Availability Management allows organizations to sustain the IT service availability to support the business at a justifiable cost. Which of the following elements of Availability Management is used to perform at an agreed level over a period of time?
Each correct answer represents a part of the solution. Choose all that apply.

A. Maintainability

B. Resilience

C. Error control

D. Recoverability

E. Reliability

F. Security

G. Serviceability

Which of the following techniques can be used by an administrator while working with the symmetric encryption cryptography? Each correct answer represents a complete solution. Choose all that apply.

A. Transposition cipher

B. Message Authentication Code

C. Stream cipher

D. Block cipher

Your corporate network uses a Proxy Server for Internet access. The Manufacturing group has access permission for WWW protocol in the Web Proxy service, and access permission for POP3 protocol, in the WinSock Proxy service. The Supervisors group has access permission for WWW and FTP Read protocols in the Web Proxy service, and access permission for the SMTP protocol in the WinSock Proxy service. The Quality Control group has access permission only for WWW protocol in the Web Proxy service. The Interns group has no permissions granted in any of the Proxy Server services. Kate is a member of all four groups. In the Proxy Server services, which protocols does Kate have permission to use?

A. WWW only

B. FTP Read and SMTP only

C. WWW, FTP Read, POP3, and SMTP

D. WWW and POP3 only

You have purchased a wireless router for your home network. What will you do first to enhance the security?

A. Change the default password and administrator’s username on the router

B. Disable the network interface card on the computer

C. Configure DMZ on the router

D. Assign a static IP address to the computers

Which of the following algorithms produce 160-bit hash values?
Each correct answer represents a complete solution. Choose two.

A. MD2

B. MD5

C. SHA-1

D. SHA-0

Your Company is receiving false and abusive e-mails from the e-mail address of your partner company. When you complain, the partner company tells you that they have never sent any such e-mails. Which of the following types of cyber crimes involves this form of network attack?

A. Cyber squatting

B. Cyber Stalking

C. Man-in-the-middle attack

D. Spoofing

Which of the following refers to a small space having two sets of interlocking doors such that the first set of doors must close before the second set opens?

A. Man-trap

B. Man-in-the-middle

C. Demilitarized zone (DMZ)

D. Firewall

Tom works as the project manager for BlueWell Inc. He is working with his project to ensure timely and appropriate generation, retrieval, distribution, collection, storage, and ultimate disposition of project information. What is the process in which Tom is working?

A. Stakeholder expectation management

B. Stakeholder analysis

C. Work performance measurement

D. Project communication management

Which of the following best describes the identification, analysis, and ranking of risks?

A. Design of experiments

B. Fast tracking

C. Fixed-price contracts

D. Plan Risk management

Which of the following are the differences between routed protocols and routing protocols?
Each correct answer represents a complete solution. Choose two.

A. A routing protocol is configured on an interface and decides the method of packet delivery.

B. A routing protocol decides the path for a packet through the network.

C. A routed protocol is configured on an interface and decides how a packet will be delivered.

D. A routed protocol works on the transport layer of the OSI model.

You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross-Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

A. Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.

B. Look at the Web servers logs and normal traffic logging.

C. Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source.

D. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company’s site.

Which of the following refers to encrypted text?

A. Plaintext

B. Cookies

C. Ciphertext

D. Hypertext

You work as a Software Developer for uCertify Inc. You have developed a Data Access Logic (DAL) component that will be part of a distributed application. You are conducting integration testing with other components of the distributed application. Which of the following types of testing methods will you need to perform to identify potential security-related issues? Each correct answer represents a part of the solution. Choose two.

A. Unit testing

B. Stress testing

C. Load testing

D. Black box testing

E. White box testing

Which of the following tools is an open source network intrusion prevention and detection system that operates as a network sniffer?

A. IPLog

B. Snort

C. Timbersee

D. Swatch

Which of the following statements about Public Key Infrastructure (PKI) are true?
Each correct answer represents a complete solution. Choose two.

A. It is a digital representation of information that identifies users.

B. It uses asymmetric key pairs.

C. It provides security using data encryption and digital signature.

D. It uses symmetric key pairs.

Which of the following attacks saturates network resources and disrupts services to a specific computer?

A. Teardrop attack

B. Replay attack

C. Denial-of-Service (DoS) attack

D. Polymorphic shell code attack

You want to install a server that can be accessed by external users. You also want to ensure that these users cannot access the rest of the network. Where will you place the server?

A. Intranet

B. Local Area Network

C. Internet

D. Demilitarized Zone

E. Extranet

F. Wide Area Network

Which of the following types of cipher encrypts alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword?

A. Block cipher

B. Transposition cipher

C. Vigen re cipher

D. Stream cipher

Fred is the project manager for the TCC Company. His company has an internal policy that states each year they will provide free services to a nonprofit organization. Therefore, the company and its employees are not allowed to charge or receive money or gifts from the nonprofit organization they choose to provide free services. This year, the TCC Company offers to provide project management services to the children's hospital for a marketing campaign to raise money. Due to the TCC Company's project management services, the nonprofit agency exceeded previous years fund raising efforts. To show appreciation the nonprofit organization offered to reimburse the project manager for his travel expenses. Which of the following best describes how the project manager should handle the situation?

A. Say thank you and let them pay for the travel, it is the least they can do.

B. Tell the hospital no thank you and explain it is against company policy to accept payment for services provided to their pro bono customers.

C. Say nothing as to not hurt the feelings of the children’s hospital.

D. Ask if the hospital could pay for some of the supplies too.

You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases.
The email header of the suspicious email is given below:
 
What is the IP address of the sender of this email?

A. 209.191.91.180

B. 141.1.1.1

C. 172.16.10.90

D. 216.168.54.25

Which of the following statements are true about Dsniff?
Each correct answer represents a complete solution. Choose two.

A. It is a virus.

B. It contains Trojans.

C. It is antivirus.

D. It is a collection of various hacking tools.

Which of the following Web attacks is performed by manipulating codes of programming languages such as SQL, Perl, Java present in the Web pages?

A. Cross-Site Request Forgery

B. Code injection attack

C. Cross-Site Scripting attack

D. Command injection attack

SIMULATION -
Fill in the blank with the appropriate layer name.
The Network layer of the OSI model corresponds to the______ layer of the TCP/IP model.

You work in an enterprise as a Network Engineer. Your enterprise has a secure internal network.
You want to apply an additional network packet filtering device that is intermediate to your enterprise's internal network and the outer network (internet). Which of the following network zones will you create to accomplish this task?

A. Autonomous system area (AS)

B. Demilitarized zone (DMZ)

C. Border network area

D. Site network area

Which of the following types of firewalls forms a session flow table?

A. Proxy server firewall

B. Packet filtering firewall

C. Stateless packet filtering firewall

D. Stateful packet filtering firewall

Cryptography is the science of?

A. Encrypting and decrypting plain text messages.

B. Decrypting encrypted text messages.

C. Encrypting plain text messages.

D. Hacking secure information.

You are the project manager of SST project. You are in the process of collecting and distributing performance information including status report, progress measurements, and forecasts. Which of the following process are you performing?

A. Perform Quality Control

B. Verify Scope

C. Report Performance

D. Control Scope

Security is responsible for well-being of information and infrastructures in which the possibilities of successful yet undetected theft, tampering, and/or disruption of information and services are kept low or tolerable. Which of the following are the elements of security?
Each correct answer represents a complete solution. Choose all that apply.

A. Availability

B. Confidentiality

C. Confidentiality

D. Authenticity

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. He enters a single quote in the input field of the login page of the Weare- secure Web site and receives the following error message:
Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14'
This error message shows that the We-are-secure Website is vulnerable to __________.

A. A buffer overflow

B. An XSS attack

C. A Denial-of-Service attack

D. A SQL injection attack

You work as a Network Administrator for McRoberts Inc. You are required to upgrade a client computer on the company's network to Windows Vista Ultimate. During installation, the computer stops responding, and the screen does not change. What is the most likely cause?

A. Antivirus software is running on the computer.

B. You have provided an improper product key.

C. The computer is running a driver that is incompatible with Vista.

D. The computer has a hardware device that is incompatible with Vista.

Which of the following are the levels of public or commercial data classification system?
Each correct answer represents a complete solution. Choose all that apply.

A. Sensitive

B. Unclassified

C. Confidential

D. Public

E. Secret

F. Private

Which of the following evidences is NOT the potential evidence for Routers?

A. Routing tables

B. MAC address

C. ACL

D. Logs

Which of the following protocols work at the Network layer of the OSI model?

A. Internet Group Management Protocol (IGMP)

B. Simple Network Management Protocol (SNMP)

C. Routing Information Protocol (RIP)

D. File Transfer Protocol (FTP)

Which of the following statements are TRUE regarding asymmetric encryption and symmetric encryption? Each correct answer represents a complete solution. Choose all that apply.

A. Data Encryption Standard (DES) is a symmetric encryption key algorithm.

B. In symmetric encryption, the secret key is available only to the recipient of the message.

C. Symmetric encryption is commonly used when a message sender needs to encrypt a large amount of data.

D. Asymmetric encryption uses a public key and a private key pair for data encryption.

Each time you start your computer, you receive an error message that your TCP/IP address is in use. Which of the following attacks is this?

A. Worm attack

B. ICMP attack

C. Back door attack

D. TCP/IP hijacking

E. TCP Sequence Number attack

F. TCP SYN or TCP ACK flood attack

Which of the following U.S.C. laws is governs the fraudulent activities associated with computers?

A. 18 U.S.C. 2251

B. 18 U.S.C. 3771

C. 18 U.S.2257

D. 18 U.S.C. 1030

You are the Network Administrator for a bank. You discover that someone has logged in with a user account access, but then used various techniques to obtain access to other user accounts. What is this called?

A. Vertical Privilege Escalation

B. Session Hijacking

C. Account hijacking

D. Horizontal Privilege Escalation

Which of the following refers to the emulation of the identity of a network computer by an attacking computer?

A. Spoofing

B. PING attack

C. Hacking

D. SYN attack

Which of the following tools can be used for stress testing of a Web server?
Each correct answer represents a complete solution. Choose two.

A. Internet bots

B. Spyware

C. Scripts

D. Anti-virus software

Which of the following encryption techniques does digital signatures use?

A. MD5

B. RSA

C. IDEA

D. Blowfish

This type of virus infects programs that can execute and load into memory to perform predefined steps for infecting systems. It infects files with the extensions .EXE, .COM, .BIN, and .SYS. As it can replicate or destroy these types of files, the operating system becomes corrupted and needs reinstallation. This type of virus is known as __________.

A. Multipartite virus

B. Boot sector virus

C. File virus

D. Stealth virus

E. Polymorphic virus

Which of the following is the maximum variable key length for the Blowfish encryption algorithm?

A. 448 bit

B. 256 bit

C. 64 bit

D. 16 bit

Which term best describes an e-mail that contains incorrect and misleading information or warnings about viruses?

A. Blowfish

B. Spam

C. Virus

D. Trojan horse

E. Hoax

F. Rlogin

You are the project manager of a new project to install new hardware for your organization's computer network. You have never worked with networking software or hardware before so you enroll in a class to learn more about the technology you'll be managing in your project. This is an example of which one of the following?

A. Cost of nonconformance to quality

B. Enhancing your personal professional competence

C. Team development

D. A waste for the project as the project manager does not need to know much about the project’s application

Maria works as a professional Ethical Hacker. She is assigned a project to test the security of www.we-are-secure.com. She wants to test a DoS attack on the We-are-secure server. She finds that the firewall of the server is blocking the ICMP messages, but it is not checking the UDP packets. Therefore, she sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the We-are-secure server. Which of the following DoS attacks is Maria using to accomplish her task?

A. Smurf DoS attack

B. Teardrop attack

C. Fraggle DoS attack

D. Ping flood attack

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site. The We-are-secure login page is vulnerable to a __________.

A. Social engineering

B. Smurf DoS

C. Brute force

D. Ping flood attack

Which of the following books is used to examine integrity and availability?

A. Brown Book

B. Red Book

C. Purple Book

D. Orange Book

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

A. Technical representative

B. Legal representative

C. Lead investigator

D. Information security representative

NIST Special Publication 800-50 is a security awareness program. It is designed for those people who are currently working in the information technology field and want to the information security policies.
Which of the following are its significant steps?
Each correct answer represents a complete solution. Choose two.

A. Awareness and Training Material Effectiveness

B. Awareness and Training Material Development

C. Awareness and Training Material Implementation

D. Awareness and Training Program Design

John works as a security manager in Mariotx.Inc. He has been tasked to resolve a network attack issue. To solve the problem, he first examines the critical information about the attacker's interaction to the network environment. He prepares a past record and behavioral document of the attack to find a direction of the solution. Then he decides to perform an action based on the previous hypothesis and takes the appropriate action against the attack. Which of the following strategies has John followed?

A. Maneuver warfare

B. Control theory

C. SWOT Analysis

D. OODA loop