. By default, the 802.11 standard defines which of the following authentication models?
You want to implement network security that will inspect both outbound and inbound traffic and deny or permit traffic based on different rules. Which of the following will perform this function?a
Which of the following services uses port 110?
Which of the following provides for the highest level of security during login?
a. Two-Factor Authentication
b. One-Factor Authentication
c. Single Sign-On
d. Strong Authentication
Which of the following cable types would an attacker successfully implement a vampire tap?
A chip on the motherboard of the computer that provides cryptographic services, such as a true random number generator and full support for asymmetric encryption, is known as?
Which of the following protocols is used to protect email messages by using digital certificates?
Which form of concealing malware is known for posing as a legitimate program but, when it is launched, unleashes a malicious payload?
Any employee accused of performing a malicious action will be treated equally and not given preferential treatment is best exemplified as?
What is a form of access control that denies by default unless a condition is specifically allowed?
Referring to asymmetric cryptography, which key is used to encrypt the contents of the message in order to send it securely?
Which of the following relates to the area of a company’s network located between the perimeter of the secure internal network and the internet?
What is the first task in a risk management study?
What is the least restrictive access control model where the subject has total control over the objects and can modify the permissions for other subjects over objects known as?
What is the name given to a program that is used to attack a hashed password file offline?
Which of the following services uses port 19?
Which of the following forms of physical access control involve a combination lock that allows access after the buttons are pushed in the proper sequence?
Which of the following algorithms is an asymmetric algorithm?
Which RAID Level uses a striped disk array so that data is broken down into blocks and each block is written to a separate disk drive?
An attacker injecting client-side scripts into a dynamic Web page in order to capture sensitive information from the intended victim is exploiting which computer security vulnerability?
Which of the following types of backups only backs up files that have the archive bit turned on, but removes the archive bit when backed up?
a. Full Backup
b. Differential Backup
c. Grandfather Backup
d. Incremental Backup
The presentation of credentials typically performed when logging on to a system is known as?
Which of the following is not a component of the AAA (“Triple A”) Model?
Of the following, which statement is true regarding MD5 and SHA-1?
a. MD5 provides greater security.
b. SHA-1 produces more collisions than MD5.
c. MD5 produces a variable length 64-bit digest.
d. SHA-1 provides greater security
You are working in the data center when you hear a noise on one of the computers followed by flames. Which is the best type of fire extinguisher to put out the fire?
a. Class A
b. Class B
c. Class C
d. Class D
Which of the following replaces multiple private IP addresses with a single public IP address?
Which symmetric algorithm is utilized by WEP?
a. Elliptic Curve
d. El Gamal
Which of the following refers to any combination of hardware and software that enables access to remote users to a local internal network?
Once evidence is collected at a crime scene, what is the first action that should be taken?
a. Limit loss and damage to the asset
b. Initiate a chain of custody
c. Begin forensic analysis
d. Initiate the incident response plan
What are two defensive measures employed to prevent buffer overflows?
a. ASLR and ActiveX
b. Java and DEP
c. DEP and ASLR
d. ActiveX and Java
Which of the following network authentication protocols uses symmetric key cryptography, stores a shared key for each network resource and uses a Key Distribution Center (KDC)?
Executable code that tracks your online activity and reports it back to marketers without actually attacking your computer is categorized as?
An unauthenticated connection to a Microsoft Windows 2000 or Windows NT computer that does not require a username or password is known as?
End users are complaining about a lot of email from online vendors and pharmacies. Which of the following is this an example of?
Which of the following ensures that a user cannot deny having sent a message?
As an administrator, before configuring any IDS technologies that would scan for anomalies, you would first have to obtain:
Reviewing a subject’s privileges over an object is known as:
Which type of monitoring methodology uses the “normal” processes and actions as the standard, continuously analyzes the processes and programs on a system, and alerts the user if it detects any abnormal actions?
Which of the following is most likely to allow an attacker to make a switch function as a hub?
All of the following are components of IPSec except:
A program that attaches itself to a document or program and then executes when that document is opened or program is launched is known as which type of malware?
What is a form of access control that allows by default unless a condition is specifically denied?
Which of the following RAID Levels mirrors its actions from the primary drive to another drive, creating an exact duplicate to achieve fault tolerance?
Which of the following wireless standards operates at the 2.4 GHz radio frequency spectrum and can support devices transmitting at 54 Mbps?
Which of the following services uses port 88?
Ensuring that information is correct and no unauthorized person or malicious software has altered the data is known as:
Which of the following is MOST likely to generate conditions favoring ESD?
Referring to asymmetric cryptography, which key is used to decrypt the contents of the message in once it is received?
What is it called when two different messages are hashed and, in result, produce the same digest?
Which type of attack involves the man-in-the-middle capturing login credentials between a computer and a server, then at a later time, using the captured credentials?
What is the term used to describe a system attack that provides input data that exceeds the limits recognized by a program?
What would an attacker use to break into a computer, gain privileges to perform unauthorized functions, and remove traces of the attacker’s existence?
Which type of monitoring methodology is used to examine network traffic, activity, transactions, or behavior by comparing against a predefined set of definitions?
What action should be taken if a certificate has been compromised?
Which of the following hides the IP address of a network device by replacing a single private IP address with a single public IP address?
What is the term given to an alarm that is raised when there is no abnormal behavior called?
Which of the following services are affected by shutting down ports 110 and 143?
Which of the following types of algorithms takes a variable-length message and produces a fixed-length hash?
Which of the following define the actions employees, contractors, vendors, or visitors may perform while accessing systems and networking equipment?
The technique known as “sandboxing” is used to defend against attacks from which of the following?
Using cryptography to prove that the sender was legitimate and not an imposter is an example of which protection?
What can an attacker use to send massive amounts of spam and perform distributed denial of service attacks?
Which of the following would be the best tool in helping an administrator quickly find a rouge device on the network?
Which asymmetric algorithm is used to encrypt a shared key in order to establish a symmetric session?
An email message designed to trick the user into surrendering sensitive and/or private information is known as:
Which access control model is the most restrictive, uses labels, and subscribes to the idea of need to know?
An attack from one computer designed to consume network resources so that the network or its devices cannot respond to legitimate requests is best described as:
Granting users only the minimum number of privileges necessary to perform their job is known as:
Which of the following attacks begins with the attacker creating hashes of common words and comparing those hashed words against those in a stolen password file?
Unsolicited messages sent via Bluetooth to Bluetooth-enabled devices is known as:
Which of the following is used to address customer-specific, security-related issues?
What software scans a computer for infections as well as monitor computer activity and scan all new documents that might contain malware?
Which of the following modes of IPSec encrypts only the data portion of each packet and leaves the header unencrypted?
What is known as malware installed on a computer that collects information about users, such as Internet surfing habits or browser history, without their knowledge?
The fraudulent act of taking advantage of the 5-day grace period to delete Internet domain names is known as:
d. Zone Transfer
If a user is able to log in to their MSN Hotmail email account and is able to access multiple services without having to authenticate, which access control model is being used?
An account that is secretly set up without the administrator’s knowledge or permission, that cannot be detected, and that allows for remote access to the device is known as?
What is the concept of having more than one person required to complete a task to avoid a single user from having complete control known as?
Which of the following is not a use for a protocol analyzer?
Which term best describes a low-level system program that uses a notification engine designed to monitor and track down hidden activity on a desktop system, server, PDA, or cell phone?
a. Activity Monitor
b. Protocol Analyzer
c. System Monitor
d. Performance Monitor