EMT Practice Test

1. Question Content...


Question List

Question1: The following three steps belong to the chain of custody for federal rules of evidence. What additional step is recommended between steps 2 and 3?
STEP 1 - Take notes: who, what, where, when and record serial numbers of machine(s) in question.
STEP 2 - Do a binary backup if data is being collected.
STEP 3 - Deliver collected evidence to law enforcement officials.

Question2: Against policy, employees have installed Peer-to-Peer applications on their workstations and they are using them over TCP port 80 to download files via the company network from other Peer-to-Peer users on the Internet. Which of the following describes this threat?

Question3: When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as.

Question4: What is the term for a game in which for every win there must be an equivalent loss?

Question5: Which of the following statements about Microsoft's VPN client software is FALSE?

Question6: Which of the following statements about buffer overflow is true?

Question7: Which of the following languages enable programmers to store cookies on client computers? Each correct answer represents a complete solution. Choose two.

Question8: What is the command-line tool for Windows XP and later that allows administrators the ability to get or set configuration data for a very wide variety of computer and user account settings?

Question9: You have reason to believe someone with a domain user account has been accessing and modifying sensitive spreadsheets on one of your application servers. You decide to enable auditing for the files to see who is accessing and changing them. You enable the Audit Object Access policy on the files via Group Policy. Two weeks later, when you check on the audit logs, you see they are empty. What is the most likely reason this has happened?

Question10: When using Pretty Good Privacy (PGP) to digitally sign a message, the signature is created in a two-step process. First, the message to be signed is submitted to PGP's cryptographic hash algorithm. What is one of the hash algorithms used by PGP for this process?

Question11: In addition to securing the operating system of production honey pot hosts, what is recommended to prevent the honey pots from assuming the identities of production systems that could result in the denial of service for legitimate users?

Question12: Which of the following applications would be BEST implemented with UDP instead of TCP?

Question13: Which of the following utilities provides an efficient way to give specific users permission to use specific system commands at the root level of a Linux operating system?

Question14: You are an Intrusion Detection Analyst and the system has alerted you to an Event of Interest (EOI) that appears to be activity generated by a worm. You investigate and find that the network traffic was normal.
How would this type of alert be categorized?

Question15: For most organizations, which of the following should be the highest priority when it comes to physical security concerns?

Question16: John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to change the startup shell of Maria from bash to tcsh. Which of the following commands will John use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

Question17: Which of the following is a valid password for a system with the default "Password must meet complexity requirements" setting enabled as part of the GPO Password policy requirements?

Question18: Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

Question19: Which of the following statements about DMZ are true?
Each correct answer represents a complete solution. Choose two.

Question20: Which of the following quantifies the effects of a potential disaster over a period of time?

Question21: Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

Question22: Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domain- based network. The network contains ten Windows 2003 member servers, 150 Windows XP Professional client computers. According to the company's security policy, Mark needs to check whether all the computers in the network have all available security updates and shared folders. He also needs to check the file system type on each computer's hard disk. Mark installs and runs MBSACLI.EXE with the appropriate switches on a server. Which of the following tasks will he accomplish?

Question23: Which of the following protocols implements VPN using IPSec?

Question24: What is the first thing that should be done during the containment step of incident handling?

Question25: Which of the following is NOT typically used to mitigate the war dialing threat?

Question26: Which of the following features of Windows 7 allows an administrator to both passively review installed software and configure policies to prevent out-of-date or insecure software from running?

Question27: You ask your system administrator to verify user compliance with the corporate policies on password strength, namely that all passwords will have at least one numeral, at least one letter, at least one special character and be 15 characters long. He comes to you with a set of compliance tests for use with an offline password cracker. They are designed to examine the following parameters of the password:
* they contain only numerals
* they contain only letters
* they contain only special characters
* they contain only letters and numerals
* they contain only letters and special characters
* they contain only numerals and special characters
Of the following, what is the benefit to using this set of tests?

Question28: Which of the following fields CANNOT be hashed by Authentication Header (AH) in transport mode?

Question29: Which of the following is a backup strategy?

Question30: When a packet leaving the network undergoes Network Address Translation (NAT), which of the following is changed?

Question31: An IT security manager is trying to quickly assess the risks associated with not implementing a corporate firewall system. What sort of risk assessment is most appropriate?

Question32: Where are user accounts and passwords stored in a decentralized privilege management environment?

Question33: When an IIS filename extension is mapped, what does this mean?

Question34: Which of the following are used to suppress gasoline and oil fires? Each correct answer represents a complete solution. Choose three.

Question35: What is the process of simultaneously installing an operating system and a Service Pack called?

Question36: What defensive measure could have been taken that would have protected the confidentiality of files that were divulged by systems that were compromised by malware?

Question37: When Net Stumbler is initially launched, it sends wireless frames to which of the following addresses?

Question38: You have an automated system for patching the operating systems of all your computers. All patches are supposedly current. Yet your automated vulnerability scanner has just reported vulnerabilities that you believe have been patched. Which of the actions below should you take next?

Question39: Which of the following is TRUE regarding the ability of attackers to eavesdrop on wireless communications?

Question40: You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails. Which of the following will you use to accomplish this?

Question41: What database can provide contact information for Internet domains?

Question42: Which of the following TCP packet flags indicates that host should IMMEDIATELY terminate the connection containing the packet?

Question43: What is SSL primarily used to protect you against?

Question44: Which of the following processes is known as sanitization?

Question45: Which of the following is a name, symbol, or slogan with which a product is identified?

Question46: Which of the following is the FIRST step in performing an Operational Security (OP5EC) Vulnerabilities Assessment?

Question47: An employee is currently logged into the corporate web server, without permission. You log into the web server as 'admin" and look for the employee's username: "dmaul" using the "who" command. This is what you get back:

Question48: Which of the following are the types of access controls?
Each correct answer represents a complete solution. Choose three.

Question49: You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.
You have configured a firewall on the network. A filter has been applied to block all the ports. You want to enable sending and receiving of emails on the network. Which of the following ports will you open?
Each correct answer represents a complete solution. Choose two.

Question50: What are the two actions the receiver of a PGP email message can perform that allows establishment of trust between sender and receiver?

Question51: Which of the following protocols work at the Session layer of the OSI model? Each correct answer represents a complete solution. Choose all that apply.

Question52: Which of the following would be a valid reason to use a Windows workgroup?

Question53: Which of the following statements about policy is FALSE?

Question54:

Question55: Which of the following areas of a network contains DNS servers and Web servers for Internet users?

Question56: Which of the following items are examples of preventive physical controls? Each correct answer represents a complete solution. Choose three.

Question57: One of your Linux systems was compromised last night. According to change management history and a recent vulnerability scan, the system's patches were up-to-date at the time of the attack. Which of the following statements is the Most Likely explanation?

Question58: Which of the following protocols provides maintenance and error reporting function?

Question59: Your organization is developing a network protection plan. No single aspect of your network seems more important than any other. You decide to avoid separating your network into segments or categorizing the systems on the network. Each device on the network is essentially protected in the same manner as all other devices.
This style of defense-in-depth protection is best described as which of the following?

Question60: What is the name of the command-line tool for Windows that can be used to manage audit policies on remote systems?

Question61: The process of enumerating all hosts on a network defines which of the following activities?

Question62: Which of the following protocols describes the operation of security In H.323?

Question63: You work as a Network Administrator for Tech Perfect Inc. The company has a Linux-based network. You want to kill a process running on a Linux server. Which of the following commands will you use to know the process identification number (PID) of the process?

Question64: Which class of IDS events occur when the IDS fails to alert on malicious data?

Question65: You work as a Network Administrator for NetTech Inc. When you enter http://66.111.64.227 in the browser's address bar, you are able to access the site. But, you are unable to access the site when you enter http://www.uCertify.com. What is the most likely cause?

Question66: Which of the following is TRUE regarding Ethernet?

Question67: When you log into your Windows desktop what information does your Security Access Token (SAT) contain?

Question68: Which of the following is an advantage of a Host Intrusion Detection System (HIDS) versus a Network Intrusion Detection System (NIDS)?

Question69: Which of the following statements best describes where a border router is normally placed?

Question70: When are Group Policy Objects (GPOs) NOT applied automatically to workstations?

Question71: What is the maximum passphrase length in Windows 2000/XP/2003?

Question72: You work as a Network Administrator for McNeil Inc. You are installing an application. You want to view the log file whenever a new entry is added to the /var/log/messages log file. Which of the following commands will you use to accomplish this?

Question73: There are three key factors in selecting a biometric mechanism. What are they?

Question74: Which of the following BEST describes the two job functions of Microsoft Baseline Security Analyzer (MBSA)?

Question75: What type of formal document would include the following statement?
Employees are responsible for exercising good judgment regarding the reasonableness of personal use.
Individual departments are responsible for creating guidelines concerning personal application of Internet/ Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies, and if there is any uncertainty, employees should consult their supervisor or manager.

Question76: Who is responsible for deciding the appropriate classification level for data within an organization?

Question77: What is the key difference between Electronic Codebook mode and other block cipher modes like Cipher Block Chaining, Cipher-Feedback and Output-Feedback?

Question78: What file instructs programs like Web spiders NOT to search certain areas of a site?

Question79: You work as a Linux technician for Tech Perfect Inc. You have lost the password of the root. You want to provide a new password. Which of the following steps will you take to accomplish the task?

Question80: Included below is the output from a resource kit utility run against local host.

Which command could have produced this output?

Question81: Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP)?

Question82:

Question83: Which of the following is generally practiced by the police or any other recognized governmental authority?

Question84: Your CIO has found out that it is possible for an attacker to clone your company's RFID (Radio Frequency ID) based key cards. The CIO has tasked you with finding a way to ensure that anyone entering the building is an employee. Which of the following authentication types would be the appropriate solution to this problem?

Question85: Which aspect of UNIX systems was process accounting originally developed for?

Question86: Which of the following is an Implementation of PKI?

Question87: Which of the following is a standard Unix command that would most likely be used to copy raw file system data for later forensic analysis?

Question88: Which port category does the port 110 fall into?

Question89: What would the following IP tables command do?
IP tables -I INPUT -s 99.23.45.1/32 -j DROP

Question90: There is not universal agreement on the names of the layers in the TCP/IP networking model. Which of the following is one of the functions of the bottom layer which is sometimes called the Network Access or Link Layer?

Question91: Many IIS servers connect to Microsoft SQL databases. Which of the following statements about SQL server security is TRUE?

Question92: The previous system administrator at your company used to rely heavily on email lists, such as vendor lists and Bug Traq to get information about updates and patches. While a useful means of acquiring data, this requires time and effort to read through. In an effort to speed things up, you decide to switch to completely automated updates and patching. You set up your systems to automatically patch your production servers using a cron job and a scripted apt-get upgrade command. Of the following reasons, which explains why you may want to avoid this plan?

Question93: Which of the following heights of fence deters only casual trespassers?

Question94: Which of the following is a signature-based intrusion detection system (IDS) ?

Question95: Which Windows event log would you look in if you wanted information about whether or not a specific diver was running at start up?

Question96: What technical control provides the most critical layer of defense if an intruder is able to bypass all physical security controls and obtain tapes containing critical data?

Question97: Validating which vulnerabilities in a network environment are able to be exploited by an attacker is called what?

Question98: Which command would allow an administrator to determine if a RPM package was already installed?

Question99: Which of the following is a characteristic of hash operations?

Question100: Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution. Choose two.

Question101: Your IT security team is responding to a denial of service attack against your server. They have taken measures to block offending IP addresses. Which type of threat control is this?

Question102: The Linux command to make the /etc/shadow file, already owned by root, readable only by root is which of the following?

Question103: What is the name of the Windows XP/2003 tool that you can use to schedule commands to be executed on remote systems during off-peak hours?

Question104: Which of the following choices accurately describes how PGP works when encrypting email?

Question105: It is possible to sniff traffic from other hosts on a switched Ethernet network by impersonating which type of network device?

Question106: Which of the following Linux commands can change both the username and group name a file belongs to?

Question107: Which of the following protocols is used by a host that knows its own MAC (Media Access Control) address to query a server for its own IP address?

Question108: Which of the following files contains the shadowed password entries in Linux?

Question109: Which of the following tools is used to configure, control, and query the TCP/IP network interface parameters?

Question110: Which of the following is a type of countermeasure that can be deployed to ensure that a threat vector does not meet a vulnerability?

Question111: You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS).
You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this?

Question112: Which of the following commands is used to change file access permissions in Linux?

Question113: You work as an Administrator for McRoberts Inc. The company has a Linux-based network. You are logged in as a non-root user on your client computer. You want to delete all files from the /garbage directory. You want that the command you will use should prompt for the root user password. Which of the following commands will you use to accomplish the task?

Question114: Which of the following statements about Secure Sockets Layer (SSL) are true? Each correct answer represents a complete solution. Choose two.

Question115: You work as a Network Administrator for Net Perfect Inc. The company has a Linux-based network. You are configuring an application server. An application named Report, which is owned by the root user, is placed on the server. This application requires superuser permission to write to other files. All sales managers of the company will be using the application. Which of the following steps will you take in order to enable the sales managers to run and use the Report application?

Question116: During which of the following steps is the public/private key-pair generated for Public Key Infrastructure (PKI)?

Question117: What type of malware is a self-contained program that has the ability to copy itself without parasitically infecting other host code?

Question118: Which of the following is a Layer 3 device that will typically drop directed broadcast traffic?

Question119: What is the function of the TTL (Time to Live) field in IPv4 and the Hop Limit field in IPv6 In an IP Packet header?

Question120: Which of the following should be implemented to protect an organization from spam?

Question121: Which of the following elements is the most important requirement to ensuring the success of a business continuity plan?

Question122: In preparation to do a vulnerability scan against your company's systems. You've taken the steps below:
You've notified users that there will be a system test.
You've priontized and selected your targets and subnets.
You've configured the system to do a deep scan.
You have a member of your team on call to answer questions.
Which of the following is a necessary step to take prior to starting the scan?

Question123: You have been hired to design a TCP/IP-based network that will contain both Unix and Windows computers. You are planning a name resolution strategy. Which of the following services will best suit the requirements of the network?

Question124: Which Linux file lists every process that starts at boot time?

Question125: You are responsible for technical support at a company. One of the employees complains that his new laptop cannot connect to the company wireless network. You have verified that he is entering a valid password/passkey. What is the most likely problem?

Question126: What is a security feature available with Windows Vista and Windows 7 that was not present in previous Windows operating systems?

Question127: While building multiple virtual machines on a single host operating system, you have determined that each virtual machine needs to work on the network as a separate entity with its own unique IP address on the same logical subnet. You also need to limit each guest operating system to how much system resources it has access to. Which of the following correctly identifies steps that must be taken towards setting up these virtual environments?

Question128: In order to capture traffic for analysis, Network Intrusion Detection Systems (NIDS) operate with network cards in what mode?

Question129: A new data center is being built where customer credit information will be processed and stored. Which of the following actions will help maintain the confidentiality of the data?

Question130: When discussing access controls, which of the following terms describes the process of determining the activities or functions that an Individual is permitted to perform?

Question131: An attacker gained physical access to an internal computer to access company proprietary data. The facility is protected by a fingerprint biometric system that records both failed and successful entry attempts.
No failures were logged during the time periods of the recent breach. The account used when the attacker entered the facility shortly before each incident belongs to an employee who was out of the area. With respect to the biometric entry system, which of the following actions will help mitigate unauthorized physical access to the facility?

Question132: Which of the following works at the network layer and hides the local area network IP address and topology?

Question133: Which of the following is NOT a recommended best practice for securing Terminal Services and Remote Desktop?

Question134: Which of the following is referred to as Electromagnetic Interference (EMI)?

Question135: Your organization has broken its network into several sections/segments, which are separated by firewalls, ACLs and VLANs. The purpose is to defend segments of the network from potential attacks that originate in a different segment or that attempt to spread across segments.
This style of defense-in-depth protection is best described as which of the following?

Question136: In PKI, when someone wants to verify that the certificate is valid, what do they use to decrypt the signature?

Question137: You work as a Network Administrator for Rick International. The company has a TCP/IP-based network. A user named Kevin wants to set an SSH terminal at home to connect to the company's network. You have to configure your company's router for it. By default, which of the following standard ports does the SSH protocol use for connection?

Question138: What is the main problem with relying solely on firewalls to protect your company's sensitive data?

Question139: If you do NOT have an original file to compare to, what is a good way to identify steganography in potential carrier files?

Question140: You have implemented a firewall on the company's network for blocking unauthorized network connections. Which of the following types of security control is implemented in this case?

Question141: Which of the following protocols allows an e-mail client to access and manipulate a remote e-mail file without downloading it to the local computer?

Question142: While using Wire shark to investigate complaints of users being unable to login to a web application, you come across an HTTP POST submitted through your web application. The contents of the POST are listed below. Based on what you see below, which of the following would you recommend to prevent future damage to your database?

Question143: John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we- are- secure.com. He installs a rootkit on the Linux server of the We-are-secure network. Which of the following statements are true about rootkits?
Each correct answer represents a complete solution. Choose all that apply.

Question144: You have set up a local area network for your company. Your firewall separates your network into several sections: a DMZ with semi-public servers (web, dns, email) and an intranet with private servers. A penetration tester gains access to both sections and installs sniffers in each. He is able to capture network traffic for all the devices in the private section but only for one device (the device with the sniffer) in the DMZ. What can be inferred about the design of the system?

Question145: Which of the following networking topologies uses a hub to connect computers?

Question146: Which Defense-in-Depth principle starts with an awareness of the value of each section of information within an organization?

Question147: Which of the following statements about the integrity concept of information security management are true?
Each correct answer represents a complete solution. Choose three.

Question148: When a host on a remote network performs a DNS lookup of www.google.com, which of the following is likely to provide an Authoritative reply?

Question149: What is the most secure way to address an unused Windows service so it cannot be exploited by malware?

Question150: You are examining a packet capture session in Wire shark and see the packet shown in the accompanying image. Based on what you see, what is the appropriate protection against this type of attempted attack?

Question151: To be considered a strong algorithm, an encryption algorithm must be which of the following?

Question152: The TTL can be found in which protocol header?

Question153: You work as a Network Administrator for Tech2tech Inc. You have configured a network-based IDS for your company. You have physically installed sensors at all key positions throughout the network such that they all report to the command console.
What will be the key functions of the sensors in such a physical layout?
Each correct answer represents a complete solution. Choose all that apply.

Question154: A US case involving malicious code is brought to trial. An employee had opened a helpdesk ticket to report specific instances of strange behavior on her system. The IT helpdesk representative collected information by interviewing the user and escalated the ticket to the system administrators. As the user had regulated and sensitive data on her computer, the system administrators had the hard drive sent to the company's forensic consultant for analysis and configured a new hard drive for the user. Based on the recommendations from the forensic consultant and the company's legal department, the CEO decided to prosecute the author of the malicious code. During the court case, which of the following would be able to provide direct evidence?

Question155: Which of the following hardware devices prevents broadcasts from crossing over subnets?

Question156: Which of the following protocols is used to send e-mails on the Internet?

Question157: Which of the following is more commonly used for establishing high-speed backbones that interconnect smaller networks and can carry signals over significant distances?

Question158: Which of the following is a benefit to utilizing Cygwin for Windows?

Question159: An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

Question160: IPS devices that are classified as "In-line NIDS" devices use a combination of anomaly analysis, signature- based rules, and what else to identify malicious events on the network?

Question161: Your system has been infected by malware. Upon investigation, you discover that the malware propagated primarily via email. The malware attacked known vulnerabilities for which patches are available, but due to problems with your configuration management system you have no way to know which systems have been patched and which haven't, slowing your progress in patching your network. Of the following, which solution would you use to protect against this propagation vector?

Question162: Which of the following classes of fire comes under Class C fire?

Question163: You are implementing wireless access at a defense contractor. Specifications say, you must implement the AES Encryption algorithm. Which encryption standard should you choose?

Question164: When trace route fails to get a timely response for a packet after three tries, which action will it take?

Question165: Which of the following systems acts as a NAT device when utilizing VMware in NAT mode?

Question166: Which of the following tools is also capable of static packet filtering?

Question167: Which of the following is a benefit of using John the Ripper for auditing passwords?

Question168: With regard to defense-in-depth, which of the following statements about network design principles is correct?

Question169: Which of the following is required to be backed up on a domain controller to recover Active Directory?

Question170: Why are false positives such a problem with IPS technology?

Question171:

Question172: What is TRUE about Workgroups and Domain Controllers?

Question173: John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. He is working as a root user on the Linux operating system. He wants to delete his private.txt file from his operating system. He knows that the deleted file can be recovered easily. Hence, he wants to delete the file securely. He wants to hide the shredding, and so he desires to add a final overwrite of the file private.txt with zero. Which of the following commands will John use to accomplish his task?

Question174: Which of the following is an UDP based protocol?

Question175: What is the maximum number of connections a normal Bluetooth device can handle at one time?

Question176: What does an attacker need to consider when attempting an IP spoofing attack that relies on guessing Initial Sequence Numbers (ISNs)?

Question177: Which access control mechanism requires a high amount of maintenance since all data must be classified, and all users granted appropriate clearance?

Question178: Which of the following terms refers to the process in which headers and trailers are added around user data?

Question179: You are examining an IP packet with a header of 40 bytes in length and the value at byte 0 of the packet header is 6. Which of the following describes this packet?

Question180: Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

Question181: Which of the following statements about the authentication concept of information security management is true?

Question182: Which of the following is used to allow or deny access to network resources?

Question183: You work as a Network Administrator for Secure World Inc. The company has a Linux-based network. You want to run a command with the changed root directory. Which of the following commands will you use?

Question184: You work as a Network Administrator for Net World Inc. The company has a Linux-based network. You are optimizing performance and security on your Web server. You want to know the ports that are listening to FTP. Which of the following commands will you use?

Question185: Which of the following is a required component for successful 802.lx network authentication?

Question186: In trace route results, what is the significance of an * result?

Question187: The Return on Investment (ROI) measurement used in Information Technology and Information Security fields is typically calculated with which formula?

Question188: An employee attempting to use your wireless portal reports receiving the error shown below. Which scenario is occurring?

Question189: What does the "x" character in the second field of the user account record of the /etc/passwd file indicate?

Question190: Which of the following best describes the level of risk associated with using proprietary crypto algorithms.?

Question191: Which type of risk assessment results are typically categorized as low, medium, or high-risk events?

Question192: Why would someone use port 80 for deployment of unauthorized services?

Question193:

Question194: If Linux server software is a requirement in your production environment which of the following should you NOT utilize?

Question195: Which of the following are examples of Issue-Specific policies all organizations should address?

Question196: You work as a Network Administrator for McNeil Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest domain-based network. The company's management has decided to provide laptops to its sales team members. These laptops are equipped with smart card readers. The laptops will be configured as wireless network clients.
You are required to accomplish the following tasks:
The wireless network communication should be secured.
The laptop users should be able to use smart cards for getting authenticated.
In order to accomplish the tasks, you take the following steps:
Configure 802.1x and WEP for the wireless connections.
Configure the PEAP-MS-CHAP v2 protocol for authentication.
What will happen after you have taken these steps?

Question197: You work as a Network Administrator for McNeil Inc. The company has a Linux-based network. David, a Sales Manager, wants to know the name of the shell that he is currently using. Which of the following commands will he use to accomplish the task?

Question198: What protocol is a WAN technology?

Question199: Your software developer comes to you with an application that controls a user device. The application monitors its own behavior and that of the device and creates log files. The log files are expected to grow steadily and rapidly. Your developer currently has the log files stored in the /bin folder with the application binary. Where would you suggest that the developer store the log files?

Question200: On which of the following OSI model layers does IPSec operate?

Question201: A sensor that uses a light beam and a detecting plate to alarm if the light beam is obstructed is most commonly used to identify which of the following threats?

Question202: Which of the following is the reason of using Faraday cage?

Question203: Which of the following statements would be seen in a Disaster Recovery Plan?

Question204: At what point in the Incident Handling process should an organization determine its approach to notifying law enforcement?

Question205: How are differences in configuration settings handled between Domain and Local Group Policy Objects (GPOs)?

Question206: Which layer of the TCP/IP Protocol Stack Is responsible for port numbers?

Question207: You work as a Network Administrator for Net World Inc. The company has a Linux-based network. You want to mount an SMBFS share from a Linux workstation. Which of the following commands can you use to accomplish the task?
Each correct answer represents a complete solution. Choose two.

Question208: Which of the following SIP methods is used to setup a new session and add a caller?

Question209: Which of the following services resolves host name to IP Address?

Question210: When designing wireless networks, one strategy to consider is implementing security mechanisms at all layers of the OSI model. Which of the following protection mechanisms would protect layer 1?

Question211: You work as a Network Administrator for Net World Inc. The company has a Linux-based network. For testing purposes, you have configured a default IP-table with several filtering rules. You want to reconfigure the table. For this, you decide to remove the rules from all the chains in the table. Which of the following commands will you use?

Question212: Which of the following radio frequencies is used by the IEEE 802.11a wireless network?

Question213: You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network.
You are required to search for the error messages in the /var/log/messages log file. Which of the following commands will you use to accomplish this?

Question214: How is a Distributed Denial of Service (DDOS) attack distinguished from a regular DOS attack?

Question215: Where could you go in Windows XP/2003 to configure Automatic Updates?

Question216: Which of the following protocols are used to provide secure communication between a client and a server over the Internet?
Each correct answer represents a part of the solution. Choose two.

Question217: Which of the following is a private, RFC 1918 compliant IP address that would be assigned to a DHCP scope on a private LAN?

Question218: Which of the following authentication methods are used by Wired Equivalent Privacy (WEP)? Each correct answer represents a complete solution. Choose two.

Question219: Where is the source address located in an IPv4 header?

Question220: Which of the following Unix syslog message priorities is the MOST severe?

Question221: Which of the following describes software technologies that improve portability, manageability, and compatibility of applications by encapsulating them from the underlying operating system on which they are executed?

Question222: What is the discipline of establishing a known baseline and managing that condition known as?

Question223: A folder D:\Files\Marketing has the following NTFS permissions:
* Administrators: Full Control
* Marketing: Change and Authenticated
* Users: Read
It has been shared on the server as "MARKETING", with the following share permissions:
* Full Control share permissions for the Marketing group
Which of the following effective permissions apply if a user from the Sales group accesses the \
\FILESERVER\MARKETING shared folder?

Question224: Which of the following is an advantage of an Intrusion Detection System?

Question225: SSL session keys are available in which of the following lengths?

Question226: Which of the following books deals with confidentiality?

Question227: Which of the following SIP INVITE lines indicates to the remote registrar the VoIP phone that initiated the call?

Question228: Which of the following applications cannot proactively detect anomalies related to a computer?

Question229:

Question230: Which of the following defines the communication link between a Web server and Web applications?

Question231: A Host-based Intrusion Prevention System (HIPS) software vendor records how the Firefox Web browser interacts with the operating system and other applications, and identifies all areas of Firefox functionality.
After collecting all the data about how Firefox should work, a database is created with this information, and it is fed into the HIPS software. The HIPS then monitors Firefox whenever it's in use. What feature of HIPS is being described in this scenario?

Question232: Which of the following monitors program activities and modifies malicious activities on a system?

Question233: If a DNS client wants to look up the IP address for good.news.com and does not receive an authoritative reply from its local DNS server, which name server is most likely to provide an authoritative reply?

Question234: Which of the following is a term that refers to unsolicited e-mails sent to a large number of e-mail users?

Question235: You are the security director for an off-shore banking site. From a business perspective, what is a major factor to consider before running your new vulnerability scanner against the company's business systems?

Question236: Which of the following is a new Windows Server 2008 feature for the Remote Desktop Protocol (RDP)?

Question237: You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering?
Each correct answer represents a complete solution. Choose two.

Question238: Which of the following are the types of intrusion detection systems?
Each correct answer represents a complete solution. Choose all that apply.

Question239: You are reviewing a packet capture file from your network intrusion detection system. In the packet stream, you come across a long series of "no operation" (NOP) commands. In addition to the NOP commands, there appears to be a malicious payload. Of the following, which is the most appropriate preventative measure for this type of attack?

Question240: What type of attack can be performed against a wireless network using the tool Kismet?

Question241: What is the following sequence of packets demonstrating?

Question242: You are going to upgrade your hard disk's file system from FAT to NTFS. What are the major advantages of the NTFS file system over FAT16 and FAT32 file systems?
Each correct answer represents a complete solution. Choose all that apply.

Question243: The Windows 'tracert' begins by sending what type of packet to the destination host?

Question244: John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is currently working on his C based new traceroute program. Since, many processes are running together on the system, he wants to give the highest priority to the cc command process so that he can test his program, remove bugs, and submit it to the office in time. Which of the following commands will John use to give the highest priority to the cc command process?

Question245: Which of the below choices should an organization start with when implementing an effective risk management process?

Question246: Analyze the screenshot below. What is the purpose of this message?

Question247: Which of the following statements regarding the Secure Sockets Layer (SSL) security model are true?
Each correct answer represents a complete solution. Choose two.

Question248: How often is session information sent to the web server from the browser once the session information has been established?

Question249: Which common firewall feature can be utilized to generate a forensic trail of evidence and to identify attack trends against your network?

Question250: Which Host-based IDS (HIDS) method of log monitoring utilizes a list of keywords or phrases that define the events of interest for the analyst, then takes a list of keywords to watch for and generates alerts when it sees matches in log file activity?

Question251: Regarding the UDP header below, what is the length in bytes of the UDP datagrarn?
04 1a 00 a1 00 55 db 51

Question252: If the NET_ID of the source and destination address in an IP (Internet Protocol) packet match, which answer BEST describes the routing method the sending host will use?

Question253: Which of the following proxy servers provides administrative controls over the content?

Question254: How many bytes does it take to represent the hexadecimal value OxFEDCBA?