Security Threats
Authentication
Data Encryption 1
Data Encryption 2
Device Security
100

What is the best countermeasure against social engineering? 

Acceptable use policy 

User awareness training

Access auditing 

Strong passwords

User awareness training

100

Which of the following security measures is a form of biometrics? 

Fingerprint scanner 

Chassis intrusion detection 

TPM 

BIOS password

Fingerprint scanner 

100

Which Internet protocol is used to transmit encrypted data? 

DNS 

HTTPS 

FTP 

HTTP

HTTPS

100

A user has opened a web browser and accessed a website where they are creating an account. The registration page is asking the user for their username (email address) and a password. The user looks at the URL and the protocol being used is HTTP. Which of the following describes how the data will be transmitted from the webpage to the webserver? 

WPA2 encryption 

Cipher text 

Plain text 

AES encrypted message

Plain text 

100

Which of the following components of a successful access control framework is the process of proving that you are who you say you are? 

Accounting 

Access control 

Authorization 

Authentication

Authentication

200

Which of the following is a common form of social engineering attack? 

Stealing the key card of an employee and using that to enter a secured building. 

Using a sniffer to capture network traffic. 

Hoax virus information emails. 

Distributing false information about your organization's financial status.

Hoax virus information emails. 

200

Which of the following is not a form of biometrics? 

Smart card 

Face recognition 

Retina scan 

Fingerprint

Smart card 

200

Which of the following protocols can be enabled so email is encrypted on a mobile device? 

IMAP 

SMTP 

SSL 

POP3

SSL

200

An accountant needs to send an email with sensitive information to a client and wants to prevent someone from reading the email if it is intercepted in transit. The client's email system does not allow them to receive attachments due to their company security policies. Which of the following should the accountant use to send the email? 

Cipher text 

File level encryption 

Plain text 

Host-based firewall

Cipher text

200

Which of the following would best prevent an unauthorized person from remotely accessing your computer? 

Lockdown device 

Anti-spam software 

Firewall 

Anti-malware software

Firewall 

300

Mark received an email from a software company claiming his account will be disabled soon. The email contains several spelling errors, an attachment, and states he should open the attachment for further instructions. What should Mark do? 

Forward the email to a friend and ask for advice.

 Open the attachment because he has antivirus software installed.

Delete the email without opening the attachment. 

Reply to the sender and ask if the attachment is safe.

Delete the email without opening the attachment. 

300

Your company wants to use multifactor authentication. Which of the following would you most likely suggest? 

Token and smartphone 

PIN and smart card 

Password and passphrase 

Fingerprint and retinal scan

PIN and smart card 

300

A technician is tasked to add a valid certificate to a mobile device so that encrypted emails can be opened. Which of the following email protocols is being used? 

IMAP 

IMEI 

POP3 

S/MIME

S/MIME

300

A small business wants to make sure their wireless network is using the strongest encryption to prevent unauthorized access. Which of the following wireless encryption standards should be used? 

WPS 

WEP 

WPA2 

WPA

WPA2

300

Unwanted, unsolicited emails containing advertisements, political rhetoric, hoaxes, or scams are collectively known as _________. 

Bloatware 

Illegal messages 

Spam 

Cookies

Spam 

400

Which of the following describes a Man-in-the-Middle attack? 

A person over the phone convinces an employee to reveal their logon credentials.

An attacker intercepts communications between two network hosts by impersonating each host.

An IP packet is constructed which is larger than the valid size.

Malicious code is planted on a system where it waits for a triggering event before activating.

An attacker intercepts communications between two network hosts by impersonating each host.

400

Which of the following access controls gives only backup administrators access to all servers on the network? 

Mandatory 

Discretionary 

Authorization 

Role-based

Role-based

400

While configuring a wireless access point device, a technician is presented with several security mode options. Which of the following options will provide the most secure access? 

WPA2 and AES 

WPA and AES 

WPA2 and TKIP 

WPA and TKIP 

WEP 128

WPA2 and AES 

400

The CEO of a small business travels extensively and is worried about having the information on their laptop stolen if the laptop is lost or stolen. Which of the following would BEST protect the data from being compromised if the laptop is lost or stolen? 

Complex password 

Anti-theft lock 

Anti-malware 

Full disk encryption

Full disk encryption

400

Why is it better to use a credit card than a debit card for online purchases? 

Credit cards keep track of all your transactions 

Credit cards have better fraud protection 

Credit cards have better interest rates 

Debit cards require you to pay additional fees

Credit cards have better fraud protection 

500

You work for a company that offers their services through the Internet. Therefore, it is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can't access your website. After doing a little research, you have determined that you are a victim of a denial-of-service attack. As a first responder, which of the following is the next BEST step to perform? 

Hire a forensic team to gather evidence. 

Contain the problem. 

Prevent such an incident from occurring again. 

Investigate how the attack occurred.

Contain the problem. 

500

Your company has surveillance cameras in your office, uses strong authentication protocols, and requires biometric factors for access control. These are all examples of what principle? 

Authentication 

Authorization 

Non-repudiation 

Integrity

Non-repudiation 

500

A technician is tasked to configure a mobile device to connect securely to the company network when the device is used at offsite locations where only internet connectivity is available. Which of the following should the technician configure? 

VPN 

IMAP 

Bluetooth 

Hotspot

VPN

500

Gloria is concerned that her online banking transactions could be intercepted if she uses public WiFi. Which of the following could she use to prevent access to her online transactions? 

Mandatory Access Control (MAC) 

VPN 

Multifactor authentication 

Single sign-on

VPN 

500

The password policy below incorporates the following: 

Passwords must include at least one capital letter

 Passwords must include a mix of letters and numbers 

Passwords must be different from the past eight passwords 

Passwords must contain at least one non-alphanumeric character 

Which of the following password best practices are being used? (Select TWO). 

Password length 

Password history 

Password age 

Password lockout 

Password complexity 

Password expiration

Password history 

Password complexity