Which of the following best describes high amplification when applied to hashing algorithms?

• ^{(a)  A small change in the message results in a big change in the hash value}


• ^{. (b) Hashes produced by two different parties using the same algorithm result in the same hash value.} 


• ^{(c)  Reversing the hasing function does not recover the original message.}


• ^{(d)  Dissimilar messages frequently result in the same hash value.}

<sub>(a) ^{High amplification, also known as avalanche effect, means a small change in the message results in a big change in the hashed value. Hashes are one-way functions, meaning that once you hash a message, you cannot reverse the hashing algorithm to extract the data.  Data integrity is proven when two different messages produce the same hash value (a low number of collisions is desirable).}  

Chapter 7</sub>

Which of the following is used to verify that a downloaded file has not been altered?

• Hash


• Symetric Encryption


• Private key


• Asymetric encryption

_{A Hash is a function that takes a variable-length string (message) and compress and transforms it into a fixed-length value.  Hashes ensures the data integrity of files and messages in transit.  For example, when users post files for download, they often create a hash using the same algorithm.  If the hash value match, you know that the file you have matches the original file.}  
Chapter 7

Which of the following is the weakest hashing algorithm?

• AES


• DES


• MD-5


• SHA-1

_{MD-5 is the weakest hashing algorithm.  It produces a message digest of 128 bits.  The larger the message digest the more secure the hash.  SHA-1 is more secure becuase it produces a 160 bit message digest.
 
Chapter 7}

Hashing algorithms are used to perform what activity?

• Provide a means to exchange small amounts of data securely over the public network
• Create a message digest
• Provide for non-repudiation
• Encrypt bulk data for communication exchange

Hashing algorithms are used to create a message digest to ensure that data integrity is maintained.  A sender creates a message digest by performing the hash function on the data files to be transmitted. The receiver performs the same action on the data received and compares the two message digests.  If they are the same then the data was not altered.

_{Your computer system is a participant in an asymetric cryptography system.  You've crafted a message to be sent to another user.  Before transmission, you hash the message, then encypt the hash using your private key.  You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide?}

• Non-repudiation
• Integrity
• Availability
• Confidentiality

_{Hashing of any sort at any time, including within a digital signature, provides data integrity.}  
Chapter 7

^{When two different messages produce the same hash value, what has occured?}  

• High amplification
• ^{Hash value}
• ^Collision
• ^{Birthday attack}

A collision occurs when two different messages produce the same hash value.  
Chapter 7

Which of the following is the strongest hashing algorithm?

• LANMAN
• SHA-1
• NTLM
• MD5

SHA-1 is the strongest hashing algorithm.  SHA-1 generates a message digest of a 160-bits.
LANMAN AND NTLM both use hashing to protect authentication credentials, but these protocols are not used  for creating hashes of data.
Chapter 7

You have just downloaded a file.  You create a hash of the file and compare it to the hash posted on the Web site.  The two hashes match.  What do you know about the file?

• Your copy is the same as the copy posted on the website.
• You will be the only one able to open the downloaded file
• No one has read the file contents as it was downloaded
• You can prove the source of the file.

Your copy is the same as the copy posted on the website. Hashes do not ensure confidentiality (in other words, hashes are not used to encrypt data).  Non-repudiation proves the source of a file, and is accomplished using digital signature.  
Chapter 7

Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?

• MAN
• Intranet
• Extranet
• Internet

An Extranet is a privately controlled portion of a network that is accessible to some specific external entities.  Often those external entities are business partners, suppliers, distributors, vendors or possibly customers.  
Chapter 7

You have a small network at home that is connected to the Internet.  On your home network you have a server with the IP address of 192.168.55.199/16.  You have a single public address that is shared by all hosts on your private network. You want to configure the server as a Web server and allow Internet hosts to contact the server to browse a personal Web site.  What should you use to allow access?

• DNS CNAME record
• Static NAT
• DNS A record
• Dynamic NAT

Static NAT maps an internal IP address to a static port assignment.  Static NAT is typically used to take a server on the private network (such as a Web server) and make it available on the Internet.  External hosts contact the internal server using the public IP address and the static port.  Using a static mapping allos external hosts to contact internal hoss.

Which of the following is not one of the ranges of IP addresses defined in RFC 1918 that are commonly used behind a NAT server?

• 10.0.0.0 - 10.255.255.255
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255
• 169.254.0.0 - 168.254.255.255

169.254.0.0 - 168.254.255.255 is the range of the IP addresses assigned to Windows DHCP clients if a DHCP server does not assign the client an IP address.  This range is known as the Automatic Private IP Addressing (APIPA) range.

_{Which of the following correctly descirbe the most common format for expressing IPv6 addresses?  (Select two).}

• _{Hexadecimal numbers}
• _{Decimal numbers}
• _{32 numbers, grouped using colons}
• _{Binary numbers}
• _{128 numbers, grouped using colons} 

 

_{Which of the following are valid IPv6 addresses?  Select all that apply.}

• _{(a) 141:0:0:0:15:0:0:1}
• _{(b) 343F:1EEE:ACD:2034:1FF3:5012}
• _{(c) 6834:1319:7700:7631:446A:5511:8940:2552}
• _{(d) 165.15.78.53.100.1}
• (e) A82:5B67:7700:AH0A:446A:779F:FFE3:0091

Answer:  A, C

_{Which of the following describes an IPv6 address? (Select two).}

• _{(a) Four decimal octets}
• _{(b) 64-bit address}
• _{(c) 32-bit address}
• _{(d) 128-bit address}
• _{(e) Eight hexadecimal quartets}

Answer:  D, E IPv6 addresses are 128-bit addresses.  They are commonly written using 32 hexadecimal numbers, organized into a quartets.  Each quartet is represented as a hexadecimal number between 0 and FFFF.  The quartets are seperated by colons.  
Chapter 7

Which of the following best describes the purpose of using subnets?

• Subnets let you connect a private network to  the Internet
• Subnets divide an IP network address into multiple network addresses.
• Subnets place each device within its own collision domain.
• Subnets combine multiple IP network addresses into one network address.

_{Subnets divide an IP address into multiple network addresses.  This allows you to have several smaller networks while using only one network address.  
Chapter 7}

Which of the following is not a reason to use subnets on a network?

• Extend the network
• Improve security
• Isolate network problems
• Combine different media type on to the same subnet.

Which of the following IPv6 addresses is equivalent to the IPv4 loopback address of 127.0.0.1?

• ::1
• ::
• FF02::1
• FE80::1

The IPv6 loopback address is ::1.  The local loopback address is not assigned to an interface.  It can be used to verify that the TCP/IP protocol stack has been properly installed on the host.    
Chapter 7

Which of the following network devices or services prevents the use of IPSec in most cases?

• NAT
• Switch
• Router
• Firewall

Which of the following is a valid IPv6 address?

• FEC0:9087:AB04:9900:7GA2:7788:CEDF:349A
• FEC0:AB04:899A
• FEC0::AB:9007
• 199.12.254.11
• FEC0:AB98::A7:9845:4567 

 

_{FEC0:AB::9007 is a valid IPv6 address.  The :: in the address replaces blocks of consecutive 0's. Leading 0's within a quartet can also be ommited.  The longer form of this address is FEC0:0000:0000:0000:0000:0000:00AB:9007. You can only omit one block of 0's using the double colon.  Each number in the IPv6 address must be between 0-9 or A-F; G is not a valid number for IPv6 address.  An address without double colons should have a total of 32 hexadecimal in numbers in 8 blocks.}

You have implemented a network where each device provide shared files with all other devices on the network.  What type of network do you have?

• Multiple access
• Client/server
• Peer-to-peer
• Polling

In a Peer-to-peer network, each host can provide network resources to other hosts or access resources located on the hosts, and each host is in charge of controlling access to those resourses.  
Chapter 1

You have implemented a network where hosts are assigned specific roles, such as for file sharing and printing.  Other hosts access those resources but do not host services of their own.  What type of network do you have?

• Extranet
• Peer-to-peer
• Intranet
• Client/server

 

In a client/server network, hosts have specific roles.  For example, some hosts are assigned server roles which allows them to provide network resources to other hosts.  Other hosts are assigned client roles which allows them to consume network resources.  
Chapter 1

You want to use CCTV to increase the physical security of your building.  Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions?

• 500 resolution, 50 mm, .05 LUX
• 400 resolution, 10mm, 2 LUX
• 500 resolution, 50mm, 2 LUX
• 400 resolution, 10mm, .05 LUX

Answer:  500 resolution, 50mm, .05LUX _{The resolution is rated in the number of lines included in the image.  In general, the higher the resolution, the sharper the image. The focal length measures the magnification power of a lense.  The focal length controls the distance that the camera can see as well as how much detail can be seen at the specific range.  A higher focal length lets you see more detail at a greater distance. LUX is a measure of the sensitivity to light.  The lower the number, the less light needed for a clear image.}   
Chapter 1

Which of the following is not an example of a physical barrier access control mechanism?

• One time password


• Biometric locks


• Mantrap


• Fences

A one time password is a logical or technical access control mechanism.  
 

Chapter 1

You want to use CCTV as a preventative security measure.  Which of the following is a requirement for your plan?

• PTZ camera
• sufficient lighting
• Low LUX or infrared 
• security guards

When used in a preventive way, you must have a guard or other person available who monitors one or more cameras.  Only a security guard will be able to interpret what the camera sees to make appropriate security decisions.

_{Which of the following are solutions that address physical security? (Select two).}

• _{Disable guest accounts on computers}
• _{Implement complex passwords}
• _{Escort visitors at all times}
• _{Require identification and name badges for all employees}
• _{Scan all floppy disks before use}

Physical security controls physical access to the network or its components.  Physical security controls include:

• Requiring identification or key cards before entry is permitted.
• Escorting visitors at all times
• Keeping doors and windows locked
• Keeping dvices with sensitiveinformation out of view of public users
• Keeping the server room locked.  Locking computers to racks or tables to prevent theft.

_{Which of the following can be used to stop piggbacking that has been occuring at a front entrance where employees should swipe their smart cards to gain entry?}

• _{Install security cameras}
• _{Use weight scales}
• _{Use key locks rather than electronic locks}
• _{Deploy a mantrap}

Piggybacking is the activity where an authorized or unauthorized individual gains entry into a secured area by exploiting the credentials of a prior person.   A mantrap is a single-person room with two doors.  It often includes a scale to prevent piggybacking.  It requires proper authentication before unlocking the inner door to allow authorized personel into a secured area.

What is the primary benefit of CCTV?

• Expands the area visible by security guards
• Provides a corrective control
• Reduces the need for locks and sensors on doors
• Increases security protection throughout an environment

A primary benefit of CCTV is that it expands the area visible by security guards.  This helps few guards oversee and monitor a larger area.

_{What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment but which actively prevents re-entrance through the exit protal?}

• _Turnstiles
• _{Egress mantraps}
• _{Electronic access control doors}
• _{Looked doors with interior unlock push-bars}

Turnstiles allow easy egress from a secured environment but actively prevent re-entrance through the exit portal.  Turnstiles are a common exit portal used in conjunction with entrance portal mantraps.  A turnstile cannot be used to enter into a secured facility as it only functions in one direction.

Which of the following CCTV camera types lets you adjust the distance that the camera can see (i.e.  zoom in or out)?

• C-mount
• Varifocal
• Infrared
• Fixed

A varifocal camera lens lets you adjust the focus (zoom).

Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry? (Select two)

• Smartcards
• Locks on doors
• Hiring background checks
• Passwords
• Access control lists with permissions

Locks on doors is an example of a physical access control method.  Physical controls restrict or control physical access.

Which of the following CCTV types would you use in areas with little or no light?

• PTZ
• a camera with a high LUX rating
• C-mount
• Infrared

Infrared cameras can record images in little or no light.

You want to use CCTV to increase your physical security.  You want to be able to remotely control the camera position.  Which camera type should you use.

• C-mount
• Bullet
• Dome
• PTZ

A Pan Tilt Zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas to monitor (cameras without PTZ capabilities are manually set looking a  specific direction).  Automatic PTZ mode automatically moves the camera between several preset locations; manual PTZ lets an operator remotely control the position of the camera.

Separation of duties is an example of what type of access control?

• Detective
• Corrective
• Compensative
• Preventive

Preventive access controls deter intrusion or attacks, for example, seperation of duties or dual-custody processes.

An access control list (ACL) contains a list of users and allowed permissions.  What is it called if the ACL automatically prevent access to anyone not on the list.

• Implicit allow
• Explicit deny
• Implicit deny
• Explicit allow

_{With implicit deny, users or groups which are not specifically given access to a resource are denied access.  Implicit deny means that there is an assumed or unstated deny that prevents access to anyone not explicitly on the list. Explicit deny means identifying users or objects that are to be prevented access.  Explicit allow identifies specifically the objects that are allowed access.  Implicit allow is a form of access control that rarely exists, which would be that access is allowed unless it has been explicitly denied.}

By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with?

• Need to know
• Cross training
• Job rotation
• Principle of least privilege

What is the primary purpose of separation of duties?

• Increase the difficulty in performin administration
• Prevent conflicts of interest
• Grant a greater range of control to senior management
• Inform managers that they are not trusted

The primary purpose of separation of duties is to prevent conflicts of interest by dividing up admin powers amongst several trusted administrators.  This prevents a single person from having all the privileges over an environment, and thus making them a primary target of attack and a single point of failure

You went to implement an access contol list where only the users you specifically authorize have access to the resource.  Anyone on the list should be prevented from having access.  Which of the following will the access list use?

• Implicit allow, implicit deny
• Implicit allow, explicit deny
• Explicit allow, implicit deny
• Explicit allow, explicit deny

_{Answer:  explicit allow, implicit deny The access list will use explicit allow in that users who ae allowed access are specifically identified.  In addition, implicit deny will be used, in that users not explicity allowed access are denied acce}ss.

Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?

• Separation of duties
• Principle of least privilege
• Need to know
• Dual administrator accounts 

_{You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person.  Which principle should you implement to accomplish this goal?}

• _{Separation of duties}
• _{Mandatory vacations}
• _{Implicit deny}
• _{Least privilege}
• _{Job rotation}

Separation of duties is the concept of having more than one person required to complete a task.  This helps prevent insider attacks no one person has end-to-end control and no one person is irrepraceable.

You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company.  You want to periodically have another person take over all accounting responsibilities to catch any irregularities.  Which solution should you implement?

• Explicit deny
• Need to know
• Separation of duties
• Least privilege
• Job rotation

You need to enumerate the devices on your network and display the configuration details of the network.  Which of the following utilities should you use?

• nslookup
• samspade
• neotrace
• nmap

Nmap is an open source security scanner used for network enumeration and to create a map of configuration details of a network.  Nmap sends specially crafted packets to the target host and then analyzes the responses to create a map.

Which of the following identifies an operating system or network service based upon its ICMP message quoting (response) chargteristics?

• Social engineering
• Smurk attack
• Fingerprinting
• Port scanning

As the victim of a Smurf attack, what protection measure is the most effective during the attack?

• Updating your anti-virus software
• Communicating with your upstream provider
• Turning off the connection to the ISP
• Blocking all attack vectors with firewall filters

You suspect that an Xmas tree attack is occuring on a system.  Which of the following could result if you do not stop the attack? (Select two)

• (a)  The system will become a zombie
• (b)  The system will unavailable to respond to legitimate requests
• (c) The system will send packets directed with spoofed source addresses.
• (d)  The treat agent will obtain information about open ports on the system.

Answer:  B and D A Christmas (Xmas) tree attack conducts reconnaissance by scanning for open ports.  It also conducts a DoS attack if sent in large amounts.

Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occuring?

• Brute force attack
• Man-in-the-middle attack
• Privelege escalation
• Denial of service attack

A denial of service attack either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occuring.

Which of the following are denial of service attacks?  (Select two)

• Fraggle
• Salami
• Smurf
• Hijacking

_{Fraggle and Smurf are both denial of service attacks.  Smurf spoofs the source address in ICMP packets and sends the ICMP packets to an amplification network (bounce site).  The bounce site responds to the victim site with thousands of messages that he did not send. Fraggle attack is similar to the Smurf but uses UDP packets directed to port 7 (echo) and port 19 (chargen-character generation)}

An attacker set up 100 drone computers that floods a DNS server with invalid requests.  This is an example which kind of attack?

• Denial of Service
• Backdoor
• Replay
• Spamming

A Denial of Service attack can happen by generating excessive traffic, thereby overloading communication channels or exploiting software flaws.

Which of the following is the main difference between a DoS attack and a DDos attack?

• The DDoS attack uses an amplification network.
• The DDoS attack uses zombie computers
• The DDoX attack does not respond to SYN ACK packets in the three-way handshake process.
• The DDoS attack spoofs the source IP address.

Answer:  The DDoS attack uses zombie computers

When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?

• An unauthorized user gaining access to sensitive resources
• Bandwidth consuption
• Denial of service
• Spam

When a malicious user captures authenticaiton traffic and replays it against the network  later, the security problem you are most concerned about is an unauthorized user gaining access to sensitve resources. Once a replay attack has been successful, the attacker has the same access to the system as the user from whom the authentication traffic was captured.

Which of the following is the best countermeasure against man-in-the middle attacks?

• UDP
• IPSec
• PPP
• HIDS 

IPSec is the best countermeasure against man-in-the-middle attacks.  Use IPSec to encrypt data in a VPN tunnel as it passes between two communication partners.  Even if someone intercepts the traffic, they will be unable to extract the contents of the messages because they are encrypted.