keywords:
Bookmark and Share



Front Back
Actively monitoring data streams in search of malicious code or behavior is an example of:
A. load balancing.
B. an Internet proxy.
C. URL filtering.
D. content inspection.
Answer: D
Which of the following network devices would MOST likely be used to detect but not react to
suspicious behavior on the network?
A. Firewall
B. NIDS
C. NIPS
D. HIDS
Answer: B
The security administrator is getting reports from users that they are accessing certain websites
and are unable to download anything off of those sites. The security administrator is also receiving
several alarms from the IDS about suspicious traffic on the network. Which of the following is the
MOST likely cause?
A. NIPS is blocking activities from those specific websites.
B. NIDS is blocking activities from those specific websites.
C. The firewall is blocking web activity.
D. The router is denying all traffic from those sites.
Answer: A
Which of the following tools provides the ability to determine if an application is transmitting a
password in clear-text?
A. Protocol analyzer
B. Port scanner
C. Vulnerability scanner
D. Honeypot
Answer: A
Which of the following can a security administrator implement to help identify smurf attacks?
A. Load balancer
B. Spam filters
C. NIDS
D. Firewall
Answer: C
Which of the following wireless security controls can be easily and quickly circumvented using only
a network sniffer? (Select TWO).
A. MAC filtering
B. Disabled SSID broadcast
C. WPA2-Enterprise
D. EAP-TLS
E. WEP with 802.1x
Answer: A, B
Which of the following functions is MOST likely performed by a web security gateway?
A. Protocol analyzer
B. Content filtering
C. Spam filtering
D. Flood guard
Answer: B
Which of the following devices is often used to cache and filter content?
A. Proxies
B. Firewall
C. VPN
D. Load balancer
Answer: A
In order to provide flexible working conditions, a company has decided to allow some employees
remote access into corporate headquarters. Which of the following security technologies could be
used to provide remote access? (Select TWO).
A. Subnetting
B. NAT
C. Firewall
D. NAC
E. VPN
Answer: C, E
Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks? A. Load Balancer B. URL Filter C. VPN Concentrator D. Protocol Analyzer
Answer A.
An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement? A. Software based firewall
B. Mandatory Access Control (MAC)
C. VPN concentrator
D. Web security gateway
Answer: C
Which of the following should be installed to prevent employees from receiving unsolicited emails?
A. Pop-up blockers
B. Virus definitions
C. Spyware definitions
D. Spam filters
Answer: D
Which of the following should a security administrator implement to prevent users from disrupting
network connectivity, if a user connects both ends of a network cable to different switch ports?
A. VLAN separation
B. Access control
C. Loop protection
D. DMZ
Answer: C
A user is no longer able to transfer files to the FTP server. The security administrator has verified
the ports are open on the network firewall. Which of the following should the security administrator
check? A. Anti-virus software
B. ACLs
C. Anti-spam software
D. NIDS
Answer: B
Which of the following BEST describes the proper method and reason to implement port security?
A. Apply a security control which ties specific ports to end-device MAC addresses and prevents
additional devices from being connected to the network.
B. Apply a security control which ties specific networks to end-device IP addresses and prevents
new devices from being connected to the network.
C. Apply a security control which ties specific ports to end-device MAC addresses and prevents all
devices from being connected to the network.
D. Apply a security control which ties specific ports to end-device IP addresses and prevents
mobile devices from being connected to the network.
Answer: A
Which of the following would need to be configured correctly to allow remote access to the network?
A. ACLs
B. Kerberos
C. Tokens
D. Biometrics
Answer: A
By default, which of the following stops network traffic when the traffic is not identified in the
firewall ruleset?
A. Access control lists
B. Explicit allow
C. Explicit deny
D. Implicit deny
Answer: D
Based on logs from file servers, remote access systems, and IDS, a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss, but the insider's lawyer insists the laptop cannot be identified. Which of the following would BEST be used to identify the specific computer used by the insider?
A. IP address
B. User profiles
C. MAC address
D. Computer name
Answer: C
Applying detailed instructions to manage the flow of network traffic at the edge of the network,
including allowing or denying traffic based on port, protocol, address, or direction is an
implementation of which of the following?
A. Virtualization
B. Port security
C. IPSec
D. Firewall rules
Answer: D
Which of the following is the default rule found in a corporate firewall's access control list?
A. Anti-spoofing
B. Permit all
C. Multicast list
D. Deny all
Answer: D
Which of the following is BEST used to prevent ARP poisoning attacks across a network?
A. VLAN segregation
B. IPSec
C. IP filters
D. Log analysis
Answer: A
A small company needs to invest in a new expensive database. The company's budget does not include the purchase of additional servers or personnel. Which of the following solutions would allow the small company to save money on hiring additional personnel and minimize the footprint
in their current datacenter?
A. Allow users to telecommute
B. Setup a load balancer
C. Infrastructure as a Service
D. Software as a Service
Answer: D
Which of the following is MOST likely to be the last rule contained on any firewall?
A. IP allow any any
B. Implicit deny
C. Separation of duties
D. Time of day restrictions
Answer: B
Which of the following cloud computing concepts is BEST described as providing an easy-to-configure OS and on-demand computing for customers?
A. Platform as a Service
B. Software as a Service
C. Infrastructure as a Service
D. Trusted OS as a Service
Answer: A
MAC filtering is a form of which of the following?
A. Virtualization
B. Network Access Control
C. Virtual Private Networking
D. Network Address Translation
Answer: B
Reviewing an access control list on a firewall reveals a Drop All statement at the end of the rules.
Which of the following describes this form of access control?
A. Discretionary
B. Time of day restrictions
C. Implicit deny
D. Mandatory
Answer: C
An administrator is taking an image of a server and converting it to a virtual instance. Which of the
following BEST describes the information security requirements of a virtualized server?
A. Virtual servers require OS hardening but not patching or antivirus.
B. Virtual servers have the same information security requirements as physical servers.
C. Virtual servers inherit information security controls from the hypervisor.
D. Virtual servers only require data security controls and do not require licenses.
Answer: B
Webmail is classified under which of the following cloud-based technologies?
A. Demand Computing
B. Infrastructure as a Service (IaaS)
C. Software as a Service (SaaS)
D. Platform as a Service (PaaS)
Answer: C
A security engineer is troubleshooting a server in the DMZ, which cannot be reached from the
Internet or the internal network. All other servers on the DMZ are able to communicate with this
server. Which of the following is the MOST likely cause?
A. The server is configured to reject ICMP packets.
B. The server is on the external zone and it is configured for DNS only.
C. The server is missing the default gateway.
D. The server is on the internal zone and it is configured for DHCP only.
Answer: C
Which of the following may cause a user, connected to a NAC-enabled network, to not be
prompted for credentials?
A. The user's PC is missing the authentication agent.
B. The user's PC is not fully patched.
C. The user's PC is not at the latest service pack.
D. The user's PC has out-of-date antivirus software.
Answer: A
Which of the following would be implemented to allow access to services while segmenting access
to the internal network?
A. IPSec
B. VPN
C. NAT
D. DMZ
Answer: D
A security administrator needs to separate two departments. Which of the following would the
administrator implement to perform this?
A. Cloud computing
B. VLAN
C. Load balancer
D. MAC filtering
Answer: B
Which of the following is a security control that is lost when using cloud computing?
A. Logical control of the data
B. Access to the application's administrative settings
C. Administrative access to the data
D. Physical control of the data
Answer: D
Which of the following protocols should be blocked at the network perimeter to prevent host
enumeration by sweep devices?
A. HTTPS
B. SSH
C. IPv4
D. ICMP
Answer: D
Which of the following uses TCP port 22 by default?
A. SSL, SCP, and TFTP
B. SSH, SCP, and SFTP
C. HTTPS, SFTP, and TFTP
D. TLS, TELNET, and SCP
Answer: B
Which of the following allows a security administrator to set device traps?
A. SNMP
B. TLS
C. ICMP
D. SSH
Answer: A
A security administrator needs to implement a site-to-site VPN tunnel between the main office and
a remote branch. Which of the following protocols should be used for the tunnel?
A. RTP
B. SNMP
C. IPSec
D. 802.1X
Answer: C
Which of the following protocols would be the MOST secure method to transfer files from a host
machine?

A. SFTP
B. WEP
C. TFTP
D. FTP
Answer: A
Which of the following port numbers is used for SCP, by default?
A. 22
B. 69
C. 80
D. 443
Answer: A
Which of the following is the MOST secure method of utilizing FTP?
A. FTP active
B. FTP passive
C. SCP
D. FTPS
Answer: D
Which of the following protocols can be implemented to monitor network devices?
A. IPSec
B. FTPS
C. SFTP
D. SNMP
Answer: D
Which of the following protocols would an administrator MOST likely use to monitor the
parameters of network devices?
A. SNMP
B. NetBIOS
C. ICMP
D. SMTP
Answer: A
A remote office is reporting they are unable to access any of the network resources from the main
office. The security administrator realizes the error and corrects it. The administrator then tries to
ping the router at the remote office and receives no reply; however, the technician is able to telnet
to that router. Which of the following is the MOST likely cause of the security administrator being
unable to ping the router?
A. The remote switch is turned off.
B. The remote router has ICMP blocked.
C. The remote router has IPSec blocked.
D. The main office's router has ICMP blocked.
Answer: B
A network administrator is implementing a network addressing scheme that uses a long string of
both numbers and alphanumeric characters to create addressing options and avoid duplicates.
Which of the following describes a protocol built for this purpose?
A. IPv6
B. ICMP
C. IGMP
D. IPv4
Answer: A
In which of the following locations would a forensic analyst look to find a hooked process?
A. BIOS
B. Slack space
C. RAM
D. Rootkit
Answer: A
Which of the following file transfer protocols is an extension of SSH?
A. FTP
B. TFTP
C. SFTP
D. FTPS
Answer: C
Which of the following secure protocols is MOST commonly used to remotely administer
Unix/Linux systems?
A. SSH
B. SCP
C. SFTP
D. SNMP
Answer: A
Thesecurity administrator notices a number of TCP connections from the development
department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likely occurring?
A. The development team is transferring data to test systems using FTP and TFTP.
B. The development team is transferring data to test systems using SCP and TELNET.
C. The development team is transferring data to test systems using SFTP and SCP.
D. The development team is transferring data to test systems using SSL and SFTP.
Answer: C
An administrator who wishes to block all database ports at the firewall should include which of thefollowing ports in the block list?
A. 445
B. 1433
C. 1501
D. 3389
Answer: B
If a security administrator wants to TELNET into a router to make configuration changes, which of
the following ports would need to be open by default?
A. 23
B. 135
C. 161
D. 3389
Answer: A
x of y cards Next > >> >|