1. A centralized directory of digital certificates is called a(n)   Certificate Repository (CR)
2. A digital certificate associates   the user’s identity with his public key
3. A mail gateway can have many functions. Which choice is NOT one of those functions?   Require full tunnel
4. A replay attack _____.   makes a copy of the transmission for use at a later time
5. A replay attack is a variation of this attack type   MITM
6. A security administrator wants to empty the DNS cache after a suspected attack that may have corrupted the DNS server. The server has been repaired, however it is feared that DNS entries may remain in client computer caches. Which of the following tools can be used to flush the DNS cache on a Windows client?   IPCONFIG
7. Aideen sent an email to her supervisor explaining the Domain Name System Security Extensions (DNSSEC). Which of the following statements would Aideen have NOT included in her email?   It can prevent a DNS transfer attack
8. An attacker who manipulates the maximum size of an integer type would be performing what kind of attack?   integer overflow
9. An entity that issues digital certificates is a _______________.   Certificate Authority (CA)
10. are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity      Session keys
11. Attackers who register domain names that are similar to legitimate domain names are performing _____.    URL hijacking
12. Both DNS poisoning and ARP poisoning involves:    Spoofing
13. Catriona needed to monitor network traffic. She did not have the resources to install an additional device on the network. Which of the following solutions would meet her needs?  Port mirroring
14. Considering the implications of virtual servers on a host, what poses the greatest threat to them?   Hypervisor compromise
15. Digital certificates can be used for each of these EXCEPT   to verify the authenticity of the Registration Authorizer
16. DNS poisoning _____.    substitutes DNS addresses so that the computer is automatically redirected to another device
17. DNSSEC adds additional _____ and message header information, which can be used to verify that the requested data has not been altered in transmission.  resource records
18. Francisco was asked by a student intern to explain the danger of a MAC flooding attack on a switch. What would Francisco say?  Once the MAC address table is full the switch functions like a network hub.
19. How does network address translation (NAT) improve security?   It discards unsolicited packets.
20. In which of the following configurations are all the load balancers always active?  Active-active
21. is a protocol for securely accessing a remote computer  Secure Shell (SSH)
22. Isabella is a security support manager for a large enterprise. In a recent meeting, she was asked which of the standard networking devices already present on the network could be configured to supplement the specific network security hardware devices that were recently purchased. Which of these standard networking devices would Isabella recommend?  Router
23. John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing?   XSS
24. Kyle asked his supervisor which type of computing model was used when the enterprise first started. She explained that the organization purchased all the hardware and software necessary to run the company. What type of model was she describing to Kyle?  On-premises
25. Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about?   Privilege escalation
26. Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect?   Host table and external DNS server
27. One way to secure data is through Data Loss Prevention (DLP). Which of the choices is not a data type protected by DLP?   Data-to-disclose
28. Packet sniffing can be helpful in detecting rogues   True
29. Public key infrastructure (PKI)    is the management of digital certificates
30. Raul was asked to configure the VPN to preserve bandwidth. Which configuration would he choose?    Split tunnel
31. refers to a situation in which keys are managed by a third party, such as a trusted CA    Key escrow
32. Sebastian was explaining to his supervisor why the enterprise needed to implement port security. His supervisor asked what security action a flood guard could do when a MAC flooding attack occurred. Which of the following was NOT an answer that was given by Sebastian?   Cause the device to enter a fail-open mode.
33. SNMP uses which port by default?  161
34. The strongest technology that would assure Alice that Bob is the sender of a message is a(n)   digital certificate
35. To achieve server scalability, more servers may be added to a configuration and make use of:   Load balancers
36. To increase fault-tolerance, the security administrator for Corp.com has installed an active/passive firewall cluster where the second firewall is held in reserve in case of primary firewall failure. Stateful firewall inspection is being used in the firewall implementation. There have been numerous reports of dropped connections with external clients.   Inbound packets are traversing the active firewall and return traffic is being sent through the passive firewall
37. What attack involves impersonating another device?   Spoofing
38. What can be deployed to intercept and log network traffic passing through the network?   protocol analyzers
39. What functions of a switch does a software defined network separate?   Control plane and physical plane
40. What hardware based solutions are measures for fault tolerance? (Choose all that apply.)  RAID, Clustering, and Load balancing
41. What is a session token?   a random string assigned by a web server
42. What is the basis of an SQL injection attack?   to insert SQL statements through unfiltered user input
43. What is the difference between a DoS and a DDoS attack?   DoS attacks use fewer computers than DDoS attacks
44. What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)?  A NIPS can take actions more quickly to combat an attack.
45. What is the recommended secure protocol for voice and video applications?  Secure Real-time Transport Protocol (SRTP)
46. What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another?  privilege escalation
47. What type of attack intercepts legitimate communication and forges a fictitious response to the sender?    MITM
48. What type of attack involves manipulating third-party ad networks?    Malvertising
49. When defining data policies, what areas or issues must be covered? (Select FOUR)   Disposing, Retention, Wiping, Storage
50. When preparing a cloud computer security solution for your organization, you implement a “gatekeeper” to guarantee your security policies. Which choice correctly identifies this method of policy enforcement?    CASB (Cloud access security broker)
51. Which action cannot be performed through a successful SQL injection attack?   reformat the web application server’s hard drive
52. Which application stores the user’s desktop inside a virtual machine that resides on a server and is accessible from multiple locations?   VDI
53. Which attack intercepts communications between a web browser and the underlying computer?   man-in-the-browser (MITB)
54. Which attack uses the user’s web browser settings to impersonate that user?   XSRF
55. Which command is used in testing and troubleshooting DNS servers?   Nslookup
56. Which device intercepts internal user requests and then processes those requests on behalf of the users?   Forward proxy server
57. Which device is connected to a port on a switch in order to receive network traffic?  Passive IDS
58. Which device is easiest for an attacker to take advantage of to capture and analyze packets?   Hub
59. Which device watches for attacks and sounds an alert only when one occurs?   network intrusion detection system (NIDS)
60. Which digital certificate displays the name of the entity behind the website?   Extended Validation (EV) Certificate
61. Which function does an Internet content filter NOT perform?   intrusion detection
62. Which is the most secure type of firewall?  stateful packet filtering
63. Which of the choices identifies an attack that intercepts communications between a browser and the host security system?    MITB
64. Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser?   Plug-ins
65. Which of the following are available protocols for security purposes? (Choose all that apply.)  TLS, SSL, IPSec, SSH
66. Which of the following block ciphers XORs each block of plaintext with the previous block of ciphertext before being encrypted?   Cipher Block Chaining (CBS)
67. Which of the following can protect “data at rest”? (Select FOUR)   Bitlocker, Encrypted file system (EFS), Bitlocker to go, Transparent database encryption(TDE)
68. Which of the following CANNOT be used to hide information about the internal network?   a protocol analyzer
69. Which of the following devices can identify the application that sends packets and then makes decisions about filtering based on it?  application-based firewall
70. Which of the following is a multipurpose security device?   Unified Threat Management
71. Which of the following is NOT a means used by an attacker to do reconnaissance on a network?   Smurf attack
72. Which of the following is NOT a method for strengthening a key?   Variability
73. Which of the following is NOT a service model in cloud computing?   Hardware as a Service (HaaS)
74. Which of the following services only requires a single port be opened on the firewall?   HTTP
75. Which of the following technologies are necessary for implementing USB drive encryption or hard drive encryption? (Choose two that apply)   TPM & HSM
76. Which of these is considered the strongest cryptographic transport protocol?   TLS v1.2
77. Which of these is NOT a DoS attack?   push flood
78. Which of these is NOT part of the certificate life cycle?   Authorization
79. Which of these is NOT used in scheduling a load balancer?   The IP address of the destination packet
80. Which of these is the most secure protocol for transferring files?  SFTP
81. Which of these would NOT be a filtering mechanism found in a firewall ACL rule?   Date
82. Which statement about network address translation (NAT) is true?   It removes private addresses when the packet leaves the network.
83. Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks?    Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
84. Which statement is NOT true regarding hierarchical trust models?   It is designed for use on a large scale. 
85. Which statement regarding a demilitarized zone (DMZ) is NOT true?   It contains servers that are used only by internal network users.
86. Which trust model has multiple CAs, one of which acts as a facilitator?   Bridge
87. Why are extensions, plug-ins, and add-ons considered to be security risks?   They have introduced vulnerabilities in browsers.
88. Ximena noticed that Sofia had created a network bridge on her new laptop between the unsecured wireless network and the organization’s secure intranet. Ximena explained to Sofia the problem associated with setting up the bridge. What did Ximena tell Sofia?   A bridge could permit access to the secure wired network from the unsecured wireless network
89. You are asked to design a VLAN using a Type 1 Hypervisor. Which technology will you use as a base?   Host
90. You are examining the security implications of virtual machines. A condition exists where the virtual machine can potentially harm the host. Which choice describes this?   All
91. You are examining the types of overflow attacks. Which type of attack attempts to store data in RAM that is beyond the fixed-length storage boundaries?   Buffer overflow attacks
92. You are planning to deploy several patches and updates to a virtual server.   Take system snapshot

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG