Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1. Which of the following answers refers to a dedicated device for managing secure connections
established over an untrusted network, such as the Internet?
A. Load balancer
B. VPN concentrator
C. Spam filter
D. Web server
2. Which of the following acronyms refers to a network or host based monitoring system designed to
automatically alert administrators of known or suspected unauthorized activity?
A. IDS
B. AES
C. TPM
D. EFS
3. A software tool used to monitor and examine contents of network traffic is known as: (Select all that
apply)
A. Port scanner
B. Packet sniffer
C. Vulnerability scanner
D. Protocol analyzer
4. Which of the following acronyms refers to a network security solution combining the functionality of a
firewall with additional safeguards such as URL filtering, content inspection, or malware inspection?
A. MTU
B. STP
C. UTM
D. XML
5. Which of the following network security solutions inspects network traffic in real-time and has the
capability to stop the ongoing attack?
A. NIPS
B. HIDS
C. HIPS
D. NIST
6. Which of the following actions can be taken by passive IDS? (Select 2 answers)
A. Reconfiguring firewall
B. Closing down connection
C. Logging
D. Terminating process
E. Sending an alert
7. Which of the following answers refers to a set of rules that specify which users or system processes
are granted access to objects as well as what operations are allowed on a given object?
A. CRL
B. NAT
C. BCP
D. ACL
8. Which type of Intrusion Detection System (IDS) relies on the previously established baseline of normal
network activity in order to detect intrusions?
A. Signature-based
B. URL filter
C. Anomaly-based
D. ACL
10. Which of the following security solutions provides a countermeasure against denial-of-service attack
characterized by increasing number of half-open connections?
A. Flood guard
B. MAC filter
C. Honeypot
D. Port scanner
12. Which type of Intrusion Detection System (IDS) relies on known attack patterns to detect an
intrusion?
A. Load balancer
B. Signature-based
C. Protocol analyzer
D. Anomaly-based
13. A lightly protected subnet placed on the outside of the company's firewall consisting of publicly
available servers is known as:
A. VPN
B. Access Point (AP)
C. VLAN
D. DMZ
14. Which of the following acronyms refers to a solution allowing companies to cut costs related to
managing of internal calls?
A. PBX
B. POTS
C. P2P
D. PSTN
15. Which security measure is in place when a client is denied access to the network due to outdated
antivirus software?
A. NAC
B. DMZ
C. VLAN
D. NAT
16. Which of the following solutions is used to hide the internal IP addresses by modifying IP address
information in IP packet headers while in transit across a traffic routing device?
A. NAC
B. ACL
C. NAT
D. DMZ
17. In which of the cloud computing infrastructure types clients, instead of buying all the hardware and
software, purchase computing resources as an outsourced service from suppliers who own and maintain
all the necessary equipment?
A. IaaS
B. SaaS
C. P2P
D. PaaS
18. Which of the following cloud service types would provide the best solution for a web developer
intending to create a web app?
A. SaaS
B. API
C. PaaS
D. IaaS
19. A cloud computing infrastructure type where applications are hosted over a network (typically
Internet) eliminating the need to install and run the software on the customer's own computers is
called:
A. Thick client
B. SaaS
C. Virtualization
D. IaaS
20. Which of the following protocols is used in network management systems for monitoring networkattached devices?
A. RTP
B. SNMP
C. IMAP
D. RTP
21. Which of the protocols listed below is used by the PING utility?
A. TLS
B. SNMP
C. FCoE
D. ICMP
23. Which of the following protocols run(s) on port number 22? (Select all that apply)
A. FTP
B. SSH
C. SMTP
D. SCP
E. SFTP
26. Which of the following ports enable(s) retrieving email messages from a remote server? (Select all
that apply)
A. 80
B. 139
C. 110
D. 443
E. 143
27. Which of the following answers lists the default port number for a Microsoft-proprietary remote
connection protocol?
A. 139
B. 443
C. 3389
D. 53
28. Which of the following wireless encryption schemes offers the highest level of protection?
A. WEP
B. WPA2
C. WAP
D. WPA
29. A network access control method whereby the 48-bit address assigned to each network card is used
to determine access to the network is known as:
A. EMI shielding
B. Hardware lock
C. MAC filter
D. Quality of Service (QoS)
32. Which of the following WAP configuration settings allows for adjusting the boundary range of the
wireless signal?
A. Beacon frame
B. Power level controls
C. Quality of Service (QoS)
D. MAC filtering
33. Which of the following answers refers to a solution allowing administrators to block Internet access
for users until they perform required action?
A. Access logs
B. Mantrap
C. Post-admission NAC
D. Captive portal
34. An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an
example of:
A. Fault tolerance
B. False positive error
C. Incident isolation
D. False negative error
35. Which of the following terms refers to a situation where no alarm is raised when an attack has taken
place?
A. False negative
B. True positive
C. False positive
D. True negative
36. A policy outlining ways of collecting and managing personal data is known as:
A. Acceptable use policy
B. Audit policy
C. Privacy policy
D. Data loss prevention
37. Which of the following acronyms refers to a set of rules enforced in a network that restrict the use
to which the network may be put?
A. OEM
B. AUP
C. UAT
D. ARO
38. One of the goals behind the mandatory vacations policy is to mitigate the occurrence of fraudulent
activity within the company.
A. True
B. False
39. Which of the following answers refers to a concept of having more than one person required to
complete a given task?
A. Acceptable use policy
B. Privacy policy
C. Multifactor authentication
D. Separation of duties
40. A security rule that prevents users from accessing information and resources that lie beyond the
scope of their responsibilities is known as:
A. Order of volatility
B. Principle of least privilege
C. Privacy policy
D. Single sign-on
41. Which of the following acronyms refers to a risk assessment formula defining probable financial loss
due to a risk over a one-year period?
A. ARO
B. ALE
C. SLE
D. UAT
42. Single Loss Expectancy (SLE) = Asset Value (AV) x Exposure Factor (EF)
The Exposure Factor (EF) used in the formula above refers to the impact of the risk over the asset, or
percentage of asset lost when a specific threat is realized. Which of the following answers lists the
correct EF value for an asset that is entirely lost?
A. 0
B. 100
C. 1.0
D. 0.1
43. Contracting out a specialized technical component when the company's employees lack the
necessary skills is an example of:
A. Risk deterrence
B. Risk avoidance
C. Risk acceptance
D. Risk transference
44. Disabling certain system functions or shutting down the system when risks are identified is an
example of:
A. Risk acceptance
B. Risk avoidance
C. Risk transference
D. Risk deterrence
45. What type of risk management strategy is in place when accessing the network involves a login
banner warning designed to inform potential attacker of the likelihood of getting caught?
A. Risk avoidance
B. Risk acceptance
C. Risk deterrence
D. Risk transference
46. Which of the following terms refers to one of the hardware-related disadvantages of the
virtualization technology?
A. Single point of failure
B. Server clustering
C. Privilege escalation
D. Power and cooling costs
47. An agreement between a service provider and the user(s) defining the nature, availability, quality,
and scope of the service to be provided is known as:
A. SLE
B. BPA
C. SLA
D. DLP
48. A document established between two or more parties to define their respective responsibilities in
accomplishing a particular goal or mission is known as:
A. BPA
B. MOU
C. SLE
D. ISA
49. Which of the following answers refers to an agreement established between the organizations that
own and operate connected IT systems to document the technical requirements of the interconnection?
A. ISA
B. ALE
C. MOU
D. BPA
50. In forensic procedures, a sequence of steps in which different types of evidence should be collected
is known as:
A. Order of volatility
B. Layered security
C. Chain of custody
D. Transitive access
53. A sticky note with a password kept on sight in user's cubicle would be a violation of which of the
following policies?
A. Data labeling policy
B. Clean desk policy
C. User account policy
D. Password complexity
56. Which of the following solutions provide(s) availability? (Select all that apply)
A. RAID 5
B. RAID 0
C. Encryption
D. RAID 1
E. Hot site
58. In a differential backup strategy, restoring data from backup requires only a working copy of the last
full backup.
A. True
B. False
59. A United States federal government initiative aimed at enabling agencies to continue their essential
functions across a broad spectrum of emergencies is known as:
A. OVAL
B. TACACS
C. COOP
D. OCSP
62. Which of the following security controls provide(s) integrity? (Select all that apply)
A. Hashing
B. Fault tolerance
C. Digital signatures
D. Non-repudiation
E. Encryption
64. Which of the following answers refers to a general term used to describe software designed
specifically to damage or disrupt the operation of a computer system?
A. Adware
B. Spyware
C. Spam
D. Malware
66. A computer program containing malicious segment that attaches itself to an application program or
other executable component is called:
A. Adware
B. Virus
C. Spam
D. Flash cookie
67. Malicious software collecting information about users without their knowledge/consent is called:
A. Logic bomb
B. Adware
C. Computer worm
D. Spyware
68. Which of the following answers refers to malicious software performing unwanted and harmful
actions in disguise of a legitimate and useful program?
A. Trojan horse
B. Spyware
C. Logic bomb
D. Adware
69. A collection of software tools used by a hacker in order to mask intrusion and obtain administratorlevel access to a computer or computer network is known as:
A. Backdoor
B. Botnet
C. Rootkit
D. Armored virus
70. Which of the following answers refers to an undocumented way of gaining access to a program,
online service or an entire computer system?
A. Tailgating
B. Rootkit
C. Trojan horse
D. Backdoor
72. A group of computers running malicious software under control of a hacker is referred to as:
A. Intranet
B. Botnet
C. Ethernet
D. Subnet
73. Malware that restricts access to a computer system by encrypting files or locking the entire system
down until the user performs requested action is known as:
A. Grayware
B. Adware
C. Ransomware
D. Spyware
74. The process by which malicious software changes its underlying code to avoid detection is called:
A. Fuzzing
B. Polymorphism
C. Pharming
D. Spoofing
75. A type of virus that takes advantage of various mechanisms specifically designed to make tracing,
disassembling and reverse engineering its code more difficult is known as:
A. Armored virus
B. Rootkit
C. Logic bomb
D. Backdoor
77. Which of the following attacks uses multiple compromised computer systems against its target?
(Select best answer)
A. Spear phishing
B. DoS
C. Watering hole attack
D. DDoS
78. A replay attack occurs when an attacker intercepts user credentials and tries to use this information
later for gaining unauthorized access to resources on a network.
A. True
B. False
79. Which of the following authentication protocols offer(s) countermeasures against replay attacks?
(Select all that apply)
A. NTP
B. PAP
C. Kerberos
D. CHAP
80. An email sent from unknown source disguised as a source known to the message receiver is an
example of:
A. Spoofing
B. Shoulder surfing
C. Backdoor
D. Birthday attack
81. Which of the following answers apply to smurf attack? (Select 3 answers)
A. IP spoofing
B. Privilege escalation
C. DDoS
D. Polymorphic malware
E. Order of volatility
F. Large amount of ICMP echo replies
85. The practice of sending unsolicited messages over Bluetooth is known as:
A. Vishing
B. Bluejacking
C. Phishing
D. Bluesnarfing
87. A monitored host or network specifically designed to detect unauthorized access attempts is known
as:
A. Botnet
B. Rogue access point
C. Honeypot
D. Flood guard
91. Which of the following acronyms refers to a microchip embedded on the motherboard of a personal
computer or laptop that can store keys, passwords and digital certificates?
A. FRU
B. EFS
C. TPM
D. HCL
92. An authentication subsystem that enables a user to access multiple, connected system components
(such as separate hosts on a network) after a single login at only one of the components is known as:
A. SSO
B. TLS
C. SSL
D. WAP
94. Which of the following technologies simplifies configuration of new wireless networks by providing
non-technical users with a capability to easily configure network security settings and add new devices
to an existing network?
A. WPA
B. WPS
C. WEP
D. WAP
95. Penetration test with the prior knowledge on how the system that is to be tested works is known as:
A. White hat
B. Sandbox
C. White box
D. Black box
96. The practice of finding vulnerability in an application by feeding it incorrect input is referred to as:
A. Patching
B. Exception handling
C. Application hardening
D. Fuzzing
98. Which of the following solutions would be the fastest in validating digital certificates?
A. IPX
B. OCSP
C. CRL
D. OSPF
99. Copies of lost private encryption keys can be retrieved from a key database by:
A. Power users
B. Recovery agents
C. GPS tracking
D. Backup operators
100. What is the name of a storage solution used to retain copies of private encryption keys?
A. Trusted OS
B. Key escrow
C. Proxy
D. Recovery agent
ANSWERS
2. Answer: A. IDS
Explanation: Intrusion Detection Systems (IDSs) rely on passive response which might include recording
an event in logs or sending a notification alert. An IDS doesn't take any active steps in order to prevent
an intrusion.
4. Answer: C. UTM
Explanation: The term Unified Threat Management (UTM) refers to a network security solution
(commonly in the form of a dedicated device called UTM appliance) which combines the functionality of
a firewall with additional safeguards such as for example URL filtering, spam filtering, gateway antivirus
protection, intrusion detection or prevention, content inspection, or malware inspection.
5. Answer: A. NIPS
Explanation: Network Intrusion Prevention system (NIPS) inspects network traffic in real-time and has
the capability to stop the attack.
7. Answer: D. ACL
Explanation: An Access Control List (ACL) contains a set of rules that specify which users or system
processes are granted access to objects as well as what operations are allowed on a given object.
8. Answer: C. Anomaly-based
Explanation: Anomaly-based Intrusion Detection System (IDS) relies on the previously established
baseline of normal network activity in order to detect intrusions. A Signature-based IDS relies on known
attack patterns to detect an intrusion.
Explanation: In the context of computer security, the term Demilitarized Zone (DMZ) refers to a lightly
protected subnet consisting of publicly available servers placed on the outside of the company's firewall.
data, connection made over TCP port 21 (the control connection) remains open for the duration of the
whole session and is used for session administration (commands, identification, and passwords).
25. Answer: A. 25
Explanation: TCP port 25 is used by the Simple Mail Transfer Protocol (SMTP). The purpose of SMTP is to
facilitate the exchange of email messages between email servers.
unique number assigned to every network adapter. Devices acting as network access points can have
certain MAC addresses blacklisted or whitelisted and based on the entry on either of the lists grant or
deny access to the network.
55. Answer: C. Vulnerability that is present in already released software but unknown to the software
developer
Explanation: Zero-day attacks exploit vulnerabilities that are present in already released software but
unknown to the software developer.
Explanation: Availability provides assurance that resources can be used when needed. Redundant Array
of Independent Disks (RAID) is a collection of different data storage schemes (referred to as RAID levels)
that allow for combining multiple hard disks into a single logical unit in order to increase fault tolerance
and performance. RAID levels increase availability allowing the system to remain operational even when
one of its components (hard drives) fails (this applies to all RAID levels except RAID 0 which doesn't
provide any fault tolerance). Hot site is an alternate site where a company can move its operations in
case of failure of the main site.
57. Answers: C and D. Doesn't offer fault tolerance and Requires at least two drives to implement
Explanation: Redundant Array of Independent Disks (RAID) is a collection of different data storage
schemes (referred to as RAID levels) that allow for combining multiple hard disks into a single logical unit
in order to increase fault tolerance and performance. RAID Level 0 breaks data into fragments called
blocks and each block of data is written to a separate disk drive. This greatly improves performance as
every physical disk drive handles only a part of the workload related to write and read operations. Each
consecutive physical drive included in this type of array improves the speed of read/write operations by
adding more hardware resources to handle decreasing amount of workload. The main disadvantage of
RAID 0 is that it doesn't offer any fault tolerance. Each of the drives holds only part of the information
and in case of failure of any of the drives there is no way to rebuild the array which in turn results in the
loss of all data. Hardware-based RAID Level 0 requires minimum of two disk drives to implement.
63. Answer: C. Preventing someone from denying that they have taken specific action
Explanation: The purpose of non-repudiation is to prevent someone from denying that they have taken
a specific action.
Explanation: As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a
single system, a Distributed Denial of Service (DDoS) attack uses multiple compromised computer
systems to perform an attack against its target. The intermediary systems that are used as platform for
the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and
collectively as a botnet. The goal of DoS and DDoS attacks is to flood the bandwidth or resources of a
targeted system so that it becomes overwhelmed with false requests and in result doesn't have time or
resources to handle legitimate requests.
81. Answers: A, C, and F. IP spoofing, DDoS, and Large amount of ICMP echo replies
Explanation: The smurf attack is a Distributed Denial of Service (DDoS) attack in which large numbers of
Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are sent
to all hosts on a network through the network broadcast address. In result, the targeted system gets
flooded with large amount of ICMP echo replies.
83. Answer: D. Gaining unauthorized access to restricted areas by following another person
Explanation: The practice of gaining unauthorized access to restricted areas by following another person
is called tailgating. Looking over someone's shoulder in order to get information is known shoulder
surfing. The term war driving refers to scanning for unsecured wireless networks while driving in a car.
Manipulating/deceiving users into disclosing confidential information is known as social engineering.
88. Answers: A, C, and D. Bypasses security controls, Actively tests security controls, and Exploits
vulnerabilities
Explanation: Penetration testing bypasses security controls and actively tests security controls by
exploiting vulnerabilities. Passive testing of security controls, identification of vulnerabilities and missing
security controls, or common misconfigurations are the features of a vulnerability scan.