1What is a program that appears to do something useful but is actually malware?

a.
back door
b.
logic bomb
c.
virus
d.
Trojan
2Which of the following is true about static routes?
a.
they are used for stub networks
b.
they are created by routing protocols
c.
the metric is higher than a dynamic
route
d.
they change automatically as the
network changes
3.An attack in which many computers are hijacked and used to flood the
target with so many false requests that the server cannot process them all,
and normal traffic is blocked
The process of recording which
e. computers are accessing a network
and what
resources are being accessed, and
then recording the information in a log
file
Signs of possible attacks that include
a. an IP address, a port number, and the
frequency of access attempts; an IDPS
uses signatures to detect possible
attacks
An area in random access memory
h. (RAM) reserved for the use of a
program that listens for requests for
the service it provides
A semitrusted subnet that lies outside
f. the trusted internal network but is
connected to the firewall to make
services publicly available while still
protecting the internal LAN
A network connection consisting of a
b. port number combined with a
computers IP address
An access control method that
j. establishes organizational roles to
control access to information
A method of authenticating a user
using physical information, such as
 retinal
i.
scans, fingerprints, or voiceprints
Computer files that copy themselves
c. repeatedly and consume disk space or
other resources
Hardware or software tools that allow
d. or deny packets based on specified
criteria, such as port, IP address, or
protocol.
a.
auditing
b.
DMZ
c.
biometrics
d.
worm
e.
DDoS attack
f.
port
g.
packet filters
h.
signatures
i.
RBAC
j.
socket
a.
4.the study of breaking encryption DES
methods b.
AES
unreadable text, c.
cryptanalysis
programs that do not d.
ciphertext
execute, and graphics e.
stream cipher
you cannot view f.
block cipher
A set of standard g.
plaintext
procedures that the h.
XOR function
Internet Engineering i.
key management
Task Force (IETF) j.
developed for enabling IPsec
secure communication
on the Internet
a type of encryption
algorithm that encrypts
one bit at a time

the current U.S.

government standard for
cryptographic protocols

readable text, programs

that execute, and
graphics you can view
 an older protocol
composed of a 16-round
Feistel network with XOR
functions, permutation
functions, 64 S-box
functions, and fixed key
schedules
a way to prevent keys
from being discovered
and used to decipher
encrypted messages
a cryptographic
primitive based on
binary bit logic and used
as a linear mixing
function, combining
values for use in further
computations
a type of encryption
algorithm that encrypts
groups of cleartext
characters
5.What is considered the cleanup rule on a Cisco router?
a.
implicit allow
b.
explicit allow all
c.
implicit deny all
d.
explicit prompt
6.What Cisco router command encrypts all passwords on the router?
a.
crypto key passwords
b.
secure passwords enable
c.
service password-encryption
d.
enable secret password
7Which of the following is true about asymmetric cryptography?
a
. a shared key is used to encrypt all messages and the private key
decrypts them
b
. the private key can be used to encrypt and decrypt a message
c.
a single key is used and is transferred using a key management system
d
the public key is used to encrypt a message sent to the private key
.
owner
8What is a critical step you should take on the OS you choose for a bastion host?
 a.
ensure all security patches are installed
b.
make sure it is the latest OS version
c.
customize the OS for bastion operation
d.
choose an obscure OS with which attackers are unfamiliar
9In which type of attack do attackers intercept the transmissions of two communicating nodes
without the users knowledge?
a.
man-in-the-middle
b.
rogue device
c.
brute force
d.
wardriver
10.Which of the following is NOT a suggested practice before using a newly configured wireless
network?
a.
change the manufacturers default key
b.
alter the default channel
c.
use the default encryption method
d.
change the administrator password
11.Which of the following is true about the SSID?
a.
they are not found in beacon frames
b.
they are found in control frames
c.
they are registered
d.
they can be Null
12At which layer of the OSI model does IPsec work?
a.
Four
b.
Six
c.
Two
d.
Three
13What are the two modes in which IPsec can be configured to run?
a.
client and server
b.
transit and gateway
c.
header and payload
d.
tunnel and transport
14Which of the following best describes a Monte Carlo simulation?
a.
a technique for simulating an attack on a system
b.
a procedural system that simulates a catastrophe
c.
an analytical method that simulates a real-life system for risk analysis
d.
a formula that estimates the cost of countermeasures
15.Which IPsec component authenticates TCP/IP packets to ensure data integrity?
a.
IKE
b.
ISAKMP
c.
AH
d.
ESP
16Which of the following is NOT a step you should take to prevent attackers from exploiting
SQL security holes?
a.
place the database server in a DMZ
b.
use standard naming conventions
c.
use stored procedures
d.
limit table access
17Which of the following tasks does an AP typically perform?
a.
acts as a hub for a wired network
b.
bridges between the wired and wireless network
c.
routes packets from subnet to subnet
d.
divides data into packets
18Which of the following is true about cryptographic primitives?
. a primitive that provides confidentiality usually also provides
a

authentication
. a single primitive makes up an entire cryptographic protocol
b

c.
primitives are usually not the source of security failures
d
. each performs several tasks
19No actual traffic passes through a passive sensor; it only monitors copies of the traffic.
True

False

20.The Cisco PIX line of products is best described as which of the following?
a.
firewall appliance
b.
PC with firewall installed
c.
VPN gateway
d.
software firewall
21Which of the following is NOT a protocol,port pair that should be filtered when an
attempt is made to make a connection from outside the company network?
a.
UDP,138
b.
TCP,139
c.
TCP,80
d.
TCP,3389
22Which of the following is true about
an HIDPS?
a.
sniffs packets as they enter the network
b.
tracks misuse by external users
c.
centralized configurations affect host performance
d.
monitors OS and application logs
23The IP address 172.20.1.5 is a private IP address.
True

False

24Which of the following is NOT among the items of information that a CVE reference reports?
a.
attack signature
b.
description of vulnerability
c.
reference in other databases
d.
name of the vulnerability
A.
25.are long blocks of encoded text Requests for Comments (RFCs)
generated by algorithms. B.
Cyclic Redundancy Check (CRC)
a way of gaining C.
PSH
unauthorized access D.
SNMP
to a computer or E.
Encryption keys
other resource. F.
Back door
is an error-checking G.
SYN flood
algorithm. H.
Socket
I.
a type of attack VPN
where the network is
overloaded with
packets that have
the SYN flag set.
stands for Simple
Network
Management
Protocol.
is a TCP flag that
forces TCP to forward
and deliver data.
are documents that
explain technology
standards.
is an ideal and cost-
effective solution to
secure remote
 access.
is a port number
combined with a
computers IP
address.
26Which of the following defines how employees should use the organizations computing
resources?
a.
Network and Internet Policy
b.
Acceptable Use Policy
c.
Email and Spam Policy
d.
Computing and Resource Policy
27Which of the following is NOT part of a wireless MAC frame?
a.
source MAC address
b.
TTL
c.
FCS
d.
802.11 protocol version
28The ______________________ is the part of the IP address that is the same among
computers in a network segment

29Which type of change does NOT typically require the use of change management procedures?
a.
new password systems or procedures
b.
new VPN gateways
c.
changes to ACLs
d.
changing a managers permissions to a file
30.In which frequency range are you likely to find WLANs?
a.
30-300 GHz
b.
3-30 MHz
c.
174-328 MHz
d.
2.9-30 GHz
31Which of the following is the broadcast address for subnet 192.168.10.32 with subnet mask
255.255.255.240
a.
192.168.10.95
b.
192.168.10.47
c.
192.168.10.63
d.
192.168.10.23
32Which of the following is a security-related reason for monitoring and evaluating network
traffic?
a.
to optimize your router and switch protocols
 b.
to create substantial data to analyze
c.
to determine if your IDPS signatures are working well
d.
to see how many files employees download form the Internet
33What type of attack displays false information masquerading as legitimate data?
a.
SQL injection
b.
Java applet
c.
phishing
d.
buffer overflow
34.crafted packets that are inserted a.
back door
into network traffic b.
FIN packet
lets the other computer c.
scan throttling
know it is finished d.
ping sweep
sending data e.
MTU
an undocumented
f.
RST packet
hidden opening g.
packet injection
through which an h.
signature
attacker can access a i.
RPC
computer j.
vanilla scan
a set of characteristics
that define a type of
network activity
used by attackers to
delay the progression
of a scan
a standard set of
communications rules
that allows one
computer to request a
service from another
computer
sent when one
computer want to stop
and restart the
connection
the maximum packet
size that can be
transmitted
all ports from 0 to
65,535 are probed one
after another
 a series of ICMP echo
request packets in a
range of IP addresses
35What do you call a firewall that is connected to the Internet, the internal network, and the
DMZ?
a.
three-pronged firewall
b.
multi-zone host
c.
multi-homed proxy
d.
three-way packet filter
36. What is a VPN typically used for?
a.
block open ports
b.
detection of security threats
c.
secure remote access
d.
filter harmful scripts
37Which of the following is the first packet sent in the TCP three-way handshake?
a.
SYN
b.
ACK
c.
RST
d.
PSH
38What should an outside auditing firm be asked to sign before conducting a security audit?
a.
social engineering covenant
b.
nondisclosure agreement
c.
search and seizure contract
d.
subpoena
39.Of what category of attack is a DoS attack an example?
a.
single-packet attack
b.
multiple-packet attack
c.
bad header information
d.
suspicious data payload
40.Which network device works at the Application layer by reconstructing packets and
forwarding them to Web servers?
a.
proxy server
b.
ICMP redirector
c.
Layer 7 switch
d.
translating gateway
41Which of the following would be considered a vulnerability?
 a.
spyware
b.
Internet-connected computer
c.
antivirus software
d.
installation of a firewall
42Which variation on phishing modifies the users host file to redirect traffic?
a.
pharming
b.
hijacking
c.
DNS phishing
d.
spear phishing
43a discrete chunk of information; each datagram contains source and
destination
addresses, control settings, and data
unicast addresses used in IPv6 to identify the
application suitable for the address
the part of an IP address that a computer has
in common with other computers in its subnet
a process by which internal hosts are assigned
private IP addresses and communicate with the
Internet using a public address
a transmission used for one-to-many
communication, in which a single host can
send packets to a group of recipients
a transmission in which one packet is sent from
a server to each client that
requests a file or application
enables IPv6 routers to discover multicast
listeners on a directly connected link and to
decide which multicast addresses are of
interest to those nodes
a communication sent to all hosts on a specific
network
a feature of IPv6 in which a computer can
connect to a network by determining its own IP
address based on the addressing of
neighboring nodes
the division of packets into smaller sizes to
accommodate routers with frame size
limitations
a.
multicast
b.
unicast
c.
datagram
d.
Network Address Translation
e.
broadcast
f.
fragmentation
g.
network identifier
h.
Multicast Listener Discovery
i.
stateless autoconfiguration
j.
scopes
44. What should you consider installing if you want to inspect packets as they leave the
network?
a.
security workstation
b.
reverse firewall
c.
RIP router
d.
filtering proxy
45.Why is a bastion host the system most likely to be attacked?
a.
it contains company documents
b.
it is available to external users
c.
it has weak security
d.
it contains the default administrator account
46.What type of ICMP packet can an attacker use to send traffic to a computer they control
outside the protected network?
a.
Redirect
b.
Destination Unreachable
c.
Source Quench
d.
Echo Request
47Which of the following types of password prevents a user from accessing privileged exec
mode on a Cisco router?
a.
enable
b.
console
c.
TTY
d.
AUX
48Which of the following is an IDPS security best practice?
a.
all sensors should be assigned IP addresses
b.
log files for HIDPSs should be kept local
c.
to prevent false positives, only test the IDPS at initial configuration
d.
communication between IDPS components should be encrypted
49.The ____Payload___________ part of a packet is the actual data sent from an application
on one computer to an application on another
50. What should you set up if you want to store router system log files on a server?
a.
buffered logging
b.
TTY connection
c.
syslog server
d.
AAA server
51.Which of the following is true about ACLs on Cisco routers?
a
. ACLs bound to an interface apply to inbound and outbound traffic by
default
b
. there is an explicit permit any statement at the beginning of the ACL
c.
there is an implicit deny any statement at the end of the ACL
d
ACLs are processed in reverse order so place high priority statements
.
last
52Which of the following is NOT a type of event that you would normally monitor?
a.
e-mail attachment handling
b.
access to shared folders
c.
user account creation
d.
antivirus scanning
53What is a downside to using Triple DES?
a.
requires more processing time
b.
using three keys decreases security
c.
goes through three rounds of encryption
d.
uses only a 56-bit key
54Which security tool works by recognizing signs of a possible attack and sending notification to
an administrator?
a.
DMZ
b.
DiD
c.
VPN
d.
IDPS
55The period of time during which an IDPS monitors network traffic to observe what constitutes
normal network behavior is referred to as which of the following?
a.
profile monitoring
b.
baseline scanning
c.
training period
d.
traffic normalizing
56What feature of the 13 DNS root servers enables any group of servers to act as a root server?
a.
anycast addressing
b.
broadcast addressing
 c.
unicast addressing
d.
multicast addressing
57Which best defines residual risk?
a.
risk that occurs as a result of new vulnerabilities
b.
the cost of implementing solutions to an assessed risk
c.
the amount of risk remaining after countermeasures are implemented
d.
a vulnerability for which the risk has been reduced to zero
58Which RF transmission method uses an expanded redundant chipping code to transmit each
bit?
a.
DSSS
b.
FHSS
c.
OFDM
d.
CDMA
59Which of the following is NOT a factor a secure VPN design should address?
a.
performance
b.
nonrepudiation
c.
encryption
d.
authentication
60.Which of the following shows how devices are connected and includes an IP allocation
register?
a.
asset table
b.
security policy
c.
hardware inventory
d.
topology map
61.What type of DNS server is authoritative for a specific domain?
a.
initial
b.
secondary
c.
read-only
d.
primary

5 points

62.Which element of a rule base conceals internal names and IP addresses from users
outside the network?
a.
NAT
b.
tracking
c.
QoS
 d.
filtering
63.An atomic attack is a barrage of hundreds of packets directed at a host.
True

False

64.Which of the following is commonly used for verifying message integrity?

a.
CRL
b.
hashing function
c.
pseudorandom number generator
d.
registration authority
65.Which type of IDPS can have the problem of getting disparate systems to work in a
coordinated fashion?
a.
host-based
b.
network-based
c.
inline
d.
hybrid
66.Which binary signaling technique uses a scheme in which zero voltage represents a
0 bit and the voltage for a 1 bit does not drop back to zero before the end of the bit
period?
a.
RTZ
b.
NRZ
c.
polar RTZ
d.
polar NRZ

5 points

67.Which of the following is a benefit of using centralized data collection to manage

sensor data?
a.
must use a VPN to transport data
b.
less network traffic
c.
less administrative time
d.
data stays on the local network

5 points

68.Which VPN protocol leverages Web-based applications?

a.
L2TP
b.
SSL
 c.
PPTP
d.
IPsec
69.Which of the following is true about SSL?
a.
it uses shared-key encryption only
b.
it uses IPsec to provide authentication
c.
it operates at the Data Link layer
d.
it uses sockets to communicate between client and server

5 points

70.What function does a RADIUS server provide to a wireless network?

a.
decryption
b.
authentication
c.
encryption
d.
association