Q1. A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources. Which of the following technologies would be used to accomplish this goal?
A. NIDS
B. NAC
C. DLP
D. DMZ
E. Port Security
Answer: B
Explanation:
Q2. An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?
A. Shoulder surfing
B. Dumpster diving
C. Whaling attack
D. Vishing attack
Answer: A
Explanation:
The CCTV camera has recorded people entering their PINs in the ATMs. This is known as shoulder surfing.
Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.
Q3. Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability?
A. Email Encryption
B. Steganography
C. Non Repudiation
D. Access Control
Answer: C
Explanation:
Nonrepudiation prevents one party from denying actions they carried out.
Q4. During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server?
A. SPIM
B. Backdoor
C. Logic bomb
D. Rootkit
Answer: D
Explanation:
A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection. The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network.
Q5. A recent vulnerability scan found that Telnet is enabled on all network devices. Which of the following protocols should be used instead of Telnet?
A. SCP
B. SSH
C. SFTP
D. SSL
Answer: B
Explanation:
SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.
Q6. Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?
A. Kerberos
B. LDAP
C. SAML
D. RADIUS
Answer: D
Explanation:
Q7. An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?
A. Unified Threat Management
B. Virtual Private Network
C. Single sign on
D. Role-based management
Answer: A
Explanation:
When you combine a firewall with other abilities (intrusion prevention, antivirus, content filtering, etc.), what used to be called an all-in-one appliance is now known as a unified threat management (UTM) system. The advantages of combining everything into one include a reduced learning curve (you only have one product to learn), a single vendor to deal with, and—typically—reduced complexity.
Q8. An information bank has been established to store contacts, phone numbers and other records.
An application running on UNIX would like to connect to this index server using port 88. Which of the following authentication services would this use this port by default?
A. Kerberos
B. TACACS+
C. Radius
D. LDAP
Answer: A
Explanation: Kerberos makes use of port 88.
Q9. A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?
A. WPA2
B. WPA
C. IPv6
D. IPv4
Answer: C
Explanation:
IPSec security is built into IPv6.
Q10. An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?
A. DLP
B. Asset tracking
C. HSM
D. Access control
Answer: A
Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.