Best Practices
SecurityTechnologies
Ports and Protocols
Attacks
Cryptography
100
A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to best achieve this? A. Command Shell Restrictions B. Restricted Interface C. Warning Banners D. Session Outpipe to dev/null
What is C. Warning Banners
100
Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following best describes these results? A. True Negatives B. True Positives C. False Positives D. False Negatives
What is C. False Positives
100
A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default? A. 20 B. 21 C. 22 D. 23
What is B. 21
100
Which of the following defines when Pete, an attacker, attempts to monitor wireless traffic in order to perform malicious activities? A. XSS (Cross Site Scripting) B. SQL Injection C. Directory traversal D. Packet sniffing
What is D. Packet Sniffing
100
Which of the following is used to ensure message integrity during a TLS transmission? A. RIPEMD B. RSA C. AES D. HMAC
What is D. HMAC
200
Which of the following best practices makes a wireless network more hard to find? A. Implement MAC filtering B. Use WPA-2 PSK C. Disable SSID Broadcast D. Power down unused WAPs
What is C. Disable SSID Broadcast
200
In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access? (Select 2) A. Subnetting B. NAT C. Firewall D. NAC E. VPN
What is C. Firewall and D. VPN
200
Pete needs to open ports on the firewall to ensure secure transmission of files. Which of the following ports should be opened on the firewall? A. TCP 23 B. UDP 69 C. TCP 22 D. TCP 21
What is C. TCP 22
200
Which of the following only uses a private key? A. RSA B. ECC C. AES D. SHA
What is C. AES
300
Which of the following can result in significant administrative overhead from incorrect reporting? A. Job Rotation B. Acceptable Use Policy C. False Positives D. Mandatory Vacations
What is C. False Positives
300
Which of the following MOST interferes with network-based detection techniques? A. Mime-encoding B. SSL C. FTP D. Anonymous email accounts
What is B. SSL
300
The IEEE standard that defines port-based security for wireless network access control is: A. 802.1q B. 802.1x C. 802.1r D. 802.1d
What is 802.1x
300
Pete, a security administrator, has implemented SSH across all network infrastructure devices in the enterprise. Which of the following protocols will be used to exchange keying material within SSH? A. Transport layer protocol B. IPSec C. Diffie-Hellman D. Secure socket layer
What is C. Diffie-Hellman
400
Pete, a security administrator, has been informed that the development team has plans to develop an application which does not meet the company's policy password. What should he do? A. Contact the CISO and ask them to change the company password policy so the app is compliant B. Tell the application development manager to code the application to adhere to the company password policy C. Ask the development manager to submit a risk acceptance request D. Inform the CISO of non-adherence to the security policy so that the developers can be reprimanded
What is B. Tell the application development manager to code the application to adhere to the company password policy
400
Which of the following would most likely have a DMZ interface? A. Firewall B. Switch C. Load Balancer D. Proxy
What is A. Firewall
400
A technician cannot remotely manage a server. What ports need to be open for remote server management? A. 22 B. 135 C. 137 D. 143 E. 443 F. 3389
What is A. 22 and F. 3389
400
A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally, the system must support 3DS Wireless encryption. Which of the following should be implemented? A. WPA2-CCMP with 802.1x B. WPA2-PSK C. WPA2-CCMP D. WPA2-Enterprise
What is D. WPA2-Enterprise
500
Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented? A. Least Privilege B. Job Rotation C. Mandatory Vacations D. Separation of Duties
What is B. Job Rotation
500
An ACL placed on which of the following ports would block IMAP traffic? A. 110 B. 143 C. 389 D. 465
What is B. 143
500
A security administrator must implement a network authentication solution that will ensure encryption of user credentials when users enter their username or password to authenticate to the network. Which of the following should the administrator implement? A. WPA2 over EAP-TTLS B. WPA-PSK C. WPA2 with WPS D. WEP over EAP-PEAP
What is D. WEP over EAP-PEAP
M
e
n
u