following logs from the company web server:
1
1
2:34:56 GET /directory_listing.php?user=admin&pass=admin1
2:34:57 GET /directory_listing.php?user=admin&pass=admin2
1
1
2:34:58 GET /directory_listing.php?user=admin&pass=1admin
2:34:59 GET /directory_listing.php?user=admin&pass=2admin
Which of the following is this an example of?

Question138: A resent OS patch caused an extended outage. It took the IT department several hours to uncover the
cause of the issue due to the system owner who installed the patch being out of the office. Which of the
following could help reduce the likelihood of this situation occurring in the future?

Question139: An employee in the accounting department recently received a phishing email that instructed them to click
a link in the email to view an important message from the IRS which threatened penalties if a response
was not received by the end of the business day. The employee clicked on the link and the machine was
infected with malware. Which of the following principles BEST describes why this social engineering ploy
was successful?

Question140: Which of the following types of security controls are visible security cameras considered to be?

Question141: Which of the following provides Digital Signatures?

Question142: An administrator notices an unusual spike in network traffic from many sources. The administrator
suspects that:

Question143: A computer is suspected of being compromised by malware. The security analyst examines the computer
and finds that a service called Telnet is running and connecting to an external website over port 443. This
Telnet service was found by comparing the system's services to the list of standard services on the
company's system image. This review process depends on:

Question144: Which of the following can be used as an equipment theft deterrent?

Question145: Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent
penetration test reveals vulnerabilities on the network. Which of the following has been reported by the
vulnerability scan?

Question146: Several bins are located throughout a building for secure disposal of sensitive information.
Which of the following does this prevent?

Question147: During an audit, the security administrator discovers that there are several users that are no longer
employed with the company but still have active user accounts. Which of the following should be
performed?

Question148: The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one
else received the voice mail. Which of the following BEST describes this attack?

Question149: Which of the following is true about PKI? (Choose two.)

Question150: Speaking a passphrase into a voice print analyzer is an example of the following security concepts:

Question151: Physical documents must be incinerated after a set retention period is reached. Which of the following
attacks does this action remediate?

Question152: A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the
following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen?

Question153: Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal
database to an internal server, keeping in mind that the encryption process must add as little latency to the
process as possible?

Question154: Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions?

Question155: A database administrator receives a call on an outside telephone line from a person who states that they
work for a well-known database vendor. The caller states there have been problems applying the newly
released vulnerability patch for their database system, and asks what version is being used so that they
can assist. Which of the following is the BEST action for the administrator to take?

Question156: A technician wants to verify the authenticity of the system files of a potentially compromised system. Which
of the following can the technician use to verify if a system file was compromised? (Choose two.)

Question157: The company's sales team plans to work late to provide the Chief Executive Officer (CEO) with a special
report of sales before the quarter ends. After working for several hours, the team finds they cannot save or
print the reports.
Which of the following controls is preventing them from completing their work?

Question158: Purchasing receives an automated phone call from a bank asking to input and verify credit card
information. The phone number displayed on the caller ID matches the bank. Which of the following attack
types is this?

Question159: A security administrator needs to determine which system a particular user is trying to login to at various
times of the day. Which of the following log types would the administrator check?

Question160: A security administrator is notified that users attached to a particular switch are having intermittent
connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack.
Which of the following could be utilized to provide protection from this type of attack?

Question161: A user, Ann, is reporting to the company IT support group that her workstation screen is blank other than a
window with a message requesting payment or else her hard drive will be formatted. Which of the following
types of malware is on Ann's workstation?

Question162: Which of the following is a vulnerability associated with disabling pop-up blockers?

Question163: An administrator finds that non-production servers are being frequently compromised, production servers
are rebooting at unplanned times and kernel versions are several releases behind the version with all
current security fixes.
Which of the following should the administrator implement?

Question164: Which of the following technical controls helps to prevent Smartphones from connecting to a corporate
network?

Question165: A new network administrator is setting up a new file server for the company. Which of the following would
be the BEST way to manage folder security?

Question166: Which of the following is commonly LDAP and Kerberos used for?

Question167: Which of the following authentication services uses a ticket granting system to provide access?

Question168: Ann, the system administrator, is installing an extremely critical system that can support ZERO downtime.
Which of the following BEST describes the type of system Ann is installing?

Question169: Prior to leaving for an extended vacation, Joe uses his mobile phone to take a picture of his family in the
house living room. Joe posts the picture on a popular social media site together with the message:
"
Heading to our two weeks' vacation to Italy." Upon returning home, Joe discovers that the house was
burglarized.
Which of the following is the MOST likely reason the house was burglarized if nobody knew Joe's home
address?

Question170: The process of making certain that an entity (operating system, application, etc.) is as secure as it can be
known as:

Question171: Which of the following allows an organization to store a sensitive PKI component with a trusted third party?

Question172: Vendors typically ship software applications with security settings disabled by default to ensure a wide
range of interoperability with other applications and devices.
Which of the following should a security administrator perform before deploying new software?

Question173: Which of the following security architecture elements also has sniffer functionality? (Choose two.)

Question174: An IT security technician needs to establish host based security for company workstations. Which of the
following will BEST meet this requirement?

Question175: A network technician is configuring clients for VLAN access. The network address for the sales department
is 192.168.0.64 with a broadcast address of 192.168.0.71. Which of the following IP address/subnet mask
combinations could be used to correctly configure a client machine in the sales department?

Question176: Purchasing receives a phone call from a vendor asking for a payment over the phone. The phone number
displayed on the caller ID matches the vendor's number. When the purchasing agent asks to call the
vendor back, they are given a different phone number with a different area code.
Which of the following attack types is this?

Question177: A security Operations Center was scanning a subnet for infections and found a contaminated machine.
One of the administrators disabled the switch port that the machine was connected to, and informed a local
technician of the infection. Which of the following steps did the administrator perform?

Question178: While an Internet café a malicious user is causing all surrounding wireless connected devices to have
intermittent and unstable connections to the access point. Which of the following is MOST likely being
used?

Question179: At the outside break area, an employee, Ann, asked another employee to let her into the building because
her badge is missing. Which of the following does this describe?

Question180: Which of the following should be enabled in a laptop's BIOS prior to full disk encryption?

Question181: Ann is traveling for business and is attempting to use the hotel's wireless network to check for new
messages. She selects the hotel's wireless SSID from a list of networks and successfully connects. After
opening her email client and waiting a few minutes, the connection times out. Which of the following should
Ann do to retrieve her email messages?

Question182: Which of the following solutions provides the most flexibility when testing new security controls prior to
implementation?

Question183: Identifying a list of all approved software on a system is a step in the following practices:

Question184: A company is concerned that a compromised certificate may result in a man-in-the-middle attack against
backend financial servers. In order to minimize the amount of time a compromised certificate would be
accepted by other servers, the company decides to add another validation step to SSL/TLS connections.
Which of the following technologies provides the FASTEST revocation capability?

Question185: Company A sends a PGP encrypted file to company B.
If company A used company B's public key to
encrypt the file, which of the following should be used to decrypt data at company B?

Question186: A new security policy being implemented requires all email within the organization be digitally signed by
the author using PGP. Which of the following would needs to be created for each user?

Question187: Which of the following are examples of detective controls?

Question188: A system administrator has made several unauthorized changes to the server cluster that resulted in a
major outage. This event has been brought to the attention of the Chief Information Office (CIO) and he
has requested immediately implement a risk mitigation strategy to prevent this type of event from
reoccurring.
Which of the following would be the BEST risk mitigation strategy to implement in order to meet this
request?

Question189: Users at a company report that a popular news website keeps taking them to a web page with derogatory
content.
Which of the following is this an example of?

Question190: Which of the following should a company implement to BEST mitigate from zero-day malicious code
executing on employees' computers?

Question191: An administrator finds that non-production servers are being frequently compromised, production servers
are rebooting at unplanned times and kernel versions are several releases behind the version with all
current security fixes.
Which of the following should the administrator implement?

Question192: During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print
spool directory, and was able to download a document from the spool. Which statement BEST describes
her privileges?

Question193: A user has plugged in a wireless router from home with default configurations into a network jack at the
office. This is known as:

Question194: Pete, the system administrator, has concerns regarding users losing their company provided smartphones.
Pete's focus is on equipment recovery. Which of the following BEST addresses his concerns?

Question195: An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and
network security, the administrator desires to provide network access for this group only. Which of the
following would BEST address this desire?

Question196: An administrator notices that former temporary employees' accounts are still active on a domain.
Which of the following can be implemented to increase security and prevent this from happening?

Question197: Which of the following types of cloud computing would be MOST appropriate if an organization required
complete control of the environment?

Question198: A system administrator wants to confidentially send a user name and password list to an individual outside
the company without the information being detected by security controls. Which of the following would
BEST meet this security goal?

Question199: Mike, a security professional, is tasked with actively verifying the strength of the security controls on a
company's live modem pool. Which of the following activities is MOST appropriate?

Question200: Sara, an application developer, implemented error and exception handling alongside input validation.
Which of the following does this help prevent?

Question201: A computer security officer has investigated a possible data breach and has found it credible. The officer
notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:

Question202: A system administrator has noticed network performance issues and wants to gather performance data
from the gateway router. Which of the following can be used to perform this action?

Question203: Which of the following is the best practice to put at the end of an ACL?

Question204: A technician wants to implement a dual factor authentication system that will enable the organization to
authorize access to sensitive systems on a need-to-know basis. Which of the following should be
implemented during the authorization stage?

Question205: Which of the following is a concern when encrypting wireless data with WEP?

Question206: Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a
production system?

Question207: A user has several random browser windows opening on their computer. Which of the following programs
can be installed on his machine to help prevent this from happening?

Question208: The Chief Information Officer (CIO) has asked a security analyst to determine the estimated costs
associated with each potential breach of their database that contains customer information. Which of the
following is the risk calculation that the CIO is asking for?

Question209: A security administrator forgets their card to access the server room. The administrator asks a coworker if
they could use their card for the day. Which of the following is the administrator using to gain access to the
server room?

Question210: Which of the following controls would allow a company to reduce the exposure of sensitive systems from
unmanaged devices on internal networks?

Question211: Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective
security of 128-bits. Which of the following should Jane select for the tunnel encryption?

Question212: Which of the following malware types may require user interaction, does not hide itself, and is commonly
identified by marketing pop-ups based on browsing habits?

Question213: Which of the following allows a company to maintain access to encrypted resources when employee
turnover is high?

Question214: Jane has recently implemented a new network design at her organization and wishes to passively identify
security issues with the new network. Which of the following should Jane perform?

Question215: Pete, the security administrator, has been notified by the IDS that the company website is under attack.
Analysis of the web logs show the following string, indicating a user is trying to post a comment on the
public bulletin board.
INSERT INTO message `<script>source=http://evilsite</script>
Which of the following is this an example of?

Question216: The finance department just procured a software application that needs to communicate back to the
vendor server via SSL. Which of the following default ports on the firewall must the security engineer open
to accomplish this task?

Question217: Which of the following allows lower level domains to access resources in a separate Public Key
Infrastructure?

Question218: After encrypting all laptop hard drives, an executive officer's laptop has trouble booting to the operating
system. Now that it is successfully encrypted the helpdesk cannot retrieve the data.
Which of the following can be used to decrypt the information for retrieval?

Question219: Which of the following would be MOST appropriate if an organization's requirements mandate complete
control over the data and applications stored in the cloud?

Question220: An administrator is instructed to disable IP-directed broadcasts on all routers in an organization. Which of
the following attacks does this prevent?

Question221: An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which
of the following describes how this private key should be stored so that it is protected from theft?

Question222: A company is about to release a very large patch to its customers. An administrator is required to test
patch installations several times prior to distributing them to customer PCs.
Which of the following should the administrator use to test the patching process quickly and often?

Question223: Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a
server are forms of the following:

Question224: A software development company has hired a programmer to develop a plug-in module to an existing
proprietary application. After completing the module, the developer needs to test the entire application to
ensure that the module did not introduce new vulnerabilities. Which of the following is the developer
performing when testing the application?

Question225: A distributed denial of service attack can BEST be described as:

Question226: ABC company has a lot of contractors working for them. The provisioning team does not always get
notified that a contractor has left the company. Which of the following policies would prevent contractors
from having access to systems in the event a contractor has left?

Question227: The chief Risk officer is concerned about the new employee BYOD device policy and has requested the
security department implement mobile security controls to protect corporate data in the event that a device
is lost or stolen. The level of protection must not be compromised even if the communication SIM is
removed from the device. Which of the following BEST meets the requirements? (Choose two.)

Question228: An IT auditor tests an application as an authenticated user.
Which of the following types of testing is this an example of?

Question229: Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has
left the company?

Question230: The call center supervisor has reported that many employees have been playing preinstalled games on
company computers and this is reducing productivity.
Which of the following would be MOST effective for preventing this behavior?

Question231: When creating a public / private key pair, for which of the following ciphers would a user need to specify
the key strength?

Question232: A hacker has discovered a simple way to disrupt business for the day in a small company which relies on
staff working remotely. In a matter of minutes, the hacker was able to deny remotely working staff access
to company systems with a script. Which of the following security controls is the hacker exploiting?

Question233: Which of the following security concepts identifies input variables which are then used to perform boundary
testing?

Question234: Which of the following authentication methods can use the SCTP and TLS protocols for reliable packet
transmissions?

Question235: Which of the following is the term for a fix for a known software problem?

Question236: Various employees have lost valuable customer data due to hard drives failing in company provided
laptops. It has been discovered that the hard drives used in one model of laptops provided by the company
has been recalled by the manufactory. The help desk is only able to replace the hard drives after they fail
because there is no centralized record of the model of laptop given to each specific user. Which of the
following could have prevented this situation from occurring?

Question237: A security administrator wants to ensure that the message the administrator sends out to their Chief
Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST
concerned with?

Question238: Which of the following protocols encapsulates an IP packet with an additional IP header?

Question239: Joe needs to track employees who log into a confidential database and edit files. In the past, critical files
have been edited, and no one admits to making the edits. Which of the following does Joe need to
implement in order to enforce accountability?

Question240: RC4 is a strong encryption protocol that is generally used with the following:

Question241: HOTSPOT
Select the appropriate attack from each drop down list to label the corresponding illustrated attack
Instructions: Attacks may only be used once, and will disappear from drop down list if selected.
When you have completed the simulation, please select the Done button to submit.
Hot Area

Question242: A vulnerability assessment indicates that a router can be accessed from default port 80 and default port
22. Which of the following should be executed on the router to prevent access via these ports? (Choose
two.)

Question243: Which of the following encompasses application patch management?

Question244: A system administrator has noticed vulnerability on a high impact production server. A recent update was
made available by the vendor that addresses the vulnerability but requires a reboot of the system
afterwards. Which of the following steps should the system administrator implement to address the
vulnerability?

Question245: The security manager must store a copy of a sensitive document and needs to verify at a later point in time
that the document has not been altered. Which of the following will accomplish the security manager's
objective?

Question246: A recently installed application update caused a vital application to crash during the middle of the workday.
The application remained down until a previous version could be reinstalled on the server, and this
resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?

Question247: Which of the following can be used by a security administrator to successfully recover a user's forgotten
password on a password protected file?

Question248: It has been discovered that students are using kiosk tablets intended for registration and scheduling to play
games and utilize instant messaging. Which of the following could BEST eliminate this issue?

Question249: A company is about to release a very large patch to its customers. An administrator is required to test
patch installations several times prior to distributing them to customer PCs.
Which of the following should the administrator use to test the patching process quickly and often?

Question250: An organization must implement controls to protect the confidentiality of its most sensitive data. The
company is currently using a central storage system and group based access control for its sensitive
information. Which of the following controls can further secure the data in the central storage system?

Question251: Which of the following is true about input validation in a client-server architecture, when data integrity is
critical to the organization?

Question252: A security administrator wants to implement a solution which will allow some applications to run under the
user's home directory and only have access to files stored within the same user's folder, while other
applications have access to shared folders. Which of the following BEST addresses these requirements if
the environment is concurrently shared by multiple users?

Question253: Which of the following is a penetration testing method?

Question254: Fuzzing is a security assessment technique that allows testers to analyze the behavior of software
applications under which of the following conditions?

Question255: Each server on a subnet is configured to only allow SSH access from the administrator's workstation.
Which of the following BEST describes this implementation?

Question256: Sara, a security manager, has decided to force expiration of all company passwords by the close of
business day. Which of the following BEST supports this reasoning?

Question257: Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the
building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to
change it. Which of the following attacks occurred LAST?

Question258: The information security technician wants to ensure security controls are deployed and functioning as
intended to be able to maintain an appropriate security posture. Which of the following security techniques
is MOST appropriate to do this?

Question259: A user attempts to install new and relatively unknown software recommended by a colleague. The user is
unable to install the program, despite having successfully installed other programs previously. Which of the
following is MOST likely the cause for the user's inability to complete the installation?

Question260: Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs
were infected with malware as a result. Which of the following BEST prevents this situation from occurring
in the future?

Question261: Matt, an administrator, is concerned about the wireless network being discovered by war driving.
Which of the following can be done to mitigate this?

Question262: The BEST methods for a web developer to prevent the website application code from being vulnerable to
cross-site request forgery (XSRF) are to ____________. (Choose two.)

Question263: The software developer is responsible for writing the code and promoting from the development network to
the quality network. The network administrator is responsible for promoting code to the application servers.
Which of the following practices are they following to ensure application integrity?

Question264: A software development company wants to implement a digital rights management solution to protect its
intellectual property. Which of the following should the company implement to enforce software digital
rights?

Question265: One month after a software developer was terminated, the helpdesk started receiving calls that several
employees' computers were being infected with malware. Upon further research, it was determined that
these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the
errant code. Which of the following attacks has taken place?

Question266: Based on information leaked to industry websites, business management is concerned that unauthorized
employees are accessing critical project information for a major, well-known new product. To identify any
such users, the security administrator could:

Question267: Joe analyzed the following log and determined the security team should implement which of the following
as a mitigation method against further attempts?
Host 192.168.1.123
[
[
[
[
00: 00: 01]Successful Login: 015 192.168.1.123 : local
00: 00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
00: 00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
00: 00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[
00: 00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124

Question268: Which of the following types of attacks is based on coordinating small slices of a task across multiple
systems?

Question269: Which of the following tools would a security administrator use in order to identify all running services
throughout an organization?

Question270: Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or
modified in transit.
Which of the following concepts relates this concern to?

Question271: Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to access an
account at a bank teller machine?

Question272: Which of the following is an example of multifactor authentication?

Question273: Vendors typically ship software applications with security settings disabled by default to ensure a wide
range of interoperability with other applications and devices.
Which of the following should a security administrator perform before deploying new software?

Question274: DRAG DROP
A security administrator is given the security and availability profiles for servers that are being deployed.
Match each RAID type with the correct configuration and MINIMUM number of drives.
Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/
O, storage requirements. Instructions:
All drive definitions can be dragged as many times as necessary
Not all placeholders may be filled in the RAID configuration boxes
If parity is required, please select the appropriate number of parity checkboxes
Server profiles may be dragged only once
Instructions: If at any time you would like to bring back the initial state of the simulation, please select the
Reset button. When you have completed the simulation, please select the Done button to submit. Once the
simulation is submitted, please select the Next button to continue.
Select and Place

Question275: An administrator is building a development environment and requests that three virtual servers are cloned
and placed in a new virtual network isolated from the production network. Which of the following describes
the environment the administrator is building?

Question276: Which of the following protocols is used to validate whether trust is in place and accurate by returning
responses of either "good", "unknown", or "revoked"?

Question277: After visiting a website, a user receives an email thanking them for a purchase which they did not request.
Upon investigation the security administrator sees the following source code in a pop-up window:
<
<
<
<
<
<
<
HTML>
body onload="document.getElementByID('badForm').submit()">
form id="badForm" action="shoppingsite.company.com/purchase.php" method="post" >
input name="Perform Purchase" value="Perform Purchase"/>
/form>
/body>
/HTML>
Which of the following has MOST likely occurred?

Question278: Which of the following protocols provides for mutual authentication of the client and server?

Question279: Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

Question280: A systems engineer has been presented with storage performance and redundancy requirements for a
new system to be built for the company. The storage solution must be designed to support the highest
performance and must also be able to support more than one drive failure. Which of the following should
the engineer choose to meet these requirements?

Question281: A trojan was recently discovered on a server. There are now concerns that there has been a security
breach that allows unauthorized people to access data. The administrator should be looking for the
presence of a/an:

Question282: Which of the following techniques describes the use of application isolation during execution to prevent
system compromise if the application is compromised?

Question283: Ann, the security administrator, received a report from the security technician, that an unauthorized new
user account was added to the server over two weeks ago. Which of the following could have mitigated
this event?

Question284: A company has purchased an application that integrates into their enterprise user directory for account
authentication. Users are still prompted to type in their usernames and passwords. Which of the following
types of authentication is being utilized here?

Question285: Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier
environment?

Question286: After a security incident involving a physical asset, which of the following should be done at the beginning?

Question287: An auditing team has found that passwords do not meet the best business practices.
Which of the following will MOST increase the security of the passwords? (Choose two.)

Question288: Which of the following design components is used to isolate network devices such as web servers?

Question289: Which of the following is an attack designed to activate based on time?

Question290: Use of a smart card to authenticate remote servers remains MOST susceptible to the following attacks:

Question291: After a company has standardized to a single operating system, not all servers are immune to a well-
known OS vulnerability. Which of the following solutions would mitigate this issue?

Question292: A bank has a fleet of aging payment terminals used by merchants for transactional processing. The
terminals currently support single DES but require an upgrade in order to be compliant with security
standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will
improve in-transit protection of transactional data?

Question293: Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall
application but does not have all the details. Jane needs to review the software before it is released to
production. Which of the following reviews should Jane conduct?

Question294: The IT department noticed that there was a significant decrease in network performance during the
afternoon hours. The IT department performed analysis of the network and discovered this was due to
users accessing and downloading music and video streaming from social sites. The IT department notified
corporate of their findings and a memo was sent to all employees addressing the misuse of company
resources and requesting adherence to company policy. Which of the following policies is being enforced?

Question295: Which of the following can be used as an equipment theft deterrent?

Question296: The information security technician wants to ensure security controls are deployed and functioning as
intended to be able to maintain an appropriate security posture. Which of the following security techniques
is MOST appropriate to do this?

Question297: A company has been attacked and their website has been altered to display false information. The security
administrator disables the web server service before restoring the website from backup. An audit was
performed on the server and no other data was altered. Which of the following should be performed after
the server has been restored?

Question298: The security administrator runs an rpm verify command which records the MD5 sum, permissions, and
timestamp of each file on the system. The administrator saves this information to a separate server. Which
of the following describes the procedure the administrator has performed?

Question299: A network administrator has identified port 21 being open and the lack of an IDS as a potential risk to the
company. Due to budget constraints, FTP is the only option that the company can is to transfer data and
network equipment cannot be purchased. Which of the following is this known as?

Question300: While working on a new project a security administrator wants to verify the integrity of the data in the
organizations archive library. Which of the following is the MOST secure combination to implement to meet
this goal? (Choose two.)

Question301: The security administrator is analyzing a user's history file on a Unix server to determine if the user was
attempting to break out of a rootjail. Which of the following lines in the user's history log shows evidence
that the user attempted to escape the rootjail?

Question302: Which of the following is a hardware based encryption device?

Question303: A security administrator has concerns regarding employees saving data on company provided mobile
devices. Which of the following would BEST address the administrator's concerns?

Question304: Joe, the information security manager, is tasked with calculating risk and selecting controls to protect a
new system. He has identified people, environmental conditions, and events that could affect the new
system. Which of the following does he need to estimate NEXT in order to complete his risk calculations?

Question305: Which of the following is the below pseudo-code an example of?
IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT

Question306: An administrator was asked to review user accounts. Which of the following has the potential to cause the
MOST amount of damage if the account was compromised?

Question307: Identifying a list of all approved software on a system is a step in the following practices:

Question308: An organization has a need for security control that identifies when an organizational system has been
unplugged and a rouge system has been plugged in. The security control must also provide the ability to
supply automated notifications. Which of the following would allow the organization to BEST meet this
business requirement?

Question309: A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts
digitally signed checksums of all patches and updates. The firm does this to address:

Question310: Joe has read and write access to his own home directory. Joe and Ann are collaborating on a project, and
Joe would like to give Ann write access to one particular file in this home directory. Which of the following
types of access control would this reflect?

Question311: Failure to validate the size of a variable before writing it to memory could result in which of the following
application attacks?

Question312: Which of the following devices will help prevent a laptop from being removed from a certain location?

Question313: Which of the following is a control that allows a mobile application to access and manipulate information
which should only be available by another application on the same mobile device (e.g. a music application
posting the name of the current song playing on the device on a social media site)?

Question314: An auditor's report discovered several accounts with no activity for over 60 days. The accounts were later
identified as contractors' accounts who would be returning in three months and would need to resume the
activities. Which of the following would mitigate and secure the auditors finding?

Question315: A security administrator discovers an image file that has several plain text documents hidden in the file.
Which of the following security goals is met by camouflaging data inside of other files?

Question316: The process of making certain that an entity (operating system, application, etc.) is as secure as it can be
known as:

Question317: Ann, the security administrator, wishes to implement multifactor security. Which of the following should be
implemented in order to compliment password usage and smart cards?

Question318: To protect corporate data on removable media, a security policy should mandate that all removable
devices use the following:

Question319: Which of the following attacks could be used to initiate a subsequent man-in-the-middle attack?

Question320: A network security engineer notices unusual traffic on the network from a single IP attempting to access
systems on port 23. Port 23 is not used anywhere on the network. Which of the following should the
engineer do to harden the network from this type of intrusion in the future?

Question321: Which of the following types of trust models is used by a PKI?

Question322: Which of the following techniques describes the use of application isolation during execution to prevent
system compromise if the application is compromised?

Question323: Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of
mis-configurations or faults?

Question324: Which of the following cryptographic related browser settings allows an organization to communicate
securely?

Question325: Ann, a software developer, has installed some code to reactivate her account one week after her account
has been disabled. Which of the following is this an example of? (Choose two.)

Question326: A hospital IT department wanted to secure its doctor's tablets. The IT department wants operating system
level security and the ability to secure the data from alteration. Which of the following methods would
MOST likely work?

Question327: Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services
and operating systems are running on the corporate network. Which of the following should be used to
complete this task?

Question328: A periodic update that corrects problems in one version of a product is called a

Question329: Which of the following is true about the CRL?

Question330: An application developer has tested some of the known exploits within a new application. Which of the
following should the administrator utilize to test for unidentified faults or memory leaks?

Question331: A program displays:
ERROR: this program has caught an exception and will now terminate.
Which of the following is MOST likely accomplished by the program's behavior?

Question332: Which of the following provides additional encryption strength by repeating the encryption process with
additional keys?

Question333: Which of the following helps to establish an accurate timeline for a network intrusion?

Question334: Use of group accounts should be minimized to ensure the following:

Question335: During a server audit, a security administrator does not notice abnormal activity. However, a network
security analyst notices connections to unauthorized ports from outside the corporate network. Using
specialized tools, the network security analyst also notices hidden processes running. Which of the
following has MOST likely been installed on the server?

Question336: A Company has recently identified critical systems that support business operations. Which of the following
will once defined, be the requirement for restoration of these systems within a certain period of time?

Question337: A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator
detects a device trying to communicate to TCP port 49. Which of the following authentication methods is
MOST likely being attempted?

Question338: Which of the following would a security administrator implement in order to identify a problem between two
applications that are not communicating properly?

Question339: A certificate used on an e-commerce web server is about to expire.
Which of the following will occur if the certificate is allowed to expire?

Question340: Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the
request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to
intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?

Question341: An employee connects a wireless access point to the only jack in the conference room to provide Internet
access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to
intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the
following is the reason the malicious user is able to intercept and see the clear text communication?

Question342: A new security analyst is given the task of determining whether any of the company's servers are
vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest
FIRST step toward determining the version of SSH running on these servers?

Question343: A technician has implemented a system in which all workstations on the network will receive security
updates on the same schedule. Which of the following concepts does this illustrate?

Question344: Which of the following controls should critical application servers implement to protect themselves from
other potentially compromised application services?

Question345: Joe, an administrator, installs a web server on the Internet that performs credit card transactions for
customer payments. Joe also sets up a second web server that looks like the first web server.
However, the second server contains fabricated files and folders made to look like payments were
processed on this server but really were not. Which of the following is the second server?

Question346: A server administrator notes that a fully patched application often stops running due to a memory error.
When reviewing the debugging logs, they notice code being run calling an internal process to exploit the
machine.
Which of the following attacks does this describes?

Question347: A network administrator is looking for a way to automatically update company browsers so they import a
list of root certificates from an online source. This online source will then be responsible for tracking which
certificates are to be trusted or not trusted. Which of the following BEST describes the service that should
be implemented to meet these requirements?

Question348: A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is
used by several employees.
Which of the following is the BEST approach for implementation of the new application on the virtual
server?

Question349: The access control list (ACL) for a file on a server is as follows:
User: rwx
User: Ann: r- -
User: Joe: r- -
Group: rwx
Group: sales: r-x
Other: r-x
Joe and Ann are members of the Human Resources group. Will Ann and Joe be able to run the file?

Question350: Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking
cookie?

Question351: The Chief Technology Officer (CTO) wants to improve security surrounding storage of customer
passwords.
The company currently stores passwords as SHA hashes. Which of the following can the CTO implement
requiring the LEAST change to existing systems?

Question352: Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able
to detect an attack even though the company signature based IDS and antivirus did not detect it. Further
analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB
port, and executed it to trigger a privilege escalation flaw.
Which of the following attacks has MOST likely occurred?

Question353: Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all
traffic on her network?

Question354: Which of the following is mainly used for remote access into the network?

Question355: Joe must send Ann a message and provide Ann with assurance that he was the actual sender. Which of
the following will Joe need to use to BEST accomplish the objective?

Question356: One of the senior managers at a company called the help desk to report a problem. The manager could no
longer access data on a laptop equipped with FDE. The manager requested that the FDE be removed and
the laptop restored from a backup. The help desk informed the manager that the recommended solution
was to decrypt the hard drive prior to reinstallation and recovery. The senior manager did not have a copy
of the private key associated with the FDE on the laptop. Which of the following tools or techniques did the
help desk use to avoid losing the data on the laptop?

Question357: A password audit has revealed that a significant percentage if end-users have passwords that are easily
cracked. Which of the following is the BEST technical control that could be implemented to reduce the
amount of easily "crackable" passwords in use?

Question358: Which of the following can use RC4 for encryption? (Choose two.)

Question359: Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of
mis-configurations or faults?

Question360: Users require access to a certain server depending on their job function. Which of the following would be
the MOST appropriate strategy for securing the server?

Question361: Which of the following can be used to mitigate risk if a mobile device is lost?

Question362: Which of the following is a vulnerability associated with disabling pop-up blockers?

Question363: An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns.
Which of the following is an example of this threat?

Question364: A malicious individual is attempting to write too much data to an application's memory. Which of the
following describes this type of attack?

Question365: Which of the following is the BEST technology for the sender to use in order to secure the in-band
exchange of a shared key?

Question366: An email client says a digital signature is invalid and the sender cannot be verified.
Which of the following concepts is the recipient concerned with?

Question367: Allowing unauthorized removable devices to connect to computers increases the risk of the following:

Question368: The security manager reports that the process of revoking certificates authority is too slow and should be
automated. Which of the following should be used to automate this process?

Question369: Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company
network by using a former employee's credential?

Question370: Which of the following is BEST used to capture and analyze network traffic between hosts on the same
network segment?

Question371: Joe, a network security engineer, has visibility to network traffic through network monitoring tools.
However, he's concerned that a disgruntled employee may be targeting a server containing the company's
financial records. Which of the following security mechanism would be MOST appropriate to confirm Joe's
suspicion?

Question372: A small company has recently purchased cell phones for managers to use while working outside if the
office.
The company does not currently have a budget for mobile device management and is primarily concerned
with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which
of the following would provide the solution that BEST meets the company's requirements?

Question373: Which of the following would an attacker use to generate and capture additional traffic prior to performing
an IV attack?

Question374: Which of the following BEST describes a SQL Injection attack?

Question375: Which of the following BEST explains the use of an HSM within the company servers?

Question376: The database server used by the payroll system crashed at 3 PM and payroll is due at 5 PM. Which of the
following metrics is MOST important is this instance?

Question377: Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in
order to complete the authentication process?

Question378: An IT security technician needs to establish host based security for company workstations. Which of the
following will BEST meet this requirement?

Question379: An employee needs to connect to a server using a secure protocol on the default port. Which of the
following ports should be used?

Question380: A security administrator wants to deploy security controls to mitigate the threat of company employees'
personal information being captured online. Which of the following would BEST serve this purpose?

Question381: Pete, the system administrator, has concerns regarding users losing their company provided smartphones.
Pete's focus is on equipment recovery. Which of the following BEST addresses his concerns?

Question382: Human Resources suspects an employee is accessing the employee salary database. The administrator is
asked to find out who it is. In order to complete this task, which of the following is a security control that
should be in place?

Question383: Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a
certificate?

Question384: An insurance company requires an account recovery process so that information created by an employee
can be accessed after that employee is no longer with the firm. Which of the following is the BEST
approach to implement this process?

Question385: If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A
trusts Organization C.
Which of the following PKI concepts is this describing?

Question386: Prior to leaving for an extended vacation, Joe uses his mobile phone to take a picture of his family in the
house living room. Joe posts the picture on a popular social media site together with the message:
"
Heading to our two weeks' vacation to Italy." Upon returning home, Joe discovers that the house was
burglarized.
Which of the following is the MOST likely reason the house was burglarized if nobody knew Joe's home
address?

Question387: Which of the following is the MOST intrusive type of testing against a production system?

Question388: In order to enter a high-security data center, users are required to speak the correct password into a voice
recognition system. Ann, a member of the sales department, overhears the password and later speaks it
into the system. The system denies her entry and alerts the security team. Which of the following is the
MOST likely reason for her failure to enter the data center?

Question389: Due to hardware limitation, a technician must implement a wireless encryption algorithm that uses the RC4
protocol. Which of the following is a wireless encryption solution that the technician should implement while
ensuring the STRONGEST level of security?

Question390: Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless
network without entering their domain credentials upon connection. Once the connection is made, they
cannot reach any internal resources, while wired network connections operate smoothly. Which of the
following is MOST likely occurring?

Question391: An administrator is concerned that a company's web server has not been patched. Which of the following
would be the BEST assessment for the administrator to perform?

Question392: Which of the following types of technologies is used by security and research personnel for identification
and analysis of new security threats in a networked environment by using false data/hosts for information
collection?

Question393: Which of the following identifies certificates that have been compromised or suspected of being
compromised?

Question394: Using proximity card readers instead of the traditional key punch doors would help to mitigate:

Question395: A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to
lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?

Question396: Which of the following are examples of network segmentation? (Choose two.)

Question397: A security administrator has installed a new KDC for the corporate environment. Which of the following
authentication protocols is the security administrator planning to implement across the organization?

Question398: Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender?

Question399: A company would like to take electronic orders from a partner; however, they are concerned that a non-
authorized person may send an order. The legal department asks if there is a solution that provides non-
repudiation. Which of the following would meet the requirements of this scenario?

Question400: When an order was submitted via the corporate website, an administrator noted special characters (e.g.,
"
;--" and "or 1=1 --") were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?

Question401: Which of the following provides the HIGHEST level of confidentiality on a wireless network?

Question402: Which of the following does full disk encryption prevent?

Question403: Which of the following is public keys used for?

Question404: Recent data loss on financial servers due to security breaches forced the system administrator to harden
their systems. Which of the following algorithms with transport encryption would be implemented to provide
the MOST secure web connections to manage and access these servers?

Question405: In PKI, a key pair consists of: (Choose two.)

Question406: During the information gathering stage of a deploying role-based access control model, which of the
following information is MOST likely required?

Question407: The system administrator wishes to implement a hardware-based encryption method that could also be
used to sign code. They can achieve this by:

Question408: After visiting a website, a user receives an email thanking them for a purchase which they did not request.
Upon investigation the security administrator sees the following source code in a pop-up window:
<
<
<
<
<
<
<
HTML>
body onload="document.getElementByID('badForm').submit()">
form id="badForm" action="shoppingsite.company.com/purchase.php" method="post" >
input name="Perform Purchase" value="Perform Purchase"/>
/form>
/body>
/HTML>
Which of the following has MOST likely occurred?

Question409: A technician has implemented a system in which all workstations on the network will receive security
updates on the same schedule. Which of the following concepts does this illustrate?

Question410: Which of the following MUST be updated immediately when an employee is terminated to prevent
unauthorized access?

Question411: Which of the following attacks allows access to contact lists on cellular phones?

Question412: The fundamental information security principals include confidentiality, availability and ____________?

Question413: Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:

Question414: A company wants to prevent end users from plugging unapproved smartphones into PCs and transferring
data. Which of the following would be the BEST control to implement?

Question415: A recently installed application update caused a vital application to crash during the middle of the workday.
The application remained down until a previous version could be reinstalled on the server, and this
resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?

Question416: Which of the following attacks targets high level executives to gain company information?

Question417: A security administrator is investigating a recent server breach. The breach occurred as a result of a zero-
day attack against a user program running on the server. Which of the following logs should the
administrator search for information regarding the breach?

Question418: An administrator has concerns regarding the company's server rooms. Proximity badge readers were
installed, but it is discovered this is not preventing unapproved personnel from tailgating into these areas.
Which of the following would BEST address this concern?

Question419: A company recently experienced data loss when a server crashed due to a midday power outage.
Which of the following should be used to prevent this from occurring again?

Question420: Which of the following is BEST utilized to actively test security controls on a particular system?

Question421: Pete's corporation has outsourced help desk services to a large provider. Management has published a
procedure that requires all users, when receiving support, to call a special number.
Users then need to enter the code provided to them by the help desk technician prior to allowing the
technician to work on their PC. Which of the following does this procedure prevent?

Question422: Which of the following will help prevent smurf attacks?

Question423: Ann works at a small company and she is concerned that there is no oversight in the finance department;
specifically, that Joe writes, signs and distributes paycheques, as well as other expenditures. Which of the
following controls can she implement to address this concern?

Question424: A security technician at a small business is worried about the Layer 2 switches in the network suffering
from a DoS style attack caused by staff incorrectly cabling network connections between switches.
Which of the following will BEST mitigate the risk if implemented on the switches?

Question425: Which of the following can only be mitigated through the use of technical controls rather that user security
training?

Question426: The ore-sales engineering team needs to quickly provide accurate and up-to-date information to potential
clients. This information includes design specifications and engineering data that is developed and stored
using numerous applications across the enterprise. Which of the following authentication technique is
MOST appropriate?

Question427: An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the
computer is in use. Which of the following can be implemented?

Question428: A new intern was assigned to the system engineering department, which consists of the system architect
and system software developer's teams. These two teams have separate privileges. The intern requires
privileges to view the system architectural drawings and comment on some software development projects.
Which of the following methods should the system administrator implement?

Question429: Which of the following types of attacks involves interception of authentication traffic in an attempt to gain
unauthorized access to a wireless network?

Question430: An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?

Question431: Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk
drives on all servers are fully encrypted. Communication between the application server and end-users is
also encrypted. Network ACLs prevent any connections to the database server except from the application
server. Which of the following can still result in exposure of the sensitive data in the database server?

Question432: Users can authenticate to a company's web applications using their credentials form a popular social
media site. Which of the following poses the greatest risk with this integration?

Question433: Which of the following application security testing techniques is implemented when an automated system
generates random input data?

Question434: Which of the following practices is used to mitigate a known security vulnerability?

Question435: Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile
device theft?

Question436: Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO's office
with various connected cables from the office. Which of the following describes the type of attack that was
occurring?

Question437: A systems administrator has implemented PKI on a classified government network. In the event that a
disconnect occurs from the primary CA, which of the following should be accessible locally from every site
to ensure users with bad certificates cannot gain access to the network?

Question438: Joe a company's new security specialist is assigned a role to conduct monthly vulnerability scans across
the network. He notices that the scanner is returning a large amount of false positives or failed audits.
Which of the following should Joe recommend to remediate these issues?

Question439: SIMULATION
A security administrator discovers that an attack has been completed against a node on the corporate
network. All available logs were collected and stored.
You must review all network logs to discover the scope of the attack, check the box of the node(s) that
have been compromised and drag and drop the appropriate actions to complete the incident response on
the network. The environment is a critical production environment; perform the LEAST disruptive actions
on the network, while still performing the appropriate incident responses.
Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node
(s) that have been compromised and drag and drop the appropriate actions to complete the incident
response on the network. Not all actions may be used, and order is not important. If at anytime you would
like to bring back the initial state of the simulation, please select the Reset button. When you have
completed the simulation, please select the Done button to submit. Once the simulation is submitted,
please select the Next button to continue.

Question440: Which of the following should an administrator implement to research current attack methodologies?

Question441: A periodic update that corrects problems in one version of a product is called a

Question442: Which of the following would a security administrator use to verify the integrity of a file?

Question443: A company's security administrator wants to manage PKI for internal systems to help reduce costs. Which
of the following is the FIRST step the security administrator should take?

Question444: Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol,
which can utilize EAP. Which of the following would BEST fit her objective?

Question445: Sara, a user, downloads a keygen to install pirated software. After running the keygen, system
performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST
describes this type of malware?

Question446: A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the
user's digital certificate. Which of the following will help resolve the issue? (Choose two.)

Question447: After Ann, a user, logs into her banking websites she has access to her financial institution mortgage,
credit card, and brokerage websites as well. Which of the following is being described?

Question448: Which of the following should be done before resetting a user's password due to expiration?

Question449: Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?

Question450: In order to maintain oversight of a third party service provider, the company is going to implement a
Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security
posture coverage. Which of the following is the MOST important activity that should be considered?

Question451: Ann an employee is visiting Joe, an employee in the Human Resources Department. While talking to Joe,
Ann notices a spreadsheet open on Joe's computer that lists the salaries of all employees in her
department. Which of the following forms of social engineering would BEST describe this situation?

Question452: Mike, a user, states that he is receiving several unwanted emails about home loans.
Which of the following is this an example of?

Question453: Which of the following types of data encryption would Matt, a security administrator, use to encrypt a
specific table?

Question454: Which of the following BEST represents the goal of a vulnerability assessment?

Question455: Ann, the software security engineer, works for a major software vendor. Which of the following practices
should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities
prior to each production release?

Question456: Which of the following implementation steps would be appropriate for a public wireless hotspot?

Question457: Jane, a security administrator, has observed repeated attempts to break into a server. Which of the
following is designed to stop an intrusion on a specific server?

Question458: Which of the following should be used when a business needs a block cipher with minimal key size for
internal encryption?

Question459: Which of the following describes purposefully injecting extra input during testing, possibly causing an
application to crash?

Question460: Which of the following is true about an email that was signed by User A and sent to User B?

Question461: Which of the following can a security administrator implement on mobile devices that will help prevent
unwanted people from viewing the data if the device is left unattended?

Question462: A security administrator implements access controls based on the security classification of the data and
need-to-know information. Which of the following BEST describes this level of access control?

Question463: The Quality Assurance team is testing a new third party developed application. The Quality team does not
have any experience with the application. Which of the following is the team performing?

Question464: Which of the following could cause a browser to display the message below?
"
The security certificate presented by this website was issued for a different website's address."

Question465: Which statement is TRUE about the operation of a packet sniffer?

Question466: In Kerberos, the Ticket Granting Ticket (TGT) is used for the following:

Question467: Which of the following does full disk encryption prevent?

Question468: A corporation has experienced several media leaks of proprietary data on various web forums. The posts
were made during business hours and it is believed that the culprit is posting during work hours from a
corporate machine. The Chief Information Officer (CIO) wants to scan internet traffic and keep records for
later use in legal proceedings once the culprit is found. Which of the following provides the BEST solution?

Question469: Jane, an individual, has recently been calling various financial offices pretending to be another person to
gain financial information. Which of the following attacks is being described?

Question470: Which of the following can a security administrator implement on mobile devices that will help prevent
unwanted people from viewing the data if the device is left unattended?

Question471: A system administrator is configuring shared secrets on servers and clients. Which of the following
authentication services is being deployed by the administrator? (Choose two.)

Question472: An organization processes credit card transactions and is concerned that an employee may intentionally
email credit card numbers to external email addresses.
Which of the following technologies should this company consider?

Question473: Which of the following assessment techniques would a security administrator implement to ensure that
systems and software are developed properly?

Question474: Which of the following should Matt, a security administrator, include when encrypting smartphones?
(Choose two.)

Question475: Which of the following may cause Jane, the security administrator, to seek an ACL work around?

Question476: Which of the following application security principles involves inputting random data into a program?

Question477: Which of the following explains the difference between a public key and a private key?

Question478: Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a
security control to limit the connecting MAC addresses to a single port. Which of the following wireless
attacks would this address?

Question479: After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local
access points:
Corpnet
Coffeeshop
FreePublicWifi
Using this information, the attacker spoofs a response to make nearby laptops connect back to a malicious
device. Which of the following has the attacker created?

Question480: Which of the following is a requirement when implementing PKI if data loss is unacceptable?

Question481: Pete, an employee, is terminated from the company and the legal department needs documents from his
encrypted hard drive. Which of the following should be used to accomplish this task? (Choose two.)

Question482: Joe is the accounts payable agent for ABC Company. Joe has been performing accounts payable function
for the ABC Company without any supervision. Management has noticed several new accounts without
billing invoices that were paid. Which of the following is the BEST management option for review of the
new accounts?

Question483: Given the following list of corporate access points, which of the following attacks is MOST likely underway
if the company wireless network uses the same wireless hardware throughout?
MACSID
00:01:AB:FA:CD:34Corporate AP
00:01:AB:FA:CD:35Corporate AP
00:01:AB:FA:CD:36Corporate AP
00:01:AB:FA:CD:37Corporate AP
00:01:AB:FA:CD:34Corporate AP

Question484: Which of the following is a notification that an unusual condition exists and should be investigated?

Question485: Which of the following types of wireless attacks would be used specifically to impersonate another WAP in
order to gain unauthorized information from mobile users?

Question486: Which of the following is replayed during wireless authentication to exploit a weal key infrastructure?

Question487: A computer supply company is located in a building with three wireless networks. The system security
team implemented a quarterly security scan and saw the following.
SSIDStateChannelLevel
Computer AreUs1connected170dbm
Computer AreUs2connected580dbm
Computer AreUs3connected375dbm
Computer AreUs4connected695dbm
Which of the following is this an example of?

Question488: Which of the following relies on the use of shared secrets to protect communication?

Question489: Which of the following would a security administrator implement in order to identify a problem between two
systems that are not communicating properly?

Question490: Which of the following malware types typically allows an attacker to monitor a user's computer, is
characterized by a drive-by download, and requires no user interaction?

Question491: A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The
business has an established relationship with an organization using the URL of www.company.com but not
with the site that has been causing the infections. Which of the following would BEST describe this type of
attack?

Question492: Which of the following software allows a network administrator to inspect the protocol header in order to
troubleshoot network issues?

Question493: Which of the following MOST interferes with network-based detection techniques?

Question494: A security manager must remain aware of the security posture of each system. Which of the following
supports this requirement?

Question495: Which of the following allows a network administrator to implement an access control policy based on
individual user characteristics and NOT on job function?

Question496: A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration
issues. The router is a fairly standard configuration and has an IP address of
192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link
in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks
MOST likely occurred?

Question497: Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags
of the packet traversing a network for troubleshooting purposes?

Question498: Ann a security technician receives a report from a user that is unable to access an offsite SSN server. Ann
checks the firewall and sees the following rules:
Allow TCP 80
Allow TCP 443
Deny TCP 23
Deny TCP 20
Deny TCP 21
Which of the following is preventing the users from accessing the SSH server?

Question499: A new web server has been provisioned at a third party hosting provider for processing credit card
transactions. The security administrator runs the netstat command on the server and notices that ports 80,
443, and 3389 are in a `listening' state. No other ports are open. Which of the following services should be
disabled to ensure secure communications?

Question500: A security technician received notification of a remotely exploitable vulnerability affecting all multifunction
printers firmware installed throughout the organization. The vulnerability allows a malicious user to review
all the documents processed by the affected printers. Which of the following compensating controls can
the security technician to mitigate the security risk of a sensitive document leak?

Question501: Which of the following devices will help prevent a laptop from being removed from a certain location?

Question502: Which of the following protocols provides transport security for virtual terminal emulation?

Question503: An incident occurred when an outside attacker was able to gain access to network resources. During the
incident response, investigation security logs indicated multiple failed login attempts for a network
administrator. Which of the following controls, if in place could have BEST prevented this successful
attack?

Question504: Which of the following is described as an attack against an application using a malicious file?

Question505: A financial company requires a new private network link with a business partner to cater for realtime and
batched data flows.
Which of the following activities should be performed by the IT security staff member prior to establishing
the link?

Question506: A network administrator identifies sensitive files being transferred from a workstation in the LAN to an
unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not
been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely
reason for the incident?

Question507: An employee's mobile device associates with the company's guest WiFi SSID, but then is unable to
retrieve email. The email settings appear to be correct. Which of the following is the MOST likely cause?

Question508: Which of the following tools will allow a technician to detect security-related TCP connection anomalies?

Question509: A company with a US-based sales force has requested that the VPN system be configured to authenticate
the sales team based on their username, password and a client side certificate.
Additionally, the security administrator has restricted the VPN to only allow authentication from the US
territory. How many authentication factors are in use by the VPN system?

Question510: Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS
encryption?

Question511: Which of the following practices is used to mitigate a known security vulnerability?

Question512: Which of the following is the difference between identification and authentication of a user?

Question513: A video surveillance audit recently uncovered that an employee plugged in a personal laptop and used the
corporate network to browse inappropriate and potentially malicious websites after office hours. Which of
the following could BEST prevent a situation like this form occurring again?

Question514: A user has several random browser windows opening on their computer. Which of the following programs
can be installed on his machine to help prevent this from happening?

Question515: A technician wants to secure communication to the corporate web portal, which is currently using HTTP.
Which of the following is the FIRST step the technician should take?

Question516: A network administrator is responsible for securing applications against external attacks. Every month, the
underlying operating system is updated. There is no process in place for other software updates.
Which of the following processes could MOST effectively mitigate these risks?

Question517: When reviewing a digital certificate for accuracy, which of the following would Matt, a security
administrator, focus on to determine who affirms the identity of the certificate owner?

Question518: Which of the following BEST describes a protective countermeasure for SQL injection?

Question519: Which of the following wireless security measures can an attacker defeat by spoofing certain properties of
their network interface card?

Question520: Allowing unauthorized removable devices to connect to computers increases the risk of the following:

Question521: A company executive's laptop was compromised, leading to a security breach. The laptop was placed into
storage by a junior system administrator and was subsequently wiped and re-imaged. When it was
determined that the authorities would need to be involved, there was little evidence to present to the
investigators. Which of the following procedures could have been implemented to aid the authorities in
their investigation?

Question522: In regard to secure coding practices, why is input validation important?

Question523: A company hired Joe, an accountant. The IT administrator will need to create a new account for
Joe. The company uses groups for ease of management and administration of user accounts.
Joe will need network access to all directories, folders and files within the accounting department.
Which of the following configurations will meet the requirements?

Question524: A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the
corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his
personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of
material on his personal laptop. Which of the following should the company have employees acknowledge
before allowing them to access the corporate WLAN with their personal devices?

Question525: Methods to test the responses of software and web applications to unusual or unexpected inputs are
known as:

Question526: A security technician is attempting to access a wireless network protected with WEP. The technician does
not know any information about the network. Which of the following should the technician do to gather
information about the configuration of the wireless network?

Question527: Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?

Question528: Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?

Question529: Which of the following can be implemented in hardware or software to protect a web server from cross-site
scripting attacks?

Question530: Which of the following authenticate connections using point-to-point protocol? (Choose two.)

Question531: Which of the following hardware based encryption devices is used as a part of multi-factor authentication to
access a secured computing system?

Question532: A company has just deployed a centralized event log storage system. Which of the following can be used
to ensure the integrity of the logs after they are collected?

Question533: Sara, a security engineer, is testing encryption ciphers for performance. Which of the following ciphers
offers strong encryption with the FASTEST speed?

Question534: A large corporation has data centers geographically distributed across multiple continents. The company
needs to securely transfer large amounts of data between the data center. The data transfer can be
accomplished physically or electronically, but must prevent eavesdropping while the data is on transit.
Which of the following represents the BEST cryptographic solution?

Question535: A security specialist has been asked to evaluate a corporate network by performing a vulnerability
assessment. Which of the following will MOST likely be performed?

Question536: Which of the following types of logs could provide clues that someone has been attempting to compromise
the SQL Server database?

Question537: Which of the following is an application security coding problem?

Question538: On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge.
Which of the following describes this?

Question539: Which of the following is an important step in the initial stages of deploying a host-based firewall?

Question540: A team of firewall administrators have access to a `master password list' containing service account
passwords. Which of the following BEST protects the master password list?

Question541: An administrator is assigned to monitor servers in a data center. A web server connected to the Internet
suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause?

Question542: A technician is reviewing the logical access control method an organization uses. One of the senior
managers requests that the technician prevent staff members from logging on during nonworking days.
Which of the following should the technician implement to meet managements request?

Question543: An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the
recipient to a malicious site where information is harvested. The message is narrowly tailored so it is
effective on only a small number of victims.
Which of the following describes this?

Question544: A network analyst received a number of reports that impersonation was taking place on the network.
Session tokens were deployed to mitigate this issue and defend against the following attacks:

Question545: Which of the following is an authentication and accounting service that uses TCP for connecting to routers
and switches?

Question546: Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate
laptops where the file structures are unknown?

Question547: A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the
company. Which of the following would fulfill the CISO's requirements?

Question548: Which of the following must be kept secret for a public key infrastructure to remain secure?

Question549: A CA is compromised and attacks start distributing maliciously signed software updates. Which of the
following can be used to warn users about the malicious activity?

Question550: The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following
would be the MOST appropriate? (Choose two.)

Question551: A security administrator looking through IDS logs notices the following entry: (where email = '[email protected]'
and passwd = 'or 1==1')
Which of the following attacks had the administrator discovered?

Question552: The recovery agent is used to recover the:

Question553: Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a
system with speed as its primary consideration?

Question554: Which of the following types of authentication packages user credentials in a ticket?

Question555: Which of the following provides RADIUS?

Question556: A server administrator notes that a legacy application often stops running due to a memory error. When
reviewing the debugging logs, they notice code being run calling an internal process to exploit the
machine. Which of the following attacks does this describe?

Question557: Which of the following services are used to support authentication services for several local devices from a
central location without the use of tokens?

Question558: A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager
is concerned with which of the following security controls?

Question559: A software developer utilizes cryptographic functions to generate codes that verify message integrity. Due
to the nature if the data that is being sent back and forth from the client application to the server, the
developer would like to change the cryptographic function to one that verities both authentication and
message integrity. Which of the following algorithms should the software developer utilize?

Question560: Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?

Question561: A security analyst performs the following activities: monitors security logs, installs surveillance cameras
and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Choose
two.)

Question562: The BEST methods for a web developer to prevent the website application code from being vulnerable to
cross-site request forgery (XSRF) are to ____________. (Choose two.)

Question563: Which of the following components MUST be trusted by all parties in PKI?

Question564: A recent audit has revealed weaknesses in the process of deploying new servers and network devices.
Which of the following practices could be used to increase the security posture during deployment?
(Choose two.)

Question565: Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an
unintended group. Which of the following would prevent her from denying accountability?

Question566: Which of the following can be used to ensure digital certificates? (Choose two.)

Question567: The security administrator is observing unusual network behavior from a workstation. The workstation is
communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an
updated antivirus definition file, does not show any signs of infection.
Which of the following has happened on the workstation?

Question568: An administrator is investigating a system that may potentially be compromised, and sees the following log
entries on the router.
*
(
*
(
*
(
Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5
6667), 3 packets.
Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5
6667), 6 packets.
Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5
6667), 8 packets.
Which of the following BEST describes the compromised system?

Question569: A security administrator has concerns that employees are installing unapproved applications on their
company provide smartphones. Which of the following would BEST mitigate this?

Question570: Which of the following is considered a risk management BEST practice of succession planning?

Question571: HOTSPOT
For each of the given items, select the appropriate authentication category from the drop down choices.
Select the appropriate authentication type for the following items:
Hot Area

Question572: A database administrator would like to start encrypting database exports stored on the SAN, but the
storage administrator warns that this may drastically increase the amount of disk space used by the
exports. Which of the following explains the reason for the increase in disk space usage?

Question573: After analyzing and correlating activity from multiple sensors, the security administrator has determined
that a group of very well organized individuals from an enemy country is responsible for various attempts to
breach the company network, through the use of very sophisticated and targeted attacks. Which of the
following is this an example of?

Question574: A company's employees were victims of a spear phishing campaign impersonating the CEO. The company
would now like to implement a solution to improve the overall security posture by assuring their employees
that email originated from the CEO. Which of the following controls could they implement to BEST meet
this goal?

Question575: Which of the following is the practice of marking open wireless access points called?

Question576: Which of the following is synonymous with a server's certificate?

Question577: During a recent investigation, an auditor discovered that an engineer's compromised workstation was
being used to connect to SCADA systems while the engineer was not logged in. The engineer is
responsible for administering the SCADA systems and cannot be blocked from connecting to them. The
SCADA systems cannot be modified without vendor approval which requires months of testing.
Which of the following is MOST likely to protect the SCADA systems from misuse?

Question578: Which of the following offers the LEAST secure encryption capabilities?

Question579: Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the
temporary credentials being passed to Joe's browser. The attacker later uses the credentials to
impersonate Joe and creates SPAM messages.
Which of the following attacks allows for this impersonation?

Question580: One of the most consistently reported software security vulnerabilities that leads to major exploits is:

Question581: Which of the following passwords is the LEAST complex?

Question582: A company is looking to improve their security posture by addressing risks uncovered by a recent
penetration test.
Which of the following risks is MOST likely to affect the business on a day-to-day basis?

Question583: A user commuting to work via public transport received an offensive image on their smart phone from
another commuter. Which of the following attacks MOST likely took place?

Question584: All executive officers have changed their monitor location so it cannot be easily viewed when passing by
their offices. Which of the following attacks does this action remediate?

Question585: The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following
would be the MOST appropriate? (Choose two.)

Question586: Each server on a subnet is configured to only allow SSH access from the administrator's workstation.
Which of the following BEST describes this implementation?

Question587: Which of the following tests a number of security controls in the least invasive manner?

Question588: Which of the following is used to verify data integrity?

Question589: Users report that after downloading several applications, their systems' performance has noticeably
decreased. Which of the following would be used to validate programs prior to installing them?

Question590: Internet banking customers currently use an account number and password to access their online
accounts. The bank wants to improve security on high value transfers by implementing a system which call
users back on a mobile phone to authenticate the transaction with voice verification. Which of the following
authentication factors are being used by the bank?

Question591: After Matt, a user, enters his username and password at the login screen of a web enabled portal, the
following appears on his screen:
`Please only use letters and numbers on these fields'
Which of the following is this an example of?

Question592: A security administrator has been tasked with setting up a new internal wireless network that must use end
to end TLS. Which of the following may be used to meet this objective?

Question593: Which of the following represents a cryptographic solution where the encrypted stream cannot be captured
by a sniffer without the integrity of the stream being compromised?

Question594: Which of the following is characterized by an attack against a mobile device?

Question595: One of the servers on the network stops responding due to lack of available memory. Server
administrators did not have a clear definition of what action should have taken place based on the
available memory. Which of the following would have BEST kept this incident from occurring?

Question596: A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear.
After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is
MOST likely to be contained in the download?

Question597: A way to assure data at-rest is secure even in the event of loss or theft is to use:

Question598: Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a
server are forms of the following:

Question599: A security administrator develops a web page and limits input into the fields on the web page as well as
filters special characters in output.
Which of the following attacks is the administrator trying to prevent?

Question600: A security administrator is reviewing the below output from a password auditing tool:
P@ss.
@pW1.
S3cU4
Which of the following additional policies should be implemented based on the tool's output?

Question601: Which of the following describes the process of removing unnecessary accounts and services from an
application to reduce risk exposure?

Question602: Which of the following authentication services should be replaced with a more secure alternative?

Question603: Ann has taken over as the new head of the IT department. One of her first assignments was to implement
AAA in preparation for the company's new telecommuting policy. When she takes inventory of the
organizations existing network infrastructure, she makes note that it is a mix of several different vendors.
Ann knows she needs a method of secure centralized access to the company's network resources. Which
of the following is the BEST service for Ann to implement?

Question604: A network engineer is configuring a VPN tunnel connecting a company's network to a business partner.
Which of the following protocols should be used for key exchange?

Question605: An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate
*.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should
be copied from srv4 to accomplish this?

Question606: Which of the following documents outlines the responsibility of both participants in an agreement between
two organizations?

Question607: Establishing a method to erase or clear cluster tips is an example of securing the following:

Question608: A company's Chief Information Officer realizes the company cannot continue to operate after a disaster.
Which of the following describes the disaster?

Question609: A merchant acquirer has the need to store credit card numbers in a transactional database in a high
performance environment. Which of the following BEST protects the credit card data?

Question610: Using a protocol analyzer, a security consultant was able to capture employee's credentials. Which of the
following should the consultant recommend to the company, in order to mitigate the risk of employees
credentials being captured in the same manner in the future?

Question611: Which of the following can be implemented with multiple bit strength?

Question612: A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is
used by several employees.
Which of the following is the BEST approach for implementation of the new application on the virtual
server?

Question613: Joe, a web developer, wants to make sure his application is not susceptible to cross-site request forgery
attacks. Which of the following is one way to prevent this type of attack?

Question614: Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent
that the bid did not come from Company A.
Which of the following would have assured that the bid was
submitted by Company A?

Question615: A security administrator is designing an access control system, with an unlimited budget, to allow
authenticated users access to network resources. Given that a multifactor authentication solution is more
secure, which of the following is the BEST combination of factors?

Question616: Which of the following types of security services are used to support authentication for remote users and
devices?

Question617: A large multinational corporation with networks in 30 countries wants to establish an understanding of their
overall public-facing network attack surface. Which of the following security techniques would be BEST
suited for this?

Question618: Which of the following BEST explains Platform as a Service?

Question619: Several departments in a corporation have a critical need for routinely moving data from one system to
another using removable storage devices. Senior management is concerned with data loss and the
introduction of malware on the network. Which of the following choices BEST mitigates the range of risks
associated with the continued use of removable storage devices?

Question620: Which of the following documents outlines the technical and security requirements of an agreement
between organizations?

Question621: A new mobile banking application is being developed and uses SSL / TLS certificates but penetration tests
show that it is still vulnerable to man-in-the-middle attacks, such as DNS hijacking. Which of the following
would mitigate this attack?

Question622: In order to use a two-way trust model the security administrator MUST implement which of the following?

Question623: A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an
employee using a laptop during the mall business hours, but there are still concerns regarding the physical
safety of the equipment while it is not in use. Which of the following controls would BEST address this
security concern?

Question624: A security administrator is aware that a portion of the company's Internet-facing network tends to be non-
secure due to poorly configured and patched systems. The business owner has accepted the risk of those
systems being compromised, but the administrator wants to determine the degree to which those systems
can be used to gain access to the company intranet. Which of the following should the administrator
perform?

Question625: Which of the following would prevent a user from installing a program on a company-owned mobile
device?

Question626: The IT department has setup a website with a series of questions to allow end users to reset their own
accounts. Which of the following account management practices does this help?

Question627: Which of the following controls can be implemented together to prevent data loss in the event of theft of a
mobile device storing sensitive information? (Choose two.)

Question628: Which of the following can be performed when an element of the company policy cannot be enforced by
technical means?

Question629: Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of
servers before deployment to the production environment while utilizing a limited amount of hardware
resources. Which of the following would provide the BEST environment for performing this testing?

Question630: Which of the following is MOST critical in protecting control systems that cannot be regularly patched?

Question631: A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST
method of enforcement?

Question632: A system security analyst wants to capture data flowing in and out of the enterprise. Which of the following
would MOST likely help in achieving this goal?

Question633: Matt, a developer, recently attended a workshop on a new application. The developer installs the new
application on a production system to test the functionality. Which of the following is MOST likely affected?

Question634: Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all
computers that do credit card transactions. Which of the following should Pete implement to BEST achieve
this goal?

Question635: Which of the following devices is used for the transparent security inspection of network traffic by
redirecting user packets prior to sending the packets to the intended destination?

Question636: A small company wants to employ PKI. The company wants a cost effective solution that must be simple
and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST
option?

Question637: A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A
system administrator wants to disable certain services and remove the local accounting groups installed by
default on this virtual machine.
Which of the following security best practices is the system administrator adhering to?

Question638: The chief Risk officer is concerned about the new employee BYOD device policy and has requested the
security department implement mobile security controls to protect corporate data in the event that a device
is lost or stolen. The level of protection must not be compromised even if the communication SIM is
removed from the device. Which of the following BEST meets the requirements? (Choose two.)

Question639: A network administrator is responsible for securing applications against external attacks. Every month, the
underlying operating system is updated. There is no process in place for other software updates.
Which of the following processes could MOST effectively mitigate these risks?

Question640: When designing a corporate NAC solution, which of the following is the MOST relevant integration issue?

Question641: Which of the following would be used when a higher level of security is desired for encryption key storage?

Question642: A company has purchased an application that integrates into their enterprise user directory for account
authentication. Users are still prompted to type in their usernames and passwords. Which of the following
types of authentication is being utilized here?

Question643: An administrator has two servers and wants them to communicate with each other using a secure
algorithm.
Which of the following choose to provide both CRC integrity checks and RCA encryption?

Question644: Which of the following technical controls helps to prevent Smartphones from connecting to a corporate
network?

Question645: An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public
area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts
belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely
taken place?

Question646: A new client application developer wants to ensure that the encrypted passwords that are stored in their
database are secure from cracking attempts. To implement this, the developer implements a function on
the client application that hashes passwords thousands of times prior to being sent to the database. Which
of the following did the developer MOST likely implement?

Question647: A network administrator noticed various chain messages have been received by the company.
Which of the following security controls would need to be implemented to mitigate this issue?

Question648: A system administrator is configuring UNIX accounts to authenticate against an external server. The
configuration file asks for the following information DC=ServerName and DC=COM. Which of the following
authentication services is being used?

Question649: Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of
encryption strength with a lower key length than is typically necessary. Which of the following encryption
methods offers this capability?

Question650: A company wants to ensure that all credentials for various systems are saved within a central database so
that users only have to login once for access to all systems. Which of the following would accomplish this?

Question651: A security technician is attempting to improve the overall security posture of an internal mail server. Which
of the following actions would BEST accomplish this goal?

Question652: A company's password and authentication policies prohibit the use of shared passwords and transitive
trust. Which of the following if implemented would violate company policy? (Choose two.)

Question653: Company employees are required to have workstation client certificates to access a bank website. These
certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade
and restoration, users state they can access the bank's website, but not login. Which is the following is
MOST likely the issue?

Question654: Which of the following access controls enforces permissions based on data labeling at specific levels?

Question655: An attacker attempted to compromise a web form by inserting the following input into the username field:
admin)(|(password=*))
Which of the following types of attacks was attempted?

Question656: Some customers have reported receiving an untrusted certificate warning when visiting the company's
website. The administrator ensures that the certificate is not expired and that customers have trusted the
original issuer of the certificate. Which of the following could be causing the problem?

Question657: Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?

Question658: A security administrator must implement a secure key exchange protocol that will allow company clients to
autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following
MUST be implemented?

Question659: Public key certificates and keys that are compromised or were issued fraudulently are listed on the
following:

Question660: The security department has implemented a new laptop encryption product in the environment. The
product requires one user name and password at the time of boot up and also another password after the
operating system has finished loading.
Which of the following authentication types is this setup using?

Question661: Which of the following incident response plan steps would MOST likely engaging business professionals
with the security team to discuss changes to existing procedures?

Question662: Which of the following is used to certify intermediate authorities in a large PKI deployment?

Question663: A security administrator wants to deploy security controls to mitigate the threat of company employees'
personal information being captured online. Which of the following would BEST serve this purpose?

Question664: Which of the following is an indication of an ongoing current problem?

Question665: A security technician is working with the network firewall team to implement access controls at the
company's demarc as part of the initiation of configuration management processes. One of the network
technicians asks the security technician to explain the access control type found in a firewall. With which of
the following should the security technician respond?

Question666: A security administrator notices large amounts of traffic within the network heading out to an external
website. The website seems to be a fake bank site with a phone number that when called, asks for
sensitive information. After further investigation, the security administrator notices that a fake link was sent
to several users.
Which of the following attacks is this an example of?

Question667: Which of the following application attacks is used against a corporate directory service where there are
unknown servers on the network?

Question668: Which of the following network devices is used to analyze traffic between various network interfaces?

Question669: Which of the following was launched against a company based on the following IDS log?
122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET
/
index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)"

Question670: A security administrator has been tasked to ensure access to all network equipment is controlled by a
central server such as TACACS+.
Which of the following risk mitigation strategies supports this type of implementation?

Question671: Which of the following is an authentication service that uses UDP as a transport medium?

Question672: Which of the following would be used to identify the security posture of a network without actually
exploiting any weaknesses?

Question673: A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the
following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen?

Question674: A recent audit has discovered that at the time of password expiration clients are able to recycle the
previous credentials for authentication. Which of the following controls should be used together to prevent
this from occurring? (Choose two.)

Question675: After a user performed a war driving attack, the network administrator noticed several similar markings
where Wi-Fi was available throughout the enterprise. Which of the following is the term used to describe
these markings?

Question676: An information bank has been established to store contacts, phone numbers and other records.
An application running on UNIX would like to connect to this index server using port 88. Which of the
following authentication services would this use this port by default?

Question677: Which of the following uses both a public and private key?

Question678: A security administrator suspects that an employee in the IT department is utilizing a reverse proxy to
bypass the company's content filter and browse unapproved and non-work related sites while at work.
Which of the following tools could BEST be used to determine how the employee is connecting to the
reverse proxy?

Question679: Which of the following MUST Matt, a security administrator, implement to verify both the integrity and
authenticity of a message while requiring a shared secret?

Question680: Which of the following would a security administrator implement in order to identify change from the
standard configuration on a server?

Question681: Which of the following would a security administrator implement in order to discover comprehensive
security threats on a network?

Question682: When considering a vendor-specific vulnerability in critical industrial control systems which of the following
techniques supports availability?

Question683: Which of the following types of application attacks would be used to identify malware causing security
breaches that have NOT yet been identified by any trusted sources?

Question684: An organization has introduced token-based authentication to system administrators due to risk of
password compromise. The tokens have a set of numbers that automatically change every 30 seconds.
Which of the following type of authentication mechanism is this?

Question685: A security administrator wants to test the reliability of an application which accepts user provided
parameters. The administrator is concerned with data integrity and availability. Which of the following
should be implemented to accomplish this task?

Question686: While setting up a secure wireless corporate network, which of the following should Pete, an administrator,
avoid implementing?

Question687: Which of the following password attacks involves attempting all kinds of keystroke combinations on the
keyboard with the intention to gain administrative access?

Question688: The security consultant is assigned to test a client's new software for security, after logs show targeted
attacks from the Internet. To determine the weaknesses, the consultant has no access to the application
program interfaces, code, or data structures.
Which of the following types of testing is this an example of?

Question689: Which of the following cryptographic algorithms is MOST often used with IPSec?

Question690: The call center supervisor has reported that many employees have been playing preinstalled games on
company computers and this is reducing productivity.
Which of the following would be MOST effective for preventing this behavior?

Question691: Jane, a security administrator, needs to implement a secure wireless authentication method that uses a
remote RADIUS server for authentication.
Which of the following is an authentication method Jane should use?

Question692: Ann, a security analyst, is preparing for an upcoming security audit.
Which of the following would Ann use to ensure that she identifies unapplied security controls and patches
without attacking or compromising the system?

Question693: The IT department has set up a share point site to be used on the intranet. Security has established the
groups and permissions on the site. No one may modify the permissions and all requests for access are
centrally managed by the security team.
Which of the following control types is this an example of?

Question694: A security technician has been asked to recommend an authentication mechanism that will allow users to
authenticate using a password that will only be valid for a predefined time interval. Which of the following
should the security technician recommend?

Question695: Which of the following controls can be implemented together to prevent data loss in the event of theft of a
mobile device storing sensitive information? (Choose two.)

Question696: Deploying a wildcard certificate is one strategy to:

Question697: Which of the following encompasses application patch management?

Question698: Joe, an employee is taking a taxi through a busy city and starts to receive unsolicited files sent to his
Smartphone. Which of the following is this an example of?

Question699: A network administrator has a separate user account with rights to the domain administrator group.
However, they cannot remember the password to this account and are not able to login to the server when
needed. Which of the following is MOST accurate in describing the type of issue the administrator is
experiencing?

Question700: Which of the following authentication protocols makes use of UDP for its services?

Question701: Which of the following is an important step in the initial stages of deploying a host-based firewall?

Question702: The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler. Which of
the following is occurring?

Question703: Which of the following should a security technician implement to identify untrusted certificates?

Question704: Which of the following can be implemented if a security administrator wants only certain devices
connecting to the wireless network?

Question705: An administrator has to determine host operating systems on the network and has deployed a transparent
proxy. Which of the following fingerprint types would this solution use?

Question706: Users are trying to communicate with a network but are unable to do so. A network administrator sees
connection attempts on port 20 from outside IP addresses that are being blocked. How can the
administrator resolve this?

Question707: Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in
order to leverage mobile technology without providing every user with a company owned device. She is
concerned that users may not understand the company's rules, and she wants to limit potential legal
concerns. Which of the following is the CTO concerned with?

Question708: The Chief Information Security Officer (CISO) is concerned that users could bring their personal laptops to
work and plug them directly into the network port under their desk. Which of the following should be
configured on the network switch to prevent this from happening?

Question709: A security assurance officer is preparing a plan to measure the technical state of a customer's enterprise.
The testers employed to perform the audit will be given access to the customer facility and network. The
testers will not be given access to the details of custom developed software used by the customer.
However, the testers with have access to the source code for several open source applications and pieces
of networking equipment used at the facility, but these items will not be within the scope of the audit.
Which of the following BEST describes the appropriate method of testing or technique to use in this
scenario? (Choose two.)

Question710: Which of the following security benefits would be gained by disabling a terminated user account rather than
deleting it?

Question711: Identifying residual is MOST important to which of the following concepts?

Question712: Which of the following is replayed during wireless authentication to exploit a weak key infrastructure?

Question713: Which of the following would provide the STRONGEST encryption?

Question714: Which of the following authentication provides users XML for authorization and authentication?

Question715: Which of the following solutions provides the most flexibility when testing new security controls prior to
implementation?

Question716: A system administrator needs to ensure that certain departments have more restrictive controls to their
shared folders than other departments. Which of the following security controls would be implemented to
restrict those departments?

Question717: A company hosts its public websites internally. The administrator would like to make some changes to the
architecture.
The three goals are:
1
2
3
. reduce the number of public IP addresses in use by the web servers
. drive all the web traffic through a central point of control
. mitigate automated attacks that are based on IP address scanning
Which of the following would meet all three goals?

Question718: Which device monitors network traffic in a passive manner?

Question719: Pete, a security auditor, has detected clear text passwords between the RADIUS server and the
authenticator. Which of the following is configured in the RADIUS server and what technologies should the
authentication protocol be changed to?

Question720: A company requires that a user's credentials include providing something they know and something they
are in order to gain access to the network. Which of the following types of authentication is being
described?

Question721: Which of the following access methods uses radio frequency waves for authentication?

Question722: An organization is required to log all user internet activity. Which of the following would accomplish this
requirement?

Question723: Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking
cookie?

Question724: Which of the following would be a reason for developers to utilize an AES cipher in CCM mode (Counter
with Chain Block Message Authentication Code)?

Question725: Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no
budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand
hardware failure?

Question726: Which of the following means a password history value of three?

Question727: Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues.
The two malware types that the group seems to be most interested in are botnets and viruses.
Which of the following explains the difference between these two types of malware?

Question728: Which of the following attacks would cause all mobile devices to lose their association with corporate
access points while the attack is underway?

Question729: Which of the following can Joe, a security administrator, implement on his network to capture attack details
that are occurring while also protecting his production network?

Question730: A security administrator must implement a system to allow clients to securely negotiate encryption keys
with the company's server over a public unencrypted communication channel.
Which of the following implements the required secure key negotiation? (Choose two.)

Question731: Which of the following ciphers would be BEST used to encrypt streaming video?

Question732: Which of the following would prevent a user from installing a program on a company-owned mobile
device?

Question733: A user has forgotten their account password. Which of the following is the BEST recovery strategy?

Question734: Which of the following is the BEST practice when dealing with user accounts that will only need to be
active for a limited time period?

Question735: Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a
popular Smartphone. This is an example of.

Question736: A small company has recently purchased cell phones for managers to use while working outside if the
office.
The company does not currently have a budget for mobile device management and is primarily concerned
with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which
of the following would provide the solution that BEST meets the company's requirements?

Question737: Which of the following provides a user ID and password together?

Question738: Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company
has been hired to perform a penetration test against his network. The security company asks Matt which
type of testing would be most beneficial for him. Which of the following BEST describes what the security
company might do during a black box test?

Question739: Which of the following file systems is from Microsoft and was included with their earliest operating
systems?

Question740: During a disaster recovery planning session, a security administrator has been tasked with determining
which threats and vulnerabilities pose a risk to the organization.
Which of the following should the administrator rate as having the HIGHEST frequency of risk to the
organization?

Question741: Sara, a security administrator, manually hashes all network device configuration files daily and compares
them to the previous days' hashes. Which of the following security concepts is Sara using?

Question742: How often, at a MINIMUM, should Sara, an administrator, review the accesses and rights of the users on
her system?

Question743: Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information
Officer (CIO) is concerned about disclosure of confidential information. Which of the following is the MOST
secure method to dispose of these hard drives?

Question744: A new virtual server was created for the marketing department. The server was installed on an existing
host machine. Users in the marketing department report that they are unable to connect to the server.
Technicians verify that the server has an IP address in the same VLAN as the marketing department
users. Which of the following is the MOST likely reason the users are unable to connect to the server?

Question745: In order for Sara, a client, to logon to her desktop computer, she must provide her username, password,
and a four-digit PIN.
Which of the following authentication methods is Sara using?

Question746: Which of the following BEST describes part of the PKI process?

Question747: An attacker used an undocumented and unknown application exploit to gain access to a file server. Which
of the following BEST describes this type of attack?

Question748: A security administrator at a company which implements key escrow and symmetric encryption only, needs
to decrypt an employee's file. The employee refuses to provide the decryption key to the file. Which of the
following can the administrator do to decrypt the file?

Question749: Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer
information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from
which of the following attacks?

Question750: The IT department has installed new wireless access points but discovers that the signal extends far into
the parking lot. Which of the following actions should be taken to correct this?

Question751: The system administrator is tasked with changing the administrator password across all 2000 computers in
the organization. Which of the following should the system administrator implement to accomplish this
task?

Question752: Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to
gather data on new malware. Which of the following is being implemented by Jane's company?

Question753: A company is starting to allow employees to use their own personal devices without centralized
management. Employees must contact IT to have their devices configured to use corporate email; access
is also available to the corporate cloud-based servers. Which of the following is the BEST policy to
implement under these circumstances?

Question754: The marketing department wants to distribute pens with embedded USB drives to clients. In the past this
client has been victimized by social engineering attacks which led to a loss of sensitive data.
The security administrator advises the marketing department not to distribute the USB pens due to the
following:

Question755: After a recent breach, the security administrator performs a wireless survey of the corporate network. The
security administrator notices a problem with the following output:
MACSSIDENCRYPTIONPOWERBEACONS
0
0
0:10:A1:36:12:CCMYCORPWPA2 CCMP601202
0:10:A1:49:FC:37MYCORPWPA2 CCMP709102
FB:90:11:42:FA:99MYCORPWPA2 CCMP403031
0
0
0:10:A1:AA:BB:CCMYCORPWPA2 CCMP552021
0:10:A1:FA:B1:07MYCORPWPA2 CCMP306044
Given that the corporate wireless network has been standardized, which of the following attacks is
underway?

Question756: After an audit, it was discovered that an account was not disabled in a timely manner after an employee
has departed from the organization. Which of the following did the organization fail to properly implement?

Question757: Several users' computers are no longer responding normally and sending out spam email to the users'
entire contact list.
Which of the following is this an example of?

Question758: Which of the following password attacks is MOST likely to crack the largest number of randomly generated
passwords?

Question759: Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?

Question760: Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?

Question761: Digital signatures are used for ensuring which of the following items? (Choose two.)

Question762: Which of the following devices would be the MOST efficient way to filter external websites for staff on an
internal network?

Question763: Which of the following is an example of a false positive?

Question764: A security analyst discovered data such as images and word documents hidden within different types of
files. Which of the following cryptographic concepts describes what was discovered?

Question765: While opening an email attachment, Pete, a customer, receives an error that the application has
encountered an unexpected issue and must be shut down.
Which of the following attacks could be this an example of?

Question766: A group policy requires users in an organization to use strong passwords that must be changed every 15
days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his
password; when Ann logs into the network, she is not prompted to change her password. Which of the
following BEST explains why Ann is not required to change her password?

Question767: A user attempting to log on to a workstation for the first time is prompted for the following information
before being granted access: username, password, and a four-digit security pin that was mailed to him
during account registration.
Which of the following is this an example of?

Question768: Which of the following provides the strongest authentication security on a wireless network?

Question769: Which of the following provides dedicated hardware-based cryptographic functions to an operating system
and its applications running on laptops and desktops?

Question770: A security administrator is auditing a database server to ensure the correct security measures are in place
to protect the data. Some of the fields consist of people's first name, last name, home address, date of
birth and mothers last name. Which of the following describes this type of data?

Question771: The security administrator installed a newly generated SSL certificate onto the company web server. Due
to a misconfiguration of the website, a downloadable file containing one of the pieces of the key was
available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which
of the following was MOST likely compromised?

Question772: Which of the following devices is BEST suited for servers that need to store private keys?

Question773: Four weeks ago, a network administrator applied a new IDS and allowed it to gather baseline data. As
rumors of a layoff began to spread, the IDS alerted the network administrator that access to sensitive client
files had risen far above normal. Which of the following kind of IDS is in use?

Question774: Which of the following MOST interferes with network-based detection techniques?

Question775: Which of the following protocols is the security administrator observing in this packet capture?
12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK