Which phase of vulnerability management deals with the actions taken for correcting the discovered vulnerability?
- A . Mitigation
- B . Assessment
- C . Remediation
- D . Verification
How is application whitelisting different from application blacklisting?
- A . It allows all applications other than the undesirable applications
- B . It allows execution of trusted applications in a unified environment
- C . It allows execution of untrusted applications in an isolated environment
- D . It rejects all applications other than the allowed applications
John, the network administrator and he wants to enable the NetFlow feature in Cisco routers to collect and monitor the IP network traffic passing through the router.
Which command will John use to enable NetFlow on an interface?
- A . Router(Config-if) # IP route – cache flow
- B . Router# Netmon enable
- C . Router IP route
- D . Router# netflow enable
Sean has built a site-to-site VPN architecture between the head office and the branch office of his company. When users in the branch office and head office try to communicate with each other, the traffic is encapsulated. As the traffic passes though the gateway, it is encapsulated again. The header and payload both are encapsulated. This second encapsulation occurs only in the __________implementation of a VPN.
- A . Full Mesh Mode
- B . Point-to-Point Mode
- C . Transport Mode
- D . Tunnel Mode
Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled.
Which of the following command allows Sophie to do so?
- A . Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocol
- B . Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
- C . Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol
- D . Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol
Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company’s network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic.
What type of scan is Cindy attempting here?
- A . The type of scan she is usinq is called a NULL scan.
- B . Cindy is using a half-open scan to find live hosts on her network.
- C . Cindy is attempting to find live hosts on her company’s network by using a XMAS scan.
- D . She is utilizing a RST scan to find live hosts that are listening on her network.
Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?
- A . Application sandboxing
- B . Deployment of WAFS
- C . Application whitelisting
- D . Application blacklisting
A VPN Concentrator acts as a bidirectional tunnel endpoint among host machines.
What are the other f unction(s) of the device? (Select all that apply)
- A . Provides access memory, achieving high efficiency
- B . Assigns user addresses
- C . Enables input/output (I/O) operations
- D . Manages security keys
Damian is the chief security officer of Enigma Electronics. To block intruders and prevent any environmental accidents, he needs to set a two-factor authenticated keypad lock at the entrance, rig a fire suppression system, and link any video cameras at various corridors to view the feeds in the surveillance room.
What layer of network defense-in-depth strategy is he trying to follow?
- A . Physical
- B . Perimeter
- C . Policies and procedures
- D . Host
John wants to implement a packet filtering firewall in his organization’s network.
What TCP/IP layer does a packet filtering firewall work on?
- A . Application layer
- B . Network Interface layer
- C . TCP layer
- D . IP layer
Management asked Adam to implement a system allowing employees to use the same credentials to access multiple applications. Adam should implement the————————– authentication technique to satisfy the management request.
- A . Two-factor Authentication
- B . Smart Card Authentication
- C . Single-sign-on
- D . Biometric
Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an _______ for legal advice to defend them against this allegation.
- A . Evidence Manager
- B . Incident Handler
- C . Attorney
- D . PR Specialist
The risk assessment team in Southern California has estimated that the probability of an incident that has potential to impact almost 80% of the bank’s business is very high.
How should this risk be categorized in the risk matrix?
- A . High
- B . Medium
- C . Extreme
- D . Low
Michael decides to view the—————–to track employee actions on the organization’s network.
- A . Firewall policy
- B . Firewall log
- C . Firewall settings
- D . Firewall rule set
Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization’s need.
Which of the following factors will the administrator consider when deciding on the appropriate backup medium?
- A . Capability
- B . Accountability
- C . Extensibility
- D . Reliability
The CEO of Max Rager wants to send a confidential message regarding the new formula for its coveted soft drink, SuperMax, to its manufacturer in Texas. However, he fears the message could be altered in transit.
How can he prevent this incident from happening and what element of the message ensures the success of this method?
- A . Hashing; hash code
- B . Symmetric encryption; secret key
- C . Hashing; public key
- D . Asymmetric encryption; public key
Which IEEE standard does wireless network use?
- A . 802.11
- B . 802.18
- C . 802.9
- D . 802.10
The————–protocol works in the network layer and is responsible for handling the error codes during the delivery of packets. This protocol is also responsible for providing communication in the TCP/IP stack.
- A . RARP
- B . ICMP
- C . DHCP
- D . ARP
Identify the spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code.
- A . FHSS
- B . DSSS
- C . OFDM
- D . ISM
Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?
- A . Pipe Model
- B . AAA model
- C . Hub-and-Spoke VPN model
- D . Hose mode
John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization’s network.
Which of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?
- A . Tcp.flags==0x2b
- B . Tcp.flags=0x00
- C . Tcp.options.mss_val<1460
- D . Tcp.options.wscale_val==20
John has implemented________in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique.
- A . DMZ
- B . Proxies
- C . VPN
- D . NAT
A network is setup using an IP address range of 0.0.0.0 to 127.255.255.255. The network has a default subnet mask of 255.0.0.0.
What IP address class is the network range a part of?
- A . Class C
- B . Class A
- C . Class B
- D . Class D
Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?
- A . Automated Field Correlation
- B . Field-Based Approach
- C . Rule-Based Approach
- D . Graph-Based Approach
———–is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)
- A . 802.15.4
- B . 802.15
- C . 802.12
- D . 802.16
James was inspecting ARP packets in his organization’s network traffic with the help of Wireshark. He is checking the volume of traffic containing ARP requests as well as the source IP address from which they are originating.
Which type of attack is James analyzing?
- A . ARP Sweep
- B . ARP misconfiguration
- C . ARP spoofinq
- D . ARP Poisioning
Blake is working on the company’s updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of incident in the plan.
Unsuccessful scans and probes are at what severity level?
- A . High severity level
- B . Extreme severity level
- C . Mid severity level
- D . Low severity level
To provide optimum security while enabling safe/necessary services, blocking known dangerous services, and making employees accountable for their online activity, what Internet Access policy would Brian, the network administrator, have to choose?
- A . Prudent policy
- B . Paranoid policy
- C . Promiscuous policy
- D . Permissive policy
Based on which of the following registry key, the Windows Event log audit configurations are recorded?
- A . HKEY_LOCAL_MACHINESYSTEMServicesEventLog < ErrDev >
- B . HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEventLog < EntAppsvc >
- C . HKEY_LOCAL_MACHINECurrentControlSetServicesEventLog< ESENT >
- D . HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLog < Event Log >
Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour.
Fargo would like to eliminate it; what command should he execute?
- A . # update-rc.d -f [service name] remove
- B . # service [service name] stop
- C . # ps ax | grep [Target Process]
- D . # kill -9 [PID]
Tom works as a network administrator in a multinational organization having branches across North America and Europe. Tom wants to implement a storage technology that can provide centralized data storage and provide free data backup on the server. He should be able to perform data backup and recovery more efficiently with the selected technology.
Which of the following storage technologies best suits Tom’s requirements?
- A . DAS
- B . PAS
- C . RAID
- D . NAS
Which command is used to change the permissions of a file or directory?
- A . rmdir
- B . systemctl
- C . kill
- D . chmod
Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21.
What does this source address signify?
- A . This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127.0.0.1.
- B . This source address is IPv6 and translates as 13.1.68.3
- C . This source address signifies that the originator is using 802dot1x to try and penetrate into Frank’s network
- D . This means that the source is using IPv4
Simran is a network administrator at a start-up called Revolution. To ensure that neither party in the company can deny getting email notifications or any other communication, she mandates authentication before a connection establishment or message transfer occurs.
What fundamental attribute of network defense is she enforcing?
- A . Integrity
- B . Non-repudiation
- C . Confidentiality
- D . Authentication
An employee of a medical service company clicked a malicious link in an email sent by an attacker. Suddenly, employees of the company are not able to access billing information or client record as it is
encrypted. The attacker asked the company to pay money for gaining access to their data.
Which type of malware attack is described above?
- A . Logic bomb
- B . Rootkits
- C . Trojan
- D . Ransomware
John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information.
Which type of firewall service is John thinking of implementing?
- A . Application level gateway
- B . Circuit level gateway
- C . Stateful Multilayer Inspection
- D . Packet Filtering
George was conducting a recovery drill test as a part of his network operation. Recovery drill tests are conducted on the______________.
- A . Archived data
- B . Deleted data
- C . Data in transit
- D . Backup data
Daniel is monitoring network traffic with the help of a network monitoring tool to detect any abnormalities.
What type of network security approach is Daniel adopting?
- A . Preventative
- B . Reactive
- C . Retrospective
- D . Defense-in-depth
Emmanuel works as a Windows system administrator at an MNC. He uses PowerShell to enforce the script execution policy. He wants to allow the execution of the scripts that are signed by a trusted publisher.
Which of the following script execution policy setting this?
- A . AllSigned
- B . Restricted
- C . RemoteSigned
- D . Unrestricted
In MacOS, how can the user implement disk encryption?
- A . By enabling BitLocker feature
- B . By executing dm-crypt command
- C . By turning on Device Encryption feature
- D . By enabling FileVault feature
Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees.
Under which category of an information security policy does AUP fall into?
- A . System Specific Security Policy (SSSP)
- B . Incident Response Policy (IRP)
- C . Enterprise Information Security Policy (EISP)
- D . Issue Specific Security Policy (ISSP)
You are responsible for network functions and logical security throughout the corporation. Your company has over 250 servers running Windows Server 2012, 5000 workstations running Windows 10, and 200 mobile users working from laptops on Windows 8. Last week 10 of your company’s laptops were stolen from a salesman, while at a conference in Barcelona. These laptops contained proprietary company information. While doing a damage assessment, a news story leaks about a blog post containing information about the stolen laptops and the sensitive information.
What built-in Windows feature could you have implemented to protect the sensitive information on these laptops?
- A . You should have used 3DES.
- B . You should have implemented the Distributed File System (DFS).
- C . If you would have implemented Pretty Good Privacy (PGP).
- D . You could have implemented the Encrypted File System (EFS)
Liza was told by her network administrator that they will be implementing IPsec VPN tunnels to connect the branch locations to the main office.
What layer of the OSI model do IPsec tunnels function on?
- A . The data link layer
- B . The session layer
- C . The network layer
- D . The application and physical layers
Ivan needs to pick an encryption method that is scalable even though it might be slower.
He has settled on a method that works where one key is public and the other is private.
What encryption method did Ivan settle on?
- A . Ivan settled on the private encryption method.
- B . Ivan settled on the symmetric encryption method.
- C . Ivan settled on the asymmetric encryption method
- D . Ivan settled on the hashing encryption method
An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours.
What is the best option to do this job?
- A . Install a CCTV with cameras pointing to the entrance doors and the street
- B . Use fences in the entrance doors
- C . Use lights in all the entrance doors and along the company’s perimeter
- D . Use an IDS in the entrance doors and install some of them near the corners
Which of the Windows security component is responsible for controlling access of a user to Windows resources?
- A . Network Logon Service (Netlogon)
- B . Security Accounts Manager (SAM)
- C . Security Reference Monitor (SRM)
- D . Local Security Authority Subsystem (LSASS)
Elden is working as a network administrator at an IT company. His organization opted for a virtualization technique in which the guest OS is aware of the virtual environment in which it is running and communicates with the host machines for requesting resources. Identify the virtualization technique implemented by Elden’s organization.
- A . Hybrid virtualization
- B . Hardware-assisted virtualization
- C . Full virtualization
- D . Para virtualization
Alex is administrating the firewall in the organization’s network.
What command will he use to check the ports applications open?
- A . Netstat -an
- B . Netstat -o
- C . Netstat -a
- D . Netstat -ao
If an organization has decided to consume PaaS Cloud service model, then identify the organization’s responsibility that they need to look after based on shared responsibility model.
- A . Data, interfaces, application, etc.
- B . Data, interfaces, application, middleware, OS, VM, virtual network, etc.
- C . Data, interfaces, application, middleware, OS, VM, virtual network, hypervisors, processing and memory, data storage, network interfaces, facilities and data centers, etc.
- D . Data, interfaces, etc.
How can a WAF validate traffic before it reaches a web application?
- A . It uses a role-based filtering technique
- B . It uses an access-based filtering technique
- C . It uses a sandboxing filtering technique
- D . It uses a rule-based filtering technique
CORRECT TEXT
Identify the minimum number of drives required to setup RAID level 5.
- A . Multiple
- B . 3
- C . 4
- D . 2
Which of the following VPN topologies establishes a persistent connection between an organization’s main office and its branch offices using a third-party network or the Internet?
- A . Star
- B . Point-to-Point
- C . Full Mesh
- D . Hub-and-Spoke
The IR team and the network administrator have successfully handled a malware incident on the network. The team is now preparing countermeasure guideline to avoid a future occurrence of the malware incident.
Which of the following countermeasure(s) should be added to deal with future malware incidents? (Select all that apply)
- A . Complying with the company’s security policies
- B . Implementing strong authentication schemes
- C . Implementing a strong password policy
- D . Install antivirus software
Choose the correct order of steps to analyze the attack surface.
- A . Identify the indicators of exposure->visualize the attack surface->simulate the attack->reduce the attack surface
- B . Visualize the attack surface->simulate the attack->identify the indicators of exposure->reduce the attack surface
- C . Identify the indicators of exposure->simulate the attack->visualize the attack surface->reduce the attack surface
- D . Visualize the attack surface->identify the indicators of exposure->simulate the attack->reduce the attack surface
Frank is a network technician working for a medium-sized law firm in Memphis. Frank and two other IT employees take care of all the technical needs for the firm. The firm’s partners have asked that a secure wireless network be implemented in the office so employees can move about freely without being tied to a network cable. While Frank and his colleagues are familiar with wired Ethernet technologies, 802.3, they are not familiar with how to setup wireless in a business environment.
What IEEE standard should Frank and the other IT employees follow to become familiar with wireless?
- A . The IEEE standard covering wireless is 802.9 and they should follow this.
- B . 802.7 covers wireless standards and should be followed
- C . They should follow the 802.11 standard
- D . Frank and the other IT employees should follow the 802.1 standard.
If there is a fire incident caused by an electrical appliance short-circuit, which fire suppressant should be used to control it?
- A . Water
- B . Wet chemical
- C . Dry chemical
- D . Raw chemical
Smith is an IT technician that has been appointed to his company’s network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed.
What is the first step they should do to create the network vulnerability assessment plan?
- A . Their first step is to analyze the data they have currently gathered from the company or interviews.
- B . Their first step is to make a hypothesis of what their final findings will be.
- C . Their first step is to create an initial Executive report to show the management team.
- D . Their first step is the acquisition of required documents, reviewing of security policies and compliance.
Syslog and SNMP are the two main _______ protocols through which log records are transferred.
- A . Pull-based
- B . Push-based
- C . Host-based
- D . Network-based
An attacker uses different types of password cracking techniques to crack the password and gain unauthorized access to a system. An attacker uses a file containing a list of commonly used passwords. They then upload this file into the cracking application that runs against the user accounts.
Which of the following password cracking techniques is the attacker trying?
- A . Bruteforce
- B . Rainbow table
- C . Hybrid
- D . Dictionary
Identify the type of event that is recorded when an application driver loads successfully in Windows.
- A . Success Audit
- B . Error
- C . Warning
- D . Information