1. Match the four risk response strategies with its correct description
Avoidance
Willing to live with the risk without control and mitigation

Unselect

Take steps to reduce the impact

Unselect

Don't engage in risky a activity

Unselect

Transfer the risk to another entity

Unselect

Transference
Willing to live with the risk without control and mitigation

Unselect

Take steps to reduce the impact

Unselect

Don't engage in risky a activity

Unselect

Transfer the risk to another entity

Unselect

Mitigation
Willing to live with the risk without control and mitigation

Unselect

Take steps to reduce the impact

Unselect

Don't engage in risky a activity

Unselect

Transfer the risk to another entity

Unselect

Acceptance
Willing to live with the risk without control and mitigation

Unselect

Take steps to reduce the impact

Unselect

Don't engage in risky a activity

Unselect

Transfer the risk to another entity

Unselect

Question 1 of 50

2. What are the three categories of control types that can be administered?

Question 2 of 50

3. You are asked to segregate the human resource and accounts department's network traffic on a layer two device within a LAN, so as to stop the two departments from seeing each other resources. Which of the following types of network design you would choose?

Question 3 of 50

4. NAT will hide the public IP address from the Internet world and is also a solution for the limited IPv6 addresses available

Question 4 of 50

5. What is the primary purpose of implementing security policies?

Question 5 of 50

6. You have been tasked in the implementation of corporate security policies regarding tablet usage for business purposes.  What should you do first?

Question 6 of 50

7. Match the security policy term with its correct definition
Policy
What happens if policy is not followed

Unselect

Defines to which set of users a security policy applies

Unselect

Collection of what can be done and what can't be done

Unselect

How security can be improved by using security policies

Unselect

Scope
What happens if policy is not followed

Unselect

Defines to which set of users a security policy applies

Unselect

Collection of what can be done and what can't be done

Unselect

How security can be improved by using security policies

Unselect

Enforcement
What happens if policy is not followed

Unselect

Defines to which set of users a security policy applies

Unselect

Collection of what can be done and what can't be done

Unselect

How security can be improved by using security policies

Unselect

Overview
What happens if policy is not followed

Unselect

Defines to which set of users a security policy applies

Unselect

Collection of what can be done and what can't be done

Unselect

How security can be improved by using security policies

Unselect

Question 7 of 50

8. Which of the following is not an example of personally identifiable information?

Question 8 of 50

9. Service level agreements (SLAs) are contractual documents guaranteeing a specific availability of network services

Question 9 of 50

10. A user on your network receives an email from the insurance company stating that there has been a security breach and all customers need to login to a link provided and change their login password. What variety of attack is this?

Question 10 of 50

11. Match the type of attach with its description
Spoofing
Happens when a hacker alter the source address of the packet

Unselect

DNS poisoning that leads a victim to a bogus server while surfing web

Unselect

A spoofed email that looks like to be coming from a trusted sender

Unselect

A spam message sent via instant messaging application

Unselect

Spear Phishing
Happens when a hacker alter the source address of the packet

Unselect

DNS poisoning that leads a victim to a bogus server while surfing web

Unselect

A spoofed email that looks like to be coming from a trusted sender

Unselect

A spam message sent via instant messaging application

Unselect

Spim
Happens when a hacker alter the source address of the packet

Unselect

DNS poisoning that leads a victim to a bogus server while surfing web

Unselect

A spoofed email that looks like to be coming from a trusted sender

Unselect

A spam message sent via instant messaging application

Unselect

Pharming
Happens when a hacker alter the source address of the packet

Unselect

DNS poisoning that leads a victim to a bogus server while surfing web

Unselect

A spoofed email that looks like to be coming from a trusted sender

Unselect

A spam message sent via instant messaging application

Unselect

Question 11 of 50

12. A birthday attack occurs when the hacker captures traffic off the network with a packet analyzer such as Wireshark

Question 12 of 50

13. What can be done to help prevent buffer overflow attacks from occurring in your network?

Question 13 of 50

14. What is the type of malware that hides itself from the operating system while allowing privileged access to a malicious user?

Question 14 of 50

15. Which of the following are true regarding backdoors?

Question 15 of 50

16. Bob uses the Google Chrome web browser on his Windows laptop. He reports that his browser home page keeps changing to web sites offering savings on consumer electronic products. What is causing this problem?

Question 16 of 50

17. A trojan is a malicious code that appears to be useful software. It could create a backdoor method for attackers to gain access to the system

Question 17 of 50

18. Match the technique with its description
Fuzzing
Disabling unneeded services to make system secure

Unselect

Refers to testing own software for vulnerabilities

Unselect

Testing of software to identify the cause of flaw

Unselect

Fixes problem with the software

Unselect

Hardening
Disabling unneeded services to make system secure

Unselect

Refers to testing own software for vulnerabilities

Unselect

Testing of software to identify the cause of flaw

Unselect

Fixes problem with the software

Unselect

Debugging
Disabling unneeded services to make system secure

Unselect

Refers to testing own software for vulnerabilities

Unselect

Testing of software to identify the cause of flaw

Unselect

Fixes problem with the software

Unselect

Patching
Disabling unneeded services to make system secure

Unselect

Refers to testing own software for vulnerabilities

Unselect

Testing of software to identify the cause of flaw

Unselect

Fixes problem with the software

Unselect

Question 18 of 50

19. You are a network administrator in a company. The company's management has asked you to secure all the Windows laptops, keeping in view most of the users use external USB storage devices to save their data. What are some of the best security practices to follow?

Question 19 of 50

20. Security templates are used to exploits hardware and software vulnerabilities to determine how secure computing devices or networks really are

Question 20 of 50

21. Which of the following security measure would protect the data stored in hard disk drive even if the hardware is stolen or lost?

Question 21 of 50

22. Your company hosts an on-premises active directory server to authenticate users. File servers and other applications are hosted in a public cloud. You have enabled Identity federation to create trust between locally authenticated users and cloud services for seamless connectivity. What type of cloud model you are using in this scenario?

Question 22 of 50

23. Which technology allows a response to be triggered if a mobile device leaves an area around a corporate building as per company policy?

Question 23 of 50

24. You are setting up a wireless router in a cafe, where customers would be able to connect to the internet. Where should you plug in the wireless router?

Question 24 of 50

25. Which technology actively monitors the network or system activity for abnormal behaviours and also take action to prevent the intrusion from succeeding?

Question 25 of 50

26. Based on the following LAN firewall rules, choose the best description

Allow inbound TCP 22, TCP 21

Allow outbound TCP 80, TCP 443

Question 26 of 50

27. Which process examines, where traffic is going and compares that against a list of allowed and forbidden sites to allow or prevent access?

Question 27 of 50

28. Which system is designed as a decoy to attract the cyberattacks in an effort to detect, deflect or counteract attempts at unauthorized use of information systems?

Question 28 of 50

29. Which two services are not provided by WPA when enabled on a wireless local area network?

Question 29 of 50

30. What are some of the best practices to secure a wireless network?

Question 30 of 50

31. Temporal Key Integrity Protocol (TKIP) is used by Wired Equivalent Privacy (WEP) for encryption and supersedes WiFi Protected Access (WPA)

Question 31 of 50

32. You have received a new wireless router from your internet service provider and you notice a PIN on the back of the router. What is the purpose of the PIN?

Question 32 of 50

33. You are a network administrator in a company. Some of the users are going on a business trip but they need access to the company's network while travelling. What should you configure for them?

Question 33 of 50

34. Before accessing computer systems, an enterprise company requires users to provide a PIN from their mobile phone using an authentication application. What is this an example of?

Question 34 of 50

35. Which service can be used to enable a user to authenticate only once to multiple resources that would otherwise require separate logins?

Question 35 of 50

36. A network router has the following inbound access-list configured

Choose the correct description of the ACL configuration

Question 36 of 50

37. Match the term with its description
False positive
Occurrence is considered normal activity and not malicious

Unselect

Occurrence is incorrectly determined to be malicious

Unselect

Occurrence that is malicious, has been detected

Unselect

Problems that do not get detected

Unselect

True positive
Occurrence is considered normal activity and not malicious

Unselect

Occurrence is incorrectly determined to be malicious

Unselect

Occurrence that is malicious, has been detected

Unselect

Problems that do not get detected

Unselect

False negative
Occurrence is considered normal activity and not malicious

Unselect

Occurrence is incorrectly determined to be malicious

Unselect

Occurrence that is malicious, has been detected

Unselect

Problems that do not get detected

Unselect

True negative
Occurrence is considered normal activity and not malicious

Unselect

Occurrence is incorrectly determined to be malicious

Unselect

Occurrence that is malicious, has been detected

Unselect

Problems that do not get detected

Unselect

Question 37 of 50

38. Which hashing algorithm computes a digest from provided data and any change in the data will invalidate the digest?

Question 38 of 50

39. Which firmware security solution uses PKI certificate keys to encrypt and decrypt hard disk contents?

Question 39 of 50

40. Which of the following statements regarding wired networks are not true? (Choose two)

Question 40 of 50

41. A user in your company show you some details regarding malicious users, gaining access to corporate resources. What type of assessment would you perform to investigate this?

Question 41 of 50

42. What defines the contractual documents, detailing the expected service from an Internet service provider?

Question 42 of 50

43. Risk management identifies and prioritizes risks and risk assessment is the governing of risks to minimize their impact

Question 43 of 50

44. An application server uses five hot-swappable hard disks in a RAID 5 configuration. When one disk fails, you have other disks readily available that you can simply plug in while the server is still running. Which term best describes this scenario?

Question 44 of 50

45. Match the incident response term with its definition
Preparation
It includes establishing incident response procedures

Unselect

Documentation of an incident for future reference

Unselect

Process to lessen the effect of anything

Unselect

Lessons Learned
It includes establishing incident response procedures

Unselect

Documentation of an incident for future reference

Unselect

Process to lessen the effect of anything

Unselect

Mitigation Steps
It includes establishing incident response procedures

Unselect

Documentation of an incident for future reference

Unselect

Process to lessen the effect of anything

Unselect

Question 45 of 50

46. Which procedure is an intrusive type of testing that involves simulating malicious activity against hosts or entire networks in order to assess how secure they are and to identify threats?

Question 46 of 50

47. You work as a network administrator in a company. You have set up a fileserver and configured auditing so that you can track who deletes files on the file share 'Projects'. Where will you view the audit results?

Question 47 of 50

48. Verbose logging is useful for troubleshooting but not for long periods of time because performance is degraded

Question 48 of 50

49. Which device can track detailed web surfing activity including site visited, time of day and the user account name?

Question 49 of 50

50. One of the users in your company reports that his Windows PC has been slow and unstable since last week. What should you first do to narrow down the problem?

Question 50 of 50