Which of the following terms is described by the statement given below?
"It allows the server to authenticate itself to the client by using public-key techniques. It then allows the client and server to cooperate in creating symmetric keys session that follows."

A. Secure Electronic Transaction (SET)

B. Virtual Private Network (VPN)

C. Secure Sockets Layer (SSL) Handshake

D. Digital signature

Which of the following security models dictates that subjects can only access objects through applications?

A. Biba-Clark model

B. Bell-LaPadula

C. Biba model

D. Clark-Wilson

Which of the following protocols is used to verify the status of a certificate?

A. CEP

B. HTTP

C. OSPF

D. OCSP

?
Each correct answer represents a complete solution. Choose three.

A. Authentication

B. Data encryption

C. Authorization

D. Accounting

At which of the following layers of the Open System Interconnection (OSI) model the Internet Control Message Protocol (ICMP) and the Internet Group
Management Protocol (IGMP) work?

A. The Physical layer

B. The Network layer

C. The Data-Link layer

D. The Presentation layer

Which of the following protocols is used to provide security for wireless local area networks (WLANs)?

A. WEP

B. EAP

C. NAT

D. TLS

Which of the following are the goals of the cryptographic systems?
Each correct answer represents a complete solution. Choose three.

A. Availability

B. Authentication

C. Integrity

D. Confidentiality

over the Internet?

A. VPN

B. ATM

C. SSL

D. SET

Which of the following authentication methods support mutual authentication?
Each correct answer represents a complete solution. Choose two.

A. MS-CHAP v2

B. EAP-TLS

C. EAP-MD5

D. NTLM

algorithm?

A. Password

B. Access control entry

C. Key exchange

D. Access control list

Brutus is a password cracking tool that can be used to crack the following authentications:
✑ HTTP (Basic Authentication)
✑ HTTP (HTML Form/CGI)
✑ POP3 (Post Office Protocol v3)
✑ FTP (File Transfer Protocol)
✑ SMB (Server Message Block)
Telnet -
 
Which of the following attacks can be performed by Brutus for password cracking?
Each correct answer represents a complete solution. Choose all that apply.

A. Dictionary attack

B. Brute force attack

C. Replay attack

D. Hybrid attack

E. Man-in-the-middle attack

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users?

A. Spoofing

B. System hardening

C. Shielding

D. Auditing

Which of the following are methods used for authentication?
Each correct answer represents a complete solution. Choose all that apply.

A. Smart card

B. Biometrics

C. Username and password

D. Magnetic stripe card

These are false reports about non-existent viruses. In these reports, the writer often claims to do impossible things. Due to these false reports, the network administrator shuts down his network, which in turn affects the work of the company. These reports falsely claim to describe an extremely dangerous virus, and declare that the report is issued by a reputed company. These reports are known as __________.

A. Time bombs

B. Virus hoaxes

C. Chain letters

D. Spambots

E. Logic bombs

are true?
Each correct answer represents a complete solution. Choose three.

A. It is best suited for encrypting large amount of data.

B. It is used by Data Encryption Standard (DES) to encrypt data.

C. It uses two keys – a public key and a private key pair for data encryption.

D. It is a relatively fast encryption method than public key encryption.

Which of the following protocols is used to establish a secure TELNET session over TCP/IP?

A. PGP

B. SSH

C. SSL

D. IPSEC

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2000 domain-based network. Users report that they are unable to log on to the network. Mark finds that accounts are locked out due to multiple incorrect log on attempts. What is the most likely cause of the account lockouts?

A. SYN attack

B. Spoofing

C. PING attack

D. Brute force attack

Which of the following concepts represent the three fundamental principles of information security?
Each correct answer represents a complete solution. Choose three.

A. Integrity

B. Privacy

C. Confidentiality

D. Availability

Which of the following provides secure online payment services?

A. CA

B. IEEE

C. ACH

D. ICSA

Which of the following are the types of access controls?
Each correct answer represents a complete solution. Choose three.

A. Technical

B. Administrative

C. Automatic

D. Physical

What are packet sniffers?

A. Packet sniffers test package security.

B. Packet sniffers capture the packages as they cross the network.

C. Packet sniffers encrypt the packages as they cross the network.

D. Packet sniffers test the packages to verify data integrity.

Which of the following can be used to protect a computer system from malware, viruses, spyware, and various types of keyloggers?
Each correct answer represents a complete solution. Choose all that apply.

A. SocketShield

B. Enum

C. KFSensor

D. Sheep dip

Which of the following are the ways of sending secure e-mail messages over the Internet?
Each correct answer represents a complete solution. Choose two.

A. PGP

B. TLS

C. IPSec

D. S/MIME

Which of the following types of activities can be audited for security?
Each correct answer represents a complete solution. Choose three.

A. Data downloading from the Internet

B. File and object access

C. Network logons and logoffs

D. Printer access

are true?
Each correct answer represents a complete solution. Choose two.

A. It identifies a user who sends a message.

B. It is created by implementing a public-key encryption.

C. It is created by implementing a private-key encryption.

D. It identifies a user who deletes a message.

At which of the following layers of the Open System Interconnection (OSI) model the Internet Control Message Protocol (ICMP) and the Internet Group
Management Protocol (IGMP) work?

A. The Physical layer

B. The Network layer

C. The Data-Link layer

D. The Presentation layer

passwords?

A. 128-bit

B. 32-bit

C. 64-bit

D. 56-bit

Which of the following protocols is used as the directory access protocol?

A. HDAP

B. NNTP

C. FTP

D. LDAP

Which of the following is the most secure method of authentication?

A. Biometrics

B. Smart card

C. Anonymous

D. Username and password

SIMULATION -
Fill in the blank with the appropriate layer name.
The Network layer of the OSI model corresponds to the _______________ layer of the TCP/IP model.

Which of the following protocols work at the network layer?
Each correct answer represents a complete solution. Choose three.

A. RIP

B. OSPF

C. SPX

D. IGMP

A ________ attack occurs when an attacker successfully inserts an intermediary software or program between two communicating hosts.

A. Man-in-the-middle

B. Brute force

C. Denial of Service (DoS)

D. Dictionary

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company.
To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?

A. Email spoofing

B. Social engineering

C. Web ripping

D. Steganography

Which of the following terms describes an attempt to transfer DNS zone data?

A. Reconnaissance

B. Spam

C. Dumpster diving

D. Encapsulation

?
Each correct answer represents a complete solution. Choose all that apply.

A. ASCII

B. MPEG

C. TIFF

D. JPEG

of the OSI model?
Each correct answer represents a complete solution. Choose two.

A. Firewalls

B. Hub

C. Routers

D. MAC addresses

Which of the following terms refers to the act of obtaining plain text from cipher text without a cryptographic key?

A. Hacking

B. Algorithm

C. Cryptanalysis

D. Ciphertext

is true?

A. It is a rule list containing access control entries.

B. It specifies whether an audit activity should be performed when an object attempts to access a resource.

C. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.

D. It is a unique number that identifies a user, group, and computer account.

Which of the following is used to repair missing or damaged system files that might prevent Windows from starting correctly?

A. Boot Repair

B. System Repair

C. Recovery Repair

D. Startup Repair

Which of the following types of safes can be chosen by an organization to store data backups or other types of valuables?
Each correct answer represents a complete solution. Choose three.

A. Depositaries

B. Chests

C. Bottle safe

D. Wall safe

are true?
Each correct answer represents a complete solution. Choose two.

A. It can also be nested with the Layer Two Tunneling Protocol (L2TP).

B. It is an IPSec protocol.

C. It uses TCP port 22 as the default port and operates at the application layer.

D. It is a text-based communication protocol.

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He notices that UDP port 137 of the We-are-secure server is open. Assuming that the Network Administrator of We-are-secure Inc. has not changed the default port values of the services, which of the following services is running on UDP port 137?

A. HTTPS

B. HTTP

C. TELNET

D. NetBIOS

SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol?
Each correct answer represents a complete solution. Choose all that apply.

A. Blowfish

B. DES

C. RC4

D. IDEA

Identify whether the given statement is true or false.
"Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords."

A. False

B. True

Which of the following protocols work at the Network layer of the OSI model?

A. Routing Information Protocol (RIP)

B. Internet Group Management Protocol (IGMP)

C. Simple Network Management Protocol (SNMP)

D. File Transfer Protocol (FTP)

Which of the following are the examples of technical controls?
Each correct answer represents a complete solution. Choose three.

A. Auditing

B. System access

C. Data backups

D. Network acchitecture

Which of the following ensures that a sender cannot deny sending a message?

A. Authentication

B. Snooping

C. Spoofing

D. Non repudiation

Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?

A. Social engineering attack

B. Password guessing attack

C. Mail bombing

D. Cross site scripting attack

Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 domainbased network. The company has two offices in different cities. The offices are connected through the Internet. Both offices have a Windows 2003 server named SERV1 and SERV2 respectively. Mark is required to create a secure connection between both offices. He configures a VPN connection between the offices using the two servers. He uses L2TP for VPN and also configures an IPSec tunnel. Which of the following will he achieve with this configuration?
Each correct answer represents a part of the solution. Choose two.

A. Highest possible encryption for traffic between the offices

B. Encryption for the local files stored on the two servers

C. Extra bandwidth on the Internet connection

D. Mutual authentication between the two servers

Which of the following steps are generally followed in computer forensic examinations?
Each correct answer represents a complete solution. Choose three.

A. Encrypt

B. Acquire

C. Authenticate

D. Analyze