Q1. Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment? 

A. dig 

B. ifconfig 

C. ipconfig 

D. nbtstat 

View Answer

Q2. A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is 

A. the scalability of token enrollment. 

B. increased accountability of end users. 

C. it protects against unauthorized access. 

D. it simplifies user access administration. 

View Answer

Q3. An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring? 

A. A dictionary attack 

B. A Denial of Service (DoS) attack 

C. A spoofing attack 

D. A backdoor installation 

View Answer

Q4. Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack? 

A. Smurf 

B. Rootkit exploit 

C. Denial of Service (DoS) 

D. Cross site scripting (XSS) 

View Answer

Q5. Which of the following BEST describes Recovery Time Objective (RTO)? 

A. Time of data validation after disaster 

B. Time of data restoration from backup after disaster 

C. Time of application resumption after disaster 

D. Time of application verification after disaster 

View Answer

Q6. What is the GREATEST.challenge of.an agent-based patch management solution? 

A. Time to gather vulnerability information about the computers in the program 

B. Requires that software be installed, running, and managed on all participating computers 

C. The significant amount of network bandwidth while scanning computers 

D. The consistency of distributing patches to each participating computer 

View Answer

Q7. What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)? 

A. Evaluating the efficiency of the plan 

B. Identifying the benchmark required for restoration 

C. Validating the effectiveness of the plan 

D. Determining the Recovery Time Objective (RTO) 

View Answer

Q8. A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle? 

A. Onward transfer 

B. Collection Limitation 

C. Collector Accountability 

D. Individual Participation 

View Answer

Q9. Retaining system logs for six months or longer can be valuable for what activities?.

A. Disaster recovery and business continuity 

B. Forensics and incident response 

C. Identity and authorization management 

D. Physical and logical access control 

View Answer

Q10. A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project? 

A. The organization's current security policies concerning privacy issues 

B. Privacy-related regulations enforced by governing bodies applicable to the organization 

C. Privacy best practices published by recognized security standards organizations 

D. Organizational procedures designed to protect privacy information 

View Answer