Security Plus Exam

Buy all answers and get CERTIFIED IMMEDIATELY

* Questions last updated on December 15, 2017

Watch the video to get a free study guide with 3 free answers

1) Purchasing receives a phone call from a vendor asking for payment over the phone. The phone number displayed on the Caller ID matches the vendor's number. When the purchasing agent asks to call the vendor back, they are given a different phone number with a different area code. Which of the Following attack types is this?
A) Hoax
B) Impersonation
C) Spear Phishing
D) Whaling

2) A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of hex character 90 (x90). Which of the following attack types has occurred?
A) Buffer Overflow
B) Cross-site scripting
C) XML injection
D) SQL injection

3) Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?
A) Vulnerability scanning
B) Port scanning
C) Penetration testing
D) Black box testing

4) One of the most consistently reported software security vulnerabilities that leads to major exploits is:
A) Lack of malware detection
B) Attack surface decrease
C) Inadequate network hardening
D) Poor input validation

5) Which of the following security architecture elements also has sniffer functionality? (Select TWO)

6) A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive?
A) cp /dev/sda /dev/sdb bs=8k
B) tail -f /dev/sda > /dev/sdb bs=8k
C) dd if=/dev/sda of=/dev/sdb bs=4k
D) locate /dev/sda /dev/sdb bs=4k

7) A user reports being unable to access a file on a network sharThe security administrator determines that the file is marked confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented?
A) Mandatory Access Control
B) Discretionary access control
C) Rule based access control
D) Role based access control

8) The CTO has tasked the Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?
A) Lessons Learned
B) Eradication
C) Recovery
D) Preparation

9) Joe, the security administrator, has determined that one of his web servers is under attack. Which of the following can help him determine where the attack originated from?
A) Capture system image
B) Record time offset
C) Screen shots
D) Network sniffing

10) After a Security breach, the security administrator performs a wireless site survey of the corporate network and notices a problem with the following output:

00:10:A1:36:12:CC MYCORP WPA2 CCMP 60 1202
00:10:A1:49:FC:37 MYCORP WPA2 CCMP 70 9102
FB:90:11:42FA:99 MYCORP WPA2 CCMP 40 3031
00:10:A1:AA:BB:CC MYCORP WPA2 CCMP 55 2021
00:10:A1:FA:B1:07 MYCORP WPA2 CCMP 30 6044

Given that the corporate network has been standardized what kind of attack is underway?
A) Evil Twin
B) IV attack
C) Rogue AP

11) An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?
A) Implement IIS hardening by restricting service accounts
B) Implement database hardening by applying vendor guidelines
C) Implement perimeter firewall rules to restrict access
D) Implement OS hardening by appyling GPOs

12) Which of the following offers the LEAST secure encryption capabilities?
A) TwoFish

13) An administrator has successfully implemented SSL on using wildcard certificate *, and now wishes to implement SSL on Which of the following files should be copied from srvr4 to accomplish this task?
A) Certificate, private key, and intermediate certificate chain
B) Certificate, intermediate certificate chain, and root certificate
C) Certificate, root certificate, and CSR
D) Certificate, public key, and CSR

14) Which of the following protocols operates at the HIGHEST level of the OSI model?
B) IPSec

15) A company's legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO)
A) IPv6
C) IPsec
E) IPv4

16) A user has unknowingly gone to a fraudulent sitThe security analyst notices the following system changes on the user's host file: Old 'host' file: localhost New hosts file: localhost Which of the following attacks has taken place?
A) Spear fishing
B) Pharming
C) Phishing
D) Vishing

17) Which of the following would the security engineer set as the subnet mask for the server below to utilize host addresses on separate broadcast domains? Server 1: 192. 168. 100. 6 Server 2: 192. 168. 100. 9 Server 3: 192. 168. 100. 20
A) /24
B) /27
C) /28
D) /29
E) /30

18) A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO)
A) 22
B) 161
C) 1723
D) 443
E) 67
F) 3389

19) A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?
A) Replay
C) Smurf
D) Ping of Death

20) A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simpliest upgrade to the terminals which will improve in-transit protection of transactional data?
C) RC4

21) On Monday all company employees report being unable to connect to the corporate wireless network which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure and that there are no outages. Which of the following is the MOST likely cause for this issue?
A) Too many incorrect authentication attempts have caused users to be temporarily disabled.
B) The DNS server is overwhelmed and unable to respond to queries
C) The company IDS detected a wireless attack and disabled the wireless network
D) The Remote Authentication Dial-In User server certificate has expired

22) Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?
C) Routers
D) Switches

23) The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote sitWhich of the following would need to be implemented?
A) Implicit Deny
B) VLAN management
C) Port Secuirty
D) Access Control Lists

24) Jane a security administrator needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. Which of the following is an authentication method Jane should use?

25) The help desk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of the incident response process is MOST appropriate as a FIRST response?
A) Recovery
B) Follow-up
C) Validation
D) Identification
E) Eradication
F) Containment

26) Which of the following has a storage root key?

27) A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used?

28) Identifyin residual risk is MOST important to which of the following concepts?
A) Risk deterrence
B) Risk acceptance
C) Risk mitigation
D) Risk avoidance

29) Which of the following ciphers would be BEST used to encrypt streaming video?
B) RC4

30) During the information gather stage of deploying a role-based access control model, which of the following information is MOST likely required?
A) Conditional rules under which certain systems may be accessed
B) Matrix of job titles with required access privileages
C) Clearance levels of all company personnel
D) Normal hours of business operation

31) Which of the following was based on a previous X.500 specification and allows either unencrypted authentication or encrypted authentication through the use of TLS?
A) Kerberos

32) Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?

Host [00:00:01]
Successful Login: 015 local [00:00:03]
Unsuccessful Login: 022 RDP [00:00:04]
Unsuccessful Login: 010 RDP [00:00:07]
Unsuccessful Login: 007 RDP [00:00:08]
Unsuccessful Login: 003 RDP
A) Reporting
C) Monitoring system logs
D) Hardening

33) The incident response team has received the following email message: From: To: Subject: Copyright infringement A copyright infringement was triggered by IP address at 09:50:01 GMT. After reviewing the following web logs for the team is unable to correlate and identify the incident. 09:45:33 / / 10:50:01 / 11:02:45 / of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?
A) The logs are corrupt and no longer forensically sound
B) Traffic logs for the incident are unavailable
C) Chain of Custody was not properly maintained.
D) Incident time offsets were not accounted for

34) A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company's server over a public unencrypted communication channel. Which of the following implements the required secure key negotiation (Select TWO)
B) Symmetric encryption
C) Steganography
E) Diffie-Hellman

35) Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO)
B) MD5
D) Bcrypt

36) A company has several conference rooms with wired network jacks that are used by both the employees and guests. Employees need access to internal resources and guests only need access to the internet. Which of the following combinations is BEST to meet the requirements?
A) NAT and DMZ
B) VPN and IPSec
C) Switches and a firewall
D) 802.1x and VLANs

37) During a recent investigation, an auditor discovered that an engineer's compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. Which of the following is MOST likely to protect the SCADA systems from misuse?
A) Update anti-virus definitions on the SCADA systems
B) Audit accounts on the SCADA systems
C) Install a firewall on the SCADA network
D) Deploy NIPS at the edge of the SCADA network

38) An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in usWhich of the following can be implemented?
A) Cluster tip wiping
B) Individual file encryption
C) Full disk encryption
D) Storage retention

39) Which of the following means of wireless authentication is easily vulnerable to spoofing?
A) MAC Filtering
D) Enabled SSID

40) Which of the following implementation steps would be appropriate for a public wireless hot-spot?
A) Reduce power level
B) Disable SSID broadcast
C) Open system authentication
D) MAC Filter

41) Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?
A) 802.1x
B) Data Encryption
C) Password strength

42) A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?
C) WPA with MAC filtering

43) A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?
B) Subnet

44) Which of the following network design elements allows for many internal devices to share one public IP address?

45) A company determines a need for additional protection from rogue devices plugging into physical ports around the buildinWhich of the following provides the highest degree of protection from unauthorized wired network access?
A) Intrusion Prevention System
B) MAC filtering
C) Flood guards
D) 802.1x

46) Due to hardware limitation, a technician must implement a wireless encryption algorithm that uses the RC4 protocol. Which of the following is a wireless encryption solution that the technician should implement while ensuring the STRONGEST level of security?
B) 802.11ac

47) An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?
A) Install a proxy server between the users' computers and the switch to filter inbound network traffic.
B) Block commonly used ports and forward them to higher and unused port numbers.
C) Configure the switch to allow only traffic from computers based upon their physical address.
D) Install host-based intrusion detection software to monitor incoming DHCP Discover requests.

48) A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).
A) Deny incoming connections to the outside router interface
B) Change the default HTTP port
C) Implement EAP-TLS to establish mutual authentication
D) Disable the physical switch ports
E) Create a server VLAN
F) Create an ACL to access the server

49) An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?
A) Unified Threat Management
B) Virtual Private Network
C) Single sign on
D) Role-based management

50) Which of the following would allow the organization to divide a Class C IP address range into several ranges?
B) Virtual LANs
D) Subnetting

51) A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface. PERMIT TCP ANY ANY 80 PERMIT TCP ANY ANY 443 Which of the following rules would accomplish this task? (Select TWO).
A) Change the firewall default settings so that it implements an implicit deny
B) Apply the current ACL to all interfaces of the firewall
C) Remove the current ACL
D) Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53
E) Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53
F) Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53

52) A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?
A) Change the encryption from TKIP-based to CCMP-based.
B) Set all nearby access points to operate on the same channel.
C) Configure the access point to use WEP instead of WPA2.
D) Enable all access points to broadcast their SSIDs.

53) Sally, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect. Which of the following is MOST likely the reason?
A) The company wireless is using a MAC filter.
B) The company wireless has SSID broadcast disabled.
C) The company wireless is using WEP.
D) The company wireless is using WPA2.

54) A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarteThe DNS services must be the first to be restarteSeveral machines are powered ofAssuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?
A) Bind server
B) Apache server
C) Exchange server
D) RADIUS server

55) A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches. Which of the following will BEST mitigate the risk if implemented on the switches?
A) Spanning tree
B) Flood guards
C) Access control lists
D) Syn flood

56) An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distancWhich of the following antennas would be BEST for this situation?
A) Dipole
B) Yagi
C) Sector
D) Omni

57) A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 22, 25, 445, 1433, 3128, 3389, 6667

Which of the following protocols was used to access the server remotely?

58) An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?
A) SSID broadcast
B) MAC filter
D) Antenna placement

59) A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees' devices are connected?
D) MAC filtering

60) When performing the daily review of the system vulnerability scans of the network Bob, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Bob researches the assigned vulnerability identification number from the vendor website. Bob proceeds with applying the recommended solution for the identified vulnerability. Which of the following is the type of vulnerability described?
A) Network based
C) Signature based
D) Host based

61) While configuring a new access layer switch, the administrator, Bob, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?
A) Log Analysis
B) VLAN Management
C) Network separation
D) 802.1x

62) Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?
A) line vty 0 6 password line vty 7 Qwer++!Y password
B) line console 0 password password line vty 0 4 password line vty 0 3 password Qwer++!Y line vty 4 password
C) line vty 0 3 password Qwer++!Y line vty 4 password
D) line vty 0 3 password Qwer++!Y line console 0 password

63) After entering the following information into a SOHO wireless router, a mobile device's user reports being unable to connect to the network: PERMIT 0A: D1: FB1: 03: 37 DENY 01: 33: 7F: AB: 10: AB Which of the following is preventing the device from connecting?
A) WPA2-PSK requires a supplicant on the mobile device.
B) Hardware address filtering is blocking the device.
C) TCP/IP Port filtering has been implemented on the SOHO router.
D) IP address filtering has disabled the device from connecting.

64) Which of the following MOST interferes with network-based detection techniques?
A) Mime-encoding
D) Anonymous email accounts

65) Thomas, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?
A) Connect the WAP to a different switch.
B) Create a voice VLAN.
C) Create a DMZ.
D) Set the switch ports to 802.1q mode.

66) Which of the following is BEST used as a secure replacement for TELNET?

67) Which of the following is a difference between TFTP and FTP? TFTP is slower than FTP.
A) TFTP is slower than FTP.
B) TFTP is more secure than FTP.
C) TFTP utilizes TCP and FTP uses UDP.
D) TFTP utilizes UDP and FTP uses TCP.

68) Suspicious traffic without a specific signature was detecteUnder further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?
A) Signature based IPS
B) Signature based IDS
C) Application based IPS
D) Anomaly based IDS

69) Alice, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?

70) Which of the following allows Thomas, a security technician, to provide the MOST secure wireless implementation?
A) Implement WPA
B) Disable SSID
C) Adjust antenna placement
D) Implement WEP

71) Thomas, the compliance manager, wants to meet regulations. Thomas would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Thomas implement to BEST achieve this goal?
A) A host-based intrusion prevention system
B) A host-based firewall
C) Antivirus update system
D) A network-based intrusion detection system

72) Thomas, the system administrator, wishes to monitor and limit users' access to external websites. Which of the following would BEST address this?
A) Block all traffic on port 80
B) Implement NIDS.
C) Use server load balancers.
D) Install a proxy server.

73) Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?

74) Thomas needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall?
A) TCP 23
B) UDP 69
C) TCP 22
D) TCP 21

75) Which statement is TRUE about the operation of a packet sniffer?
A) It can only have one interface on a management network.
B) They are required for firewall operation and stateful inspection.
C) The Ethernet card must be placed in promiscuous mode.
D) It must be placed on a single virtual LAN interface.

76) Which of the following firewall rules only denies DNS zone transfers?
A) deny udp any any port 53
B) deny ip any any
C) deny tcp any any port 53
D) deny all dns packets

77) Which of the following technologies can store multi-tenant data with different security requirements?
A) Data loss prevention
B) Trusted platform module
C) Hard drive encryption
D) Cloud computing

78) Which of the following devices would MOST likely have a DMZ interface?
A) Firewall
B) Switch
C) Load balancer
D) Proxy

79) Which default port number is secure?
A) 21
B) 22
C) 23
D) 25

80) Which should you do so that your wireless signal does not reach all the way out to the parking lot?
A) Disable SSID broadcasting
B) Turn off MAC filtering
C) Lower the power level
D) Implement WEP encryption

81) Admin Bob took a new WAP out of the box, plugged it in, and walked away. An attacker was able to access the WAP using an administrator account. Which would have prevented the attack?
A) Configure MAC filtering
B) Disable SSID broadcasting
C) Change the default password
D) Configure 802.1x authentication

82) You enter the wireless network information into your computer correctly and connect to the network. You remain connected, but you can't access any resources on the network. Which is the most likely reason?
A) Mac filtering is turned on
B) The SSID is disabled
C) The encryption is too strong
D) The WAP power level is too low

83) Which would allow home users to access internal company resources?

84) You have two routers connected together, which then connect to two switches, which are also connected together via fiber. How would you prevent unauthorized devices from connecting to the network?
A) Configure only one of the routers to run DHCP
B) Implement port security on the switches
C) Enable VTP on both switches and set to the same domain
D) Configure each port on the switches to use the same VLAN other than the default one

85) Which two would you need to use together to allow telecommuting while keeping it secure?
D) Spam filter
E) VPN concentrator

86) Your wireless network is dropping packets and degrading service only during certain times of day. What should be your first troubleshooting step?
A) Increase the power level
B) Change to a higher gain antenna
C) Perform a site survey
D) Configure stronger encryption

87) You look at your router Access Control List and you see that it allows web, email, and SSH traffiFor some reason though, some users are unable to access network printing services. Which could be blocking this?
A) Port security
B) Flood guards
C) Implicit deny
D) Loop protection

88) Your company allows business partners to connect to several of your application servers located at the main officWhat can the main office implement to protect the rest of the company from those business partners?

89) Which protocol provides secure access to log on to a remote server's console to do some maintenance?

90) Which provides a more secure connection than WPA TKIP?
A) MAC filtering
D) Disable SSID broadcast and increase power levels

91) Which solution would scan web traffic for malware and block it if malware is found, and could also block certain websites that are inappropriate?
B) Firewall

92) How do you prevent unauthorized devices from connecting to the network via your network drops?
A) Mandatory Access Control
C) Port Security
D) Network Intrusion Prevention

93) Which subnet mask would put these 4 PC's on different broadcast domains?

PC1 =
PC2 =
PC3 =
PC4 =
A) /24
B) /27
C) /28
D) /29
E) /30

94) Choose the port numbers in the proper order to match the order of these protocols: FTP, TFTP, Telnet, HTTP.
A) 80, 21, 23, 69
B) 21, 69, 23, 80
C) 69, 23, 21, 80
D) 23, 21, 80, 69

95) Choose the port numbers in the proper order to match the order of these protocols: HTTPS, SMTP, SNMP, SCP.
A) 161, 22, 25, 443
B) 443, 161, 22, 25
C) 443, 25, 161, 22
D) 161, 443, 161, 22

96) Which of the following should be considered to mitigate data theft when using CAT5 wiring?
B) Enviromental monitoring
C) Multimode fiber
D) EMI shielding

97) Which of the following risk concepts requires an organization to determine the number of failures per year?
D) Quantitative analysis

98) Bob, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?
A) 500
B) 5000
C) 25000
D) 50000

99) Three of the primary security control types that can be implemented are:
A) Supervisory, subordinate, and peer.
B) Personal, procedural, and legal.
C) Operational, technical, and management.
D) Mandatory, discretionary, and permanent.

100) Which of the following is being tested when a company's payroll server is powered off for eight hours?
A) Succession plan
B) Business impact document
C) Continuity of operations plan
D) Risk assessment plan

101) A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of peoplTo mitigate the risks involved with this media, employees should receive training on which of the following?
A) Peer to Peer
B) Mobile devices
C) Social networking
D) Personally owned devices

102) After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?
A) Information Security Awareness
B) Social Media and BYOD
C) Data Handling and Disposal
D) Acceptable Use of IT Systems

103) A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal?
B) Environmental monitoring
D) EMI shielding

104) A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrancThis caused the electronic locks on the datacenter door to release because the:
A) badge reader was improperly installed.
B) system was designed to fail open for life-safety.
C) system was installed in a fail closed configuration.
D) system used magnetic locks and the locks became demagnetized.

105) When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?
A) Deploying identical application firewalls at the border
B) Incorporating diversity into redundant design
C) Enforcing application white lists on the support workstations
D) Ensuring the systems' anti-virus definitions are up-to-date

106) A security team has established a security awareness program. Which of the following would BEST prove the success of the program?
A) Policies
B) Procedures
C) Metrics
D) Standards

107) The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?
A) User permissions reviews
B) Incident response team
C) Change management
D) Routine auditing

108) A security administrator is reviewing the company's continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?
A) Systems should be restored within six hours and no later than two days after the incident.
B) Systems should be restored within two days and should remain operational for at least six hours.
C) Systems should be restored within six hours with a minimum of two days worth of data.
D) Systems should be restored within two days with a minimum of six hours worth of data.

109) A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was exfiltrated. Which of the following incident response procedures is best suited to restore the server?
A) Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.
B) Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan.
C) Format the storage and reinstall both the OS and the data from the most current backup.
D) Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.

110) In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?
A) Mitigation
B) Identification
C) Preparation
D) Lessons learned

111) Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding?
A) Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing.
B) MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high.
C) MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.
D) MOUs between two companies working together cannot be held to the same legal standards as SLAs.

112) A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost?
A) Clustering
B) Mirrorer server
D) Tape backup

113) A company has decided to move large data sets to a cloud provider in order to limit the costs of new infrastructure. Some of the data is sensitive and the Chief Information Officer wants to make sure both parties have a clear understanding of the controls needed to protect the datWhich of the following types of interoperability agreement is this?

114) Separation of duties is often implemented between developers and administrators in order to separate which of the following?
A) More experienced employees from less experienced employees
B) Changes to program code and the ability to deploy to production
C) Upper level management users from standard development employees
D) The network access layer from the application access layer

115) To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?
A) Management
B) Administrative
C) Technical
D) Operational

116) In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO).
A) Take hashes
B) Begin the chain of custody paperwork
C) Take screen shots
D) Capture the system image
E) Decompile suspicious files

117) A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?
A) Command shell restrictions
B) Restricted interface
C) Warning banners
D) Session output pipe to /dev/null

118) Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?
A) Record time offset
B) Clean desk policy
C) Cloud computing
D) Routine log review

119) Sara, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following?
A) Acceptable Use Policy
B) Physical security controls
C) Technical controls
D) Security awareness training

120) A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?
A) Availability
B) Integrity
C) Confidentiality
D) Fire suppression

121) Which of the following should Alice, a security administrator, perform before a hard drive is analyzed with forensics tools?
A) Identify user habits
B) Disconnect system from network
C) Capture system image
D) Interview witnesses

122) Which of the following is a management control? Logon banners
A) Logon banners
B) Written security policy
C) SYN attack prevention
D) Access Control List (ACL)

123) Which of the following should Thomas, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?
A) Privacy Policy
B) Least Privilege
C) Acceptable Use
D) Mandatory Vacations

124) Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?
A) Accept the risk saving $10,000.
B) Ignore the risk saving $5,000.
C) Mitigate the risk saving $10,000.
D) Transfer the risk saving $5,000.

125) Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?
A) Water base sprinkler system
B) Electrical
D) Video surveillance

126) Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?
A) Warm site
B) Load balancing
C) Clustering

127) Which of the following is the BEST approach to perform risk mitigation of user access control rights?
A) Conduct surveys and rank the results.
B) Perform routine user permission reviews.
C) Implement periodic vulnerability scanning.
D) Disable user accounts that have not been used within the last two weeks.

128) After a security incident, you make an exact copy of the hard drive to use as evidence. What does this illustrate?
A) Chain of custody
B) Order of volatility
C) System image capture
D) Taking screenshots

129) You are asked to reduce server vulnerabilities found in an audit. You set up a system to scan all servers on a regular basis. The next time the scan is run, you find the same vulnerabilities. What has occurred here?
A) You mitigated the risk
B) You deterred the risk
C) You accepted the risk
D) You avoided the risk

130) You want to allow employees to use their own personal smart-phones, tablets, etc without centralized management. They are required to contact the IT department to have their devices set up to use company email,and to access the company cloud-based servers. Which is the BEST policy to implement here?
A) Acceptable use policy
B) Group policy
C) Security policy
D) Business Agreement policy

131) You are required to sign a document stating how your activities may be monitoreSelect the TWO BEST descriptions for this document.
A) Risk acceptance policy
B) Acceptable use policy
C) Privacy policy
D) Email policy
E) Security policy

132) You've never experienced a security incident, but you want to create an Incident Response Plan anyway. Which would be the best way to establish plans and procedures?
A) Recovery procedures
B) Escalation procedures
C) Lessons learned
D) Table top exercises

133) What is an MOU used do define?
A) Data backup processes
B) Interoperability requirements
C) Onboard/offboard procedures
D) Responsibilities of each party

134) Which step of the incident response plan would most likely have the security team meet with business professionals to discuss changing existing procedures?
A) Incident identification
B) Isolation/quarantine
C) Reporting
D) Lessons learned
E) Recovery

135) You find that long-time employees have more system rights than they need to do their jobs. Which two should you implement to make sure employees only have the access they need to do their jobs?
A) Prohibit password re-use
B) Implement access control lists
C) Conduct user access reviews
D) Use role-based access
E) Monitor logs
F) Remove generic accounts

136) After several thefts, you want to ensure that only authorized personnel have access to the company grounds or its employees. You just got budget approval for fences, lighting, locks, and CCTVs. Which is the main focus?
A) Confidentiality
B) Availability
C) Integrity
D) Safety

137) Which is the MOST important security risk that is commonly overlooked by users?
A) Minimal account security procedures
B) Improper disposal of confidential data
C) Disabling screensaver lock-out times
D) Failure to log telephone and email contacts

138) You had a security breach, and now you've been asked to create stricter security policies. You back-up your router and switch configuration files. Then you force all users to attend user-awareness training classes. These actions are due to which of the following?
A) Implementing policies to prevent data loss
B) User rights and permissions review
C) Lessons learned
D) Change management

139) Which control should you use to reduce the risk of losing USB drives that contain confidential data?
A) Asset tracking
B) Access Control

140) How would you create a forensic copy of a hard drive for a criminal investigation?
A) Create a virtual snapshot of the drive, then seal it in an evidence bag and provide it to the prosecutor.
B) Copy all of the files to a DVD, finalize the disc so it cannot be written to, and provide it to the head of security.
C) Connect the drive to a freshly-imaged PC and clone the suspect drive while the head of security is present.
D) Use a write-blocking device and create a clone of the drive onto a new, sealed hard drive.

141) How do you prevent data loss when servers crash due to power outages?
A) EMI shielding
B) Environmental monitoring
C) Recovery procedures
D) Redundancy

142) What is an active location that can be immediately used if your main office has a disaster?
A) Backup operations facility
B) Redundant operations center
C) Cold site
D) Hot site

143) Which of these are the security officer most likely concerned about when reviewing the vulnerability report?
A) The number of vulnerabilities
B) The recovery time objectives
C) The impact and likelihood
D) The number of false positives

144) Which risk management method would mitigate risks that have a huge impact on the company, but are very unlikely?
A) Risk Assessment
B) Risk Avoidance
C) Risk Acceptance
D) Risk Transference

145) You discover that when users moved from one role to another, their security group memberships have not beenmadjusted properly. Which two have your company failed to implement?
A) Account termination procedures
B) Technical controls over account management
C) Mandatory access control enforcement
D) Incident management and response plan
E) Management controls over account management
F) User rights and permission reviews

146) You installed a new patch to a server which caused it to crasYou couldn't find system rollback procedures so you just restored the server from the last backup. What can you do to prevent future problems caused by the lack of rollback procedures?
A) System testing plan
B) Change management plan
C) Incident response policy
D) System audit log

147) What would be the reason for having two racks of servers, one behind the other, facing in opposite directions?
A) To eliminate the potential for electromagnetic interference
B) To lower energy consumption by sharing power outlets
C) To maximize fire suppression capabilities
D) To create environmental hot and cold aisles

148) A forensic analyst is asked to respond to an ongoing network attack on a server. Choose the correct order in which the forensic analyst should preserve them.
A) RAM, CPU Cache Swap file, Hard drive
B) Hard drive, CPU Cache, RAM, Swap file
C) Swap file, Hard drive, CPU Cache, RAM
D) CPU Cache, RAM, Swap file, Hard drive

149) Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly?
A) Protocol analyzer
B) Baseline report
C) Risk assessment
D) Vulnerability scan

150) Which of the following can result in significant administrative overhead from incorrect reporting?
A) Job rotation
B) Acceptable usage policies
C) False positives
D) Mandatory vacations

151) A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most peoplWhich of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?
A) Penetration test
B) Vulnerability scan
C) Load testing
D) Port scanner

152) Which of the following should an administrator implement to research current attack methodologies?
A) Design reviews
B) Honeypot
C) Vulnerability scanner
D) Code reviews

153) The BEST methods for a web developer to prevent the website application code from being vulnerable to crosssite request forgery (XSRF) are to: (Select TWO).
A) permit redirection to Internet-facing web URLs.
B) ensure all HTML tags are enclosed in angle brackets, e.g., "<" and ">".
C) validate and filter input on the server side and client side.
D) use a web proxy to pass website requests between the user and the application.
E) restrict and sanitize use of special characters in input and URLs.

154) A security analyst, Sally, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.Which of the following BEST describes this exploit?
A) Malicious insider threat
B) Zero-day
C) Client-side attack
D) Malicious add-on

155) A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?
A) Training staff on security policies
B) Establishing baseline reporting
C) Installing anti-malware software
D) Disabling unnecessary accounts/services

156) A server with the IP address of has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs: These attempts are overloading the server to the point that it cannot respond to traffiWhich of the following attacks is occurring?
C) DoS
D) Xmas

157) After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?
A) Privilege escalation
B) Advanced persistent threat
C) Malicious insider threat
D) Spear phishing

158) Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO's office with various connected cables from the officWhich of the following describes the type of attack that was occurring?
A) Spear phishing
B) Packet sniffing
C) Impersonation
D) MAC flooding

159) The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. Which of the following is the team performing?
A) Grey box testing
B) Black box testing
C) Penetration testing
D) White box testing

160) A recent spike in virus detections has been attributed to end-users visiting The business has an established relationship with an organization using the URL of but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack?
A) Typo squatting
B) Session hijacking
C) Cross-site scripting
D) Spear phishing

161) The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this?
A) Log audits
B) System hardening
D) Continuous security monitoring

162) A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. Which of the following describes this cause?
A) Application hardening
B) False positive
C) Baseline code review
D) False negative

163) Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?
A) Armored virus
B) Polymorphic malware
C) Logic bomb
D) Rootkit

164) Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred?
A) Cookie stealing
B) Zero-day
C) Directory traversal
D) XML injection

165) A user, Sally, is reporting to the company IT support group that her workstation screen is blank other than a window with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Sally's workstation?
A) Trojan
B) Spyware
C) Adware
D) Ransomware

166) Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of:
A) Scarcity
B) Familiarity
C) Intimidation
D) Trust

167) Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?
A) Near field communication
B) IV attack
C) Evil Twin
D) Replay attack

168) Several employees submit the same phishing email to the administrator. The administrator finds that the links in the email are not being blocked by the company's security device. Which of the following might the administrator do in the short term to prevent the emails from being received?
A) Configure an ACL
B) Implement a URL filter
C) Add the domain to a block list
D) Enable TLS on the mail server

169) The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?
A) Implement a honeynet
B) Perform a penetration test
C) Examine firewall logs
D) Deploy an IDS

170) A malicious individual is attempting to write too much data to an application's memory. Which of the following describes this type of attack?
A) Zero-day
B) SQL injection
C) Buffer overflow

171) A distributed denial of service attack can BEST be described as:
A) Invalid characters being entered into a field in a database application.
B) Users attempting to input random or invalid data into fields within a web browser application.
C) Multiple computers attacking a single target in an organized attempt to deplete its resources.
D) Multiple attackers attempting to gain elevated privileges on a target system.

172) A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following. SSID State Channel Level OurCo1 connected 1 70dbm OurCo2 connected 5 80dbm OurCo3 connected 3 75dbm OurCo4 connected 6 95dbm Which of the following is this an example of?
A) Rogue access point
B) Near field communication
C) Jamming
D) Packet sniffing

173) Alice, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?
A) Phishing
B) Tailgaiting
C) Pharming
D) Vishing

174) Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?
A) Logic bomb
B) Worm
C) Trojan
D) Adware

175) Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails?
A) Whaling
B) Impersonation
C) Privilege escalation
D) Spear phishing

176) Which of the following is an example of a false positive?
A) Anti-virus identifies a benign application as malware.
B) A biometric iris scanner rejects an authorized user wearing a new contact lens.
C) A user account is locked out after the user mistypes the password too many times.
D) The IDS does not identify a buffer overflow.

177) Data execution prevention is a feature in most operating systems intended to protect against which type of attack?
A) Cross-site scripting
B) Buffer overflow
C) Header manipulation
D) SQL injection

178) Which of the following assessments would Thomas, the security administrator, use to actively test that an application's security controls are in place?
A) Code review
B) Penetration test
C) Protocol analyzer
D) Vulnerability scan

179) Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. Which of the following activities is MOST appropriate?
A) War dialing
B) War chalking
C) War driving
D) Bluensnarfing

180) Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following?
A) Evil twin
B) DNS poisoning
C) Vishing
D) Session hijacking

181) Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?
A) Man-in-the-middle
B) Bluejacking
C) Bluesnarfing
D) Packet sniffing

182) Using proximity card readers instead of the traditional key punch doors would help to mitigate:
A) Impersonation
B) Tailgating
C) Dumpster diving
D) Shoulder surfing

183) Which of the following application attacks is used to gain access to SEH?
A) Cookie stealing
B) Buffer overflow
C) Directory traversal
D) XML injection

184) Alice, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Alice's company?
A) Vulnerability scanner
B) Honeynet
C) Protocol analyzer
D) Port scanner

185) Which of the following will allow Thomas, a security analyst, to trigger a security alert because of a tracking cookie?
A) Network based firewall
B) Anti-spam software
C) Host based firewall
D) Anti-spyware software

186) While opening an email attachment, Thomas, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?
A) Cross-site scripting
B) Buffer overflow
C) Header manipulation
D) Directory traversal

187) Thomas, a developer, writes an application. Alice, the security analyst, knows some things about the overall application but does not have all the details. Alice needs to review the software before it is released to production. Which of the following reviews should Alice conduct?
A) Gray Box Testing
B) Black Box Testing
C) Business Impact Analysis
D) White Box Testing

188) The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following?
A) Rainbow tables attacks
B) Brute force attacks
C) Birthday attacks
D) Cognitive passwords attacks

189) Thomas, the security engineer, would like to prevent wireless attacks on his network. Thomas has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?
A) Interference
B) Man-in-the-middle
C) ARP poisoning
D) Rogue access point

190) A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?
A) Firewall
B) Application
D) Security

191) Which of the following can be used by a security administrator to successfully recover a user's forgotten password on a password protected file?
A) Cognitive password
B) Password sniffing
C) Brute force
D) Social engineering

192) A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?
A) Password history
B) Password logging
C) Password cracker
D) Password hashing

193) You are testing a new software product for security, and you have all of the developer's source-code and data structures. What type of testing is this?
A) White box
B) Grey box
C) Black box
D) Penetration

194) You would like to determine how effective your company security is. Which is the best place to start?
A) Rewrite the existing security policy
B) Review past security incidents and their resolution
C) Implement an intrusion prevention system
D) Install honeypot systems

195) Your application frequently stops running due to memory errors. In the logs you see code being run that calls an internal process to exploit the machinWhat type of attack is this?
A) Zero-day
B) Cross site scripting
C) Malicious add-on
D) Buffer overflow

196) Which attack could be used to later launch a man-in-the-middle attack?
A) DoS
B) ARP poisoning
C) Replay
D) Brute force

197) When comparing penetration testing to a vulnerability scan, penetration testing is:
A) Only testing computer/network security
B) An active testing method
C) A passive testing method
D) Only testing physical security

198) What can you implement to capture information about attacks that are occurring, while at the same time protecting your network?
A) Security logs
B) Honeypot
C) Protocol analyzer
D) Audit logs

199) Your wireless network uses two WAPs with one SSID. You do a network scan and you find three BSSIDs but only the one SSID. Which of the following is the best explanation?
A) Evil Twin
B) Rogue Access Point
C) MIMO Extensions AP Isolation
D) IV Attack

200) You are testing a program created by your internal development team. Which type of testing are you performing?
A) White box
B) Grey box
C) Black box
D) Penetration

201) What's the quickest way to tell which version of SSH is running on a remote server?
A) Protocol analysis
B) Passive scanning
C) Banner grabbing
D) Penetration testing

202) Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?
A) Intrusion Detection System
B) Flood Guard Protection
C) Web Application Firewall
D) URL Content Filter

203) Which solution is the best way to detect tailgating into a restricted area, especially when you have a limited budget?
A) Install a motion detector near the entrance
B) Install a camera and DVR at the entrance to monitor access
C) Place a full-time guard at the entrance to confirm user identity
D) Revoke all proximity badge access to make users justify access

204) A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. Which of the following processes could MOST effectively mitigate these risks?
A) Application hardening
B) Application change management
C) Application patch management
D) Application firewall review

205) Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?
A) Installing anti-malware
B) Implementing an IDS
C) Taking a baseline configuration
D) Disabling unnecessary services

206) Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?
A) It should be enforced on the client side only.
B) It must be protected by SSL encryption.
C) It must rely on the user's knowledge of the application.
D) It should be performed on the server side.

207) A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?
A) Database field encryption
B) File-level encryption
C) Data loss prevention system
D) Full disk encryption

208) Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:
A) user accounts may be inadvertently locked out.
B) data on the USB drive could be corrupted.
C) data on the hard drive will be vulnerable to log analysis.
D) the security controls on the USB drive can be bypassed.

209) A security technician is attempting to improve the overall security posture of an internal mail server. Which of the following actions would BEST accomplish this goal?
A) Monitoring event logs daily
B) Disabling unnecessary services
C) Deploying a content filter on the network
D) Deploy an IDS on the network

210) Which of the following is the primary security concern when deploying a mobile device on a network?
A) Strong authentication
B) Interoperability
C) Data security
D) Cloud storage technique

211) After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?
A) Host based firewall
B) Initial baseline configurations
C) Discretionary access control
D) Patch management system

212) A company is preparing to decommission an offline, non-networked root certificate server. Before sending the server's drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO).
A) Disk hashing procedures
B) Full disk encryption
C) Data retention policies
D) Disk wiping procedures
E) Removable media encryption

213) A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator's concerns?
A) Install a mobile application that tracks read and write functions on the device.
B) Create a company policy prohibiting the use of mobile devices for personal use.
C) Enable GPS functionality to track the location of the mobile devices.
D) Configure the devices so that removable media use is disabled.

214) A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis?
A) Insufficient encryption methods
B) Large scale natural disasters
C) Corporate espionage
D) Lack of antivirus software

215) A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenuWhich of the following could BEST prevent this issue from occurring again?
A) Application configuration baselines
B) Application hardening
C) Application access controls
D) Application patch management

216) A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. Which of the following should the administrator use to test the patching process quickly and often?
A) Create an incremental backup of an unpatched PC
B) Create an image of a patched PC and replicate it to servers
C) Create a full disk image to restore after each installation
D) Create a virtualized sandbox and utilize snapshots

217) After copying a sensitive document from his desktop to a flash drive, Bob, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Bob's desktop remain encrypted when moved to external media or other network based storage?
A) Whole disk encryption
B) Removable disk encryption
C) Database record level encryption
D) File level encryption

218) Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?
A) Application firewalls
B) Manual updates
C) Firmware version control
D) Encrypted TCP wrappers

219) A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. Which of the following is the BEST approach for implementation of the new application on the virtual server?
A) Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location.
B) Generate a baseline report detailing all installed applications on the virtualized server after installing the new application.
C) Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location.
D) Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application.

220) The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. Which of the following would be MOST effective for preventing this behavior?
A) Acceptable use policies
B) Host-based firewalls
C) Content inspection
D) Application whitelisting

221) Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?
A) Trusted OS
B) Host software baselining
C) OS hardening
D) Virtualization

222) Which of the following BEST describes a protective countermeasure for SQL injection?
A) Eliminating cross-site scripting vulnerabilities
B) Installing an IDS to monitor network traffic
C) Validating user input in web applications
D) Placing a firewall between the Internet and database servers

223) Which of the following is the below pseudo-code an example of? IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT
A) Buffer overflow prevention
B) Input validation
C) CSRF prevention
D) Cross-site scripting prevention

224) Which of the following pseudocodes can be used to handle program exceptions?
A) If program detects another instance of itself, then kill program instance.
B) If user enters invalid input, then restart program.
C) If program module crashes, then restart program module.
D) If user's input exceeds buffer length, then truncate the input.

225) Which of the following is an application security coding problem?
A) Error and exception handling
B) Patch management
C) Application hardening
D) Application fuzzing

226) An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?
A) Implement IIS hardening by restricting service accounts.
B) Implement database hardening by applying vendor guidelines.
C) Implement perimeter firewall rules to restrict access.
D) Implement OS hardening by applying GPOs.

227) Methods to test the responses of software and web applications to unusual or unexpected inputs is known as:
A) Brute force.
B) HTML encoding
C) Web crawling
D) Fuzzing

228) Which of the following BEST explains the use of an HSM within the company servers?
A) Thumb drives present a significant threat which is mitigated by HSM.
B) Software encryption can perform multiple functions required by HSM.
C) Data loss by removable media can be prevented with DLP.
D) Hardware encryption is faster than software encryption.

229) Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?
A) Matt should implement access control lists and turn on EFS.
B) Matt should implement DLP and encrypt the company database.
C) Matt should install Truecrypt and encrypt the company server.
D) Matt should install TPMs and encrypt the company database.

230) Which of the following does full disk encryption prevent?
A) Client side attacks
B) Clear text access
C) Database theft
D) Network-based attacks

231) Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?
A) Buffer overflow
B) Pop-up blockers
C) Cross-site scripting
D) Fuzzing

232) Which of the following devices is BEST suited for servers that need to store private keys?
A) Hardware security module
B) Hardened network firewall
C) Solid state disk drive
D) Hardened host firewall

233) Which of the following would be used when a higher level of security is desired for encryption key storage?

234) Which of the following application security testing techniques is implemented when an automated system generates random input data?
A) Fuzzing
C) Hardening
D) Input validation

235) Which of the following is a hardware based encryption device?
B) TrueCrypt

236) Which technical control should you employ to prevent smartphones from connecting to your company network?
A) Mobile device management
B) Acceptable use policy
C) Remote wiping
D) Application white listing

237) What is it called when you magnetically erase all data on a disk?
A) Wiping
B) Scrubbing
C) Dissolution
D) Degaussing

238) You just learned of a bug in all of your printers' firmware that could let an attacker remotely review all printed documents. Which security control could the admin implement to prevent the leaking of sensitive documents?
A) Run a full vulnerability scan of all printers
B) Install patches on the print server
C) Perform penetration testing to rule out false positives
D) Create a separate printer network

239) Your company issues USB thumb-drives to employees. The drives used by the IT department are bootable and contain sensitive customer data. Which two would best be used to address concerns over theft of these thumbdrives, while keeping costs down and minimizing impact to the employees?
A) Implement an encrypted cloud storage strategy for non-IT personnel
B) Supply the employees with a second bootable drive and encrypt the storage drive
C) Partition the USB drives and encrypt the non-booting partition for data storage
D) Encrypt the entire USB drive and utilize an alternate method of booting from optical media

240) The network cards in one particular model of company laptop keep failing due to a design flaw. The manufacturer has issued a recall on the devices, but your IT department has to wait until they fail to send them in for the recall, because there is no central record of which model laptop was given to each user. Which would have prevented this situation?
A) Data backups
B) Support ownership
C) Data backups
D) Asset tracking

241) Which would be the best way to test a new software patch before deploying it to the entire company?
A) Virtualization
B) Application control
C) Cloud computing
D) Redundancy

242) Why would encrypting database exports on your SAN increase the amount of disk space used?
A) The exports are being stored on smaller drives
B) Deduplication is not compatible with encryption
C) The SAN already uses encryption-at-rest
D) Encrypted files are much larger than unencrypted files

243) Which is the strongest protection for data at-rest?
A) A host-based intrusion detection system
B) Prohibiting removable media
C) Biometric controls on data center entry points
D) Incorporating a full-disk encryption system

244) You are leaving for vacation and use your phone to take a picture of your family car in your driveway all loaded up and ready to go. You post the picture on FaceBook with the tag "Vacation beach house, here we come!" When you come home from vacation, you find your house has been burglarizeIf nobody previously knew your address, how was your house burglarized?
A) The message posted on FaceBook told everyone the house would be empty.
B) You enabled the device access feature on your mobile phone.
C) The picture was geo-tagged by the phone.
D) Your home address can be easily found with the TRACEROUTE command.

245) Bob is a temporary employee in the HR department and needs read-only access to a folder. The "HR" group has the "write" permission to that folder. What should you do so that Bob only has the "read" permission to the folder?
A) Remove all permissions for the folder
B) Modify the folder with the read-only permission for Bob
C) Create a new group that has read-only permissions for the folder
D) Add Bob to the "HR" group

246) The IT department is allowing a BYOD policy, but is concerned about corporate data loss if the device is lost or stolen. Which two would be best to protect the data, even if the communication SIM is removed from the device?
A) Geo-tagging
B) Asset tracking
C) Screen-locks
D) Patch management
E) Device encryption

247) Which method would you use to ensure that systems and software are being developed properly?
A) Design reviews
B) Determine attack surface
C) Input validation
D) Baseline reporting

248) You mention some confidential company information to a friend, who then happens to tell someone else that works for a competitor. Which best describes this?
A) Data leak
B) Social engineering
C) Malicious insider threat
D) Trojan horse

249) A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario?
A) Content filtering
C) Audit logs

250) You want to ensure that only business-related traffic is sent to other business networks. Which two below would BEST meet this requirement?
B) Antivirus
D) Web content filtering
E) Load balancers

251) A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO's requirements?
A) Username and password
B) Retina scan and fingerprint scan
C) USB token and PIN
D) Proximity badge and token

252) A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?
A) Time of day restrictions
B) Group based privileges
C) User assigned privileges
D) Domain admin restrictions

253) A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?
A) Dual-factor authentication
B) Multifactor authentication
C) Single factor authentication
D) Biometric authentication

254) Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to access an account at a bank teller machine?
A) Account expiration settings
B) Complexity of PIN
C) Account lockout settings
D) PIN history requirements

255) An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO).
A) Length of password
B) Password history
C) Minimum password age
D) Password expiration
E) Password complexity
F) Non-dictionary words

256) In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?
A) Identification
B) Authorization
C) Authentication
D) Multifactor authentication

257) The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future?
A) Job rotation
B) Separation of duties
C) Mandatory Vacations
D) Least Privilege

258) Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?
A) Set up mantraps to avoid tailgating of approved users.
B) Place a guard at the entrance to approve access.
C) Install a fingerprint scanner at the entrance.
D) Implement proximity readers to scan users' badges.

259) The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task?
A) A security group
B) A group policy
C) Key escrow
D) Certificate revocation

260) An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO).
A) Password Complexity
B) Password Expiration
C) Password Age
D) Password Length
E) Password History

261) Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties?
D) Kerberos

262) A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend?

263) Which of the following is a BEST practice when dealing with user accounts that will only need to be active for a limited time period?
A) When creating the account, set the account to not remember password history.
B) When creating the account, set an expiration date on the account.
C) When creating the account, set a password expiration date on the account.
D) When creating the account, set the account to have time of day restrictions.

264) Which of the following types of authentication packages user credentials in a ticket?
A) Kerberos

265) LDAP and Kerberos are commonly used for which of the following?
A) To perform queries on a directory service
B) To store usernames and passwords for Federated Identity
C) To sign SSL wildcard certificates for subdomains
D) To utilize single sign-on capabilities

266) After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data. Which of the following controls support this goal?
A) Contingency planning
B) Encryption and stronger access control
C) Hashing and non-repudiation
D) Redundancy and fault tolerance

267) A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security?
A) Assign users manually and perform regular user access reviews
B) Allow read only access to all folders and require users to request permission
C) Assign data owners to each folder and allow them to add individual users to each folder
D) Create security groups for each folder and assign appropriate users to each group

268) Sally, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective?
C) Kerberos
D) Diameter

269) Human Resources suspects an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place?
A) Shared accounts should be prohibited.
B) Account lockout should be enabled
C) Privileges should be assigned to groups rather than individuals
D) Time of day restrictions should be in use

270) An auditor's report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors' accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding?
A) Disable unnecessary contractor accounts and inform the auditor of the update.
B) Reset contractor accounts and inform the auditor of the update.
C) Inform the auditor that the accounts belong to the contractors.
D) Delete contractor accounts and inform the auditor of the update.

271) Sally, the security administrator, wishes to implement multifactor security. Which of the following should be implemented in order to compliment password usage and smart cards?
A) Hard tokens
B) Fingerprint readers
C) Swipe badge readers
D) Passphrases

272) A new intern was assigned to the system engineering department, which consists of the system architect and system software developer's teams. These two teams have separate privileges. The intern requires privileges to view the system architectural drawings and comment on some software development projects. Which of the following methods should the system administrator implement?
A) Group based privileges
B) Generic account prohibition
C) User access review
D) Credential management

273) The company's sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports. Which of the following controls is preventing them from completing their work?
A) Discretionary access control
B) Role-based access control
C) Time of Day access control
D) Mandatory access control

274) Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process?
B) Secure LDAP
D) Kerberos

275) Use of group accounts should be minimized to ensure which of the following?
A) Password security
B) Regular auditing
C) Baseline management
D) Individual accountability

276) A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?
C) Kerberos

277) A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control?
A) Implicit deny
B) Role-based access control
C) Mandatory Access Controls
D) Least Privilege

278) In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using?
A) Three factor
B) Single factor
C) Two factor
D) Four factor

279) Which of the following is an authentication service that uses UDP as a transport medium?
C) Kerberos

280) Which of the following passwords is the LEAST complex?
A) MyTrain!45
B) !!
D) #8

281) Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches?
D) Kerberos

282) A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?
C) Kerberos

283) What type of access control does a firewall use?
A) Rule based access control
B) Role based access control
C) Discretionary access control
D) Mandatory access control

284) Alice, a security administrator, has been tasked with explaining authentication services to the company's management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company's environment?
A) Kerberos
B) Least privilege

285) Which is used more by governments than by corporations?
B) Discretionary access control
C) Rule based access control
D) Mandatory access control

286) You notice a user logging in to a company Unix server as root. What should you do?
A) Delete the root account
B) Create a firewall rule to block SSH
C) Ensure the root account has a strong password
D) Disable remote logins

287) You are worried about the fact that one person writes, signs, and distributes paychecks and other checks. What should you implement?
A) Least privilege
B) Time of day restrictions
C) Separation of duties
D) Mandatory vacations

288) How can you detect unauthorized use of valid employee accounts?
A) Role-based access control
B) Increasing password complexity requirements
C) Continuous monitoring and review of user access
D) Lowering the number of failed attempts before lockouts

289) Pick two drawbacks of Kerberos:
A) Uses tickets for authorization
B) Prone to time restrictions
C) Has a central point of failure
D) Susceptible to eavesdropping
E) Operates over a non secure network Susceptible to dictionary attacks

290) Which system mutually authenticates clients and servers, and allows an admin to centrally revoke a client certificate to deny access?
A) Firewall rules
B) 802.1x
C) Implicit deny
D) Kerberos

291) Which is the most important factor in password strength against brute-force attacks?
A) Password expiration
B) Account lockout
C) Password length
D) Password complexity

292) You have "full-control" of a folder called "work". You want to give Bob "write" access to one of the files in that folder. What type of access control is this?
A) Mandatory
B) Discretionary
C) Rule-based
D) Role-based

293) Which two are used to authenticate point-to-point connections?
C) RC4
D) Kerberos

294) Bob returns from vacation, logs in to his computer, and finds that someone has changed his desktop around.The admin reviews the camera system footage and finds that someone had logged in to Bob's computer while he was away. What could have prevented this?
A) User access reviews
B) Password complexity policy
C) Shared account prohibition policy
D) User-assigned permissions policy

295) Which two require a RADIUS server?
A) 802.3
B) 802.16
C) 802.1x
D) WPA2-Personal
E) WPA2-Enterprise

296) Which is the best to access data from multiple applications across the company?
C) Common Access Cards
D) Single sign-on

297) Which system should you implement if you want to create a file system access control model where you can label files as "Secret", "Confidential", "Restricted", or "Unclassified"?
A) SCADA system
B) Trusted OS
C) Version control
D) White and black listing

298) Your server logs show that several unauthorized log-ins occurred using a few built- in system accounts. What could have reduced the likelihood of this occurring?
A) Disabling unnecessary accounts
B) Rogue machine detection
C) Protecting the management interface
D) Disabling unused application service ports

299) An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?

300) Deploying a wildcard certificate is one strategy to:
A) Secure the certificate's private key.
B) Increase the certificate's encryption key length.
C) Extend the renewal date of the certificate.
D) Reduce the certificate management burden.

301) Which of the following functions provides an output which cannot be reversed and converts data into a string of characters?
A) Hashing
B) Stream ciphers
C) Steganography
D) Block ciphers

302) Which of the following encrypts data a single bit at a time?
A) Stream cipher
B) Steganography
D) Hashing

303) Which of the following is used to verify data integrity?

304) Sally would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?
A) Digital Signatures
B) Hashing
C) Secret Key
D) Encryption

305) A company's employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?
A) Spam filter
B) Digital signatures
C) Antivirus software
D) Digital certificates

306) A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files?
A) Integrity
B) Confidentiality
C) Steganography
D) Availability

307) Bob, a user, wants to send an encrypted email to Sally. Which of the following will Sally need to use to verify that the email came from Bob and decrypt it? (Select TWO)
A) The CA's public key
B) Sally's public key
C) Bob's private key
D) Sally's private key
E) The CA's private key
F) Bob's public key

308) A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO)

309) A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered. Which of the following is occurring?
A) The user is encrypting the data in the outgoing messages.
B) The user is using steganography.
C) The user is spamming to obfuscate the activity.
D) The user is using hashing to embed data in the emails.

310) A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as:
A) Symmetric cryptography.
B) Private key cryptography.
C) Salting.
D) Rainbow tables.

311) A security administrator must implement a wireless encryption system to secure mobile devices' communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?
A) RC4
C) MD5

312) Bob, a user, reports to the system administrator that he is receiving an error stating his certificate has been revoked. Which of the following is the name of the database repository for these certificates?

313) A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?
A) Remove all previous smart card certificates from the local certificate store.
B) Publish the new certificates to the global address list.
C) Make the certificates available to the operating system.
D) Recover the previous smart card certificates.

314) An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA?
B) Recovery agent
C) Private key

315) An administrator needs to submit a new CSR to a CWhich of the following is a valid FIRST step?
A) Generate a new private key based on AES.
B) Generate a new public key based on RSA.
C) Generate a new public key based on AES.
D) Generate a new private key based on RSA.

316) A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network?
B) Make the RA available
C) A verification authority
D) A redundant CA

317) Bob, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Bob had already been working for two hours before leaving the premises. A security technician was asked to prepare a report of files that had changed since last night's integrity scan. Which of the following could the technician use to prepare the report? (Select TWO)
B) MD5
E) Blowfish

318) Sally wants to send a file to Bob using PKI. Which of the following should Sally use in order to sign the file?
A) Bob's public key Bob's private key Sally's public key Sally's private key
B) Bob's public key Bob's private key Sally's public key Sally's private key
C) Bob's public key Bob's private key Sally's public key Sally's private key
D) Bob's public key Bob's private key Sally's public key Sally's private key

319) Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either "good", "unknown", or "revoked"?

320) A root certificate authority takes which of the following actions in PKI?
A) Signs and verifies all infrastructure messages
B) Issues and signs all private keys
C) Publishes key escrow lists to CRLs
D) Issues and signs all root certificates

321) A CRL is comprised of:
A) Malicious IP addresses.
B) Trusted CA's.
C) Untrusted private keys.
D) Public keys.

322) Which of the following algorithms has well documented collisions? (Select TWO)
B) MD5
D) SHA-256

323) An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?
A) Integrity
B) Availability
C) Confidentiality
D) Remediation

324) Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server?
A) SSLv2
B) SSHv1

325) Configuring the mode, encryption methods, and security associations are part of which of the following?
A) IPSec
B) Full disk encryption
C) 802.1x

326) Which of the following is used to certify intermediate authorities in a large PKI deployment?
A) Root CA
B) Recovery agent
C) Root user
D) Key escrow

327) Which of the following components MUST be trusted by all parties in PKI?
A) Key escrow
C) Private key
D) Recovery key

328) Which of the following can use RC4 for encryption? (Select TWO)

329) If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization Which of the following PKI concepts is this describing?
A) Transitive trust
B) Public key trust
C) Certificate authority trust
D) Domain level trust

330) An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?
B) Non-repudiation
C) Trust models
D) Recovery agents

331) Thomas, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO)
A) Private hash
B) Recovery agent
C) Public key
D) Key escrow

332) Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?
A) Twofish
B) Diffie-Hellman

333) Which of the following can be implemented with multiple bit strength?
C) SHA-1
D) MD5
E) MD4

334) A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?
A) Block cipher
B) Stream cipher
D) Hashing algorithm

335) All of the following are valid cryptographic hash functions EXCEPT:
B) RC4
C) SHA-512
D) MD4

336) Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access?
A) Registration
D) Recovery agent

337) Employee badges are encoded with a private encryption key and specific personal information. The encoding is then used to provide access to the network. Which of the following describes this access control type?
A) Smartcard
B) Token
C) Discretionary access control
D) Mandatory access control

338) Certificates are used for: (Select TWO)
A) Client authentication.
B) WEP encryption.
C) Access control lists.
D) Code signing.
E) Password hashing.

339) What type of encryption should you use in mobile devices when you need minimal overhead?
A) Diffie-Hellman
B) Block Cipher
C) Stream Cipher
D) Elliptical Curve

340) You want to encrypt data between your servers. Programmer Bob suggests creating a new encryption protocol using secure, existing encryption algorithm libraries. He argues this will provide strong encryption without being vulnerable to attacks on other known protocols. What would be the BEST response to Bob's suggestion?
A) New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested libraries.
B) A programmer should have specialized training in protocol development before attempting to design a new encryption protocol.
C) The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.
D) The newly developed protocol will only be as secure as the underlying encryption algorithms used.

341) Your Certificate Authority is compromised and the attacker sends out software updates with fake signatures. How can you warn users about this malicious activity?
A) Key escrow
B) Certificate revocation list
C) Private key verification
D) Public key verification

342) Which uses a one-way transformation in order to confirm the integrity of a program?
A) Key escrow
B) Steganography
C) Hashing
D) Non-repudiation

343) Which is the hardest to crack and requires both parties to exchange the encryption key before communicating?
D) One-time pads

344) You are setting up a PKI and you create a new CYou instruct your server team to begin submitting CSRs for new internal SSL certificates. Later, employees start getting certificate warnings when connecting to internal company websites. What is going on?
A) The CRL has been misconfigured
B) OCSP should be disabled in client browsers
C) The new CA certificate has not been deployed to clients
D) The clients have not been registered in the new PKI

345) When you use PGP to protect email, what type of cryptography is used for the key exchange?
A) Symmetric
B) Asymmetric
C) Hashing
D) Sesson-based

346) Which two could be used to encrypt VPN traffic?
B) IPSec

347) Bob needs to send Sally a digitally signed and encrypted email. Which algorithms and keys is used to complete these actions?
A) Bob's public key to encrypt using SHA, Sally's private key to sign using 3DES
B) Bob's private key to encrypt using 3DES, Sally's public key to sign using SHA
C) Sally's public key to encrypt using 3DES, Bob's private key to sign using SHA
D) Sally's private key to encrypt using SHA, Bob's public key to sign using 3DES

348) What do digital signatures employ to ensure data integrity?
A) Transport encryption
B) Key escrow
C) Non-repudiaton
D) Hashing

349) Which can you check to see if Company XYZ's certificates are still valid?
A) XYZ's recovery agent
B) XYZ's key escrow
C) XYZ's private key

350) In order to digitally sign your emails with PGP, what needs to be created first?
A) A public and private key
B) A trusted key
C) A key escrow
D) A certificate authority

351) Which hashing algorithm is the most secure?
B) MD5

352) A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO)
A) Fault tolerance
B) Encryption
C) Availability
D) Integrity
E) Safety
F) Confidentiality

353) A security engineer, Bob, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?
B) SSHv1

354) Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?

355) What does Secure LDAP use for encryption?
B) IPSec

356) By default, which of the following uses TCP port 22? (Select THREE)

357) A network administrator is asked to send a large file containing PII to a business associate. Which of the following protocols is the BEST choice to use?

358) Which transports data from one site to another in an insecure manner?