Practice Exam 1 Answer Key
Answers at a Glance
1. A, C, and D
2. D
3. C
4. B
5. A
6. B
7. C
8. B
9. B and D
10. A and C
11. C
12. B
13. A
14. C
15. D
16. C
17. C
18. C
19. B
20. B
21. D
22. B
23. B and D
24. C
25. A
26. A
27. B and D
28. A and C
29. A and B
30. A
31. B
32. D
33. B and C
34. C
35. B
36. C
37. B
38. A, B, and C
39. B
40. C
41. B
42. B
43. C and D
44. C
45. B
46. D
47. C
48. A, B, and C
49. D
50. A and D
51. D
52. B
53. D
54. A and D
55. C
56. C
57. A and C
58. B
59. A, C, and D
60. C
61. A
62. D
63. C
64. C
65. B, C, and E
66. B
67. B, C, and D
68. B
69. B and C
70. D
71. A
72. A
73. D
74. D
75. A, B, and D
76. C
77. B and C
78. A and C
79. A
80. B
81. A, B, and D
82. A
83. C
84. A
85. B
86. D
87. B
88. B
89. C
90. B
91. B and C
92. C
93. A, B, and D
94. A
95. B
96. A
97. D
98. A and C
99. B
100. C
Answers with Explanations
Question 1
Answers A, C, and D are correct. These answers all represent legitimate trust models. Another common model also exists, called cross-certification; however, it usually makes more sense to implement a bridge architecture over this type of model. Answer B is incorrect because it does not represent a valid trust model.
Question 2
Answer D is correct. Port 443 is used by HTTPS. Answer A is incorrect because Port 110 is used for POP3 incoming mail. Answer B is incorrect because UDP uses port 139 for network sharing. Port 25 is used for SMTP outgoing mail; therefore, answer C is incorrect.
Question 3
Answer C is correct. The email is likely a hoax; and although the policies may differ among organizations, given this scenario and the available choices, the best answer is to notify the system administrator. Answers A, B, and D are all therefore incorrect.
Answer B is correct. A screened subnet is an isolated subnet between the Internet and the internal network. A bastion host is the first line of security that a company allows to be addressed directly from the Internet; therefore, answer A is incorrect. A bastion host on the private network communicating directly with a border router is a screened host; therefore, answer C incorrect. Answer D is a fictitious term and is therefore incorrect, too.
Question 5
Answer A is correct. You will need the full backup from Friday and the differential tape from Tuesday. Answer B is incorrect because four tapes are too many for any type of backup because Wednesday’s backup has not been done yet. Answer C is incorrect because one tape would be enough only if full backups were done daily. Answer D is incorrect because three would be the number of tapes needed if the backup type were incremental.
Question 6
Answer B is correct. A VPN is used to provide secure remote access services to the company’s employees and agents. Answer A is incorrect because a DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer C is incorrect because the purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer D is incorrect because NAT acts as a liaison between an internal network and the Internet.
Question 7
Answer C is correct. SHA-1 is an updated version of Secure Hash Algorithm (SHA), which is used with DSA. Answer A is incorrect because this is an algorithm that uses a public and private key pair and is not associated with the SHA-1. Answer B is incorrect because a digital signature is not an encryption algorithm. Answer D is incorrect because a certificate authority accepts or revokes certificates.
Answer B is correct. Shoulder surfing uses direct observation techniques. It gets its name from looking over someone’s shoulder to get information. Answer A is incorrect because social engineering is when an intruder tricks a user into giving him private information. Answer C is incorrect because reverse social engineering involves an attacker convincing the user that she is a legitimate IT authority, causing the user to solicit her assistance. Answer D is incorrect because phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity via an electronic communication, usually an email.
Question 9
Answers B and D are correct. Having Telnet enabled presents security issues and is not a primary method for minimizing threat. Logging is important for secure operations and is invaluable when recovering from a security incident. However, it is not a primary method for reducing threat. Answer A is incorrect because disabling all non-web services may provide a secure solution for minimizing threats. Answer C is incorrect because each network service carries its own risks; therefore, it is important to disable all nonessential services.
Question 10
Answers A and C are correct. Trusted Platform Module (TPM) provides for the secure storage of keys, passwords, and digital certificates, and is hardware based, typically attached to the circuit board of the system. In addition, TPM can be used to ensure that a system is authenticated and ensure that the system has not been altered or breached. Answer B is incorrect because TPM is hardware-based. Answer D is incorrect because TPM is system related, not network related.
Question 11
Answer C is correct. Separation of duties is considered valuable in deterring fraud because fraud can occur if an opportunity exists for collaboration between various job-related capabilities. Separation of duty requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set. Answer A is incorrect because social engineering relies on the faults in human behavior. Answer B is incorrect because a virus is designed to attach itself to other code and replicate. Answer D is incorrect because nonrepudiation means that neither a sender nor a receiver can deny sending or receiving a message.
Answer B is correct. Honeynets are collections of honeypot systems interconnected to create networks that appear to be functional and that may be used to study an attacker’s behavior within the network. A bastion host is the first line of security that a company allows to be addressed directly from the Internet; therefore, answer A is incorrect. Answer C is incorrect because it is a made-up term. Answer D is incorrect because an IDS is used for intrusion detection.
Question 13
Answer A is correct. The false acceptance rate (FAR) is a measure of the likelihood that the access system will wrongly accept an access attempt; that is, will allow the access attempt from an unauthorized user. A false positive error occurs when the intrusion-detection system detects a legitimate action as a possible intrusion; therefore, answer B is incorrect. Answer C is incorrect because it describes a false negative error. Answer D is incorrect because it describes false rejection.
Question 14
Answer C is correct. In computer security systems, social engineering attacks are usually the most successful, especially when the security technology is properly implemented and configured. Usually, these attacks rely on the faults in human beings. Answer A is incorrect because a Trojan horse appears to be useful software but has code hidden inside that will attack your system directly or allow the system to be infiltrated by the originator of the code after it is executed. Answer B is incorrect because a mantrap is a physical barrier. Finally, because there is only one correct answer, answer D is incorrect.
Question 15
Answer D is correct. Challenge Handshake Authentication Protocol (CHAP) continues the challenge/response activity throughout the connection to be sure that the user holds the proper credentials to communicate with the authentication server. This makes answers A, B, and C incorrect.
Answer C is correct. Discretionary access control (DAC) enables the owner of the resources to specify who can access those resources. Answer A is incorrect because roles are used to group access rights by role name; the use of resources is restricted to those associated with an authorized role. Answer B is incorrect because rules are mandatory access control. Answer D is incorrect because security labels are also used in mandatory access control.
Question 17
Answer C is correct. AH provides authentication, integrity, and nonrepudiation. ESP provides authentication, encryption, confidentiality, and integrity protection. Answers A, B, and D are incorrect because AH provides authentication, integrity, and nonrepudiation. ESP provides authentication, encryption, confidentiality, and integrity protection.
Question 18
Answer C is correct. As computers get faster, so does the ability for hackers to use distributed computing as a method of breaking encryption algorithms. With computer performance, in some cases, increasing by 30% to 50% a year on average, this could become a concern for some older algorithms. Answer A is incorrect because weak keys exhibit regularities, and the weakness has nothing to do with performance. Answer B is incorrect because the weakness in keys comes from a block cipher regularity in the encryption of secret keys. The keys will not repeat themselves on other machines. Answer D is incorrect because there is only one correct answer.
Question 19
Answer B is correct. A port scanner is a program that searches for unsecured ports. The number of open ports can help determine whether the network is locked down enough to deter malicious activity. Answer A is incorrect because password sniffers monitor network traffic and record the packets sending passwords. Answer C is incorrect because a keystroke logger is able to capture passwords locally on the computer as they are typed and record them. Answer D is incorrect because cookies are small text files used to identify a web user and enhance the browsing experience.
Answer B is correct. System hardening is a process by which all unnecessary services are removed and all appropriate patches applied to make the system more secure. Answer A is incorrect because nonrepudiation means that neither a sender nor a receiver can deny sending or receiving a message. Answer C is incorrect because auditing is a process whereby events are traced in log files. Answer D is incorrect because hashing is an algorithm method.
Question 21
Answer D is correct. DNS is the TCP/UDP service that runs on port 53. Answer A is incorrect because FTP is a TCP service that runs on port 21 (or 20). Sharing runs on UDP port 139; therefore, answer B is incorrect. HTTP (web server) is a TCP service that runs on port 80; therefore, answer C is incorrect.
Question 22
Answer B is correct. Data integrity ensures that data is sequenced, time-stamped, and numbered. Answer A is incorrect because data authentication ensures that the data is properly identified. Answer C is incorrect because data availability ensures that no disruption in the process occurs. Answer D is incorrect because data confidentiality ensures that the data is available only to authorized users.
Question 23
Answers B and D are correct. Both SATAN and SAINT are vulnerability testing tools. Answers A and C are incorrect because John the Ripper and L0phtCrack are both used to crack passwords.
Question 24
Answer C is correct. When data that is going to be encrypted is broken into chunks of data and then encrypted, the type of encryption is called a block cipher. Although many symmetric algorithms use a block cipher, answer A is incorrect because block cipher is a more precise and accurate term for the given question. Answer B is incorrect because elliptic curve is a type of asymmetric encryption algorithm. Answer D is an incorrect choice because only one answer is correct.
Answer A is correct. In a Class A network, valid host IDs are from 10.0.0.1 to 10.255.255.254. Answers B and C are incorrect because they are both Class B addresses; valid host IDs are from 172.16.0.1 through 172.31.255.254. Answer D is incorrect because it is a Class C address. In a Class C network, valid host IDs are from 192.168.0.1 to 192.168.255.254.
Question 26
Answer A is correct. A combination of both uppercase and lowercase letters along with numbers and symbols will make guessing the password difficult. It will also take longer to crack using brute force. Answer B is incorrect because randomly generated passwords are difficult if not impossible for users to remember. This causes them to be written down, thereby increasing the risk of other people finding them. Answers C and D are incorrect because both can easily be guessed or cracked.
Question 27
Answers B and D are correct. A digital signature is applied to a message, which keeps it from being modified or imitated. Digital signatures can also be automatically time-stamped. Answer A is incorrect because digital signatures are based on an asymmetric scheme. Skipjack is a symmetric key algorithm designed by the U.S. National Security Agency (NSA). Answer C is incorrect because digital signatures allow for nonrepudiation. This means the sender cannot deny that the message was sent.
Question 28
Answers A and C are correct. The Key Distribution Center (KDC) used by Kerberos provides authentication services and ticket-distribution services. Time-based induction is a virtual machine used in IDS; therefore, answer B is incorrect. Answer D is incorrect because TEMPEST is the study and control of electrical signals.
Question 29
Answers A and B are correct. A smart card provides for two-factor authentication. The user must enter something he knows (a user ID or PIN) to unlock the smart card, which is something he has. A biometric technique based on distinct characteristics, such as a fingerprint scan, is considered something you are; therefore, answer C is incorrect. Answer D has nothing to do with authentication and is therefore incorrect.
Question 30
Answer A is correct. Buffer overflows are a result of programming flaws that allow for too much data to be sent. When the program does not know what to do with all this data, it crashes, leaving the machine in a state of vulnerability. Answer B is incorrect because a replay attacks records and replays previously sent valid messages. Answer C is incorrect because spoofing involves modifying the source address of traffic or the source of information. Answer D is incorrect because the purpose of a DoS attack is to deny the use of resources or services to legitimate users.
Question 31
Answers B is correct. The Tower of Hanoi is based on the mathematics of the Tower of Hanoi puzzle, with what is essentially a recursive method. It is a “smart” way of archiving an effective number of backups and the ability to go back over time, but it is more complex to understand. Answer B is incorrect because grandfather-father-son backup refers to the most common rotation scheme for rotating backup media. Originally designed for tape backup, it works well for any hierarchical backup strategy. The basic method is to define three sets of backups, such as daily, weekly and monthly. Answers C and D are incorrect because they are made-up methods that do not exist.
Question 32
Answer D is correct. Mocmex is a Trojan found in digital photo frames and collects online game passwords. Because Mocmex is a Trojan, answers A, B, and C are incorrect.
Question 33
Answers B and C are correct. PGP (Pretty Good Privacy) uses encryption to secure email messages, as does S/MIME. Answers A and D are incorrect because these are both methods for sending unsecured email.
Answer C is correct. Group-based privilege management focuses on business units such as marketing to assign and control users. Answer A is incorrect because functions such as server maintenance are role-based. Answer B is incorrect because users get to decide who has access to files used and the level of permissions that will be set. Answer D is incorrect because users are directly assigned privilege based on job function or business need.
Question 35
Answer B is correct. Secure Sockets Layer (SSL) provides security only for the connection, not the data after it is received. The data is encrypted while it is being transmitted, but when received by the computer, it is no longer encrypted. Therefore, answers A, C, and D are incorrect.
Question 36
Answer C is correct. A hot site is a facility and equipment that are already set up and ready to occupy. Answer A is incorrect because a cold site requires the customer to provide and install all the equipment needed for operations. Answer B is incorrect because it describes a mutual agreement. Answer D is incorrect because it describes a warm site.
Question 37
Answer B is correct. Diffie-Hellman uses public and private keys, so it is considered an asymmetric encryption algorithm. Because Rijndael and AES are now one in the same, they both can be called symmetric encryption algorithms; therefore, answers A and D are incorrect. Answer C is incorrect because RC6 is symmetric, too.
Question 38
Answers A, B, and C are correct. The RBAC model can use role-based access, determined by the role the user has, task-based access, determined by the task assigned to the user, or lattice-based access, determined by the sensitivity level assigned to the role. Discretionary-based access involves the explicit specification of access rights for accounts with regards to each particular resource; therefore, answer D is incorrect.
Question Answer B is correct. Tracert traces the route a packet takes and records the hops along the way. This is a good tool to use to find out where a packet is getting hung up. Answer A is incorrect because Netstat displays all the ports on which the computer is listening. Answer C is incorrect because Ipconfig is used to display the TCP/IP settings on a Windows machine. Answer D is also incorrect because Nslookup is a command-line utility used to troubleshoot a domain name system (DNS) database.
Question 40
Answer C is correct. An early exploit of JavaScript allowed access to files located on the client’s system if the name and path were known. Answers A, D, and E are incorrect because JavaScript, not Java, can be used to execute arbitrary instructions on the server, send email as the user, and allow access to cache information. Answer B is incorrect because Java, not JavaScript, can continue running even after the applet has been closed.
Question 41
Answer B is correct. Nonrepudiation means that neither a sender nor a receiver can deny sending or receiving a message or data. Answer A is incorrect because it describes an algorithm. Answer C is incorrect because it describes steganography. Answer D is incorrect because it describes RAID.
Question 42
Answer B is correct. Lightweight Directory Access Protocol (LDAP) connects by default to TCP port 389. Answer A is incorrect because UDP uses port 139 for network sharing. Answer C is incorrect because Port 110 is used for POP3 incoming mail. Answer D is incorrect because Port 443 is used for HTTPS.
Question 43
Answers C and D are correct. OSPF is a routing protocol, and an ACL is used to define access control. Answers A and B are incorrect because the Online Certificate Status Protocol and the certificate revocation list (CRL) are used to verify the status of digital certificates.
Answer C is correct. War dialing is the process of systematically dialing a range of phone numbers hoping to gain unauthorized access to a network via unprotected dial-in modems. Sniffing is the process of capturing packets traveling across the network; therefore, answer A is incorrect. Answer B is incorrect because war driving involves using wireless technology to connect to unprotected networks from outside the building. Social engineering preys upon weaknesses in the human factor; therefore, answer D is incorrect.
Question 45
Answer B is correct. With mandatory access controls, only administrators may change the category of a resource, and no one may grant a right of access that is explicitly forbidden in the access control. Therefore, answers A, C, and D are incorrect.
Question 46
Answer D is correct. Remote Desktop Protocol uses port 3389. Answer A is incorrect because SMTP uses port 25. Answer B is incorrect because port 8080 is used for HTTP. Answer C is incorrect because port 139 is used for NetBIOS traffic.
Question 47
Answer C is correct. Remote Authentication Dial In User Service (RADIUS) is a protocol for allowing authentication, authorization, and configuration information between an access server and a shared authentication server. Answer A is incorrect because Kerberos is a network authentication protocol that uses secret key cryptography. Answer B is incorrect because IPsec is used for the tunneling and transport of data. PPTP is an Internet tunneling protocol; therefore, answer D is incorrect.
Question 48
Answers A, B, and C are correct. Some of the more common tools used to conduct vulnerability assessments, include port scanners, vulnerability scanners, protocol analyzers, and network mappers. Answer D is incorrect. NetStat Performance Monitor is used to monitor individual system components, not test for vulnerabilities.
Answer D is correct. A firewall is a hardware device or a software program used to prevent a network from unauthorized access. Many firewalls are also designed to prevent unauthorized traffic from leaving the network. Answer A is incorrect because intrusion-detection systems are designed to analyze data, identify attacks, and respond to the intrusion. Answer B is also incorrect because a digital certificate electronically identifies an individual. Answer C is incorrect because a honeypot is used as a decoy to lure malicious attacks.
Question 50
Answers A and D are correct. Spoofing involves modifying the source address of traffic or source of information. In this instance, the email was spoofed to make the user think it came from the administrator. By replying to the request, the user was tricked into supplying compromising information, which is a classic sign of social engineering. Answer B is incorrect because a man-in-the-middle attack is commonly used to gather information in transit between two hosts. In a replay, an attacker intercepts traffic between two endpoints and retransmits or replays it later; therefore, answer C is incorrect.
Question 51
Answer D is correct. Logs should be centralized for easy analysis and stored on a machine that has been hardened, logging information traveling on the network should be encrypted if possible, and log files must not be modifiable without a record of the modification. Therefore, answers A, B, and C are incorrect.
Question 52
Answer B is correct. A PKI structure with a single CA and multiple subordinate CAs would benefit the most from a hierarchical structure. This is because it allows the top CA to be the root CA and control trust throughout the PKI. Answer A is incorrect because a cross-certified model is where CAs have a trust relationship with each other; they trust certificates from other CAs. Answer C is incorrect because a bridge is a central point for a cross-certified model. Answer D is incorrect because linked is not a PKI trust model.
Question 53
Answer D is correct. All the statements are good reasons why it is unsafe to run signed code on your system.
Answers A and D are correct. This solution describes a host-based solution identifying a known attack signature. Answer B is incorrect because no baselining is required for this solution. Answer C is incorrect because the agent does not attempt to capture packet data; it just reviews the web service logs on the local system.
Question 55
Answer C is correct. A wet-pipe system constantly has water in it. In dry-pipe systems, water is used but is held back by a valve until a certain temperature is reached. Therefore, answers A, B, and D are incorrect.
Question 56
Answer C is correct. A DoS attack attempts to block service or reduce activity on a host by sending requests directly to the victim. Answer A is incorrect because spoofing involves modifying the source address of traffic or the source of information. Answer B is incorrect because a man-in-the middle attack is commonly used to gather information in transit between two hosts. Answer D is incorrect because a worm is a form of malicious code.
Question 57
Answers A and C are correct. SSL/TLS supports authentication and encryption. SSL/TLS does not support either certificate revocation lists (CRLs) or attribute certificates; therefore, answers B and D are incorrect.
Question 58
Answer B is correct. Users should not be given privileges above those necessary to perform their job functions. The other choices do not adequately and accurately describe the principle of least privilege. Therefore, answers A, C, and D are incorrect.
Question 59
Answers A, C, and D are correct. Digital certificates contain a field indicating the date to which the certificate is valid. This date is mandatory and can be from a very short period of time up to a number of years. This makes answer B incorrect because it is not necessary that the certificates be issued yearly.
Answer C is correct. By an account being locked after a few consecutive attempts, the effectiveness of a brute-force attack is reduced. Increasing the value of the password history only prevents the user from using previously used passwords; therefore, answer A is incorrect. Having an employee show proper identification does nothing to reduce brute-force attacks; therefore, answer B is incorrect. The use of password resets is an adequate mechanism in case a password has been compromised; however, it does little to circumvent brute-force attacks; therefore, answer D is incorrect.
Question 61
Answer A is correct. Behavior-based IDSs use the detection of anomalies from normal patterns of operation to identify new threats. Answer B is incorrect because it describes network-based IDS (NIDS). Answer C is incorrect because it describes knowledge-based detection. Answer D is incorrect because it describes application protocol-based intrusion detection.
Question 62
Answer D is correct. The ability to log on once and gain access to all needed resources is referred to as single sign-on. Answer A is incorrect because it describes an access control method. Answer B is incorrect because multifactor authentication uses two or more authentication techniques. Answer C is incorrect because biometrics relate to authentication.
Question 63
Answer C is correct. Chain of custody tells how the evidence made it from the crime scene to the courtroom, including documentation of how the evidence was collected, preserved, and analyzed. Answer A is incorrect because it describes how an organization responds to an incident. Answer B is incorrect because it describes processes for compliance. Answer D is incorrect because it describes employee rights.
Question Answer C is correct. SSL/TLS is used to secure web communications and ensure that customer information is securely transferred. Answer A is incorrect because S/MIME is used to secure email communications. Answer B is incorrect because VPN is not used to secure public anonymous connections to web servers but instead is used to provide secure remote-access services to the company’s agents. Answer D is incorrect because SSH is used to secure file transfers and terminal sessions.
Question 65
Answers B, C, and E are correct. Confidentiality, integrity, and availability make up the security triad. Answers A and D are incorrect because they are not associated with the security triad.
Question 66
Answer B is correct. The certificate revocation list (CRL) provides a detailed list of all the certificates that are no longer valid for a CA. Answers A and D are both incorrect because these terms relate to the polices and practices of certificates and the issuing authorities. Answer C is incorrect because a corporate security policy is a set of rules and procedures that relate to how information is protected.
Question 67
Answers B, C, and D are correct. Natural disasters, unwanted access, and user restrictions are all physical security issues. Preventing Internet users from getting to data is data security, not physical security; therefore, answer A is incorrect.
Question 68
Answer B is correct. SMTP relay is a process whereby port 25 is used to forward email. If a hacker can exploit your system, he can send junk mail through your server. Answer A is incorrect because a DNS zone transfer is when a DNS server transfers its database information to another DNS server. DNS servers are used for name resolution, not mail. Answer C is incorrect because port scanning involves a utility being used to scan a machine for open ports that can be exploited. Answer D is incorrect because a man-in-the-middle attack is commonly used to gather information in transit between two hosts.
Answers B and C are correct. Common Gateway Interface (CGI) is a standard that allows a web server to execute a separate program to output content. Because of this, CGI scripts can be tricked into executing commands and could also expose system information. Answer A is incorrect because SMTP is used for email relay. Answer D is incorrect because cookies store the IP address of your computer.
Question 70
Answer D is correct. Multifactor authentication uses two or more factors for completing the authentication process. Mutual authentication is a process that authenticates both sides of A connection; therefore, answer C is incorrect. Answers A and B are fictitious terms and are therefore incorrect, too.
Question 71
Answer A is correct. Rijndael was the winner of the new AES standard. Although RC6 and Twofish competed for selection, they were not chosen. 3DES and CAST did not participate; therefore, answers B, C, D and E are incorrect.
Question 72
Answer A is correct. A record of user logins with time and date stamps must be kept. User accounts should be disabled and data kept for a specified period of time as soon as employment is terminated. Answers B, C, and D are incorrect because they are not actions you should take when you find out an employee has been terminated.
Question 73
Answer D is correct. Authentication is what you are authorized to perform, access, or do. The two processes are not the same; therefore, answer A is incorrect. Identification is a means to verify who you are; therefore, answers B and C are incorrect.
Question 74
Answer D is correct. When encrypting and decrypting data using an asymmetric encryption algorithm, you use only the private key to decrypt data encrypted with the public key. Answers A and B are both incorrect because in public key encryption, if one key is used to encrypt, you can use the other to decrypt the data. Answer C is incorrect because the public key is not used to decrypt the same data it encrypted.
Answers A, B, and D are correct. Cookies are used in web page viewing. Cookies use the name and IP address of your machine, your browser type, your operating system, and the URLs of the last pages you visited. Answer C is incorrect. Cookies do not use the network login or password.
Question 76
Answer C is correct. The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer A is incorrect because a DMZ is a small network between the internal network and the Internet that all provides a layer of security and privacy. Answer B is incorrect because a VPN is used to provide secure remote-access services to the company’s employees and agents. Answer D is incorrect because NAT acts as a liaison between an internal network and the Internet.
Question 77
Answers B and C are correct. UDP uses port 139 for network sharing, and port 138 is used to allow NetBIOS traffic for name resolution. Answers A and D are incorrect. UDP ports 161 and 162 are used by SNMP.
Question 78
Answers A and C are correct. FTP is vulnerable because the authentication credentials are sent in clear text, which makes it vulnerable to sniffing and eavesdropping. Answers B and D are incorrect because they do not accurately describe FTP.
Question 79
Answer A is correct. Centralized security requires that a single group of administrators manages privileges and access. This makes the model more secure but less scalable than decentralized security, which is made up of teams of administrators trained to implement security for their area. Therefore, answers B, C, and D are incorrect.
Question 80
Answer B is correct. The slogin SSH utility provides secured command-line connections to a remote server. Answers A, C, and D are incorrect because rlogin, rsh, and rcp do not use secured connections. Answer E is incorrect because the scp utility is used for secure file copying.
Answers A, B, and D are correct. Risk can be accepted, mitigated, transferred, or eliminated. Answer C is incorrect. Vetting often refers to performing a background check on someone and has nothing to do with risk.
Question 82
Answer A is correct. A bastion host is the first line of security that a company allows to be addressed directly from the Internet. A screened subnet is an isolated subnet between the Internet and internal network; therefore, answer B is incorrect. A bastion host on the private network communicating directly with a border router is a screened host; therefore, answer C incorrect. Bastion subnet is a fictitious term; therefore, answer D is incorrect.
Question 83
Answer C is correct. The process of elevating privilege or access is referred to as privilege escalation. Answer A is incorrect because privilege management has to do with programming functions. A Trojan horse is a program used to perform hidden functions; therefore, answer B is incorrect. The ability to log on once and gain access to all needed resources is referred to as single sign-on; therefore, answer D is incorrect.
Question 84
Answer A is correct. A vulnerability is a weakness in hardware or software. Answer B is incorrect because it describes a threat. Answer C is incorrect because it describes a risk. Answer D is incorrect because it describes exposure factor.
Question 85
Answer B is correct. A man-in-the-middle attack is commonly used to gather information in transit between two hosts. Answer A is incorrect because spoofing involves modifying the source address of traffic or source of information. Answer C is incorrect because in a replay, an attacker intercepts traffic between two endpoints and retransmits or replays it later. Because the purpose of a DoS attack is to deny use of resources or services to legitimate users, answer D is incorrect.
Answer D is correct. A business continuity plan looks at the long-term actions taken by a company after a disaster has taken place. Answer A is incorrect because emergency response can be a part of disaster recovery. Answer B is incorrect because it deals with the security of a company as a whole, not disaster planning. Answer C is incorrect because a DRP is an immediate action plan to be implemented following a disaster.
Question 87
Answer B is correct. It is management’s responsibility to set the tone for what type of role security plays in the organization. Answers A, C, and D are incorrect because, although they all play a part in security, the ultimate responsibility lies with management.
Question 88
Answer B is correct. Rolling back changes should be the next step to recovering the servers and making them quickly available for users. Answers A, C, and D are incorrect. Even though they are all options, answer B is the best choice.
Question 89
Answer C is correct. Stateful inspection will look for strings in the data portion of the TCP/IP packet stream on a continuous basis. Answer A is incorrect because heuristics is all about detecting virus-like behavior, rather than looking for specific signatures. Answer B is incorrect because anomaly analysis is used to detect abnormal behavior patterns. Answer D is incorrect because pattern matching searches through thousands of patterns, including popular, obscure, and discontinued patterns.
Question 90
Answer B is correct. Simple Network Management Protocol (SNMP) was developed specifically to manage devices. Answer A is incorrect because Simple Mail Transfer Protocol (SMTP) is a mail protocol used for outgoing mail service. Answer C is incorrect because Lightweight Directory Access Protocol (LDAP) is a directory services protocol. Answer D is incorrect because L2TP is used for packet encapsulation.
Answers B and C are correct. Because DHCP dynamically assigns IP addresses, anyone hooking up to the network can be automatically configured for network access. Answer A is incorrect because a man-in-the-middle attack is commonly used to gather information in transit between two hosts. This is a media concern, not A DHCP issue. Answer D is incorrect because there are security concerns with using DHCP.
Question 92
Answer C is correct. Wireless Transport Layer Security (WTLS) is the security layer for WAP applications. Even though answer B is part of the WAP, it is not the security layer. Answers A and D are incorrect because the Wireless Security Layer and Wireless Security Layer Transport don’t exist.
Question 93
Answers A, B, and D are correct. PPTP, L2TP, and IPsec are the three main tunneling protocols used in VPN connections. Answer C is incorrect because CHAP is an authentication protocol that uses a challenge/response mechanism.
Question 94
Answer A is correct. A worm is similar to a virus and Trojan horse, except that it replicates by itself without any user interaction; therefore, answer B is incorrect. A worm can propagate via email, TCP/IP, and disk drives; therefore, answer C is incorrect. Answer D is incorrect because it describes a self-garbling virus, not a worm.
Question 95
Answer B is correct. TACACS is a client/server protocol that provides the same functionality as RADIUS, except that RADIUS is an actual Internet standard; therefore, answer C is incorrect. Answers A and D are incorrect because both RADIUS and TACACS are authentication protocols.
Answer A is correct. In a decentralized key-management scheme, the user will create both the private and public key and then submit the public key to the CA to allow it to apply its digital signature after it has authenticated the user. Answer B is incorrect because centralized key management allows the organization to have complete control over the creation, distribution, modification, and revocation of the electronic credentials that it issues. Answers C and D are incorrect because they are nonexistent terms.
Question 97
Answer D is correct. Users who are uneducated about security policies are the weakest links. Answer A is incorrect because management is responsible for setting the security policies of a company. Answers B and C are incorrect because they are a result of poor security policies.
Question 98
Answers A and C are correct. PGP uses a web of trust rather than the hierarchical structure. It also uses public key encryption. Based on this, answers B and D are incorrect.
Question 99
Answer B is correct. Although the Message Digest (MD) series of algorithms is classified globally as a symmetric key encryption algorithm, the correct answer is hashing algorithm, which is the method that the algorithm uses to encrypt data. Answer A in incorrect because a block cipher divides the message into blocks of bits. Answer C is incorrect because MD5 is a symmetric key algorithm, not an asymmetric encryption algorithm (examples of this include RC6, Twofish, and Rijndael). Answer D is incorrect because cryptographic algorithm is a bogus term.
Question 100
Answer C is correct. Onsite backup is the most common way for companies to protect their data. Although the other answers are viable solutions, onsite backup is the best choice for a small company. Therefore, answers A, B, and D are incorrect.