Chapter 12. Sample Test 1

Chapter 12. Sample Test #1

The best way to prepare for the test, after you have studied, is to take several practice exams. We've included two in this book for that reason. The answers to the following questions are in a separate chapter immediately following the test. Pay special attention to the explanations for the incorrect answers. Understanding why answers are incorrect will help you eliminate some of the answer choices, and this can be very valuable when taking the actual test.

Question 1

Which of the following are architectural models for the arranging of Certificate Authorities? [Check all correct answers.]

  • A. Bridge CA architecture

  • B. Sub CA architecture

  • C. Single CA architecture

  • D. Hierarchical CA architecture

Question 2

Sub7 is considered a(n) ________________.

  • A. virus

  • B. illicit server

  • C. worm

  • D. Trojan horse

Question 3

You are in sales and you receive an email telling you about an easy way to make money. The email instructs you to open the attached letter of intent, read it carefully , and then reply to the email. Which of the following should you do?

  • A. Open the letter of intent, read it, and reply to the email.

  • B. Forward this great offer to your friends and coworkers.

  • C. Notify your system administrator of the email.

  • D. Delete the email and reboot your computer.

Question 4

You have an FTP server that needs to be accessed by both employees and external customers. What type of architecture should be implemented?

  • A. Bastion host

  • B. Screened subnet

  • C. Screened host

  • D. Bastion subnet

Question 5

The main fan in your server died on Wednesday morning. It will be at least two days before it can be replaced . You decide to use another server instead but need to restore the data from the dead one. You have been doing differential backups and the last full backup was performed on Friday evening. The backup doesn't run on weekends. How many backup tapes will you need to restore the data?

  • A. Two

  • B. Four

  • C. One

  • D. Three

Question 6

You are planning to set up a network for remote users to use their own Internet connections to connect to shared folders on the network. Which technology would you implement?

  • A. DMZ

  • B. VPN

  • C. VLAN

  • D. NAT

Question 7

What type of algorithm is SHA-1?

  • A. Asymmetric encryption algorithm

  • B. Digital signature

  • C. Hashing algorithm

  • D. Certificate Authority

Question 8

A fire involving paper and wood products is likely to be considered what class of fire?

  • A. Class A

  • B. Class B

  • C. Class C

  • D. Class D

Question 9

Which of the following are not methods for minimizing a threat to a Web server? [Choose the two best answers.]

  • A. Disable all non-Web services.

  • B. Ensure telnet is running.

  • C. Disable nonessential services.

  • D. Enable logging.

Question 10

Which of the following are major security evaluation criteria efforts? [Choose the two best answers.]

  • A. TCSEC

  • B. CCSEC

  • C. IPSec

  • D. ITSEC

Question 11

Separation of duties is designed to guard against which of the following?

  • A. Social engineering

  • B. Viruses

  • C. Fraud

  • D. Nonrepudiation

Question 12

A system designed to lure an attacker away from a critical system is called a ______________.

  • A. Bastion host

  • B. Honeypot

  • C. Vulnerability system

  • D. Intrusion-detection system

Question 13

Your company is in the process of setting up a DMZ segment. You have to allow Web traffic in the DMZ segment. Which TCP port do you have to open?

  • A. 80

  • B. 139

  • C. 25

  • D. 443

Question 14

Which of the following attacks is most likely to be successful, even if all devices are properly secured and configured?

  • A. Trojan horse

  • B. Mantrap

  • C. Social engineering

  • D. All of the above

Question 15

When using CHAP, the challenge/response mechanism can happen when?

  • A. Only at the beginning of the connection

  • B. At the beginning and the end of the connection

  • C. Only at the end of the connection

  • D. At any time during the connection

Question 16

With Discretionary Access Control (DAC), how are access rights to resources determined?

  • A. Roles

  • B. Rules

  • C. Owner discretion

  • D. Security label

Question 17

Which of the following is a common name for an opening in a program that allows for additional, undocumented access to data?

  • A. Virus

  • B. Algorithm

  • C. Back door

  • D. Demilitarized zone

Question 18

Which is not a good choice for achieving security awareness among your users in your organization?

  • A. Periodic presentations

  • B. Monthly emails

  • C. Yearly seminars

  • D. Training during employee orientation

Question 19

Which of the following types of programs can be used to determine whether network resources are locked down correctly?

  • A. Password sniffers

  • B. Port scanners

  • C. Keystroke loggers

  • D. Cookies

Question 20

The enforcement of access control via tasks or groups for system users is achieved in which of the following?

  • A. IPSec

  • B. RBAC

  • C. IDS

  • D. DRP

Question 21

Which one of the following types of servers would be the target for an attack where a malicious individual attempts to change information by connecting to port 53?

  • A. FTP server

  • B. File server

  • C. Web server

  • D. DNS server

Question 22

What type of activity is not associated with computer forensics?

  • A. Collecting and analyzing data from disk drives

  • B. Collecting and analyzing data from memory

  • C. Collecting fingerprints from the computer case and input devices

  • D. Labeling and photographing the evidence

Question 23

You are checking your network to ensure that the servers have been hardened correctly. You plan on using a vulnerability-scanning program. Which of the following programs can you use? [Choose the two best answers.]

  • A. John the Ripper

  • B. SATAN

  • C. L0phtCrack

  • D. SAINT

Question 24

In encryption, when data is broken into several units of varying sizes (dependent on algorithm) and the encryption is applied to those chunks of data, what type of algorithm is that called?

  • A. Symmetric encryption algorithm

  • B. Elliptic curve

  • C. Block cipher

  • D. All of the above

Question 25

Your company decides it wants to implement a Virtual Private Network (VPN). Which of the following would you consider using because they are tunneling protocols? [Choose the two best answers.]

  • A. MD5

  • B. L2TP

  • C. 3DES

  • D. PPTP

Question 26

As the network administrator, you are implementing a policy for passwords. What is the best option for creating user passwords?

  • A. Uppercase and lowercase letters combined with numbers and symbols

  • B. A randomly generated password

  • C. A word that is familiar to the user with a number attached to the end

  • D. The user's last name spelled backwards

Question 27

Digital signatures are used to authenticate the sender. Which of the following is true of digital signatures? [Choose the two best answers.]

  • A. They use the skipjack algorithm.

  • B. They can be automatically timestamped.

  • C. They allow the sender to repudiate that the message was sent.

  • D. They cannot be imitated by someone else.

Question 28

Which of the following are parts of Kerberos authentication? [Choose the two best answers.]

  • A. Authentication service

  • B. Time-based induction

  • C. Ticket-granting service

  • D. TEMPEST

Question 29

A smartcard provides two-factor authentication. Which two of the following must be provided for proper authentication? [Choose the two best answers.]

  • A. Something you have

  • B. Something you know

  • C. Something you are

  • D. Something you do

Question 30

Which of the following describes an active attack?

  • A. Does not insert data into the stream but instead monitors information being sent

  • B. Records and replays previously sent valid messages

  • C. Inserts false packets into the data stream

  • D. Makes attempts to verify the identify of the source of information

Question 31

Which one of the following is considered a physical security component?

  • A. VPN tunnel

  • B. Mantrap

  • C. Bastion host

  • D. IPSec

Question 32

Which of the following statements about entrapment and enticement is true?

  • A. Enticement is ethical and legal. Entrapment is unethical and illegal.

  • B. Entrapment is ethical and legal. Enticement is unethical and illegal.

  • C. Neither enticement nor entrapment is ethical or legal. Companies can be prosecuted for using either one.

  • D. Both enticement and entrapment are ethical and legal. Companies cannot be prosecuted for using either one.

Question 33

Which of the following are methods of sending secure email messages? [Choose the two best answers.]

  • A. POP3

  • B. S/MIME

  • C. PGP

  • D. SMTP

Question 34

Which one of the following is a private IP address?

  • A. 11.1.2.1

  • B. 165.193.123.44

  • C. 176.18.36.4

  • D. 192.168.0.234

Question 35

Which of the following statements is true about SSL?

  • A. SSL provides security for both the connection and the data once it is received.

  • B. SSL only provides security for the connection, not the data once it is received.

  • C. SSL only provides security for the data once it is received, not the connection.

  • D. SSL does not provide security for either the connection or the data once it is received.

Question 36

Of the following, which is a characteristic of a hot site?

  • A. The facility is equipped with plumbing, flooring, and electricity only.

  • B. The facility resources are shared by mutual agreement.

  • C. The facility and equipment are already set up and ready to occupy.

  • D. The facility is equipped with some resources, but not computers.

Question 37

Which of the following algorithms in not an example of a symmetric encryption algorithm?

  • A. Rijndael

  • B. Diffie-Hellman

  • C. RC6

  • D. AES

Question 38

The RBAC model can use which of the following types of access? [Choose the three best answers.]

  • A. Role based

  • B. Task based

  • C. Lattice based

  • D. Discretionary based

Question 39

You are having problems with your DNS server. When the users try to open various Web sites, they receive an error saying that the site is not found. You go to one of the machines, open a DOS prompt, and type which command to find out what the problem is?

  • A. netstat

  • B. tracert

  • C. ipconfig

  • D. nslookup

Question 40

What is the security protocol that has been developed for 802.11?

  • A. Wired Equivalent Protocol

  • B. Wireless Encryption Protocol

  • C. Wired Equivalent Privacy

  • D. Wireless Protocol Encryption

Question 41

Which of the following is true about fiber- optic cable? [Choose the two best answers.]

  • A. It is highly sensitive to electric and magnetic interference.

  • B. It is insensitive to electric and magnetic interference.

  • C. It is relatively inexpensive.

  • D. It is expensive.

Question 42

CHAP uses a challenge/response mechanism. How many steps is this process?

  • A. Seven

  • B. Three

  • C. Four

  • D. Two

Question 43

What is the difference between HTTPS and S-HTTP?

  • A. S-HTTP protects each message sent, whereas HTTPS protects the communication channel.

  • B. S-HTTP does not support multiple encryption types, whereas HTTPS does.

  • C. HTTPS protects each message sent, whereas S-HTTP protects the communication channel.

  • D. There is no difference.

Question 44

What is the process of systematically dialing a range of phone numbers looking for unprotected dial-in modems?

  • A. Sniffing

  • B. War-driving

  • C. War-dialing

  • D. Social engineering

Question 45

Under MAC, the category of a resource can be changed by whom?

  • A. All managers

  • B. Administrators only

  • C. The owner/creator

  • D. All users

Question 46

You want to evaluate a user's ability to connect to a RAS server via telephony. Which of the following vulnerability assessment tests would you use?

  • A. Blind testing

  • B. Knowledgeable testing

  • C. Internet service testing

  • D. Dial-up service testing

  • E. Infrastructure testing

Question 47

Which protocol is used to enable remote access servers to communicate with a central server in order to authenticate and authorize access to resources?

  • A. Kerberos

  • B. IPSec

  • C. RADIUS

  • D. PPTP

Question 48

Which of the following statements are incorrect about Encapsulated Secure Payload (ESP) and Authentication Header (AH)? [Choose the two best answers.]

  • A. AH can only verify data integrity.

  • B. ESP can encrypt data and verify data integrity.

  • C. AH can encrypt data and verify data integrity.

  • D. ESP can only verify data integrity.

Question 49

Which of the following is a hardware or software solution used to protect a network from unauthorized access?

  • A. Intrusion-detection system

  • B. Digital certificate

  • C. Honeypot

  • D. Firewall

Question 50

Unauthorized access has been detected on the network. Someone had been logging in as one of the administrative assistants during off hours. Later, you find out she received an email from the network administrator asking her to supply her password so that he could make changes to her profile. What types of attacks have been executed? [Choose two correct answers.]

  • A. Spoofing

  • B. Man in the middle

  • C. Replay

  • D. Social engineering

Question 51

Which of the following is not true regarding log files?

  • A. They should be stored and protected on a machine that has been hardened.

  • B. Log information traveling on the network must be encrypted, if possible.

  • C. They should be stored in one location.

  • D. They must be modifiable, and there should be no record of the modification.

Question 52

Which PKI Trust model would be used by a CA with multiple subordinate CAs?

  • A. Cross-certified

  • B. Hierarchical

  • C. Bridge

  • D. Linked

Question 53

Which of the following are reasons why it is unsafe to allow signed code to run on your systems?

  • A. The fact that the code is signed only guarantees that the code belongs to a certain entity, not that it is absolutely harmless.

  • B. Malicious users are known to have attempted obtaining legitimate certificates to sign harmful code, with some succeeding.

  • C. Scripts may be used to employ signed code that comes preinstalled and signed with the operating system.

  • D. All of the above.

Question 54

What is the difference between a wet-pipe and a dry-pipe fire-suppression system?

  • A. A dry-pipe system uses air to suppress fire, whereas a wet-pipe system uses water.

  • B. A dry-pipe system uses dry chemicals, whereas a wet-pipe system uses wet chemicals.

  • C. A wet-pipe system has water in the pipe at all times, whereas in a dry-pipe system, water is used but is held back by a valve until a certain temperature is reached.

  • D. A wet-pipe system uses wet chemicals that deploy after the pipe loses air pressure, whereas a dry-pipe system uses dry chemicals that deploy before the pipe loses air pressure.

Question 55

Which of the following statements best describes a disaster recovery plan (DRP)?

  • A. A DRP reduces the impact of a hurricane on a facility.

  • B. A DRP is an immediate action plan used to bring a business back online immediately after a disaster has struck.

  • C. A DRP attempts to manage risks associated with theft of equipment.

  • D. A DRP is a plan that sets up actions for long- term recovery after a disaster has hit.

Question 56

You're the security administrator for a credit union. The users are complaining about the network being slow. It is not a particularly busy time of the day. You capture network packets and discover that there have been hundreds of ICMP packets being sent to the host. What type of attack is likely being executed against your network?

  • A. Spoofing

  • B. Man in the middle

  • C. Denial of service

  • D. Worm

Question 57

Which of the following PKI functions do SSL/TLS protocols currently support? [Choose the two best answers.]

  • A. Authentication

  • B. Certificate Revocation Lists

  • C. Encryption

  • D. Attribute certificates

Question 58

How many layers are there in the OSI model?

  • A. Four

  • B. Six

  • C. Nine

  • D. Seven

Question 59

Which of the following is true in regard to the principle of least privilege?

  • A. It ensures that all members of the user community are given the same privileges as long as they do not have administrator or root access to systems.

  • B. It requires that a user be given no more privilege than necessary to perform a job.

  • C. It is a control enforced through written security policies.

  • D. It assumes that job functions will be rotated frequently.

Question 60

You have found that someone has been running a program to crack passwords. This has been successful enough that files have been altered and you suspect that many of the users' passwords have been compromised. Which of the following techniques can be implemented to help protect against another brute-force password attack?

  • A. Increase the value of the password history to 8.

  • B. Have users present proper identification before being granted a password.

  • C. Lock the account after three unsuccessful password entry attempts.

  • D. Require password resets every 60 days.

Question 61

Which of the following best describes a service-level agreement?

  • A. A method by which a company can guarantee a level of service from another company.

  • B. A method of procuring services after a disaster has struck.

  • C. A method of protecting servers and computers from disasters.

  • D. A method of protecting a facility from disasters.

Question 62

You need to provide your users with the capability to log on once and retrieve any resource to which they have been granted access, regardless of where the resource is stored. Which configuration will you deploy?

  • A. Role-Based Access Control (RBAC)

  • B. Multifactor

  • C. Biometric

  • D. Single sign-on (SSO)

Question 63

You are a consultant for a company that wants to secure its Web services and provide a guarantee to its online customers that all credit card information is securely transferred. Which technology would you recommend?

  • A. S/MIME

  • B. VPN

  • C. SSL/TLS

  • D. SSH

Question 64

You are the primary investigator on a team that is investigating the theft of some important information from your network. You have collected and analyzed data and are preparing to present your information in court . What is the process called when presenting the path that the evidence took to the courtroom?

  • A. Evidenced path

  • B. Chain of custody

  • C. Forensics

  • D. Chain of evidence

Question 65

You are configuring a security policy for your company. Which of the following three components make up the security triad ? [Choose the three best answers.]

  • A. Encryption

  • B. Confidentiality

  • C. Integrity

  • D. Authorization

  • E. Availability

Question 66

Which of the following would you use if you wanted to check the validity of a digital certificate?

  • A. Certificate policy

  • B. Certificate Revocation List

  • C. Corporate security policy

  • D. Trust model

Question 67

Which of the following statements are true when discussing physical security? [Choose the three best answers.]

  • A. Physical security attempts to control access to data from Internet users.

  • B. Physical security attempts to control unwanted access to specified areas of a building.

  • C. Physical security attempts to control the impact of natural disasters on facilities and equipment.

  • D. Physical security attempts to control internal employee access into secure areas.

Question 68

SMTP relay is a common exploit used among hackers for what purpose?

  • A. DNS zone transfers

  • B. Spamming

  • C. Port scanning

  • D. Man-in-the-middle attacks

Question 69

CGI scripts can present vulnerabilities in which of the following ways? [Choose the two best answers.]

  • A. They can be used to relay email.

  • B. They can be tricked into executing commands.

  • C. They may expose system information.

  • D. They store the IP address of your computer.

Question 70

Your company has decided to deploy a hardware token system along with usernames and passwords. This technique of using more than one type of authentication is known as which of the following?

  • A. Parallel authentication

  • B. Factored authentication

  • C. Mutual authentication

  • D. Multifactor authentication

Question 71

Which of the following are included within a digital certificate? [Choose the three best answers.]

  • A. User's private key

  • B. Information about the user

  • C. Digital signature of the issuing CA

  • D. User's public key

Question 72

Which of the following is a correct definition of a Trojan horse?

  • A. It needs no user intervention to replicate.

  • B. It makes data appear to come from somewhere other than where it really originated.

  • C. It is open-source code and attacks only open source software.

  • D. It buries itself in the operating system software and infects other systems only after a user executes the application that it is buried in.

Question 73

You have implemented a proxy firewall technology that can distinguish between an FTP get command and an FTP put command. What type of firewall are you using?

  • A. Proxy gateway

  • B. Circuit-level gateway

  • C. Application-level gateway

  • D. SOCKS proxy

Question 74

When encrypting and decrypting data using an asymmetric encryption algorithm, you do which of the following?

  • A. Use only the public key to encrypt and only the private key to decrypt.

  • B. Use the public key to either encrypt or decrypt.

  • C. Use only the private key to encrypt and only the public key to decrypt.

  • D. Use only the private key to decrypt data encrypted with the public key.

Question 75

Which of the following is not a piece of information used by a cookie?

  • A. The operating system you are running

  • B. The type of browser you are using

  • C. Your network login and password

  • D. The name and IP address of your computer

Question 76

You are setting up a switched network and want to group users by department, which technology would you implement?

  • A. DMZ

  • B. VPN

  • C. VLAN

  • D. NAT

Question 77

What is the leading reason many incidents are never reported ? [Choose the best answer.]

  • A. They do not break laws.

  • B. The reporting process is too time consuming.

  • C. The fear of losing business or shareholders.

  • D. They result in less than $1,000 in damage.

Question 78

Which of the following is true in regard to FTP? [Choose the two best answers.]

  • A. Authentication credentials are sent in cleartext.

  • B. Authentication credentials are encrypted.

  • C. It is vulnerable to sniffing and eavesdropping.

  • D. It is very secure and not vulnerable to either sniffing or eavesdropping.

Question 79

Which of the following best describes the relationship between centralized and decentralized security?

  • A. Centralized is more secure but less scalable, whereas decentralized security is less secure but more scalable.

  • B. Decentralized security is more scalable and more secure than centralized.

  • C. Centralized security is more scalable and less secure than decentralized.

  • D. Centralized and decentralized have about the same security, but centralized is more scalable.

Question 80

You have created a utility for purging old files. You have hidden code inside the utility that will install itself and cause the infected system to erase the hard drive's contents on April 1, 2004. Which of the following attacks has been used in your code?

  • A. Virus

  • B. Spoofing

  • C. Logic bomb

  • D. Trojan horse

Question 81

Which of the following components are not associated with risk? [Choose the two best answers.]

  • A. Vulnerability

  • B. Threat

  • C. Value

  • D. Probability

  • E. Analysis

Question 82

What is an exposed device that is the foundation for firewall software to operate on called?

  • A. Bastion host

  • B. Screened subnet

  • C. Screened host

  • D. Bastion subnet

Question 83

A user using a known weakness in operating system code has made himself an administrator. This is an example of which of the following?

  • A. Privilege management

  • B. Trojan horse

  • C. Privilege escalation

  • D. Single sign-on

Question 84

Which of the following best describes a vulnerability?

  • A. A vulnerability is a weakness in the configuration of software or hardware that could allow a threat to damage the network.

  • B. A vulnerability is any agent that could do harm to your network or its components.

  • C. A vulnerability is the likelihood of a particular event happening given an asset and a threat.

  • D. A vulnerability measures the cost of a threat attacking your network.

Question 85

Your network is under attack. Traffic patterns indicate that an unauthorized service is relaying information to a source outside the network. What type of attack is being executed against you?

  • A. Spoofing

  • B. Man in the middle

  • C. Replay

  • D. Denial of service

Question 86

Which of the following best describes Secure FTP?

  • A. It allows for a secure connection via IPSec.

  • B. It allows for a secure connection via SSL.

  • C. It allows for a secure connection via HTTPS.

  • D. None of the above is true.

Question 87

Who is ultimately responsible for setting the tone of the role of security in an organization?

  • A. Staff

  • B. Management

  • C. Consultants

  • D. Everyone

Question 88

You are a consultant for a small company. You have just learned about a patch that is available for Windows servers. You download and install the patch and several of the servers stop functioning properly. What should your next step be to return the servers to a functional state? [Choose the best answer.]

  • A. Reload the patch and see if the problems stop.

  • B. Roll back the changes.

  • C. Call the manufacturer and see if there is a fix.

  • D. Document the changes and troubleshoot.

Question 89

Your company is in the process of setting up an IDS system. You want to scan for irregular header lengths and information in the TCP/IP packet. Which IDS methodology is suitable for this purpose?

  • A. Heuristic analysis

  • B. Anomaly analysis

  • C. Stateful inspection

  • D. Pattern matching

Question 90

Which protocol is installed to provide centralized management of computers through a remotely installed agent?

  • A. SMTP

  • B. SNMP

  • C. LDAP

  • D. L2TP

Question 91

What is a network device that works at the third layer of the OSI model and is responsible for forwarding packets between networks called?

  • A. Router

  • B. Hub

  • C. Switch

  • D. Modem

Question 92

When an attacker compromises systems with installed zombie software and initiates an attack against a victim from a widely distributed number of hosts , this is called what?

  • A. DoS

  • B. DDoS

  • C. Trojan horse

  • D. Masquerading

Question 93

Which of the following is not a tunneling protocol used in VPN connections?

  • A. PPTP

  • B. L2TP

  • C. CHAP

  • D. IPSec

Question 94

Which of the following statements best describes the behavior of a worm?

  • A. A worm is self-replicating and needs no user interaction.

  • B. A worm attacks only after triggered.

  • C. A worm only attacks system files.

  • D. A worm attempts to hide from antivirus software by garbling its code.

Question 95

What is the difference between TACACS and RADIUS?

  • A. There is no difference.

  • B. RADIUS is an actual Internet standard; TACACS is not.

  • C. TACACS is an actual Internet standard; RADIUS is not.

  • D. RADIUS is an encryption protocol; TACACS is an authentication protocol.

Question 96

What is Secure Electronic Transaction (SET)?

  • A. A system for ensuring the security of historical electronic transactions across the Internet.

  • B. An e-commerce technology that provides a safe way to do financial transactions over the Internet.

  • C. A system developed by Microsoft for ensuring the security of electronic messages across the Internet.

  • D. A program that combines the resources of multiple computers to secure the exchange of email.

Question 97

What Web-based protocol was developed to standardize the way wireless devices communicate?

  • A. Wireless Encryption Protocol (WEP)

  • B. Wireless Application Protocol (WAP)

  • C. Wired Equivalent Privacy (WEP)

  • D. Wireless Session Protocol (WSP)

Question 98

Which of the following is true of Pretty Good Privacy (PGP)? [Choose the two best answers.]

  • A. It uses a web of trust.

  • B. It uses a hierarchical structure.

  • C. It uses public key encryption.

  • D. It uses private key encryption.

Question 99

What type of algorithm does MD5 use?

  • A. Block cipher algorithm

  • B. Hashing algorithm

  • C. Asymmetric encryption algorithm

  • D. Cryptographic algorithm

Question 100

You are the consultant for a small manufacturing company that wants to implement a backup solution. Which method is most commonly used to protect data? [Choose the best answer.]

  • A. Site redundancy

  • B. Offsite, secure recovery

  • C. Onsite backup

  • D. High availability systems

Question 101

You are the network administrator for a small company that has recently been the victim of several attacks. Upon rebuild of the server, you want to uninstall all unnecessary services and protocols. This process is known as system ________________.

  • A. Nonrepudiation

  • B. Hardening

  • C. Auditing

  • D. Hashing

Question 102

Which of the following looks at the long-term actions taken by a company after a disaster has taken place?

  • A. Emergency response plan

  • B. Security plan

  • C. Disaster recovery plan

  • D. Business continuity plan

Question 103

User groups that are built around business units and then have privileges assigned to these groups instead of individual users is an example of which type of management?

  • A. Role-based privilege management

  • B. User-based privilege management

  • C. Group-based privilege management

  • D. Individual-based privilege management

Question 104

In which type of architecture is the user responsible for the creation of the private and public key?

  • A. Decentralized key management

  • B. Centralized key management

  • C. Revocation key management

  • D. Multilevel key management

Question 105

Which of the following statements best describes nonrepudiation?

  • A. A set of mathematical rules used in encryption

  • B. A means of proving that a transaction occurred

  • C. A method of hiding data in another message

  • D. A technology used for redundancy and performance improvement

Question 106

You are checking your network to ensure users are conforming to a new password security policy that requires them to use complex passwords. You plan on using a password-cracking program. Which of the following programs can you use?

  • A. John the Ripper

  • B. SATAN

  • C. L0phtCrack

  • D. SAINT

Question 107

Your company is in the process of setting up a management system on your network and you want to use SNMP. You have to allow this traffic through the router. Which UDP ports do you have to open?

  • A. 161

  • B. 139

  • C. 138

  • D. 162

Question 108

You are securing the network with IDS technologies. You want to be able to see malicious intent activity as well as provide some security and monitoring for users who are VPNing outside the network. Which IDS type is best suited for this job?

  • A. Host-based IDS

  • B. Network-based IDS

  • C. None of the above

  • D. A combination of A and B

Question 109

When a Certificate Authority revokes a certificate, how is notice of the revocation distributed?

  • A. A digital signature

  • B. A certificate policy

  • C. A Certificate Revocation List

  • D. A Certificate Practice Statement

Question 110

Which of the following are characteristics of Transport Layer Security (TLS)? [Choose the two best answers.]

  • A. It is interoperable with SSL.

  • B. It is based on Netscape's SSL3.

  • C. It ensures privacy on the Internet.

  • D. It has one layer.

Question 111

Wireless Application Protocol (WAP) has several layers. Which of the following is the security layer?

  • A. Wireless Security Layer (WSL)

  • B. Wireless Transport Layer (WTL)

  • C. Wireless Transport Layer Security (WTLS)

  • D. Wireless Security Layer Transport (WSLT)

Question 112

A private network that gives business partners and vendors access to company information is called a(n) ______________.

  • A. Extranet

  • B. Intranet

  • C. Internet

  • D. ARPAnet

Question 113

Which of the following is the weakest link in a security policy?

  • A. Management

  • B. A misconfigured firewall

  • C. An unprotected Web server

  • D. Uneducated users

Question 114

If the code of a program does not check the length of variables , it can be subject to which type of attack?

  • A. Buffer overflow

  • B. Replay

  • C. Spoofing

  • D. Denial of service

Question 115

Access through a router may be granted or denied based on IP address. What is the name given to this method?

  • A. ACL

  • B. AP

  • C. ACLU

  • D. Answers A and B

Question 116

What are the major security concerns with using DHCP? [Choose the two best answers.]

  • A. The network is vulnerable to man-in-the-middle attacks.

  • B. Anyone hooking up to the network can automatically receive a network address.

  • C. Clients might be redirected to an incorrect DNS address.

  • D. There are no security concerns with using DHCP.

Question 117

What should you do upon finding out an employee is terminated ?

  • A. Disable the user account and have the data kept for a specified period of time.

  • B. Maintain the user account and have the data kept for a specified period of time.

  • C. Disable the user account and delete the user's home directory.

  • D. Do nothing until the employee has cleaned out her desk and you get written notification.

Question 118

Which of the following is not a good security practice?

  • A. You should have a procedure in place to periodically test password strength.

  • B. Auditing should be enabled and logs should be monitored regularly.

  • C. Allow all programmers to have administrator access because they need a lot of rights.

  • D. You should ensure that there are no accounts with default passwords or that there aren't any without a password.

Question 119

Which of the following statements best describes the difference between authentication and identification?

  • A. Authentication is the same identification.

  • B. Authentication is a means to verify who you are, whereas identification is what you are authorized to perform.

  • C. Authentication is the byproduct of identification.

  • D. Authentication is what you are authorized to perform, whereas identification is a means to verify who you are.

Question 120

What is the IEEE standard for wireless LAN technology?

  • A. 802.5

  • B. 802.11

  • C. 802.2

  • D. 802.10

Question 121

Which of the following statements about Java and JavaScript is true?

  • A. Java applets can be used to execute arbitrary instructions on the server.

  • B. JavaScript code can continue running even after the applet is closed.

  • C. JavaScript can provide access to files of a known name and path.

  • D. Java applets can be used to send email as the user.

  • E. Java applets allow access to cache information.

Question 122

What is the proper way to dispose of confidential documents?

  • A. Rip them into small pieces and put them in the trash.

  • B. Shred them and put them in the trash.

  • C. Have them destroyed by an authorized destruction company.

  • D. Put them in the recycle bin.

Question 123

Ensuring that all data is sequenced , timestamped, and numbered is a characteristic of _______________.

  • A. Data authentication

  • B. Data integrity

  • C. Data availability

  • D. Data confidentiality

Question 124

What is a potential concern to weaker encryption algorithms as time goes on? [Choose the best answer.]

  • A. Performance of the algorithm will worsen over time.

  • B. Keys generated by users will start to repeat on other users' systems.

  • C. Hackers using distributed computing may be able to finally crack an algorithm.

  • D. All of the above.

Question 125

You want to hide your internal network from the outside world. Which of the following servers can accomplish this?

  • A. NAT

  • B. DNS

  • C. DHCP

  • D. All of the above



Security+ Exam Cram 2 (Exam SYO-101)
Security+ Certification Exam Cram 2 (Exam Cram SYO-101)
ISBN: 0789729105
EAN: 2147483647
Year: 2005
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net