A. Integrity, the second part of the CIA triad, ensures that data is protected from unauthorized modification or data corruption. The goal of integrity is to preserve the consistency of data, including data stored in files, databases, systems, and networks.

A. The principle of least privilege requires that a user or process is given only the minimum access privilege needed to perform a particular task.

B. With mandatory vacations, all personnel are required to take time off, allowing other personnel to fill their position while gone. This detective administrative control enhances the opportunity to discover unusual activity.

C. An exposure occurs when an organizational asset is exposed to losses.

B. Security Content Automation Protocol (SCAP) is a standard used by the security automation community to enumerate software flaws and configuration issues. It standardized the nomenclature and formats used.

D. Hacktivists are those who hack not for personal gain, but to further a cause. For example, the Anonymous group hacks from time to time for various political reasons.

D. Sender Policy Framework (SPF) is an email validation system that works by using DNS to determine whether an email sent by someone has been sent by a host sanctioned by that domain’s administrator. If it can’t be validated, it is not delivered to the recipient’s box.

B. 0–100 is the range of IP addresses to be scanned in the 192.168.0.0 network.

C. If you receive no response the port is blocked on the firewall.

C. With proper input validation, a buffer overflow attack will cause an access violation. Without proper input validation, the allocated space will be exceeded, and the data at the bottom of the memory stack will be overwritten.

C. One of the ways a man-in-the-middle attack is accomplished is by poisoning the ARP cache on a switch. The attacker accomplishes this poisoning by answering ARP requests for another computer’s IP address with his own MAC address. Once the ARP cache has been successfully poisoned, when ARP resolution occurs, both computers will have the attacker’s MAC address listed as the MAC address that maps to the other computer’s IP address. As a result, both are sending to the attacker, placing him “in the middle.”

B. An advertisement would be publicly available.

A. The best countermeasure against social engineering threats is to provide user security awareness training. This training should be required and must occur on a regular basis because social engineering techniques evolve constantly.

B. Dynamic ARP inspection (DAI) is a security feature that intercepts all ARP requests and responses and compares each response’s MAC address and IP address information against the MAC–IP bindings contained in a trusted binding table.

B. One of the issues with substitution ciphers is that if the message is of sufficient length, patterns in the encryption begin to become noticeable, which makes it vulnerable to a frequency attack. A frequency attack is when the attacker uses these recurring patterns to reverse engineer the message.

C. To calculate the number of keys that would be needed in this example, you would use the following formula:

# of users × (# of users – 1) / 2

Using our example, you would calculate 5 ×(4) / 2 or 10 needed keys.

B. Asymmetric encryption is more expensive than symmetric, it is slower than symmetric, it is easier to crack than symmetric, and key compromise can occur less easily than with symmetric.

A. Only RC4 is a stream cipher.

B. Some modes of symmetric key algorithms use initialization vectors (IVs) to ensure that patterns are not produced during encryption. These IVs provide this service by using random values with the algorithms.

B. A router ID is not a part of the configuration.

C. Privilege levels allow you to assign a technician sets of activities that coincide with the level they have been assigned. There are 16 levels from 0 to 15.

B. The IOS Resilient Configuration feature can provide a way to easily recover from an attack on the configuration, and it can also help to recover from an even worse attack in which the attacker deletes not only the startup configuration but also the boot image.

B. A keychain can be used to hold multiple keys if required.

C. When a malicious individual introduces a rogue switch to the switching network and the rogue switch has a superior BPDU to the one held by the current root bridge, the new switch assumes the position of root bridge.

A. Gratuitous ARP is called gratuitous because the ARP message sent is an answer to a question that the target never asks and it cause the target to change its ARP cache.

C. The result of this attack is that the attacker is now able to receive traffic that he would not have been able to see otherwise because in this condition the switch is basically operating as a hub and not a switch.

B. DHCP snooping is implemented on the switches in the network, so it is a Layer 2 solution. The switch ports on the switch are labeled either trusted or untrusted. Trusted ports are those that will allow a DHCP message to traverse.

C. Without executing this command the other commands will have no effect.

B. The BPDU Guard feature is designed to prevent the reception of superior BPDUs on access ports by preventing the reception of any BPDU frames on access ports.

Spanning Tree Protocol (STP), prevents switching loops in redundant switching networks.