Mock Exam 1

 

 1.      What type of attack is a padding Oracle on downgrading legacy encryption attack? Choose two options from the following list:

A. IV attack

B. Replay attack

C. Man-in-the-middle attack

D. TLS 1.0 with electronic code book

E. SSL 3.0 with chain block cipher

 

2.      You are the security administrator for the British secret service. What type of access method will you use for secret and top-secret data?

A. You will use DAC, with the owner of the data giving access

B. You will use DAC, with the custodian of the data giving access

C. You will use DAC, with the security administrator giving access

D. You will use MAC, with the security administrator giving access

 

 

3.      Your company wants to encrypt the DNS traffic by using DNSSEC. Once you have signed the zone, what records are created for each host?

A. CNAME

B. AAAA

C. RRSIG

D. MX

E. PTR

 

4.      You are a security administrator. A user called Ben is having a discussion with one of his colleagues. They have four choices for two-factor authentication. They have asked for your advice as to which of the following is a two-factor authentication method. Select the best answer:

A. Smart card

B. Password and PIN

C. Passphrase and username

D. Retina and fingerprint scan

 

5.      Two separate CAs need to work together on a joint venture. What can they implement so that certificates can be used for cross certification?

A. Bridge trust model

B. Certificate pinning

C. Certificate stapling

D. Wildcard certificates

 

6.      John goes to a sports website and gets the following error:

What two actions does the website administrator need to take to resolve this error?

A. Ask the key escrow to store his private key

B. Ensure that the website uses a valid SAN certificate

C. Update the root certificate in the client computer certificate store

D. Verify that the certificate on the server has not expired

 

7.      A security administrator discovers that an attacker used a compromised host as a platform for launching attacks deeper into a company's network. What terminology best describes the use of the compromised host?

A. Brute force

B. Active reconnaissance

C. Pivoting

D. Passing point

 

8.      Mary is managing the company's wireless network, which will use WPA2-PSK. What kind of encryption is most likely to be used?

A. SHA-1

B. AES

C. MD5

D. DES

 

9.      Who is responsible for setting permissions when using a mandatory access control (MAC) model?

A. Owner

B. Manager

C. Administrator

D. User

 

10.  Company A is due to upgrade all of its IT systems, and has been investigating the possibility of moving to the cloud, as there is no capital expenditure because the CSP provides the hardware. Company A would still like to control the IT systems in the cloud. Which cloud model would best serve company A's needs?

A. Software as a Service (SaaS)

B. Infrastructure as a Service (IaaS)

C. Monitoring as a Service (MaaS)

D. Platform as a Service (PaaS)

 

 11.      You are the security administrator and the IT director has tasked you with collecting the volatile memory on Server 1, as it currently under a cyberattack. Which of the following are the two best forms of volatile memory to collect?

A. Secure boot 

B. Swap/page file 

C. USB flash drive 

D. ROM 

E. RAM 

 

 12.      Bill and Ben are going to encrypt data using asymmetric encryption, which uses public and private keys. What is the first step they need to take?

A. Exchange public keys 

B. Exchange private keys 

C. Exchange digital signatures 

D. Exchange telephone numbers

 

13.      At what stage in the SDLC are computer systems no longer supported by the original vendor?

A. Sandboxing 

B. End-of-life systems 

C. Resource exhaustion 

D. System sprawl

 

14.      Company A has just developed a bespoke system for booking airline tickets. What is it called if a freelance coding specialist tests it for security flaws?

A. Code review 

B. Static code review 

C. Regression testing 

D. Dynamic code review

 

15.      You are the security administrator for a company that has just replaced two file servers, and you have been tasked with the disposal of the hard drives that are used to store top-secret data. What is the best solution?

A. Hashing 

B. Degauss 

C. Low-level formatting 

D. Shredding 

 

16.      You are the security administrator for an airline company whose systems suffered a loss of availability last month. Which of the following attacks would most likely affect the availability of your IT systems?

A. Spear phishing 

B. Replay 

C. Man-in-the-middle (MITM) 

C. DoS

 

 17.      You are a network administrator setting up a L2TP/IPSec VPN tunnel, as your company needs to move a large amount of encrypted data between a branch office and the head office. Why is Diffie Hellman used for an IKE phase before the data is forwarded via symmetric encryption?

A. It is a symmetric encryption technique that protects keys 

B. It is a hashing technique that protects keys 

C It is an ephemeral technique that protects keys 

D. It is an asymmetric technique that protects keys by setting up a secure channel

 

 18.      You are a lecturer in a college and you need to deliver a session on salting passwords. What are the two main reasons you would salt passwords?

A. To prevent brute force attacks 

B. To make access to the password slower 

C. To prevent duplicate passwords being stored 

D. To stop simple passwords from being used 

 

 19.      Which of the following methods of authentication are known as two-factor authentication?

A. PIN and passphrase 

B. Mastercard and PIN 

C. Username and password 

D. Retina and facial recognition 

 

20.  During a forensic investigation, the judge decrees that any data that is investigated should remain in its original form of integrity. Which of the following are used for the integrity of data? Choose two from the following list:

A. MD5 

B. AES 

C. SHA 1 

D. DES 

 

 

21.  Company A has suffered a distributed denial-of-service attack and, the company has decided that their RPO should be set at four hours. The directors are holding a board meeting to discuss the progress that is being made. During this meeting, the IT manager has mentioned the RTO, and the CEO looks confused. How can you explain the meaning of the RTO to the CEO?

A. Acceptable downtime 

B. Return to operational state 

C. Measure of reliability 

D. Average time to repair 

 

22.  The following is a list of different controls. Which of these are physical security controls?

A. Change management 

B. Antivirus software 

C. Cable locks 

D. Firewall rules 

F. Iris scanner 

 

23.  The security team has identified an unknown vulnerability and isolated it. What technique is the best to use to investigate and test it?

A. Steganography 

B. Fuzzing 

C. Sandboxing 

D. Containerization 

 

24.  What is it called when a user has exploited an IT system so that he/she has obtained access to all files on the file server?

A. Remote exploit 

B. Zero-day exploit 

C. Privilege escalation 

D. Pivoting 

 

25.  You are the security administrator for your company, and the IT manager has asked you to brief him on XML authentication methods. Which of the following should you tell him uses XML-based authentication? Select all that apply:

A. TOTP 

B. Federation services 

C. Smart card 

 

D. SSO 

E. SOAP 

F. SAML 

 

26.  There is a group of certificates in a folder, and you need to identify which certificate uses the Privacy Enhanced Mail (PEM) format. Which of the following is the best choice to make?

A. PFX 

B. CER 

C. BASE 64 

D. P12 

 

27.  Three different companies want to develop an application for which they will share the cost of developing the resources and future running costs. Which cloud model best describes this?

A. Public cloud 

B. Software as a Service (SaaS) 

C. Private cloud 

D. Platform as a Service (PaaS) 

E. Infrastructure as a Service (IaaS) 

F. Community cloud 

 

28.  What type of keys does a key escrow manage?

A. Public 

B. Session 

C. Shared 

D. Private 

 

29.  Which of the following is an email-based attack on all members of the sales team?

A. Phishing 

B. Vishing 

C. Spear phishing 

D. Pharming 

 

30.  An attacker tries to target a high-level executive, but, unfortunately, has to leave a voicemail as the executive did not answer the telephone. What was the intended attack and what attack will eventually be used? Select all that apply from the following list:

A. Whaling 

B. Vishing 

C. Phishing 

D. Spear phishing 

 

31.  An auditor has been investigating the theft of money from a charity. He has discovered that the finance assistant has been embezzling money, as the finance assistant was the only person who dealt with finance by receiving donations and paying all of the bills. Which of the following is the best option that the auditor should recommend to reduce the risk of this happening again?

A. Hashing 

B. Job rotation 

C. Separation of duties 

D. Mandatory vacations 

E. Encryption 

 

32.  You are a security administrator and, you have moved departments. You are now working with the certificate authority and training Mary, who is a new intern. Mary has asked you what the certificate object identifier (OID) consists of. What should you tell her?

A. Certificate-signing request 

B. Certificate pinning 

C. Certificate stapling 

D. Certificate serial number 

 

33.  You are the operational manager for a multinational corporation, and you are writing a policy in which you mention the RPO. Which of the following is the closest to the definition of an RPO?

A. Acceptable downtime 

B. Return to operational state 

C. A measure of the system reliability 

D. Average time to repair 

 

34.  You are carrying out annual training for your company and need to put a PowerPoint slide together on the symptoms of a backdoor virus. Which three points should you include in the slide? Each provides part of the explanation of a backdoor virus:

A. Programs will not open at all, even though you are clicking many times 

B. You must click on several items 

C. They can be included in an email attachment

D. Files open quicker than before

E. You can only get infected through a link on a web page

 

35.  You are a security administrator and need to set up a new wireless access point so that it is not backward compatible with legacy systems, as these may be vulnerable to attack, and it must be the strongest encryption that you can use. Which is the best solution that meets your needs?

A. WPA2 PSK

B. WPA TKIP

C. WPA2 TKIP

D. WPA2 CCMP

 

36.  Which of the following commands can be used to create a buffer overflow? Choose all that apply:

A. var char

B. strcpy

C. var data

D. strcat

 

37.  James has raised a ticket with the IT help desk; he has been tampering with the settings on his computer and he can no longer access the internet. The helpdesk technicians have checked the configuration on his desktop and the settings are the same as everyone else's. Suddenly, three other people have also reported that they also cannot connect to the internet. Which network device should be checked first?

A. Switch

B. Router

C. Hub

D. Repeater

 

38.  Which of the following is a secure wireless protocol that uses TLS?

A. NTLM

B. PAP

C. EAP

D. AES

 

39.  You are the security administrator for a multinational corporation, and the development team has asked your advice as to how to best prevent SQL-injection, integer-overflow, and buffer-overflow attacks. Which of the following should you advise them to use?

A. Input validation

B. A host-based firewall with advanced security

C. Strcpy

D. Hashing

 

40.  Your company is opening up a new data center in Galway, Ireland, where you have installed the server farm, and now a construction company has come in to put a six-foot mantrap in the entrance. What best describes the two main reasons why this mantrap is being installed?

A. To prevent theft

B. To prevent tailgating

C. To prevent unauthorized personnel gaining access to the data center

D. To allow faster access to the facility

 

 

41.  Which of the following devices can prevent unauthorized access to the network and prevent attacks from unknown sources?

A. Router

B. Load balancer

C. Web security gateway

D. UTM

 

 

42.  The Internet of Things (IoT) is a concept that has recently taken off. Which of the following devices fall under this category? Select all that apply:

A. ATM

B. Banking system

C. Smart TV

D. Refrigerator

E. Router

F. Wearable technology

 

43.  Which feature of DNS will help to balance a load without needing to install a network load balancer, or, when coupled with a load balancer, makes it more dynamic?

A. DNS CNAME

B. DNSSEC

C. DNS round robin

D. DNS SRV records

 

44.  What is the benefit of certificate pinning?

A. It prevents a certificate-signing request from a nonadministrator

B. It is used by a web server, and it bypasses the CRL for faster authentication

C. It stops people from spoofing, issuing certificates, or compromising your CA

D. It is used for cross certification between two separate root CAs

 

45.  An auditor has just finished a risk assessment of the company, and he has recommended that we need to mitigate some of our risks. Which of the following are examples of risk mitigation? Select all that apply:

A. Turning off host-based firewalls on laptops

B. Installing antivirus on a new laptop

 

C. Insuring your car against fire and theft

D. Outsourcing your IT to another company

E. Deciding not to jump into the Grand Canyon

 

46.  A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which of the following will you choose?

A. L2TP/IPSec

B. SSL VPN

C. PPTP VPN

D. IKEv2 VPN

 

47.  You are the Active Directory administrator and you have been training new interns on the Kerberos ticket-granting ticket session. One of the interns has asked about the relationship between a service ticket and session ticket used by Kerberos authentication. Which of the following is the best description?

A. The user exchanges his service ticket with the server's session ticket for mutual authentication and single sign on

B. The service key is unencrypted and is matched with the value in the session ticket

C. The user shows the server his session ticket; and the server sends him a service ticket

D. The user shows the server his service ticket; and the server sends him a session ticket to keep

 

48.  Your company has a guest wireless network that can be used by visitors during the day, the sales staff in the evening, and the customer-service staff at lunchtime.

They set up a captive portal that fulfills the following criteria:

Guests do not need to authenticate

•  
  1. Sales staff do not need to insert any credentials
  2. Customer-service staff must use the highest level of encryption

 

 

How will you set up your captive portal? Select three answers from the following list, where each answer provides part of the solution:

A. WEP 40 bit key

B. WPA2 TKIP

C. WPA-TKIP

D. Open-system authentication

E. WPA2 CCMP

F. WPS

 

49.  You are a security administrator, and the IT team has been using RSA for the encryption of all of its data, but has found that it is very slow. Which of the following should the security administrator recommend to improve the speed of the encryption?

A. Asymmetric encryption using DES

B. Asymmetric encryption using Diffie Helman

C. Symmetric encryption

D. Running a vulnerability scan to find a better solution

 

50.  Robert, who is an intern, has been assigned to the security team. A user has called him to ask who signs the X509 certificates. Which one of the following should Robert give as an answer?

A. CRL

B. Key escrow

C. CSR

D. CA