104884142 CompTIA Security SY0 301 Practice Questions Exam Cram Third Edition
CompTIA Security+ SY0-301 Practice Test
28
CompTIA SY0-301 Security+ 100-Question Practice Exam Developed for www.GetCertified4Less.com (Author to remain anonymous) This practice exam has been developed exclusively for GetCertified4Less.Com. Answers and explanations on last pages. 1. In which of the cloud computing infrastructure types clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment? A. IaaS B. PaaS C. SaaS D. RAS 2. WPA2 is also known as: A. 802.1X B. 802.11 C. 802.3 D. 802.11i 3. Which of the following devices operates at Layer 3 of the OSI model? A. Passive hub B. Switch C. Router D. Active hub 4. One of the measures used in securing an Ethernet switch includes disabling unused ports. A. True B. False 5. A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers is called: A. Thick client B. SaaS C. Virtualization D. IaaS 6. RAID 0: (Select two answers) A. Offers fault tolerance and redundancy B. Requires at least three drives to implement C. Doesn't offer fault tolerance D. Requires at least two drives to implement 7. Which of the following terms refers to a logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain, regardless of their physical location? A. VLAN B. DMZ C. MAC filtering D. SNMP community
-
Upload
michael-rose -
Category
Documents
-
view
204 -
download
2
Transcript of CompTIA Security+ SY0-301 Practice Test
CompTIA SY0-301 Security+ 100-Question Practice Exam
Developed for www.GetCertified4Less.com
(Author to remain anonymous)
This practice exam has been developed exclusively for
GetCertified4Less.Com. Answers and explanations on last pages.
1. In which of the cloud computing infrastructure types clients, instead
of buying all the hardware and software, purchase computing resources as
an outsourced service from suppliers who own and maintain all the
necessary equipment?
A. IaaS
B. PaaS
C. SaaS
D. RAS
2. WPA2 is also known as:
A. 802.1X
B. 802.11
C. 802.3
D. 802.11i
3. Which of the following devices operates at Layer 3 of the OSI model?
A. Passive hub
B. Switch
C. Router
D. Active hub
4. One of the measures used in securing an Ethernet switch includes
disabling unused ports.
A. True
B. False
5. A cloud computing infrastructure type where applications are hosted
over a network (typically Internet) eliminating the need to install and
run the software on the customer's own computers is called:
A. Thick client
B. SaaS
C. Virtualization
D. IaaS
6. RAID 0: (Select two answers)
A. Offers fault tolerance and redundancy
B. Requires at least three drives to implement
C. Doesn't offer fault tolerance
D. Requires at least two drives to implement
7. Which of the following terms refers to a logical grouping of computers
that allow computer hosts to act as if they were attached to the same
broadcast domain, regardless of their physical location?
A. VLAN
B. DMZ
C. MAC filtering
D. SNMP community
8. A group that consists of SNMP devices and one or more SNMP managers is
called:
A. SNMP trap
B. Network Management System (NMS)
C. SNMP community
D. Management Information Base (MIB)
9. VLAN membership can be set through: (Select all that apply)
A. Trunk port
B. Switch ports
C. Encryption
D. MAC address
10. A lightly protected subnet placed on the outside of the company's
firewall consisting of publicly available servers is also referred to as:
A. VPN
B. Access Point (AP)
C. VLAN
D. DMZ
11. Which of the following attacks uses multiple compromised computer
systems against its target?
A. DoS
B. Botnet
C. Logic bomb
D. DDoS
12. What is the purpose of non-repudiation?
A. Preventing someone from denying that they took a specific action
B. Ensuring that received data hasn't changed in transit
C. Hiding one piece of data in another piece of data
D. Transforming plaintext to ciphertext
13. Which of the following refers to one of the testing stages in the
software development process performed by customers or end users?
A. UAC
B. NAT
C. UAT
D. EULA
14. Using a telephone system to manipulate a user into disclosing
confidential information is called:
A. Shoulder surfing
B. Spoofing
C. Vishing
D. Tailgating
15. Which of the following fall(s) into the category of social
engineering attacks? (Select all that apply)
A. Whaling
B. MAC spoofing
C. Xmas attack
D. Vishing
E. Spear phishing
16. The practice of sending unsolicited messages over Bluetooth is also
known as:
A. SPIM
B. Bluejacking
C. Phishing
D. Bluesnarfing
17. Gaining unauthorized access to a Bluetooth device is also referred to
as:
A. Interference
B. Bluesnarfing
C. Bluejacking
D. Pharming
18. Which of the following terms refers to a microchip embedded on the
motherboard of a personal computer or laptop that can store keys,
passwords and digital certificates?
A. FRU
B. EFS
C. TPM
D. HCL
19. Phishing scams targeting a specific group of users are also referred
to as:
A. Bluejacking
B. Spear phishing
C. Tailgating
D. Pharming
20. Unsolicited messages received over an instant messaging system are
also known as:
A. Spim
B. Spoofing
C. Spam
D. Bluejacking
21. What is war chalking?
A. Scanning for open ports
B. Finding unsecured wireless networks
C. SSID discovery
D. Marking unsecured wireless networks
22. A piece of hardware and associated software / firmware that usually
attaches to the inside of a PC or server and provides at least the
minimum of cryptographic functions is called:
A. OUI
B. BIOS
C. HSM
D. PKI
23. Which of the following solutions is used to hide the internal IP
addresses by modifying IP address information in IP packet headers while
in transit across a traffic routing device?
A. NAC
B. ACL
C. NAT
D. DMZ
24. Which of the following is an acronym for a risk assessment formula
defining probable financial loss due to a risk over a one-year period?
A. ARO
B. ALE
C. SLE
D. UAT
25. Malicious code activated by a specific event is also known as:
A. Logic bomb
B. Denial of service
C. Computer worm
D. Xmas attack
26. Security measures that can be applied to mobile devices include:
(Select all that apply)
A. Quality of Service (QoS)
B. Encryption and passwords
C. Load balancing
D. Remote sanitation
E. Voice encryption
27. Which of the following port numbers is used by Kerberos?
A. 23
B. 80
C. 22
D. 88
28. SHA and MD5 are examples of:
A. Encryption algorithms
B. Virus signatures
C. Hash functions
D. Trust models
29. Which of the following protocols periodically reauthenticates a
client?
A. PAP
B. SHA
C. CHAP
D. MD5
30. Which IPsec mode provides whole packet encryption?
A. Tunnel
B. Payload
C. Transport
D. Host-to-host
31. A set of rules enforced in a network that restrict the use to which
the network may be put is also known as:
A. OEM
B. AUP
C. FAQ
D. UAT
32. A group of computers running malicious software under control of a
hacker is also referred to as:
A. Botnet
B. Ethernet
C. Subnet
D. Intranet
33. Which of the following terms refers to software or hardware based
security solutions designed to detect and prevent unauthorized use and
transmission of confidential information outside of a corporate network?
A. EULA
B. DLP
C. UAT
D. LTO
34. Penetration test of a computer system without the prior knowledge on
how the system works is also known as:
A. Auditing
B. White hat testing
C. Black box testing
D. White box
35. Finding vulnerability in an application by feeding it incorrect input
is also known as:
A. Patching
B. Exception handling
C. Application hardening
D. Fuzzing
36. Which of the following is an example of a biometric authentication?
A. Password
B. Smart card
C. Fingerprint scanner
D. User name
37. Which of the following is an example of a multi-factor
authentication?
A. Password and biometric scan
B. User name and PIN
C. Smart card and identification badge
D. Iris and fingerprint scan
38. Steganography allows for:
A. Hiding data within another piece of data
B. Data encryption
C. Checking data integrity
D. Hashing
39. An IPv6 address consists of:
A. 32 bits
B. 48 bits
C. 64 bits
D. 128 bits
40. Which of the following acronyms refers to any type of information
pertaining to an individual that can be used to uniquely identify that
individual?
A. PIN
B. PII
C. ID
D. Password
41. Which of the following terms refers to a rogue access point?
A. Computer worm
B. Backdoor
C. Evil twin
D. Trojan horse
42. Antivirus software can be kept up to date through: (Select all that
apply)
A. Virus signature updates
B. Virtualization
C. Auditing
D. Engine updates
43. In this access control model every resource has a sensitivity label
matching a clearance level assigned to a user.
A. RBAC
B. DAC
C. HMAC
D. MAC
44. Which of the following is used to prevent switching loops?
A. UTP
B. HMAC
C. STP
D. RAS
45. TCP port 23 is used by:
A. SMTP
B. SSH
C. Telnet
D. TFTP
46. A chronological record outlining persons in possession of an evidence
is also referred to as:
A. Chain of custody
B. Data handling chain
C. Information classification
D. Evidence timeline
47. Sticky note with a password kept on sight in the user's cubicle would
be a violation of which of the following policies?
A. Data labeling policy
B. Clean desk policy
C. User account policy
D. Password complexity
48. A policy outlining ways of collecting and managing personal data is
also known as:
A. Acceptable use policy
B. Audit policy
C. Privacy policy
D. Data loss prevention
49. Which of the following solutions is used for controlling temperature
and humidity?
A. Faraday cage
B. UART
C. EMI shielding
D. HVAC
50. A maximum acceptable period of time within which a system must be
restored after failure is also known as:
A. Recovery Time Objective (RTO)
B. Mean Time To Restore (MTTR)
C. Maximum Tolerable Period of Disruption (MTPOD)
D. Mean Time Between Failures (MTBF)
51. Which of the following provides confidentiality?
A. SHA-1
B. RAID 0
C. MD5
D. AES
52. Which of the following authentication protocols offer(s)
countermeasures against replay attacks? (Select all that apply)
A. NTP
B. PAP
C. Kerberos
D. CHAP
53. Which of the following provide the means for checking data integrity?
(Select two answers)
A. WEP
B. RC4
C. SHA-1
D. WPA2
E. MD5
54. Which of the following are symmetric-key algorithms? (Select all that
apply)
A. AES
B. DES
C. RSA
D. Diffie-Hellman
E. 3DES
55. Which of the following provide availability? (Select all that apply)
A. RAID 5
B. RAID 0
C. Encryption
D. RAID 1
E. Hot site
56. 802.1x is an IEEE standard defining:
A. Token ring networks
B. Port-based network access control
C. VLAN tagging
D. Wireless networking
57. Allowing a program through a firewall is also referred to as
creating:
A. Entry
B. Tunnel
C. Access Control list (ACL)
D. Exception
58. The last default rule on a firewall is to:
A. Create an exception
B. Allow all traffic
C. Deny all traffic
D. Unblock all ports
59. Which of the following protocols was designed as a secure replacement
for Telnet?
A. ICMP
B. FTP
C. IPv6
D. SSH
60. TCP port 22 is used by default by: (Select all that apply)
A. FTP
B. SSH
C. SMTP
D. SCP
E. SFTP
61. Which of the following ports are used by NetBIOS? (Select all that
apply)
A. 137
B. 161
C. 138
D. 162
E. 139
62. Which of the following sequences of steps adheres to the order of
volatility while collecting an evidence?
A. Memory dump, disk files, temporary files, archival media
B. Archival media, disk files, temporary files, memory dump
C. Memory dump, temporary files, disk files, archival media
D. Temporary files, memory dump, archival media, disk files
63. Phishing scams targeting people holding high positions in an
organization or business are also known as:
A. Tailgating
B. Shoulder surfing
C. Pharming
D. Whaling
64. Which of the following prevents a computer screen from being viewed
by others nearby?
A. Firewall
B. Privacy screen
C. Multi-factor authentication
D. HIPS
65. Which of the following measures should be used in order to prevent
shoulder surfing? (Select two answers)
A. Cable locks
B. Video surveillance
C. Privacy filters
D. Security guards
E. Screensavers
66. What is tailgating?
A. Gaining unauthorized access to restricted areas by following another
person
B. Manipulating a user into disclosing confidential information
C. Scanning for unsecured wireless networks while driving in a car
D. Looking over someone's shoulder in order to get information
67. The term war driving refers to:
A. Penetration test
B. Scanning for unsecured wireless networks while driving in a car
C. Vulnerability scan
D. Marking unsecured wireless networks
68. Which of the following terms refers to an access control method based
on user identity?
A. HMAC
B. DAC
C. MAC
D. RBAC
69. An access control model in which access to resources is granted or
denied depending on Access Control List (ACL) entries is also known as:
A. Mandatory Access Control
B. Lattice-Based Access Control
C. Role-Based Access Control
D. Rule-Based Access Control
70. Which of the following actions can be taken by an IDS? (Select two
answers)
A. Terminating process
B. Closing down connection
C. Reconfiguring firewall
D. Logging
E. Sending an alert
71. Which of the following are the features of a Common Access Card
(CAC)? (Select all that apply)
A. Provides access to low security areas
B. Any type of identification badge with a photo
C. Smart card
D. Issued by United States Department of Defense (DoD)
72. An authentication subsystem that enables a user to access multiple,
connected system components (such as separate hosts on a network) after a
single login at only one of the components is also referred to as:
A. SSO
B. TLS
C. SSL
D. WAP
73. What is the name of a storage solution used to retain copies of
private encryption keys?
A. Trusted OS
B. Key escrow
C. Proxy
D. Recovery agent
74. Copies of lost private encryption keys can be retrieved from a key
database by:
A. Power users
B. Recovery agents
C. GPS tracking
D. Backup operators
75. Zero-day attack exploits:
A. New accounts
B. Patched software coding errors
C. Vulnerability that is present in already released software but unknown
to the software developer
D. Well known vulnerability
76. Which of the following can stop attacks on the network?
A. NIPS
B. HIDS
C. HIPS
D. NIDS
77. A type of attack exploiting the TCP three-way handshake process is
also known as:
A. SYN flood
B. Xmas attack
C. DNS poisoning
D. Man-in-the-middle attack
78. Which type of intrusion detection relies on the previously
established baseline of normal network activity?
A. MD-IDS
B. Signature-based IDS
C. Managed Switch
D. AD-IDS
79. Which security measure is in place when a client is denied access to
the network due to outdated antivirus software?
A. IPsec
B. NAC
C. DMZ
D. NAT
80. What type of protocols ensure the privacy of a VPN connection?
A. OSPF
B. IPv6
C. Tunneling
D. Telnet
81. Packet sniffer is a common term for:
A. Multilayer switch
B. Port scanner
C. Router
D. Protocol Analyzer
82. Which of the following ports are used by the File Transfer Protocol
(FTP)? (Select two answers)
A. 22
B. 20
C. 25
D. 23
E. 21
83. Penetration test with the prior knowledge on how the system that is
to be tested works is also known as:
A. White hat
B. Sandbox
C. White box
D. Black box
84. Which of the following measures fall(s) into the category of
detective security controls? (Select all that apply)
A. IPS
B. Security guard
C. IDS
D. Video surveillance
85. HTTPS runs on TCP port:
A. 443
B. 80
C. 143
D. 137
86. Paper shredder would help in preventing what kind of threats? (Select
all that apply)
A. Dumpster diving
B. Tailgating
C. Zero-day attack
D. Social engineering
87. Public/private key pair is a feature of:
A. WEP
B. Asymmetric encryption
C. PII
D. Symmetric encryption
88. Coding errors and security vulnerabilities in software that has
already been released can be rectified through:
A. Fuzzing
B. Application hardening
C. Patch management
D. Virtualization
89. Penetration testing: (Select all that apply)
A. Bypasses security controls
B. Only identifies lack of security controls
C. Actively tests security controls
D. Exploits vulnerabilities
E. Passively tests security controls
90. Which of the following would be the fastest in validating a digital
certificate?
A. IPX
B. OCSP
C. CRL
D. OSPF
91. The term Trusted OS refers to an operating system:
A. Admitted to a network through NAC
B. Implementing patch management
C. That has been authenticated on the network
D. With enhanced security features
92. A monitored host or network specifically designed to detect
unauthorized access attempts is also known as:
A. Botnet
B. Rogue access point
C. Honeypot
D. Flood guard
93. Software that performs unwanted and harmful actions in disguise of a
legitimate and useful program is also referred to as:
A. Trojan horse
B. Spyware
C. Logic bomb
D. Adware
94. Which of the following fall into the category of physical security
measures? (Select all that apply)
A. Mantrap
B. Vulnerability scanner
C. Access list
D. Honeypot
E. Hardware lock
95. What are the features of Elliptic Curve Cryptography (ECC)? (Select
two answers)
A. Asymmetric encryption
B. Shared key
C. Suitable for small wireless devices
D. High processing power requirements
E. Symmetric encryption
96. Which of the following allows for encrypting e-mail messages?
A. PGP
B. OVAL
C. SMTP
D. PPP
97. What type of system can be compromised through phreaking?
A. PBX
B. PGP
C. ATX
D. BIOS
98. Which of the following acronyms refers to a lightweight consumer
electronic device?
A. KDC
B. CA
C. SLED
D. PED
99. Advanced Encryption Standard (AES): (Select all that apply)
A. Is a symmetric encryption algorithm
B. Uses 128-, 192-, and 256-bit keys
C. Is an asymmetric encryption algorithm
D. Uses block cipher algorithm
E. Requires multiple passes to encrypt data
100. Which of the following is a stream cipher?
A. DES
B. AES
C. RC4
D. 3DES
ANSWERS
1. Answer: A. IaaS
Explanation: Infrastructure as a Service (IaaS) is one of the cloud
computing infrastructure types where clients, instead of buying all the
hardware and software, purchase computing resources as an outsourced
service from suppliers who own and maintain all the necessary equipment.
The clients usually pay for computational resources on a per-use basis.
In IaaS, cost of the service depends on the amount of consumed resources.
2. Answer: D. 802.11i
Explanation: IEEE 802.11i standard is also known as WPA2. The two terms,
802.11i and Wi-Fi Protected Access II (WPA2) are used synonymously to
mean the new security standard for wireless networks.
3. Answer: C. Router
Explanation: Routers operate at Layer 3 (Network Layer) of the OSI model.
Switches operate at Layer 2 (Data link layer) of the OSI model. Hubs
operate at Layer 1 (Physical layer) of the OSI model.
4. Answer: A. True
Explanation: One of the measures used in securing an Ethernet switch
includes disabling unused ports.
5. Answer: B. SaaS
Explanation: Software as a Service (SaaS) is a type of cloud computing
infrastructure where applications are hosted over a network (typically
Internet) eliminating the need to install and run the software on the
customer's own computers and simplifying maintenance and support.
Compared to conventional software deployment which requires licensing fee
and often investment in additional hardware on the client side, SaaS can
be delivered at a lower cost by providing remote access to applications
and pricing based on monthly or annual subscription fee.
6. Answers: C and D. Doesn't offer fault tolerance and Requires at least
two drives to implement
Explanation: Redundant Array of Independent Disks (RAID) is a collection
of different data storage schemes (referred to as RAID levels) that allow
for combining multiple hard disks into a single logical unit in order to
increase fault tolerance and performance. RAID Level 0 breaks data into
fragments called blocks and each block of data is written to a separate
disk drive. This greatly improves performance as every physical disk
drive handles only a part of the workload related to write and read
operations. Each consecutive physical drive included in this type of
array improves the speed of read/write operations by adding more hardware
resources to handle decreasing amount of workload. The main disadvantage
of RAID 0 is that it doesn't offer any fault tolerance. Each of the
drives holds only part of the information and in case of failure of any
of the drives there is no way to rebuild the array which in turn results
in the loss of all data. RAID 0 requires minimum of two disk drives to
implement.
7. Answer: A. VLAN
Explanation: Virtual Local Area Network (VLAN) is a logical grouping of
computers that may be physically located on different parts of a LAN.
VLANs allow computer hosts to act as if they were attached to the same
broadcast domain, regardless of their physical location. VLAN membership
can be configured through software instead of physically relocating
devices or connections, and VLANs are often created with the use of
switches equipped with additional software features. By default, all
ports on a switch are typically labeled as VLAN1, and virtual networks
are created by changing this assignment (labeling one of the ports as
VLAN2, another as VLAN3, etc.). Multiple switches on a LAN can be
configured this way, and physically dispersed hosts that connect to e.g.
VLAN2 port on any of those switches become a part of a single logical
subnet.
8. Answer: C. SNMP community
Explanation: SNMP community is a group that consists of SNMP devices and
one or more SNMP managers. Simple Network Management Protocol (SNMP) is a
UDP-based, Application Layer protocol used in network management systems
to monitor network-attached devices. SNMP is typically integrated into
most modern network infrastructure devices such as routers, bridges,
switches, servers, printers, copiers, fax machines, and other network-
attached devices. An SNMP-managed network consists of three key
components: a managed device, a network-management software module that
resides on a managed device (Agent), and a network management system
(NMS) which executes applications that monitor and control managed
devices and collect SNMP information from Agents. All SNMP-compliant
devices include a virtual database called Management Information Base
(MIB) containing information about configuration and state of the device
that can be queried by the SNMP management station. The manager receives
notifications (Traps and InformRequests) on UDP port 162. The SNMP Agent
receives requests on UDP port 161, and before answering a request from
SNMP manager, SNMP Agent verifies that the manager belongs to an SNMP
community with access privileges to the Agent. An SNMP community is a
group that consists of SNMP devices and one or more SNMP managers. The
community has a name, and all members of a community have the same access
privileges. An SNMP device or Agent may belong to more than one SNMP
community and it will not respond to requests from management stations
that do not belong to one of its communities. The relationship between
SNMP server system and the client systems is defined by the so called
community string which acts like a password. In terms of security, SNMP
version 1 and version 2 offer only authentication based on community
strings sent in cleartext. SNMPv3 provides authentication, packet
encryption, and hashing mechanisms that allow for checking whether data
has changed in transit.
9. Answers: B and D. Switch ports and MAC address
Explanation: VLAN membership can be set either through switch ports where
a device connecting to a certain switch port automatically becomes a
member of the VLAN assigned to that port (static VLAN), or through
mapping the VLAN membership with the MAC address of the device connected
to the port (dynamic VLAN). Dynamic VLANs are configured through the use
of server software that relies on a database containing MAC-address-to-
VLAN mappings. When a device connects to the dynamic port on a switch its
MAC address is sent to the server, and if the matching entry in its
database is found the server sends the VLAN number for that port.
10. Answer: D. DMZ
Explanation: Demilitarized Zone (DMZ) is a lightly protected subnet
placed on the outside of the company's firewall consisting of publicly
available servers. The purpose of DMZ is to offer services, such as web
browsing, FTP, or e-mail, to both the public and internal clients without
compromising the security of the private LAN.
11. Answer: D. DDoS
Explanation: As opposed to the simple Denial of Service (DoS) attacks
that usually are performed from a single system, a Distributed Denial of
Service (DDoS) attack uses multiple compromised computer systems to
perform attack against its target. The intermediary systems that are used
as platform for the attack are the secondary victims of the DDoS attack;
they are often referred to as zombies, and collectively as a botnet. The
goal of DoS and DDoS attacks is to flood the bandwidth or resources of a
targeted system so that it becomes overwhelmed with false requests and in
result doesn't have time or resources to handle legitimate requests.
12. Answer: A. Preventing someone from denying that they took a specific
action
Explanation: The purpose of non-repudiation is to prevent someone from
denying that they take a specific action.
13. Answer: C. UAT
Explanation: User Acceptance Testing (UAC) is one of the testing stages
in the software development process performed by customers or end users.
14. Answer: C. Vishing
Explanation: The practice of using a telephone system to manipulate a
user to disclose confidential information is called vishing. Vishing
falls into the category of social engineering attacks.
15. Answers: A, D, and E. Whaling, Vishing, and Spear phishing
Explanation: Social engineering techniques are aimed at manipulating
people into performing actions they are not authorized to perform or
disclosing confidential information. Whaling, vishing, and spear phishing
are all examples of social engineering techniques.
16. Answer: B. Bluejacking
Explanation: Sending unsolicited messages over Bluetooth is also referred
to as bluejacking.
17. Answer: B. Bluesnarfing
Explanation: Gaining unauthorized access to a Bluetooth device is also
referred to as bluesnarfing.
18. Answer: C. TPM
Explanation: Trusted Platform Module (TPM) is a specification, published
by the Trusted Computing Group (TCG), for a microcontroller that can
store secured information, and also the general name of implementations
of that specification. Trusted Platform Modules are hardware based
security microcontrollers that store keys, passwords and digital
certificates and protect this data from external software attacks and
physical theft. TPMs are usually embedded on the motherboard of a
personal computer or laptop, but they can also be used in other devices
such as mobile phones or network equipment.
19. Answer: B. Spear phishing
Explanation: Phishing is a fraudulent attempt to trick a user, usually
via e-mail message, into disclosing personal information. Phishing scams
targeting a specific group of users are also referred to as spear
phishing. Spear phishing scams that go one step further by targeting
people holding high positions in an organization or business are also
known as whaling.
20. Answer: A. Spim
Explanation: Unsolicited messages received over an instant messaging
system are commonly referred to as spim.
21. Answer: D. Marking unsecured wireless networks
Explanation: The practice of marking symbols in public places that
indicate the presence of an unsecured wireless connection is also
referred to as war chalking.
22. Answer: C. HSM
Explanation: Hardware Security Module (HSM) is a piece of hardware and
associated software/firmware that usually attaches to the inside of a PC
or server and provides at least the minimum of cryptographic functions.
These functions include (but are not limited to) encryption, decryption,
key generation, and hashing.
23. Answer: C. NAT
Explanation: Network Address Translation (NAT) is a technology that
provides an IP proxy between a private LAN and a public network such as
the Internet. Computers on the private LAN can access the Internet
through a NAT-capable router which handles the IP address translation.
NAT hides the internal IP addresses by modifying IP address information
in IP packet headers while in transit across a traffic routing device.
24. Answer: B. ALE
Explanation: Annualized Loss Expectancy (ALE) is a risk assessment
formula defining probable financial loss due to a risk over a one-year
period. It is defined as:
Annualized Loss Expectancy (ALE) = Annual Rate of Occurrence (ARO) x
Single Loss Expectancy (SLE)
25. Answer: A. Logic bomb
Explanation: Malicious code activated by a specific event is also known
as logic bomb.
26. Answers: B, D, and E. Encryption and passwords, Remote sanitation,
and Voice encryption
Explanation: Security measures that can be applied to mobile devices
include device encryption, strong passwords, remote sanitation feature,
and voice encryption. Remote sanitation allows for sending a signal that
will trigger wiping all the data on the phone. Stolen or lost device can
also be located with the use of General Positioning System (GPS) tracking
feature.
27. Answer: D. 88
Explanation: Port number 88 is used by the Kerberos authentication
protocol. Port 22 is used by Secure Shell (SSH). Port 23 is used by
Telnet. HyperText Transfer Protocol (HTTP) uses port number 80.
28. Answer: C. Hash functions
Explanation: SHA and MD5 are examples of hash functions.
29. Answer: C. CHAP
Explanation: Challenge Handshake Authentication Protocol (CHAP) is a
remote access authentication protocol that periodically reauthenticates a
client at random intervals in order to prevent session hijacking.
30. Answer: A. Tunnel
Explanation: IPsec can be implemented in a host-to-host transport mode
(where only the payload of the IP packet is usually encrypted and/or
authenticated) or in a network tunnel mode (where the entire IP packet is
encrypted and/or authenticated).
31. Answer: B. AUP
Explanation: Acceptable Use Policy (AUP) is a set of rules enforced in a
network that restrict the use to which the network may be put.
32. Answer: A. Botnet
Explanation: A group of computers running malicious software under
control of a hacker is also referred to as botnet.
33. Answer: B. DLP
Explanation: Data Loss Prevention (DLP) solutions are software or
hardware based security solutions designed to detect and prevent
unauthorized use and transmission of confidential information outside of
a corporate network.
34. Answer: B. Black box testing
Explanation: Testing a computer system without the prior knowledge on how
the system works is also known as black box testing.
35. Answer: D. Fuzzing
Explanation: Finding vulnerability in an application by feeding it
incorrect input is also known as fuzzing, or fuzz test.
36. Answer: C. Fingerprint scanner
Explanation: In computer security, user's identity can be verified either
by examining something that the user knows (a user name or password),
something that the user has (a physical object such as smart card), or
something that the user is (unique trait of every single person such as
finger print or pattern of a human eye iris). Biometric authentication
systems are based on examining the unique traits of a user and
fingerprint scanner is an example of a biometric device.
37. Answer: A. Password and biometric scan
Explanation: Authentication is proving user identity to a system.
Authentication process can be based on three categories of authentication
factors: user names and passwords (something that the user knows),
physical tokens such as smart cards (something that the user has), or
unique traits of every single person, such as fingerprints (fingerprint
scanner). Multi-factor authentication requires authentication factors
from two or more different categories.
38. Answer: A. Hiding data within another piece of data
Explanation: Steganography allows for hiding data within another piece of
data.
39. Answer: D. 128 bits
Explanation: An IPv6 addresses consist of 128 bits compared to 32 bits in
IPv4. IPv6 addresses are written in eight groups of four hexadecimal
digits separated by colons (IPv4 addresses are made of four groups of
decimal digits separated by dots).
40. Answer: B. PII
Explanation: Personally Identifiable Information (PII) includes any type
of information pertaining to an individual that can be used to uniquely
identify that individual. Identity of a person can be established by
tracing their most basic attributes such as name, surname, phone number
or traditional mailing address, but also through their social security or
credit card numbers, IP or email addresses, or data collected via
biometric devices. Security of Personally Identifiable Information has
become major concern for companies and organizations due to the
accessibility of this type of data over the Internet, but also due to
misuse of personal electronic devices such as USB drives or smartphones
that are easily concealable and can carry large amounts of data.
41. Answer: C. Evil twin
Explanation: Evil twin is another term for a rogue access point. Rogue
access point will have the same network name as the legitimate access
point and can be set up by a hacker in order to steal user credentials or
for the purpose of traffic eavesdropping.
42. Answers: A and D. Virus signature updates and Engine updates
Explanation: Antivirus software can be kept up to date through virus
signature updates and engine updates. Engine updates equip the antivirus
application with tools to recognize and remove new malware types, virus
signature updates add new malicious code patterns to the virus database
used by the antivirus application as a reference for malware scanning.
43. Answer: D. MAC
Explanation: Mandatory Access Control (MAC) is an access control model
where every resource has a sensitivity label matching a clearance level
assigned to a user (in order to be able to access the resource, user's
clearance level must be equal or higher than the sensitivity level
assigned to the resource). With mandatory access control users cannot set
or change access policies at their own discretion; labels and clearance
levels can only be applied and changed by an administrator.
44. Answer: C. STP
Explanation: Spanning Tree Protocol (STP) is used to prevent switching
loops. Switching loop occurs when there's more than one active link
between two network switches, or when two ports on the same switch become
connected to each other.
45. Answer: C. Telnet
Explanation: TCP port 23 is used by Telnet.
46. Answer: A. Chain of custody
Explanation: A chronological record outlining persons in possession of an
evidence is also referred to as chain of custody. Chain of custody is
used to ensure that the evidence hasn't been tampered with on its way
from collection to the presentation in a court of law.
47. Answer: B. Clean desk policy
Explanation: Sticky note with a password kept on sight in the user's
cubicle would be a violation of clean desk policy. From the security
standpoint, "clean desk" means user area organized in a way that
minimizes the risk of disclosure of sensitive data.
48. Answer: C. Privacy policy
Explanation: A policy outlining ways of collecting and managing personal
data is also known as privacy policy.
49. Answer: D. HVAC
Explanation: Heating, Ventilation, and Air Conditioning (HVAC) systems
are used for controlling temperature and humidity.
50. Answer: A. Recovery Time Objective (RTO)
Explanation: A maximum acceptable period of time within which a system
must be restored after failure is also known as Recovery Time Objective
(RTO). RTOs are established at the Business Impact Analysis (BIS) stage
of the Business Continuity Planning (BCP). The goal of a Business Impact
Analysis is to determine the impact of any disruption of the activities
that support the organization's key products and services. A key aspect
of determining the impact of a disruption is identifying the so called
Maximum Tolerable Period of Disruption (MTPOD), which is the maximum
amount of time that an enterprise's key products or services can be
unavailable or undeliverable after an event that causes disruption to
operations. The goal of Recovery Time Objective is to ensure that the
Maximum Tolerable Period of Disruption (MTPD) for each activity is not
exceeded.
51. Answer: A. AES
Explanation: Confidentiality is achieved by encrypting data so that it
becomes unreadable to anyone except the person with the decryption key.
Advanced Encryption Standard (AES) is one of the encryption techniques
used in computer security providing data confidentiality.
52. Answers: C and D. Kerberos and CHAP
Explanation: A replay attack occurs when an attacker intercepts user
credentials and tries to use this information later for gaining
unauthorized access to resources on a network. Kerberos and Challenge
Handshake Authentication Protocol (CHAP) are authentication protocols
offering countermeasures against replay attacks. Kerberos supports a
system of time stamped tickets that grant access to resources and expire
after a certain period of time. CHAP prevents replay attacks by
periodically reauthenticating clients during session.
53. Answers: C and E. SHA-1 and MD5
Explanation: Secure Hash Algorithm (SHA) and Message Digest (MD) are a
series of hashing functions used for checking data integrity (SHA-1 and
MD5 are the most popular versions).
54. Answers: A, B, and E. AES, DES, and 3DES
Explanation: Advanced Encryption Standard (AES), Data Encryption Standard
(DES), and Triple DES (3DES) are all examples of symmetric-key
algorithms. Rivest-Shamir-Adleman (RSA) and Diffie-Hellman are asymmetric
cryptography solutions.
55. Answers: A, D, and E. RAID 5, RAID 1, and Hot site
Explanation: Availability provides assurance that resources can be used
when needed. Redundant Array of Independent Disks (RAID) is a collection
of different data storage schemes (referred to as RAID levels) that allow
for combining multiple hard disks into a single logical unit in order to
increase fault tolerance and performance. RAID levels increase
availability allowing the system to remain operational even when one of
its components (hard drives) fails (this applies to all RAID levels
except RAID 0 which doesn't provide any fault tolerance). Hot site is an
alternate site where a company can move its operations in case of failure
of the main site.
56. Answer: B. Port-based network access control
Explanation: 802.1x is an IEEE standard for port-based network access
control (sometimes confused with 802.11x, which is a general term for a
family of wireless networking standards).
57. Answer: D. Exception
Explanation: Allowing a program through a firewall is also known as
creating an exception.
58. Answer: C. Deny all traffic
Explanation: The last default rule on a firewall is to deny all traffic
that comes from a source not listed on the firewall's Access Control List
(ACL).
59. Answer: D. SSH
Explanation: Secure Shell (SSH) is a tunneling protocol for secure remote
login and other secure network services designed as a replacement for
Telnet and other insecure remote shells.
60. Answers: B, D, and E. SSH, SCP, and SFTP
Explanation: Secure Shell (SSH) runs by default on the TCP port 22. Apart
from providing the ability to log in remotely and execute commands on a
remote host, SSH is also used for secure file transfer through the SSH-
based protocols such as Secure Copy (SCP) or SSH File Transfer Protocol
(SFTP).
61. Answers: A, C, and E. 137, 138, and 139
Explanation: Network Basic Input / Output System (NetBIOS) is a name
resolution service used in Local Area Networks (LANs). NetBIOS uses ports
137, 138, and 139. Ports 161 and 162 are reserved for the Simple Network
Management Protocol (SNMP).
62. Answer: C. Memory dump, temporary files, disk files, archival media
Explanation: Order of volatility refers to a sequence of steps in which
different types of evidence should be collected. To preserve the order of
volatility while collecting an evidence traces that can be easily lost
(such as contents of the memory which are erased after powering the
system down) should be collected first.
63. Answer: D. Whaling
Explanation: Phishing is a fraudulent attempt to trick a user, usually
via e-mail message, into disclosing personal information. Phishing scams
targeting a specific group of users are also referred to as spear
phishing. Spear phishing scams that go one step further by targeting
people holding high positions in an organization or business are also
known as whaling.
64. Answer: B. Privacy screen
Explanation: Privacy screen (also privacy filter) is a protective overlay
placed on the screen that narrows the viewing angle so data is only
visible directly in front of the monitor and cannot be seen by others
nearby. Privacy screen is one of the countermeasures against shoulder
surfing.
65. Answers: C and E. Privacy filters and Screensavers
Explanation: Privacy filters and password protected screensavers are
examples of countermeasures against shoulder surfing (looking over
someone's shoulder in order to get information).
66. Answer: A. Gaining unauthorized access to restricted areas by
following another person
Explanation: The practice of gaining unauthorized access to restricted
areas by following another person is called tailgating.
67. Answer: B. Scanning for unsecured wireless networks while driving in
a car
Explanation: The term war driving refers to scanning for unsecured
wireless networks while driving in a car. Marking symbols in public
places that indicate the presence of an unsecured wireless connection is
known as war chalking.
68. Answer: B. DAC
Explanation: Discretionary Access Control (DAC) is an access control
method based on user identity. In DAC, every object has an owner who at
his/her own discretion determines what kind of permissions other users
can have to that object.
69. Answer: D. Rule-Based Access Control
Explanation: Rule Based Access Control (RBAC) is an access control model
in which access to resources is granted or denied depending on Access
Control List (ACL) entries. An ACL specifies which users or system
processes are granted access to objects, as well as what operations are
allowed on given objects. Each entry in a typical ACL specifies a subject
and an operation. When a subject requests an operation on an object in an
ACL-based security model, the operating system first checks the ACL for
an applicable entry to decide whether the requested operation is
authorized. In computer networks, Rule-Based Access Control model is
usually implemented in network devices such as firewalls in order to
control inbound and outbound traffic based on filtering rules.
70. Answers: D and E. Logging and Sending an alert
Explanation: Intrusion Detection Systems (IDSs) rely on passive response
which might include recording an event in logs or sending a notification
alert. An IDS doesn't take any active steps in order to prevent an
intrusion.
71. Answers: C and D. Smart card and Issued by United States Department
of Defense (DoD)
Explanation: Common Access Card (CAC) is a type of smart card issued by
the United States Department of Defense for military and non-military
personnel.
72. Answer: A. SSO
Explanation: An authentication subsystem that enables a user to access
multiple, connected system components (such as separate hosts on a
network) after a single login at only one of the components is also
referred to as Single Sign-On (SSO). A single sign-on subsystem typically
requires a user to log in once at the beginning of a session, and then
during the session grants further access to multiple, separately
protected hosts, applications, or other system resources, without further
login action by the user.
73. Answer: B. Key escrow
Explanation: Key escrow is a storage solution used to retain copies of
private encryption keys.
74. Answer: B. Recovery agents
Explanation: Copies of lost private encryption keys can be retrieved from
key escrow by recovery agents. Recovery agent is an individual with
access to key database and permission level allowing him/her to extract
keys from escrow.
75. Answer: C. Vulnerability that is present in already released software
but unknown to the software developer
Explanation: Zero-day attack exploits a vulnerability that is present in
already released software but unknown to the software developer.
76. Answer: A. NIPS
Explanation: Network Intrusion Prevention system (NIPS) inspects network
traffic in real-time and has the capability to stop the attack.
77. Answer: A. SYN flood
Explanation: A type of attack exploiting the TCP three-way handshake
process is also known as SYN flood attack. Three-way handshake is used
for connections over TCP and ends with an ACK packet sent from a client
to a server confirming that the connection has been established. SYN
flood attack skips this step forcing the server to use up resources in
order to handle multiple half-open connections eventually making it
unable to process legitimate requests. SYN flood is a type of Denial-of-
Service (DoS) attack.
78. Answer: D. AD-IDS
Explanation: Anomaly-Detection Intrusion Detection System (AD-IDS) relies
on the previously established baseline of normal network activity in
order to detect intrusions. A Signature-based IDS relies on known attack
patterns to detect an intrusion.
79. Answer: A. NAC
Explanation: Network Access Control (NAC) defines a set of rules enforced
in a network that the clients attempting to access the network must
comply with. With NAC, policies can be enforced before or after end-
stations gain access to the network. NAC can be implemented as Pre-
admission NAC, where a host must, for example, be virus free or have
patches applied before it is allowed to connect to the network, and/or
Post-admission NAC, where a host is being granted/denied permissions
based on its actions after it has been provided with the access to the
network.
80. Answer: C. Tunneling
Explanation: Virtual Private Network (VPN) is a logical, restricted-use
network created with the use of encryption and tunneling protocols over
physical, public network links. VPN users can connect securely to a
private LAN over unsecure public links thanks to the tunneling protocols
that provide link encryption.
81. Answer: D. Protocol analyzer
Explanation: Packet sniffer is a common term for protocol analyzer.
82. Answers: B and E. 20 and 21
Explanation: File Transfer Protocol (FTP) is an unencrypted file exchange
protocol. FTP employs TCP ports 20 and 21. Connection established over
TCP port 20 (the data connection) is used for exchanging data, connection
made over TCP port 21 (the control connection) remains open for the
duration of the whole session and is used for session administration
(commands, identification, passwords, etc.).
83. Answer: C. White box
Explanation: Penetration test of a computer system with the prior
knowledge on how the system works is also known as white box testing.
84. Answers: C and D. IDS and Video surveillance
Explanation: Intrusion Detection System (IDS) and video surveillance are
examples of detective security controls. Intrusion Prevention System
(IPS) and Security guard are examples fall into the category of
preventative controls.
85. Answer: A. 443
Explanation: HTTPS runs on TCP port 443. HTTPS supports encryption and
can use either Secure Sockets Layer (SSL) or Transport Layer Security
(TLS) protocol for securing web traffic.
86. Answers: A and D. Dumpster diving and Social engineering
Explanation: Dumpster diving is a practice of sifting through trash for
discarded documents containing sensitive data. Documents containing names
and surnames of the employees along with the information about positions
held in the company and other data can be used to facilitate social
engineering attacks. Having the documents shredded or incinerated before
disposal makes dumpster diving less effective and also mitigates the risk
of social engineering attacks.
87. Answer: B. Asymmetric encryption
Explanation: Public/private key pair is a feature of asymmetric
encryption.
88. Answer: C. Patch management
Explanation: Coding errors and security vulnerabilities in software that
has already been released can be rectified through patch management.
89. Answers: A, C, and D. Bypasses security controls, Actively tests
security controls, and Exploits vulnerabilities
Explanation: Penetration testing bypasses security controls and actively
tests security controls by exploiting vulnerabilities. Passive testing of
security controls, identification of vulnerabilities and missing security
controls or common misconfigurations are the features of a vulnerability
scan.
90. Answer: B. OCSP
Explanation: Online Certificate Status Protocol (OCSP) allows for
querying Certificate Authority (CA) for validity of a digital
certificate. Another solution for checking whether a certificate has been
revoked is Certificate Revocation List (CRL). CRLs are updated regularly
and sent out to interested parties. Compared to CRL, OCSP allows for
querying the CA at any point in time and retrieving information without
any delay.
91. Answer: D. With enhanced security measures
Explanation: The term Trusted OS refers to an operating system with
enhanced security features. The most common access control model used in
Trusted OS is Mandatory Access Control (MAC). Examples of Trusted OS
implementations include Security Enhanced Linux (SELinux) and FreeBSD
with the TrustedBSD extensions.
92. Answer: C. Honeypot
Explanation: A monitored host or network specifically designed to detect
unauthorized access attempts is also known as a honeypot. This type of
system contains no valuable data and is used to divert the attacker's
attention from the corporate network. Multiple honeypots set up on a
network are known as a honeynet.
93. Answer: A. Trojan horse
Explanation: Software that performs unwanted and harmful actions in
disguise of a legitimate and useful program is also referred to as a
Trojan horse. This type of malware may act like a legitimate program and
have all the expected functionalities, but apart from that it will also
contain a portion of malicious code appended to it that the user is
unaware of.
94. Answers: A, C, and E. Mantrap, Access list, and Hardware lock
Explanation: Mantraps, physical access lists, and hardware locks fall
into category of physical security measures. Mantraps are two-door
entrance points connected to a guard station. A person entering mantrap
from the outside remains inside until he/she provides authentication
token required to unlock the inner door. Physical access lists allow
guards to check credentials of people entering the facility and also to
record and compare the number of people who have entered and left the
premises.
95. Answers: A and C. Asymmetric encryption and Suitable for small
wireless devices
Explanation: Elliptic Curve Cryptography (ECC) is a type of asymmetric
encryption. ECC provides strong encryption while requiring less
processing power than other encryption methods which makes it suitable
for small wireless devices such as handhelds and cell phones.
96. Answer: A. PGP
Explanation: Pretty Good Privacy (PGP) allows for encryption of e-mail
messages. PGP can also be used to digitally sign e-mails.
97. Answer: A. PBX
Explanation: Phreaking refers to the exploitation of telecommunications
systems. Private Branch Exchange (PBX) system is a private telephone
network used within an enterprise. PBX systems can be compromised through
phreaking.
98. Answer: D. PED
Explanation: Personal Electronic Device (PED) is a lightweight consumer
electronic devices that include mobile phones, Personal Digital
Assistants (PDAs), laptops and tablets, digital cameras, portable game
consoles, optical media players, MP3 players, USB drives, calculators,
earphones, and other lightweight portable electronic devices.
99. Answers: A, B, and D. Is a symmetric encryption algorithm, Uses 128-,
192-, and 256-bit keys, and Uses block cipher algorithm
Explanation: Advanced Encryption Standard (AES) is a strong symmetric
encryption algorithm. AES uses block cipher algorithm with the block size
of 64 bits (compared to stream ciphers which process data by encrypting
individual bits, block cipher divides data into separate fragments and
encrypts each fragment separately). AES uses 128-, 192-, and 256-bit
encryption keys.
100. Answer: C. RC4
Explanation: Rivest Cipher 4 (RC4) is a symmetric stream cipher. Advanced
Encryption Standard (AES), Data Encryption Standard (DES) and Triple DES
(3DES) are all block ciphers. RC4 is used in Wired Equivalent Privacy
(WEP) standard for wireless encryption and Secure Sockets Layer (SSL) for
Internet traffic encryption.
