CompTIA SY0-301 Security+ 100-Question Practice Exam Developed for www.GetCertified4Less.

com (Author to remain anonymous) This practice exam has been developed exclusively for GetCertified4Less.Com. Answers and explanations on last pages. 1. In which of the cloud computing infrastructure types clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment? A. IaaS B. PaaS C. SaaS D. RAS 2. A. B. C. D. 3. A. B. C. D. WPA2 is also known as: 802.1X 802.11 802.3 802.11i Which of the following devices operates at Layer 3 of the OSI model? Passive hub Switch Router Active hub

4. One of the measures used in securing an Ethernet switch includes disabling unused ports. A. True B. False 5. A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers is called: A. Thick client B. SaaS C. Virtualization D. IaaS 6. A. B. C. D. RAID 0: (Select two answers) Offers fault tolerance and redundancy Requires at least three drives to implement Doesn't offer fault tolerance Requires at least two drives to implement

7. Which of the following terms refers to a logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain, regardless of their physical location? A. VLAN B. DMZ C. MAC filtering D. SNMP community

8. A group that consists of SNMP devices and one or more SNMP managers is called: A. SNMP trap B. Network Management System (NMS) C. SNMP community D. Management Information Base (MIB) 9. A. B. C. D. VLAN membership can be set through: (Select all that apply) Trunk port Switch ports Encryption MAC address

10. A lightly protected subnet placed on the outside of the company's firewall consisting of publicly available servers is also referred to as: A. VPN B. Access Point (AP) C. VLAN D. DMZ 11. Which of the following attacks uses multiple compromised computer systems against its target? A. DoS B. Botnet C. Logic bomb D. DDoS 12. What is the purpose of non-repudiation? A. Preventing someone from denying that they took a specific action B. Ensuring that received data hasn't changed in transit C. Hiding one piece of data in another piece of data D. Transforming plaintext to ciphertext 13. Which of the following refers to one of the testing stages in the software development process performed by customers or end users? A. UAC B. NAT C. UAT D. EULA 14. Using a telephone system to manipulate a user into disclosing confidential information is called: A. Shoulder surfing B. Spoofing C. Vishing D. Tailgating 15. Which of the following fall(s) into the category of social engineering attacks? (Select all that apply) A. Whaling B. MAC spoofing C. Xmas attack D. Vishing E. Spear phishing

16. The practice of sending unsolicited messages over Bluetooth is also known as: A. SPIM B. Bluejacking C. Phishing D. Bluesnarfing 17. Gaining unauthorized access to a Bluetooth device is also referred to as: A. Interference B. Bluesnarfing C. Bluejacking D. Pharming 18. Which of the following terms refers to a microchip embedded on the motherboard of a personal computer or laptop that can store keys, passwords and digital certificates? A. FRU B. EFS C. TPM D. HCL 19. Phishing scams targeting a specific group of users are also referred to as: A. Bluejacking B. Spear phishing C. Tailgating D. Pharming 20. Unsolicited messages received over an instant messaging system are also known as: A. Spim B. Spoofing C. Spam D. Bluejacking 21. What is war chalking? A. Scanning for open ports B. Finding unsecured wireless networks C. SSID discovery D. Marking unsecured wireless networks 22. A piece of hardware and associated software / firmware that usually attaches to the inside of a PC or server and provides at least the minimum of cryptographic functions is called: A. OUI B. BIOS C. HSM D. PKI

23. Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device? A. NAC B. ACL C. NAT D. DMZ 24. Which of the following is an acronym for a risk assessment formula defining probable financial loss due to a risk over a one-year period? A. ARO B. ALE C. SLE D. UAT 25. Malicious code activated by a specific event is also known as: A. Logic bomb B. Denial of service C. Computer worm D. Xmas attack 26. Security measures that can be applied to mobile devices include: (Select all that apply) A. Quality of Service (QoS) B. Encryption and passwords C. Load balancing D. Remote sanitation E. Voice encryption 27. Which of the following port numbers is used by Kerberos? A. 23 B. 80 C. 22 D. 88 28. SHA and MD5 are examples of: A. Encryption algorithms B. Virus signatures C. Hash functions D. Trust models 29. Which of the following protocols periodically reauthenticates a client? A. PAP B. SHA C. CHAP D. MD5 30. Which IPsec mode provides whole packet encryption? A. Tunnel B. Payload C. Transport D. Host-to-host

31. A set of rules enforced in a network that restrict the use to which the network may be put is also known as: A. OEM B. AUP C. FAQ D. UAT 32. A group of computers running malicious software under control of a hacker is also referred to as: A. Botnet B. Ethernet C. Subnet D. Intranet 33. Which of the following terms refers to software or hardware based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of a corporate network? A. EULA B. DLP C. UAT D. LTO 34. Penetration test of a computer system without the prior knowledge on how the system works is also known as: A. Auditing B. White hat testing C. Black box testing D. White box 35. Finding vulnerability in an application by feeding it incorrect input is also known as: A. Patching B. Exception handling C. Application hardening D. Fuzzing 36. Which of the following is an example of a biometric authentication? A. Password B. Smart card C. Fingerprint scanner D. User name 37. Which of the following is an example of a multi-factor authentication? A. Password and biometric scan B. User name and PIN C. Smart card and identification badge D. Iris and fingerprint scan 38. Steganography allows for: A. Hiding data within another piece of data B. Data encryption C. Checking data integrity D. Hashing

39. An IPv6 address consists of: A. 32 bits B. 48 bits C. 64 bits D. 128 bits 40. Which of the following acronyms refers to any type of information pertaining to an individual that can be used to uniquely identify that individual? A. PIN B. PII C. ID D. Password 41. Which of the following terms refers to a rogue access point? A. Computer worm B. Backdoor C. Evil twin D. Trojan horse 42. Antivirus software can be kept up to date through: (Select all that apply) A. Virus signature updates B. Virtualization C. Auditing D. Engine updates 43. In this access control model every resource has a sensitivity label matching a clearance level assigned to a user. A. RBAC B. DAC C. HMAC D. MAC 44. Which of the following is used to prevent switching loops? A. UTP B. HMAC C. STP D. RAS 45. TCP port 23 is used by: A. SMTP B. SSH C. Telnet D. TFTP 46. A chronological record outlining persons in possession of an evidence is also referred to as: A. Chain of custody B. Data handling chain C. Information classification D. Evidence timeline

47. Sticky note with a password kept on sight in the user's cubicle would be a violation of which of the following policies? A. Data labeling policy B. Clean desk policy C. User account policy D. Password complexity 48. A policy outlining ways of collecting and managing personal data is also known as: A. Acceptable use policy B. Audit policy C. Privacy policy D. Data loss prevention 49. Which of the following solutions is used for controlling temperature and humidity? A. Faraday cage B. UART C. EMI shielding D. HVAC 50. A maximum acceptable period of time within which a system must be restored after failure is also known as: A. Recovery Time Objective (RTO) B. Mean Time To Restore (MTTR) C. Maximum Tolerable Period of Disruption (MTPOD) D. Mean Time Between Failures (MTBF) 51. Which of the following provides confidentiality? A. SHA-1 B. RAID 0 C. MD5 D. AES 52. Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply) A. NTP B. PAP C. Kerberos D. CHAP 53. Which of the following provide the means for checking data integrity? (Select two answers) A. WEP B. RC4 C. SHA-1 D. WPA2 E. MD5

54. Which of the following are symmetric-key algorithms? (Select all that apply) A. AES B. DES C. RSA D. Diffie-Hellman E. 3DES 55. Which of the following provide availability? (Select all that apply) A. RAID 5 B. RAID 0 C. Encryption D. RAID 1 E. Hot site 56. 802.1x is an IEEE standard defining: A. Token ring networks B. Port-based network access control C. VLAN tagging D. Wireless networking 57. Allowing a program through a firewall is also referred to as creating: A. Entry B. Tunnel C. Access Control list (ACL) D. Exception 58. The last default rule on a firewall is to: A. Create an exception B. Allow all traffic C. Deny all traffic D. Unblock all ports 59. Which of the following protocols was designed as a secure replacement for Telnet? A. ICMP B. FTP C. IPv6 D. SSH 60. TCP port 22 is used by default by: (Select all that apply) A. FTP B. SSH C. SMTP D. SCP E. SFTP

61. Which of the following ports are used by NetBIOS? (Select all that apply) A. 137 B. 161 C. 138 D. 162 E. 139 62. Which of the following sequences of steps adheres to the order of volatility while collecting an evidence? A. Memory dump, disk files, temporary files, archival media B. Archival media, disk files, temporary files, memory dump C. Memory dump, temporary files, disk files, archival media D. Temporary files, memory dump, archival media, disk files 63. Phishing scams targeting people holding high positions in an organization or business are also known as: A. Tailgating B. Shoulder surfing C. Pharming D. Whaling 64. Which of the following prevents a computer screen from being viewed by others nearby? A. Firewall B. Privacy screen C. Multi-factor authentication D. HIPS 65. Which of the following measures should be used in order to prevent shoulder surfing? (Select two answers) A. Cable locks B. Video surveillance C. Privacy filters D. Security guards E. Screensavers 66. What is tailgating? A. Gaining unauthorized access to restricted areas by following another person B. Manipulating a user into disclosing confidential information C. Scanning for unsecured wireless networks while driving in a car D. Looking over someone's shoulder in order to get information 67. The term war driving refers to: A. Penetration test B. Scanning for unsecured wireless networks while driving in a car C. Vulnerability scan D. Marking unsecured wireless networks

68. Which of the following terms refers to an access control method based on user identity? A. HMAC B. DAC C. MAC D. RBAC 69. An access control model in which access to resources is granted or denied depending on Access Control List (ACL) entries is also known as: A. Mandatory Access Control B. Lattice-Based Access Control C. Role-Based Access Control D. Rule-Based Access Control 70. Which of the following actions can be taken by an IDS? (Select two answers) A. Terminating process B. Closing down connection C. Reconfiguring firewall D. Logging E. Sending an alert 71. Which of the following are the features of a Common Access Card (CAC)? (Select all that apply) A. Provides access to low security areas B. Any type of identification badge with a photo C. Smart card D. Issued by United States Department of Defense (DoD) 72. An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login at only one of the components is also referred to as: A. SSO B. TLS C. SSL D. WAP 73. What is the name of a storage solution used to retain copies of private encryption keys? A. Trusted OS B. Key escrow C. Proxy D. Recovery agent 74. Copies of lost private encryption keys can be retrieved from a key database by: A. Power users B. Recovery agents C. GPS tracking D. Backup operators

75. Zero-day attack exploits: A. New accounts B. Patched software coding errors C. Vulnerability that is present in already released software but unknown to the software developer D. Well known vulnerability 76. Which of the following can stop attacks on the network? A. NIPS B. HIDS C. HIPS D. NIDS 77. A type of attack exploiting the TCP three-way handshake process is also known as: A. SYN flood B. Xmas attack C. DNS poisoning D. Man-in-the-middle attack 78. Which type of intrusion detection relies on the previously established baseline of normal network activity? A. MD-IDS B. Signature-based IDS C. Managed Switch D. AD-IDS 79. Which security measure is in place when a client is denied access to the network due to outdated antivirus software? A. IPsec B. NAC C. DMZ D. NAT 80. What type of protocols ensure the privacy of a VPN connection? A. OSPF B. IPv6 C. Tunneling D. Telnet 81. Packet sniffer is a common term for: A. Multilayer switch B. Port scanner C. Router D. Protocol Analyzer 82. Which of the following ports are used by the File Transfer Protocol (FTP)? (Select two answers) A. 22 B. 20 C. 25 D. 23 E. 21

83. Penetration test with the prior knowledge on how the system that is to be tested works is also known as: A. White hat B. Sandbox C. White box D. Black box 84. Which of the following measures fall(s) into the category of detective security controls? (Select all that apply) A. IPS B. Security guard C. IDS D. Video surveillance 85. HTTPS runs on TCP port: A. 443 B. 80 C. 143 D. 137 86. Paper shredder would help in preventing what kind of threats? (Select all that apply) A. Dumpster diving B. Tailgating C. Zero-day attack D. Social engineering 87. Public/private key pair is a feature of: A. WEP B. Asymmetric encryption C. PII D. Symmetric encryption 88. Coding errors and security vulnerabilities in software that has already been released can be rectified through: A. Fuzzing B. Application hardening C. Patch management D. Virtualization 89. Penetration testing: (Select all that apply) A. Bypasses security controls B. Only identifies lack of security controls C. Actively tests security controls D. Exploits vulnerabilities E. Passively tests security controls 90. Which of the following would be the fastest in validating a digital certificate? A. IPX B. OCSP C. CRL D. OSPF

91. The term Trusted OS refers to an operating system: A. Admitted to a network through NAC B. Implementing patch management C. That has been authenticated on the network D. With enhanced security features 92. A monitored host or network specifically designed to detect unauthorized access attempts is also known as: A. Botnet B. Rogue access point C. Honeypot D. Flood guard 93. Software that performs unwanted and harmful actions in disguise of a legitimate and useful program is also referred to as: A. Trojan horse B. Spyware C. Logic bomb D. Adware 94. Which of the following fall into the category of physical security measures? (Select all that apply) A. Mantrap B. Vulnerability scanner C. Access list D. Honeypot E. Hardware lock 95. What are the features of Elliptic Curve Cryptography (ECC)? (Select two answers) A. Asymmetric encryption B. Shared key C. Suitable for small wireless devices D. High processing power requirements E. Symmetric encryption 96. Which of the following allows for encrypting e-mail messages? A. PGP B. OVAL C. SMTP D. PPP 97. What type of system can be compromised through phreaking? A. PBX B. PGP C. ATX D. BIOS 98. Which of the following acronyms refers to a lightweight consumer electronic device? A. KDC B. CA C. SLED D. PED

99. Advanced Encryption Standard (AES): (Select all that apply) A. Is a symmetric encryption algorithm B. Uses 128-, 192-, and 256-bit keys C. Is an asymmetric encryption algorithm D. Uses block cipher algorithm E. Requires multiple passes to encrypt data 100. Which of the following is a stream cipher? A. DES B. AES C. RC4 D. 3DES

ANSWERS 1. Answer: A. IaaS Explanation: Infrastructure as a Service (IaaS) is one of the cloud computing infrastructure types where clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment. The clients usually pay for computational resources on a per-use basis. In IaaS, cost of the service depends on the amount of consumed resources. 2. Answer: D. 802.11i Explanation: IEEE 802.11i standard is also known as WPA2. The two terms, 802.11i and Wi-Fi Protected Access II (WPA2) are used synonymously to mean the new security standard for wireless networks. 3. Answer: C. Router Explanation: Routers operate at Layer 3 (Network Layer) of the OSI model. Switches operate at Layer 2 (Data link layer) of the OSI model. Hubs operate at Layer 1 (Physical layer) of the OSI model. 4. Answer: A. True Explanation: One of the measures used in securing an Ethernet switch includes disabling unused ports. 5. Answer: B. SaaS Explanation: Software as a Service (SaaS) is a type of cloud computing infrastructure where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers and simplifying maintenance and support. Compared to conventional software deployment which requires licensing fee and often investment in additional hardware on the client side, SaaS can be delivered at a lower cost by providing remote access to applications and pricing based on monthly or annual subscription fee. 6. Answers: C and D. Doesn't offer fault tolerance and Requires at least two drives to implement Explanation: Redundant Array of Independent Disks (RAID) is a collection of different data storage schemes (referred to as RAID levels) that allow for combining multiple hard disks into a single logical unit in order to increase fault tolerance and performance. RAID Level 0 breaks data into fragments called blocks and each block of data is written to a separate disk drive. This greatly improves performance as every physical disk drive handles only a part of the workload related to write and read operations. Each consecutive physical drive included in this type of array improves the speed of read/write operations by adding more hardware resources to handle decreasing amount of workload. The main disadvantage of RAID 0 is that it doesn't offer any fault tolerance. Each of the drives holds only part of the information and in case of failure of any of the drives there is no way to rebuild the array which in turn results in the loss of all data. RAID 0 requires minimum of two disk drives to implement.

7. Answer: A. VLAN Explanation: Virtual Local Area Network (VLAN) is a logical grouping of computers that may be physically located on different parts of a LAN. VLANs allow computer hosts to act as if they were attached to the same broadcast domain, regardless of their physical location. VLAN membership can be configured through software instead of physically relocating devices or connections, and VLANs are often created with the use of switches equipped with additional software features. By default, all ports on a switch are typically labeled as VLAN1, and virtual networks are created by changing this assignment (labeling one of the ports as VLAN2, another as VLAN3, etc.). Multiple switches on a LAN can be configured this way, and physically dispersed hosts that connect to e.g. VLAN2 port on any of those switches become a part of a single logical subnet. 8. Answer: C. SNMP community Explanation: SNMP community is a group that consists of SNMP devices and one or more SNMP managers. Simple Network Management Protocol (SNMP) is a UDP-based, Application Layer protocol used in network management systems to monitor network-attached devices. SNMP is typically integrated into most modern network infrastructure devices such as routers, bridges, switches, servers, printers, copiers, fax machines, and other networkattached devices. An SNMP-managed network consists of three key components: a managed device, a network-management software module that resides on a managed device (Agent), and a network management system (NMS) which executes applications that monitor and control managed devices and collect SNMP information from Agents. All SNMP-compliant devices include a virtual database called Management Information Base (MIB) containing information about configuration and state of the device that can be queried by the SNMP management station. The manager receives notifications (Traps and InformRequests) on UDP port 162. The SNMP Agent receives requests on UDP port 161, and before answering a request from SNMP manager, SNMP Agent verifies that the manager belongs to an SNMP community with access privileges to the Agent. An SNMP community is a group that consists of SNMP devices and one or more SNMP managers. The community has a name, and all members of a community have the same access privileges. An SNMP device or Agent may belong to more than one SNMP community and it will not respond to requests from management stations that do not belong to one of its communities. The relationship between SNMP server system and the client systems is defined by the so called community string which acts like a password. In terms of security, SNMP version 1 and version 2 offer only authentication based on community strings sent in cleartext. SNMPv3 provides authentication, packet encryption, and hashing mechanisms that allow for checking whether data has changed in transit.

9. Answers: B and D. Switch ports and MAC address Explanation: VLAN membership can be set either through switch ports where a device connecting to a certain switch port automatically becomes a member of the VLAN assigned to that port (static VLAN), or through mapping the VLAN membership with the MAC address of the device connected to the port (dynamic VLAN). Dynamic VLANs are configured through the use of server software that relies on a database containing MAC-address-toVLAN mappings. When a device connects to the dynamic port on a switch its MAC address is sent to the server, and if the matching entry in its database is found the server sends the VLAN number for that port. 10. Answer: D. DMZ Explanation: Demilitarized Zone (DMZ) is a lightly protected subnet placed on the outside of the company's firewall consisting of publicly available servers. The purpose of DMZ is to offer services, such as web browsing, FTP, or e-mail, to both the public and internal clients without compromising the security of the private LAN. 11. Answer: D. DDoS Explanation: As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to perform attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet. The goal of DoS and DDoS attacks is to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn't have time or resources to handle legitimate requests. 12. Answer: A. Preventing someone from denying that they took a specific action Explanation: The purpose of non-repudiation is to prevent someone from denying that they take a specific action. 13. Answer: C. UAT Explanation: User Acceptance Testing (UAC) is one of the testing stages in the software development process performed by customers or end users. 14. Answer: C. Vishing Explanation: The practice of using a telephone system to manipulate a user to disclose confidential information is called vishing. Vishing falls into the category of social engineering attacks. 15. Answers: A, D, and E. Whaling, Vishing, and Spear phishing Explanation: Social engineering techniques are aimed at manipulating people into performing actions they are not authorized to perform or disclosing confidential information. Whaling, vishing, and spear phishing are all examples of social engineering techniques. 16. Answer: B. Bluejacking Explanation: Sending unsolicited messages over Bluetooth is also referred to as bluejacking.

17. Answer: B. Bluesnarfing Explanation: Gaining unauthorized access to a Bluetooth device is also referred to as bluesnarfing. 18. Answer: C. TPM Explanation: Trusted Platform Module (TPM) is a specification, published by the Trusted Computing Group (TCG), for a microcontroller that can store secured information, and also the general name of implementations of that specification. Trusted Platform Modules are hardware based security microcontrollers that store keys, passwords and digital certificates and protect this data from external software attacks and physical theft. TPMs are usually embedded on the motherboard of a personal computer or laptop, but they can also be used in other devices such as mobile phones or network equipment. 19. Answer: B. Spear phishing Explanation: Phishing is a fraudulent attempt to trick a user, usually via e-mail message, into disclosing personal information. Phishing scams targeting a specific group of users are also referred to as spear phishing. Spear phishing scams that go one step further by targeting people holding high positions in an organization or business are also known as whaling. 20. Answer: A. Spim Explanation: Unsolicited messages received over an instant messaging system are commonly referred to as spim. 21. Answer: D. Marking unsecured wireless networks Explanation: The practice of marking symbols in public places that indicate the presence of an unsecured wireless connection is also referred to as war chalking. 22. Answer: C. HSM Explanation: Hardware Security Module (HSM) is a piece of hardware and associated software/firmware that usually attaches to the inside of a PC or server and provides at least the minimum of cryptographic functions. These functions include (but are not limited to) encryption, decryption, key generation, and hashing. 23. Answer: C. NAT Explanation: Network Address Translation (NAT) is a technology that provides an IP proxy between a private LAN and a public network such as the Internet. Computers on the private LAN can access the Internet through a NAT-capable router which handles the IP address translation. NAT hides the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device. 24. Answer: B. ALE Explanation: Annualized Loss Expectancy (ALE) is a risk assessment formula defining probable financial loss due to a risk over a one-year period. It is defined as: Annualized Loss Expectancy (ALE) = Annual Rate of Occurrence (ARO) x Single Loss Expectancy (SLE)

25. Answer: A. Logic bomb Explanation: Malicious code activated by a specific event is also known as logic bomb. 26. Answers: B, D, and E. Encryption and passwords, Remote sanitation, and Voice encryption Explanation: Security measures that can be applied to mobile devices include device encryption, strong passwords, remote sanitation feature, and voice encryption. Remote sanitation allows for sending a signal that will trigger wiping all the data on the phone. Stolen or lost device can also be located with the use of General Positioning System (GPS) tracking feature. 27. Answer: D. 88 Explanation: Port number 88 is used by the Kerberos authentication protocol. Port 22 is used by Secure Shell (SSH). Port 23 is used by Telnet. HyperText Transfer Protocol (HTTP) uses port number 80. 28. Answer: C. Hash functions Explanation: SHA and MD5 are examples of hash functions. 29. Answer: C. CHAP Explanation: Challenge Handshake Authentication Protocol (CHAP) is a remote access authentication protocol that periodically reauthenticates a client at random intervals in order to prevent session hijacking. 30. Answer: A. Tunnel Explanation: IPsec can be implemented in a host-to-host transport mode (where only the payload of the IP packet is usually encrypted and/or authenticated) or in a network tunnel mode (where the entire IP packet is encrypted and/or authenticated). 31. Answer: B. AUP Explanation: Acceptable Use Policy (AUP) is a set of rules enforced in a network that restrict the use to which the network may be put. 32. Answer: A. Botnet Explanation: A group of computers running malicious software under control of a hacker is also referred to as botnet. 33. Answer: B. DLP Explanation: Data Loss Prevention (DLP) solutions are software or hardware based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of a corporate network. 34. Answer: B. Black box testing Explanation: Testing a computer system without the prior knowledge on how the system works is also known as black box testing. 35. Answer: D. Fuzzing Explanation: Finding vulnerability in an application by feeding it incorrect input is also known as fuzzing, or fuzz test.

36. Answer: C. Fingerprint scanner Explanation: In computer security, user's identity can be verified either by examining something that the user knows (a user name or password), something that the user has (a physical object such as smart card), or something that the user is (unique trait of every single person such as finger print or pattern of a human eye iris). Biometric authentication systems are based on examining the unique traits of a user and fingerprint scanner is an example of a biometric device. 37. Answer: A. Password and biometric scan Explanation: Authentication is proving user identity to a system. Authentication process can be based on three categories of authentication factors: user names and passwords (something that the user knows), physical tokens such as smart cards (something that the user has), or unique traits of every single person, such as fingerprints (fingerprint scanner). Multi-factor authentication requires authentication factors from two or more different categories. 38. Answer: A. Hiding data within another piece of data Explanation: Steganography allows for hiding data within another piece of data. 39. Answer: D. 128 bits Explanation: An IPv6 addresses consist of 128 bits compared to 32 bits in IPv4. IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons (IPv4 addresses are made of four groups of decimal digits separated by dots). 40. Answer: B. PII Explanation: Personally Identifiable Information (PII) includes any type of information pertaining to an individual that can be used to uniquely identify that individual. Identity of a person can be established by tracing their most basic attributes such as name, surname, phone number or traditional mailing address, but also through their social security or credit card numbers, IP or email addresses, or data collected via biometric devices. Security of Personally Identifiable Information has become major concern for companies and organizations due to the accessibility of this type of data over the Internet, but also due to misuse of personal electronic devices such as USB drives or smartphones that are easily concealable and can carry large amounts of data. 41. Answer: C. Evil twin Explanation: Evil twin is another term for a rogue access point. Rogue access point will have the same network name as the legitimate access point and can be set up by a hacker in order to steal user credentials or for the purpose of traffic eavesdropping. 42. Answers: A and D. Virus signature updates and Engine updates Explanation: Antivirus software can be kept up to date through virus signature updates and engine updates. Engine updates equip the antivirus application with tools to recognize and remove new malware types, virus signature updates add new malicious code patterns to the virus database used by the antivirus application as a reference for malware scanning.

43. Answer: D. MAC Explanation: Mandatory Access Control (MAC) is an access control model where every resource has a sensitivity label matching a clearance level assigned to a user (in order to be able to access the resource, user's clearance level must be equal or higher than the sensitivity level assigned to the resource). With mandatory access control users cannot set or change access policies at their own discretion; labels and clearance levels can only be applied and changed by an administrator. 44. Answer: C. STP Explanation: Spanning Tree Protocol (STP) is used to prevent switching loops. Switching loop occurs when there's more than one active link between two network switches, or when two ports on the same switch become connected to each other. 45. Answer: C. Telnet Explanation: TCP port 23 is used by Telnet. 46. Answer: A. Chain of custody Explanation: A chronological record outlining persons in possession of an evidence is also referred to as chain of custody. Chain of custody is used to ensure that the evidence hasn't been tampered with on its way from collection to the presentation in a court of law. 47. Answer: B. Clean desk policy Explanation: Sticky note with a password kept on sight in the user's cubicle would be a violation of clean desk policy. From the security standpoint, "clean desk" means user area organized in a way that minimizes the risk of disclosure of sensitive data. 48. Answer: C. Privacy policy Explanation: A policy outlining ways of collecting and managing personal data is also known as privacy policy. 49. Answer: D. HVAC Explanation: Heating, Ventilation, and Air Conditioning (HVAC) systems are used for controlling temperature and humidity. 50. Answer: A. Recovery Time Objective (RTO) Explanation: A maximum acceptable period of time within which a system must be restored after failure is also known as Recovery Time Objective (RTO). RTOs are established at the Business Impact Analysis (BIS) stage of the Business Continuity Planning (BCP). The goal of a Business Impact Analysis is to determine the impact of any disruption of the activities that support the organization's key products and services. A key aspect of determining the impact of a disruption is identifying the so called Maximum Tolerable Period of Disruption (MTPOD), which is the maximum amount of time that an enterprise's key products or services can be unavailable or undeliverable after an event that causes disruption to operations. The goal of Recovery Time Objective is to ensure that the Maximum Tolerable Period of Disruption (MTPD) for each activity is not exceeded.

51. Answer: A. AES Explanation: Confidentiality is achieved by encrypting data so that it becomes unreadable to anyone except the person with the decryption key. Advanced Encryption Standard (AES) is one of the encryption techniques used in computer security providing data confidentiality. 52. Answers: C and D. Kerberos and CHAP Explanation: A replay attack occurs when an attacker intercepts user credentials and tries to use this information later for gaining unauthorized access to resources on a network. Kerberos and Challenge Handshake Authentication Protocol (CHAP) are authentication protocols offering countermeasures against replay attacks. Kerberos supports a system of time stamped tickets that grant access to resources and expire after a certain period of time. CHAP prevents replay attacks by periodically reauthenticating clients during session. 53. Answers: C and E. SHA-1 and MD5 Explanation: Secure Hash Algorithm (SHA) and Message Digest (MD) are a series of hashing functions used for checking data integrity (SHA-1 and MD5 are the most popular versions). 54. Answers: A, B, and E. AES, DES, and 3DES Explanation: Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Triple DES (3DES) are all examples of symmetric-key algorithms. Rivest-Shamir-Adleman (RSA) and Diffie-Hellman are asymmetric cryptography solutions. 55. Answers: A, D, and E. RAID 5, RAID 1, and Hot site Explanation: Availability provides assurance that resources can be used when needed. Redundant Array of Independent Disks (RAID) is a collection of different data storage schemes (referred to as RAID levels) that allow for combining multiple hard disks into a single logical unit in order to increase fault tolerance and performance. RAID levels increase availability allowing the system to remain operational even when one of its components (hard drives) fails (this applies to all RAID levels except RAID 0 which doesn't provide any fault tolerance). Hot site is an alternate site where a company can move its operations in case of failure of the main site. 56. Answer: B. Port-based network access control Explanation: 802.1x is an IEEE standard for port-based network access control (sometimes confused with 802.11x, which is a general term for a family of wireless networking standards). 57. Answer: D. Exception Explanation: Allowing a program through a firewall is also known as creating an exception. 58. Answer: C. Deny all traffic Explanation: The last default rule on a firewall is to deny all traffic that comes from a source not listed on the firewall's Access Control List (ACL).

59. Answer: D. SSH Explanation: Secure Shell (SSH) is a tunneling protocol for secure remote login and other secure network services designed as a replacement for Telnet and other insecure remote shells. 60. Answers: B, D, and E. SSH, SCP, and SFTP Explanation: Secure Shell (SSH) runs by default on the TCP port 22. Apart from providing the ability to log in remotely and execute commands on a remote host, SSH is also used for secure file transfer through the SSHbased protocols such as Secure Copy (SCP) or SSH File Transfer Protocol (SFTP). 61. Answers: A, C, and E. 137, 138, and 139 Explanation: Network Basic Input / Output System (NetBIOS) is a name resolution service used in Local Area Networks (LANs). NetBIOS uses ports 137, 138, and 139. Ports 161 and 162 are reserved for the Simple Network Management Protocol (SNMP). 62. Answer: C. Memory dump, temporary files, disk files, archival media Explanation: Order of volatility refers to a sequence of steps in which different types of evidence should be collected. To preserve the order of volatility while collecting an evidence traces that can be easily lost (such as contents of the memory which are erased after powering the system down) should be collected first. 63. Answer: D. Whaling Explanation: Phishing is a fraudulent attempt to trick a user, usually via e-mail message, into disclosing personal information. Phishing scams targeting a specific group of users are also referred to as spear phishing. Spear phishing scams that go one step further by targeting people holding high positions in an organization or business are also known as whaling. 64. Answer: B. Privacy screen Explanation: Privacy screen (also privacy filter) is a protective overlay placed on the screen that narrows the viewing angle so data is only visible directly in front of the monitor and cannot be seen by others nearby. Privacy screen is one of the countermeasures against shoulder surfing. 65. Answers: C and E. Privacy filters and Screensavers Explanation: Privacy filters and password protected screensavers are examples of countermeasures against shoulder surfing (looking over someone's shoulder in order to get information). 66. Answer: A. Gaining unauthorized access to restricted areas by following another person Explanation: The practice of gaining unauthorized access to restricted areas by following another person is called tailgating.

67. Answer: B. Scanning for unsecured wireless networks while driving in a car Explanation: The term war driving refers to scanning for unsecured wireless networks while driving in a car. Marking symbols in public places that indicate the presence of an unsecured wireless connection is known as war chalking. 68. Answer: B. DAC Explanation: Discretionary Access Control (DAC) is an access control method based on user identity. In DAC, every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object. 69. Answer: D. Rule-Based Access Control Explanation: Rule Based Access Control (RBAC) is an access control model in which access to resources is granted or denied depending on Access Control List (ACL) entries. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. When a subject requests an operation on an object in an ACL-based security model, the operating system first checks the ACL for an applicable entry to decide whether the requested operation is authorized. In computer networks, Rule-Based Access Control model is usually implemented in network devices such as firewalls in order to control inbound and outbound traffic based on filtering rules. 70. Answers: D and E. Logging and Sending an alert Explanation: Intrusion Detection Systems (IDSs) rely on passive response which might include recording an event in logs or sending a notification alert. An IDS doesn't take any active steps in order to prevent an intrusion. 71. Answers: C and D. Smart card and Issued by United States Department of Defense (DoD) Explanation: Common Access Card (CAC) is a type of smart card issued by the United States Department of Defense for military and non-military personnel. 72. Answer: A. SSO Explanation: An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login at only one of the components is also referred to as Single Sign-On (SSO). A single sign-on subsystem typically requires a user to log in once at the beginning of a session, and then during the session grants further access to multiple, separately protected hosts, applications, or other system resources, without further login action by the user. 73. Answer: B. Key escrow Explanation: Key escrow is a storage solution used to retain copies of private encryption keys.

74. Answer: B. Recovery agents Explanation: Copies of lost private encryption keys can be retrieved from key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow. 75. Answer: C. Vulnerability that is present in already released software but unknown to the software developer Explanation: Zero-day attack exploits a vulnerability that is present in already released software but unknown to the software developer. 76. Answer: A. NIPS Explanation: Network Intrusion Prevention system (NIPS) inspects network traffic in real-time and has the capability to stop the attack. 77. Answer: A. SYN flood Explanation: A type of attack exploiting the TCP three-way handshake process is also known as SYN flood attack. Three-way handshake is used for connections over TCP and ends with an ACK packet sent from a client to a server confirming that the connection has been established. SYN flood attack skips this step forcing the server to use up resources in order to handle multiple half-open connections eventually making it unable to process legitimate requests. SYN flood is a type of Denial-ofService (DoS) attack. 78. Answer: D. AD-IDS Explanation: Anomaly-Detection Intrusion Detection System (AD-IDS) relies on the previously established baseline of normal network activity in order to detect intrusions. A Signature-based IDS relies on known attack patterns to detect an intrusion. 79. Answer: A. NAC Explanation: Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before or after endstations gain access to the network. NAC can be implemented as Preadmission NAC, where a host must, for example, be virus free or have patches applied before it is allowed to connect to the network, and/or Post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network. 80. Answer: C. Tunneling Explanation: Virtual Private Network (VPN) is a logical, restricted-use network created with the use of encryption and tunneling protocols over physical, public network links. VPN users can connect securely to a private LAN over unsecure public links thanks to the tunneling protocols that provide link encryption. 81. Answer: D. Protocol analyzer Explanation: Packet sniffer is a common term for protocol analyzer.

82. Answers: B and E. 20 and 21 Explanation: File Transfer Protocol (FTP) is an unencrypted file exchange protocol. FTP employs TCP ports 20 and 21. Connection established over TCP port 20 (the data connection) is used for exchanging data, connection made over TCP port 21 (the control connection) remains open for the duration of the whole session and is used for session administration (commands, identification, passwords, etc.). 83. Answer: C. White box Explanation: Penetration test of a computer system with the prior knowledge on how the system works is also known as white box testing. 84. Answers: C and D. IDS and Video surveillance Explanation: Intrusion Detection System (IDS) and video surveillance are examples of detective security controls. Intrusion Prevention System (IPS) and Security guard are examples fall into the category of preventative controls. 85. Answer: A. 443 Explanation: HTTPS runs on TCP port 443. HTTPS supports encryption and can use either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol for securing web traffic. 86. Answers: A and D. Dumpster diving and Social engineering Explanation: Dumpster diving is a practice of sifting through trash for discarded documents containing sensitive data. Documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and also mitigates the risk of social engineering attacks. 87. Answer: B. Asymmetric encryption Explanation: Public/private key pair is a feature of asymmetric encryption. 88. Answer: C. Patch management Explanation: Coding errors and security vulnerabilities in software that has already been released can be rectified through patch management. 89. Answers: A, C, and D. Bypasses security controls, Actively tests security controls, and Exploits vulnerabilities Explanation: Penetration testing bypasses security controls and actively tests security controls by exploiting vulnerabilities. Passive testing of security controls, identification of vulnerabilities and missing security controls or common misconfigurations are the features of a vulnerability scan.

90. Answer: B. OCSP Explanation: Online Certificate Status Protocol (OCSP) allows for querying Certificate Authority (CA) for validity of a digital certificate. Another solution for checking whether a certificate has been revoked is Certificate Revocation List (CRL). CRLs are updated regularly and sent out to interested parties. Compared to CRL, OCSP allows for querying the CA at any point in time and retrieving information without any delay. 91. Answer: D. With enhanced security measures Explanation: The term Trusted OS refers to an operating system with enhanced security features. The most common access control model used in Trusted OS is Mandatory Access Control (MAC). Examples of Trusted OS implementations include Security Enhanced Linux (SELinux) and FreeBSD with the TrustedBSD extensions. 92. Answer: C. Honeypot Explanation: A monitored host or network specifically designed to detect unauthorized access attempts is also known as a honeypot. This type of system contains no valuable data and is used to divert the attacker's attention from the corporate network. Multiple honeypots set up on a network are known as a honeynet. 93. Answer: A. Trojan horse Explanation: Software that performs unwanted and harmful actions in disguise of a legitimate and useful program is also referred to as a Trojan horse. This type of malware may act like a legitimate program and have all the expected functionalities, but apart from that it will also contain a portion of malicious code appended to it that the user is unaware of. 94. Answers: A, C, and E. Mantrap, Access list, and Hardware lock Explanation: Mantraps, physical access lists, and hardware locks fall into category of physical security measures. Mantraps are two-door entrance points connected to a guard station. A person entering mantrap from the outside remains inside until he/she provides authentication token required to unlock the inner door. Physical access lists allow guards to check credentials of people entering the facility and also to record and compare the number of people who have entered and left the premises. 95. Answers: A and C. Asymmetric encryption and Suitable for small wireless devices Explanation: Elliptic Curve Cryptography (ECC) is a type of asymmetric encryption. ECC provides strong encryption while requiring less processing power than other encryption methods which makes it suitable for small wireless devices such as handhelds and cell phones. 96. Answer: A. PGP Explanation: Pretty Good Privacy (PGP) allows for encryption of e-mail messages. PGP can also be used to digitally sign e-mails.

97. Answer: A. PBX Explanation: Phreaking refers to the exploitation of telecommunications systems. Private Branch Exchange (PBX) system is a private telephone network used within an enterprise. PBX systems can be compromised through phreaking. 98. Answer: D. PED Explanation: Personal Electronic Device (PED) is a lightweight consumer electronic devices that include mobile phones, Personal Digital Assistants (PDAs), laptops and tablets, digital cameras, portable game consoles, optical media players, MP3 players, USB drives, calculators, earphones, and other lightweight portable electronic devices. 99. Answers: A, B, and D. Is a symmetric encryption algorithm, Uses 128-, 192-, and 256-bit keys, and Uses block cipher algorithm Explanation: Advanced Encryption Standard (AES) is a strong symmetric encryption algorithm. AES uses block cipher algorithm with the block size of 64 bits (compared to stream ciphers which process data by encrypting individual bits, block cipher divides data into separate fragments and encrypts each fragment separately). AES uses 128-, 192-, and 256-bit encryption keys. 100. Answer: C. RC4 Explanation: Rivest Cipher 4 (RC4) is a symmetric stream cipher. Advanced Encryption Standard (AES), Data Encryption Standard (DES) and Triple DES (3DES) are all block ciphers. RC4 is used in Wired Equivalent Privacy (WEP) standard for wireless encryption and Secure Sockets Layer (SSL) for Internet traffic encryption.