1.
Which of the following is not one of the main components of the security triad?
Correct Answer
A. Distributed
Explanation
The three components of the computer security triad that interact to provide a reasonably secure environment are physical, operational, and management.
2.
Which of the following goals of information security refers to preventing computer or information violations from occurring?
Correct Answer
B. Prevention
Explanation
The three primary goals of information security are prevention, detection, and response. Prevention refers to preventing computer or information violations from occurring. Detection refers to identifying events when they occur. Response refers to developing strategies and techniques to deal with an attack or loss.
3.
During which general type of attack does someone who should not be able to get access attempt to get to your resources?
Correct Answer
A. Access
Explanation
In an access attack, someone who should not be able to get it wants access to your resources. During a modification and repudiation attack, someone wants to modify information in your system(s). A denial-of-service (DoS) attack tries to disrupt your network and services. Interception is a type of access attack but not a general attack category type.
4.
Which of the following are the most popular spoofing attacks? (Choose two.)
Correct Answer(s)
C. IP spoofing
D. DNS spoofing
Explanation
The two most common, or popular, spoofing attacks today are IP spoofing and DNS spoofing. The other choices do not represent the most popular spoofing attacks.
5.
Which of the following is a remote administration tool used by attackers
to take control of Windows-based systems in a backdoor type of attack?
Correct Answer
D. NetBus
Explanation
NetBus is a remote administration tool used by attackers to take control of Windows-based systems in a backdoor type of attack. Brute-force attacks and dictionary attacks are password-guessing attacks, while man-in-the-middle is its own type of attack and not a type of remote administration attack.
6.
What type of software hides certain things from the operating system?
Correct Answer
A. Rootkit
Explanation
Rootkits have become popular and work by hiding certain things (such as running processes) from the operating system. Spyware is software that acts on behalf of a third party and collects information. Adware is a type of spyware that is often used to generate unwanted/unsolicited pop-up advertisements. SCR viruses are those that are disguised as or within screen savers.
7.
Which type of virus will change its form in order to avoid detection?
Correct Answer
D. PolymorpHic
Explanation
A polymorphic virus will change its form in order to avoid detection. A stealth virus avoids detection by making itself indistinguishable from other applications. A retrovirus attacks, or bypasses, the antivirus software installed on a computer. A multipartite virus attacks a system in multiple ways.
8.
Which of the following types of viruses modifies and alters other programs and databases?
Correct Answer
A. pHage
Explanation
A phage virus modifies and alters other programs and databases. A companion virus attaches itself to a legitimate program and then creates a program with a different file extension. A macro virus exploits the macro ability in many application programs. An armored virus is designed to make itself difficult to detect or analyze.
9.
Which of the following goals of information security refers to
developing strategies and techniques to deal with an attack or loss?
Correct Answer
D. Response
Explanation
The three primary goals of information security are prevention, detection, and response. Response refers to developing strategies and techniques to deal with an attack or loss. Detection refers to identifying events when they occur. Prevention refers to preventing computer or information violations from occurring.
10.
Which of the following access attacks amounts to someone routinely monitoring network traffic?
Correct Answer
B. Passive interception
Explanation
All the choices listed are various types of access attacks. In a passive interception attack, someone routinely monitors network traffic. In a snooping attack, someone looks through your files in hopes of finding something interesting. In an eavesdropping attack, the attacker listens in on or overhears parts of a conversation. In an active interception attack, a computer is placed between the sender and receiver to capture information while it's sent.
11.
During which general type of attack does someone want to modify information in your system?
Correct Answer
B. Modification and repudiation
Explanation
During a modification and repudiation attack, someone wants to modify information in your system(s). A denial-of-service (DoS) attack tries to disrupt your network and services. In an access attack, someone who should not be able to have access wants access to your resources. Interception is a type of access attack but not a general attack category.
12.
Which type of virus attacks a system in multiple ways?
Correct Answer
C. Multipartite
Explanation
A multipartite virus attacks a system in multiple ways. A polymorphic virus will change its form in order to avoid detection. A stealth virus avoids detection by making itself indistinguishable from other applications. A retrovirus attacks, or bypasses, the antivirus software installed on a computer.
13.
Which of the following is a type of spyware that is often used to generate unwanted/unsolicited pop-up advertisements?
Correct Answer
C. Adware
Explanation
Spyware is software that acts on behalf of a third party and collects information. Adware is a type of spyware that is often used to generate unwanted/unsolicited pop-up advertisements. Rootkits have become popular and work by hiding certain things (such as running processes) from the operating system. SCR viruses are those that are disguised as or within screen savers.
14.
Which of the following authentication protocols employs certificates
that contain rights and access privileges of a bearer as part of its
payload?
Correct Answer
B. Security token
Explanation
Security tokens are forms of certificates that contain rights and access privileges of a token bearer as part of their token. Challenge Handshake Authentication Protocol (CHAP) challenges a system to verify identity and employs an encrypted challenge. Password Authentication Protocol (PAP) offers no true security and is one of the simplest forms of authentication: both the username and the password are sent as clear text and checked for a match. Kerberos authenticates a principal (user, system, program, and so on) and provides it with a ticket.
15.
Which of the following is a type of virus disguised as or within screen savers?
Correct Answer
D. SCR
Explanation
SCR viruses are those that are disguised as or within screen savers. Grayware is a classification for software that is annoying; this includes spyware (which acts on behalf of a third party and collects information) and adware. Adware is often used to generate unwanted/unsolicited pop-up advertisements. Rootkits have become popular and work by hiding certain things (such as running processes) from the operating system.
16.
Which type of virus often attacks the antivirus software installed on a computer?
Correct Answer
B. Retrovirus
Explanation
A retrovirus attacks, or bypasses, the antivirus software installed on a computer. A stealth virus avoids detection by making itself indistinguishable from other applications. A multipartite virus attacks a system in multiple ways. A polymorphic virus will change its form in order to avoid detection.
17.
Which type of virus avoids detection by making itself indistinguishable from other applications?
Correct Answer
A. Stealth
Explanation
A stealth virus avoids detection by making itself indistinguishable from other applications. A retrovirus attacks, or bypasses, the antivirus software installed on a computer. A multipartite virus attacks a system in multiple ways. A polymorphic virus will change its form in order to avoid detection.
18.
What type of software acts on behalf of a third party and collects information?
Correct Answer
B. Spyware
Explanation
Spyware is software that acts on behalf of a third party and collects information. Rootkits have become popular and work by hiding certain things (such as running processes) from the operating system. Adware is a type of spyware that is often used to generate unwanted/unsolicited pop-up advertisements. SCR viruses are those that are disguised as or within screen savers.
19.
Which of the following is a device that looks for open ports on a server?
Correct Answer
A. Scanner
Explanation
A scanner is a device that looks for open ports. A sniffer is a device that captures and displays network traffic. Neither a freezer nor a watchdog is a valid network device used for this purpose.
20.
Which of the following access attacks amounts to someone placing a
computer between the sender and the receiver to capture information
while it's sent?
Correct Answer
D. Active interception
Explanation
While all the choices listed are various types of access attacks, only in an active interception attack is a computer placed between the sender and receiver to capture information while it's sent. In a snooping attack, someone looks through your files in hopes of finding something interesting. In a passive interception attack, someone routinely monitors network traffic. In an eavesdropping attack, the attacker listens in on or overhears parts of a conversation.
21.
Which of the following is a remote administration tool used by attackers
to take control of Windows-based systems in a backdoor type of attack?
Correct Answer
A. Back Orifice
Explanation
Back Orifice is a remote administration tool used by attackers to take control of Windows-based systems in a backdoor type of attack. Brute-force attacks and dictionary attacks are password-guessing attacks, while man-in-the-middle is its own type of attack and not a type of remote administration attack.
22.
Which of the following are popular examples of denial-of-service attacks? (Choose all that apply.)
Correct Answer(s)
A. Buffer overflow
C. Ping of death
Explanation
Both the ping of death and buffer overflow attacks are popular examples of denial-of-service (DoS) attacks. The other options given are fictitious and not popular examples of DoS attacks.
23.
Which of the following is another name for active sniffing?
Correct Answer
C. TCP/IP hijacking
Explanation
Active sniffing is more commonly known as TCP/IP hijacking. The other choices given are not valid names for active sniffing.
24.
During which general type of attack does someone try to disrupt your network and services?
Correct Answer
C. Denial-of-service
Explanation
A denial-of-service (DoS) attack tries to disrupt your network and services. In an access attack, someone who should not be able to have access wants access to your resources. During a modification and repudiation attack, someone wants to modify information in your system(s). Interception is a type of access attack but not a general attack category type.
25.
Which of the following goals of information security refers to identifying events when they occur?
Correct Answer
A. Detection
Explanation
The three primary goals of information security are prevention, detection, and response. Detection refers to identifying events when they occur. Prevention refers to preventing computer or information violations from occurring. Response refers to developing strategies and techniques to deal with an attack or loss.
26.
Which language is seen as a successor to HTML and offers many capabilities that HTML does not?
Correct Answer
A. XML
Explanation
eXtensible Markup Language (XML) is seen as a successor to HTML and offers many capabilities that HTML does not. The other choices are all languages that predate HTML or are not seen as successors to HTML.
27.
Which of the following are common ways to provide secure connections between a web client and a web server? (Choose two.)
Correct Answer(s)
B. SSL/TLS
D. HTTPS
Explanation
Both Secure Socket Layer/Transport Layer Security (SSL/TLS) and HTTP Secure (HTTPS) are common ways to provide secure connections between a web client and a web server. Regardless of which is used, port 443 is utilized. The other two choices are not valid protocols for providing secure connections between a web client and a web server.
28.
Java applets run in a restricted area of memory. What is this restricted area known as?
Correct Answer
C. Sandbox
Explanation
The restricted area of memory that Java applets run in is the sandbox. The other options do not represent the restricted area of memory that Java applets run in.
29.
What is the term used when an application receives more data than it is programmed to accept?
Correct Answer
A. Buffer overflow
Explanation
When an application receives more data than it is programmed to accept, it is a buffer overflow. The application will either terminate or write data beyond the allocated space. A cookie is a text file that a browser maintains on a user's hard disk in order to store information about the user. SMTP Relay is an email feature that is intended to allow the server to forward email to other servers. Open Relay is a type of SMTP Relay that is being exploited.
30.
Which file extension is used to indicate a JavaScript file?
Correct Answer
C. .js
Explanation
The extension for a JavaScript file is .js. The extension for a JPEG file is .jpg. The extension for a Java applet is .jar. The extension on Java source code is .java.
31.
What is the term used for a text file that a browser maintains on a
user's hard disk in order to store information about the user?
Correct Answer
B. Cookie
Explanation
A cookie is a text file that a browser maintains on a user's hard disk in order to store information about the user. When an application receives more data than it is programmed to accept, it is a buffer overflow. The application will either terminate or write data beyond the allocated space. SMTP Relay is an email feature that is intended to allow the server to forward email to other servers. Open Relay is a type of SMTP Relay that is being exploited.
32.
Which of the following is the process of systematically identifying a network and its security posture?
Correct Answer
B. Footprinting
Explanation
Footprinting is the process of systematically identifying a network and its security posture. Packet sniffing is the process of monitoring data that is transmitted across a network. Scanning is the process that attackers use to gather information about how your network is configured. Signal analysis/intelligence involves methods used to gain information about your environment including footprinting and scanning.
33.
Which type of instant messaging (IM) attack can occur when a user closes one window and dozens of others suddenly pop open?
Correct Answer
B. DoS
Explanation
A denial-of-service (DoS) attack in IM can take the form of many windows popping open as soon as the user tries to close one. Jamming is intended to disrupt existing systems by injecting or flooding a channel with garbage data. A malformed MIME message can cause buffer overflow.
34.
What is the term used for an email feature intended to allow the server to forward email to other servers?
Correct Answer
C. SMTP Relay
Explanation
SMTP Relay is an email feature that is intended to allow the server to forward email to other servers. When an application receives more data than it is programmed to accept, it is a buffer overflow. The application will either terminate or write data beyond the allocated space. A cookie is a text file that a browser maintains on a user's hard disk in order to store information about the user. Open Relay is a type of SMTP Relay that is being exploited.
35.
Which protocol is used to manage group or multicasting sessions?
Correct Answer
C. IGMP
Explanation
Internet Group Management Protocol (IGMCP) is used to manage group or multicasting sessions. Simple Network Management Protocol (SNMP) is used to manage and monitor devices in a network. Internet Control Message Protocol (ICMP) is used to report errors and reply to requests from programs such as ping and traceroute. Trivial File Transfer Protocol (TFTP) is an anonymous version of FTP.
36.
Which type of instant messaging (IM) problem can occur from a malformed MIME message?
Correct Answer
C. Buffer overflow
Explanation
A malformed MIME message can cause buffer overflow. Jamming is intended to disrupt existing systems by injecting or flooding a channel with garbage data. A DoS attack in IM can take the form of many windows popping open as soon as the user tries to close one.
37.
Which of the following file extensions would not indicate an executable file?
Correct Answer
D. None of the above
Explanation
The .bat extension is used for batch files. The .com extension is used on command files. The .exe extension is used on executable files. All of these are executable files.
38.
What is the term used for an exploited email feature originally intended to allow the server to forward email to other servers?
Correct Answer
D. Open Relay
Explanation
Open Relay is a type of SMTP Relay that is being exploited. When an application receives more data than it is programmed to accept, it is a buffer overflow. The application will either terminate or write data beyond the allocated space. A cookie is a text file that a browser maintains on a user's hard disk in order to store information about the user. SMTP Relay is an email feature that is intended to allow the server to forward email to other servers.
39.
Which of the following is the process that attackers use to gather information about how your network is configured?
Correct Answer
C. Scanning
Explanation
Scanning is the process that attackers use to gather information about how your network is configured. Packet sniffing is the process of monitoring data that is transmitted across a network. Footprinting is the process of systematically identifying a network and its security posture. Signal analysis/intelligence involves methods used to gain information about your environment including footprinting and scanning.
40.
Which file extension is used to indicate a JPEG file?
Correct Answer
D. .jpg
Explanation
The extension for a JPEG file is .jpg. The extension for a Java applet is .jar. The extension on Java source code is .java. The extension for a JavaScript file is .js.
41.
Which type of IM attack is intended to disrupt existing systems by injecting or flooding a channel with garbage data?
Correct Answer
A. Jamming
Explanation
Jamming is intended to disrupt existing systems by injecting or flooding a channel with garbage data. A DoS attack in IM can take the form of many windows popping open as soon as the user tries to close one. A malformed MIME message can cause buffer overflow.
42.
You want to block all web traffic on the firewall, with and without SSL.
Which port(s) should you block? (Choose all that apply.)
Correct Answer(s)
A. 80
C. 443
Explanation
Standard web traffic uses port 80. When SSL is used (HTTPS), traffic is conducted on port 443. You don't need to block the other ports.