1.
QUESTION NO: 401To facilitate compliance with the Internet use portion of the corporate acceptable use policy, an administrator implements a series of proxy servers and firewalls. The administrator furtherrecommends installation of software based firewalls on each host on the network. Which of the following would have provided an alternative simpler solution?
Correct Answer
A. Internet content filter
Explanation
An internet content filter would have provided an alternative simpler solution to facilitate compliance with the Internet use portion of the corporate acceptable use policy. This type of filter allows the administrator to control and restrict access to certain websites and content, ensuring that employees adhere to the policy without the need for implementing proxy servers, firewalls, or additional software on each host. By using an internet content filter, the administrator can easily manage and enforce the acceptable use policy across the network.
2.
QUESTION NO: 402The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive datA. The security administrator advises the marketing department not to distribute the USB pens due to which of the following?
Correct Answer
A. The risks associated with the large capacity of USB drives and their concealable nature
Explanation
The risks associated with the large capacity of USB drives and their concealable nature pose a threat to the security of sensitive data. USB drives can easily be lost or stolen, and their large storage capacity makes it possible for a significant amount of data to be compromised. Additionally, their small size makes them easy to conceal and transport without detection. Given the client's history of social engineering attacks and data loss, the security administrator advises against distributing the USB pens to mitigate the risk of further data breaches.
3.
QUESTION NO: 403
USB drives create a potential security risk due to which of the following?
Correct Answer
D. Potential for software introduction
Explanation
USB drives create a potential security risk due to their potential for software introduction. USB drives can be easily infected with malware or viruses, and when inserted into a computer, they can transfer the malicious software onto the system. This can lead to unauthorized access, data breaches, and other security threats. Therefore, the potential for software introduction through USB drives poses a significant security risk.
4.
QUESTION NO: 404
As a best practice, risk assessments should be based upon which of the following?
Correct Answer
C. A quantitative measurement of risk, impact and asset value
Explanation
Risk assessments should be based on a quantitative measurement of risk, impact, and asset value. This means that the assessment should involve a numerical evaluation of the likelihood and potential consequences of risks, as well as the value of the assets that could be affected. This approach allows for a more objective and systematic analysis of risks, enabling organizations to prioritize and allocate resources effectively to mitigate and manage those risks. A qualitative measurement may not provide enough detail or precision, while an absolute measurement of threats may not consider the potential impact or value of assets.
5.
QUESTION NO: 405
Which of the following is a cryptographic hash function?
Correct Answer
B. SHA
Explanation
SHA (Secure Hash Algorithm) is a cryptographic hash function. It is commonly used to ensure data integrity and security in various applications. SHA takes an input (message) and produces a fixed-size output (hash value) that is unique to the input. This hash value is used to verify the integrity of the data and detect any changes or tampering. SHA is widely used in digital signatures, password storage, and data verification processes. RSA, RC4, and ECC are encryption algorithms, not hash functions.
6.
QUESTION NO: 406
From a security standpoint, which of the following is the BEST reason to implement performance monitoring applications on network systems?
Correct Answer
D. To detect availability degradations caused by attackers
Explanation
Implementing performance monitoring applications on network systems is important from a security standpoint because it helps in detecting availability degradations caused by attackers. By monitoring the performance of the network systems, any abnormalities or anomalies caused by attackers can be identified and addressed promptly. This ensures that the network remains available and accessible to authorized users, minimizing the impact of potential attacks and maintaining the overall security of the system.
7.
QUESTION NO: 407
All of the following are methods used to conduct risk assessments EXCEPT:
Correct Answer
D. Disaster exercises.
Explanation
Disaster exercises are not typically used as a method to conduct risk assessments. While penetration tests, security audits, and vulnerability scans are all commonly used techniques to identify and assess potential risks and vulnerabilities in a system or organization, disaster exercises are typically focused on testing and evaluating the preparedness and response capabilities in the event of an actual disaster or emergency situation. Therefore, they are not directly related to assessing risks in the same way as the other methods mentioned.
8.
QUESTION NO: 408
After conducting a risk assessment, the main focus of an administrator should be which of the following?
Correct Answer
D. To ensure risk mitigation activities are implemented
Explanation
After conducting a risk assessment, the main focus of an administrator should be to ensure that risk mitigation activities are implemented. This means taking action to reduce or eliminate the identified risks. While it is important to report the results of the assessment to the users, the primary goal is to address the risks and protect the system. Mitigating threats and eliminating vulnerabilities are important steps in this process, but the ultimate objective is to implement measures that will reduce the overall risk to an acceptable level.
9.
QUESTION NO: 409
Which of the following is a BEST practice when implementing a new system?
Correct Answer
A. Disable unneeded services
Explanation
Disabling unneeded services is a best practice when implementing a new system because it helps to minimize the attack surface and reduce the potential vulnerabilities. By disabling unnecessary services, the system becomes more secure as there are fewer entry points for attackers. This practice also helps to optimize system resources and improve performance by eliminating unnecessary background processes. Additionally, disabling unneeded services can help to simplify system management and reduce the overall complexity of the system.
10.
QUESTION NO: 410
When installing and securing a new system for a home user which of the following are best
practices? (Select THREE).
Correct Answer(s)
A. Use a strong firewall.
C. Apply all system patches
F. Apply all service packs.
Explanation
The best practices for installing and securing a new system for a home user include using a strong firewall to protect against unauthorized access, applying all system patches to ensure the latest security updates are installed, and applying all service packs to keep the system up to date with the latest features and bug fixes. Blocking inbound access to port 80 can also be beneficial as it is commonly used for web traffic and can be a target for hackers. However, input validation and installing remote control software are not mentioned as best practices in this context and may not be relevant to securing a new system for a home user.
11.
QUESTION NO: 411
Which of the following describes a logic bomb?
Correct Answer
C. A piece of malicious code that executes based on an event or date
Explanation
A logic bomb is a piece of malicious code that is designed to execute based on a specific event or date. Once triggered, it can cause damage to a computer system or network. Unlike a virus or worm, a logic bomb does not have the ability to spread on its own. Instead, it remains dormant until the specified condition is met, such as a specific date or the occurrence of a particular event. When the condition is met, the logic bomb is activated and carries out its intended malicious actions.
12.
QUESTION NO: 412
Which of the following is a prerequisite for privilege escalation to occur?
Correct Answer
D. The attacker must have already gained entry into the system
Explanation
Privilege escalation refers to the act of gaining higher levels of access or privileges on a system than originally intended. In order for privilege escalation to occur, the attacker must first have already gained entry into the system. This means that they have bypassed any initial security measures and have successfully infiltrated the system. Once inside, they can then attempt to escalate their privileges to gain even more control over the system.
13.
QUESTION NO: 413
Which of the following is an example of an attack that executes once a year on a certain date?
Correct Answer
C. Logic bomb
Explanation
A logic bomb is a type of malicious code that is designed to execute at a specific time or when certain conditions are met. It is often used by attackers to cause damage or disrupt systems. In this case, the logic bomb is set to execute once a year on a particular date, making it an example of an attack that occurs annually on a specific date.
14.
QUESTION NO: 414
Which of the following is the GREATEST threat to highly secure environments?
Correct Answer
D. USB devices
Explanation
USB devices pose the greatest threat to highly secure environments because they can be easily used to introduce malware or unauthorized software into the system. USB devices can also be used to steal sensitive data or bypass security measures. Even if the network and BIOS configurations are secure, USB devices can still be used to compromise the security of the environment. RSA256, on the other hand, is a cryptographic algorithm and not a threat to secure environments.
15.
QUESTION NO: 415
Management has asked a technician to prevent data theft through the use of portable drives. Which of the following should the technician implement?
Correct Answer
D. Disable USB drives.
Explanation
The technician should implement the solution of disabling USB drives to prevent data theft through the use of portable drives. This solution will restrict the ability to connect any external storage devices, such as USB drives, to the system, thereby preventing unauthorized copying or transfer of data. This is a proactive measure that directly addresses the issue at hand and reduces the risk of data theft.
16.
QUESTION NO: 416
A technician has been informed that many of the workstations on the network are flooding servers. Which of the following is the MOST likely cause of this?
Correct Answer
A. Worm
Explanation
The most likely cause of the workstations flooding servers is a worm. Unlike viruses, worms do not require a host file or user interaction to spread. They can replicate themselves and spread across a network, consuming network resources and overwhelming servers. Worms are designed to exploit vulnerabilities in computer systems and can cause significant damage to network infrastructure.
17.
QUESTION NO: 417
Which of the following BEST describes a way to prevent buffer overflows?
Correct Answer
A. Apply all security patches to workstations
Explanation
Applying all security patches to workstations is the best way to prevent buffer overflows. Buffer overflows occur when a program tries to store more data in a buffer than it can hold, leading to the overflow of data into adjacent memory locations. By regularly applying security patches, any vulnerabilities or weaknesses in the software that could be exploited by attackers to cause buffer overflows can be addressed and fixed, reducing the risk of such attacks.
18.
QUESTION NO: 418
Which of the following is a security reason to implement virtualization throughout the network infrastructure?
Correct Answer
C. To isolate the various network services and roles
Explanation
Implementing virtualization throughout the network infrastructure allows for the isolation of various network services and roles. By separating these services and roles into virtual machines, any potential security breaches or vulnerabilities in one service or role will not affect the others. This helps to prevent lateral movement within the network and limits the impact of an attack. Additionally, virtualization provides the ability to easily manage and control access to each virtual machine, enhancing overall network security.
19.
QUESTION NO: 419
Which of the following is a reason to use a Faraday cage?
Correct Answer
C. To mitigate data emanation
Explanation
A Faraday cage is a metallic enclosure that is designed to block electromagnetic fields. It is used to mitigate data emanation, which refers to the unintentional leakage of electromagnetic signals from electronic devices. By using a Faraday cage, the electromagnetic signals are contained within the enclosure, preventing unauthorized access or interception of sensitive information. This is especially important in environments where data security is crucial, such as government agencies, military facilities, or research labs.
20.
QUESTION NO: 420
Weak encryption is a common problem with which of the following wireless protocols?
Correct Answer
B. WEP
Explanation
Weak encryption is a common problem with WEP (Wired Equivalent Privacy) wireless protocol. WEP is known for its vulnerabilities and has been deprecated due to its weak security measures. It uses a 40-bit or 104-bit encryption key, which can be easily cracked by attackers. This makes WEP susceptible to various attacks, such as packet sniffing and unauthorized access to the network. As a result, it is not recommended to use WEP for securing wireless networks.
21.
QUESTION NO: 421
Which of the following describes a tool used by organizations to verify whether or not a staff
member has been involved in malicious activity?
Correct Answer
A. Mandatory vacations
Explanation
Mandatory vacations are a tool used by organizations to verify whether or not a staff member has been involved in malicious activity. By requiring employees to take regular vacations, it allows for other employees to step in and perform the duties of the absent employee, potentially uncovering any suspicious or unauthorized activities that may have been taking place. This practice also helps to prevent fraud, as it becomes difficult for an employee to maintain a fraudulent scheme if they are required to take time off.
22.
QUESTION NO: 422
Which of the following is a cross-training technique where organizations minimize collusion
amongst staff?
Correct Answer
B. Job rotation
Explanation
Job rotation is a cross-training technique where employees are moved between different roles and responsibilities within an organization. This technique helps to minimize collusion among staff by preventing individuals from becoming too familiar or comfortable with a specific role or task. By rotating employees, organizations can reduce the risk of collusion and promote transparency and accountability within the workforce.
23.
QUESTION NO: 423
Which of the following will allow a technician to restrict a users access to the GUI?
Correct Answer
B. Group policy implementation
Explanation
Group policy implementation allows a technician to restrict a user's access to the GUI. Group policies are a feature in Windows operating systems that allow administrators to control the settings and configurations of multiple computers in a network. By implementing group policies, administrators can define specific access rights and permissions for users, including restricting their access to the graphical user interface (GUI). This can be useful in situations where certain users should only have limited access to certain features or applications on a computer.
24.
QUESTION NO: 424
Which of the following is the MOST common logical access control method?
Correct Answer
B. Usernames and password
Explanation
Usernames and passwords are the most common logical access control method because they are widely used and easy to implement. They provide a basic level of security by requiring users to enter a unique username and password combination to access a system or resource. This method is commonly used for online accounts, computer logins, and other digital systems. While it is not the most secure method, it is the most common due to its simplicity and familiarity to users.
25.
QUESTION NO: 425
Which of the following verifies control for granting access in a PKI environment?
Correct Answer
B. Certificate authority
Explanation
A certificate authority (CA) is responsible for verifying the identity of individuals or entities in a PKI environment and issuing digital certificates to them. These digital certificates are used to authenticate and authorize access to resources. The CA ensures that only authorized individuals or entities are granted access by verifying their identity through a rigorous process. The CA plays a crucial role in maintaining the security and integrity of the PKI environment by controlling the granting of access.
26.
QUESTION NO: 426
Which of the following explains the difference between a public key and a private key?
Correct Answer
D. The private key is only used by the client and kept secret while the public key is available to all
Explanation
The explanation for the given correct answer is that the private key is only used by the client and kept secret, while the public key is available to all. This is because in asymmetric encryption, the private key is used for decryption and is kept confidential by the client, while the public key is used for encryption and can be freely shared with others. The keys are mathematically related, but their usage and accessibility differ.
27.
QUESTION NO: 427
Which of the following is a countermeasure when power must be delivered to critical systems no matter what?
Correct Answer
A. Backup generator
Explanation
A backup generator is a countermeasure that ensures power can be delivered to critical systems even in the event of a power outage or failure. It serves as an alternative power source, providing electricity when the primary power source is unavailable. This helps to prevent disruptions and downtime in critical systems, ensuring their continuous operation and minimizing the impact of power failures. Backup generators are commonly used in industries and organizations where uninterrupted power supply is crucial for the functioning of critical systems.
28.
QUESTION NO: 428
Which of the following is the MOST important step to conduct during a risk assessment of
computing systems?
Correct Answer
B. The identification of missing patches
Explanation
The identification of missing patches is the most important step to conduct during a risk assessment of computing systems. This is because missing patches can leave systems vulnerable to security breaches and attacks. By identifying and addressing these missing patches, organizations can ensure that their systems are up to date with the latest security updates and minimize the risk of potential vulnerabilities being exploited.
29.
QUESTION NO: 429
Which of the following tools will allow a technician to detect security-related TCP connection anomalies?
Correct Answer
B. Performance monitor
Explanation
Performance monitor is a tool that allows a technician to detect security-related TCP connection anomalies. It provides real-time monitoring and analysis of system performance, including network activity. By monitoring TCP connections, the technician can identify any abnormal or suspicious behavior that may indicate a security breach or attack. This tool helps in identifying and addressing security issues promptly, enhancing the overall security of the system.
30.
QUESTION NO: 430
Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition?
Correct Answer
C. Anomaly-based
Explanation
Anomaly-based monitoring methodologies are designed to detect abnormal behavior or patterns that deviate from the expected or normal behavior. This means that when there is a security-related problem that results in an abnormal condition, an anomaly-based monitoring methodology will be able to identify and alert the technician about it. Unlike signature-based monitoring, which relies on known patterns or signatures of attacks, anomaly-based monitoring is more effective in detecting new or unknown threats. Therefore, it is the most appropriate choice for determining security-related problems that result in abnormal conditions.
31.
QUESTION NO: 431
Which of the following systems is BEST to use when monitoring application activity and
modification?
Correct Answer
C. HIDS
Explanation
HIDS, or Host-based Intrusion Detection System, is the best system to use when monitoring application activity and modification. HIDS operates on individual hosts and monitors the activities and changes occurring on that specific host. It can detect suspicious behavior, unauthorized access, and modifications made to applications on the host. By monitoring at the host level, HIDS provides a more detailed and comprehensive view of the application activity, making it the ideal choice for this purpose.
32.
QUESTION NO: 432
Which of the following is the MOST important thing to consider when implementing an IDS
solution?
Correct Answer
D. The personnel to interpret results
Explanation
The personnel to interpret results is the most important thing to consider when implementing an IDS solution. This is because even with the most advanced technology and accurate detection capabilities, the effectiveness of an IDS ultimately depends on the ability of trained personnel to interpret and respond to the results. Without skilled individuals to analyze the data and take appropriate action, the IDS solution would be ineffective in detecting and responding to potential threats. Therefore, having knowledgeable and experienced personnel is crucial for the successful implementation and operation of an IDS solution.
33.
QUESTION NO: 433
Which of the following is the FIRST step in the implementation of an IDS?
Correct Answer
D. Document the existing network.
Explanation
The first step in the implementation of an IDS is to document the existing network. This involves gathering information about the network infrastructure, including the network topology, devices, and their configurations. By documenting the existing network, organizations can gain a better understanding of their network environment and identify potential vulnerabilities or areas where an IDS may be needed. This information is crucial for effectively implementing an IDS and ensuring its proper functioning.
34.
QUESTION NO: 434
Which of the following encryption algorithms is used for encryption and decryption of data?
Correct Answer
D. RC5
Explanation
RC5 is an encryption algorithm that is used for both encryption and decryption of data. It is a symmetric key block cipher that operates on fixed-size blocks of data. RC5 uses a variable block size, key size, and number of rounds, making it flexible and adaptable to different security needs. It is known for its simplicity and efficiency, making it suitable for a wide range of applications that require secure data encryption and decryption.
35.
QUESTION NO: 435
Which of the following are the authentication header modes?
Correct Answer
B. Transport and Tunnel
Explanation
The correct answer is "Transport and Tunnel". These are the two modes of the authentication header (AH) protocol used in IPsec. The Transport mode is used to protect the payload of an IP packet, while the Tunnel mode is used to protect the entire IP packet by encapsulating it within a new IP packet. Both modes provide authentication and integrity protection for the IP packet, ensuring that it has not been modified during transit.
36.
QUESTION NO: 436
Which of the following would a technician use to check data integrity?
Correct Answer
D. Message authentication code
Explanation
A technician would use a message authentication code (MAC) to check data integrity. A MAC is a cryptographic checksum that is generated using a secret key and appended to a message. When the message is received, the recipient can recompute the MAC using the same key and compare it to the received MAC. If the two MACs match, it indicates that the message has not been tampered with during transmission and that the data integrity is intact.
37.
QUESTION NO: 437
Which of the following are the functions of asymmetric keys?
Correct Answer
D. Encrypt, sign, decrypt and verify
Explanation
Asymmetric keys are used in public key cryptography, where a pair of keys (public and private) are generated. The public key is used for encryption and verification, while the private key is used for decryption and signing. Therefore, the correct answer is "Encrypt, sign, decrypt and verify."
38.
QUESTION NO: 438
Which of the following is the purpose of the AH?
Correct Answer
B. Provides integrity
Explanation
The purpose of the AH (Authentication Header) is to provide integrity. It ensures that the data has not been tampered with during transmission by calculating a hash value of the data and including it in the header. This allows the recipient to verify the integrity of the data by recalculating the hash value and comparing it to the one in the header. The AH does not provide non-repudiation, authorization, or confidentiality.
39.
QUESTION NO: 439
Which of the following describes the insertion of additional bytes of data into a packet?
Correct Answer
D. Padding
Explanation
Padding refers to the process of adding extra bytes of data into a packet. This is commonly done to ensure that the packet meets a specific size requirement or to align the packet with a particular boundary. Padding can also be used for security purposes, such as to prevent attackers from being able to analyze the packet and determine its contents.
40.
QUESTION NO: 440
Which of the following is true regarding authentication headers (AH)?
Correct Answer
A. The authentication information is a keyed hash based on all of the bytes in the packet.
Explanation
The authentication information in AH is a keyed hash that is calculated based on all of the bytes in the packet. This means that any change in the packet's content will result in a different authentication information hash. Therefore, if the bytes change on transfer, the authentication information hash will also change. It is not possible for the authentication information to remain the same if the bytes change. Additionally, the authentication information will be different for different packets, even if the integrity remains intact.
41.
QUESTION NO: 441
Which of the following will allow wireless access to network resources based on certain ports?
Correct Answer
C. 8021x
Explanation
802.1x is a network authentication protocol that allows wireless access to network resources based on certain ports. It provides a way for devices to authenticate themselves before they are granted access to the network. By using 802.1x, network administrators can control which devices can connect to the network and what resources they can access based on the ports they use. This helps to enhance network security and prevent unauthorized access to sensitive information.
42.
QUESTION NO: 442
The method of controlling how and when users can connect in from home is called which of the following?
Correct Answer
A. Remote access policy
Explanation
A remote access policy is a method of controlling how and when users can connect in from home. It outlines the rules and guidelines for remote access to a network, including the authentication methods, encryption protocols, and user permissions. This policy helps ensure the security and integrity of the network by defining who can access it remotely and under what conditions. It also helps prevent unauthorized access and protects sensitive data from being compromised.
43.
QUESTION NO: 443
Which of the following is the main limitation with biometric devices?
Correct Answer
B. They are expensive and complex
Explanation
The main limitation with biometric devices is that they are expensive and complex. This means that the cost of implementing and maintaining biometric devices can be high, making it a less viable option for some organizations. Additionally, the complexity of these devices can make them difficult to set up and use, requiring specialized knowledge and expertise.
44.
QUESTION NO: 444
Who is ultimately responsible for the amount of residual risk?
Correct Answer
A. The senior management
Explanation
The senior management is ultimately responsible for the amount of residual risk. They are responsible for making strategic decisions and setting the overall direction and priorities of the organization. This includes determining the acceptable level of risk and ensuring that appropriate measures are in place to mitigate and manage that risk. The senior management has the authority and accountability to allocate resources and make decisions that impact the organization's overall risk posture.
45.
QUESTION NO: 445
Which of the following typically use IRC for command and control activities?
Correct Answer
D. Botnets
Explanation
Botnets typically use IRC (Internet Relay Chat) for command and control activities. IRC provides a platform for communication between the botmaster (the person controlling the botnet) and the compromised computers (known as bots) within the botnet. The botmaster can issue commands to the bots through IRC channels, allowing them to coordinate and control the activities of the botnet, such as launching DDoS attacks, sending spam emails, or stealing sensitive information. IRC offers anonymity and a decentralized structure, making it a popular choice for botnet command and control.
46.
QUESTION NO: 446
When designing a firewall policy, which of the following should be the default action?
Correct Answer
D. Implicit deny
Explanation
The default action for designing a firewall policy should be "Implicit deny". This means that unless explicitly allowed, all traffic should be denied by default. This approach follows the principle of least privilege, where only necessary and authorized traffic is allowed through the firewall. Implicit deny ensures that any traffic that is not specifically permitted is automatically blocked, providing an extra layer of security for the network.
47.
QUESTION NO: 447
If hashing two different files creates the same result, which of the following just occurred?
Correct Answer
B. A collision
Explanation
A collision just occurred. Hashing is a process of converting data into a fixed-size value, and it is expected that different inputs will produce different hash values. However, if two different files produce the same hash value, it indicates a collision, meaning that the hash function has generated the same output for different inputs. This can happen due to the limited range of hash values compared to the infinite number of possible inputs.
48.
QUESTION NO: 448
Which of the following type of protection is hashing used to provide?
Correct Answer
A. Integrity
Explanation
Hashing is used to provide integrity protection. Hashing is a process that takes input data and produces a fixed-size string of characters, which is known as a hash value or hash code. This hash value is unique to the input data, so even a small change in the input data will result in a completely different hash value. By comparing the hash values of the original and received data, integrity can be verified. If the hash values match, it means that the data has not been tampered with and its integrity is intact.
49.
QUESTION NO: 449
All of the following are part of the disaster recovery plan EXCEPT:
Correct Answer
D. Patch management software.
Explanation
The disaster recovery plan includes obtaining management buy-in, identifying all assets, and system backups. Patch management software, however, is not part of the disaster recovery plan. Patch management software is typically used to keep software and systems up to date with the latest patches and updates, but it is not directly related to recovering from a disaster.
50.
QUESTION NO: 450
Which of the following is MOST likely to make a disaster recovery exercise valuable?
Correct Answer
C. Learning from the mistakes of the exercise
Explanation
Learning from the mistakes of the exercise is likely to make a disaster recovery exercise valuable because it allows for identifying and addressing any weaknesses or gaps in the plan. By analyzing the mistakes made during the exercise, organizations can make improvements to their disaster recovery plan, ensuring it is more effective and efficient in the event of a real disaster. This continuous improvement process helps to enhance the organization's preparedness and response capabilities, ultimately increasing the likelihood of successful recovery in the face of a disaster.