Which information security goal is impacted when an organization experiences a DoS or DDoS attack?

1. Confidentiality
2. Integrity
3. Availability
4. Denial

Chris is building an Ethernet network and knows that he needs to span a distance of more than 150 meters with his 1000BaseT network. What network technology should he use to help with this?

1. Install a repeater or a concentrator before 100 meters.
2. Use Category 7 cable, which has better shielding for higher speeds.
3. Install a gateway to handle the distance.
4. Use STP cable to handle the longer distance at high speeds.

What topology correctly describes Ethernet?

1. A ring
2. A star
3. A mesh
4. A bus

During a wireless network penetration test, Susan runs aircrack-ng against the network using a password file. What might cause her to fail in her password-cracking efforts?

1. Use of WPA2 encryption
2. Running WPA2 in Enterprise mode
3. Use of WEP encryption
4. Running WPA2 in PSK mode

What network topology is shown here?

1. A ring
2. A bus
3. A star
4. A mesh

During a review of her organization’s network, Angela discovered that it was suffering from broadcast storms and that contractors, guests, and organizational administrative staff were on the same network segment. What design change should Angela recommend?

1. Require encryption for all users.
2. Install a firewall at the network border.
3. Enable spanning tree loop detection.
4. Segment the network based on functional requirements.

In her role as an information security professional, Susan has been asked to identify areas where her organization’s wireless network may be accessible even though it isn’t intended to be. What should Susan do to determine where her organization’s wireless network is accessible?

1. A site survey
2. Warwalking
3. Wardriving
4. A design map

Which OSI layer includes electrical specifications, protocols, and interface standards?

1. The Transport layer
2. The Device layer
3. The Physical layer
4. The Data Link layer

Sarah is manually reviewing a packet capture of TCP traffic and finds that a system is setting the RST flag in the TCP packets it sends repeatedly during a short period of time. What does this flag mean in the TCP packet header?

1. RST flags mean “Rest.” The server needs traffic to briefly pause.
2. RST flags mean “Relay-set.” The packets will be forwarded to the address set in the packet.
3. RST flags mean “Resume Standard.” Communications will resume in their normal format.
4. RST means “Reset.” The TCP session will be disconnected.

Place the layers of the OSI model shown here in the appropriate order, from layer 1 to layer 7.

1. Application
2. Data Link
3. Network
4. Physical
5. Presentation
6. Session
7. Transport

Sue’s organization recently failed a security assessment because their network was a single flat broadcast domain, and sniffing traffic was possible between different functional groups. What solution should she recommend to help prevent the issues that were identified?

1. Use VLANs.
2. Change the subnet mask for all systems.
3. Deploy gateways.
4. Turn on port security.

Lauren wants to provide port-based authentication on her network to ensure that clients must authenticate before using the network. What technology is an appropriate solution for this requirement?

1. 802.11a
2. 802.3
3. 802.15.1
4. 802.1x

What network technology is best described as a token-passing network that uses a pair of rings with traffic flowing in opposite directions?

1. A ring topology
2. Token Ring
3. FDDI
4. SONET

Chris is designing layered network security for his organization. Using the following diagram, answer questions 14 through 16.

What type of firewall design is shown in the diagram?

1. A single-tier firewall
2. A two-tier firewall
3. A three-tier firewall
4. A four-tier firewall

If the VPN grants remote users the same access to network and system resources as local workstations have, what security issue should Chris raise?

1. VPN users will not be able to access the web server.
2. There is no additional security issue; the VPN concentrator’s logical network location matches the logical network location of the workstations.
3. Web server traffic is not subjected to stateful inspection.
4. VPN users should only connect from managed PCs.

If Chris wants to stop cross-site scripting attacks against the web server, what is the best device for this purpose, and where should he put it?

1. A firewall, location A
2. An IDS, location A
3. An IPS, location B
4. A WAF, location C

What network topology is shown in the following image?

1. A ring
2. A star
3. A bus
4. A mesh

A remote access tool that copies what is displayed on a desktop PC to a remote computer is an example of what type of technology?

1. Remote node operation
2. Screen scraping
3. Remote control
4. RDP

Ben is designing a Wi-Fi network and has been asked to choose the most secure option for the network. Which wireless security standard should he choose?

1. WPA2
2. WPA
3. WEP
4. AES

Which one of the following protocols is commonly used to provide backend authentication services for a VPN?

1. HTTPS
2. RADIUS
3. ESP
4. AH

Ben is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.x.x subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering?

1. 192.168.x.x is a nonroutable network and will not be carried to the Internet.
2. 192.168.1.40 is not a valid address because it is reserved by RFC 1918.
3. Double NATing is not possible using the same IP range.
4. The upstream system is unable to de-encapsulate his packets, and he needs to use PAT instead.

Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using?

1. A static packet filtering firewall
2. An application-level gateway firewall
3. A stateful packet inspection firewall
4. A circuit-level gateway firewall

What type of networking device is most commonly used to assign endpoint systems to VLANs?

1. Firewall
2. Router
3. Switch
4. Hub

Chris needs to design a firewall architecture that can support a DMZ, a database, and a private internal network in a secure manner that separates each function. What type of design should he use, and how many firewalls does he need?

1. A four-tier firewall design with two firewalls
2. A two-tier firewall design with three firewalls
3. A three-tier firewall design with at least one firewall
4. A single-tier firewall design with three firewalls

Which of the following is not a potential problem with active wireless scanning?

1. Accidently scanning apparent rogue devices that actually belong to guests
2. Causing alarms on the organization’s wireless IPS
3. Scanning devices that belong to nearby organizations
4. Misidentifying rogue devices

The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model?

1. Layer 1
2. Layer 2
3. Layer 3
4. Layer 4

John’s network begins to experience symptoms of slowness. Upon investigation, he realizes that the network is being bombarded with TCP SYN packets and believes that his organization is the victim of a denial-of-service attack. What principle of information security is being violated?

1. Availability
2. Integrity
3. Confidentiality
4. Denial

What speed is Category 3 UTP cable rated for?

1. 5 Mbps
2. 10 Mbps
3. 100 Mbps
4. 1000 Mbps

Lauren’s organization has used a popular messaging service for a number of years. Recently, concerns have been raised about the use of messaging. Using the following diagram, answer questions 29–31 about messaging.

What protocol is the messaging traffic most likely to use based on the diagram?

1. SLACK
2. HTTP
3. SMTP
4. HTTPS

What security concern does sending internal communications from A to B raise?

1. The firewall does not protect system B.
2. System C can see the broadcast traffic from system A to B.
3. It is traveling via an unencrypted protocol.
4. Messaging does not provide nonrepudiation.

How could Lauren’s company best address a desire for secure messaging for users of internal systems A and C?

1. Use a third-party messaging service.
2. Implement and use a locally hosted service.
3. Use HTTPS.
4. Discontinue use of messaging and instead use email, which is more secure.

Chris is configuring an IDS to monitor for unencrypted FTP traffic. What ports should Chris use in his configuration?

1. TCP 20 and 21
2. TCP 21 only
3. UDP port 69
4. TCP port 21 and UDP port 21

During a penetration test, Lauren is asked to test the organization’s Bluetooth security. Which of the following is not a concern she should explain to her employers?

1. Bluetooth scanning can be time-consuming.
2. Many devices that may be scanned are likely to be personal devices.
3. Bluetooth passive scans may require multiple visits at different times to identify all targets.
4. Bluetooth active scans can’t evaluate the security mode of Bluetooth devices.

What network tool can be used to protect the identity of clients while providing Internet access by accepting client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out to their destination?

1. A gateway
2. A proxy
3. A router
4. A firewall

In the OSI model, when a packet changes from a datastream to a segment or a datagram, what layer has it traversed?

1. The Transport layer
2. The Application layer
3. The Data Link layer
4. The Physical layer

The Windows ipconfig command displays the following information:

• BC-5F-F4-7B-4B-7D
• What term describes this, and what information can usually be gathered from it?

1. The IP address, the network location of the system
2. The MAC address, the network interface card’s manufacturer
3. The MAC address, the media type in use
4. The IPv6 client ID, the network interface card’s manufacturer

Why should passive scanning be conducted in addition to implementing wireless security technologies like wireless intrusion detection systems?

1. It can help identify rogue devices.
2. It can test the security of the wireless network via scripted attacks.
3. Their short dwell time on each wireless channel can allow them to capture more packets.
4. They can help test wireless IDS or IPS systems.

What network topology is shown in the following image?

1. A ring
2. A bus
3. A star
4. A mesh

Chris is setting up a hotel network and needs to ensure that systems in each room or suite can connect to each other, but systems in other suites or rooms cannot. At the same time, he needs to ensure that all systems in the hotel can reach the Internet. What solution should he recommend as the most effective business solution?

1. Per-room VPNs
2. VLANs
3. Port security
4. Firewalls

Match each of the numbered TCP ports listed with the associated lettered protocol provided:

John deploys his website to multiple regions using load balancers around the world through his cloud infrastructure as a service provider. What availability concept is he using?

1. Multiple processing sites
2. Warm sites
3. Cold sites
4. A honeynet

There are four common VPN protocols. Which group listed contains all of the common VPN protocols?

1. PPTP, LTP, L2TP, IPsec
2. PPP, L2TP, IPsec, VNC
3. PPTP, L2F, L2TP, IPsec
4. PPTP, L2TP, IPsec, SPAP

Lauren’s organization has deployed VoIP phones on the same switches that the desktop PCs are on. What security issue could this create, and what solution would help?

1. VLAN hopping; use physically separate switches.
2. VLAN hopping; use encryption.
3. Caller ID spoofing; MAC filtering
4. Denial-of-service attacks; use a firewall between networks.

Staff from Susan’s company often travel internationally. Susan believes that they may be targeted for corporate espionage activities because of the technologies that her company is developing. What practice should Susan recommend that they adopt for connecting to networks while they travel?

1. Only connect to public Wi-Fi.
2. Use a VPN for all connections.
3. Only use websites that support TLS.
4. Do not connect to networks while traveling.

One of Susan’s attacks during a penetration test involves inserting false ARP data into a system’s ARP cache. When the system attempts to send traffic to the address it believes belongs to a legitimate system, it will instead send that traffic to a system she controls. What is this attack called?

1. RARP flooding
2. ARP cache poisoning
3. A denial-of-ARP attack
4. ARP buffer blasting

Which one of the following traffic types should not be blocked by an organization’s egress filtering policy?

1. Traffic destined to a private IP address
2. Traffic with a broadcast destination
3. Traffic with a source address from an external network
4. Traffic with a destination address on an external network

A denial-of-service (DoS) attack that sends fragmented TCP packets is known as what kind of attack?

1. Christmas tree
2. Teardrop
3. Stack killer
4. Frag grenade

Angela uses a sniffer to monitor traffic from a RADIUS server configured with default settings. What protocol should she monitor, and what traffic will she be able to read?

1. UDP, none. All RADIUS traffic is encrypted.
2. TCP, all traffic but the passwords, which are encrypted
3. UDP, all traffic but the passwords, which are encrypted
4. TCP, none. All RADIUS traffic is encrypted.

Segmentation, sequencing, and error checking all occur at what layer of the OSI model that is associated with SSL, TLS, and UDP?

1. The Transport layer
2. The Network layer
3. The Session layer
4. The Presentation layer

In what type of attack do attackers manage to insert themselves into a connection between a user and a legitimate website?

1. Man-in-the-middle
2. Fraggle
3. Wardriving
4. Meet-in-the-middle

What type of key does WEP use to encrypt wireless communications?

1. An asymmetric key
2. Unique key sets for each host
3. A predefined shared static key
4. Unique asymmetric keys for each host

What does a bluesnarfing attack target?

1. Data on IBM systems
2. An outbound phone call via Bluetooth
3. 802.11b networks
4. Data from a Bluetooth-enabled device

Susan is writing a best practices statement for her organizational users who need to use Bluetooth. She knows that there are many potential security issues with Bluetooth and wants to provide the best advice she can. Which of the following sets of guidance should Susan include?

1. Use Bluetooth’s built-in strong encryption, change the default PIN on your device, turn off discovery mode, and turn off Bluetooth when it’s not in active use.
2. Use Bluetooth only for those activities that are not confidential, change the default PIN on your device, turn off discovery mode, and turn off Bluetooth when it’s not in active use.
3. Use Bluetooth’s built-in strong encryption, use extended (eight digits or longer) Bluetooth PINs, turn off discovery mode, and turn off Bluetooth when it’s not in active use.
4. Use Bluetooth only for those activities that are not confidential, use extended (eight digits or longer) Bluetooth PINs, turn off discovery mode, and turn off Bluetooth when it’s not in active use.

Lauren uses the ping utility to check whether a remote system is up as part of a penetration testing exercise. If she does not want to see her own ping packets, what protocol should she filter out from her packet sniffer’s logs?

1. UDP
2. TCP
3. IP
4. ICMP

During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry:

• 21/open
• 23/open
• What services are likely running on those ports?

1. SSH and FTP
2. FTP and Telnet
3. SMTP and Telnet
4. POP3 and SMTP

One of the findings that Jim made when performing a security audit was the use of non-IP protocols in a private network. What issue should Jim point out that may result from the use of these non-IP protocols?

1. They are outdated and cannot be used on modern PCs.
2. They may not be able to be filtered by firewall devices.
3. They may allow Christmas tree attacks.
4. IPX extends on the IP protocol and may not be supported by all TCP stacks.

What type of attack is most likely to occur after a successful ARP spoofing attempt?

1. A DoS attack
2. A Trojan
3. A replay attack
4. A man-in-the-middle attack

Arnold is receiving reports from end users that their Internet connections are extremely slow. He looks at the firewall and determines that there are thousands of unexpected inbound connections per second arriving from all over the world. What type of attack is most likely occurring?

1. A worm
2. A denial-of-service attack
3. A virus
4. A smurf attack

Jim is building a research computing system that benefits from being part of a full mesh topology between systems. In a five-node full mesh topology design, how many connections will an individual node have?

1. Two
2. Three
3. Four
4. Five

During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make?

1. Continue to use LEAP. It provides better security than TKIP for WPA networks.
2. Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported.
3. Continue to use LEAP to avoid authentication issues, but move to WPA2.
4. Use an alternate protocol like PEAP or EAP-TLS, and implement Wired Equivalent Privacy to avoid wireless security issues.

Which one of the following security tools is not capable of generating an active response to a security event?

1. IPS
2. Firewall
3. IDS
4. Antivirus software

For questions 62–65, please refer to a stateful inspection firewall running the rulebase shown here. The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions 62–65.

Which one of the following rules is not shown in the rulebase but will be enforced by the firewall?

1. Stealth
2. Implicit deny
3. Connection proxy
4. Egress filter

What type of server is running at IP address 10.1.0.26?

1. Email
2. Web
3. FTP
4. Database

The system at 15.246.10.1 attempts HTTP and HTTPS connections to the web server running at 10.1.0.50. Which one of the following statements is true about that connection?

1. Both connections will be allowed.
2. Both connections will be blocked.
3. The HTTP connection will be allowed, and the HTTPS connection will be blocked.
4. The HTTP connection will be blocked, and the HTTPS connection will be allowed.

What value should be used to fill in the source port for rule 3?

1. 25
2. 465
3. 80
4. Any

What type of firewall design is shown in the following image?

1. Single-tier
2. Two-tier
3. Three-tier
4. Next generation

Ben has configured his network to not broadcast an SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?

1. Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets.
2. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer.
3. Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID.
4. Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network.

The DARPA TCP/IP model’s Application layer matches up to what three OSI model layers?

1. Application, Presentation, and Transport
2. Presentation, Session, and Transport
3. Application, Presentation, and Session
4. There is not a direct match. The TCP model was created before the OSI model.

When a host on an Ethernet network detects a collision and transmits a jam signal, what happens next?

1. The host that transmitted the jam signal is allowed to retransmit while all other hosts pause until that transmission is received successfully.
2. All hosts stop transmitting, and each host waits a random period of time before attempting to transmit again.
3. All hosts stop transmitting, and each host waits a period of time based on how recently it successfully transmitted.
4. Hosts wait for the token to be passed and then resume transmitting data as they pass the token.

Which of the following options includes standards or protocols that exist in layer 6 of the OSI model?

1. NFS, SQL, and RPC
2. TCP, UDP, and TLS
3. JPEG, ASCII, and MIDI
4. HTTP, FTP, and SMTP

WPA2’s Counter Mode Cipher Block Chaining Message Authentication Mode Protocol (CCMP) is based on which common encryption scheme?

1. DES
2. 3DES
3. AES
4. TLS

What type of firewall design does the following image show?

1. A single-tier firewall
2. A two-tier firewall
3. A three-tier firewall
4. A fully protected DMZ firewall

During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted?

1. DNS spoofing
2. DNS poisoning
3. ARP spoofing
4. A Cain attack

Which of the following does not describe data in motion?

1. Data on a backup tape that is being shipped to a storage facility
2. Data in a TCP packet
3. Data in an e-commerce transaction
4. Data in files being copied between locations

Kim is troubleshooting an application firewall that serves as a supplement to the organization’s network and host firewalls and intrusion prevention system, providing added protection against web-based attacks. The issue the organization is experiencing is that the firewall technology suffers somewhat frequent restarts that render it unavailable for 10 minutes at a time. What configuration might Kim consider to maintain availability during that period at the lowest cost to the company?

1. High availability cluster
2. Failover device
3. Fail open
4. Redundant disks

Chris uses a cellular hot spot (modem) to provide Internet access when he is traveling. If he leaves the hot spot connected to his PC while his PC is on his organization’s corporate network, what security issue might he cause?

1. Traffic may not be routed properly, exposing sensitive data.
2. His system may act as a bridge from the Internet to the local network.
3. His system may be a portal for a reflected DDoS attack.
4. Security administrators may not be able to determine his IP address if a security issue occurs.

Ben has deployed a 1000BaseT 1 gigabit network and needs to run a cable to another building. If Ben is running his link directly from a switch to another switch in that building, what is the maximum distance Ben can cover according to the 1000BaseT specification?

1. 2 kilometers
2. 500 meters
3. 185 meters
4. 100 meters

Match the following numbered wireless attack terms with their appropriate lettered descriptions:

Lisa is attempting to prevent her network from being targeted by IP spoofing attacks as well as preventing her network from being the source of those attacks. Which one of the following rules is not a best practice that Lisa can configure at her network border?

1. Block packets with internal source addresses from entering the network.
2. Block packets with external source addresses from leaving the network.
3. Block packets with private IP addresses from exiting the network.
4. Block packets with public IP addresses from entering the network.

Lauren’s and Nick’s PCs simultaneously send traffic by transmitting at the same time. What network term describes the range of systems on a network that could be affected by this same issue?

1. The subnet
2. The supernet
3. A collision domain
4. A broadcast domain

What type of firewall is capable of inspecting traffic at layer 7 and performing protocol-specific analysis for malicious traffic?

1. Application firewall
2. Stateful inspection firewall
3. Packet filtering firewall
4. Bastion host

Which of the following sequences properly describes the TCP three-way handshake?

1. SYN, ACK, SYN/ACK
2. PSH, RST, ACK
3. SYN, SYN/ACK, ACK
4. SYN, RST, FIN

SMTP, HTTP, and SNMP all occur at what layer of the OSI model?

1. Layer 4
2. Layer 5
3. Layer 6
4. Layer 7

During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong?

1. The Application layer
2. The Session layer
3. The Physical layer
4. The Data Link layer

What technology could Lauren’s employer implement to help prevent confidential data from being emailed out of the organization?

1. DLP
2. IDS
3. A firewall
4. UDP