Practice Exam 2 Answer Key
Answers at a Glance
1. D
2. A
3. A and C
4. A and C
5. C
6. D
7. C
8. A
9. C
10. C
11. A
12. A and B
13. C
14. D
15. B
16. D
17. A
18. A
19. E
20. D
21. A
22. B
23. A
24. D
25. D
26. A, C and D
27. C
28. C
29. A and B
30. A
31. B
32. C
33. D
34. A
35. D
36. A
37. C
38. A
39. C
40. A and B
41. C
42. A, B and C
43. A
44. D
45. B
46. C
47. A
48. D
49. D
50. A and D
51. B
52. A and D
53. C
54. D
55. A
56. A
57. C
58. A
59. A
60. A
61. C
62. A
63. B
64. A
65. D
66. C
67. B
68. B
69. B
70. A
71. A
72. B
73. D
74. C
75. A
76. A
77. C
78. D
79. A
80. C
81. A, B, and C
82. B
83. A, B, and C
84. A
85. B
86. B
87. D
88. D
89. D
90. A, B, and C
91. C
92. A
93. C
94. B
95. B and D
96. C
97. B
98. C
99. C
100. A
101. B
102. B
103. A
104. B
105. C
106. A, B, and D
107. B
108. C
109. B
110. B
111. C
112. D
113. A
114. D
115. A
116. C
117. A and C
118. B
119. D
120. B
121. C
122. A
123. B
124. A
125. C
Answers with Explanations
Answer D is correct. Forensics is the practice of using tools to investigate and establish facts, usually for evidence within a court of law. According to the question, the attack has already taken place, and evidence is being retrieved, and therefore answer A is incorrect. Answers B and C are both incorrect. Due care describes a process before an attack takes place, and due process describes the course taken during court proceedings designed to safeguard the legal rights of individuals.
Answer A is correct. A threat is something that could intentionally (such as a malicious hacker) or unintentionally (such as a tornado) do harm to your computer systems and network. Answer B is incorrect because a risk describes the possibility of realizing a threat. Answer C is incorrect because a vulnerability describes the susceptibility to attack. Answer D is therefore also incorrect.
Answers A and C are correct. Both MD5 and 3DES are cryptography algorithms. Answers B and D are both tunneling protocols used in virtual private networks and are therefore incorrect.
Answers A and C are correct. The IPsec Authentication Header (AH) provides integrity and authentication only and can be used in tunnel mode and transport mode. Therefore, answer B is incorrect; and although AH provides authentication and integrity, answer D does not describe one of the operating modes.
Answer C is correct. A router is a networking device that works at Layer 3 in the OSI model. Answer A is incorrect because a hub works at Layer 1. A switch works at Layer 2; therefore, answer B is incorrect. A bridge operates on Layer 2 of the OSI model; therefore, answer D is incorrect.
Answer D is correct. Both PPTP and L2F (Layer 2 Forward) are leveraged within L2TP. Answers A, B, and C are all incorrect because each answer contains a protocol that is not a tunneling protocol.
Answer C is correct. S/MIME is the secure version of MIME and is used to protect email messages. Answers A and B are incorrect because L2TP and PPTP are tunneling protocols. Answer D is incorrect because MIME is used for plain text (the unsecured version of S/MIME).
Answer A is correct. Digital certificates are issued by certificate authorities (CAs) and serve as a virtual ID or passport, commonly used to conduct business over the Web. Answer B is incorrect because a CA is the issuer of these certificates used to establish identification. Answer C is incorrect because this describes a Microsoft authentication service. A password is a secret word or phrase used to gain access; therefore, answer D is incorrect.
Answer C is correct. A password and a PIN are usually private alphanumeric codes, which are known by an individual. Something you have describes an item such as a swipe card or token; therefore, answer A is incorrect. Something you make is not associated with authentication; therefore, answer B is incorrect. Answer D is incorrect because something you are involves biometrics such as fingerprints and voiceprints. Using an ATM card typically requires something you have (the card) and something you know (the PIN).
Answer C is correct. Mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC) are common types of access control mechanisms used within computer systems, yet DAC is the only one that assigns security levels to objects and subjects. Therefore, answers B and D are incorrect. LDAP is a directory protocol; therefore, answer A is incorrect.
Answer A is correct. A DoS attack (or denial of service) is designed to bring down a network by flooding the system with an overabundance of useless traffic. Although answers B and C are both types of DoS attacks, they are incorrect because DoS more accurately describes “a type of attack.” Answer D is incorrect because social engineering describes the nontechnical means of obtaining information.
Answers A and B are correct. A Message Authentication Code (MAC) provides both an integrity check and authenticity check. It ensures a message, for example, has not been altered and that only an individual knowing the secret key can produce the MAC. Availability and confidentiality are not functions provided by MAC; therefore, answers C and D are both incorrect choices.
Answer C is correct. A distributed denial of service (DDoS) is similar to a denial-of-service (DoS) attack in that they both try to prevent legitimate access to services; however, a DDoS is a coordinated effort among many computer systems; therefore, answer A is incorrect. Masquerading involves using someone else’s identity to access resources; therefore, answer B is incorrect. A Trojan horse is a program used to perform hidden functions; therefore, answer D is incorrect.
Answer D is correct. A firewall is a hardware or software device used to protect a network from unauthorized access. Many firewalls are also designed to prevent unauthorized traffic from leaving the network. Answer A is incorrect; it is not a legitimate term. A honeypot is used as a decoy to lure malicious attacks; therefore, answer C is incorrect. Answer B is also incorrect because Windows XP is a Microsoft operating system.
Answer B is correct. Many firewalls today employ stateful packet inspections and have replaced many packet-filtering firewalls. Answer A is used as a decoy and is incorrect. Answers C and D do not employ stateful packet inspections and are both incorrect. Answer C describes a system used to manage encryption keys, and Answer D is a system used to manage logs.
Answer D is correct. Traditionally, a worm replicates itself, and a virus must be activated to replicate. Answer A is incorrect because a virus must be activated to propagate. Answer B is incorrect because a worm can perform its functions without being triggered. Answer C is also an incorrect statement because worms and viruses are capable of much more
Answer A is correct. A honeypot is used to serve as a decoy and lure a malicious attacker. Answers B and D are incorrect answers and are not legitimate terms for testing purposes. Answer C is incorrect because a DMZ is an area between the Internet and the internal network.
Answer A is correct. Wired Equivalent Privacy (WEP) is part of the 802.11b standard, and it designed to provide for the same level of security as on a wired network. Answers B, C, and D are all incorrect.
Answer E is correct. A good password will make use of uppercase and lowercase letters, as well as numbers and special characters; therefore, answers F and G are both incorrect.
Answer D is correct. Choice D is a good password because it is eight characters long and makes use of mixed case, numbers, and special characters. Answer A is incorrect because it uses a familiar keyboard pattern. Although answer B might make a good password, it would be better if it incorporated numbers within the password (not at the beginning or end) and if it were not a word found in the dictionary; therefore, answer B is incorrect. Answer C is incorrect because a person’s name should not be used.
Answer A is correct. A VPN tunnel is an example of data security—not physical security. Mantrap, fence, and CCTV are all components of physical security; therefore, answers B, C, and D are incorrect.
Answer B is correct. Biometrics is the study of biological characteristics. Geometrics describes geometric qualities or properties; therefore, answer A is incorrect. Answer C, photometrics, is incorrect because this is the study and measurement of the properties of light. Telemetrics is the study and measurement of the transmission of data over certain mediums; therefore, answer D is incorrect.
Answer A is correct. A firewall is a hardware or software system designed to protect networks against threats, and can be used to permit or deny traffic based on IP address. Answer B is incorrect because an intranet is a private network. Answer C is incorrect because this is a type of attack meant to disrupt service. Although a firewall may be called a firewall server, Answer D is incorrect because this is not nearly specific enough.
Answer D is correct. X.509 is the defining standard upon which digital certificates are based. Answer A is incorrect because X.25 is a standard for connecting packet-switched networks. X.400 is a standard for transmitting email; therefore, answer B is incorrect. And X.200 deals with the top layer of the OSI model; therefore, answer C is incorrect.
Answer D is correct. Public Key Infrastructure describes the trust hierarchy system for implementing a secure public key cryptography system over TCP/IP networks. Answers A, B, and C are incorrect because these are bogus terms.
Answers A, C, and D are correct. Port 110 is used by the POP3 incoming mail protocol. Port 143 is used by the IMAP4 incoming mail protocol. And port 25 is used by SMTP outgoing mail protocol. Answer B is incorrect because this is the port used for FTP.
Answer C is correct. Public key encryption uses a public and private key pair. Answer A is incorrect because there are no encryption technologies that use only public keys. Answer B is incorrect because only a symmetric key cryptography system would use just private keys. Answer D is incorrect for the same reason as answer A, and answer E is incorrect for the same reason as answer B.
Answer C is correct. A Gargomel attack, although cool sounding, does not actually exist. Fraggle, Smurf, Teardrop, Ping of death, and Bonk are names of specific denial-of-service attacks; therefore, answers A, B, D, E, and F are incorrect.
Answers A and B are correct. A log report that shows multiple login failures for a single account should raise suspicion because this might be an attempt by an unauthorized person to gain access. Multiple connections in a half-open state are likely waiting for a SYN-ACK and may indicate a SYN flood attack. Answers C and D are incorrect because these appear to be typical network problems or controls that have been implemented by an administrator.
Answer A is correct. Access controls allow an administrator to allow, restrict, or deny access to resources. Two common access control methods are discretionary access control (DAC) and mandatory access control (MAC). Answers B and C are both incorrect because neither of these relates to administrative controls to administer the security on resources. Answer D is incorrect because PGP is used for secure email.
Answer B is correct. Separation of duties and responsibilities is used to ensure a system of checks and balances. Answer A is incorrect because the principal of least privilege is to ensure that users are granted only the minimum level of access required to perform their job functions. Answer C is incorrect because access controls allows for the control of access to resources. Answer D is incorrect; it’s is an invalid term.
Answer C is correct. The three tenets of information security are confidentiality, integrity, and availability. Privacy, although similar to confidentiality, is not considered one of the three; therefore, answers A, B, and D are incorrect.
Answer D is correct. A demilitarized zone (DMZ) sits between a public network such as the Internet and an organizations internal network. A web content zone is a security term used in Microsoft’s web browser; therefore, answer A is incorrect. Both answers B and C are made-up terms and are therefore incorrect.
Answer A is correct. A brute-force attack attempts to use every key and relies on adequate processing power. Answer B is incorrect because a denial-of-service attack is an attempt to prevent legitimate service. Answer C is incorrect because this describes an attempt to intercept data without altering it. Answer D is incorrect because this is the crypto system relying on secret keys.
Answer D is correct. IPsec operates at Layer 3, the network layer, of the OSI model, whereas other security protocols such as SSL operate at higher layers. Answers A, B, and C are other layers within the OSI model but are not the layers at which IPsec operates.
Answer A is correct. Remote Authentication Dial-In User Service (RADIUS) is a client/server system that facilitates the communication between remote access servers and a central server. This central server authenticates the dial-in users and authorizes the user’s access. Answer B is incorrect because a Remote Access Server (RAS) is the system used to handle remote user access, and your manager wants a central server to communicate with these servers. Answer D is incorrect because PPTP is a tunneling protocol.
Answer C is correct. Mutual authentication describes the process whereby a client and server both authenticate each other, rather than the server just authenticating the client. Answers A, B, and D are invalid terms and are therefore incorrect.
Answer A is correct. The etc/passwd file on a UNIX system is world-readable, which is a file anyone can read and could as a result allow an attacker to obtain the hash of everyone’s password to mount on offline attack. In contrast, the etc/shadow file makes the hashed password unreadable by unprivileged users; therefore, answer B is incorrect. Answers C and D are incorrect and do not reference password files.
Answer C is correct. The Wired Equivalent Privacy (WEP) is a security protocol designed for wireless local area networks, and it is defined in the 802.11b standard. Answers A, B, and D are incorrect. 802.11a is an older specification. The IEEE (Institute of Electrical and Electronics Engineers) developed the 802.11 standards, and X.509 is the standard for defining digital certificates.
Answers A and B are correct. Both Secure Sockets Layer (SSL) and Secure HTTP (S-HTTP) are protocols designed to transmit data securely across the Web. SSL uses public key encryption to encrypt the data, and S-HTTP creates a secure connection between the client and server. File Transfer Protocol (FTP) is a simple and unsecured protocol for the transfer of files across the Internet, and TCP/IP, which is inherently unsecured, is the language of the Internet; therefore, answers C and D are incorrect.
Answer C is correct. Not broadcasting the wireless SSID, although a common practice, will not prevent a more determined attack on your wireless network. It does, however, keep the wireless access point from advertising the name of the network. Answers B and D are incorrect because MAC addresses don’t get broadcasted. Rather, wireless access points typically provide a mechanism to filter system access by MAC address; however, like disabling SSID broadcast, this does not stop the more determined attack because one’s MAC address can be spoofed.
Answers A, B, and C are correct. Risk can be defined as the probability of a threat exploiting a vulnerability. Answer D is incorrect. Value is not a component of risk; however, value may affect your decision whether to accept a risk.
Answer A is correct. The Network News Transfer Protocol (NNTP) provides access to newsgroups and uses TCP port 119. The Hypertext Transfer Protocol (Web) uses port 80; therefore, answer B is incorrect. Answers C and D are also incorrect because these ports are used for the sending and receiving of mail. Port 25 is for the Simple Mail Transfer Protocol (SMTP), and port 110 is for the Post Office Protocol (POP).
Answer D is correct. The most likely answer is spoofing because this allows an attacker to misrepresent the source of the requests. Answer A is incorrect because this type of attack records and replays previously sent valid messages. Answer B is incorrect because this is not a type of attack but is instead the granting of access rights based on authentication. Answer C is incorrect because social engineering involves the nontechnical means of gaining information.
Answer B is correct. On a firewall, static packet filtering provides a simple solution for the basic filtering of network traffic based on source, destination addresses, and protocol types. Answer A is incorrect because NAT is used to hide internal addresses. Answer C is incorrect because a VLAN is used to make computers on physically different network segments appear as if they are one physical segment. Answer D is incorrect because an intrusion detection system is used to identify suspicious network activity.
Answer C is correct. Stateful inspection (also called dynamic packet filtering) monitors the connection throughout the session and verifies the validity of IP packet streams. Answer A is incorrect because static packet filtering examines packets based on information in their headers. Answer B is incorrect because there is no such firewall architecture. As opposed to stateful inspection, nonstateful inspection does not maintain the state of the packets; therefore, answer D is incorrect.
Answer A is correct. A passive attack attempts to passively monitor data being sent between two parties and does not insert data into the data stream. A reply attack records and replays previously sent valid messages; therefore, answer B is incorrect. An active attack does make attempts to insert false packets into the data stream; therefore, answer C is incorrect. Authentication refers to the process of verifying the identity of a source and is not a type of attack; therefore, answer D is incorrect.
Answer D is correct. TEMPEST originated with the U.S. military and deals with the study of devices that emit electromagnetic radiation. Electromagnetic radiation or EMR is emitted from devices; therefore, answer A is incorrect. Answer B is a bogus term; therefore, answer B is incorrect. Answer C is incorrect because wiretapping involves the secret monitoring of information being passed.
Answer D is correct. Often an option to opt out of further email does not unsubscribe users, but rather means, “send me more spam” because it has been confirmed that the email address is not dormant. This is less likely to occur with email a user receives that he or she opted into in the first place, however. Answers A, B, and C are incorrect because these are less likely and not the best choices.
Answer A and D are correct. Security training during employee orientation, as well as yearly seminars, are the best choices as these are active methods of raising security awareness. Email and posters are passive; therefore, answers B and C are incorrect.
Answer B is correct. Single sign-on provides the mechanism whereby a user needs to authenticate to a system just one time and can then access multiple systems without the need to reauthenticate or maintain separate usernames and passwords. Answer A is incorrect because authentication is simply the process of identification. Answer C is incorrect because this is a protocol for directory access. Answer D is incorrect.
Answers A and D are correct. Kerberos uses ports 88 and 749. Port 749 is used for Kerberos administration. Answers B and C are incorrect because port 80 is used for HTTP and port 21 is used for FTP.
Answer C is correct. Whereas cookies generally provide benefits to the end users, spyware would be most likely to use a tracking cookie. A tracking cookie is a particular type of permanent cookie that stays around, whereas a session cookie stays around only for the particular visit to a website. Therefore, answer A is incorrect. Answers B and D are not types of cookies and are incorrect.
Answer D is correct. Access control defines what a user can access and what the user can specifically view and alter. Confidentiality ensures data remains private; therefore, answer A is incorrect. Integrity describes the reliability of the data in that it has not been altered; therefore, answer B is incorrect. Authentication verifies the identity of a user or system; therefore, answer C is incorrect.
Answer A is correct. SLE can be solved by multiplying the asset value (AV) by the exposure factor (EF). Multiplying the number of affected employees by their hourly wage means the company will be losing $330 an hour. Because they are unable to work for 4 hours, we must then multiply $330 by 4. Answers B, C, and D are incorrect.
Answer A is correct. By using the Netstat command, you can check the number of open connections that have received a SYN but not an ACK, which may indicate connections left in a half-opened state. Ping, Tracert, and Ipconfig are other useful utilities but will not show connection states as does Netstat; therefore, answers B, C, and D are incorrect.
Answer C is correct. Both carbon dioxide and dry chemicals can be used to extinguish a class C electrical fire; however, carbon dioxide is better suited for computer and other electrical equipment because carbon dioxide does not leave a harmful residue; therefore, answer A is incorrect. Answers B and D are also incorrect. Water should never be used on a class C fire because of the risk of electrical shock, and helium is not an extinguishing agent.
Answer A is correct. Security associations (SAs) are created to help protect the traffic stream, and two SAs are required—one in each direction. Therefore, answers B, C, and D are incorrect.
Answer A is correct. A host-based intrusion-detection system (HIDS) and a network-based intrusion-detection system differ primarily in that a NIDS is concerned with monitoring the external interfaces, whereas the HIDS is concerned with only the system itself. Answers B, C, and D are accurate statements, therefore based on the question, they are incorrect answers.
Answer A is correct. A back door is an opening in a program, often left by a developer, that enables access through nontraditional means. Answer B is incorrect because an algorithm refers to the steps to arrive at a result. Blowfish is a type of symmetric block cipher; therefore, answer C is incorrect. Answer D is incorrect because a demilitarized zone is a zone within a network where publicly accessible servers are typically placed.
Answer C is correct. Port 80 is used for web services, also known as Hypertext Transfer Protocol. Port 21 is used for the File Transfer Protocol (FTP); therefore, answer A is incorrect. Port 25 is used for the Simple Mail Transfer Protocol (SMTP); therefore, answer B is incorrect. Port 110 is used for the Post Office Protocol (POP); therefore, answer D is incorrect.
Answer A is correct. Encapsulating Security Payload (ESP) is IP protocol 50. Answers B, C, and D are incorrect.
Answer B is correct. Data aggregation is the process of combining separate pieces of data that by themselves might be of no use but when combined with other bits of data will provide a greater understanding. The other choices are invalid answers; therefore, answers A, C, and D are incorrect.
Answer A is correct. Individuals granted widespread authorization to data have a much easier chance to perform data aggregation. Ensuring the separation of duties provides a countermeasure against such data collection. Classifying the data does not help against the risk that the information may be collected by authorized individuals; therefore, answer B is incorrect. Answers C and D are also incorrect because these are irrelevant to the process of piecing together separate pieces of data.
Answer D is correct. Role-based access control (RBAC), as the name implies, assigns access rights to roles. Answer A is incorrect because an access control list is a list of permissions attached to an object. Answers B and C are also incorrect because these are other types of access control.
Answer C is correct. Although the two are not interoperable, TLS is based on SSL and provides security between web applications and their clients. TLS was designed to be the successor to Secure Sockets Layer; therefore, answer A is incorrect. Answer B is a protocol used to create secure tunnels, such as in a virtual private network; therefore, answer B is incorrect. Internet Protocol Security (IPsec) is also used to create virtual private networks; therefore, answer D is incorrect.
Answer B is correct. The Password Authentication Protocol (PAP) is a basic form of authentication during which the username and password are transmitted unencrypted. Both CHAP and MSCHAP-v2 support the secure transmission of usernames and passwords; therefore answers A, C, and D are incorrect.
Answer B is correct. PPP, a protocol for communicating between two points using a serial interface, provides service at the second layer of the OSI model: the data link layer. Layer 1 (physical), Layer 3 (network), and Layer 4 (transport) are not the layers at which PPP provides its service; therefore, answers A, C, and D are incorrect.
Answer B is correct. Public key encryption is not usually used to encrypt large amounts of data, but it is does provide an effective and efficient means of sending a secret key from which to do symmetric encryption thereafter, which provides the best method for efficiently encrypting large amounts of data. Therefore, answers A, C, and D are incorrect.
Answer A is correct. PPP can handle synchronous and asynchronous connections; therefore, answers B, C, and D are incorrect.
Answer A is correct. Access rights are grouped by the role name, and the use of resources is restricted to those associated with the authorized role. Answers B, C, and D are incorrect ways of describing how access rights are grouped within RBAC.
Answer B is correct. An access control list (ACL) coordinates access to resources based on a list of allowed or denied items such as users or network addresses. Answer A is incorrect because ACLU identifies a nonprofit organization that seeks to protect the basic civic liberties of Americans. An access point (AP) is often used in relation to a wireless access point (WAP); therefore, answer C is incorrect. Answer D is also incorrect.
Answer D is correct. Passwords, home directories, and usernames in most cases are unique to the individual users. Although the use of shared usernames and passwords is common in many instances, it is a practice that generally should not be used.
Answer C is correct. The email is likely a hoax, and although the policies might differ among organizations, given this scenario and the available choices, the best answer is to notify the system administrator. Answers A, B, and D are incorrect.
Answer A is correct. Logging is the process of collecting data to be used for monitoring and auditing purposes. Auditing is the process of verification that normally involves going through log files; therefore, answer B is incorrect. Typically, the log files are frequently inspected, and inspection is not the process of collecting the data; therefore, answer C is incorrect. Vetting is the process of thorough examination or evaluation; therefore, answer D is incorrect.
Answer A is correct. Users should not be given privileges above those necessary to perform their job function. The other choices do not adequately and accurately describe the principle of least privilege; therefore, answers B, C, and D are incorrect.
Answer C is correct. The potential for fraudulent activity is greater when the opportunity exists for one who is able to execute all the transactions within a given set. The separation of duties is not a deterrent to Trojan horses, viruses, or corporate audits; therefore, answers A, B, D, and E are incorrect.
Answer D is correct. Answers A, B, and C are not the best choices. Cross-site scripting (XXS) and buffer overflow are two potentially real dangers of not performing input validation within forms on a website.
Answer A is correct. By locking an account after a few consecutive attempts, you can reduce the likelihood of a brute-force attack. Having an employee show proper identification does nothing to reduce brute-force attacks; therefore, answer B is incorrect. Increasing the value of the password history only prevents the user from using previously used passwords; therefore, answer C is incorrect. Password resets is an adequate mechanism to use in case a password has been compromised but does little to circumvent brute-force attacks; therefore, answer D is incorrect.
Answer C is correct. Proper labeling concerning the sensitivity of information should be placed on media such as tapes and disks to prevent the mishandling of the information. Tokens are a hardware device; therefore, answer A is incorrect. SSL is a protocol for protecting documents on the Internet; therefore, answer B is incorrect. Answer D, ticketing, is also incorrect.
Answers A, B, and C are correct. Protecting data against accidental or malicious events is based on the classification level of the data, the data’s value, and the level of risk or compromise of the data. The size of the organization has no bearing on the level of protection to be provided; therefore, answer D is incorrect.
Answer B is correct. When an IDS detects an attacker, the attacker may then be transparently transferred to a padded cell host, which is a simulated environment where harm cannot be done. All three terms used for answers A, C, and D are incorrect because these are not related to intrusion-detection systems.
Answers A, B, and C are correct. All except answers D and E are advantages of honeypots and honeynets. Currently, the legal implications of using such systems are not that well defined, and the use of these systems will typically require more administrative resources.
Answer A is correct. A policy is the formal set of statements that define how systems are to be used. Standards are a definition or format that is approved and must be used; therefore, answer B is incorrect. Guidelines are similar to standards but serve as more of a suggestion; therefore, answer C is incorrect. Procedures typically provide step-by-step instructions to follow; therefore, answer D is incorrect.
Answer B is correct. 802.11 is the IEEE standard relating the family of specifications for wireless LAN technologies. 802.2 is the standard for the data link layer in the OSI reference model; therefore, answer A is incorrect. 802.1 is the standard related to network management; therefore, answer C is incorrect. 802.6 is the standard for metropolitan area networks (MANs); therefore, answer D is incorrect.
Answer B is correct. The well-known ports are those from 0 through 1023. Registered ports are those from 1,024 through 49,151, and dynamic or private ports are those from 49,152 through 65,535; therefore, answers A, C, and D are incorrect.
Answer D is correct. A policy is the formal set of statements that define how systems are to be used. Standards are a definition or format that is approved and must be used; therefore, answer A is incorrect. Procedures typically provide step-by-step instructions to follow; therefore, answer B is incorrect. Guidelines are similar to standards but serve as more of a suggestion; therefore, answer C is incorrect.
Answer D is correct. SPAP was designed by Shiva and is an older, two-way reversible encryption protocol that encrypts the password data sent between client and server. PAP is a basic authentication protocol that does not provide for encryption; therefore, answer A is incorrect. MS-CHAP uses a one-way encryption scheme for encryption; therefore, answer B is incorrect. Answer C is incorrect. MPPE is used to encrypt data in PPP and PPTP dial-up connections and VPN connections.
Answer D is correct. NTFS (NT File System) is the preferred system because it supports file and folder permissions (among many other benefits, such as auditing). CDFS (CD-ROM File System) is used to control the CD-ROM; therefore, answer A is incorrect. NFS (Network File System) is a client/server application; therefore, answer B is incorrect. FAT (File Allocation Table) file systems are not recommended because they lack native file-level security support; therefore, answer C is incorrect.
Answers A, B, and C are correct. The NetBIOS name service uses port 137. The NetBIOS datagram service uses port 138, and the NetBIOS session service uses port 139. Port 140 is used by the EMFIS data service; therefore, answer D is incorrect.
Answer C is correct. An incremental backup backs up only files created or changed since the last normal or incremental backup and clears the archive bit. A copy backup backs up all selected files but doesn’t clear the archive bit; therefore, answer A is incorrect. A daily backup copies all selected files that you have modified the day the backup is performed but does not clear the archive bit; therefore, answer B is incorrect. A differential backup is similar to an incremental, but it does not clear the archive bit; therefore, answer D is incorrect.
Answer A is correct. Nonrepudiation means that neither party can deny either having sent or received the data in question. Both answers B and C are incorrect. And repudiation is defined as the act of repudiation or refusal; therefore, answer D is incorrect.
Answer C is correct. A disaster recovery plan is an agreed-upon plan that details the restoration of operations in the event of a disaster, and it should already be in existence before a disaster strikes; therefore, answers A, B, and D are incorrect.
Answer B is correct. Hardening refers to the process of securing an operating system. Handshaking relates the agreement process before communication takes place; therefore, answer A is incorrect. A hotfix is just a security patch that gets applied to an operating system; therefore, answer C is incorrect. Hardening is the only correct answer; therefore, answer D is incorrect.
Answers B and D are correct. Windows Server operating systems come with a protocol analyzer called Network Monitor. Third-party programs such as Wireshark can also be used for network monitoring. Metasploit is a framework used for penetration testing and SATAN is a network security testing tool; therefore, answers A and C are incorrect.
Answer C is correct. Polymorphic viruses are designed to change part of their code after they infect a file in an attempt to invade detection. A stealth virus tries to hide its existence by taking over portions of your system; therefore, answer A is incorrect. A cavity virus attempts to install itself with a program; therefore, answer B is incorrect. A multipartite virus uses multiple methods of infecting a system, and so answer D is incorrect.
Answer B is correct. Macro viruses are easy to create and do not require programming knowledge, and are known to infect Microsoft Office documents such as those created with Microsoft Word. Stealth, polymorphic, and multipartite viruses, unlike macro viruses, require programming, and they are associated with infecting the operating system; therefore, answers A, C, and D are incorrect.
Answer C is correct. On Windows systems, the account with the greatest privileges is referred to as administrator. On UNIX systems, however, this account is named root, and supervisor is used in Novell NetWare environments; therefore, answers A, B, and D are incorrect.
Answer C is correct. SSH provides for the secure access of remote computers and uses RSA public key cryptography. SET is a system for ensuring the security of financial transactions on the Web; therefore, answer A is incorrect. Answer B is incorrect because SHA is a hashing algorithm used to create a condensed version of a message. Telnet is used to access computer remotely, but it is unsecured; therefore, answer D is incorrect.
Answer A is correct. DNS uses port 53 for zone transfers. The Hypertext Transfer Protocol (Web) uses port 80; therefore, answer B is incorrect. The NetBIOS name service uses port 137, and the NetBIOS datagram service uses port 138; therefore, answers C and D are incorrect.
Answer B is correct. Although the assigned port for the Hypertext Transfer Protocol (Web) is port 80, it is not required. In most cases, web servers do run on port 80 because browsers use this port by default, and the port number does not need to be specified within the Uniform Resource Locator (URL). Port 8080 is an assigned alternative port for web servers but still requires this port be specified in the URL when used. Answers A, C, and D are incorrect choices because these are all valid statements about web servers.
Answer B is correct. Disk mirroring, also known as RAID 1, is made up of two drives that are duplicates of each other. RAID level 0, also known as disk striping, does not provide any fault tolerance; therefore, answer A is incorrect. RAID 2 uses an error-correcting algorithm that employs disk striping; therefore, answer C is incorrect. Answer D, RAID 3, which is similar to RAID 2, is also incorrect.
Answer A is correct. A false positive error occurs when the intrusion-detection system detects a legitimate action as a possible intrusion. Answer B is incorrect because it describes a false negative error. Answers C and D are incorrect because they describe subversion errors.
Answer B is correct. Password sniffers monitor traffic and record the packets sending passwords. Answer A is incorrect because a keyboard sniffer can capture passwords locally on the computer as they are typed and recorded. A Trojan horse is a program that has a hidden function; therefore, answer C is incorrect. Answer D is incorrect because cookies are small text files used to identify a web user and enhance the browsing experience.
Answer C is correct. A class C fire involves energized electrical equipment and is usually suppressed with nonconducting agents. Class A fires involve combustibles such as wood and paper; therefore, answer A is incorrect. Answer B is incorrect because a class B fire involves flammables or combustible liquids. Answer D is incorrect because a class D fire involves combustible metals such as magnesium.
Answers A, B, and D are correct. A physical security plan should be a written plan that addresses your current physical security needs and future direction. With the exception of answer C, all the answers are correct and should be addressed in a physical security plan. A hard disk’s physical blocks pertain to the file system.
Answer B is correct. There are numerous reasons why a certificate might need to be revoked (including a certificate being issued to the incorrect person). A CPS is a published document from the CA describing their policies and procedures for issuing and revoking certificates; therefore, answer A is incorrect. A private key compromise is actually another reason to perform revocation of a certificate; therefore, answer C is incorrect. Answer D is incorrect because this is a bogus term.
Answer C is correct. Each network services carries its own risks; therefore, it is important to disable all nonessential services. Although disabling all non-web services may provide a secure solution for minimizing threats, having Telnet enabled for interactive logins presents security issues, and is not a primary method for minimizing threat; therefore, answer A is incorrect. Answer B is incorrect because both these services are not recommended to be enabled on a web server. Logging is important for secure operations and is invaluable when recovering from a security incident; however, it is not a primary method for reducing threat. Therefore, answer D is incorrect.
Answer B is correct. Answers A and C are incorrect but are related to a botnet in that a zombie is one of many computer systems that make up a botnet, whereas a bot herder is the controller of the botnet. Answer D is incorrect. A virus is a program that infects a computer without the knowledge of the user.
Answer B is correct. Role-based access control (RBAC) ensures the principal of least privilege by identifying the user’s job function and ensuring a minimum set of privileges required to perform that job. IPsec is a set of protocols to enable encryption, authentication, and integrity; therefore, answer A is incorrect. Answer C is incorrect because an IDS is used for intrusion detection, and answer D is incorrect because a DRP is a plan used in the event of disaster.
Answer C is correct. Trusted Computer System Evaluation (TCSEC) and Information Technology Security Evaluation Criteria (ITSEC) are major security criteria efforts, and the Common Criteria is based on both TCSEC and ITSEC; therefore, answers A, B, and D are the three major security evaluation criteria efforts. IPsec, however, is a set of protocols to enable encryption, authentication, and integrity.
Answer D is correct. Zone transfers are associated with DNS servers. If a malicious hacker were to obtain a DNS zone file, the hacker could identify all the hosts present within the network. Zone transfers are not functions of a database, file and print, or web server; therefore, answers A, B, and C are incorrect.
Answer A is correct. Antispam software programs use black and white lists to control spam by refusing or allowing email that originates from these lists. Answer B is incorrect because antivirus software uses signatures. Answer C is incorrect because DoD attacks are prevented by filter-by-access control lists. Answer D is incorrect because SQL injection attacks can be prevented with the use of a web vulnerability scanner. This router does most of the packet filtering for the firewall. Answers B, C, and D are incorrect choices.
Answer D is correct. Pretty Good Privacy (PGP) is a hybrid cryptosystem that makes use of the incorrect choices, A, B, and C. IDEA is a symmetric encryption cipher, and RSA is an asymmetric cipher, and MD5 is a hash.
Answer A is correct. Signals within fiber-optic cables are not electrical in nature, and therefore they do not emit electromagnetic radiation to be detected. This makes fiber-optic cabling ideal for high-security networks. Both UTP and STP are susceptible to eavesdropping, but STP is less susceptible than UTP; therefore, answers B and C are incorrect. Answer D is incorrect because coaxial thicknet is also susceptible to eavesdropping, yet it is a better choice than UTP.
Answer C is correct. The plenum is the space between the ceiling and the floor of a building’s next level. It is commonly used to run network cables, which must be of plenum-grade. A raised floor, sometimes called a plenum floor, is open space below a floor; therefore, answer A is incorrect. Answer B is incorrect; in fact, there the plenum is of concern during a fire because there are actually little if any barriers to contain fire and smoke. Answer D is incorrect because Teflon is a trademarked product of the DuPont corporation. Telfon is often used to coat wiring placed in the plenum of a building.
Answers A and C are correct. UDP ports 161 and 162 are used by SNMP. Answers B and D are incorrect. UDP uses port 139 for network sharing, and port 138 is used to allow NetBIOS traffic for name resolution.
Answer B is correct. The Internet Numbers Authority (IANA) has reserved three blocks of IP addresses for private networks: 10.0.0.0 through 10.255.255.255, 172.16.0.0 through 172.31.255.255, and 192.168.0.0 through 192.168.255.255. In addition, 169.254.0.0 through 169.254.255.255 are reserved for automatic private IP addressing; therefore, answers A, C, and D are incorrect.
Answer D is correct. A cold site is a disaster recovery service, similar to hot site in that it provides office space. However, a cold site requires the customer to provide and install all the equipment needed for operations, whereas a hot site is all ready to go. Naturally, a cold site is less expensive than a hot site.
Answer B is correct. A Faraday cage is a solid or mesh metal box used to trap and ground stray electrical signals. The box completely surrounds the protected equipment and is well-grounded to dissipate stray signals from traveling to or from the cage. TEMPEST is a government standard describing methods implemented to block or limit electromagnetic radiation (EMR) from electronic equipment; therefore, answers A and C are incorrect. Answer D is also incorrect.
Answer C is correct. An SLA is a written contract between a service provider and customer, and it specifies the services the provider will furnish to the customer. Answers A, B, and D are incorrect. Answer B may describe a specific type of SLA, but it is not the best answer.
Answer A is correct. A buffer overflow occurs when a program or process attempts to store more data in a buffer than the buffer was intended to hold. The overflow of data can flow over into other buffers overwriting or deleting data. A denial of service is a type of attack in which too much traffic is sent to a host, preventing it from responding to legitimate traffic. A distributed denial of service is similar, but it is initiated through multiple hosts; therefore, answers B and C are incorrect. Although answer D sounds correct, it is not.
Answer B is correct. Hashing, which is used in many encryption algorithms, is a smaller number achieved from a larger string of text. Cipher block chaining is an operation in which a sequence of bits is encrypted as a single unit; therefore, answer A is incorrect. PKI is comprised of various components making up the infrastructure to provide public and private key cryptography over networks; therefore, answer C is incorrect. Answer D is incorrect because ciphertext is synonymous with encrypted text.
Answer A is correct. Before attempting to break into a system, the hacker will first try to analyze and footprint as much information as possible. Cracking describes malicious attacks on network resources; therefore, answer B is incorrect. Answer C is incorrect because social engineering is the nontechnical means of intrusion that often relies on tricking people into divulging security information. Spoofing is the electronic means of pretending to be someone else; therefore, answer D is incorrect.
Answer C is correct. A proxy server provides security and caching services by serving as the intermediary between the internal network and external resources. Answer B is incorrect because a packet filter is type of firewall in which each packet is examined and is either allowed or denied based on policy. A firewall is similar to a proxy server in the security it provides. However, a firewall does not seek to fulfill requests as does a proxy server, which will maintain previously accessed information in its cache; therefore, answer D is incorrect.