Which of the following causes problems with firewalls
- A . Control FTP
- B . Data FTP
- C . Active FTP
- D . Passive FTP
In relation to security, which of the following is the primary benefit of classifying systems?
- A . Ability to identify common attacks
- B . Identification of highest-priority systems to protect
- C . Ability to recover quickly from a natural or man-made disaster
- D . Collection of information for properly configuring the firewall
Irina has contracted with a company to provide Web design consulting services. The company has asked her to use several large files available via an HTTP server.
The IT department has provided Irina with user name and password, as well as the DNS name of the HTTP server. She then used this information to obtain the files she needs to complete her task using Mozilla Firefox.
Which of the following is a primary risk factor when authenticating with a standard HTTP server?
- A . HTTP uses cleartext transmission during authentication, which can lead to a man-in-the- middle attack.
- B . Irina has used the wrong application for this protocol, thus increasing the likelihood of a man-in- the-middle attack.
- C . A standard HTTP connection uses public-key encryption that is not sufficiently strong, inviting the possibility of a man-in-the-middle attack.
- D . Irina has accessed the Web server using a non-standard Web browser.
You have been assigned to provide security measures for your office’s reception area. Although the company needs to provide security measures, costs must be kept to a minimum.
Which of the following tools is the most appropriate choice?
- A . Firewall
- B . Intrusion-detection system
- C . Camera
- D . Security guard
Which symmetric algorithm created by the RSA Security Corporation is a stream cipher that encrypts messages as a whole, in real time?
- A . RC4
- B . RC6
- C . RC5
- D . RC2
Your firewall is configured to forbid all internal traffic from going out to the Internet. You want to allow internal clients to access all Web traffic.
At a minimum, what ports must you open in regards to the internal systems?
- A . TCP Port 80 and all ports above 1023
- B . TCP Ports 80 and 443, and all ports above 1023
- C . All TCP ports above 80 and below 1023
- D . TCP Ports 80 and 443
The vast majority of hackers are which type of attacker?
- A . Casual attacker
- B . Spy
- C . Disgruntled employee
- D . Determined attacker
The best way to thwart a dictionary attack is by enforcing a:
- A . strong password policy.
- B . restricted access policy.
- C . firewall configuration policy.
- D . proxy server policy.
Which of the following will best help you ensure a database server can withstand a recently discovered vulnerability?
- A . Updating the company vulnerability scanner and conducting a new scan
- B . Adding a buffer overflow rule to the intrusion detection system
- C . Reconfiguring the firewall
- D . Installing a system update
A new video conferencing device has been installed on the network. You have been assigned to troubleshoot a connectivity problem between remote workers and the central company. Specifically, remote workers are having problems making any connection at all.
Which technique will most likely help you solve this problem while retaining the existing level of security at the firewall?
- A . Deny all use of UDP above Port 1024.
- B . Configure the firewall to provide VPN access.
- C . Configure a second network connection directly to the video conferencing device.
- D . Allow all use of UDP below Port 1024.
Which protocol uses cleartext communication by default?
- A . HTTP
- B . IPSEC
- C . SSL
- D . POP3
Which of the following is the primary weakness of symmetric-key encryption?
- A . Data encrypted using symmetric-key encryption is subject to corruption during transport.
- B . Symmetric-key encryption operates slower than asymmetric-key encryption.
- C . Symmetric-key encryption does not provide the service of data confidentiality.
- D . Keys created using symmetric-key encryption are difficult to distribute securely.
Which component works with an operating system to increase its security ability?
- A . Network scanner
- B . Operating system add-on
- C . Log analysis tool
- D . Port scanner
Which task should you perform first when considering where to place equipment?
- A . Conduct research to determine the appropriate products for your organization.
- B . Consult with management to determine specific needs.
- C . Secure funding.
- D . Conduct a needs assessment audit.
Danielle was informed by her network administrator that an audit may be conducted during the night to determine the hosts that exist on the network and document any open ports. The next day, Danielle was unable to access any network services.
What may have occurred instead of the anticipated audit?
- A . A social engineering attack
- B . A zero-day attack
- C . A scanning attack
- D . A brute-force attack
How do activity logs help to implement and maintain a security plan?
- A . Activity logs provide advice on firewall installation, because they enable network baseline creation.
- B . Activity logs remind users to log on with strong passwords, because the logs can be analyzed to see if users are complying with policy.
- C . Activity logs allow you to determine if and how an unauthorized activity occurred.
- D . Activity logs dissuade would-be hackers from breaching your security.
Which of the following errors most commonly occurs when responding to a security breach?
- A . Shutting down network access using the firewall, rather than the network router
- B . Adhering to the company policy rather than determining actions based on the IT manager’s input
- C . Making snap judgments based on emotions, as opposed to company policy
- D . Taking too much time to document the attack
What is the term for a self-replicating program or algorithm that consumes system resources?
- A . Illicit server
- B . Root kit
- C . Trojan
- D . Worm
Which of the following describes the practice of stateful multi-layer inspection?
- A . Using a VLAN on a firewall to enable masquerading of private IP addresses
- B . Prioritizing voice and video data to reduce congestion
- C . Inspecting packets in all layers of the OSI/RM with a packet filter
- D . Using Quality of Service (QoS) on a proxy-oriented firewall
Which term describes a dedicated system meant only to house firewall software?
- A . Firewall appliance
- B . Virtual Private Network (VPN)
- C . Kernel firewall
- D . Proxy server
At the beginning of an IPsec session, which activity occurs during the Internet Key Exchange (IKE)?
- A . Determining the number of security associations
- B . Negotiating the authentication method
- C . Determining the network identification number
- D . Negotiating the version of IP to be used
A distributed denial-of-service (DDOS) attack has occurred where both ICMP and TCP packets have crashed the company’s Web server.
Which of the following techniques will best help reduce the severity of this attack?
- A . Filtering traffic at the firewall
- B . Changing your ISP
- C . Installing Apache Server rather than Microsoft IIS
- D . Placing the database and the Web server on separate systems
Consider the following image of a packet capture:
Which of the following best describes the protocol used, along with its primary benefit?
- A . It is a passive FTP session, which is easier for firewalls to process.
- B . It is an active FTP session, which is necessary in order to support IPv6.
- C . It is an extended passive FTP session, which is necessary to support IPv6.
- D . It is an active FTP session, which is supported by all FTP clients.
What is the primary advantage of using a circuit-level proxy?
- A . It provides Network Address Translation (NAT).
- B . It can discriminate between good and malicious data.
- C . It allows applications to provide connection information to the SOCKS server.
- D . It allows masquerading.
A flaw is discovered in an application. Before a patch is available, this vulnerability is used to gain access to sensitive data.
What type of attack is being described?
- A . Social engineering
- B . Dictionary
- C . Zero day
- D . Zero day
Which of the following is the simplest, most common firewall design?
- A . A dual-homed bastion host
- B . A screening router
- C . A screened subnet
- D . A single-homed bastion host
Which security management concept is the ability for a department to accurately determine the costs of using various networking security services?
- A . Performance management
- B . Chargeback
- C . Capacity forecasting
- D . Amortization
A CGI application on the company’s Web server has a bug written into it. This particular bug allows the application to write data into an area of memory that has not been properly allocated to the application. An attacker has created an application that takes advantage of this bug to obtain credit card information.
Which of the following security threats is the attacker exploiting, and what can be done to solve the problem?
- A . – Buffer overflow
– Work with the Web developer to solve the problem - B . – SQL injection
– Work with a database administrator to solve the problem - C . – Denial of service
– Contact the organization that wrote the code for the Web server - D . – Man-in-the-middle attack
– Contact the company auditor
You have been assigned to configure a DMZ that uses multiple firewall components. Specifically, you must configure a router that will authoritatively monitor and, if necessary, block traffic. This device will be the last one that inspects traffic before it passes to the internal network.
Which term best describes this device?
- A . Screening router
- B . Bastion host
- C . Proxy server
- D . Choke router
Which of the following is a common problem with proxy servers?
- A . Proxy servers do not log incoming and outgoing access, so you will not be able to see details of successful and failed connections.
- B . Proxy servers cannot filter out specific application-layer traffic.
- C . Proxy servers may return old cached information.
- D . Because proxy servers do not mask network resources, hackers may be able to access all exposed systems.
Consider the following diagram:
Which type of attack is occurring?
- A . Polymorphic virus-based attack
- B . Denial-of-service attack
- C . Distributed denial-of-service attack
- D . Man-in-the-middle attack using a packet sniffer
Which of the following is most likely to address a problem with an operating system’s ability to withstand an attack that attempts to exploit a buffer overflow?
- A . Firewall
- B . Software update
- C . Intrusion detection system
- D . Network scanner
Your organization has made a particularly unpopular policy decision. Your supervisor fears that a series of attacks may occur as a result. You have been assigned to increase automated auditing on a server.
When fulfilling this request, which of the following resources should you audit the most aggressively?
- A . Authentication databases, including directory servers
- B . Intrusion detection systems, especially those placed on sensitive networks
- C . Log files on firewall systems
- D . Firewall settings for desktop systems
You purchased a network scanner six months ago. In spite of regularly conducting scans using this software, you have noticed that attackers have been able to compromise your servers over the last month.
Which of the following is the most likely explanation for this problem?
- A . The network scanner needs to be replaced.
- B . The network scanner is no substitute for scans conducted by an individual.
- C . The network scanner has a trojan.
- D . The network scanner needs an update.
Considering physical security, which of the following should you look for when identifying a room that will act as a server room?
- A . Electrical outlets
- B . Power over Ethernet (PoE) settings
- C . False ceilings
- D . Space for backup servers
Which two protocols can be found at the transport layer of the TCP/IP stack?
- A . File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP)
- B . Internet Protocol (IP) and Internet Control Message Protocol (ICMP)
- C . Post Office Protocol 3 (POP3) and Simple Mail Transfer Protocol (SMTP)
- D . Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
You are creating an information security policy for your company.
Which of the following activities will help you focus on creating policies for the most important resources?
- A . Auditing the firewall
- B . Implementing non-repudiation
- C . Logging users
- D . Classifying systems
You have determined that the company Web server has several vulnerabilities, including a buffer overflow that has resulted in an attack. The Web server uses PHP and has direct connections to an Oracle database server. It also uses many CGI scripts.
Which of the following is the most effective way to respond to this attack?
- A . Installing software updates for the Web server daemon
- B . Using the POST method instead of the GET method for a Web form
- C . Installing an intrusion detection service to monitor logins
- D . Using the GET method instead of the POST method for a Web form
Which of the following security services, as defined by the ISO 7498-2 Security Architecture document, protects against active threats by verifying or maintaining the consistency of information?
- A . Data confidentiality
- B . Authentication
- C . Non-repudiation
- D . Data integrity
What is the primary strength of symmetric-key encryption?
- A . It allows easy and secure exchange of the secret key.
- B . It creates a ash?of a text, enabling data integrity.It creates a ?ash?of a text, enabling data integrity.
- C . It can encrypt large amounts of data very quickly.
- D . It provides non-repudiation services more efficiently than asymmetric-key encryption.
Why can instant messaging (IM) and peer-to-peer (P2P) applications be considered a threat to network security?
- A . Because they use ports above 1023 and many firewalls are not configured to block this traffic
- B . Because they are susceptible to VLAN hopping
- C . Because they usually lie outside the broadcast domain
- D . Because they use ports below 1023 and many firewalls are not configured to block this traffic
You have discovered that the ls, su and ps commands no longer function as expected. They do not return information in a manner similar to any other Linux system. Also, the implementation of Tripwire you have installed on this server is returning new hash values.
Which of the following has most likely occurred?
- A . A trojan has attacked the system.
- B . A SQL injection attack has occurred.
- C . A spyware application has been installed.
- D . A root kit has been installed on the system.
At what layer of the OSI/RM does a packet filter operate?
- A . Layer 1
- B . Layer 3
- C . Layer 5
- D . Layer 7
What would be the result if you were the recipient of a SYN flood or malformed packet?
- A . You would be unable to access a legitimate service, such as establishing a network connection.
- B . The files on your boot sector would be replaced with infected code.
- C . A virus would be unleashed on your system at the time the SYN flood or malformed packet was received.
- D . You would be misdirected to a fraudulent Web site without your knowledge or consent.
You want to create a quick solution that allows you to obtain real-time login information for the administrative account on an LDAP server that you feel may become a target.
Which of the following will accomplish this goal?
- A . Reinstall the LDAP service on the server so that it is updated and more secure.
- B . Install an application that creates checksums of the contents on the hard disk.
- C . Create a login script for the administrative account that records logins to a separate server.
- D . Create a dummy administrator account on the system so that a potential hacker is distracted from the real login account.
Which of the following details should be included in documentation of an attack?
- A . An overview of the security policy and suggestions for the next response plan
- B . Estimates of how much the attack cost the company, and a list of the applications used by the attacker
- C . The time and date of the attack, and the names of employees who were contacted during the response
- D . The network resources involved in the attack, and recommendations for thwarting future attacks
What is the most common attack method against TCP?
- A . Illicit server
- B . Trojan
- C . IP address spoofing
- D . SYN flood attack
What is the first tool needed to create a secure networking environment?
- A . User authentication
- B . Confidentiality
- C . Security policy
- D . Auditing
Jason is attempting to gain unauthorized access to a corporate server by running a program that enters passwords from a long list of possible passwords.
Which type of attack is this?
- A . Brute force
- B . Denial of service
- C . Botnet
- D . Buffer overflow
What distinguishes hash encryption from other forms of encryption?
- A . Hash encryption creates a mathematically matched key pair in which one half of the pair encrypts, and the other half decrypts.
- B . Hash encryption creates a single key that is used to encrypt and decrypt information.
- C . Hash encryption is the encryption method of choice when conducting e-commerce transactions.
- D . Hash encryption is used for information that you want never to be decrypted or read.