Q6. Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy.

What is the main theme of the sub-policies for Information Technologies?

A. Availability, Non-repudiation, Confidentiality

B. Authenticity, Integrity, Non-repudiation

C. Confidentiality, Integrity, Availability

D. Authenticity, Confidentiality, Integrity

View Answer

Q7. A virus that attempts to install itself inside the file it is infecting is called?

A. Tunneling virus

B. Cavity virus

C. Polymorphic virus

D. Stealth virus

View Answer

Q8. Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

A. Confront the client in a respectful manner and ask her about the data.

B. Copy the data to removable media and keep it in case you need it.

C. Ignore the data and continue the assessment until completed as agreed.

D. Immediately stop work and contact the proper legal authorities.

View Answer

Q9. Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.

What should Bob recommend to deal with such a threat?

A. The use of security agents in clientsu2021 computers

B. The use of DNSSEC

C. The use of double-factor authentication

D. Client awareness

View Answer

Q10. Which regulation defines security and privacy controls for Federal information systems and organizations?

A. HIPAA

B. EU Safe Harbor

C. PCI-DSS

D. NIST-800-53

View Answer

Q11. PGP, SSL, and IKE are all examples of which type of cryptography?

A. Hash Algorithm

B. Digest

C. Secret Key

D. Public Key

View Answer

Q12. Alice encrypts her data using her public key PK and stores the encrypted data in the cloud. Which of the following attack scenarios will compromise the privacy of her data?

A. None of these scenarios compromise the privacy of Aliceu2021s data

B. Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrewu2021s attempt to access the stored data

C. Hacker Harry breaks into the cloud server and steals the encrypted data

D. Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

View Answer

Q13. When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

A. Identifying operating systems, services, protocols and devices

B. Modifying and replaying captured network traffic

C. Collecting unencrypted information about usernames and passwords

D. Capturing a network traffic for further analysis

View Answer

Q14. Which protocol is used for setting up secure channels between two devices, typically in VPNs?

A. PPP

B. IPSEC

C. PEM

D. SET

View Answer

Q15. Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

A. u2013T0

B. u2013T5

C. -O

D. -A

View Answer