Which type of IDS is more ambitious and informative than the other types?
The U.S. National Institute of Standard and Technology (NIST) specifies three types of security controls. These controls are important in the federal information systems certification and accreditation process?
Management, operational, and technical.
An authoritative DNS server must transfer zone data to six secondary DNS servers. What configuration provides the best security?
Allow zone transfer only to specific IP addresses.
You need to restrict the Web sites that network users can visit. Users connect to the Internet through a perimeter network. What should you do?
Use Internet content filters.
You are part of an incident response team. You change the passwords relating to all affected systems. You also back up the affected systems. These are exampes of which part of the incident handling procedure?
In which type of PKI model do trusted parties issue certificate to each other?
Web of trust
What is the defining charateristic of a trusted operating system?
Data cannot be altered or moved and access rights are required to view data.
You need to prevent access to servers on subnet based on the IP address of the source and the port being used. Your network uses dedicated router devices throughout the network. You need to minimize the network changes necessary to configure the solution and also minimize the administrator effort necessary to maintain the solution. What should you do?
Define an ACL on the router to the subnet.
What is a limitation of using a CRL to determine whether or not a certificate is valid?
A CRL does not provide for real-time updates.
You need to encrypt the contents of a USB flashdrive. Which type of encryption should you use?
You have a server that hosts several different XML Web services. You need to install a device that can mitigate the risk of the Web server being attacked through data sent in a request. What should you use?
Web application firewall
You are responsible for implementing a Data Loss Prevention (DLP) solution for your organization. You need to control access to secure data files and prevent unauthorized users from viewing file content. Data should be protected whether it is directly accessed or distributed outside the network. What should you use?
RMS – rights management service
You are deploying an application server on your network that will require a higher level of defense against potential software threats than other servers on your network. You want the server to actively defend itself against active attacks and potential malware infections. You need to provide this protection without impacting other servers already deployed on your network. What should you use?
HIPS – host-based intrusion prevention system
Your business uses instant messaging to enable technical support personnel to communicate easily with customers. What should you do to secure technical support computers against potential instant messaging security risks?
Install up-to-date antivirus software
You are preparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be placed in promiscuous mode? (Pick two)
Vulnerability scanner and Port scanner
You want to be able to identify changes in activity in critical Windows servers that might identify attempts to compromise the server or its data. You have installed antivirus software on the server and have locked down server configurations. What should you do next?
Use Performance Monitor to establish a performance baseline for each server.
What entity within a PKI is able to provide digital keys to an authorized third party?
Key Escrow
Which statement best describes hashing?
Transforming a variable-length input into a fixed-length string
You are deploying a corporate telephony solution. The network includes several branch offices in remote geographical locations. You need provide VoIP support among all office locations. You need to design a network infrustructure to support communications. You need to minimize the impact on network security. You need to minimize the cost related to deploying the solution. What should you do?
Configure a DMZ in each office.
Which of the following is designed to perform one-way encryption?
Which key is used to encrypt data in an asymmetric encryption system?
The recipient’s public key
Why should you require the sender to digitally sign sensitive e-mail message? (Pick two)
To provide nonrepudiation and to validate the sender.
What hash algorithm is used by common implementations of CHAP?
What is the most reliable method for recovering a secure user account?
Restore from backups
What form of biometric authentication is the least secure?
Keystroke dynamics
What can you use to reveal both known and unknown attacks without affecting normal operations?
Firewall log analysis.
You are configuring antispam software for network computers. What should you have antispam software do when it identifies an e-mail as spam?
Save the message in a separate folder
You want to ensure that your network mail system is designed to minimized the risk that an outside attacker could use your mail system to send malicious e-mails. Your mail system includes several mail clients and an SMTP mail server. What should you do?
Disable open relay at the SMTP server.
A computer configured as a router protects your network from the Internet. You discover that the router has been reconfigured. How might an attacker have gained access to the router? (Pick two)
By logging on to a default account and through a rootkit infection.
You are deploying an application server on your network. You need to control the types of traffic into and out of the server. You want to keep the effort and network changes necessary to implement and manage this to a minimum. What should you do?
Install a host-based firewall on the server.
What type if IDS reports possible attacks when it detects contions that match the conditions contained in a database of attacks?
Client computers on a network use POP3 over SSL to received e-mail. The e-mail service uses standard port assignment. What port on the Internet face of the firewall should allow inbound packets?
Which type of reporting is most useful in predicting the possibility of an event occurring for security planning purposes?
Trend report
Which ports do you need to allow on an Internet-facing firewall that uses NAT-T to support an L2TP/IPSec VPN connection?
IP Protocol ID 50, UDP port 500, and UDP port 4500
Users occasionally need to take files with them to remote locations. You need to minimize the risk that the data might be comprised. Employees are required to provide their own devices. You want to keep the cost incurred by the employess to a minimum. What should you do?
Require data encryption at the destination device.
Which component of PKI is necessary for a CA to know whether to accept or reject certificates from another CA? (Pick two)
CRL and Registration Authority (RA)
A set of switches is used to implement a VLAN. Where should you enable loop protection?
On all ports of the switch.
Your boss is concerned that an administrator might accidently introduce a security vulnerability when installing a new server. What can you use to mitigate the risk?
Change management
When is it appropriate to use vulnerability scanning to identify potential holes in a security design?
When testing to identify known potential security risks inherent to the design and corrective actions.
Which of the following can be used to prevent external electrical fields from effecting sensitive equipment?

Faraday cage

Faraday cage
Which vulnerability is created by establishing a network bridge between DSL connection to the Internet and an Ethernet connection to the LAN?
Users on the Internet can access files on the LAN.
What is used to provide secure communication over a L2TP VPN connection?
Which DNS record is used to identify an IPv6 host?
The basic formula for calculating ALE uses what two values?
The number of times you can expect a risk to occur during a year.
Revenue loss from a single risk occurrence.
What can be done to prevent cookie poisoning?
Encrypt cookies before transmission
You are configuring a host firewall. You need to prevent files from being updated or downloaded in clear text. Which ports should you block?
20, 21, 69
What entity within PKI verifies user requests for digital certificates?
Registration Authority
Which statement best describe an SSL and TLS connection?
The client and server negotiate to determine the algorithms that will be used.
War chalking is used for what purpose?
To gain access to an unprotected or poorly protected access point.
What does IPSec use to determine when to create a new set of keys?
ISAKMP (Internet Security Association and Key Management Protocol)
A solution vendor bills customers for access to a three-tier application based on usage. The application is deployed in the vendor’s data center as sets of clustered virtual machines. Which type of network design element is exemplified?
IaaS – Infrastructure as a service
What does an implicit deny on an ACL do?
It denies any traffic not specifically allowed.
Engineering department computers are deployed on a screened subnet. You need to protect the computers against malware attacks. What should you do?
Install a HIDS on each of the department’s computers.
You are looking for a method to manage access to a secure area. You want to allow entry through a locked gate automatically and track individuals going into and out of the area. Which method should you use?
Proximity reader
Which of the following allows you to configure NAT tables that allow computers on the Internet to initiate connections to hosts on an internal network with private IP address?
Static NAT
You are investigating some malware that has infected a server in your company. You make a digital copy of the hard drive that you can analyze. You place the original drive in a secure cabinet. What aspect of incident response does this illustrate?
Chain of custody
You are deploying a network for a small project group. Each group member should be responsible for securing access to his or her own computer’s resource. What access control model should you use?
You discover attempts to comprise your Web site. The attacks are based on commands sent from authenticated users’ Web browser to the Web site. The commands execute at the user’s permission level. Users who have been contacted had no idea that the commands were being sent from their computers. What kind of attack does this represent?
Cross-site request forgery (CSRF or XSRF)
For what purpose would you install voice encryption on a mobile computer?
To support secure VoIP communication
Your network is configured as a Windows Server 2008 Active Directory domain. The network includes two file servers FS0 and FS1. Folders from both file servers are shared to the network. You need to configure the same access permissions for 20 domain users to folders shared from FS0 to FS1. The users that need access to this set of folders may change over time. You need to minimize the effort needed to deploy and maintain this solution. What should you do?
Create one domain security group
What are the dangers of virus hoaxes? (Pick two)
Users spread them by forwarding them and overburden e-mail systems. Also, the message includes instructions to do something damaging.
Which IPSec protocol provides confidentiality?
Encapsulating Security Payload (ESP)

ESP also provides integrity.

You have a server that hosts several different XML Web services. You need to install a device that can mnitigate the risk of the Web server being attacked through data sent in a request. What should you use?
Web application firewall
You are designing a solution to protect your network from Internet-based attacks. You need to provide:
* Pre-admission security checks
* Automated remediation
The solution should integrate existing network infrastructure devices. What should you do?
Implement NAC
Your network has servers that are configured as member servers in a Windows Active Directory domain. You need to minimize the risk of unauthorized persons logging on locally to the servers. The solution should have minimal impact on local management and administration and should not limit administrator access.
What should you do? (Choose two.)
Rename the local default accounts.
Require strong passwords.
Your network connects to the Internet through a single firewall. The internal network is configured as a single subnet. You need to deploy a public Web server to provide product information to your customers. What should you do?
Configure a DMZ and deploy the Web server on the DMZ.
You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment? (Choose two.)
Provide isolation in case of a fire.
Maintain appropriate humidity levels.
What can you prevent when you deploy wireless devices inside a TEMPEST-certified building?
War driving
When should a company perform a qualitative risk assessment?
When working within a limited time frame or budget
Inserting invalid information into a name resolution server’s database is known as what? (Choose two)
DNS poisoning.
DNS spoofing.
You created a mirror image of the data needed for forensic investigation. You need to be able to quickly determine if your investigative procedures cause the data to change. What should you use to determine this?
What type of malware is often used to facilitate using unsuspecting users’ computers to launch DDoS attacks?
You suspect an attacker is sending damaged packets into your network as a way to compromise your firewall. You need to collect as much information about network traffic as possible. What should you use?
Protocol analyzer
Your Web site has been the repeated target of cross-site request forgery (XSRF) attacks. You want to try to prevent these from occurring. What should you do?
Require a secure, user-specific token for form submissions.
What access control method is most commonly used to control access to resources in a peer-to-peer network?
Which wireless authentication protocol is vulnerable to password cracking?
LEAP – Lightweight Extensible Authentication Protocol
SSL is used to provide encryption for which communication protocol?
Which is a set of rules that defines which connections to a network are accepted or rejected?
Remote access policy
Which is designed to ensure mutual authentication?
Making sure that proper procedures are followed during an investigation during a security incident and that the rights of the suspect are respected is known as:
Due process
You are developing a Web application that will be accessible to the public. Users will be entering data that will be visible to other users. You want to design the application to minimize the possibility of cross-site scripting (XSS). What should you do?
Implement user-input filters.
What kind of encryption method can be implemented at the Network layer of the OSI model?
When designing network and device security plans, what capability is enhanced by GPS tracking?
Device physical location
What are the minimum requirements for implementing TLS on a Web site?
A PKI certificate must be installed on the Web server.
What type of data loss prevention system is most susceptible to a cold boot attack?
Full disk encryption
You suspect an attempted attack against a data server running Microsoft Windows. You need to monitor real-time performance to compare it to the baseline data you collected when the server was deployed. What should you use?
Performance monitor
You need to ensure that Active Directory domain user Alice does not have read access to the folder named Graphics. The Graphics folder is shared to the network from the server named FS0. The disk partition on which Graphics is located is formatted as NTFS. What should you do?
Explicitly deny read access to the folder to Alice through local access security.
Which wireless protocol uses the pre-shared key to encrypt data?
What should you do to ensure that messages between an SNMP management station and SNMP agents are encrypted?
Create IPSec filters for ports 161 and 162.
Which wireless protocol provides data confidentiality and integrity using AES?
CCMP – Counter Mode with Cipher Block Chaining Message Authentication Code Protocol.
A HIDS that recognizes possible attacks by monitoring attempts to make unauthorized changes to files is an example of what kind of monitoring methodology?
An attacker exploits a valid session to gain access to a secure network computer. This is an example of what type of attack?
TCP/IP hijacking
You plan to use Windows BitLocker to Go to automatically encrypt a USB flash drive. You want to be able to retrieve the encrypted data from any laptop computer. What should you do?
Configure BitLocker to Go with the Use A Password To Unlock This Drive option.
What is the most accurate form of biometric authentification in common use?
Retinal scan
What should be performed during software development and after software release?
Code Review
Which type of attacks works by modifying the data contained in IP packets?
Header Manipulation
Fault tolerant design that includes data backups and duplicate hardware is an example of:
Operational continuity planning
You install a Web pplication on three identical servers. You need to mitigate the risk that users will be unable to access the Web application if one of the servers fails or is compromised by malware. What should you use?
Load balancer
Which security goal is compromised by a DDoS attack?
When should you perform a penetration test on your network?
To determine threat detection and alert effectiveness