The 100 multiple-choice questions provided here help you determine how prepared you are for the actual exam and which topics you need to review further. Write down your answers on a separate sheet of paper so that you can take this exam again if necessary. Compare your answers against the answer key that follows this exam.
1. Which of the following are architectural models for the arranging of certificate authorities? (Select all correct answers.)
A. Bridge CA architecture
B. Sub CA architecture
C. Single CA architecture
D. Hierarchical CA architecture
2. Your company is in the process of setting up a DMZ segment. You have to allow secure web traffic in the DMZ segment. Which TCP port do you have to open?
A. 110
B. 139
C. 25
D. 443
3. You are in sales and you receive an email telling you about an easy way to make money. The email instructs you to open the attached letter of intent, read it carefully, and then reply to the email. Which of the following should you do?
A. Open the letter of intent, read it, and reply to the email.
B. Forward this great offer to your friends and co-workers.
C. Notify your system administrator of the email.
D. Delete the email and reboot your computer.
4. You have an FTP server that needs to be accessed by both employees and external customers. What type of architecture should be implemented?
A. Bastion host
B. Screened subnet
C. Screened host
D. Bastion subnet
5. The main fan in your server died on Wednesday morning. It will be at least two days before it can be replaced. You decide to use another server instead, but need to restore the data from the dead one. You have been doing differential backups, and the last full backup was performed on Friday evening. The backup doesn’t run on weekends. How many backup tapes will you need to restore the data?
A. Two
B. Four
C. One
D. Three
6. You are planning to set up a network for remote users to use their own Internet connections to connect to shared folders on the network. Which technology would you implement?
A. DMZ
B. VPN
C. VLAN
D. NAT
7. What type of algorithm is SHA-1?
A. Asymmetric encryption algorithm
B. Digital signature
C. Hashing algorithm
D. Certificate authority
8. Which of the following is an effective way to get information in crowded places such as airports, conventions, or supermarkets?
A. Social engineering
B. Shoulder surfing
C. Reverse social engineering
D. Phishing
9. Which of the following are not methods for minimizing a threat to a web server? (Choose the two best answers.)
A. Disable all non-web services.
B. Ensure Telnet is running.
C. Disable nonessential services.
D. Enable logging.
10. Trusted Platform Module (TPM) provides for which of the following? (Select two correct answers.)
A. Secure storage of keys
B. Secure software-based authentication
C. Secure storage of passwords
D. Secure network data transfers
11. Separation of duties is designed to guard against which of the following?
A. Social engineering
B. Viruses
C. Fraud
D. Nonrepudiation
12. Which of the following describes a network of systems designed to lure an attacker away from another critical system?
A. Bastion host
B. Honeynet
C. Vulnerability system
D. Intrusion-detection system
13. Which of the following best describes false acceptance?
A. The system recognizes an unauthorized person and accepts that person.
B. The system detects a legitimate action as a possible intrusion.
C. The system allows an intrusive action to pass as nonintrusive behavior.
D. The system fails to recognize an authorized person and rejects that person.
14. Which of the following attacks is most likely to be successful, even if all devices are properly secured and configured?
A. Trojan horse
B. Mantrap
C. Social engineering
D. All the options are correct
15. When using CHAP, when can the challenge/response mechanism happen?
A. Only at the beginning of the connection
B. At the beginning and the end of the connection
C. Only at the end of the connection
D. At any time during the connection
16. With discretionary access control (DAC), how are access rights to resources determined?
A. Roles
B. Rules
C. Owner discretion
D. Security label
17. Which of the following best describes the difference between AH and ESP?
A. ESP provides authentication, integrity, and nonrepudiation. AH provides authentication, encryption, confidentiality, and integrity protection.
B. AH provides authentication only. ESP provides encryption only.
C. AH provides authentication, integrity, and nonrepudiation. ESP provides authentication, encryption, confidentiality, and integrity protection.
D. ESP provides authentication only. AH provides encryption only.
18. What is a potential concern to weaker encryption algorithms as time goes on? (Choose the best answer.)
A. Performance of the algorithm will worsen over time.
B. Keys generated by users will start to repeat on other users’ systems.
C. Hackers using distributed computing may be able to finally crack an algorithm.
D. All options are correct.
19. Which of the following types of programs can be used to determine whether network resources are locked down correctly?
A. Password sniffers
B. Port scanners
C. Keystroke loggers
D. Cookies
20. You are the network administrator for a small company that has recently been the victim of several attacks. Upon rebuild of the server, which of the following should be the first step?
A. Nonrepudiation
B. Hardening
C. Auditing
D. Hashing
21. Which one of the following types of servers would be the target for an attack where a malicious individual attempts to change information by connecting to port 53?
A. FTP server
B. File server
C. Web server
D. DNS server
22. Ensuring that all data is sequenced, time-stamped, and numbered is a characteristic of which of the following?
A. Data authentication
B. Data integrity
C. Data availability
D. Data confidentiality
23. Which of the following programs can be used for vulnerability scanning to check the security of your servers? (Choose the two best answers.)
A. John the Ripper
B. SATAN
C. L0phtCrack
D. SAINT
24. Which of the following describes a type of algorithm where data is broken into several units of varying sizes (dependent on algorithm) and encryption is applied to those chunks of data?
A. Symmetric encryption algorithm
B. Elliptic curve
C. Block cipher
D. All the options are correct.
25. You are the administrator at a large university. You have received a Class A address from your ISP, and NAT is being used on your network. What range of addresses should you use on your internal network?
A. 10.x.x.x
B. 172.16.x.x
C. 172.31.x.x
D. 192.168.x.x
26. As the network administrator, you are implementing a policy for passwords. What is the best option for creating user passwords?
A. Uppercase and lowercase letters combined with numbers and symbols
B. A randomly generated password
C. A word that is familiar to the user with a number attached to the end
D. The user’s last name spelled backward
27. Which of the following is true of digital signatures? (Choose the two best answers.)
A. They use the skipjack algorithm.
B. They can be automatically time-stamped.
C. They allow the sender to repudiate that the message was sent.
D. They cannot be imitated by someone else.
28. Which of the following are parts of Kerberos authentication? (Choose the two best answers.)
A. Authentication service
B. Time-based induction
C. Ticket-granting service
D. TEMPEST
29. Which of the following must be provided for proper smart card authentication? (Choose the two best answers.)
A. Something you have
B. Something you know
C. Something you are
D. Something you do
30. Which of the following types of attacks can result from the length of variables not being properly checked in the code of a program?
A. Buffer overflow
B. Replay
C. Spoofing
D. Denial of service
31. Which of the following is a method of backup tape rotation based on a mathematical puzzle?
A. Grandfather
B. Tower of Hanoi
C. Tower of Pisa
D. Grandmother
32. Mocmex is considered to be which of the following?
A. Virus
B. Logic bomb
C. Worm
D. Trojan
33. Which of the following are methods used for securing email messages? (Choose the two best answers.)
A. POP3
B. S/MIME
C. PGP
D. SMTP
34. User groups that are built around business units and then have privileges assigned to these groups instead of individual users is an example of which type of management?
A. Role-based privilege management
B. User-based privilege management
C. Group-based privilege management
D. Individual-based privilege management
35. Which of the following statements is true about SSL?
A. SSL provides security for both the connection and the data after it is received.
B. SSL only provides security for the connection, not the data after it is received.
C. SSL only provides security for the data once it is received, not the connection.
D. SSL does not provide security for either the connection or the data after it is received.
36. Of the following, which is a characteristic of a hot site?
A. The facility is equipped with plumbing, flooring, and electricity only.
B. The facility resources are shared by mutual agreement.
C. The facility and equipment are already set up and ready to occupy.
D. The facility is equipped with some resources, but not computers.
37. Which of the following algorithms is not an example of a symmetric encryption algorithm?
A. Rijndael
B. Diffie-Hellman
C. RC6
D. AES
38. The RBAC model can use which of the following types of access? (Choose the three best answers.)
A. Role-based
B. Task-based
C. Lattice-based
D. Discretionary-based
39. You are having problems with access to the company website. When the users try to open the website, they receive an error saying that the site is not found. You go to one of the machines, open a DOS prompt, and type which command to find out what the problem is?
A. Netstat
B. Tracert
C. Ipconfig
D. Nslookup
40. Which of the following statements about Java and JavaScript is true?
A. Java applets can be used to execute arbitrary instructions on the server.
B. JavaScript code can continue running even after the applet is closed.
C. JavaScript can provide access to files of a known name and path.
D. Java applets can be used to send email as the user.
E. Java applets allow access to cache information.
41. Which of the following statements best describes nonrepudiation?
A. A set of mathematical rules used in encryption
B. A means of proving that a transaction occurred
C. A method of hiding data in another message
D. A drive technology used for redundancy and performance improvement
42. LDAP connects by default to which of the following TCP ports?
A. 139
B. 389
C. 110
D. 443
43. Which of the following are not used to verify the status of a certificate? (Select two correct answers.)
A. OCSP
B. CRL
C. OSPF
D. ACL
44. Which of the following is the process of systematically looking for unprotected modems?
A. Sniffing
B. War driving
C. War dialing
D. Social engineering
45. Under mandatory access control, the category of a resource can be changed by whom?
A. All managers
B. Administrators only
C. The owner/creator
D. All users
46. Which of the following ports would be used to remotely access a system?
A. 25
B. 8080
C. 139
D. 3389
47. Which protocol is used to enable remote-access servers to communicate with a central server to authenticate and authorize access to resources?
A. Kerberos
B. IPsec
C. RADIUS
D. PPTP
48. Which of the following are common tools used to conduct vulnerability assessments? (Select all correct answers.)
A. Port scanner
B. Protocol analyzer
C. Network mapper
D. NetStat Performance Monitor
49. Which of the following is a hardware or software solution used to protect a network from unauthorized access?
A. Intrusion-detection system
B. Digital certificate
C. Honeypot
D. Firewall
50. Unauthorized access has been detected on the network. Someone had been logging in as one of the administrative assistants during off hours. Later, you find out she received an email from the network administrator asking her to supply her password so that he could make changes to her profile. What types of attacks have been executed? (Choose two correct answers.)
A. Spoofing
B. Man in the middle
C. Replay
D. Social engineering
51. Which of the following is not true regarding log files?
A. They should be stored and protected on a machine that has been hardened.
B. Log information traveling on the network must be encrypted, if possible.
C. They should be stored in one location.
D. They must be modifiable, and there should be no record of the modification.
52. A CA with multiple subordinate CAs would use which of the following PKI trust models?
A. Cross-certified
B. Hierarchical
C. Bridge
D. Linked
53. Which of the following are reasons why it is unsafe to allow signed code to run on your systems?
A. The fact that the code is signed guarantees only that the code belongs to a certain entity, not that it is absolutely harmless.
B. Malicious users are known to have attempted obtaining legitimate certificates to sign harmful code, with some succeeding.
C. Scripts may be used to employ signed code that comes preinstalled and signed with the operating system.
D. All the options are correct.
54. You have installed a custom monitoring service that reviews logs to watch for the URLs used by the Nimda worm to propagate itself. When the service detects an attack, it sends an email alert. Which of the following types of IDS solutions are you using? (Select two correct answers.)
A. Knowledge-based IDS
B. Behavior-based IDS
C. Network-based IDS
D. Host-based IDS
55. Which of the following is true about fire-suppression systems?
A. A dry-pipe system uses air to suppress fire, whereas a wet-pipe system uses water.
B. A dry-pipe system uses dry chemicals, whereas a wet-pipe system uses wet chemicals.
C. A wet-pipe system has water in the pipe at all times, whereas in a dry-pipe system, water is used but is held back by a valve until a certain temperature is reached.
D. A wet-pipe system uses wet chemicals that deploy after the pipe loses air pressure, whereas a dry-pipe system uses dry chemicals that deploy before the pipe loses air pressure.
56. You’re the security administrator for a credit union. The users are complaining about the network being slow. It is not a particularly busy time of the day. You capture network packets and discover that there have been hundreds of ICMP packets being sent to the host. What type of attack is likely being executed against your network?
A. Spoofing
B. Man in the middle
C. Denial of service
D. Worm
57. Which of the following PKI functions do SSL/TLS protocols currently support? (Choose the two best answers.)
A. Authentication
B. Certificate revocation lists
C. Encryption
D. Attribute certificates
58. Which of the following is true in regard to the principle of least privilege?
A. It ensures that all members of the user community are given the same privileges as long as they do not have administrator or root access to systems.
B. It requires that a user be given no more privilege than necessary to perform a job.
C. It is a control enforced through written security policies.
D. It assumes that job functions will be rotated frequently.
59. Which of the following is true regarding expiration dates of certificates? (Select all correct answers.)
A. Certificates may be issued for a week.
B. Certificates are only issued at yearly intervals.
C. Certificates may be issued for 20 years.
D. Certificates must always have an expiration date.
60. You have found that someone has been running a program to crack passwords. This has been successful enough that many of the users’ passwords have been compromised. You suspect that several user files have been altered. Which of the following techniques can be implemented to help protect against this type of attack?
A. Increase the value of the password history to 8.
B. Have users present proper identification before being granted a password.
C. Lock the account after three unsuccessful password entry attempts.
D. Require password resets every 60 days.
61. Which of the following best describes a behavior-based IDS?
A. Detects anomalies from normal patterns of operation
B. Identifies signatures within the network packets
C. Relies on the identification of known attack signatures
D. Monitors middleware transactions, such as those between a database and a web user application
62. You need to provide your users with the capability to log on once and retrieve any resource to which they have been granted access, regardless of where the resource is stored. Which configuration will you deploy?
A. Role-based access control (RBAC)
B. Multifactor
C. Biometric
D. Single sign-on (SSO)
63. Which of the following describes the process of documenting how evidence was collected, preserved, and analyzed?
A. Incident response
B. Due diligence
C. Chain of custody
D. Due process
64. You are a consultant for a company that wants to secure its web services and provide a guarantee to its online customers that all credit card information is securely transferred. Which technology would you recommend?
A. S/MIME
B. VPN
C. SSL/TLS
D. SSH
65. You are configuring a security policy for your company. Which of the following components make up the security triad? (Choose the three best answers.)
A. Encryption
B. Confidentiality
C. Integrity
D. Authorization
E. Availability
66. Which of the following is used to check the validity of a digital certificate?
A. Certificate policy
B. Certificate revocation list
C. Corporate security policy
D. Trust model
67. Which of the following statements are true when discussing physical security? (Select all correct answers.)
A. Physical security attempts to control access to data from Internet users.
B. Physical security attempts to control unwanted access to specified areas of a building.
C. Physical security attempts to control the impact of natural disasters on facilities and equipment.
D. Physical security attempts to control internal employee access into secure areas.
68. SMTP relay is a common exploit used among hackers for what purpose?
A. DNS zone transfers
B. Spamming
C. Port scanning
D. Man-in-the-middle attacks
69. CGI scripts can present vulnerabilities in which of the following ways? (Choose the two best answers.)
A. They can be used to relay email.
B. They can be tricked into executing commands.
C. They may expose system information.
D. They store the IP address of your computer.
70. Your company has decided to deploy a hardware token system along with usernames and passwords. This technique of using more than one type of authentication is known as which of the following?
A. Parallel authentication
B. Factored authentication
C. Mutual authentication
D. Multifactor authentication
71. Which of the following algorithms is now known as the Advanced Encryption Standard?
A. Rijndael
B. 3DES
C. RC6
D. Twofish
E. CAST
72. What should you do upon finding out an employee is terminated?
A. Disable the user account and have the data kept for a specified period of time.
B. Maintain the user account and have the data kept for a specified period of time.
C. Disable the user account and delete the user’s home directory.
D. Do nothing until the employee has cleaned out her desk and you get written notification.
73. Which of the following statements best describes the difference between authentication and identification?
A. Authentication is the same as identification.
B. Authentication is a means to verify who you are, whereas identification is what you are authorized to perform.
C. Authentication is the byproduct of identification.
D. Authentication is what you are authorized to perform, whereas identification is a means to verify who you are.
74. Which of the following best describes the process of encrypting and decrypting data using an asymmetric encryption algorithm?
A. Only the public key is used to encrypt, and only the private key is used to decrypt.
B. The public key is used to either encrypt or decrypt.
C. Only the private key is used to encrypt, and only the public key is used to decrypt.
D. The private key is used to decrypt data encrypted with the public key.
75. Which of the following pieces of information are used by a cookie? (Select all correct answers.)
A. The operating system you are running
B. The type of browser you are using
C. Your network login and password
D. The name and IP address of your computer
76. The organization requires a segmented, switched network to separate users based on roles. Which of the following technologies satisfies this requirement?
A. DMZ
B. VPN
C. VLAN
D. NAT
77. Your company is in the process of setting up an application that tracks open shares on your network. Which ports would need to accessible? (Choose two correct answers.)
A. 161
B. 139
C. 138
D. 162
78. Which of the following best describes FTP communications? (Choose the two best answers.)
A. Authentication credentials are sent in clear text.
B. Authentication credentials are encrypted.
C. It is vulnerable to sniffing and eavesdropping.
D. It is very secure and not vulnerable to either sniffing or eavesdropping.
79. Which of the following best describes the relationship between centralized and decentralized security?
A. Centralized is more secure but less scalable, whereas decentralized security is less secure but more scalable.
B. Decentralized security is more scalable and more secure than centralized.
C. Centralized security is more scalable and less secure than decentralized.
D. Centralized and decentralized have about the same security, but centralized is more scalable.
80. You are establishing a secured command-line connection to a remote server. Which of the following utilities would you use?
A. rlogin
B. slogin
C. rsh
D. rcp
E. scp
81. Which of the following components are methods of addressing risk? (Choose the three best answers.)
A. Transferring the risk
B. Mitigating the risk
C. Vetting the risk
D. Accepting the risk
82. Which of the following is an exposed device used as the foundation for firewall software?
A. Bastion host
B. Screened subnet
C. Screened host
D. Bastion subnet
83. Which of the following best describes the process whereby a user is able to perform administrator functions by exploiting a known weakness in the operating system code?
A. Privilege management
B. Trojan horse
C. Privilege escalation
D. Single sign-on
84. Which of the following best describes a vulnerability?
A. A weakness in the configuration of software or hardware that could allow a threat to damage the network
B. Any agent that could do harm to your network or its components
C. The likelihood of a particular event happening given an asset and a threat
D. Measures the cost of a threat attacking your network
85. Which of the following best describes an attack where traffic patterns indicate an unauthorized service is relaying information to a source outside the network?
A. Spoofing
B. Man in the middle
C. Replay
D. Denial of service
86. Which of the following looks at the long-term actions taken by an organization after an incident?
A. Emergency response plan
B. Security plan
C. Disaster recovery plan
D. Business continuity plan
87. Who is ultimately responsible for setting the tone of the role of security in an organization?
A. Staff
B. Management
C. Consultants
D. Everyone
88. You download and install a newly released Microsoft server patch, and several of the servers stop functioning properly. What should your first step be to return the servers to a functional state? (Choose the best answer.)
A. Reload the patch and see whether the problems stop.
B. Roll back the changes.
C. Call the manufacturer and see whether there is a fix.
D. Document the changes and troubleshoot.
89. Your company is in the process of setting up an IDS system. You want to scan for irregular header lengths and information in the TCP/IP packet. Which IDS methodology is most suitable for this purpose?
A. Heuristic analysis
B. Anomaly analysis
C. Stateful inspection
D. Pattern matching
90. Which of the following is used to provide centralized management of computers through a remotely installed agent?
A. SMTP
B. SNMP
C. LDAP
D. L2TP
91. What are the major security concerns with using DHCP? (Choose the two best answers.)
A. The network is vulnerable to man-in-the-middle attacks.
B. Anyone hooking up to the network can automatically receive a network address
C. Clients might be redirected to an incorrect DNS address.
D. There are no security concerns with using DHCP.
92. Which of the following is the security layer of the Wireless Application Protocol (WAP)?
A. Wireless Security Layer (WSL)
B. Wireless Transport Layer (WTL)
C. Wireless Transport Layer Security (WTLS)
D. Wireless Security Layer Transport (WSLT)
93. Which of the following are tunneling protocols used in VPN connections? (Select all correct answers.)
A. PPTP
B. L2TP
C. CHAP
D. IPsec
94. Which of the following statements best describes the behavior of a worm?
A. A worm is self-replicating and needs no user interaction.
B. A worm attacks only after it is triggered.
C. A worm attacks system files only.
D. A worm attempts to hide from antivirus software by garbling its code.
95. Which of the following best describes the difference between TACACS and RADIUS?
A. RADIUS is an authentication protocol; TACACS is an encryption protocol.
B. RADIUS is an actual Internet standard; TACACS is not.
C. TACACS is an actual Internet standard; RADIUS is not.
D. RADIUS is an encryption protocol; TACACS is an authentication protocol.
96. In which of the following types of architecture is the user responsible for the creation of the private and public key?
A. Decentralized key management
B. Centralized key management
C. Revocation key management
D. Multilevel key management
97. Which of the following is the weakest link in a security policy?
A. Management
B. A misconfigured firewall
C. An unprotected web server
D. Uneducated users
98. Which of the following is true of Pretty Good Privacy (PGP)? (Choose the two best answers.)
A. It uses a web of trust.
B. It uses a hierarchical structure.
C. It uses public key encryption.
D. It uses private key encryption.
99. Which of the following is the type of algorithm used by MD5?
A. Block cipher algorithm
B. Hashing algorithm
C. Asymmetric encryption algorithm
D. Cryptographic algorithm
100. You are the consultant for a small manufacturing company that wants to implement a backup solution. Which of the following methods is the best choice for this type of organization?
A. Site redundancy
B. Offsite, secure recovery
C. Onsite backup
D. High-availability systems