A set of programs provide a hacker with administrator access to a computer that cannot be detected through normal means.
What is the BEST description of this threat? 

A. Rootkit
B. Backdoor
C. Xmas attack
D. Armored virus

A security administrator must implement a system to ensure that invalid certificates are not used by a custom developed application. The system must be able to check the validity of certificates even when internet access is unavailable. Which of the following MUST be implemented to support this requirement?
A. CSR

 B. OCSP 

C. CRL 

D. SSH

 A physical security deterrent used to protect a computer

Which of the following threat actors is MOST likely to steal a company's proprietary information to gain a market edge and reduce time to market?
A. Competitor

B. Hacktivist 

C. Insider 

D. Organized crime

A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation.  Given these requirements, which of the following technologies should the analyst recommend and configure?
  A. LDAP services

 B. Kerberos service

 C. NTLM services

 D.  CHAP services

An attacker is attempting to hack into a secure server. An insider provides the attacker with a file containing the server's hashed passwords. Company guidelines recommend using multiple word passwords.
Which type of attack would be used to most quickly find passwords in the hashed password file?

A. Dictionary attack
B. Birthday attack
C. Brute force attack
D. Rainbow table attac

A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls. Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Select Three)
A. Password complexity policies 

B. Hardware tokens 

C. Biometric systems 

D. Role-based permissions 

E. One time passwords 

F. Separation of duties 

G. Multifactor authentication 

H. Single sign-on 

I. Lease privilege

Server room aisles that blow cold air from the floor.

 A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. Commonly sent via email.

An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment DNSSEC at the organization?

Which security goal is compromised by a DDoS attack?

A. Availability
B. Confidentiality
C. Nonrepudiation
D. Integrit

Which of the following is the LEAST secure hashing algorithm?
A. SHA1 

B. RIPEMD 

C. MD5 

D. DES

Pretending to be another person to gain information.

An attack that uses others by deceiving them. It does not directly target hardware or software, but instead it targets and manipulates people

Ann, an employee in the payroll department, has contacted the help desk citing multiple issues with her device, including:
Slow performance Word documents, PDFs, and images no longer opening A pop-up
Ann states the issues began after she opened an invoice that a vendor emailed to her. Upon opening the invoice, she had to click several security warnings to view it in her wordprocessor.  With which of the following is the device MOST likely infected?

A. Spyware

B. Crypto-malware

C. Rootkit 

D.  Backdoor

Which two types of attacks rely mainly on the attacker seeming to be familiar to the victim for their effectiveness? (Choose two)

A. Pharming
B. Spear phishing
C. Whaling
D. Tailgating

A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Select TWO.)
A. Escrowed keys 

B. SSL symmetric encryption key 

C. Software code private key 

D. Remote server public key 

E. OCSP

 Processes or actions used to respond to situations or events

 Typically, an email message warning of something that isn’t true, such as an outbreak of a new virus. A hoax can send users into a panic and cause more harm than the virus.

A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST
secure environment?

A. A perimeter firewall and IDS 

B. An air gapped compiler network

C. A honeypot residing in a DMZ 

D. An ad hoc network with NAT

 E. A bastion host

You are working on a confidential report in a crowded airport terminal. You are not connected to the airport's Wi-Fi hotspot.
What type of attack is most likely to occur?

A. NFC
B. Shoulder surfing
C. Quid pro quo
D. Man-in-the-middle

You receive a direct message from a friend on a social network. The message tells you about an offer to receive a $100 gift card if you are one of the first 25 to respond to a survey. You click the link and become infected with malware.
Which two attack principles contribute to the effectiveness of this attack? (Choose two)

A. Consensus
B. Authority
C. Intimidation
D. Scarcity
E. Trust

 Looking through trash for clues—often in the form of paper scraps—to find users’ passwords and other pertinent information.

Combining phishing with Voice over IP (VoIP

An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?
A. False negative

 B. True negative 

C. False positive

D. True positive