Chapter12 Mock Exam 1 Assessment
1. What type of attack is a padding oracle on downgraded legacy encryption attack? Choose two from the following list:
A. IV attack
B. Replay attack
C. Man-in-the-middle attack
D. TLS 1.0 with electronic code book
E. SSL 3.0 with chain block cipher
Answer: C and E
Concept: A POODLE attack is a man-in-the-middle attack that exploits a downgraded browser using SSL 3.0 with CBC
2. You are the security administrator for the British secret service. What type of access method will you use for secret and top-secret data?
A. DAC, with the owner of the data giving access
B. DAC, with the custodian of the data giving access
C. DAC, with the security administrator giving access
D. MAC, with the security administrator giving access
Answer: D
Concept: MAC is used as the access method for classified data and the security administrator is responsible for giving users access to the data once the person has been vetted and access is justified
3. Your company wants to encrypt the DNS traffic by using DNSSEC. Once you have signed the zone, what records are created for each host?
A. CNAME
B. AAAA
C. RRSIG
D. MX
E. PTR
Answer: C
Concept: DNSSEC creates DNSKEY and RRSIG records.
Wrong answers:
A. CAME is an alias
B. AAAA is a host record for IP version 6
D. An MX record is for a mail server
E. PTR records are created in the reverse lookup zone
4. You are a security administrator and a user called Ben is having a discussion with one of his colleagues. They have four choices for two-factor authentication. They have asked for your advice on which of the following involves two-factor authentication. Select the BEST answer:
A. Smart card
B. Password and PIN
C. Passphrase and username
D. Retina and fingerprint scan
Answer: A
Concept: Two-factor authentication entails using two different groups something you have, something you know, something you are, or somewhere you are. A smart card is something you have, but needs a PIN, which is something you know.
Wrong answers:
B. Both are something you know
C. Both are something you know
D. Both are something you ar
5. Two separate CAs need to work together on a joint venture; what can they implement so that certificates can be used for cross-certification?
A. Bridge trust model
B. Certificate pinning
C. Certificate stapling
D. Wildcard certificates
Answer: A
Concept: A bridge trust model is used where two root CAs are used to set up cross-certification.
Wrong answers:
B. Pinning prevents someone hacking the CA and issuing fraudulent certificates
C. Stapling is used by a web server that bypass the CRL and use the OCSP for faster validation
D. Wildcard certificates can be used by multiple servers in the same domai
6. John goes to a sports website and gets the following error:
THIS WEBSITE CANNOT BE TRUSTED.
What two actions does the website administrator need to take to resolve this error?
A. Ask the key escrow to store his private key
B. Ensure that the website uses a valid SAN certificate
C. Update the root certificate into the client computer trusted root certificate authorities store
D. Verify whether the certificate on the server has expired
Answer: C and D
Concept: A certificate needs to be valid and trusted by the computer.
Wrong answers:
A. The key escrow only stores private keys
B. A SAN certificate can be used across multiple domains
7. A security administrator discovers that an attacker used a compromised host as a platform for launching attacks deeper into a company's network. What terminology BEST describes the use of the compromised host?
A. Brute force
B. Active reconnaissance
C. Pivoting
D. Passing point
Answer: C
Concept: Pivoting involves using a weak host to launch an attack further into the network.
Wrong answers:
A. Brute force is a password attack
B. Active reconnaissance is a penetration attack method
D. Passing point does not exist; it just sounds good—a red herring
8. Mary is managing the company's wireless network, which will use WPA2-PSK. What encryption is MOST likely to be used?
A. SHA-1
B. AES
C. MD5
D. DES
Answer: B
Concept: The encryption that WPA2 is most likely to use is AES.
Wrong answers:
A. SHA-1 is used for hashing
C. MD5 is also used for hashing
D. DES is not used by wireless technolog
9. Who is responsible for setting permissions when using a Mandatory Access Control (MAC) model?
A. The owner
B. The manager
C. The administrator
D. The user
Answer: C
Concept: MAC gives access to data based on the file classification (for example, top secret); the security administrator sets permissions.
Wrong answers:
A. Owners can give access using the DAC model, but once a classified document is written, it has no owner, and it is controlled centrally
B. Managers cannot grant any permissions to data
D. A user cannot grant access to any data
10. Company A is due to upgrade all of its IT systems and has been investigating moving to the cloud as there is no capital expenditure, since the CSP provides the hardware. Company A would still like to control the IT systems in the cloud. Which cloud model would BEST serve Company A's needs?
A. Software as a Service (SaaS)
B. Infrastructure as a Service (IaaS)
C. Monitoring as a Service (MaaS)
D. Platform as a Service (PaaS)
Answer: B
Concept: IaaS provides the hardware as bare metal. Then you need to install the software, configure it, and patch it.
Wrong answers:
A. SaaS is where you lease a bespoke software package that is accessed through a web browser
C. MaaS is where someone monitors your network or applications for you
D. PaaS is a development platform in the cloud
11. You are a security administrator, and the IT director has tasked you with collecting the volatile memory on Server 1 as it is currently under a cyber attack. Which of the following are the two BEST forms of volatile memory to collect?
A. Secure boot
B. Swap/page file
C. USB flash drive
D. ROM
E. RAM
Answers: B and E
Concept: Always collect the volatile evidence before stopping a cyber attack in order to detect the source. Volatile memory evaporates if the power is switched off. RAM is volatile and the swap/page file is where applications run when RAM is full.
Wrong answers:
A. Secure boot checks that all drivers are signed on boot up
C. USB flash drive is nonvolatile
D. ROM is nonvolatile
12. Bill and Ben the flower pot men are now going to encrypt data using asymmetric encryption, which uses public and private keys. What is the FIRST step they need to take?
A. Exchange public keys
B. Exchange private keys
C. Exchange digital signatures
D. Exchange telephone numbers
Answer: A
Concept: The first stage in any encryption is key exchange, where you send your public key to someone else.
Wrong answers:
B. You should never give your private key away
C. You digitally sign the document and email using your private key to provide non-repudiation and integrity; they are never exchanged
D. Exchanging telephone number is just a red herring
13. At what stage of the SDLC are computer systems no longer supported by the original vendor?
A. Sandboxing
B. End-of-life systems
C. Resource exhaustion
D. System sprawl
Answer: B
Concept: End-of-life systems are no longer operational or supported by the vendor.
Wrong answers:
A. Sandboxing is the isolation of an application for testing, patching, or isolation, as it is dangerous
C. Resource exhaustion is where a system has run out of resources
D. System sprawl is where a system is overutilizing resources and is heading toward resource exhaustion
14. Company A has just developed a bespoke system for booking airline tickets. What is it called if a freelance coding specialist tests it for security flaws?
A. Code review
B. Static code review
C. Regression testing
D. Dynamic code review
Answer: C
Concept: Regression testing is part of program development, and in larger companies is done by code-testing specialists.
Wrong answers:
A. Code review is carried out on a regular basis to identify dead code
B. Static code review is done when the code is not being used
D. Dynamic code review is done when the code is running
15. You are the security administrator for a company that has just replaced two file servers. Which of the following is the BEST solution for disposing of hard drives that used to store top secret data?
A. Hashing
B. Degaussing
C. Low-level formatting
D. Shredding
Answer: D
Concept: You can shred a whole hard drive down until it looks like powder—let someone try to put that back together again.
Wrong answers:
A. Hashing does not destroy data; it merely says where integrity is intact
B. Degaussing should dispose of the data, but the better solution would be to totally destroy the hard drive itself
C. Low-level formatting replaces the tracks and sectors, but is not as effective as shredding
16. You are the security administrator for an airline company whose systems suffered a loss of availability last month. Which of the following attacks would MOST likely affect the availability of your IT systems?
A. Spear phishing
B. Replay
C. MITM
D. DoS
Answer: D
Concept: DDoS and DoS attack the availability of IT systems, as they both aim to take them down.
Wrong answers:
A. Spear phishing is an email scam targeted at a group of people
B. Replay is an MITM attack that replays messages between two entities at a later date
C. MITM intercepts conversations between two entities, making them believe that they are talking to each other when they are actually talking to the attacker
17. You are a network administrator setting up a L2TP/IPSec VPN tunnel, as your company needs to move a large amount of encrypted data between the branch office and the head office. Why is Diffie Hellman used for the IKE phase before the data is forwarded via symmetric encryption?
A. It is a symmetric encryption technique that protects keys
B. It is a hashing technique that protects keys
C It is an ephemeral technique that protect keys
D. It is an asymmetric technique that protects keys, but sets up a secure channel
Answer: D
Concept: Diffie Hellman is asymmetric and has both a private and public key pair. Its role is not encryption but the creation of a secure tunnel for symmetric data to flow through and protect the only key from being stolen.
Wrong answers:
A. Diffie Hellman has two keys, while symmetric encryption has only one key
B. Hashing provides integrity of data, but you can still read it so it, doesn't actually protect it
C. Ephemeral techniques use short-lived, one-session-only keys
18. You are a lecturer in a college and you need to deliver a session on salting passwords. What are the two main reasons you would salt passwords?
A. To prevent brute-force attacks
B. To make access to the password slower
C. To prevent duplicate passwords from being stored
D. To stop simple passwords from being used
Answer: A and C
Concept: Salting passwords adds a random number to the password, making it longer in order to prevent brute-force attacks. This will prevent duplicate passwords, as each salt is different, and therefore each password will be unique as each will have a unique salt.
Wrong answers:
B. This is probably true, but is not a main reason. We don't salt for speed—we salt to protect the password
D. Salting cannot prevent someone from using 12345678 as their password; that would be password complexity
19. Which of the following methods of authentication is known as two-factor authentication?
A. PIN and passphrase
B. Mastercard and PIN
C. Username and password
D. Retina and facial recognition
Answer: B
Concept: Two-factor authentication involves using two separate groups from something you have, something you know, something you are, or somewhere you are. A card is something you have and a PIN is something you know.
Wrong answers:
A. Both are something you know
C. Both are something you know
D. Both are something you are
20. During a forensic investigation, the judge has decreed that any data that is investigated should remain in its original form of integrity. Which of the following is used for the integrity of data? Choose two:
A. MD5
B. AES
C. SHA 1
D. DES
Answer: A and C
Concept: Hashing is used to provide integrity of data; MD5 and SHA1 are two forms of hashing.
Wrong answers:
B. AES is used for encryption
D. DES is used for encryption
21. Company A has suffered a distributed-denial-of-service attack, and the company has decided that their RPO should be set at four hours. The directors are holding a board meeting to discuss the progress that is being made. During this meeting, the IT manager has mentioned the Return Time Object (RTO), and the CEO looks confused. How can you explain the meaning of the RTO to the CEO?
A. Acceptable downtime
B. Return to operational state
C. Measure of reliability
D. Average time to repair
Answer: B
Concept: The RTO means that the system updates are running. This can also be known as the return to operational state.
Wrong answers:
A. Acceptable downtime is another way of saying recovery point objective
C. A measure of reliability would be the Mean Time Between Failures (MTBF)
D. Average time to repair is the same as the MTTR
22. The following is a list of different controls. Which of these are physical security controls?
A. Change management
B. Antivirus software
C. Cable locks
D. Firewall rule
F. Iris scanner
Answers: C and F
Concept: You can touch physical security controls; therefore, cable locks are physical and the iris scanner is a physical device for biometric authentication.
Wrong answers:
A. Change management is an administrative control
B. Antivirus is a technical control
D. Firewall rules are technical controls
23. The security team has identified an unknown vulnerability and isolated it. What technique is BEST for investigating and testing it?
A. Steganography
B. Fuzzing
C. Sandboxing
D. Containerization
Answer: C
Concept: Sandboxing is where we put an application in an isolated virtual machine to test patches, or maybe just because the application is too dangerous to run on our network.
Wrong answers:
A. Steganography involves hiding a file, image, audio file, or video file inside another file, image, audio file, or video file
B. Fuzzing is a technique for inserting random data inside an application to test for vulnerabilities
D. Containerization is where data is isolated in a mobile phone to separate business data from personal data, such as pictures of family and friends
24. What is it called when a user has exploited an IT system so that they have obtained access to all files on the file server?
A. Remote exploit
B. Zero-day exploit
C. Privilege escalation
D. Pivoting
Answer: C
Concept: Privilege escalation is where a normal user has obtained admin rights to access resources they should not normally be allowed to access.
Wrong answers:
A. A remote exploit scans a network for vulnerabilities and then attacks it
B. A zero-day exploit is where an exploit has just been discovered (on day zero), but there is not going to be a patch for it for maybe another 2-3 days
D. Pivoting involves accessing a machine inside a network from which you can launch a second attack
25. You are the security administrator for your company, and the IT manager has asked you to brief them on XML authentication methods. Which of the following should you tell them uses XML-based authentication? Select all that apply:
A. TOTP
B. Federation services
C. Smart card
D. SSO
E. SOAP
F. SAML
Answer: A, B, and F
Concept: SAML is an XML-based types of authentication used in federation services; TOTP is also XML-based.
Wrong answers:
C. A smart card uses X509 and a PIN for authentication
D. SSO means you sign in once and then gain access to all resources without putting your credentials in again
E. SOAP messages are used in SAML
26. There are a group of certificates in a folder and you need to identify which certificate uses the Privacy-Enhanced Mail (PEM) format. Which of the following is the BEST choice to make?
A. PFX
B. CER
C. Base64
D. P12
Answer: C
Concept: PEM uses Base64 format.
Wrong answers:
A. This is a private certificate
B. This is a public certificate
D. This is a private certificate
27. Three different companies want to develop an application where they will share the cost of developing resources and future running costs. Which cloud model BEST describes this?
A. Public cloud
B. SaaS
C. Private cloud
D. PaaS
E. IaaS
F. Community cloud
Answer: F
Concept: Community clouds involves companies from the same industry developing their own cloud that they can then share resources on.
Wrong answers:
A. A public cloud is multitenant, and the tenants never share resources
B. SaaS is where a bespoke application is leased by different people
C. A private cloud is single tenant. They don't share with anyone
D. PaaS refers to a development platform, such as Azure
E. IaaS refers to leasing hardware
28. What type of key does a key escrow manage?
A. Public
B. Session
C. Shared
D. Private
Answer: D
Concept: The key escrow stores private keys for third parties.
Wrong answers:
A. The public key is used for encryption; it is always given away, but never stored
B. The session key is used for communication between two hosts
C. The shared key is used for symmetric encryption
29. Which of the following is an email-based attack on all members of the sales team?
A. Phishing
B. Vishing
C. Spear phishing
D. Pharming
Answer: C
Concept: Spear phishing is an attack on a group of users.
Exam tip:
Whereas the plural of spear phishing is spear phishing, the singular can be phishing.
Wrong answers:
A. Phishing is an email attack against one person
B. A vishing attack is launched by using a telephone or leaving a voicemail
D. A pharming attack involves redirecting
30. An attacker tries to target a high-level executive, but has to leave a voicemail as they did not answer the telephone. What was the intended attack, and what attack was eventually was used? Select all that apply:
A. Whaling
B. Vishing
C. Phishing
D. Spear phishing
Answer: B
Concept: Vishing involves targeting a victim using a telephone or leaving a telephone message.
Wrong answers:
A. This is not whaling, as the medium of attack was a telephone—don't be tricked
C and D. Phishing and spear phishing are email attacks
31. The auditor has been investigating money being stolen from a charity, and they have discovered that the finance assistant has been embezzling money, as they were the only person who dealt with finance, by receiving donations and paying all of the bills. Which of the following is the best option that the auditor should recommend to reduce the risk of this happening again?
A. Hashing
B. Job rotation
C. Separation of duties
D. Mandatory vacations
E. Encryption
Answer: C
Concept: Separation of duties prevents one person from authorizing the whole transaction, and also prevents fraud. The CA signs the X509 certificates.
Wrong answers:
A. Hashing ensures that data has not been tampered with, thus providing integrity
B. Job rotation prevents fraud; however, a charity may only have one person working in finance
D. Mandatory vacations prevent fraud, but require someone else who can deal with finance work
E. Encrypting data protects data, but has nothing to do with financial transactions
32. You are a security administrator and you have now moved departments. You are now working with the certificate authority and training Mary, who is a new intern. Mary has asked you what the certificate Object Identifier (OID) consists of. What should you tell her?
A. Certificate signing request
B. Certificate pinning
C. Certificate stapling
D. Certificate serial number
Answer: D
Concept: The OID identifies the X509 itself. It is similar to a serial number; each X509 has a different OID.
Wrong answers:
A. A CSR is a request for a new certificate
B. Pinning prevents the compromise of the CA and the issuing of certificates
C. Stapling is where a web server goes directly to the OCSP for faster authentication, bypassing the CRL
33. You are the operational manager for a multinational corporation and you are writing a policy in which you mention the RPO. Which of the following is the CLOSEST definition to the RPO?
A. Acceptable downtime
B. Return to operational state
C. A measure of the system reliability
D. Average time to repair
Answer: A
Concept: The RPO is the amount of downtime your system can have without having access to its data.
Wrong answers:
B. The return to operational state is the RTO
C. The mean time between failures is a measure of the system reliability
D. The mean time to repair is the average time to repair
34. You are carrying out annual training about your company and need to put a PowerPoint slide together for the symptoms of a backdoor virus. Which three points will you include in the slide? Each provides part of the explanation of a backdoor virus:
A. Programs will not open at all, even though you click many times
B. You must click on several items
C. Can be included in an email attachment
D. Files open quicker than before
E. You can only get infected through a link on a webpage
Answers: A, B, and C
Concept: Backdoor viruses can come in through email. They cannot install themselves; this is done by the users unwittingly installing a program. Once installed, the virus may prevent your programs from running.
35. You are a security administrator and need to set up a new wireless access point so that it is not backward compatible with legacy systems, as these may be vulnerable to attack, and it must be the strongest encryption that you can use. Which is the BEST solution that meets your needs?
A. WPA2 PSK
B. WPA TKIP
C. WPA2 TKIP
D. WPA2 CCMP
Answer: D
Concept: WPA2 CCMP uses AES, which is the strongest wireless encryption and is not backward compatible.
Wrong answers:
A. WPA2 PSK is for home users, where the wireless router password is used to connect to the wireless network
B. WPA TKIP is backward compatible
C. WPA2 TKIP is the strongest backward compatible
36. Which of the following commands can be used to create a buffer-overflow? Choose all that apply:
A. var char
B. strcpy
C. var data
D. strcat
Answers: B and D
Concept: The strcpy and strcat are used to copy and concatenate strings to a char array, and both can cause buffer-overflow, depending on the number of characters allowed.
Wrong answers:
A. The var char sets the variable length of characters
C. The var data sets the data type to be used in Java
37. James has raised a ticket with the IT help desk. He has been tampering with the settings on his computer and he can no longer access the internet. The help desk technicians have checked the configuration on his desktop and the settings are the same as everyone else's. Suddenly, three other people have also reported that they also cannot connect to the internet. Which network device should be checked first?
A. Switch
B. Router
C. Hub
D. Repeater
Answer: B
Concept: A router gives you access to the internet; on a computer, it is known as the default gateway.
Wrong answers:
A. A switch joins resources on an internal network
C. A hub is an internal device that is slower than a switch, as it broadcasts traffic
D. A repeater is a device that extends cables beyond their length
38. Which of the following is a secure wireless protocol that uses TLS?
A. NTLM
B. PAP
C. EAP
D. AES
Answer: C
Concept: EAP-TLS is used for wireless encryption.
Wrong answers:
A. NTLM is a legacy Windows protocol
B. PAP stores passwords in clear text
D. AES involves symmetric encryption and is commonly used with L2TP/IPSec
39. You are the security administrator for a multinational corporation, and the development team have asked for your advice as to how best to prevent SQL-injection, integer-overflow, and buffer-overflow attacks. Which of the following should you advise them to use?
A. Input validation
B. A host-based firewall with advanced security
C. strcpy
D. Hashing
Answer: A
Concept: Input validation controls the format and characters of data input and will prevent SQL-injection, buffer- overflow, and integer-overflow attacks.
Wrong answers:
B. A host-based firewall protects a desktop or laptop from attack
C. The strcpy can cause buffer-overflow if the string of data is larger than the maximum number of characters used in a data field
D. Hashing only confirms data integrity; it has no control over the input used
40. Your company is opening up a new data center in Galway, Ireland. A server farm has been installed there and now a construction company have come in to put a six-foot mantrap in the entrance. What are the two main reasons why this mantrap has been installed?
A. To prevent theft
B. To prevent tailgating
C. To prevent unauthorized personnel gaining access to the data center
D. To allow faster access to the facility
Answer: B and C
Concept: A mantrap provides a safe and controlled environment in the data center as it allows you to control access.
Wrong answers:
A. Although this will be prevented, it is not the main reason; a mantrap's main purpose is to stop or control people
D. A mantrap will slow access to the data center
41. Which of the following devices can prevent unauthorized access to the network and prevent attacks from unknown sources?
A. Router
B. Load balancer
C. Web security gateway
D. UTM
Answer: D
Concept: A UTM is a firewall that can prevent unauthorized network access. It can also perform URL filtering, content filtering, and malware inspection.
Wrong answers:
A. A router can prevent access to the network based on the port, protocol, or IP address
B. A load balancer controls the volume of web traffic coming into your web server
C. A web security gateway prevents attacks on web servers
42. Internet of Things (IoT) is a concept that has recently taken off. Can you identify which of the following devices fall under this category? Select all that apply:
A. ATM
B. Banking system
C. Smart TV
D. Refrigerator
E. Router
F. Wearable technology
Answer: A, C, D, and F
Concept: IoT involves small devices such as household appliances, wearable technology, and ATMs.
Wrong answers:
B. A banking system is not a small device; it is an IT system
E. A router is used to route packets and join networks together
43. Which feature of DNS will help balance a load without needing to install a network load balancer, or, when coupled with a load balancer, makes it more dynamic?
A. DNS CNAME
B. DNSSEC
C. DNS round robin
D. DNS SRV records
Answer: C
Concept: A DNS round robin is a redundancy used by DNS to ensure that a server is always available, even when suffers hardware failure. If you have three records for a web server, it will go from the first to the second to the third record and rotate back to the first again.
Wrong answers:
A. A CNAME is an alias; a shortened name for a host with an extremely long hostname
B. DNSSEC creates RRSIG records as it encrypts DNS traffic with TLS
D. SRV records help you find services such as domain controllers or global catalog servers
44. What is the benefit of certificate pinning?
A. It prevents a certificate signing request from a non-administrator
B. It is used by a web server, and it bypasses the CRL for faster authentication
C. It stops people from spoofing, issuing certificates, or compromising your CA
D. It is used for cross certification between two separate root CAs
Answer: C
Concept: Certificate pinning prevents people from compromising your CA and issuing fraudulent certificates.
Wrong answers:
A. A non-administrator can submit a CSR to obtain a new certificate
B. This is known as certificate stapling
D. This is known as a bridge trust model or a trust model
45. An auditor has just finished a risk assessment of the company, and he has recommended that we need to mitigate some of our risks. Which of the following are examples of risk mitigation?
A. Turning off host-based firewalls on laptops
B. Installing antivirus software on a new laptop
C. Insuring your car against fire and theft
D. Outsourcing your IT to another company
E. Deciding not to jump into the Grand Canyon
Answer: B
Concept: Risk mitigation involves reducing the risk of an attack or event. These are basically technical controls.
Wrong answers:
A. This increases the risk, as it leaves your laptop vulnerable to attack
C. This is risk transference
D. This also is risk transference
E. This is risk avoidance, as it is deemed too risky
46. A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which of the following will you choose?
A. L2TP/IPSec
B. SSL VPN
C. PPTP VPN
D. IKEv2 VPN
Answer: B
Concept: SSL VPN is legacy that uses SSL certificates. SSL has been replaced by TLS as it is more secure.
47. You are the Active Directory administrator and you have been training new interns on the Kerberos ticket granting session. One of the interns has asked about the relationship between a service ticket and session ticket used by Kerberos authentication. Which of the following is the best description?
A. The user exchanges their service ticket with the server's session ticket for mutual authentication and single sign on
B. The service key is unencrypted and is matched with the value in the session ticket
C. The user shows the server their session ticket and the server sends him a service ticket
D. The user shows the server their service ticket and the server sends him a session ticket to keep
Answer: A
Concept: Kerberos uses tickets for authentication, mutual authentication, and Single Sign On (SSO). Service and session tickets are exchanged for mutual authentication. The service ticket is encrypted.
48. Your company has a guest wireless network that can be used by visitors during the day, the sales staff in the evening, and the customer service staff at lunchtime.
They set up a captive portal that fulfills the following criteria:
How will you set up your captive portal? Select three answers; each answer provides part of the solution:
A. WEP 40-bit key
B. WPA2 TKIP
C. WPA-TKIP
D. Open-system authentication
E. WPA2 CCMP
F. WPS
Answer: D, E, and F
Concept: We use open-system authentication for the guest network as it requires no authentication. WPS is used for sales staff as they just need to push a button. Customer-services staff use WPA2 CCMP as it uses AES and is the highest level of WPA.
Wrong answers:
A. WEP should not be used, as it is too weak
B. WPA2 TKIP is used for backward compatibility, and is not as strong as WPA2 CCMP
C. A weaker version of B
49. You are a security administrator, and the IT team has been using RSA for the encryption of all of their data, but has found that it is very slow. Which of the following should the security administrator recommend to improve the speed of encryption?
A. Asymmetric encryption using DES
B. Asymmetric encryption using Diffie Helman
C. Symmetric encryption
D. Running a vulnerability scan to find a better solution
Answer: C
Concept: Symmetric data is used to encrypt large amounts of data.
Wrong answers:
A. Totally wrong as DES is not asymmetric
B. Diffie Hellman does not encrypt; it only creates a secure channel
D. Vulnerability scans are for missing patches, not encryption
50. Robert, who is an intern, has been assigned to the security team. A user has called him to ask who signs the X509 certificates. Which one of the following should Robert give as an answer?
A. CRL
B. Key escrow
C. CSR
D. CA
Answer: D
Concept: The CA signs the X509 certificates.
Wrong answers:
A. The CRL checks the certificate validity
B. The key escrow stores private keys for third parties
C. The CSR is the process of requesting a new certificate