Which of the following is not a type of attack used against access controls?

1. Dictionary attack
2. Brute-force attack
3. Teardrop
4. Man-in-the-middle attack

George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George’s company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George’s testimony?

1. Testimonial evidence rule
2. Parol evidence rule
3. Best evidence rule
4. Hearsay rule

Jim has been asked to individually identify devices that users are bringing to work as part of a new BYOD policy. The devices will not be joined to a central management system like Active Directory, but he still needs to uniquely identify the systems. Which of the following options will provide Jim with the best means of reliably identifying each unique device?

1. Record the MAC address of each system.
2. Require users to fill out a form to register each system.
3. Scan each system using a port scanner.
4. Use device fingerprinting via a web-based registration system.

Greg would like to implement application control technology in his organization. He would like to limit users to installing only approved software on their systems. What type of application control would be appropriate in this situation?

1. Blacklisting
2. Graylisting
3. Whitelisting
4. Bluelisting

Which pair of the following factors is key for user acceptance of biometric identification systems?

1. The FAR and FRR
2. The throughput rate and the time required to enroll
3. The CER and the ERR
4. How often users must reenroll and the reference profile requirements

Sally is wiring a gigabit Ethernet network. What cabling choices should she make to ensure she can use her network at the full 1000 Mbps she wants to provide to her users?

1. Cat 5 and Cat 6
2. Cat 5e and Cat 6
3. Cat 4e and Cat 5e
4. Cat 6 and Cat 7

For questions 7–9, please refer to the following scenario.

Alex has been with the university he works at for more than 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university’s help desk. He is now a manager for the team that runs the university’s web applications. Using the provisioning diagram shown here, answer the following questions.

If Alex hires a new employee and the employee’s account is provisioned after HR manually inputs information into the provisioning system based on data Alex provides via a series of forms, what type of provisioning has occurred?

1. Discretionary account provisioning
2. Workflow-based account provisioning
3. Automated account provisioning
4. Self-service account provisioning

Alex has access to B, C, and D. What concern should he raise to the university’s identity management team?

1. The provisioning process did not give him the rights he needs.
2. He has excessive privileges.
3. Privilege creep may be taking place.
4. Logging is not properly enabled.

When Alex changes roles, what should occur?

1. He should be deprovisioned, and a new account should be created.
2. He should have his new rights added to his existing account.
3. He should be provisioned for only the rights that match his role.
4. He should have his rights set to match those of the person he is replacing.

Vivian works for a chain of retail stores and would like to use a software product that restricts the software used on point-of-sale terminals to those packages on a preapproved list. What approach should Vivian use?

1. Antivirus
2. Heuristic
3. Whitelist
4. Blacklist

What type of motion detector senses changes in the electromagnetic fields in monitored areas?

1. Infrared
2. Wave pattern
3. Capacitance
4. Photoelectric

Don’s company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls. What type of cloud computing service is in use?

1. IaaS
2. PaaS
3. CaaS
4. SaaS

What is the minimum interval at which an organization should conduct business continuity plan refresher training for those with specific business continuity roles?

1. Weekly
2. Monthly
3. Semiannually
4. Annually

What type of log file is shown in this figure?

1. Application
2. Web server
3. System
4. Firewall

Which one of the following technologies is not normally a capability of mobile device management (MDM) solutions?

1. Remotely wiping the contents of a mobile device
2. Assuming control of a nonregistered BYOD mobile device
3. Enforcing the use of device encryption
4. Managing device backups

Alex is preparing to solicit bids for a penetration test of his company’s network and systems. He wants to maximize the effectiveness of the testing rather than the realism of the test. What type of penetration test should he require in his bidding process?

1. Black box
2. Crystal box
3. Gray box
4. Zero box

What RADIUS alternative is commonly used for Cisco network gear and supports two-factor authentication?

1. RADIUS+
2. TACACS+
3. XTACACS
4. Kerberos

What type of fire extinguisher is useful against liquid-based fires?

1. Class A
2. Class B
3. Class C
4. Class D

Which one of the following components should be included in an organization’s emergency response guidelines?

1. Immediate response procedures
2. Long-term business continuity protocols
3. Activation procedures for the organization’s cold sites
4. Contact information for ordering equipment

Which one of the following disaster recovery test types involves the actual activation of the disaster recovery facility?

1. Simulation test
2. Tabletop exercise
3. Parallel test
4. Checklist review

Susan is configuring her network devices to use syslog. What should she set to ensure that she is notified about issues but does not receive normal operational issue messages?

1. The facility code
2. The log priority
3. The security level
4. The severity level

While Lauren is monitoring traffic on two ends of a network connection, she sees traffic that is inbound to a public IP address show up inside the production network bound for an internal host that uses an RFC 1918 reserved address. What technology should she expect is in use at the network border?

1. NAT
2. VLANs
3. S/NAT
4. BGP

Michelle is in charge of her organization’s mobile device management efforts and handles lost and stolen devices. Which of the following recommendations will provide the most assurance to her organization that data will not be lost if a device is stolen?

1. Mandatory passcodes and application management
2. Full device encryption and mandatory passcodes
3. Remote wipe and GPS tracking
4. Enabling GPS tracking and full device encryption

Dogs, guards, and fences are all common examples of what type of control?

1. Detective
2. Recovery
3. Administrative
4. Physical

In this diagram of the TCP three-way handshake, what should system A send to system B in step 3?

1. ACK
2. SYN
3. FIN
4. RST

In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other’s identity?

1. Public cloud
2. Private cloud
3. Community cloud
4. Shared cloud

For questions 27–29, please refer to the following scenario.

The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider.

When the breach was discovered and the logs were reviewed, it was discovered that the attacker had purged the logs on the system that they compromised. How can this be prevented in the future?

1. Encrypt local logs.
2. Require administrative access to change logs.
3. Enable log rotation.
4. Send logs to a bastion host.

How can Jack detect issues like this using his organization’s new centralized logging?

1. Deploy and use an IDS.
2. Send logs to a central logging server.
3. Deploy and use a SIEM.
4. Use syslog.

How can Jack best ensure accountability for actions taken on systems in his environment?

1. Log review and require digital signatures for each log.
2. Require authentication for all actions taken and capture logs centrally.
3. Log the use of administrative credentials and encrypt log data in transit.
4. Require authorization and capture logs centrally.

What type of firewall uses multiple proxy servers that filter traffic based on analysis of the protocols used for each service?

1. A static packet filtering firewall
2. An application-level gateway firewall
3. A circuit-level gateway firewall
4. A stateful inspection firewall

James is building a disaster recovery plan for his organization and would like to determine the amount of acceptable data loss after an outage. What variable is James determining?

1. SLA
2. RTO
3. MTD
4. RPO

Which one of the following is not one of the canons of the (ISC)² Code of Ethics?

1. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
2. Act honorably, honestly, justly, responsibly, and legally.
3. Provide diligent and competent service to principals.
4. Maintain competent records of all investigations and assessments.

Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to defend his organization against the use of rainbow tables. Which one of the following techniques is specifically designed to frustrate the use of rainbow tables?

1. Password expiration policies
2. Salting
3. User education
4. Password complexity policies

What is the process that occurs when the Session layer removes the header from data sent by the Transport layer?

1. Encapsulation
2. Packet unwrapping
3. De-encapsulation
4. Payloading

Which one of the following types of firewalls does not have the ability to track connection status between different packets?

1. Stateful inspection
2. Application proxy
3. Packet filter
4. Next generation

Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve?

1. Confidentiality
2. Nonrepudiation
3. Authentication
4. Integrity

Chris is troubleshooting an issue with his organization’s SIEM reporting. After analyzing the issue, he believes that the timestamps on log entries from different systems are inconsistent. What protocol can he use to resolve this issue?

1. SSH
2. FTP
3. TLS
4. NTP

Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower?

1. Likelihood
2. RTO
3. RPO
4. Impact

Which one of the following technologies is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture?

1. Load balancing
2. Dual-power supplies
3. IPS
4. RAID

Alan is considering the use of new identification cards in his organization that will be used for physical access control. He comes across a sample card and is unsure of the technology. He breaks it open and sees the following internal construction. What type of card is this?

1. Smart card
2. Proximity card
3. Magnetic stripe
4. Phase-two card

When an application or system allows a logged-in user to perform specific actions, it is an example of what?

1. Roles
2. Group management
3. Logins
4. Authorization

What is the minimum number of cryptographic keys necessary to achieve strong security when using the 3DES algorithm?

1. 1
2. 2
3. 3
4. 4

Gina recently took the SSCP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC)² code of ethics is most directly violated in this situation?

1. Advance and protect the profession.
2. Act honorably, honestly, justly, responsibly, and legally.
3. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
4. Provide diligent and competent service to principals.

What type of access controls allow the owner of a file to grant other users access to it using an access control list?

1. Role-based
2. Nondiscretionary
3. Rule-based
4. Discretionary

Which one of the following components is used to assign classifications to objects in a mandatory access control system?

1. Security label
2. Security token
3. Security descriptor
4. Security capability

Tommy handles access control requests for his organization. A user approaches him and explains that he needs access to the human resources database to complete a headcount analysis requested by the CFO. What has the user demonstrated successfully to Tommy?

1. Clearance
2. Separation of duties
3. Need to know
4. Isolation

Which one of the following is not a mode of operation for the Data Encryption Standard?

1. CBC
2. CFB
3. OFB
4. AES

Voice pattern recognition is what type of authentication factor?

1. Something you know
2. Something you have
3. Something you are
4. Somewhere you are

Which of the following is not a single sign-on implementation?

1. Kerberos
2. ADFS
3. CAS
4. RADIUS

Chris is conducting a risk assessment for his organization and has determined the amount of damage that a single flood could be expected to cause to his facilities. What metric has Chris identified?

1. ALE
2. SLE
3. ARO
4. AV

For questions 51–55, please refer to the following scenario.

Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations.

Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon.

Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups.

What backup should Tara apply to the server first?

1. Sunday’s full backup
2. Monday’s differential backup
3. Tuesday’s differential backup
4. Wednesday’s differential backup

How many backups in total must Tara apply to the system to make the data it contains as current as possible?

1. 1
2. 2
3. 3
4. 4

In this backup approach, some data may be irretrievably lost. How long is the time period where any changes made will have been lost?

1. 3 hours
2. 5 hours
3. 8 hours
4. No data will be lost.

If Tara followed the same schedule but switched the differential backups to incremental backups, how many backups in total would she need to apply to the system to make the data it contains as current as possible?

1. 1
2. 2
3. 3
4. 4

If Tara made the change from differential to incremental backups and we assume that the same amount of information changes each day, which one of the following files would be the largest?

1. Monday’s incremental backup
2. Tuesday’s incremental backup
3. Wednesday’s incremental backup
4. All three will be the same size.

Susan has discovered that the smart card–based locks used to keep the facility she works at secure are not effective because staff members are propping the doors open. She places signs on the doors reminding staff that leaving the door open creates a security issue, and she adds alarms that will sound if the doors are left open for more than five minutes. What type of controls has she put into place?

1. Physical
2. Administrative
3. Compensation
4. Recovery

During what phase of the electronic discovery reference model does an organization ensure that potentially discoverable information is protected against alteration or deletion?

1. Identification
2. Preservation
3. Collection
4. Production

Marty discovers that the access restrictions in his organization allow any user to log into the workstation assigned to any other user, even if they are from completely different departments. This type of access most directly violates which information security principle?

1. Separation of duties
2. Two-person control
3. Need to know
4. Least privilege

Which of the following tools is best suited to testing known exploits against a system?

1. Nikto
2. Ettercap
3. Metasploit
4. THC Hydra

Denise is preparing for a trial relating to a contract dispute between her company and a software vendor. The vendor is claiming that Denise made a verbal agreement that amended their written contract. What rule of evidence should Denise raise in her defense?

1. Real evidence rule
2. Best evidence rule
3. Parol evidence rule
4. Testimonial evidence rule

During which phase of the incident response process would an organization determine whether it is required to notify law enforcement officials or other regulators of the incident?

1. Detection
2. Recovery
3. Remediation
4. Reporting

Gordon is conducting a risk assessment for his organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified?

1. ALE
2. ARO
3. SLE
4. EF

Data is sent as bits at what layer of the OSI model?

1. Transport
2. Network
3. Data Link
4. Physical

Angie is configuring egress monitoring on her network to provide added security. Which one of the following packet types should Angie allow to leave the network headed for the Internet?

1. Packets with a source address from Angie’s public IP address block
2. Packets with a destination address from Angie’s public IP address block
3. Packets with a source address outside Angie’s address block
4. Packets with a source address from Angie’s private address block

Harry would like to access a document owned by Sally stored on a file server. Applying the subject/object model to this scenario, who or what is the object of the resource request?

1. Harry
2. Sally
3. File server
4. Document

Information about an individual like their name, Social Security number, date and place of birth, or their mother’s maiden name is an example of what type of protected information?

1. PHI
2. Proprietary data
3. PII
4. EDI

Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it should take to restore a particular IT service after an outage. What variable is Greg calculating?

1. MTD
2. RTO
3. RPO
4. SLA

What type of access control is intended to discover unwanted or unauthorized activity by providing information after the event has occurred?

1. Preventive
2. Corrective
3. Detective
4. Directive

What business process typically requires sign-off from a manager before modifications are made to a system?

1. SDN
2. Release management
3. Change management
4. Versioning

Gordon is developing a business continuity plan for a manufacturing company’s IT operations. The company is located in North Dakota and currently evaluating the risk of earthquake. They choose to pursue a risk acceptance strategy. Which one of the following actions is consistent with that strategy?

1. Purchasing earthquake insurance
2. Relocating the data center to a safer area
3. Documenting the decision-making process
4. Reengineering the facility to withstand the shock of an earthquake

For questions 71–74, please refer to the following scenario.

Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages.

When Matthew sends Richard a message, what key should he use to encrypt the message?

1. Matthew’s public key
2. Matthew’s private key
3. Richard’s public key
4. Richard’s private key

When Richard receives the message from Matthew, what key should he use to decrypt the message?

1. Matthew’s public key
2. Matthew’s private key
3. Richard’s public key
4. Richard’s private key

Matthew would like to enhance the security of his communication by adding a digital signature to the message. What goal of cryptography are digital signatures intended to enforce?

1. Secrecy
2. Availability
3. Confidentiality
4. Nonrepudiation

When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature?

1. Matthew’s public key
2. Matthew’s private key
3. Richard’s public key
4. Richard’s private key

What type of motion detector uses high microwave frequency signal transmissions to identify potential intruders?

1. Infrared
2. Heat-based
3. Wave pattern
4. Capacitance

Bert is considering the use of an infrastructure as a service cloud computing partner to provide virtual servers. Which one of the following would be a vendor responsibility in this scenario?

1. Maintaining the hypervisor
2. Managing operating system security settings
3. Maintaining the host firewall
4. Configuring server access control

Callback to a landline phone number is an example of what type of factor?

1. Something you know
2. Somewhere you are
3. Something you have
4. Something you are

Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower?

1. Likelihood
2. RTO
3. MTO
4. Impact

Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem, and nobody else is there. As she is watching, she can see that systems on the other side of the office that were previously behaving normally are now exhibiting signs of infection. What type of malware is Kim likely dealing with?

1. Virus
2. Worm
3. Trojan horse
4. Logic bomb

What two logical network topologies can be physically implemented as a star topology?

1. A bus and a mesh
2. A ring and a mesh
3. A bus and a ring
4. It is not possible to implement other topologies as a star.

Jim has worked in human relations, payroll, and customer service roles in his company over the past few years. What type of process should his company perform to ensure that he has appropriate rights?

1. Re-provisioning
2. Account review
3. Privilege creep
4. Account revocation

What type of inbound packet is characteristic of a ping flood attack?

1. ICMP echo request
2. ICMP echo reply
3. ICMP destination unreachable
4. ICMP route changed

What penetration testing technique can best help assess training and awareness issues?

1. Port scanning
2. Discovery
3. Social engineering
4. Vulnerability scanning

GAD Systems is concerned about the risk of hackers stealing sensitive information stored on a file server. They choose to pursue a risk mitigation strategy. Which one of the following actions would support that strategy?

1. Encrypting the files
2. Deleting the files
3. Purchasing cyber-liability insurance
4. Taking no action

Sally’s organization needs to be able to prove that certain staff members sent emails, and she wants to adopt a technology that will provide that capability without changing their existing email system. What is the technical term for the capability Sally needs to implement as the owner of the email system, and what tool could she use to do it?

1. Integrity; IMAP
2. Repudiation; encryption
3. Nonrepudiation; digital signatures
4. Authentication; DKIM

What type of virus is characterized by the use of two or more different propagation mechanisms to improve its likelihood of spreading between systems?

1. Stealth virus
2. Polymorphic virus
3. Multipartite virus
4. Encrypted virus

Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve multifactor authentication?

1. Username
2. Personal identification number (PIN)
3. Security question
4. Fingerprint scan

Colleen is conducting a business impact assessment for her organization. What metric provides important information about the amount of time that the organization may be without a service before causing irreparable harm?

1. MTD
2. ALE
3. RPO
4. RTO

The separation of network infrastructure from the control layer, combined with the ability to centrally program a network design in a vendor-neutral, standards-based implementation, is an example of what important concept?

1. MPLS, a way to replace long network addresses with shorter labels and support a wide range of protocols
2. FCoE, a converged protocol that allows common applications over Ethernet
3. SDN, a converged protocol that allows network virtualization
4. CDN, a converged protocol that makes common network designs accessible

Ben is selecting an encryption algorithm for use in an organization with 10,000 employees. He must facilitate communication between any two employees within the organization. Which one of the following algorithms would allow him to meet this goal with the least time dedicated to key management?

1. RSA
2. IDEA
3. 3DES
4. Skipjack

Which of the following is used only to encrypt data in transit over a network and cannot be used to encrypt data at rest?

1. TKIP
2. AES
3. 3DES
4. RSA

Which one of the following tools may be used to achieve the goal of nonrepudiation?

1. Digital signature
2. Symmetric encryption
3. Firewall
4. IDS

When should an organization conduct a review of the privileged access that a user has to sensitive systems?

1. On a periodic basis
2. When a user leaves the organization
3. When a user changes roles
4. All of the above

Nessus, OpenVAS, and SAINT are all examples of what type of tool?

1. Port scanners
2. Patch management suites
3. Port mappers
4. Vulnerability scanners

Kolin is searching for a network security solution that will allow him to help reduce zero-day attacks while using identities to enforce a security policy on systems before they connect to the network. What type of solution should Kolin implement?

1. A firewall
2. A NAC system
3. An intrusion detection system
4. Port security

How many possible keys exist when using a cryptographic algorithm that has an 8-bit binary encryption key?

1. 16
2. 128
3. 256
4. 512

In what cloud computing model does the customer build a cloud computing environment in his or her own data center or build an environment in another data center that is for the customer’s exclusive use?

1. Public cloud
2. Private cloud
3. Hybrid cloud
4. Shared cloud

What major issue often results from decentralized access control?

1. Access outages may occur.
2. Control is not consistent.
3. Control is too granular.
4. Training costs are high.

In what model of cloud computing do two or more organizations collaborate to build a shared cloud computing environment that is for their own use?

1. Public cloud
2. Private cloud
3. Community cloud
4. Shared cloud

Susan’s organization is updating its password policy and wants to use the strongest possible passwords. What password requirement will have the highest impact in preventing brute-force attacks?

1. Change maximum age from 1 year to 180 days.
2. Increase the minimum password length from 8 characters to 16 characters.
3. Increase the password complexity so that at least three character classes (such as uppercase, lowercase, numbers, and symbols) are required.
4. Retain a password history of at least four passwords to prevent reuse.

Which of the following statements is true about heuristic-based anti-malware software?

1. It has a lower false positive rate than signature detection.
2. It requires frequent definition updates to detect new malware.
3. It has a higher likelihood of detecting zero-day exploits than signature detection.
4. It monitors systems for files with content known to be viruses.

Which one of the following malware types uses built-in propagation mechanisms that exploit system vulnerabilities to spread?

1. Trojan horse
2. Worm
3. Logic bomb
4. Virus

When Chris verifies an individual’s identity and adds a unique identifier like a user ID to an identity system, what process has occurred?

1. Identity proofing
2. Registration
3. Directory management
4. Session management

Fred needs to deploy a network device that can connect his network to other networks while controlling traffic on his network. What type of device is Fred’s best choice?

1. A switch
2. A bridge
3. A gateway
4. A router

Match the following numbered types of testing methodologies with the lettered correct level of knowledge:

Cloud computing uses a shared responsibility model for security, where the vendor and customer each bears some responsibility for security. The division of responsibility depends upon the type of service used. Place the cloud service offerings listed here in order from the case where the customer bears the least responsibility to where the customer bears the most responsibility.

1. IaaS
2. SaaS
3. PaaS
4. TaaS

Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many disks may fail without the loss of data?

1. 0
2. 1
3. 2
4. 3

What network topology is shown here?

1. A ring
2. A bus
3. A star
4. A mesh

Which one of the following is normally used as an authorization tool?

1. ACL
2. Token
3. Username
4. Password

Ben is concerned about password cracking attacks against his system. He would like to implement controls that prevent an attacker who has obtained those hashes from easily cracking them. What two controls would best meet this objective?

1. Longer passwords and salting
2. Over-the-wire encryption and use of SHA1 instead of MD5
3. Salting and use of MD5
4. Using shadow passwords and salting

Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose?

1. Full interruption test
2. Checklist review
3. Parallel test
4. Tabletop exercise

Alice sends a message to Bob and wants to ensure that Mal, a third party, does not read the contents of the message while in transit. What goal of cryptography is Alice attempting to achieve?

1. Confidentiality
2. Integrity
3. Authentication
4. Nonrepudiation

The company Chris works for has notifications posted at each door reminding employees to be careful to not allow people to enter when they do. Which type of controls best describes this?

1. Detective
2. Physical
3. Preventive
4. Directive

Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place?

1. Identity as a service
2. Employee ID as a service
3. Intrusion detection as a service
4. OAuth

How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys?

1. 12
2. 16
3. 32
4. 64

When an attacker calls an organization’s help desk and persuades them to reset a password for them because of the help desk employee’s trust and willingness to help, what type of attack succeeded?

1. A human Trojan
2. Social engineering
3. Phishing
4. Whaling

Which one of the following is typically considered a business continuity task?

1. Business impact assessment
2. Alternate facility selection
3. Activation of cold sites
4. Restoration of data from backup

What type of log is shown here?

1. Firewall log
2. Change log
3. Application log
4. System log

Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. What type of trust does she need to create?

1. A shortcut trust
2. A forest trust
3. An external trust
4. A realm trust

For questions 120–122, please refer to the following scenario.

Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract.

How can Ben provide access control for his customers without having to provision user IDs before they connect while also gathering useful contact information for his business purposes?

1. WPA2 PSK
2. A captive portal
3. Require customers to use a publicly posted password like “BensCoffee.”
4. Port security

Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices?

1. Run WPA2 on the same SSID.
2. Set up a separate SSID using WPA2.
3. Run the open network in Enterprise mod.
4. Set up a separate wireless network using WEP.

After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers’ web traffic, including using their usernames and passwords. How is this possible?

1. The password is shared by all users, making traffic vulnerable.
2. A malicious user has installed a Trojan on the router.
3. A user has ARP spoofed the router, making all traffic broadcast to all users.
4. Open networks are unencrypted, making traffic easily sniffable.

Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusually high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place?

1. Denial-of-service
2. Reconnaissance
3. Compromise
4. Malicious insider

SYN floods rely on implementations of what protocol to cause denial-of-service conditions?

1. IGMP
2. UDP
3. TCP
4. ICMP

What is the longest encryption key supported by the Advanced Encryption Standard (AES) algorithm?

1. 256 bits
2. 512 bits
3. 1,024 bits
4. 2,048 bits