Which of the following refers to a location away from the computer center where document copies and backup media are kept?

A. Storage Area network

B. Off-site storage

C. On-site storage

D. Network attached storage

Which of the following attacks can be overcome by applying cryptography?

A. Web ripping

B. DoS

C. Sniffing

D. Buffer overflow

You work as a Network Consultant. A company named Tech Perfect Inc. hires you for security reasons. The manager of the company tells you to establish connectivity between clients and servers of the network which prevents eavesdropping and tampering of data on the Internet. Which of the following will you configure on the network to perform the given task?

A. WEP

B. IPsec

C. VPN

D. SSL

You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries.
But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.

A. Identification

B. Eradication

C. Recovery

D. Contamination

E. Preparation

Which of the following protocols is used to compare two values calculated using the Message Digest (MD5) hashing function?

A. CHAP

B. PEAP

C. EAP

D. EAP-TLS

Computer networks and the Internet are the prime mode of Information transfer today. Which of the following is a technique used for modifying messages, providing Information and Cyber security, and reducing the risk of hacking attacks during communications and message passing over the Internet?

A. Risk analysis

B. Firewall security

C. Cryptography

D. OODA loop

You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement? Each correct answer represents a complete solution. Choose two.

A. MAC filtering the router

B. Not broadcasting SSID

C. Using WEP encryption

D. Using WPA encryption

You work as a Chief Security Officer for Tech Perfect Inc. The company has a TCP/IP based network. You want to use a firewall that can track the state of active connections of the network and then determine which network packets are allowed to enter through the firewall. Which of the following firewalls has this feature?

A. Stateful packet inspection firewall

B. Proxy-based firewall

C. Dynamic packet-filtering firewall

D. Application gateway firewall

Which of the following security protocols provides confidentiality, integrity, and authentication of network traffic with end-to-end and intermediate-hop security?

A. IPSec

B. SET

C. SWIPE

D. SKIP

Which of the following devices is a least expensive power protection device for filtering the electrical stream to control power surges, noise, power sags, and power spikes?

A. Line Conditioner

B. Surge Suppressor

C. Uninterrupted Power Supply (UPS)

D. Expansion Bus

Andrew works as a Network Administrator for Infonet Inc. The company's network has a Web server that hosts the company's Web site. Andrew wants to increase the security of the Web site by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does SSL use? Each correct answer represents a complete solution. Choose two.

A. Synchronous

B. Secret

C. Asymmetric

D. Symmetric

Which of the following are man-made threats that an organization faces? Each correct answer represents a complete solution. Choose three.

A. Theft

B. Employee errors

C. Strikes

D. Frauds

Which of the following methods for identifying appropriate BIA interviewees' includes examining the organizational chart of the enterprise to understand the functional positions?

A. Executive management interviews

B. Overlaying system technology

C. Organizational chart reviews

D. Organizational process models

Which of the following is a method for transforming a message into a masked form, together with a way of undoing the transformation to recover the message?

A. Cipher

B. CrypTool

C. Steganography

D. MIME

In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation and training?

A. Initiation

B. Programming and training

C. Design

D. Evaluation and acceptance

Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?

A. RCO

B. RTO

C. RPO

D. RTA

You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails. Which of the following will you use to accomplish this?

A. PGP

B. PPTP

C. IPSec

D. NTFS

You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of
Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?

A. Containment

B. Preparation

C. Recovery

D. Identification

Which of the following does PEAP use to authenticate the user inside an encrypted tunnel? Each correct answer represents a complete solution. Choose two.

A. GTC

B. MS-CHAP v2

C. AES

D. RC4

Which of the following security architectures defines how to integrate widely disparate applications for a world that is Web-based and uses multiple implementation platforms?

A. Sherwood Applied Business Security Architecture

B. Service-oriented modeling and architecture

C. Enterprise architecture

D. Service-oriented architecture

You work as a Network Administrator for McNeil Inc. The company has a TCP/IP-based network. Performance of the network is slow because of heavy traffic. A hub is used as a central connecting device in the network. Which of the following devices can be used in place of a hub to control the network traffic efficiently?

A. Repeater

B. Bridge

C. Switch

D. Router

You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically used to ensure the integrity of certain sensitive files. It must use a
128 bit hash value. Which of the following should you use?

A. AES

B. SHA

C. MD5

D. DES

You are the Network Administrator for a small business. You need a widely used, but highly secure hashing algorithm. Which of the following should you choose?

A. AES

B. SHA

C. EAP

D. CRC32

Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?

A. Twofish

B. Digital certificates

C. Public key

D. RSA

You are responsible for a Microsoft based network. Your servers are all clustered. Which of the following are the likely reasons for the clustering? Each correct answer represents a complete solution. Choose two.

A. Reduce power consumption

B. Ease of maintenance

C. Failover

D. Load balancing

Which of the following encryption modes has the property to allow many error correcting codes to function normally even when applied before encryption?

A. OFB mode

B. CFB mode

C. CBC mode

D. PCBC mode

Which of the following should the administrator ensure during the test of a disaster recovery plan?

A. Ensure that the plan works properly

B. Ensure that all the servers in the organization are shut down.

C. Ensure that each member of the disaster recovery team is aware of their responsibility.

D. Ensure that all client computers in the organization are shut down.

Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

A. Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, and application layer

B. Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, and application layer

C. application layer, presentation layer, network layer, transport layer, session layer, data link layer, and physical layer

D. Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer

Which of the following protocols is an alternative to certificate revocation lists (CRL) and allows the authenticity of a certificate to be immediately verified?

A. RSTP

B. SKIP

C. OCSP

D. HTTP

An access control secures the confidentiality, integrity, and availability of the information and data of an organization. In which of the following categories can you deploy the access control? Each correct answer represents a part of the solution. Choose all that apply.

A. Detective access control

B. Corrective access control

C. Administrative access control

D. Preventive access control

Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

A. Authentication

B. Non-repudiation

C. Integrity

D. Confidentiality

Which of the following protocols supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection?

A. PPTP

B. UDP

C. IPSec

D. PAP

You work as a Network Administrator for McRoberts Inc. You are expanding your company's network. After you have implemented the network, you test the connectivity to a remote host by using the PING command. You get the ICMP echo reply message from the remote host. Which of the following layers of the OSI model are tested through this process? Each correct answer represents a complete solution. Choose all that apply.

A. Layer 3

B. Layer 2

C. Layer 4

D. Layer 1

Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?

A. Asymmetric encryption

B. Symmetric encryption

C. S/MIME

D. PGP

Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the TCP/IP model?

A. The transport layer

B. The presentation layer

C. The session layer

D. The application layer

Which of the following techniques can be used by an administrator while working with the symmetric encryption cryptography? Each correct answer represents a complete solution. Choose all that apply.

A. Block cipher

B. Stream cipher

C. Transposition cipher

D. Message Authentication Code

Which of the following protocols provides certificate-based authentication for virtual private networks (VPNs)?

A. PPTP

B. SMTP

C. HTTPS

D. L2TP

You work as a Network Administrator for NetTech Inc. You want to have secure communication on the company's intranet. You decide to use public key and private key pairs. What will you implement to accomplish this?

A. Microsoft Internet Information Server (IIS)

B. VPN

C. FTP server

D. Certificate server

A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?

A. Denial-of-Service attack

B. Vulnerability attack

C. Social Engineering attack

D. Impersonation attack

In which of the following network topologies does the data travel around a loop in a single direction and pass through each device?

A. Ring topology

B. Tree topology

C. Star topology

D. Mesh topology

Which of the following electrical events shows a sudden drop of power source that can cause a wide variety of problems on a PC or a network?

A. Blackout

B. Power spike

C. Power sag

D. Power surge

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

A. Email spoofing

B. Social engineering

C. Web ripping

D. Steganography

Which of the following protocols uses the Internet key Exchange (IKE) protocol to set up security associations (SA)?

A. IPSec

B. L2TP

C. LEAP

D. ISAKMP

Which of the following are types of access control attacks? Each correct answer represents a complete solution. Choose all that apply.

A. Dictionary attack

B. Mail bombing

C. Spoofing

D. Brute force attack

Which of the following keys are included in a certificate revocation list (CRL) of a public key infrastructure (PKI)? Each correct answer represents a complete solution. Choose two.

A. A foreign key

B. A private key

C. A public key

D. A primary key

In which of the following cryptographic attacking techniques does an attacker obtain encrypted messages that have been encrypted using the same encryption algorithm?

A. Chosen plaintext attack

B. Ciphertext only attack

C. Chosen ciphertext attack

D. Known plaintext attack

You are responsible for security at a building that has a lot of traffic. There are even a significant number of non-employees coming in and out of the building. You are concerned about being able to find out who is in the building at a particular time. What is the simplest way to accomplish this?

A. Implement a sign in sheet at the main entrance and route all traffic through there.

B. Have all people entering the building use smart cards for access.

C. Implement biometric access.

D. Implement cameras at all entrances.

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are- secure network is vulnerable to a man-in-the-middle attack since the key exchange process of the cryptographic algorithm it is using does not thenticate participants. Which of the following cryptographic algorithms is being used by the We-are-secure server?

A. Blowfish

B. Twofish

C. RSA

D. Diffie-Hellman

Which of the following protocols work at the Network layer of the OSI model?

A. Routing Information Protocol (RIP)

B. File Transfer Protocol (FTP)

C. Simple Network Management Protocol (SNMP)

D. Internet Group Management Protocol (IGMP)

You are the administrator for YupNo.com. You want to increase and enhance the security of your computers and simplify deployment. You are especially concerned with any portable computers that are used by remote employees. What can you use to increase security, while still allowing your users to perform critical tasks?

A. BitLocker

B. Smart Cards

C. Service Accounts

D. AppLocker