1. You have been asked to give a speech on security to upper management.

What are two primary

access control methods that you should mention that are commonly combined in computer systems
today? (Choose two.)
Solution Many systems offer a hybrid of DAC and RBAC. In some cases, the operating system
might use DAC, whereas applications such as SQL Server use roles to determine access permission to
data in tables and the database itself.

2. What network device can you use to prevent a desktop computer on the network from
promiscuously sniffing the packets of other computers on the same subnetwork?
Solution: Only packets destined for the computer on a particular port of a switch can be seen
(assuming the ports aren’t shared). When computers are connected through a standard hub, every
computer is exposed to all the traffic on that segment. Conversely, if those same computers were
connected through a switch, eventually any individual computer would be exposed to only traffic
destined for that particular computer or for all computers. Therefore, any port would be able to see
only traffic destined for it and broadcasts, eliminating the promiscuity.

3. Which form of IPSec should you use for encryption on a LAN for internal security?
Solution : IPSec can work in either Tunneling mode or Transport mode. Tunneling mode is used for
VPNing over an unsecured public network, and Transport mode is used only when the data portion
needs to be encrypted over owner-controlled networks like LAN. Therefore, Transport is the correct
answer.

4. Which of the following statements is true of the S/MIME security features?

Solution: S/MIME (Secure/Multipurpose Internet Mail Extensions) uses asymmetric encryption
algorithms for confidentiality and digital certificates for authentication.

5. Which type of backup includes all files created or modified since the last full backup and does not
turn off the archive bit?
Solution A differential backup includes all files created or modified since the last full backup and
does not turn off the archive bit.

6. Which type of RAID utilizes disk striping with parity?

Solution: In a RAID 5 array, disk striping with parity is employed.

7. You suspect that hackers are examining your network and looking for ways to enter. Which of the
following tools is used to gather information about how your network is configured?
Solution: Hackers will use scanning programs to look for paths to systems in your network.

8. Access control lists (ACLs) can be configured on router interfaces for inbound and outbound packets.
Which of the following choices isn’t typically configured in an ACL?
 Solution: Content filtering is typically performed by a firewall or on an individual PC. Performing
content filtering at the router device would hamper the router’s main purpose, which is to route
network traffic.

9. An application running on a network operating system (NOS) with a directory service can use NOS
authentication or NOS authentication combined with application internal authentication. Removing
the option to use the internal authentication would normally be considered a security improvement.
What is this security measure called?
Solution: The described security measure is called application hardening.

10. During a security audit, you must differentiate between symmetric and asymmetric algorithms in
use at your site. Which of the following options is a symmetric algorithm?
Solution: 3DES is a symmetric algorithm.

11. Which of the following choices helps to ensure confidentiality? (Choose two.)
Solution: Strong encryption is hard to break. If the delivery technique is flawed and a key is
captured, then the key is compromised. Hashing is used to ensure that the data has not been
tampered with (integrity). A digital signature assures that the sender is who they claim to be
(authentication).

12.  Which of the following terms describes the investigation of a filesystem and Registry while
searching for proof of past malicious activity?
Solution: Looking for evidence of past activity on a computer system is an exercise in forensics.
With computer forensics, remember that the evidence must be examined without it being altered. If
it has been altered, you can’t pursue legal actions.

13. Which account do attackers often target on a database application?

Solution: The Database local account is known to exist in almost every database application and is
thus a target for hackers. For example, the default Systems Administrator (SA) account on
Microsoft’s SQL Server is often targeted by hackers because it’s well documented and known to
them.

14. What is the common term used to describe a hacker using a lookup tool and gaining access to a DNS
server?
Solution: DNS footprinting involves a hacker using a lookup tool (such as NSLOOKUP) to gain access
to your DNS server.

15. Which of the following options is the most common certificate trust model?
Solution: A hierarchy of certificate servers is the most common model. Bridge, mesh, and hybrid are
also valid models.
16. Which type of cryptographic attack involves capturing a large amount of encrypted data and using
statistical analysis and numerical modeling to defeat the encryption algorithm and decrypt the data?
Solution: Mathematical attacks involve decrypting data by using statistical techniques and numerical
analysis.

17. You have a new website that utilizes Active Server Pages using XML. A portion of the site requires
PKI. What protocol can you use to allow XML to access PKI?
Solution: XML Key Management Specification (XKMS) is a standard of the World Wide Web
Consortium (W3C). This standard describes how to implement PKI (Public Key Infrastructure) in XML
code.

18. With PGP, a document is encoded using a public key and a session key. Within the PGP vocabulary,
the end result is known as what?
Solution: The encrypted document is known as ciphertext. The ciphertext is sent to the receiver and
decrypted back into the original document.

19. A disaster recovery plan is currently being formulated. Given that you’re in the planning stages and
budget isn’t yet a concern, what types of alternative sites should you consider? (Choose all that
apply.)
Solution: A hot site is fully equipped and ready to go instantly. A warm site has everything except
the main server (the domain controller). A cold site is basically a location that can be equipped.

20. A company-wide policy is being created to define various security levels. Which of the following
systems of access control would use documented security levels like CONFIDENTIAL or SECRET for
information?
Solution: Mandatory Access Control (MAC) is based on documented security levels associated with
the information being accessed.

21. You’re frantically trying to ascertain the current level of security of your network after a suspected
incident. You call the main office and tell them that you need a key sent immediately using a method
other than the encryption process. What is this type of process called?
Solution: Out-of-band transmittal of a key is used to avoid sending a key through the encrypted
channel. This process might be used in the situation where a private key must be sent to use a
symmetric system.

22. What is the most common certificate format used in the PKI environment and the one the manager
is referring to?
Solution The X.509v3 certificate is the most commonly used certificate in the PKI environment.

23. What are the two main wire-level protocols that IPSec uses?
Solution: The two main wire-level protocols that IPSec uses are AH (Authentication Header) and ESP
(Encapsulating Security Payload).
24. What are the two modes within IPSec for AH and ESP? (Choose two.)
Solution: The two main wire-level protocols that IPSec uses are AH (Authentication Header) and ESP
(Encapsulation Security Payload). Both can operate in Transport mode or Tunnel mode.

 Cryptographic systems are designed to ensure confidentiality, authenticity, and integrity.

 Nonrepudiation is a requirement for many cryptographic applications. The sender or
receiver, using an electronic signature, can’t repudiate a message.
 Public Key Infrastructure (PKI) is a widely implemented cryptographic system. Corporations,
government, and individuals use PKI extensively.