Security + 6 (501-600)

35 Questions | Total Attempts: 44

SettingsSettingsSettings
Security Plus Quizzes & Trivia

Questions and Answers
  • 1. 
    Which of the following assets is MOST likely considered for DLP?
    • A. 

      Application server content

    • B. 

      USB mass storage devices

    • C. 

      Reverse proxy

    • D. 

      Print server

  • 2. 
    In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time?
    • A. 

      Import the recipient’s public key

    • B. 

      Import the recipient’s private key

    • C. 

      Export the sender’s private key

    • D. 

      Export the sender’s public key

  • 3. 
    A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?
    • A. 

      DoS

    • B. 

      Account lockout

    • C. 

      Password recovery

    • D. 

      Password complexity

  • 4. 
    A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?
    • A. 

      Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.

    • B. 

      Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.

    • C. 

      Exploit security controls to determine vulnerabilities and mis-configurations.

    • D. 

      Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.

  • 5. 
    A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?
    • A. 

      Spoof the MAC address of an observed wireless network client

    • B. 

      Ping the access point to discover the SSID of the network

    • C. 

      Perform a dictionary attack on the access point to enumerate the WEP key

    • D. 

      Capture client to access point disassociation packets to replay on the local PC’s loopback

  • 6. 
    After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).
    • A. 

      To allow load balancing for cloud support

    • B. 

      To allow for business continuity if one provider goes out of business

    • C. 

      To eliminate a single point of failure

    • D. 

      To allow for a hot site in case of disaster

    • E. 

      To improve intranet communication speeds

  • 7. 
    A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?
    • A. 

      The network uses the subnet of 255.255.255.128.

    • B. 

      The switch has several VLANs configured on it.

    • C. 

      The sub-interfaces are configured for VoIP traffic.

    • D. 

      The sub-interfaces each implement quality of service.

  • 8. 
    Which of the following should be enabled in a laptop’s BIOS prior to full disk encryption?
    • A. 

      USB

    • B. 

      HSM

    • C. 

      RAID

    • D. 

      TPM

  • 9. 
    Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank’s website, but not login. Which is the following is MOST likely the issue?
    • A. 

      The IP addresses of the clients have change

    • B. 

      The client certificate passwords have expired on the server

    • C. 

      The certificates have not been installed on the workstations

    • D. 

      The certificates have been installed on the CA

  • 10. 
    Digital Signatures provide which of the following?
    • A. 

      Confidentiality

    • B. 

      Authorization

    • C. 

      Integrity

    • D. 

      Authentication

    • E. 

      Availability

  • 11. 
    A user ID and password together provide which of the following?
    • A. 

      Authorization

    • B. 

      Auditing

    • C. 

      Authentication

    • D. 

      Identification

  • 12. 
    RADIUS provides which of the following?
    • A. 

      Authentication, Authorization, Availability

    • B. 

      Authentication, Authorization, Auditing

    • C. 

      Authentication, Accounting, Auditing

    • D. 

      Authentication, Authorization, Accounting

  • 13. 
    A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?
    • A. 

      Chain of custody

    • B. 

      Tracking man hours

    • C. 

      Record time offset

    • D. 

      Capture video traffic

  • 14. 
    In order for network monitoring to work properly, you need a PC and a network card running in what mode?
    • A. 

      Launch

    • B. 

      Exposed

    • C. 

      Promiscuous

    • D. 

      Sweep

  • 15. 
    Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts?
    • A. 

      Badlog

    • B. 

      Faillog

    • C. 

      Wronglog

    • D. 

      Killlog

  • 16. 
    A periodic update that corrects problems in one version of a product is called a
    • A. 

      Hotfix

    • B. 

      Overhaul

    • C. 

      Service pack

    • D. 

      Security update

  • 17. 
    A user has received an email from an external source which asks for details on the company’s new product line set for release in one month. The user has a detailed spec sheet but it is marked “Internal Proprietary Information”. Which of the following should the user do NEXT?
    • A. 

      Contact their manager and request guidance on how to best move forward

    • B. 

      Contact the help desk and/or incident response team to determine next steps

    • C. 

      Provide the requestor with the email information since it will be released soon anyway

    • D. 

      Reply back to the requestor to gain their contact information and call them

  • 18. 
    Which of the following techniques enables a highly secured organization to assess security weaknesses in real time?
    • A. 

      Access control lists

    • B. 

      Continuous monitoring

    • C. 

      Video surveillance

    • D. 

      Baseline reporting

  • 19. 
    Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?
    • A. 

      Fuzzing

    • B. 

      Patch management

    • C. 

      Error handling

    • D. 

      Strong passwords

  • 20. 
    Encryption of data at rest is important for sensitive information because of which of the following?
    • A. 

      Facilitates tier 2 support, by preventing users from changing the OS

    • B. 

      Renders the recovery of data harder in the event of user password loss

    • C. 

      Allows the remote removal of data following eDiscovery requests

    • D. 

      Prevents data from being accessed following theft of physical equipment

  • 21. 
    Which of the following is synonymous with a server’s certificate?
    • A. 

      Public key

    • B. 

      CRL

    • C. 

      Private key

    • D. 

      Recovery agent

  • 22. 
    A network administrator noticed various chain messages have been received by the company.Which of the following security controls would need to be implemented to mitigate this issue?
    • A. 

      Anti-spam

    • B. 

      Antivirus

    • C. 

      Host-based firewalls

    • D. 

      Anti-spyware

  • 23. 
    Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?
    • A. 

      SQL injection

    • B. 

      Session hijacking and XML injection

    • C. 

      Cookies and attachments

    • D. 

      Buffer overflow and XSS

  • 24. 
    Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?
    • A. 

      HIPS on each virtual machine

    • B. 

      NIPS on the network

    • C. 

      NIDS on the network

    • D. 

      HIDS on each virtual machine

  • 25. 
    A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?
    • A. 

      Penetration testing

    • B. 

      Honeynets

    • C. 

      Vulnerability scanning

    • D. 

      Baseline reporting

Back to Top Back to top