- A forensic investigator at a crime lab is performing a forensic analysis of a hard drive that was brought in by state troopers. They make a mistake by using the wrong forensic tool during their forensics examination. What should the investigator do?
Document the mistake and workaround the problem.
2. When data is collected for a forensic investigation, what order should be followed?
Order of volatility
3. Along with the forensic investigation effort, the man hours and expense should not be tracked since the costs are always justified regardless, of the actual amount involved.
False
4. For what purpose would it be desired to capture the system image?
So memory analysis can be performed later
5. The forensic investigator at a crime lab will be performing a forensic analysis of a hard drive that was brought in by state troopers. What should be done before performing the analysis?
Capture a system image
6. The security administrator for Corp.com wants to provide wireless access for employees as well as guests. Multiple wireless access points and separate networks for internal users and guests are required. Which of the following should separate each network? (Choose all that apply.)
Security protocols
Channels
SSIDs
7. Which of the following is true concerning vulnerability scanning? (Choose all that apply.)
False positive is possible!
Some scanning attempts may be credentialed while some may be non-credentialed.
Some scanning attempts are intrusive while some are non-intrusive.
8. How is credentialed scanning better than non-credentialed scanning? (Choose all that apply.)
Safer scanning
Customized auditing
Customized auditing
9. Help from a Recovery Agent is necessary when:
The private key is lost by a user.
10. What is the difference between a key escrow and a recovery agent? (Choose all that apply.)
The latter is primarily for helping internal users
The former is primarily for third party access to data
11. Which of the following is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?
MTTR
12. Bria is reviewing the company’s updated personal email policy. Which of the following will she NOT find in it?
Employees should not give out their company email address unless requested.
13. Which of these is NOT a response to risk?
resistance
14. Which policy defines the actions users may perform while accessing systems and networking equipment?
Acceptable use policy
15. Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) represents a risk?
Qualitative risk calculation
16. Which of the following is NOT a security risk of social media sites for users?
Social media sites use popup ads.
17. Bob needs to create an agreement between his company and a third-party organization that demonstrates a “convergence of will” between the parties so that they can work together. Which type of agreement will Bob use?
MOU
18. Which of the following risk control types would use video surveillance systems and barricades to limit access to secure sites?
technical
19. While traveling abroad, Giuseppe needs to use public Internet cafe computers to access the secure network. Which of the following non-persistence tools should he use?
Live boot media
20. Which of the following covers the procedures of managing object authorizations?
Privilege management
21. Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research?
Deterrent control
22. Agnella was asked to create a report that listed the reasons why a contractor should be provided penetration testing authorization. Which of the following would she NOT list in her report?
Access to resources
23. What describes the ability of an enterprise data center to revert to its former size after expanding?
Elasticity
24. What is a collection of suggestions that should be implemented?
Guideline
25. Which of the following threats would be classified as the actions of a hactivist?
External
26. Which of the following is NOT a time employee training should be conducted?
After monthly patch updates.
27. Which statement is NOT something that a security policy must do?
Balance protection with productivity.
28. Which statement does NOT describe a characteristic of a policy?
Policies communicate a unanimous agreement of judgment.
29. For adult learners, which approach is often preferred?
Andragogical
30. Tomassa is asked to determine the expected monetary loss every time a risk occurs. Which formula will she use?
SLE
31. A list of the available nonkeyboard characters can be seen in Windows by opening what utility?
charmap.exe
32. In cryptography, which of the five basic protections ensures that the information is correct and no unauthorized person or malicious software has altered that data?
integrity
33. A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as:
service level agreement
34. What connection technology allows a mobile device with a USB connection to act as either a host or a peripheral used for external media access?
OTG
35. What specific type of hardware card inserts into a web server that contains one or more co-processors to handle SSL/TLS
processing
SSL/TLS accelerator
36. What is the end result of a penetration test?
penetration test report
37. Websites that group individuals and organizations into clusters or groups based on some sort are considered to be what type of networks?
38. Slave devices that are connected to a piconet and are sending transmissions are known as what?
active slave
39. Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?
acceptable use policies
40. The use of what item below involves the creation of a large pre-generated data set of candidate digests?
rainbow tables
41. What social engineering principal frightens and coerces a victim by using threats?
intimidation
42. What can be used to increase the strength of hashed passwords?
salt
43. The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?
threat modeling
44. After the DES cipher was broken and no longer considered secure, what encryption algorithm was made as its successor?
3DES
45. What device operates at the Network Layer (layer 3) of the OSI model and forwards packets across computer networks?
router
46. What describes an agreement between two or more parties and demonstrates a “convergence of will” between the parties
so that they can work together?
MOU
47. How can a network of physical devices be grouped into logical units, regardless of what network switches they may be connected to?
VLAN
48. What are the two types of cross-site attacks? (Choose all that apply.)
cross-site request forgery attacks
cross-site scripting attacks
49. What term best describes when cryptography is applied to entire disks instead of individual files or groups of files?
full disk encryption
50. On and SDN network, what specific unit gives traffic the permission to flow through the network?
SDN controller
51. What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?
Mandatory Access Control
52. Select the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users.
Kerberos
53. A metallic enclosure that prevents the entry or escape of an electromagnetic field is known as a:
Faraday cage
54. In Microsoft Windows, what type of templates are a collection of security configuration settings?
security
55. Select the device that is designed to exclusively monitor the RF frequency for network transmissions?
dedicated probe
56. The action that is taken by a subject over an object is called a(n):
operation
57. The use of a single authentication credential that is shared across multiple networks is called:
identity management
58. What mobile operating system below requires all applications to be reviewed and approved before they can be made available in the App store?
iOS
59. A port in what state below implies that an application or service assigned to that port is listening for any instructions?
open port
60. Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?
HIPAA
61. Data that is in an unencrypted form is referred to as which of the following?
cleartext
62. What is the name for a cumulative package of all patches and hot-fixes as well as additional features up to a given point?
service pack
63. During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
authentication request
64. The use of one authentication credential to access multiple accounts or applications is referred to as which of the following?
single Sign On
65. User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
orphaned
66. What PIN is considered to be the most commonly used PIN?
1234
67. What social engineering principal convinces a victim an immediate action is needed?
urgency
68. Piconets in which connections exist between different piconets are known as which of the following terms?
scatternet
69. What is a value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest?
salt
70. Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?
RADIUS
71. A computer that uses SSD drives and is smaller than a standard notebook is an example of what type of a portable computer?
subnotebook
72. What publicly released software security update is intended to repair a vulnerability?
patch
73. Multiple sectors on a disk, when combined, are referred to as a:
cluster
74. What is a block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits?
Blowfish
75. What dedicated hardware device aggregates hundreds or thousands of VPN connections?
VPN concentrator
76. What process does a penetration tester rely on to access an ever higher level of resources?
persistence
77. What kind of biometrics utilizes a person’s unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person’s face?
standard biometrics
78. If Bob receives an encrypted reply message from Alice, whose private key is used to decrypt the received message?
Bob’s private key.
79. A location that has all the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data, is an example of a:
warm site
80. At what stage can a certificate no longer be used for any type of authentication?
expiration
81. What process addresses how long data must be kept and how it is to be secured?
data retention
82. During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?
port scanner
83. The Authentication Header (AH) protocol is a part of what encryption protocol suite below?
IPSec
84. What federation system technology uses federation standards to provide SSO and exchanging attributes?
Shibboleth
85. Select the vulnerability scan type that will use only the available information to hypothesize the status of the vulnerability.
non-intrusive
86. Select the technology that can be used to examine content through application-level filtering.
Web security gateway
Session hijacking
88. What cryptographic method, first proposed in the mid-1980s, makes use of sloping curves instead of large prime numbers?
ECC
89. What device acts like a wireless base station in a network, acting as a bridge between wireless and wired networks?
access Point
90. Select the EAP protocol that uses digital certificates for authentication?
EAP-TLS
91. What protocol can be used by a host on a network to find the MAC address of another device based on an IP address?
ARP
92. What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor?
domain hijacking
93. If using the MD5 hashing algorithm, what is the length to which each message is padded?
512 bits
94. One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name for this technique?
Swiss cheese
95. Malware that locks or prevents a device from functioning properly until a fee has been paid is known as:
ransomware
96. Select the option that best describes a policy:
A document that outlines specific requirements or rules that must be met
97. What are the planes used to allow SDN to virtualize parts of the physical network so that it can be more quickly and easily reconfigured? (Choose all that apply.)
data plane
control plane
98. What security concept states a user should only be given the minimum set of permissions required to perform necessary tasks?
least functionality
99. If a penetration tester has gained access to a network and then tries to move around inside the network to other resources, what procedure is the tester performing?
pivot
100. Select the security tool that is an inventory of applications and associated components that have been pre-approved and authorized to be active and present on the device?
application whitelist
101. Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates:
Certification Authority
102. Select the XML standard that allows secure web domains to exchange user authentication and authorization data and is used extensively for online e-commerce transactions.
SAML
103. What data unit is associated with the Open Systems Interconnection layer four?
segment
104. How is the coverage area for a cellular telephony network usually divided in a typical city?
Hexagon shaped cells.
105. What software methodology includes security automation?
Secure DevOps
106. What can be defined as the planning, coordination, and communications functions that are needed to resolve an incident in an efficient manner?
incident handling
107. What control is designed to identify any threat that has reached the system?
detective control
108. What is the name of an instruction that interrupts a program being executed and requests a service from the operating system?
system call
109. If a network is completely isolated by an air gap from all other outside networks it is using what type of configuration?
physical network segregation
110. Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year?
$1,500,000
111. What hardware component can be inserted into a web server that contains one or more co-processors to handle SSL/TLS processing?
SSL/TLS accelerator
112. In information security, which of the following is an example of a threat actor?
all of the above
113. A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as?
Certificate practice statement (CPS)
114. What alternative term can be used to describe asymmetric cryptographic algorithms?
public key cryptography
115. In what type of cluster does every server perform useful work so that if one fails, the remaining servers take on the additional load?
symmetric server
116. A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:
password
117. In what type of cloud computing does the customer have some control over the operating systems, storage, and their installed applications?
Infrastructure as a Service
118. DNS poisoning can be prevented using the latest edition of what software below?
BIND
119. What is the term for a network set up with intentional vulnerabilities?
honeynet
120. What common method is used to ensure the security and integrity of a root CA?
Keep it in an offline state from the network.
121. Select the proprietary wireless network technology that is used primarily by sensors for communicating data.
ANT
122. An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?
closed port
123. How many different Microsoft Windows file types can be infected with a virus?
70
124. A web server must be accessible to untrusted outside users. What can be done to isolate this host and any additional hosts with similar requirements from more secured hosts on a network?
Create a DMZ, add necessary hosts.
125. Mobile devices with global positioning system (GPS) abilities typically make use of:
location services
126. The management in your corporate office needs to group users on the network together logically even though they are attached to separate network switches. How can this be done?
Create a VLAN and add the users’ computers / ports to the correct VLAN
127. A snapshot of the current state of a computer that contains all current settings and data is known as what option below:
system image
128. What encryption protocol is used for WPA2?
CCMP
129. What specific type of authentication can be based on where the user is located?
geolocation
130. A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as:
A macro
131. Due to the potential impact of changes that can affect all users in an organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?
change management team
132. The process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient, is known as:
business continuity planning
133. Select the option that best describes an asset:
any item that has a positive economic value
134. What option below represents an example of behavioral biometrics?
keystroke dynamics
135. A framework for all of the entities involved in digital certificates for digital certificate management is known as:
public key infrastructure
136. Select the item that is not considered to be a basic characteristic of mobile devices.
A removable media storage.
137. Select the term used to describe tracking software that is deployed without the consent or control of the user.
spyware
138. The goal of redundancy is to reduce what variable?
mean time to recovery
139. What monitors emails for spam and other unwanted content to prevent these messages from being delivered?
mail gateway
140. What is the maximum number of characters that can exist within a SSID name?
32
141. What criteria must be met for an XXS attack to occur on a specific website?
The website must accept user input without validating it and use that input in a response.
142. What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks, and each block is then encrypted separately?
Electronic Code Book
143. What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?
TACACS
144. What class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period?
Advanced Persistent Threat
145. The SHA-1 hashing algorithm creates a digest that is how many bits in length?
160 bits
146. A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:
Common Access Card (CAC)
147. A virus that infects an executable program file is known as?
program virus
148. A spiked collar that extends horizontally for up to 3 feet from the pole is an example of what kind of technology?
Anti-climb
149. What data unit is associated with the Open Systems Interconnection layer two?
frame
150. A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
ACL
151. The process by which keys are managed by a third party, such as a trusted CA, is known as?
key escrow
152. What process describes using technology as a basis for controlling the access and usage of sensitive data?
technical controls
153. A collection of suggestions that should be implemented is referred to as a:
guideline
154. If a network administrator needs to configure a switch to copy traffic that occurs on some or all ports to a designated monitoring port on the switch, what switch technology will need to be supported?
port mirroring
155. What language below is used to view and manipulate data that is stored in a relational database?
SQL
156. At what level of the OSI model does the IP protocol function?
Network Layer
157. The Temporal Key Integrity Protocol (TKIP) encryption technology uses a MIC value that is what length?
64 bits
158. A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as which of the following terms?
Bluesnarfing
159. To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack?
Love Bug
160. Choose the SQL injection statement example below that could be used to find specific users:
whatever’ OR full_name LIKE ‘%Mia%’
161. What federated identity management (FIM) relies on token credentials?
OAuth
162. What is another term used for a security weakness?
vulnerability
163. What specific science discipline do most social engineering attacks rely on when they are being used?
psychology
164. How could an administrator initially manage applications on mobile devices using a technique called “app wrapping?”
Mobile Application Management
165. To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?
account expiration
166. Select the term that best describes automated attack software?
open-source intelligence
167. An independently rotating large cup affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it. What is the name for this technology?
roller barrier
168. A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology below?
Stateful packet filtering
169. Select the TCP/IP protocol that resolves a symbolic name to its corresponding IP address using a database consisting of an organized hierarchy tree.
DNS
170. An attack that takes advantage of the procedures for initiating a session is known as what type of attack?
SYN flood attack
171. What specific process in application development removes a resource that is no longer needed?
deprovisioning
172. What kind of software program delivers advertising content in a manner that is unexpected and unwanted by the user, and is typically included in malware?
adware
173. A user or a process functioning on behalf of the user that attempts to access an object is known as the:
subject
174. If a user has more than one type of authentication credential, what type of authentication is being used?
multifactor authentication
175. Using technology to search for computer evidence of a crime in order to retrieve information, even if it has been altered or erased, that can be used in pursuit of an attacker or criminal is an example of:
computer forensics
176. An early networking device that functioned at layer 1 of the OSI model and added devices to a single segment is known as which of the following choices?
hub
177. In which type of encryption is the same key used to encrypt and decrypt data?
symmetric
178. How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?
DNS poisoning
179. The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
DAP
180. Select the EAP protocol supported by WPA2 Enterprise that securely tunnels any credential form for authentication using TLS.
EAP-FAST
181. A Wi-Fi enabled microSD card is an example of what type of device?
SDIO
182. What term best describes any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational groups or clandestine agents?
cyberterrorism
183. In what kind of attack can attackers make use of millions of computers under their control in an attack against a single server or network?
distributed
184. What kind of networking device forwards packets across different computer networks by reading destination addresses?
router
185. According to the U.S. Bureau of Labor Statistics, what percentage of growth for information security analysts is the available job outlook supposed to reach through 2024?
18
186. What specific type of phishing attack uses the telephone to target a victim?
vishing
187. What information security position reports to the CISO and supervises technicians, administrators, and security staff?
security manager
188. Select the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.
integrity
189. Select the email protocols that are not secure? (Choose all that apply.)
IMAP
POP
190. If a user uses the operating system’s “delete” command to erase data, what type of data removal procedure was used?
purging
191. What block cipher mode of operation encrypts plaintext and computes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission?
Galois/Counter
192. What allows an application to implement an encryption algorithm for execution?
crypto service providers
193. Select below the type of malware that appears to have a legitimate use, but contains something malicious:
Trojan
194. What level of security access should a computer user have to do their job?
least amount
195. What is the main weakness associated with the use of passwords?
human memory
196. What is the name of the process that basically takes a snapshot of the current security of an organization?
vulnerability appraisal
197. A QR code can’t contain which of the following items directly?
A video.
198. Anti-virus products typically utilize what type of virus scanning analysis?
Static analysis
199. What can be enabled to prevent a mobile device from being used until a user enters the correct passcode, such as a pin or password?
Enable a lock screen
200. Select the specific type of interview that is usually conducted when an employee leaves the company?
exit interview
201. Bluetooth is an example of what type of technology below?
Personal Area Network
202. How can an area be made secure from a non-secured area via two interlocking doors to a small room?
Using a mantrap
203. An administrator needs to examine FTP commands that are being passed to a server. What port should the administrator be monitoring?
21
204. What term below is used to describe the process of gathering information for an attack by relying on the weaknesses of individuals?
social engineering
205. What is the U.S. federal government standard for digital signatures?
Digital Signature Algorithm
206. An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point?
rogue
207. Select below the type of cluster where standby server exists only to take over for another server in the event of its failure.
asymmetric server
208. What cryptographic transport algorithm is considered to be significantly more secure than SSL?
TLS
209. A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as which of the following?
separation of duties
210. What is the name for an image that consists of an evidence-grade backup because its accuracy meets evidence standards?
mirror image
211. An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?
protocol analyzer
212. The exchange of information among DNS servers regarding configured zones is known as:
zone transfer
213. An administrator has two servers that host the same web content, but only one server is utilized at a given time. What can be configured that can help to evenly distribute work across the network, and make use of both servers in a manner that is transparent to the end users?
Load balancing
214. What is the name of a computer or application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user?
forward proxy server
215. Select the option that represents a wearable technology.
Google Glass
216. In information security, what can constitute a loss?
all of the above
217. Most portable devices, and some computer monitors have a special steel bracket security slot built into the case, which can be used in conjunction with a:
cable lock
218. Select the computing device that uses a limited version of an operating system and uses a web browser with an integrated media player.
web-based
219. If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known web site in order for the attacker to gain Web traffic to generate income, what type of attack are they using?
URL hijacking
220. What is the maximum range of most Bluetooth 5 devices?
800 ft
221. What specific ways can a session token be transmitted? (Choose all that apply.)
In the header of the HTTP requisition.
In the URL.
222. Select the secure alternative to the telnet protocol:
SSH
223. How can an administrator keep devices powered when power is interrupted?
uninterruptible power supply
224. What type of attack is targeted against a smaller group of specific individuals, such as the major executives working for a manufacturing company?
watering hole
225. A written document that states how an organization plans to protect the company’s information technology assets is a:
security policy
226. What technology uses a chip on the motherboard of the computer to provide cryptographic services?
TPM
227. The simplest type of stream cipher, one in which one letter or character is exchanged for another, is known as what?
substitution
228. Authentication for WPA Personal is accomplished by using what type of key?
PSK
229. What security standard was introduced in conjunction with UEFI?
Secure Boot
Other Links:
See other websites for quiz:
Check on QUIZLET