John is looking for a new firewall for a small company. He is concerned about DoS attacks, particularly the SYN flood. Which type of firewall would give the best protection against the SYN flood?

1. Packet filter
2. Application gateway
3. Bastion
4. SPI

You are responsible for network security at an insurance company. A lot of employees bring their own devices. You have security concerns about this. You have decided to implement a process whereby when users connect to your network, their devices are scanned. If a device does not meet your minimum security requirements, it is not allowed to connect. What best describes this?

1. NAC
2. SPI
3. IDS
4. BYOD

Ahmed is responsible for VPN connections at his company. His company uses IPSec exclusively. He has decided to implement IPSec in a mode that encrypts the data of only the packet, not the headers. What is this called?

1. Tunneling
2. IKE
3. ESP
4. Transport

Maria is responsible for monitoring IDS activity on her company’s network. Twice in the past month there has been activity reported on the IDS that investigation has shown was legitimate traffic. What best describes this?

1. False negative
2. Passive
3. Active
4. False positive

Juanita is a network administrator for a large university. The university has numerous systems, each with logs she must monitor and analyze. What would be the best approach for her to view and analyze logs from a central server?

1. NAC
2. Port forwarding
3. IDS
4. SIEM

Enrique is responsible for web application security at his company. He is concerned about attacks such as SQL injection. Which of the following devices would provide the best protection for web attacks on his web application server?

1. ACL
2. SPI
3. WAF
4. IDS

ACME Company has several remote offices. The CIO wants to set up permanent secure connections between the remote offices and the central office. What would be the best solution for this?

1. L2TP VPN
2. IPSEC VPN
3. Site-to-site VPN
4. Remote-access VPN

Mary is responsible for network security at a medium-sized insurance company. She is concerned that the offices are too open to public traffic and someone could simply connect a laptop to an open RJ45 jack and access the network. Which of the following would best address this concern?

1. ACL
2. IDS
3. VLAN
4. Port security

You are the network administrator for an e-commerce company. You are responsible for the web server cluster. You are concerned about not only failover, but also load-balancing and using all the servers in your cluster to accomplish load-balancing. What should you implement?

1. Active-active
2. Active-passive
3. Affinity
4. Round-robin

Donald is working as a network administrator. He is responsible for the database cluster. Connections are load-balanced in the cluster by each new connection being simply sent to the next server in the cluster. What type of load-balancing is this?

1. Round-robin
2. Affinity
3. Weighted
4. Rotating

Gerald is setting up new wireless access points throughout his company’s building. The wireless access points have just the radio transceiver, with no additional functionality. What best describes these wireless access points?

1. Fat
2. Repeater
3. Thick
4. Thin

Mohaned is an IT manager for a hotel. His hotel wants to put wireless access points on each floor. The specifications state that the wireless access points should have minimal functionality, with all the configuration, authentication, and other functionality centrally controlled. What type of wireless access points should Mohaned consider purchasing?

1. Fat
2. Controller-based
3. Stand-alone
4. 801.11i

What IPSec protocol provides authentication and encryption?

1. AH
2. ESP
3. IKE
4. ISAKMP

Terrance is implementing IPSec. He wants to ensure that the packets are encrypted, and that the packet and all headers are authenticated. What should he implement?

1. AH
2. ESP
3. AH and ESP
4. IKE

You are responsible for security at your company. One of management’s biggest concerns is that employees might exfiltrate sensitive data. Which of the following would you implement first?

1. IPS
2. Routine audits of user machines
3. VLAN
4. USB blocking

You are responsible for email server security in your company. You want to implement encryption of all emails, using third-party authenticated certificates. What protocol should you implement?

1. IMAP
2. S/MIME
3. PGP
4. SMTP-S

Joanne is responsible for all remote connectivity to her company’s network. She knows that administrators frequently log in to servers remotely to execute command-line commands and Linux shell commands. She wants to make sure this can only be done if the transmission is encrypted. What protocol should she use?

1. HTTPS
2. RDP
3. Telnet
4. SSH

You are responsible for network management at your company. You have been using SNMP for many years. You are currently using SNMP v2. A colleague has recently suggested you upgrade to SNMP v3. What is the primary benefit of SNMP v3?

1. It is much faster.
2. It integrates with SIEM.
3. It uses CHAP authentication.
4. It is encrypted.

Employees in your company are allowed to use tablets. They can select a tablet from four different models approved by the company but purchased by the employee. What best describes this?

1. BYOD
2. CYOD
3. COPE
4. BYOE

Mahmoud is considering moving all company desktops to a VDI deployment. Which of the following would be a security advantage of VDI?

1. Employees can work from any computer in the company.
2. VDI is more resistant to malware.
3. Patch management is centrally controlled.
4. It eliminates man-in-the-middle attacks.

You have been assigned to select a backup communication method for your company to use in case of significant disasters that disrupt normal communication. Which option would provide the most reliability?

1. Cellular
2. WiFi
3. SATCOM
4. VoIP

John is concerned about the security of data on smartphones and tablets that his company issues to employees. Which of the following would be most effective in preventing data loss, should a device be stolen?

1. Remote wipe
2. Geolocation
3. Strong PIN
4. Limited data storage

What does geofencing accomplish?

1. Provides the location for a mobile device.
2. Limits the range a mobile device can be used in.
3. Determines WiFi coverage areas.
4. Segments the WiFi.

What best describes mobile device content management?

1. Limiting how much content can be stored.
2. Limiting the type of content that can be stored.
3. Blocking certain websites.
4. Digitally signing authorized content.

Frank believes there could be a problem accessing the DHCP server from a specific client. He wants to check by getting a new dynamic IP. What command will do this?

1. ipconfig /request
2. NETSTAT -renew
3. ipconfig /renew
4. NETSTAT /request

Teresa is responsible for network administration at a health club chain. She is trying for find a communication technology that uses low power and can spend long periods in low-power sleep modes. Which of the following technologies would be the best fit?

1. WiFi
2. Cellular
3. Bluetooth
4. ANT

What technology was first introduced in Windows Vista and still exists in Windows that helps prevent malware by requiring user authorization to run executables?

1. DEP
2. DLP
3. UTM
4. ANT

John is responsible for security of his company’s new e-commerce server. He wants to ensure that online transactions are secure. What technology should he use?

1. L2TP
2. IPSec
3. SSL
4. TLS

Frank is a network administrator for a small college. The college has implemented a simple NIDS. However, the NIDS seems to only catch well-known attacks. What technology is this NIDS likely missing?

1. Heuristic scanning
2. Signature scanning
3. Passive scanning
4. Active scanning

You are concerned about an attacker enumerating all of your network. What protocol might help at least mitigate this issue?

1. HTTPS
2. TLS
3. IPSec
4. LDAPS

You have been asked to implement a secure protocol for transferring files that uses digital certificates. Which protocol would be the best choice?

1. FTP
2. SFTP
3. FTPS
4. SCP

Ahmed is responsible for VoIP at his company. He has been directed to ensure that all VoIP calls have the option to be encrypted. What protocol is best suited for security VoIP calls?

1. SIP
2. TLS
3. SRTP
4. SSH

What is the purpose of screen locks on mobile devices?

1. To encrypt the device
2. To limit access to the device
3. To load a specific user’s apps
4. To connect to WiFi

Maria is a security engineer with a large bank. Her CIO has asked her to investigate the use of context-aware authentication for online banking. Which of the following best describes context-aware authentication?

1. In addition to username and password, authentication is based on the entire context (location, time of day, action being attempted, etc.).
2. Without a username or password, authentication is based on the entire context (location, time of day, action being attempted, etc.).
3. Authentication that requires a username and password, but in the context of a token or digital certificate
4. Authentication that requires a username and password, but not in the context of a token or digital certificate

What does application management accomplish for mobile devices?

1. Only allows applications from the iTunes store to be installed
2. Ensures the company has a list of all applications on the devices
3. Ensures only approved applications are installed on the devices
4. Updates patches on all applications on mobile devices

Dominick is responsible for security at a medium-sized insurance company. He is very concerned about detecting intrusions. The IDS he has purchased states that he must have an IDS on each network segment. What type of IDS is this?

1. Active
2. IPS
3. Passive
4. Inline

Remote employees at your company frequently need to connect to both the secure company network via VPN and open public websites, simultaneously. What technology would best support this?

1. Split tunnel
2. IPSec
3. Full tunnel
4. TLS

Denish is looking for a solution that will allow his network to retrieve information from a wide range of web resources, while all traffic passes through a proxy. What would be the best solution?

1. Forward proxy
2. Reverse proxy
3. SPI
4. Open proxy

Someone has been rummaging through your company’s trash bins seeking to find documents, diagrams, or other sensitive information that has been thrown out. What is this called?

1. Dumpster diving
2. Trash diving
3. Social engineering
4. Trash engineering

Derrick is responsible for a web server cluster at his company. The cluster uses various load-balancing protocols. Derrick wants to ensure that clients connecting from Europe are directed to a specific server in the cluster. What would be the best solution to his problem?

1. Affinity
2. Binding
3. Load balancing
4. Round-robin

Teresa is responsible for WiFi security in her company. Her main concern is that there are many other offices in the building her company occupies and that someone could easily attempt to breach their WiFi from one of these locations. What technique would be best in alleviating her concern?

1. Using thin WAPs
2. Geofencing
3. Securing the Admin screen
4. WAP placement

Juan is responsible for the SIEM in his company. The SIEM aggregates logs from 12 servers. In the event that a breach is discovered, which of the following would be Juan’s most important concern?

1. Event duplication
2. Time synchronization
3. Impact assessment
4. Correlation

When you are considering an NIDS or NIPS, what are your two most important concerns?

1. Cost and false positives
2. False positives and false negatives
3. Power consumption and cost
4. Management interface and cost

Shelly is very concerned about unauthorized users connecting to the company routers. She would like to prevent spoofing. What is the most essential antispoofing technique for routers?

1. ACL
2. Logon
3. NIPS
4. NIDS

Farès has implemented a flood guard. What type of attack is this most likely to defend against?

1. SYN attack
2. DNS poisoning
3. MAC spoofing
4. ARP spoofing

Terrance is trying to get all of his users to connect to a certificate server on his network. However, some of the users are using machines that are incompatible with the certificate server, and changing those machines is not an option. Which of the following would be the best solution for Terrance?

1. Use an application proxy for the certificate server.
2. Use NAT with the certificate server.
3. Change the server.
4. Implement a protocol analyzer.

John is implementing virtual IP load-balancing. He thinks this might alleviate network slowdowns, and perhaps even mitigate some of the impact of a denial-of-service attack. What is the drawback of virtual IP load-balancing?

1. It is resource-intensive.
2. Most servers don’t support it.
3. It is connection-based, not load-based.
4. It works only on Unix/Linux servers.

There has been a breach of the ACME network. John manages the SIEM at ACME. Part of the attack disrupted NTP; what SIEM issue would this most likely impact?

1. Time synchronization
2. Correlation
3. Event duplication
4. Events not being logged

What command would produce the image shown here?

1. ping -n 6 -l 100 192.168.1.1
2. ping 192.168.1.1 -n 6 -s 100
3. ping #6 s 100 192.168.1.1
4. ping -s 6 -w 100 192.168.1.1

You are a security officer for a large law firm. You are concerned about data loss prevention. You have limited the use of USBs and other portable media, you use an IDS to look for large volumes of outbound data, and a guard searches all personnel and bags before they leave the building. What is a key step in DLP that you have missed?

1. Portable drives
2. Email
3. Bluetooth
4. Optical media

Which of the following email security measures would have the most impact on phishing emails?

1. Email encryption
2. Hardening the email server
3. Digitally signing email
4. Spam filter

Joanne has implemented TLS for communication with many of her networks servers. She wants to ensure that the traffic cannot be sniffed. However, users now complain that this is slowing down connectivity. Which of the following is the best solution?

1. Increase RAM on servers.
2. Change routers to give more bandwidth to traffic to these servers.
3. Implement TLS accelerators.
4. Place all servers in clusters with extensive load-balancing.

Olivia has discovered steganography tools on an employee’s computer. What is the greatest concern regarding employees having steganography tools?

1. Password cracking
2. Data exfiltration
3. Hiding network traffic
4. Malware

What command would generate the output shown here?

1. netstat -a
2. netstat -o
3. arp -a
4. arp -g

John has discovered that an attacker is trying to get network passwords by using software that attempts a number of passwords from a list of common passwords. What type of attack is this?

1. Dictionary
2. Rainbow table
3. Brute force
4. Session hijacking

Isabella has found netcat installed on an employee’s computer. That employee is not authorized to have netcat. What security concern might this utility present?

1. It is a password cracker.
2. It is a packet sniffer.
3. It is a network communication utility.
4. It is a DoS tool.

Omar is a network administrator for ACME Company. He is responsible for the certificate authorities within the corporate network. The CAs publish their CRLs once per week. What, if any, security issue might this present?

1. Revoked certificates still being used
2. Invalid certificates being issued
3. No security issue
4. Certificates with weak keys

Hans is a network administrator for a large bank. He is concerned about employees violating software licenses. What would be the first step in addressing this issue?

1. Performing software audits
2. Scanning the network for installed applications
3. Establishing clear policies
4. Blocking the ability of users to install software

You are responsible for authentication methods at your company. You have implemented fingerprint scanners to enter server rooms. Frequently people are being denied access to the server room, even though they are authorized. What problem is this?

1. FAR
2. FRR
3. CER
4. EER

John is responsible for network security at a very small company. Due to both budget constraints and space constraints, John can select only one security device. What should he select?

1. Firewall
2. Antivirus
3. IDS
4. UTM

You are responsible for security at Acme Company. Recently, 20 new employee network accounts were created, with the default privileges for the network. You have discovered that eight of these have privileges that are not needed for their job tasks. Which security principle best describes how to avoid this problem in the future?

1. Least privileges
2. Separation of duties
3. Implicit deny
4. Weakest link

Mary is concerned that SIEM logs at her company are not being stored long enough, or securely enough. She is aware that it is possible a breach might not be discovered until long after it occurs. This would require the company to analyze older logs. It is important that Mary find an SIEM log backup solution that can a) handle all the aggregate logs of the SIEM, b) be maintained for a long period of time, and c) be secure. What solution would be best for her?

1. Back up to large-capacity external drives.
2. Back up to large-capacity backup tapes.
3. Back up to WORM storage.
4. Back up to tapes that will be stored off-site.

Elizabeth is responsible for SIEM systems in her company. She monitors the company’s SIEM screens every day, checking every hour. What, if any, would be a better approach for her to keep up with issues that appear in the logs?

1. Automatic alerts
2. Having logs forwarded to her email
3. Nothing, this is fine.
4. Review SIEM logs primarily when an incident occurs.

You are responsible for network security at a university. Faculty members are issued laptops. However, many of the faculty members leave the laptops in their offices most of the time (sometimes even for weeks). You are concerned about theft of laptops. In this scenario, what would be the most cost-effective method of securing the laptops?

1. FDE
2. GPS tagging
3. Geofencing
4. Tethering

You work at a defense contracting company. You are responsible for mobile device security. Some researchers in your company use company-issued tablets for work. These tablets may contain sensitive, even classified data. What is the most important security measure for you to implement?

1. FDE
2. GPS tagging
3. Geofencing
4. Content management

When using any HIDS/HIPS or NIDS/NIPS, the output is specific to the vendor. However, what is the basic set of information that virtually all HIDSs/HIPSs or NIDSs/NIPSs provide?

1. IP addresses (sender and receiver), ports (sender and receiver), and protocol
2. IP addresses (sender and receiver), ports (sender and receiver), and attack type
3. IP addresses (sender and receiver), ports (sender and receiver), usernames, and machine names
4. Usernames, machine names, and attack type

You are responsible for firewalls in your company. You are reviewing the output of the gateway firewall. What basic information would any firewall have in its logs?

1. For all traffic: the source and destination IP and port, protocol, and whether it was allowed or denied
2. For only blocked traffic: the source and destination IP and port as well as the reason for the traffic being denied/blocked
3. For all traffic: the source and destination IP and port, whether it was allowed or denied, and the reason it was denied/blocked
4. For only blocked traffic: the source and destination IP, protocol, and the reason it was denied/blocked

Teresa is responsible for incident response at ACME Company. There was a recent breach of the network. The breach was widespread and affected many computers. As part of the incident response process, Teresa will collect the logs from the SIEM, which aggregates logs from 20 servers. Which of the following should she do first?

1. Event de-duplication
2. Log forwarding
3. Identify the nature of the attack
4. Identify the source IP of the attack

Hector is responsible for NIDS/NIPS in his company. He is configuring a new NIPS solution. What part of the NIPS collects data?

1. Sensor
2. Data source
3. Manager
4. Analyzer

Gerald is a network administrator for a small financial services company. He is responsible for controlling access to resources on his network. What mechanism is responsible for blocking access to a resource based on the requesting IP address?

1. ACL
2. NIPS
3. HIPS
4. Port blocking

Elizabeth is responsible for secure communications at her company. She wants to give administrators the option to log in remotely and to execute command-line functions, but she wants this to only be possible via a secure, encrypted connection. What action should she take on the firewall?

1. Block port 23 and allow ports 20 and 21.
2. Block port 22 and allow ports 20 and 21.
3. Block port 22 and allow port 23.
4. Block port 23 and allow port 22.

Mark is looking for a proxy server for his network. The purpose of the proxy server is to ensure that the web servers are hidden from outside clients. All of the different web servers should appear to the outside world as if they were the proxy server. What type of proxy server would be best for Mark to consider?

1. Forward
2. Reverse
3. Transparent
4. Firewall

Your company has hired an outside security firm to perform various tests of your network. During the vulnerability scan you will provide that company with logins for various systems (i.e., database server, application server, web server, etc.) to aid in their scan. What best describes this?

1. A white-box test
2. A gray-box test
3. A credentialed scan
4. A logged-in scan

Lars is responsible for incident response at ACME Company. He is particularly concerned about the network segment that hosts the corporate web servers. He wants a solution that will detect potential attacks and notify the administrator so the administrator can take whatever action he or she deems appropriate. Which of the following would be the best solution for Lars?

1. HIDS
2. HIPS
3. NIDS
4. NIPS

Mia is responsible for security devices at her company. She is concerned about detecting intrusions. She wants a solution that would work across entire network segments. However, she wants to ensure that false positives do not interrupt work flow. What would be the best solution for Mia to consider?

1. HIDS
2. HIPS
3. NIDS
4. NIPS

Abigail is a security manager for a small company. Many employees want to use handheld devices, such as smartphones and tablets. The employees want to use these devices both for work and outside of work. Abigail is concerned about security issues. Which of the following would be the most secure solution?

1. COPE
2. CYOD
3. Geotagging
4. BYOD

You are responsible for always-on VPN connectivity for your company. You have been told that you must use the most secure mode for IPSec that you can. Which of the following would be the best for you to select?

1. Tunneling
2. AH
3. IKE
4. Transport

Debra is the network administrator for her company. Her company’s web servers are all in a cluster. Her concern is this: if one of the servers in the cluster fails, will the backup server be capable of running for a significant amount of time? She wants to make sure that the backup won’t soon fail. What would be her best choice in clustering?

1. Active-active
2. Round-robin
3. Affinity
4. Active-passive

Omar is responsible for wireless security in his company. He wants completely different WiFi access (i.e., a different SSID, different security levels, and different authentication methods) in different parts of the company. What would be the best choice for Omar to select in WAPs?

1. Fat
2. Thin
3. Repeater
4. Full

Lilly is a network administrator for a medium-sized financial services company. She wants to implement company-wide encryption and digital signing of emails. But she is concerned about cost, since there is a very limited budget for this. What would be her best choice?

1. SMTPS
2. S/MIME
3. IMAPS
4. PGP

Edward is a security manager for a bank. He has recently been reading a great deal about malware that accesses system memory. He wants to find a solution that would stop programs from utilizing system memory. Which of the following would be the best solution?

1. DEP
2. FDE
3. UTM
4. IDS

Sarah is the CIO for a small company. She recently had the entire company’s voice calls moved to VoIP. Her new VoIP system is using SIP with RTP. What might be the concern with this?

1. SIP is not secure.
2. RTP is not secure.
3. RTP is too slow.
4. SIP is too slow.

What command would generate the output shown here?

1. nslookup
2. ipconfig
3. netstat -a
4. dig

Emiliano is a network administrator for a large web-hosting company. His company also issues digital certificates to web-hosting clients. He wants to ensure that a digital certificate will not be used once it has been revoked. He also wants to ensure that there will be no delay between when the certificate is revoked and when browsers are made aware that it is revoked. What solution would be best for this?

1. OCSP
2. X.509
3. CRL
4. PKI

Elizabeth is responsible for security at a defense contracting company. She is concerned about users within her network exfiltrating data by attaching sensitive documents to emails. What solution would best address this concern?

1. Email encryption
2. USB blocking
3. NIPS
4. Content filtering

Victor is concerned about data security on BYOD and COPE. He is concerned specifically about data exposure should the device become lost or stolen. Which of the following would be most effective in countering this concern?

1. Geofencing
2. Screen lock
3. GPS tagging
4. Device encryption

Gabriel is using nmap to scan one of his servers whose IP address is 192.168.1.1. He wants to perform a ping scan, but the network blocks ICMP, so he will try a TCP ping scan and do so very slowly. Which of the following would accomplish that?

1. nmap -O -PT -T1 192.168.1.1
2. nmap -O – T3 192.168.1.1
3. nmap -T -T1 192.168.1.1
4. nmap -PT -T5 192.168.1.1

Mary is a network administrator for ACME Company. She sometimes needs to run a packet sniffer so that she can view the network traffic. She wants to find a well-known packet sniffer that works on Linux. Which of the following would be her best choice?

1. Ophcrack
2. Nmap
3. Wireshark
4. Tcpdump 

What command produced the output shown here?

1. tracert -h 10 www.chuckeasttom.com
2. tracert www.chuckeasttom.com
3. netstat www.chuckeasttom.com
4. nmap www.chuckeasttom.com

Daryll has been using a packet sniffer to observe traffic on his company’s network. He has noticed that traffic between the web server and the database server is sent in clear text. He wants a solution that will not only encrypt that traffic, but also leverage the existing digital certificate infrastructure his company has. Which of the following would be the best solution for Daryll?

1. TLS
2. SSL
3. IPSec
4. WPA2

Jarod is concerned about DLP in his organization. Employees all have cloud-based solutions for data storage. What DLP-related security hazard, if any, might this create?

1. No security hazard
2. Malware from the cloud
3. Data exfiltration through the cloud
4. Security policies don’t apply to the cloud.

Derrick is a network administrator for a large company. The company network is segmented into zones of high security, medium security, low security, and the DMZ. He is concerned about external intruders and wishes to install a honeypot. Which is the most important zone to put the honeypot in?

1. High security
2. Medium security
3. Low security
4. DMZ

Sheila is responsible for data backups for all the company servers. She is concerned about frequency of backup and about security of the backup data. Which feature, found in some backup utility software, would be most important to her?

1. Using data encryption
2. Digitally signing the data
3. Using automated backup scheduling
4. Hashing the backup data

Frank is a web server administrator for a large e-commerce company. He is concerned about someone using netcat to connect to the company web server and retrieving detailed information about the server. What best describes his concern?

1. Passive reconnaissance
2. Active reconnaissance
3. Banner grabbing
4. Vulnerability scanning

Mike is responsible for testing security at his company. He is using a tool that identifies vulnerabilities and provides mechanisms to test them by attempting to exploit them. What best describes this type of tool?

1. Vulnerability scanner
2. Exploit framework
3. Metasploit
4. Nessus

William is a security officer for a large bank. When executives’ laptops are decommissioned, he wants to ensure that the data on those laptops is completely wiped so that it cannot be recovered, even using forensic tools. How many times should William wipe a hard drive?

1. 1
2. 3
3. 5
4. 7

You are responsible for firewalls in your organization. You are concerned about ensuring that all firewalls are properly configured. The gateway firewall is configured as follows: to only allow inbound traffic on a very few specific, required ports; all traffic (allowed or blocked) is logged and logs forwarded to the SIEM. What, if anything, is missing from this configuration?

1. Nothing, it is a good configuration.
2. Encrypting all traffic
3. Outbound connection rules
4. Digital certificate authentication for inbound traffic

Charles is responsible for security for web servers in his company. Some web servers are used for an internal intranet, and some for external websites. He has chosen to encrypt all web traffic, and he is using self-signed X.509 certificates. What, if anything, is wrong with this approach?

1. He cannot encrypt all HTTP traffic.
2. He should use PGP certificates.
3. He should not use self-signed certificates.
4. Nothing; this is an appropriate configuration.

You are responsible for the security of web servers at your company. You are configuring the WAF and want to allow only encrypted traffic to and from the web server, including traffic from administrators using a command-line interface. What should you do?

1. Open port 80 and 23, and block port 443.
2. Open port 443 and 23, and block port 80.
3. Open port 443 and 22, and block port 80 and 23.
4. Open port 443, and block all other ports.

Francis is a security administrator at a large law firm. She is concerned that confidential documents, with proprietary information, might be leaked. The leaks could be intentional or accidental. She is looking for a solution that would embed some identifying information into documents in such a way that it would not be seen by the reader but could be extracted with the right software. What technology would best meet Francis’s needs?

1. Symmetric encryption
2. Steganography
3. Hashing
4. Asymmetric encryption

You are responsible for the gateway firewall for your company. You need to configure a firewall to allow only email that is encrypted to be sent or received. What action should you take?

1. Allow ports 25, 110, and 143. Block ports 465, 993, and 995.
2. Block ports 25, 110, and 143. Allow ports 465, 993, and 995.
3. Allow ports 25, 110, and 443. Block ports 465, 993, and 143.
4. Block ports 465, 994, and 464. Allow ports 25, 110, and 80.

Mark is responsible for security for a small bank. He has a firewall at the gateway as well as one at each network segment. Each firewall logs all accepted and rejected traffic. Mark checks each of these logs regularly. What is the first step Mark should take to improve his firewall configuration?

1. Integrate with SIEM.
2. Add a honeypot.
3. Integrate with AD.
4. Add a honeynet.

You are setting up VPNs in your company. You are concerned that anyone running a packet sniffer could obtain metadata about the traffic. You have chosen IPSec. What mode should you use to accomplish your goals of preventing metadata being seen?

1. AH
2. ESP
3. Tunneling
4. Transport

John is responsible for configuring security devices in his network. He has implemented a robust NIDS in his network. However, on two occasions the NIDS has missed a breach. What configuration issue should John address?

1. False negative
2. Port blocking
3. SPI
4. False positive

You are responsible for communications security at your company. Your company has a large number of remote workers, including traveling salespeople. You wish to make sure that when they connect to the network, it is in a secure manner. What should you implement?

1. L2TP VPN
2. IPSec VPN
3. Site-to-site VPN
4. Remote-access VPN

Your company is issuing portable devices to employees for them to use for both work and personal use. This is done so the company can control the security of the devices. What, if anything, is an issue this process will cause?

1. Personal information being exposed
2. Company data being exfiltrated
3. Devices being insecurely configured
4. No issues

Marsha is responsible for mobile device security. Her company uses COPE for mobile devices. All phones and tablets have a screen lock and GPS tagging. What is the next, most important step for Marsha to take to secure the phones?

1. Implement geofencing.
2. Implement application management.
3. Implement geolocation.
4. Implement remote wipe.

Valerie is responsible for mobile device security at her company. The company is using BYOD. She is concerned about employees’ personal device usage compromising company data on the phones. What technology would best address this concern?

1. Containerization
2. Screen lock
3. Full disk encryption
4. Biometrics

Jack is a chief information security officer (CISO) for a small marketing company. The company’s sales staff travel extensively and all use mobile devices. He has recently become concerned about sideloading. Which of the following best describes sideloading?

1. Installing applications to Android devices via USB
2. Loading software on any device via WiFi
3. Bypassing the screen lock
4. Loading malware on a device without the user being aware

You are responsible for DLP at a large company. Some employees have COPE and others BYOD. What DLP issue might these devices present?

1. COPE can be USB OTG.
2. BYOD can be USB OTG.
3. COPE and BYOD can be USB OTG.
4. Only jailbroken COPE or BYOD can be USB OTG.

John is responsible for network security at a large company. He is concerned about a variety of attacks but DNS poisoning in particular. Which of the following protocols would provide the most help in mitigating this issue?

1. IPSec
2. DNSSEC
3. L2TP
4. TLS

You are responsible for network security at your company. You have discovered that NTP is not functioning properly. What security protocol will most likely be affected by this?

1. Radius
2. DNSSEC
3. IPSec
4. Kerberos

Frank is concerned about DHCP starvation attacks. He is even more worried since he learned that anyone can download software called a “gobbler” and execute a DHCP starvation attack. What technology would most help him mitigate this risk?

1. Encrypt all DHCP communication with TLS.
2. FDE on the DHCP server
3. Network Address Allocation
4. IPSec for all DHCP communications

You are trying to allocate appropriate numbers of IP addresses for various subnets in your network. What would be the proper CIDR notation for an IP v4 subnet with 59 nodes?

1. /27
2. /29
3. /24
4. /26

Lydia is trying to reduce costs at her company and at the same time centralize network administration and maintain direct control of the network. Which of the following solutions would provide the most network administration centralization and control while reducing costs?

1. Outsourcing network administration
2. IaaS
3. PaaS
4. Moving all OSs to open source

You are investigating a remote access protocol for your company to use. The protocol needs to fully encrypt the message, use reliable transport protocols, and support a range of network protocols. Which of the following would be the best choice?

1. RADIUS
2. Diameter
3. TACACS +
4. IPSec

Carrol is responsible for network connectivity in her company. The sales department is transitioning to VoIP. What are two protocols she must allow through the firewall?

1. RADIUS and SNMP
2. TCP and UDP
3. SIP and RTP
4. RADIUS and SIP

John is setting up all the database servers on their own subnet. He has placed them on 10.10.3.3/29. How many nodes can be allocated in this subnet?

1. 32
2. 16
3. 8
4. 6

Carlos is a security manager for a small company that does medical billing and records management. He is using application blacklisting to prevent malicious applications from being installed. What, if anything, is the weakness with this approach?

1. None, this is the right approach.
2. It might block legitimate applications.
3. It might fail to block malicious applications.
4. It will limit productivity.

Joanne is a security administrator for a large company. She discovered that approximately 100 machines on her network were recently attacked by a major virus. She is concerned because there was a patch available that would have stopped the virus from having any impact. What is the best solution for her to implement on her network?

1. Installing patch management software
2. Using automatic updates
3. Putting unpatched machines on a Bridge
4. Scanning all machines for patches every day

A review of your company’s network traffic shows that most of the malware infections are caused by users visiting illicit websites. You want to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following technologies would be the best solution?

1. IDS
2. Firewall
3. UTM
4. SIEM

You work for a large bank. The bank is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the best solution to this problem?

1. IDS
2. DLP
3. Content filtering
4. NIPS

Match the letter of the functionality with the device in the following table.

1. Detect intrusions on a single machine
2. Use aggregate logs
3. Filter network packets based on a set of rules
4. Detect intrusions on a network segment

   Firewall
   HIDS
   SIEM
   NIDS

Francine is concerned about employees in her company jailbreaking their COPE devices. What would be the most critical security concern for jailbroken devices?

1. They would no longer get security patches.
2. It would disable FDE.
3. Unauthorized applications could be installed.
4. Data could be exfiltrated on these devices.

You are responsible for mobile device security in your company. Employees have COPE devices. Many employees only enter the office infrequently, and you are concerned that their devices are not receiving firmware updates on time. What is the best solution for this problem?

1. Scheduled office visits for updates
2. OTA updates
3. Moving from COPE to BYOD
4. A policy that requires users to update their firmware regularly

Frank is looking for a remote authentication and access protocol. It must be one that uses UDP due to firewall rules. Which of the following would be the best choice?

1. RADIUS
2. Diameter
3. TACACS +
4. IPSec

You have discovered that one of the employees at your company tethers her smartphone to her work PC to bypass the corporate web security and access prohibited websites while connected to the LAN. What would be the best way to prevent this?

1. Disable wireless access.
2. Implement a WAF.
3. Implement a policy against tethering.
4. Implement an HIPS.

You work for a large bank. One of your responsibilities is to ensure that web banking logins are as secure as possible. You are concerned that a customer’s account login could be compromised and someone else would use that login to access the customer’s account. What is the best way to mitigate this threat?

1. Use SMS authentication for any logins from an unknown location or computer.
2. Encrypt all traffic via TLS.
3. Require strong passwords.
4. Do not allow customers to log on from any place other than their home computer.

You have discovered that some employees in your company have installed custom firmware on their portable devices. What security flaw would this most likely lead to?

1. Unauthorized software can run on the device.
2. The device may not connect to the network.
3. The device will overheat.
4. This is not really a security issue.

You are configuring BYOD access for your company. You want the absolute most robust security for the BYOD on your network. What would be the best solution?

1. Agentless NAC
2. Agent NAC
3. Digital certificate authentication
4. Two-factor authentication

You work for a large law firm and are responsible for network security. It is common for guests to come to the law firm (clients, expert witnesses, etc.) who need to connect to the firm’s WiFi. You wish to ensure that you provide the maximum security when these guests connect with their own devices, but you also wish to provide assurance to the guest that you will have minimal impact on their device. What is the best solution?

1. Permanent NAC agent
2. Agentless NAC
3. Dissolvable NAC agent
4. Implement COPE

Tom is concerned about how his company can best respond to breaches. He is interested in finding a way to identify files that have been changed during the breach. What would be the best solution for him to implement?

1. NAC
2. NIDS
3. File integrity checker
4. Vulnerability scanner

Mary works for a large insurance company and is responsible for cybersecurity. She is concerned about insiders and wants to detect malicious activity on the part of insiders. But she wants her detection process to be invisible to the attacker. What technology best fits these needs?

1. Hybrid NIDS
2. Out-of-band NIDS
3. NIPS
4. NNIDS

Denish is responsible for security at a large financial services company. The company frequently uses SSL/TLS for connecting to external resources. He has concerns that an insider might exfiltrate data using an SSL/TLS tunnel. What would be the best solution to this issue?

1. NIPS
2. SSL decryptor
3. NIDS
4. SSL accelerator

You want to allow a media gateway to be accessible through your firewall. What ports should you open? (Choose two.)

1. 2427
2. 1707
3. 2227
4. 1727

Match the letter with the protocol in the following table.

1. Wireless security
2. Voice over IP
3. VPN
4. Secure command-line interface

   IPSec
   WPA2
   SSH
   SIP

Dennis is implementing wireless security throughout his network. He is using WPA2. However, there are some older machines that cannot connect to WPA2—they only support WEP. At least for now, he must keep these machines. What is the best solution for this problem?

1. Put those machines on a different VLAN.
2. Deny wireless capability for those machines.
3. Put those machines on a separate wireless network with separate WAP.
4. Encrypt their traffic with TLS.

You are a security administrator for Acme Company. Employees in your company routinely upload and download files. You are looking for a method that allows users to remotely upload or download files in a secure manner. The solution must also support more advanced file operations such as creating directories, deleting files, and so forth. What is the best solution for this?

1. SFTP
2. SSH
3. SCP
4. IPSec

Your company allows BYOD on the network. You are concerned about the risk of malicious apps being introduced to your network. Which of the following policies would be most helpful in mitigating that risk?

1. Prohibiting apps from third-party stores
2. Application blacklisting
3. Antimalware scanning
4. Requiring FDE on BYOD

John is the CISO for a small company. The company has password policies, but John is not sure the policies are adequate. He is concerned that someone might be able to “crack” company passwords. What is the best way for John to determine whether his passwords are vulnerable?

1. Run a good vulnerability scan.
2. Perform a password policy audit.
3. Use one or more password crackers himself.
4. Ensure that passwords are stored as a hash.

You are scanning your network using a packet sniffer. You are seeing traffic on ports 25 and 110. What security flaw would you most likely notice on these ports?

1. Website vulnerabilities
2. Unencrypted credentials
3. Misconfigured FTP
4. Digital certificate errors

Abigail is a network administrator with ACME Company. She believes that a network breach has occurred in the data center as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should she search for in the logs to confirm if such a breach occurred?

1. Traffic on port 23
2. Traffic on port 22
3. Unencrypted credentials
4. Malformed network packets

Gianna is evaluating the security of her company. The company has a number of mobile apps that were developed in house for use on COPE devices. She wants to ensure that these apps are updated as soon as an update is available. What should she ensure is being used?

1. Firmware OTA
2. Push notifications
3. Scheduled updates
4. A policy against custom firmware

Liam is concerned about the security of both COPE and BYOD devices. His company uses a lot of Android-based devices, and he is concerned about users getting administrative access and altering security features. What should he prohibit in his company?

1. Third-party app stores
2. Jailbreaking
3. Custom firmware
4. Rooting

Heidi works for a large company that issues various mobile devices (tablets and phones) to employees. She is concerned about unauthorized access to mobile devices. Which of the following would be the best way to mitigate that concern?

1. Biometrics
2. Screen lock
3. Context-aware authentication
4. Storage segmentation

You are looking for a point-to-point connection method that would allow two devices to synchronize data. The solution you pick should not be affected by EMI (electromagnetic interference) and should be usable over distances exceeding 10 meters, provided there is a line-of-sight connection. What would be the best solution?

1. Bluetooth
2. WiFi
3. Infrared
4. RF

You wish to use nmap to scan one of your servers, whose IP address is 192.168.1.16. The target is one of your own Windows servers. You want a scan that is the most thorough, and you are not concerned about it being detected. Which of the following would best accomplish that?

1. nmap -sW -sL -T1 192.168.1.16/24
2. nmap -sW -sT -T1 192.168.1.16
3. nmap -sW -sT -T5 192.168.1.16/24
4. nmap -sW -sT -sO -T5 192.168.1.16

What command would produce the output shown here?

1. nestat -a
2. arp -a
3. arp -s
4. netstat -s

Ethan has noticed some users on his network accessing inappropriate videos. His network uses a proxy server that has content filtering with blacklisting. What is the most likely cause of this issue?

1. Sites not on the blacklist
2. Misconfigured content filtering
3. Misconfigured proxy server
4. Someone circumventing the proxy server

You are looking for tools to assist in penetration testing your network. Which of the following best describes Metasploit?

1. Hacking tool
2. Vulnerability scanner
3. Exploit framework
4. Network scanner

Logan is responsible for enforcing security policies in his company. There are a number of policies regarding the proper configuration of public-facing servers. Which of the following would be the best way for Logan to check to see if such policies are being enforced?

1. Periodically audit selected servers.
2. Implement a configuration compliance scanning solution.
3. Conduct routine penetration tests of those servers.
4. Implement a vulnerability scanning solution.