Take Another Quiz

CompTIA Security+ Practice Exam (2)

100 Questions
CompTIA Quizzes & Trivia

Comptia Security+ Practice Exam (2)Full length Comptia Security+ Practice Exam. Take this exam like the real exam to see if you are completely prepared for the real exam. Time yourself to 90 minutes to get a feel of the pressures of the real exam. The practice test is designed to reflect the final exam.

Questions and Answers
  • 1. 
    Which port is used by Kerberos by default?
    • A. 

      Kerberos makes use of port 139

    • B. 

      Kerberos makes use of port 443

    • C. 

      Kerberos makes use of port 23

    • D. 

      Kerberos makes use of port 88

    • E. 

      None of the Above

  • 2. 
    • A. 

      Your first step should be to close all the ports and to monitor it to see if a process tries to reopen the port.

    • B. 

      Your first step should be to examine the process using the ports.

    • C. 

      Your first step should be to leave the ports open and to monitor the traffic for malicious activity.

    • D. 

      Your first step should be to run Nmap again and to monitor it to see if different results are obtained.

  • 3. 
    Identify the port that permits a user to login remotely on a computer?
    • A. 

      Port 3389

    • B. 

      Port 8080

    • C. 

      Port 143

    • D. 

      Port 23

  • 4. 
    Identify the ports utilized by e-mail users? (Choose TWO)
    • A. 

      You should identify port 143

    • B. 

      You should identify port 3389

    • C. 

      You should identify port 110

    • D. 

      You should identify port 334

    • E. 

      You should identify port 23

  • 5. 
    Which of the following occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle?
    • A. 

      Brute Force attack

    • B. 

      Spoofing attack

    • C. 

      Buffer overflow

    • D. 

      Man in the middle attack

    • E. 

      SYN flood

  • 6. 
    • A. 

      Birthday Attack

    • B. 

      SYN Attack

    • C. 

      Buffer Overflow

    • D. 

      Smurf

    • E. 

      None of the Above

  • 7. 
    • A. 

      Man in the middle attack

    • B. 

      Smurf attack

    • C. 

      Ping of death attack

    • D. 

      TCP SYN (Transmission Control Protocol / Synchronized) attack

    • E. 

      None of the Above

  • 8. 
    • A. 

      OS (Operating System) scanning

    • B. 

      Reverse engineering.

    • C. 

      Fingerprinting

    • D. 

      Host hijacking.

    • E. 

      None of the Above

  • 9. 
    • A. 

      Computer name

    • B. 

      Fingerprint of the operating system

    • C. 

      Physical cabling topology of a network

    • D. 

      User ID and passwords

    • E. 

      All of the Above

  • 10. 
    Which of the following fingerprinting techniques exploits the fact that operating systems differ in the amount of information that is quoted when ICMP (Internet Control Message Protocol) errors are encountered?
    • A. 

      TCP (Transmission Control Protocol) options.

    • B. 

      ICMP (Internet Control Message Protocol) error message quenching.

    • C. 

      Fragmentation handling.

    • D. 

      ICMP (Internet Control Message Protocol) message quoting

    • E. 

      None of the Above

  • 11. 
    Which of the following type of attacks exploits poor programming techniques and lack of code review?
    • A. 

      CGI (Common Gateway Interface) script

    • B. 

      Birthday

    • C. 

      Buffer overflow

    • D. 

      Dictionary

  • 12. 
    Which of the following network attacks misuses TCP's (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users?
    • A. 

      Man in the middle.

    • B. 

      Smurf

    • C. 

      Teardrop

    • D. 

      SYN (Synchronize)

  • 13. 
    Which of the following is most common method of accomplishing DDoS (Distributed Denial of Service) attacks?
    • A. 

      Internal host computers simultaneously failing.

    • B. 

      Overwhelming and shutting down multiple services on a server.

    • C. 

      Multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router.

    • D. 

      An individual e-mail address list being used to distribute a virus.

  • 14. 
    Which of the following is a DoS (Denial of Service) attack that exploits TCP's (Transmission Control Protocol) three-way handshake for new connections?
    • A. 

      SYN (Synchronize) flood.

    • B. 

      Ping of death attack.

    • C. 

      Land attack.

    • D. 

      Buffer overflow attack.

    • E. 

      None of the Above

  • 15. 
    Which of the following is a DoS exploit that sends more traffic to a node than anticipated?
    • A. 

      Ping of death

    • B. 

      Buffer Overflow

    • C. 

      Logic Bomb

    • D. 

      Smurf

    • E. 

      None of the Above

  • 16. 
    Which of the following is a security breach that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?
    • A. 

      CRL

    • B. 

      DoS

    • C. 

      ACL

    • D. 

      MD2

    • E. 

      None of the above

  • 17. 
    Loki, NetCaZ, Masters Paradise and NetBus are examples of what type of attack?
    • A. 

      Brute force

    • B. 

      Spoofing

    • C. 

      Man in the middle

    • D. 

      Back door

    • E. 

      None of the Above

  • 18. 
    What is usually the goal of TCP (transmission Control Protocol) session hijacking?
    • A. 

      Taking over a legitimate TCP (transmission Control Protocol) connection.

    • B. 

      Predicting the TCP (transmission Control Protocol) sequence number.

    • C. 

      Identifying the TCP (transmission Control Protocol) port for future exploitation.

    • D. 

      Identifying source addresses for malicious use.

    • E. 

      None of the Above

  • 19. 
    Which of the following best describes TCP/IP (Transmission Control Protocol/Internet Protocol) session hijacking?
    • A. 

      The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets.

    • B. 

      The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered allowing third party hosts to create new IP (Internet Protocol) addresses.

    • C. 

      The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the server.

    • D. 

      The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the client.

  • 20. 
    What characteristic of TCP/IP (transmission Control Protocol/Internet Protocol) does TCP/IP (transmission Control Protocol/Internet Protocol) session hijacking exploit?
    • A. 

      The fact that TCP/IP (transmission Control Protocol/Internet Protocol) has no authentication mechanism, thus allowing a clear text password of 16 bytes

    • B. 

      The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows a packet to be spoofed and inserted into a stream, thereby enabling commands to be executed on the remote host

    • C. 

      The fact that TCP/IP (transmission Control Protocol/Internet Protocol) has no authentication mechanism, and therefore allows connectionless packets from anyone

    • D. 

      The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows packets to be tunneled to an alternate network

  • 21. 
    Which of the following attacks can be mitigated against by implementing the following ingress/egress traffic filtering? * Any packet coming into the network must not have a source address of the internal network. * Any packet coming into the network must have a destination address from the internal network. * Any packet leaving the network must have a source address from the internal network. * Any packet leaving the network must not have a destination address from the internal networks. * Any packet coming into the network or leaving the network must not have a source or destination address of a private address or an address listed in RFC19lS reserved space.
    • A. 

      SYN (Synchronize) flooding

    • B. 

      Spoofing

    • C. 

      DoS (Denial of Service) attacks

    • D. 

      Dictionary attacks

    • E. 

      None of the Above

  • 22. 
    In which of the following attacks does the attacker pretend to be a legitimate user?
    • A. 

      Aliasing

    • B. 

      Spoofing

    • C. 

      Flooding

    • D. 

      Redirecting

    • E. 

      None of the Above

  • 23. 
    Which of the attacks can involve the misdirection of the domain name resolution and Internet traffic?
    • A. 

      DoS (Denial of Service)

    • B. 

      Spoofing

    • C. 

      Brute force attack

    • D. 

      Reverse DNS (Domain Name Service)

  • 24. 
    In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the attacker manipulate?
    • A. 

      The version field.

    • B. 

      The source address field.

    • C. 

      The source port field.

    • D. 

      The destination address field.

  • 25. 
    • A. 

      Reverse DNS (Domain Name Service)

    • B. 

      Brute force attack

    • C. 

      Spoofing

    • D. 

      DoS (Denial of Service)

  • 26. 
    • A. 

      TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking

    • B. 

      IP (Internet Protocol) spoofing

    • C. 

      Replay

    • D. 

      Man in the middle

  • 27. 
    You are the security administrator at Certkiller .com. You detect intruders accessing your internal network. The source IP (Internet Protocol) addresses originate from trusted networks. What type of attack are you experiencing?
    • A. 

      Social engineering

    • B. 

      TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking

    • C. 

      Smurfing

    • D. 

      Spoofing

  • 28. 
    What is an attack whereby two different messages using the same hash function produce a common message digest known as?
    • A. 

      Man in the middle attack.

    • B. 

      Ciphertext only attack.

    • C. 

      Birthday attack.

    • D. 

      Brute force attack.

  • 29. 
    Which of the following can be deterred against by increasing the keyspace and complexity of a password?
    • A. 

      Dictionary

    • B. 

      Brute force

    • C. 

      Inference

    • D. 

      Frontal

  • 30. 
    Which type of attack can easily break a user's password if the user uses simple and meaningful things such as pet names or birthdays for their passwords?
    • A. 

      Mickey Mouse attack

    • B. 

      Random guess attack

    • C. 

      Brute Force attack

    • D. 

      Dictionary attack

    • E. 

      Role Based Access Control attack

  • 31. 
    What should the minimum length of a password be to deter dictionary password cracks?
    • A. 

      6 characters

    • B. 

      8 characters

    • C. 

      10 characters

    • D. 

      12 characters

    • E. 

      16 characters

  • 32. 
    • A. 

      DDos

    • B. 

      Back Door

    • C. 

      Man in the Middle

    • D. 

      Spoofing

  • 33. 
    Which of the following is the best defense against a man in the middle attack?
    • A. 

      Virtual LAN (Local Area Network)

    • B. 

      GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol-within-Internet Protocol Encapsulation Protocol)

    • C. 

      PKI (Public Key Infrastructure)

    • D. 

      Enforcement of badge system

  • 34. 
    Which of the following is the best defense against man in the middle attacks?
    • A. 

      A firewall

    • B. 

      Strong encryption

    • C. 

      Strong passwords

    • D. 

      Strong authentication

  • 35. 
    You are the security administrator at Certkiller .com. All Certkiller users have a token and 4-digit personal identification number (PIN) that are used to access their computer systems. The token performs off-line checking for the correct PIN. To which of the following type of attack is Certkiller vulnerable?
    • A. 

      Smurf

    • B. 

      Man-in-the-middle

    • C. 

      Brute force

    • D. 

      Birthday

  • 36. 
    What is an attach in which the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets called?
    • A. 

      SYN flood attack

    • B. 

      Smurf attack

    • C. 

      Ping of Dead Attack

    • D. 

      Denial of Service (DOS) Attack

  • 37. 
    • A. 

      Differential cryptanalysis

    • B. 

      Differential linear cryptanalysis

    • C. 

      Birthday attack

    • D. 

      Statistical attack

  • 38. 
    Which of the following attacks attempts to crack passwords
    • A. 

      SMURF

    • B. 

      Dictionary

    • C. 

      Teardrop

    • D. 

      Spamming

  • 39. 
    • A. 

      An expected TCP/IP traffic will occur.

    • B. 

      A Port scanning will occur.

    • C. 

      A SYN Flood will occur.

    • D. 

      A Denial of Service (DoS) will occur.

  • 40. 
    • A. 

      This attack is known as SYN flood.

    • B. 

      This attack is known as DDoS

    • C. 

      This attack is known as Brute force.

    • D. 

      This attack is known as XMAS tree scan.

  • 41. 
    You implement IDS on the Certkiller .com network. You discover traffic from an internal host IP address accessing internal network resources from the Internet. What is causing this?
    • A. 

      This occurred since a user without permission is spoofing internal IP addresses.

    • B. 

      This occurred since information is accessed by a user from a remote login.

    • C. 

      This occurred since traffic is routed outside the internal network.

    • D. 

      This is normal behavior according to the IP RFC.

  • 42. 
    Identify the methods of password guessing that needs the longest attack time?
    • A. 

      Brute force needs the longest attack time.

    • B. 

      Dictionary needs the longest attack time.

    • C. 

      Rainbow needs the longest attack time.

    • D. 

      Birthday needs the longest attack time.

  • 43. 
    Identify the attack that consists of a PC sending PING packets with destination addresses set to the broadcast address and the source address set to the target PC's IP address?
    • A. 

      You should identify a Smurf attack.

    • B. 

      You should identify a XMAS Tree attack.

    • C. 

      You should identify a Replay attack.

    • D. 

      You should identify a Fraggle attack

  • 44. 
    Identify common utilization of Internet-exposed network services?
    • A. 

      Active content is a common utilization.

    • B. 

      Illicit servers are a common utilization.

    • C. 

      Trojan horse programs are a common utilization.

    • D. 

      Buffer overflows is a common utilization. Buffer overflows is a common utilization.

  • 45. 
    • A. 

      It can result in the Buffer overflow attack.

    • B. 

      It can result in the Dictionary attack.

    • C. 

      It can result in the Birthday attack.

    • D. 

      It can result in the Common Gateway Interface (CGI) script attack.

  • 46. 
    Identify a port scanning tool?
    • A. 

      Nmap is port scanning tool.

    • B. 

      Cain & Abel is port scanning tool.

    • C. 

      L0phtcrack is port scanning tool.

    • D. 

      John the Ripper is port scanning tool.

  • 47. 
    How can you determine whether the workstations on the internal network are functioning as zombies participating in external DDoS attacks?
    • A. 

      You should use AV server logs to confirm the suspicion.

    • B. 

      You should use HIDS logs to confirm the suspicion.

    • C. 

      You should use Proxy logs to confirm the suspicion.

    • D. 

      You should use Firewall logs to confirm the suspicion.

  • 48. 
    • A. 

      The computer is part of a DDoS attack.

    • B. 

      The computer is part of a TCP/IP hijacking.

    • C. 

      The computer is part of a spoofing attack.

    • D. 

      The computer is part of a man-in-the-middle attack.

  • 49. 
    What is used in a distributed denial of service (DDOS) attack?
    • A. 

      DDOS makes use of Botnet.

    • B. 

      DDOS makes use of Phishing.

    • C. 

      DDOS makes use of Adware.

    • D. 

      DDOS makes use of Trojan.

  • 50. 
    Identify the attack where the purpose is to stop a workstation or service from functioning?
    • A. 

      This attack is known as non-repudiation.

    • B. 

      This attack is known as TCP/IP hijacking.

    • C. 

      This attack is known as denial of service (DoS).

    • D. 

      This attack is known as brute force.

  • 51. 
    Which programming mechanism should be used to permit administrative access whilst bypassing the usual access control methods?
    • A. 

      It is known as a logic bomb.

    • B. 

      It is known as a back door.

    • C. 

      It is known as a Trojan horse.

    • D. 

      It is known as software exploit.

  • 52. 
    Why is certificate expiration important?
    • A. 

      Renewing the log files will keep it from getting too large.

    • B. 

      If given sufficient tile brute force techniques will probably to break the key.

    • C. 

      It will use more processing power when the encryption key is used long.

    • D. 

      It prevents the server from using the identical key for two sessions.

  • 53. 
    It has come to your attention that numerous e-mails are received from an ex employee. You need to determine whether the e-mails originated internally?
    • A. 

      This can be accomplished by viewing the from line of the e-mails.

    • B. 

      This can be accomplished by reviewing anti-virus logs on the ex employees computer.

    • C. 

      This can be accomplished by replying to the e-mail and checking the destination e-mail address.

    • D. 

      This can be accomplished by looking at the source IP address in the SMTP header of the e-mails.

  • 54. 
    • A. 

      This can be accomplished by using SNMP.

    • B. 

      This can be accomplished by using SMTP.

    • C. 

      This can be accomplished by using CHAP.

    • D. 

      This can be accomplished by using DHCP.

  • 55. 
    Determine the programming method you should use to stop buffer overflow attacks?
    • A. 

      You should make use of Automatic updates.

    • B. 

      You should make use of Input validation.

    • C. 

      You should make use of Signed applets.

    • D. 

      You should make use of Nested loops.

  • 56. 
    • A. 

      It is vulnerable to Buffer overflows.

    • B. 

      It is vulnerable to Cross site scripting.

    • C. 

      It is vulnerable to DNS spoofing.

    • D. 

      It is vulnerable to SQL injection.

  • 57. 
    • A. 

      You should choose DMZ to provide security to the network segment.

    • B. 

      You should choose Internet content filter provide security to the network segment.

    • C. 

      You should choose NIPS provide security to the network segment.

    • D. 

      You should choose HIDS provide security to the network segment.

  • 58. 
    A server or application that accepts more input than the server or application is expecting is known as:
    • A. 

      It is known as a Denial of service (DoS).

    • B. 

      It is known as a Buffer overflow.

    • C. 

      It is known as a Brute force.

    • D. 

      It is known as a Syntax error.

  • 59. 
    Which of the following is an effective method of preventing computer viruses from spreading?
    • A. 

      Require root/administrator access to run programs.

    • B. 

      Enable scanning of e-mail attachments.

    • C. 

      Prevent the execution of .vbs files.

    • D. 

      Install a host based IDS (Intrusion Detection System)

  • 60. 
    • A. 

      Check for the file and delete it immediately.

    • B. 

      Check for the file, delete it immediately and copy the e-mail to all distribution lists.

    • C. 

      Report the contents of the message to the network administrator.

    • D. 

      Ignore the message. This is a virus hoax and no action is required

  • 61. 
    • A. 

      Investigate the e-mail as a possible hoax with a reputable anti-virus vendor.

    • B. 

      Immediately search for and delete the file if discovered.

    • C. 

      Broadcast a message to the entire organization to alert users to the presence of a virus.

    • D. 

      Locate and download a patch to repair the file.

  • 62. 
    Which of the following is the major difference between a worm and a Trojan horse?
    • A. 

      Worms are spread via e-mail while Trojan horses are not.

    • B. 

      Worms are self replicating while Trojan horses are not.

    • C. 

      Worms are a form of malicious code while Trojan horses are not.

    • D. 

      There is no difference.

  • 63. 
    Which of the following can distribute itself without using a host file?
    • A. 

      Virus.

    • B. 

      Trojan horse.

    • C. 

      Logic bomb.

    • D. 

      Worm.

  • 64. 
    What type of program will record system keystrokes in a text file and e-mail it to the author, and will also delete system logs every five days or whenever a backup is performed?
    • A. 

      Virus

    • B. 

      Back door.

    • C. 

      Logic bomb.

    • D. 

      Worm.

  • 65. 
    The system administrator of the company has resigned. When the administrator's user ID is deleted, the system suddenly begins deleting files. What type of malicious code is this?
    • A. 

      Logic bomb

    • B. 

      Virus

    • C. 

      Virus

    • D. 

      Worm

  • 66. 
    • A. 

      Worm

    • B. 

      SYN flood

    • C. 

      Virus

    • D. 

      Trojan Horse

    • E. 

      Logic Bomb

  • 67. 
    • A. 

      Virus

    • B. 

      Logic bomb

    • C. 

      Worm

    • D. 

      Trojan horse

  • 68. 
    What is a piece of malicious code that has no productive purpose but can replicate itself and exist only to damage computer systems or create further vulnerabilities called?
    • A. 

      Logic Bomb

    • B. 

      Worm

    • C. 

      Trojan Horse

    • D. 

      SYN flood

    • E. 

      Virus

  • 69. 
    Which of the following is used to describe an autonomous agent that copies itself into one or more host programs, then propagates when the host is run?
    • A. 

      Trojan horse

    • B. 

      Back door

    • C. 

      Logic bomb

    • D. 

      Virus

  • 70. 
    What is a program that can infect other programs by modifying them to include a version of it called?
    • A. 

      Replicator

    • B. 

      Virus

    • C. 

      Trojan horse

    • D. 

      Logic bomb

  • 71. 
    What type of virus can hides itself by intercepting disk access requests?
    • A. 

      Multipartite

    • B. 

      Stealth

    • C. 

      Interceptor

    • D. 

      Polymorphic

  • 72. 
    • A. 

      Find mechanism, initiation mechanism and propagate.

    • B. 

      Learning mechanism, contamination mechanism and exploit.

    • C. 

      Search mechanism, connection mechanism and integrate.

    • D. 

      Replication mechanism, activation mechanism and objective.

  • 73. 
    What is a program that appears to be useful but contains hidden code that allows unauthorized individuals to exploit or destroy data is commonly known?
    • A. 

      A virus

    • B. 

      A Trojan horse

    • C. 

      A worm

    • D. 

      A back door

  • 74. 
    Which malicious software can be transmitted across computer networks without user intervention?
    • A. 

      A worm can be transmitted without user intervention.

    • B. 

      A virus can be transmitted without user intervention.

    • C. 

      A logic bomb can be transmitted without user intervention.

    • D. 

      A Trojan horse can be transmitted without user intervention.

  • 75. 
    Identify the malicious software that can be transmitted across computer networks without needing a client to distribute the software?
    • A. 

      A Worm can be transmitted across computer networks without needing a client to distribute software.

    • B. 

      A Virus can be transmitted across computer networks without needing a client to distribute software.

    • C. 

      A Logic bomb can be transmitted across computer networks without needing a client to distribute software.

    • D. 

      A Trojan horse can be transmitted across computer networks without needing a client to distribute software.

  • 76. 
    Which program replicate independently across networks?
    • A. 

      Spyware will replicate independently.

    • B. 

      Worm will replicate independently.

    • C. 

      Trojan horse will replicate independently.

    • D. 

      Virus will replicate independently.

  • 77. 
    • A. 

      A Worm will permit credit card theft.

    • B. 

      A SPIM will permit credit card theft.

    • C. 

      An Adware will permit credit card theft.

    • D. 

      A Phishing will permit credit card theft.

    • E. 

      A Virus will permit credit card theft.

  • 78. 
    You receive an e-mail to reset the online banking username and password. When you attempt to access the link the URL appearing in the browser does not match the link. What is this known as?
    • A. 

      This situation is known as redirecting.

    • B. 

      This situation is known as spoofing.

    • C. 

      This situation is known as hijacking.

    • D. 

      This situation is known as phishing.

  • 79. 
    How can you monitor the online activities of a user?
    • A. 

      Viruses will permit monitoring of online activities.

    • B. 

      Spy ware will permit monitoring of online activities.

    • C. 

      Logic bomb will permit monitoring of online activities.

    • D. 

      Worms will permit monitoring of online activities.

  • 80. 
    • A. 

      This can be described as a hoax.

    • B. 

      This can be described as packet sniffing.

    • C. 

      This can be described as phishing.

    • D. 

      This can be described as spam.

  • 81. 
    • A. 

      This program illustrates a Virus.

    • B. 

      This program illustrates a Trojan horse.

    • C. 

      This program illustrates a Worm.

    • D. 

      This program illustrates a Logic bomb.

  • 82. 
    • A. 

      This can be accomplished by installing personal firewalls on the mobile phones.

    • B. 

      This can be accomplished by installing HIDS on the mobile phones.

    • C. 

      This can be accomplished by installing logging software on the mobile phones.

    • D. 

      This can be accomplished by installing antivirus software on the mobile phones.

  • 83. 
    What is used by anti-virus software to detect unknown viruses?
    • A. 

      Zero-day algorithm is used to detect unknown viruses.

    • B. 

      Heuristic analysis is used to detect unknown viruses.

    • C. 

      Random scanning is used to detect unknown viruses.

    • D. 

      Quarantining is used to detect unknown viruses.

  • 84. 
    Identify the malicious code that enters a system and stay inactive until a user opens that particular program then starts to delete the contents of attached network drives and removable storage devices?
    • A. 

      The malicious code is known as logic bomb.

    • B. 

      The malicious code is known as Trojan horse.

    • C. 

      The malicious code is known as honeypot.

    • D. 

      The malicious code is known as worm.

  • 85. 
    Identify the malicious code that enters the system via a freely distributed game that is purposely installed and played?
    • A. 

      It can enter a system by means of a logic bomb.

    • B. 

      It can enter a system by means of a Trojan horse.

    • C. 

      It can enter a system by means of a worm.

    • D. 

      It can enter a system by means of an e-mail attachment.

  • 86. 
    Identify the malicious code that does not need human involvement to install itself and to spread?
    • A. 

      A Virus does not need human involvement.

    • B. 

      A Trojan horse does not need human involvement.

    • C. 

      A Logic bomb does not need human involvement.

    • D. 

      A Worm does not need human involvement.

  • 87. 
    Identify the malicious software that will replicate itself by connecting to other programs on the same host workstation?
    • A. 

      A Worm will attach to another program.

    • B. 

      A Virus will attach to another program.

    • C. 

      A Logic bomb will attach to another program.

    • D. 

      A Trojan horse will attach to another program.

  • 88. 
    What are MITRE and CERT?
    • A. 

      They are anti-virus software institutes.

    • B. 

      They are virus and malware cataloging organizations.

    • C. 

      They are virus broadcast monitoring tools.

    • D. 

      They are spyware and virus distributing software.

  • 89. 
    With regards to the use of Instant Messaging, which of the following type of attack can best be guarded against by user awareness training?
    • A. 

      Social engineering

    • B. 

      Stealth

    • C. 

      Ambush

    • D. 

      Multi-prolonged

  • 90. 
    What is the most common method of social engineering?
    • A. 

      Looking through users' trash for information

    • B. 

      Calling users and asking for information

    • C. 

      E-mailing users and asking for information

    • D. 

      E-mail

  • 91. 
    What do intruders use most often to gain unauthorized-access to a system?
    • A. 

      Brute force attack.

    • B. 

      Key logging

    • C. 

      Trojan horse.

    • D. 

      Social engineering.

  • 92. 
    Which of the following measures can be used to guard against a social engineering attack?
    • A. 

      Education, limit available information and security policy.

    • B. 

      Education, firewalls and security policy.

    • C. 

      Security policy, firewalls and incident response.

    • D. 

      Security policy, system logging and incident response.

  • 93. 
    Which of the following is an example of the theft of network passwords without the use of software tools?
    • A. 

      Trojan programs.

    • B. 

      Social engineering.

    • C. 

      Sniffing.

    • D. 

      Hacking.

  • 94. 
    Which of the following type of attack CANNOT be deterred solely through technical means?
    • A. 

      Dictionary.

    • B. 

      Man in the middle.

    • C. 

      DoS (Denial of Service).

    • D. 

      Social engineering.

  • 95. 
    • A. 

      Strong passwords are not required

    • B. 

      Lack of security awareness

    • C. 

      Multiple logins are allowed

    • D. 

      Audit logs are not monitored frequently

  • 96. 
    In which of the following would an attacker impersonate a dissatisfied customer of a company and requesting a password change on the customer's account?
    • A. 

      Hostile code.

    • B. 

      Social engineering.

    • C. 

      IP (Internet Protocol) spoofing.

    • D. 

      Man in the middle attack.

  • 97. 
    You are the network administrator at Certkiller .com. During a routing site audit of Certkiller 's wireless network, you discover an unauthorized Access Point under the desk of Sales department user. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. What type of attack have you become a victim of?
    • A. 

      SYN Flood.

    • B. 

      Distributed Denial of Service.

    • C. 

      Man in the Middle attack.

    • D. 

      TCP Flood.

    • E. 

      None of the Above

  • 98. 
    You are the network administrator at Certkiller .com. During a routing site audit of Certkiller 's wireless network, you discover an unauthorized Access Point under the desk of Sales department user. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. What type of attack have you become a victim of?
    • A. 

      Halloween attack

    • B. 

      Phone tag

    • C. 

      Replay attack

    • D. 

      Social Engineering

    • E. 

      IP Spoofing.

  • 99. 
    Which of the following is the most effective defense against a social engineering attack?
    • A. 

      Marking of documents

    • B. 

      Escorting of guests

    • C. 

      Badge security system

    • D. 

      Training and awareness

  • 100. 
    Identify the techniques apart from bribery and forgery that attackers use to socially engineer people? (Choose TWO)
    • A. 

      Flattery is a most common method.

    • B. 

      Dumpster diving is a most common method.

    • C. 

      Phreaking is a most common method.

    • D. 

      Assuming a position of authority is a most common method.

    • E. 

      Who is search is a most common method.