1. You
have been asked to developed and audit plan for your company . you have been told that there have been costant
deletions of files that are being worked
on by team , and that they have had to redo the work a number of times .
what type of auditing would you implement to track the access to this resource
a. Logon/logoff
success
b. Object/file
access success
c. Object/file
access failure
d. Logon/logoff
failure
2. Which of the following are a benefit of
removing unused or unneeded service and
protocols?
a. More
machine resource availability
b. More
network throughtput
c. Less
need for administration
d. More
security
3. Which
is the most important reason for the removal
of unused , unnecessary, or unneeded protocols, service, and application
?
a. Increased
security
b. Increased
performance
c. Less
need administration
4. The
component of a DDos attack that sends
commands to DDos zombie agents is known as a_____
a. System
Commander
b. Console
c. Master
d. Rootkit
5. The
act of attempting to appear to be someone you are not in order to gain access
to a system is known as which of the following ?
a. Spoofing
b. DDos
c. Replay
d. Sniffing
6. Which
of the following is most likely to make system vulnerable to MITM attack?
a. Weak
password
b. Weak
TCP sequence numbers
c. Authentication
misconfiguration on routers
d. Use
of the wrong operating system
7. Which
of the following is the best way to protect your organization from revealing
sensitive information through dumpster diving?
a. Establish
a policy requiring employess to change password every 30 to 60 days
b. Teach
employess the value of not disclosing restricted information over the telephone
to unknown parties
c. Add
a new firewall to the network
d. Shared
all sensitive documentation
8. The
use of VPNs and _________Have enabled users to be able to telecommute
a. PGP
b. S/MIME
c. Wireless
NICs
d. RASs
9. PDA,
cell phone, and certain network cards have the ability to use_______network.
Choose the best answer
a. Wired
b. Private
c. Wireless
d. Antique
10. The
are three recognized levels of hacking ability in the internet community. The
first is the skilled hacker, who writes the programs and scripts the script
kiddies use for their attacks. Next come the script kiddie, who known how to
run the script written by the skilled hackers. After the script kiddies come
the _____________ who lack the basic
knowledge of networks and security to lunch an attack themselves
a. Web
kiddies
b. Clickers
c. Click
Kiddies
d. Dunce
kiddies
11. Your
supervisor has charged you with determining
which 802.11 authentication method to use supervisor when deploying the
new wireless network. Given your knowledge of the 802.11 specification, which
of the following is the most secure
802.11 authentication method?
a. Shared-key
b. EAP-TLS
c. EAP-MD5
d. Open
12. What
are the two WEP key sizes available in 802.11 network?
a. 40-bit
and 104-bit
b. 24-bit
and 64-bit
c. 64-bit
and 128-bit
d. 24-bit
and 104-bit
13. Which
of the following is a weaknes in WEP related to the IV (Select all that apply)
a. The
IV as a static value, which makes it relatively easy for an attacker to brute
force the WEP key from captured traffiq
b. The
IV is transmitted in plaintext and can be easly seen in captured traffiq
c. The
IV is only 24 bits in size, which makes it possible that two or more data
frames will be transmitted with the same IV , thereby resulting in an IV
collision that an attacker can use determine information about the network
d. There
is no weakness in WEP related to the IV
14. You
are creating a DMZ for company and need to allow external users to access web
server in the DMZ using HTTP/S as well as allow internal users to access the same web servers using
standart HTTP. What is the best way configure the external and internal
firewalls to meet these requirements?
a. Open
port 80 on the external firewall and
port 443 on the internal firewall
b. Open
port 443 on the external firewall and
port 80 on the internal firewall
c. Open
port 80 on the external firewall and
port 110 on the internal firewall
d. Open
port 110 on the external firewall and
port 80 on the internal firewall
15. When
you use java, the JVM isolates the java applet to sandbox when it executes.
What does this do to provide additional security?
a. This
prevents the java applet froma accessing data on the client’s hard drive.
b. This
prevents the java applet from communicating to servers other than the one from
which it was downloaded
c. This
prevents the java applet from falling in such a way that the java applet I
unable to execute
d. This
pevents the java applet from falling in such a way that it affect another
application
16. You
are setting up test plan for verifying that new code being placed on a web
server is secure and does not couse any problem with the production web server
. what is the best way to test the code prior to deploying it the production
web server?
a. Test
all new code on development PC prior to transferring it to the production web
server
b. Test
all new code an active internal web server
prior to transferring it to the production web server
c. Test
all new code on duplicate webserver prior to transferring it to the production web server
d. Test
all new code on another user’s PC prior
to transferring it to the production web server
17. To
allow it employees remote access to the corporate network, a company has
implemented a hardware VPN solution . Why is this considered a secure remote
access solution?
a. Because
only the company’s employees will know the address to connect to in order to use the VPN
b. Because
VPNs use the internet to transfer data
c. Because
a VPN use compression to make its data
source
d. Because
a VPN use encrypted to make its data
secure
18. The
network team at your company has placed
a sniffer on the network to analyze an ongoing network – related problem. The
team Connect to the sniffer using telnet to view the data going across the
network . what would you recommend to increase the security of this connection
without making it significantly more difficult for the network team members to
do their jobs
a. Require
the network team to remove the sniffer
immediately
b. Require
the network team to view data from the local console oh the sniffer
c. Encrypt
the connection to the sniffer rather then telnet
d. Use
SSH to make the connection to the
sniffer rather than telnet
19. Some
new server are being installed on your company’s network and you have been
asked to work with installer to ensure that they are as secure as possible fro
hack attempts.what Is the most important step you should take to ensure that
the srver’s Oss is secure ?
a. Make
sure that the installer is certified
b. Make
sure that latest OS service pack is installed
c. Make
sure that the latest OS service pack and all security patches are installed
d. Make
sure that the servers have locks on the hot – swap drive chassis
20. Rick
is a security auditor for your company . he is in the process of attempting to
attack one of your servers but you when you check all of your production
servers , you detect no attack happening, why is this so?
a. Rick
is actually attacking a server in someone else’s network
b. Rick
is actually attacking a honeypot, not a production server
c. Rick
Is being stoped at the firewall
d. Rick
is using the wrong account with which to launch the attackhat att
21. What
type of computers might be you expect to find located on an internet?(choose
all that type)
a. Publicy
accessible DNS servers
b. Public
web server
c. SQL
2000 servers
d. User
workstations
22. Which
of the following protocols can be use to secure
a VPN connections?
a. TCP/IP
b. DNS
c. MOOE
d. Apple
Talk
23. Sally
has come to you for advice and guidance . She is trying to configure a network
device tp block attempts to connect on certain ports . but when she finish the
configuration . it work for a period of time but then changes to the original
configuration . She cannot understand
why the setting continue to change back. When you examine the configuration ,
you find that the ______ are incorrect,
and are allowing Bob to change the configuration although he is not supposed to
operate or configure this device. Since he did not know about sally, he kept
changing to configure back.
a. Mac
setting
b. DAC
setting
c. ACL
setting
d. Permission
24. Josh
has aksed for a clarification of what a firmware update is . how could you
briefly describe for him the purpose of firmware update ?(pick the best answer)
a. Firmware
update are control software – or BIOS type updates that are installed to
improve the functionality or extend the live of he device involed
b. Frirmware
updates are device – specific command sets that must be upgraded to continue
operation
c. Firmware
updates update the mechanical function of he device
d. Firmwre
updates are minor fixes, and are not
usually necessary
25. Your
FTP server were just compromised . when you exemine the setting, you find that
the server allows Anonymous acces. However, you know that is the default
condition in most FTP servers, and must dig further for the problem . where
else might your check?
a. Access
permissions on server’s file structure
b. ACL
setting for server access
c. Effective
permissions for the anonymous access
d. All
the above
26. You
have the downloaded a CD ISO image and want to verfy its integrity. What should
you do/
a. Compare
the file size
b. Burn
the image and she if it work
c. Create
an MD5 sum and compare if the MD5 sum listed where the image was downloaded
d. Create
an MD4 sum and compare if the MD4 sum listed where the image was downloaded
27. If
you wanted to encrypt a single file for your own personal use . what type of
cryptography would you use?
a. A
proprietary algorithm
b. A
digital signature
c. A
symmetric algorithm
d. An
asymmetric algorithm
28. Which
the following algorithm are availible for commercial use without licensing
fee?(selct that all apply)
a. RSA
b. DES
c. IDEA
d. AES
29. The
PKI identification procces is based upon the use of unique identifier. Know
as______
a. Licenses
b. Fingerprints
c. Keys
d. Locks
30. Public
key cryptography is a system that uses a mix of symmetric and ________algorithm
for the encryption of a secret key
a. Public
b. Asymmetric
c. Private
d. Certificate
31. David’s
company has informed its employees that the company will shut down at the end
of the of the month due to a lack of fund. David is a network engineer and
responsible for item such as digital certificate and key pairs. What should
David do about his exiting digital certificates and key pairs?
a. Destroy
all coppies of the certificate and keys, amd let the CA know that they should
be deresgitered
b. Make
coppies of the key and keep term in a safe place in case someone wants to buy them
c. Take
them home and use them on his computer, because his company will need them
anymore
d. David
does not have to do anything ; the CA will figure it all out
32. your
certificate and key about to expire. As long as the certificate is a good
standing , you can use your existing key to sign your request to_________your keys
a. revoke
b. renew
c. reinitialize
d. redistribute
33. when
a company use ______,it I keeping coppies of the private key in two separate
secured location where only authorized persons are allowed to access them
a. key
escrow
b. key
destruction
c. key
generation
d. key
rings
34.
A
company consist of maining building with
two smaller branch office at opposite end of the city. The main building and
branch offices are connected with the fast link all employees have good
connectivity to the network .each of the buildings has security measures that
require visitors to sign in , and all employees are required to wear
identification badges at all times . you want to protect servers and orther
vital equipment so that the company has the best level of security at the
lowest possible cost . which of the following will you do to achieve this
objective?
a.
Centralize
servers and orther vital component in a single room of thr main building, and
add security measures to this room so that they are will protected
b.
Centralize
servers and orther vital component in a single room of thr main building, and
place servers at each of the branch offices. Add security measures to areas
where the servers and other component are located
c.
Decentralize
server and other vital components . add security measures to areas where the
servers and other component are located
d.
Centralize
server and other vital component in a single room in the main buliding .
because the building prevents unauthorized access to visitors and other
persons. There is no need to implement physical security in the server room
35.
You
have decided implement biometrics as part of your security system. Before
purchasing a locking system that use biometrics control access to secure areas,
you need to decide what will be used to authenticated that users. Which of the
following options relies solely on biometric authentication?
a.
Username
and password
b.
Fingerprints,
retina scans, pin number and facial chracteristics
c.
Voice
pattern, fingerprints, and retina scans
d.
Strong
password, pin number and digital imaging
36.
A
problem with air conditioning is causing fluctuations in temperture in the
server room. The temperature is rissing to 90 degrees when the air conditioner
stop working, and than drop to 60 degrees when it start work again. The problem
keeps occuring over the next to days . what the problems way result from that
fluctuations? (select the best answer)
a.
Electronics
discharge
b.
Power
outges
c.
Chip
creep
d.
Poor
air quality
37.
You
are running cabling for a network through a boiler room where the furnace and
some other heavy machinery reside. You are concerned about interference from
that source . which of the following type cabling provides the best protection
from interference in this area?
a.
STP
b.
UTP
c.
COAXIAL
d.
FIBER-OPTIC
38.
You are
promoting user awareness in forensics. So user will know what to do when incidents occure with their computers. Which of the following task
should your instruct users to perform when an incident occurs?(choose that
apply)
a.
Shutdown
the computer
b.
Contact
the incident response team
c.
Document
what they see the screen
d.
Log
of the network
39.
You
are the best person to response to this scene of the incident involving a
computer being hacked . after determining the scope of the crime scane and
securing it you attempt to preserv any evidence at the scene . which of the
following task will you perform to preserve evidence?(choose all that apply)
a.
Photograph
any information displayed on the monitors of computers involved in the incident
b.
Document
any observations or mesegges displayed by the computer
c.
Shutdown
the computer to prevent further attacks that may modify data
d.
Gather
up manuals. Nonfunctioning device , and other materady ials and
equipment In t
The area so they are ready fo transport
40. You
are th first arrive at a crime scene in which hacker is accesing unauthorized
date data on a file server from across the network . to ecure the scene. Which
of the following sction should your performan?
a. Prevents
members of the organization from entering the server room
b. Prevent
members of the incident response team from entering the server room
c. Shut
down the erver to prevent the user from accessing further data
d. Detach
the network cable from the server to prevent the user from accessing further
data
41. Forensic
procedures must be followed exactly to ensure the integrity of data obtained in
a investigation . when making copies of data a machine that is being examined,
which of the following task should be done to ensure it is an exact duplicate?
a. Perform
a cyclic redundancy check using a checksum of hashing a algorithm
b. Change
the attribute of data to make it raedy
c. Open
file on the original media and compare them to the copied data
d. Do
nohing. Imaging software always make an accurate image
42. You
are the first person to arrive at a crime scene, an investigator and crime
scene technician arrive afterward to take over the investigation. Which of the
following task will the crime scene
techinician be responsible for performing?
a. Ensure
that any document and evidenece they possessed is handed over to the
investigator
b. Reestablish
a parimeter a new evidence present itself
c. Eetablish
a chain of command
d. Tag
, bag , and inventory
43. When
evidence I acquired , alog is started that record who had possession of the
evidence for specific amount of time . this is to avoid allegations that the
evidence may have been tempered with when it was unaccounted for, and to keep
track of the ask performed in acquiring evidence from a piece of equipment or
materials. What is the term used to describe this process?
a. Chain
of command
b. Chain
of custody
c. Chain
of jurisdiction
d. Chain
of evidence
44. You
are the manager of the IT department and have a new security policy that addresses the IT staff’s responsibility to
user, equipment, and data . the policy only affect the IT staff . it deals wuth
such issues as routine backups of data, network security changes, and audits of
data on servers. Now that the policy is written , which of the following should
you do necxt?(choose thar apply)
a. Publich
th policy and make it available for all users
to read
b. Obtain
authorization from the other members of the IT staff
c. Obtain
authorization from senior management
d. Provide
a copy of the policy to legal counsel, and have them review its content and
wording
45. You
receive a complaint from the network administrator o the another company
regarding an attempt hacking of their web site. Their firewall logs sho that
the attempt came from an IP address from your company . Upon hearing the IP
address, you find tht this is the IP address of the proxy server belonging to
your company . further investigation on your part will bee needed to identify
who actually performed the attempted intrusion on the other company’s website
who you notify of this problem before setting the investigation?
a. Media
outlets to publicize the incident
b. The
incident response team
c. Users
of the network to ensure hey are aware
theta private information dealing with employees may need to be shared with the
other company
d. No
one
46. An
organization has decide to implement a policy dealing with the disposed and
destruction of data and other materials that main content sensitive information
. they have consulted you to determine ehat element should be included in the
policy . which the following you tell them?
a. Data
on hardisk should b deleted before hard disk are disposed of
b. Hard
disk should be sheredded being disposed of
c. Non
– classified , such as media release ,
should be sheredded before being disposed of
d. Classified
documents should be sheredded before being disposed of
47. You
are concerned that mistake may be made from accounts that are set up on each
server in the network when user log into them . you also want to makeit easier
for users to log onto multiple server which physically reside in a server room within company’s main building . to
achieve these goals , which of the following features of a network are needed?
a. Centralized
servers
b. Decentralized
servers
c. Single
sign-on
d. Auditing
48. A
user concerned that someone may have access to his account and may be accessing
his data . which of the following events will you audit to identify if this is
the case ?
a. Monior
the success and failure of accessing printers and other resource.
b. Monitor
the success off to accounts
c. Monitor
the success of restart and shut down
d. Monitor
for escalated use of accounts during off hours
49. You
want to implement access control that
will allow users to control who has access to the data they have ownership over
. which of the following would you use?
a. MAC
b. DAC
c. RBAC
d. BAC
50. You
are administrator of the network running novell netware , amd having problems
with a server’s ability to connect other server . that server was able to
connect to the network before you
installed a recent bug fix. After attempting to solve the problem , you decide
to check and seeif anyone else had this
problem . where is the best place find this information ?
a. The
manual that cam with the server
b. The
vendor’s web site
c. Service
pack
d. Microsoft
knowledge base
Tidak ada komentar:
Posting Komentar