Q1. Purchasing receives a phone call from a vendor asking for a payment over the phone. The phone number displayed on the caller ID matches the vendor’s number. When the purchasing agent asks to call the vendor back, they are given a different phone number with a different area code.
Which of the following attack types is this?
A. Hoax
B. Impersonation
C. Spear phishing
D. Whaling
Answer: B
Explanation:
In this question, the impersonator is impersonating a vendor and asking for payment. They have managed to ‘spoof’ their calling number so that their caller ID matches the vendor’s number. Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat.
Q2. Which of the following best practices makes a wireless network more difficult to find?
A. Implement MAC filtering
B. UseWPA2-PSK
C. Disable SSID broadcast
D. Power down unused WAPs
Answer: C
Explanation:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.
Q3. An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?
A. Cluster tip wiping
B. Individual file encryption
C. Full disk encryption
D. Storage retention
Answer: A
Explanation:
A computer hard disk is divided into small segments called clusters. A file usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted.
Q4. Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?
A. Application patch management
B. Cross-site scripting prevention
C. Creating a security baseline
D. System hardening
Answer: D
Explanation:
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.
Q5. A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?
A. Internet networks can be accessed via personally-owned computers.
B. Data can only be stored on local workstations.
C. Wi-Fi networks should use WEP encryption by default.
D. Only USB devices supporting encryption are to be used.
Answer: D
Explanation:
The concern for preventing data loss is the concern for maintaining data confidentiality. This can
be accomplished through encryption, access controls, and steganography.
USB encryption is usually provided by the vendor of the USB device. It is not included on all USB
devices.
Q6. Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?
A. Privacy Policy
B. Least Privilege
C. Acceptable Use
D. Mandatory Vacations
Answer: D
Explanation:
When one person fills in for another, such as for mandatory vacations, it provides an opportunity to see what the person is doing and potentially uncover any fraud.
Q7. Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO).
A. Tethering
B. Screen lock PIN
C. Remote wipe
D. Email password
E. GPS tracking
F. Device encryption
Answer: C,F
Explanation:
C: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.
F: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
Q8. Which of the following BEST describes a demilitarized zone?
A. A buffer zone between protected and unprotected networks.
B. A network where all servers exist and are monitored.
C. A sterile, isolated network segment with access lists.
D. A private network that is protected by a firewall and a VLAN.
Answer: A
Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
Q9. A company requires that a user’s credentials include providing something they know and something they are in order to gain access to the network. Which of the following types of authentication is being described?
A. Biometrics
B. Kerberos
C. Token
D. Two-factor
Answer: D
Explanation: Two-factor authentication is when two different authentication factors are provided for authentication purposes. In this case, “something they know and something they are”.
Q10. A user has received an email from an external source which asks for details on the company’s new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information". Which of the following should the user do NEXT?
A. Contact their manager and request guidance on how to best move forward
B. Contact the help desk and/or incident response team to determine next steps
C. Provide the requestor with the email information since it will be released soon anyway
D. Reply back to the requestor to gain their contact information and call them
Answer: B
Explanation:
This is an incident that has to be responded to by the person who discovered it- in this case the user. An incident is any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. It’s important that an incident response policy establish at least the following items: Outside agencies that should be contacted or notified in case of an incident Resources used to deal with an incident Procedures to gather and secure evidence List of information that should be collected about an incident Outside experts who can be used to address issues if needed Policies and guidelines regarding how to handle an incident
Since the spec sheet has been marked Internal Proprietary Information the user should refer the incident to the incident response team.