- GRATIS EXAM · PDF fileTime Limit : 120 min File Version : ... Guaranteed 100 percent Success at this VCE with Real Questions and their Verified Answers. ... A. Risk analysis

Actualtests.CISSP-ISSAP.237.QA

Number: CISSP-ISSAPPassing Score: 800Time Limit: 120 minFile Version: 26.1

http://www.gratisexam.com/

ISSAP

ISSAP Information Systems Security Architecture Professional

Our training paths will help you prepare very well for gain success in exam.

Guaranteed 100 percent Success at this VCE with Real Questions and their Verified Answers. Get thisCertification dump now.

All the study tools available at Exam collection are great ones and I certainly did everything withperfection. I was in need of the reliable and fantastic helping stuff and thank God that you guys support and

guided in the right way.

I prepared with this practice test question and answers, which are a really good source of practice. So Ilearnt to manage my time and I knew the kind of questions to expect in the exam as well.

A big success is waiting for you :) Just study it.

Sections1. Volume A2. Volume B

Exam A

QUESTION 1Which of the following is a method for transforming a message into a masked form, together with a way ofundoing the transformation to recover the message?

A. CipherB. CrypToolC. SteganographyD. MIME

Correct Answer: ASection: Volume AExplanation

Explanation/Reference:

QUESTION 2Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resourcesthat are required for them. Which of the following access control models will he use?

A. Policy Access ControlB. Mandatory Access ControlC. Discretionary Access ControlD. Role-Based Access Control

Correct Answer: DSection: Volume AExplanation

Explanation/Reference:Updated.

QUESTION 3Which of the following is used to authenticate asymmetric keys?

A. Digital signatureB. MAC AddressC. Demilitarized zone (DMZ)D. Password



QUESTION 4IPsec VPN provides a high degree of data privacy by establishing trust points between communicatingdevices and data encryption. Which of the following encryption methods does IPsec VPN use? Eachcorrect answer represents a complete solution. Choose two.

A. MD5B. LEAPC. AESD. 3DES

Correct Answer: DCSection: Volume AExplanation


QUESTION 5A user is sending a large number of protocol packets to a network in order to saturate its resources and todisrupt connections to prevent communications between services. Which type of attack is this?


A. Denial-of-Service attackB. Vulnerability attackC. Social Engineering attackD. Impersonation attack



QUESTION 6Which of the following types of firewall functions at the Session layer of OSI model?

A. Circuit-level firewallB. Application-level firewallC. Packet filtering firewallD. Switch-level firewall



QUESTION 7Which of the following statements about a stream cipher are true? Each correct answer represents acomplete solution. Choose three.

A. It typically executes at a higher speed than a block cipher.B. It divides a message into blocks for processing.C. It typically executes at a slower speed than a block cipher.D. It divides a message into bits for processing.E. It is a symmetric key cipher.

Correct Answer: ADESection: Volume AExplanation


QUESTION 8Which of the following types of attack can be used to break the best physical and logical securitymechanism to gain access to a system?

A. Social engineering attackB. Cross site scripting attackC. Mail bombingD. Password guessing attack



QUESTION 9You are the Security Consultant advising a company on security methods. This is a highly secure locationthat deals with sensitive national defense related data. They are very concerned about physical security asthey had a breach last month. In that breach an individual had simply grabbed a laptop and ran out of thebuilding. Which one of the following would have been most effective in preventing this?

A. Not using laptops.B. Keeping all doors locked with a guard.C. Using a man-trap.D. A sign in log.

Correct Answer: CSection: Volume AExplanation


QUESTION 10Which of the following protocols uses public-key cryptography to authenticate the remote computer?

A. SSHB. TelnetC. SCPD. SSL



QUESTION 11Which of the following cryptographic system services ensures that information will not be disclosed to anyunauthorized person on a local network?

A. AuthenticationB. Non-repudiationC. Integrity

D. Confidentiality



QUESTION 12Which of the following are the examples of technical controls? Each correct answer represents a completesolution. Choose three.

A. AuditingB. Network acchitectureC. System accessD. Data backups

Correct Answer: ABCSection: Volume AExplanation


QUESTION 13Which of the following tenets does the CIA triad provide for which security practices are measured? Eachcorrect answer represents a part of the solution. Choose all that apply.

A. IntegrityB. AccountabilityC. AvailabilityD. Confidentiality

Correct Answer: DACSection: Volume AExplanation


QUESTION 14Which of the following types of attacks cannot be prevented by technical measures only?

A. Social engineeringB. Brute forceC. Smurf DoSD. Ping flood attack



QUESTION 15Which of the following attacks can be overcome by applying cryptography?

A. Web ripping

B. DoSC. SniffingD. Buffer overflow



QUESTION 16Which of the following authentication methods prevents unauthorized execution of code on remotesystems?

A. TACACSB. S-RPCC. RADIUSD. CHAP

Correct Answer: BSection: Volume AExplanation


QUESTION 17The simplest form of a firewall is a packet filtering firewall. Typically a router works as a packet-filteringfirewall and has the capability to filter on some of the contents of packets. On which of the following layersof the OSI reference model do these routers filter information? Each correct answer represents a completesolution. Choose all that apply.

A. Transport layerB. Physical layerC. Data Link layerD. Network layer

Correct Answer: DASection: Volume AExplanation


QUESTION 18Andrew works as a Network Administrator for Infonet Inc. The company's network has a Web server thathosts the company's Web site. Andrew wants to increase the security of the Web site by implementingSecure Sockets Layer (SSL). Which of the following types of encryption does SSL use? Each correctanswer represents a complete solution. Choose two.

A. SynchronousB. SecretC. AsymmetricD. Symmetric

Correct Answer: CDSection: Volume AExplanation


QUESTION 19John works as a professional Ethical Hacker. He has been assigned the project of testing the security ofwww.we-are-secure.com. John notices that the We-are-secure network is vulnerable to a man-in-the-middle attack since the key exchange process of the cryptographic algorithm it is using does not thenticateparticipants. Which of the following cryptographic algorithms is being used by the We-are-secure server?

A. BlowfishB. TwofishC. RSAD. Diffie-Hellman



QUESTION 20Which of the following electrical events shows a sudden drop of power source that can cause a widevariety of problems on a PC or a network?

A. BlackoutB. Power spikeC. Power sagD. Power surge



QUESTION 21Which of the following is the duration of time and a service level within which a business process must berestored after a disaster in order to avoid unacceptable consequences associated with a break in businesscontinuity?

A. RCOB. RTOC. RPOD. RTA



QUESTION 22You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process tohandle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to yourinternal enterprise network. Which of the following phases of the Incident handling process should youfollow next to handle this incident?

A. ContainmentB. PreparationC. RecoveryD. Identification



QUESTION 23You have decided to implement video surveillance in your company in order to enhance network security.Which of the following locations must have a camera in order to provide the minimum level of security forthe network resources? Each correct answer represents a complete solution. Choose two.

A. Parking lotB. All hallwaysC. Server RoomsD. All officesE. All entrance doors

Correct Answer: CESection: Volume AExplanation


QUESTION 24You work as a Network Administrator for NetTech Inc. You want to have secure communication on thecompany's intranet. You decide to use public key and private key pairs.What will you implement to accomplish this?

A. Microsoft Internet Information Server (IIS)B. VPNC. FTP serverD. Certificate server



QUESTION 25Which of the following protocols is used to compare two values calculated using the Message Digest(MD5) hashing function?

A. CHAPB. PEAPC. EAPD. EAP-TLS



QUESTION 26Which of the following is a technique used for modifying messages, providing Information and Cybersecurity, and reducing the risk of hacking attacks during communications and message passing over theInternet?

A. Risk analysisB. OODA loopC. CryptographyD. Firewall security



QUESTION 27Which of the following statements about Public Key Infrastructure (PKI) are true? Each correct answerrepresents a complete solution. Choose two.

A. It uses symmetric key pairs.B. It provides security using data encryption and digital signature.C. It uses asymmetric key pairs.D. It is a digital representation of information that identifies users.

Correct Answer: BCSection: Volume AExplanation


QUESTION 28Which of the following types of halon is found in portable extinguishers and is stored as a liquid?

A. Halon-fB. Halon 1301C. Halon 11D. Halon 1211



QUESTION 29Mark has been hired by a company to work as a Network Assistant. He is assigned the task to configure adial-up connection. He is configuring a laptop. Which of the following protocols should he disable to ensurethat the password is encrypted during remote access?

A. SPAPB. MSCHAPC. PAP

D. MSCHAP V2



QUESTION 30Which of the following disaster recovery tests includes the operations that shut down at the primary site,and are shifted to the recovery site according to the disaster recovery plan?

A. Structured walk-through testB. Simulation testC. Full-interruption testD. Parallel test



QUESTION 31In which of the following network topologies does the data travel around a loop in a single direction andpass through each device?

A. Ring topologyB. Tree topologyC. Star topologyD. Mesh topology



QUESTION 32You are the Network Administrator for a small business. You need a widely used, but highly secure hashingalgorithm. Which of the following should you choose?

A. AESB. SHAC. EAPD. CRC32



QUESTION 33Which of the following can be configured so that when an alarm is activated, all doors lock and the suspector intruder is caught between the doors in the dead-space?

A. Man trapB. Biometric deviceC. Host Intrusion Detection System (HIDS)D. Network Intrusion Detection System (NIDS)



QUESTION 34Which of the following refers to a location away from the computer center where document copies andbackup media are kept?

A. Storage Area networkB. Off-site storageC. On-site storageD. Network attached storage



QUESTION 35Computer networks and the Internet are the prime mode of Information transfer today. Which of thefollowing is a technique used for modifying messages, providing Information and Cyber security, andreducing the risk of hacking attacks during communications and message passing over the Internet?

A. Risk analysisB. Firewall securityC. CryptographyD. OODA loop



QUESTION 36An organization wants to allow a certificate authority to gain access to the encrypted data and create digitalsignatures on behalf of the user. The data is encrypted using the public key from a user's certificate. Whichof the following processes fulfills the above requirements?

A. Key escrowB. Key storageC. Key revocationD. Key recovery



QUESTION 37Which of the following are the primary components of a discretionary access control (DAC) model? Eachcorrect answer represents a complete solution. Choose two.

A. User's groupB. File and data ownershipC. Smart cardD. Access rights and permissions

Correct Answer: BDSection: Volume AExplanation


QUESTION 38Which of the following encryption modes can make protocols without integrity protection even moresusceptible to replay attacks, since each block gets decrypted in exactly the same way?

A. Cipher feedback modeB. Cipher block chaining modeC. Output feedback modeD. Electronic codebook mode



QUESTION 39You work as a technician for Trade Well Inc. The company is in the business of share trading. To enhancesecurity, the company wants users to provide a third key (apart from ID and password) to access thecompany's Web site. Which of the following technologies will you implement to accomplish the task?

A. Smart cardsB. Key fobsC. VPND. Biometrics



QUESTION 40Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the TCP/IP model?

A. The transport layerB. The presentation layerC. The session layer

D. The application layer



QUESTION 41You are the Network Administrator for a college. You watch a large number of people (some not evenstudents) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had aproblem with laptops being stolen. What is the most cost effective method to prevent this?

A. Smart card access to all areas with computers.B. Use laptop locks.C. Video surveillance on all areas with computers.D. Appoint a security guard.



QUESTION 42The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical securitydevices can now be used for verification and historical analysis of the ATM robbery?


A. Key cardB. Biometric devicesC. Intrusion detection systemsD. CCTV Cameras



QUESTION 43You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically used toensure the integrity of certain sensitive files. It must use a 128 bit hash value. Which of the following shouldyou use?

A. AESB. SHAC. MD5D. DES



QUESTION 44Which of the following are the countermeasures against a man-in-the-middle attack? Each correct answerrepresents a complete solution. Choose all that apply.

A. Using public key infrastructure authentication.B. Using basic authentication.C. Using Secret keys for authentication.D. Using Off-channel verification.

Correct Answer: ACDSection: Volume AExplanation


QUESTION 45Which of the following is an electrical event shows that there is enough power on the grid to prevent from atotal power loss but there is no enough power to meet the current electrical demand?

A. Power SurgeB. Power SpikeC. BlackoutD. Brownout



QUESTION 46Which of the following protocols is designed to efficiently handle high-speed data over wide area networks(WANs)?

A. PPPB. X.25C. Frame relayD. SLIP


Explanation/Reference:Modified.

QUESTION 47Which of the following statements best describes a certification authority?

A. A certification authority is a technique to authenticate digital documents by using computercryptography.

B. A certification authority is a type of encryption that uses a public key and a private key pair for dataencryption.

C. A certification authority is an entity that issues digital certificates for use by other parties.D. A certification authority is a type of encryption that uses a single key to encrypt and decrypt data.



QUESTION 48In which of the following alternative processing sites is the backup facility maintained in a constant order,with a full complement of servers, workstations, and communication links ready to assume the primaryoperations responsibility? A. Hot Site B. Mobile Site C. Warm Site D. Cold Site

A.B.C.D.

Correct Answer: Section: Volume AExplanation


QUESTION 49Which of the following should the administrator ensure during the test of a disaster recovery plan?

A. Ensure that the plan works properlyB. Ensure that all the servers in the organization are shut down.C. Ensure that each member of the disaster recovery team is aware of their responsibility.D. Ensure that all client computers in the organization are shut down.

Correct Answer: CASection: Volume AExplanation


QUESTION 50The service-oriented modeling framework (SOMF) provides a common modeling notation to addressalignment between business and IT organizations. Which of the following principles does the SOMFconcentrate on? Each correct answer represents a part of the solution.Choose all that apply.

A. Disaster recovery planningB. SOA value propositionC. Software assets reuseD. Architectural components abstractionE. Business traceability

Correct Answer: EBCDSection: Volume AExplanation


QUESTION 51You want to connect a twisted pair cable segment to a fiber-optic cable segment. Which of the followingnetworking devices will you use to accomplish the task?

A. HubB. SwitchC. RepeaterD. Router



QUESTION 52In your office, you are building a new wireless network that contains Windows 2003 servers. To establish anetwork for secure communication, you have to implement IPSec security policy on the servers. Whatauthentication methods can you use for this implementation? Each correct answer represents a completesolution. Choose all that apply.

A. Public-key cryptographyB. KerberosC. Preshared keysD. Digital certificates

Correct Answer: BDCSection: Volume AExplanation


QUESTION 53Which of the following two components does Kerberos Key Distribution Center (KDC) consist of? Eachcorrect answer represents a complete solution. Choose two.

A. Data serviceB. Ticket-granting serviceC. Account serviceD. Authentication service

Correct Answer: DBSection: Volume AExplanation


QUESTION 54Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statementsare true about the Kerberos authentication scheme? Each correct answer represents a complete solution.Choose all that apply.

A. Kerberos requires continuous availability of a central server.B. Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject's

passwords.C. Kerberos builds on Asymmetric key cryptography and requires a trusted third party.D. Kerberos requires the clocks of the involved hosts to be synchronized.

Correct Answer: ABDSection: Volume AExplanation


QUESTION 55An organization is seeking to implement a hot site and wants to maintain a live database server at thebackup site. Which of the following solutions will be the best for the organization?

A. Electronic vaultingB. Remote journalingC. Remote mirroringD. Transaction logging



QUESTION 56A helpdesk technician received a phone call from an administrator at a remote branch office. Theadministrator claimed to have forgotten the password for the root account on UNIX servers and asked forit. Although the technician didn't know any administrator at the branch office, the guy sounded really friendlyand since he knew the root password himself, he supplied the caller with the password. What type of attackhas just occurred?

A. Social Engineering attackB. Brute Force attackC. War dialing attackD. Replay attack



QUESTION 57You work as a Network Administrator of a TCP/IP network. You are having DNS resolution problem. Whichof the following utilities will you use to diagnose the problem?

A. TRACERTB. PINGC. IPCONFIGD. NSLOOKUP

Correct Answer: DSection: Volume A

Explanation


QUESTION 58The IPSec protocol is configured in an organization's network in order to maintain a complete infrastructurefor secured network communications. IPSec uses four components for this. Which of the followingcomponents reduces the size of data transmitted over congested network connections and increases thespeed of such networks without losing data?

A. AHB. ESPC. IPcompD. IKE



QUESTION 59You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following tasks:Develop a risk-driven enterprise information security architecture. Deliver security infrastructure solutionsthat support critical business initiatives. Which of the following methods will you use to accomplish thesetasks?

A. Service-oriented architectureB. Sherwood Applied Business Security ArchitectureC. Service-oriented modeling frameworkD. Service-oriented modeling and architecture



QUESTION 60A network is configured on a Bus topology. Which of the following conditions could cause a networkfailure? Each correct answer represents a complete solution. Choose all that apply.

A. A break in a network cableB. 75 ohm terminators at open endsC. A powered off workstationD. An open-ended cable without terminators

Correct Answer: DBASection: Volume AExplanation


QUESTION 61Which of the following is an input device that is used for controlling machines such as cranes, trucks,underwater unmanned vehicles, wheelchairs, surveillance cameras, and zero turning radius lawn mowers?

A. PS/2B. JoystickC. MicrophoneD. AGP



QUESTION 62Which of the following types of attacks is often performed by looking surreptitiously at the keyboard ormonitor of an employee's computer?

A. Buffer-overflow attackB. Man-in-the-middle attackC. Shoulder surfing attackD. Denial-of-Service (DoS) attack



QUESTION 63A digital signature is a type of public key cryptography. Which of the following statements are true aboutdigital signatures? Each correct answer represents a complete solution. Choose all that apply.

A. In order to digitally sign an electronic record, a person must use his/her public key.B. In order to verify a digital signature, the signer's private key must be used.C. In order to digitally sign an electronic record, a person must use his/her private key.D. In order to verify a digital signature, the signer's public key must be used.

Correct Answer: CDSection: Volume AExplanation


QUESTION 64Which of the following devices is a least expensive power protection device for filtering the electrical streamto control power surges, noise, power sags, and power spikes?

A. Line ConditionerB. Surge SuppressorC. Uninterrupted Power Supply (UPS)D. Expansion Bus



QUESTION 65You work as a Project Manager for Tech Perfect Inc. You are creating a document which emphasizes theformal study of what your organization is doing currently and where it will be in the future. Which of thefollowing analysis will help you in accomplishing the task?

A. Cost-benefit analysisB. Gap analysisC. Requirement analysisD. Vulnerability analysis



QUESTION 66SSH is a network protocol that allows data to be exchanged between two networks using a secure channel.Which of the following encryption algorithms can be used by the SSH protocol? Each correct answerrepresents a complete solution. Choose all that apply.

A. BlowfishB. DESC. IDEAD. RC4

Correct Answer: CBASection: Volume AExplanation


QUESTION 67Which of the following firewalls inspects the actual contents of packets?

A. Packet filtering firewallB. Stateful inspection firewallC. Application-level firewallD. Circuit-level firewall



QUESTION 68Which of the following statements about incremental backup are true? Each correct answer represents acomplete solution. Choose two.

A. It is the fastest method of backing up data.B. It is the slowest method for taking a data backup.C. It backs up the entire database, including the transaction log.D. It backs up only the files changed since the most recent backup and clears the archive bit.

Correct Answer: ADSection: Volume AExplanation


QUESTION 69You work as a Network Administrator for Blue Bell Inc. The company has a TCP-based network. Thecompany has two offices in different cities. The company wants to connect the two offices by using a publicnetwork. You decide to configure a virtual private network (VPN) between the offices. Which of thefollowing protocols is used by VPN for tunneling?

A. L2TPB. HTTPSC. SSLD. IPSec



QUESTION 70John works as a Network Administrator for NetPerfect Inc. The company has a Windows- based network.John has been assigned a project to build a network for the sales department of the company. It isimportant for the LAN to continue working even if there is a break in the cabling. Which of the followingtopologies should John use to accomplish the task?

A. StarB. MeshC. BusD. Ring



QUESTION 71Which of the following encryption algorithms are based on block ciphers?

A. RC4B. TwofishC. RijndaelD. RC5

Correct Answer: DCBSection: Volume BExplanation


QUESTION 72

Adam works as a Network Administrator. He discovers that the wireless AP transmits 128 bytes ofplaintext, and the station responds by encrypting the plaintext. It then transmits the resulting ciphertextusing the same key and cipher that are used by WEP to encrypt subsequent network traffic. Which of thefollowing types of authentication mechanism is used here?

A. Pre-shared key authenticationB. Open system authenticationC. Shared key authenticationD. Single key authentication

Correct Answer: CSection: Volume BExplanation


QUESTION 73The OSI model is the most common networking model used in the industry. Applications, networkfunctions, and protocols are typically referenced using one or more of the seven OSI layers. Of thefollowing, choose the two best statements that describe the OSI layer functions. Each correct answerrepresents a complete solution. Choose two.

A. Layers 1 and 2 deal with application functionality and data formatting. These layers reside at the top ofthe model.

B. Layers 4 through 7 define the functionality of IP Addressing, Physical Standards, and Data Linkprotocols.

C. Layers 5, 6, and 7 focus on the Network Application, which includes data formatting and sessioncontrol.

D. Layers 1, 2, 3, and 4 deal with physical connectivity, encapsulation, IP Addressing, and Error Recovery.These layers define the end-to-end functions of data delivery.

Correct Answer: CDSection: Volume BExplanation


QUESTION 74Which of the following is the technology of indoor or automotive environmental comfort?

A. HIPSB. HVACC. NIPSD. CCTV

Correct Answer: BSection: Volume BExplanation


QUESTION 75Which of the following protocols provides certificate-based authentication for virtual private networks(VPNs)?

A. PPTPB. SMTP

C. HTTPSD. L2TP

Correct Answer: DSection: Volume BExplanation


QUESTION 76Which of the following types of ciphers are included in the historical ciphers? Each correct answerrepresents a complete solution. Choose two.

A. Block ciphersB. Transposition ciphersC. Stream ciphersD. Substitution ciphers

Correct Answer: DBSection: Volume BExplanation


QUESTION 77John works as a security manager for SoftTech Inc. He is working with his team on the disaster recoverymanagement plan. One of his team members has a doubt related to the most cost effective DRP testingplan. According to you, which of the following disaster recovery testing plans is the most cost-effective andefficient way to identify areas of overlap in the plan before conducting more demanding training exercises?

A. Evacuation drillB. Walk-through drillC. Structured walk-through testD. Full-scale exercise



QUESTION 78Which of the following security protocols provides confidentiality, integrity, and authentication of networktraffic with end-to-end and intermediate-hop security?

A. IPSecB. SETC. SWIPED. SKIP



QUESTION 79You are calculating the Annualized Loss Expectancy (ALE) using the following formula:ALE=AV * EF * ARO What information does the AV (Asset Value) convey?

A. It represents how many times per year a specific threat occurs.B. It represents the percentage of loss that an asset experiences if an anticipated threat occurs.C. It is expected loss for an asset due to a risk over a one year period.D. It represents the total cost of an asset, including the purchase price, recurring maintenance, expenses,

and all other costs.



QUESTION 80You work as a Network Administrator for NetTech Inc. When you enter http://66.111.64.227 in thebrowser's address bar, you are able to access the site. But, you are unable to access the site when youenter http://www.company.com. What is the most likely cause?

A. The site's Web server is offline.B. The site's Web server has heavy traffic.C. WINS server has no NetBIOS name entry for the server.D. DNS entry is not available for the host name.



QUESTION 81In software development, which of the following analysis is used to document the services and functionsthat have been accidentally left out, deliberately eliminated or still need to be developed?

A. Gap analysisB. Requirement analysisC. Cost-benefit analysisD. Vulnerability analysis

Correct Answer: ASection: Volume BExplanation


QUESTION 82Which of the following processes identifies the threats that can impact the business continuity ofoperations?

A. Function analysisB. Risk analysisC. Business impact analysisD. Requirement analysis



QUESTION 83What are the benefits of using AAA security service in a network? Each correct answer represents a part ofthe solution. Choose all that apply.


A. It provides scalability.B. It supports a single backup system.C. It increases flexibility and control of access configuration.D. It supports RADIUS, TACACS+, and Kerberos authentication methods.

Correct Answer: ACDSection: Volume BExplanation


QUESTION 84In which of the following SDLC phases are the software and other components of the system faithfullyincorporated into the design specifications?

A. Programming and trainingB. Evaluation and acceptanceC. DefinitionD. Initiation



QUESTION 85Which of the following life cycle modeling activities establishes service relationships and messageexchange paths?

A. Service-oriented logical design modelingB. Service-oriented conceptual architecture modelingC. Service-oriented discovery and analysis modelingD. Service-oriented business integration modeling



QUESTION 86You work as a Network Administrator for Net World Inc. You are required to configure a VLAN for thecompany. Which of the following devices will you use to physically connect the computers in the VLAN?Each correct answer represents a complete solution. Choose two.

A. SwitchB. RouterC. BridgeD. Hub E. Repeater

Correct Answer: ABSection: Volume BExplanation


QUESTION 87Which of the following protocols work at the Network layer of the OSI model?

A. Routing Information Protocol (RIP)B. File Transfer Protocol (FTP)C. Simple Network Management Protocol (SNMP)D. Internet Group Management Protocol (IGMP)

Correct Answer: ADSection: Volume BExplanation


QUESTION 88Which of the following are used to suppress paper or wood fires? Each correct answer represents acomplete solution. Choose two.

A. Soda acidB. KeroseneC. WaterD. CO2

Correct Answer: CASection: Volume BExplanation


QUESTION 89Mark works as a Network Administrator for NetTech Inc. He wants to connect the company's headquarterand its regional offices using a WAN technology. For this, he uses packet- switched connection. Which ofthe following WAN technologies will Mark use to connect the offices? Each correct answer represents acomplete solution. Choose two.

A. ISDNB. X.25C. Frame Relay

D. Leased line

Correct Answer: BCSection: Volume BExplanation


QUESTION 90Fill in the blank with the appropriate security method. ____________ is a system, which enables anauthority to control access to areas and resources in a given physical facility, or computer- basedinformation system.

A. Access control



QUESTION 91In which of the following types of tests are the disaster recovery checklists distributed to the members ofdisaster recovery team and asked to review the assigned checklist?

A. Parallel testB. Simulation testC. Full-interruption testD. Checklist test



QUESTION 92Which of the following heights of fence deters only casual trespassers?

A. 8 feetB. 3 to 4 feetC. 2 to 2.5 feetD. 6 to 7 feet



QUESTION 93In which of the following cryptographic attacking techniques does an attacker obtain encrypted messagesthat have been encrypted using the same encryption algorithm?

A. Chosen plaintext attackB. Ciphertext only attack

C. Chosen ciphertext attackD. Known plaintext attack



QUESTION 94Which of the following terms related to risk management represents the estimated frequency at which athreat is expected to occur?

A. SafeguardB. Annualized Rate of Occurrence (ARO)C. Single Loss Expectancy (SLE)D. Exposure Factor (EF)



QUESTION 95You work as a Chief Security Officer for Tech Perfect Inc. The company has a TCP/IP based network. Youwant to use a firewall that can track the state of active connections of the network and then determinewhich network packets are allowed to enter through the firewall. Which of the following firewalls has thisfeature?

A. Stateful packet inspection firewallB. Proxy-based firewallC. Dynamic packet-filtering firewallD. Application gateway firewall



QUESTION 96Fill in the blank with the appropriate security device. ___________ is a device that contains a physicalmechanism or electronic sensor that quantifies motion that can be either integrated with or connected toother devices that alert the user of the presence of a moving object within the field of view.

A. Motion detector



QUESTION 97Which of the following uses a Key Distribution Center (KDC) to authenticate a principle?

A. CHAPB. PAPC. KerberosD. TACACS



QUESTION 98Which of the following is a network service that stores and organizes information about a network usersand network resources and that allows administrators to manage users' access to the resources?

A. SMTP serviceB. Terminal serviceC. Directory serviceD. DFS service



QUESTION 99You work as a Network Administrator for Net Soft Inc. You are designing a data backup plan for yourcompany's network. The backup policy of the company requires high security and easy recovery of data.Which of the following options will you choose to accomplish this?

A. Take a full backup daily and use six-tape rotation.B. Take a full backup on Monday and a differential backup on each of the following weekdays.

Keep Monday's backup offsite.C. Take a full backup daily with the previous night's tape taken offsite.D. Take a full backup on alternate days and keep rotating the tapes.E. Take a full backup on Monday and an incremental backup on each of the following weekdays. Keep

Monday's backup offsite.F:Take a full backup daily with one tape taken offsite weekly.



QUESTION 100Which of the following are types of asymmetric encryption algorithms? Each correct answer represents acomplete solution. Choose two.

A. RSAB. AESC. ECCD. DES

Correct Answer: AC

Section: Volume BExplanation


QUESTION 101Which of the following attacks allows the bypassing of access control lists on servers or routers, and helpsan attacker to hide? Each correct answer represents a complete solution.Choose two.

A. DNS cache poisoningB. MAC spoofingC. IP spoofing attackD. DDoS attack



QUESTION 102You are the Network Administrator at a large company. Your company has a lot of contractors and otheroutside parties that come in and out of the building. For this reason you are concerned that simply havingusernames and passwords is not enough and want to have employees use tokens for authentication.Which of the following is not an example of tokens?

A. Smart cardB. USB device with cryptographic dataC. CHAPD. Key fob



QUESTION 103Which of the following LAN protocols use token passing for exchanging signals among various stations onthe network? Each correct answer represents a complete solution.Choose two.

A. Ethernet (IEEE 802.3)B. Token ring (IEEE 802.5)C. Fiber Distributed Data Interface (FDDI)D. Wireless LAN (IEEE 802.11b)



QUESTION 104Which of the following components come under the network layer of the OSI model? Each correct answer

represents a complete solution. Choose two.

A. RoutersB. MAC addressesC. FirewallsD. Hub

Correct Answer: ACSection: Volume BExplanation


QUESTION 105Which of the following are examples of physical controls used to prevent unauthorized access to sensitivematerials?

A. Thermal alarm systemsB. Security GuardsC. Closed circuit camerasD. Encryption

Correct Answer: CBASection: Volume BExplanation


QUESTION 106At which of the following layers of the Open System Interconnection (OSI) model the Internet ControlMessage Protocol (ICMP) and the Internet Group Management Protocol (IGMP) work?

A. The Physical layerB. The Data-Link layerC. The Network layerD. The Presentation layer



QUESTION 107Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) toencrypt the data stored on a disk on a file-by-file basis?

A. TwofishB. Digital certificatesC. Public keyD. RSA

Correct Answer: CBSection: Volume BExplanation


QUESTION 108Which of the following statements about Discretionary Access Control List (DACL) is true?

A. It specifies whether an audit activity should be performed when an object attempts to access aresource.

B. It is a unique number that identifies a user, group, and computer account.C. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the

object.D. It is a rule list containing access control entries.


Explanation/Reference:Appropriated.

QUESTION 109Which of the following methods will allow data to be sent on the Internet in a secure format?

A. Serial Line Interface ProtocolB. Point-to-Point ProtocolC. BrowsingD. Virtual Private Networks



QUESTION 110Which of the following are used to suppress electrical and computer fires? Each correct answer representsa complete solution. Choose two.

A. HalonB. WaterC. CO2D. Soda acid

Correct Answer: ACSection: Volume BExplanation


QUESTION 111Which of the following are natural environmental threats that an organization faces? Each correct answerrepresents a complete solution. Choose two.

A. StrikesB. FloodsC. AccidentsD. Storms

Correct Answer: BDSection: Volume BExplanation


QUESTION 112Which of the following keys are included in a certificate revocation list (CRL) of a public key infrastructure(PKI)? Each correct answer represents a complete solution. Choose two.

A. A foreign keyB. A private keyC. A public keyD. A primary key



QUESTION 113Which of the following SDLC phases consists of the given security controls: Misuse Case ModelingSecurity Design and Architecture Review Threat and Risk Modeling Security Requirements and Test CasesGeneration

A. DesignB. MaintenanceC. DeploymentD. Requirements Gathering



QUESTION 114A company named Money Builders Inc., hires you to provide consultancy for setting up their Windowsnetwork. The company's server room will be in a highly secured environment. You are required to suggestan authentication method for it. The CFO of the company wants the server to use thumb impressions forauthentication. Which of the following authentication methods will you suggest?

A. CertificateB. Smart cardC. Two-factorD. Biometrics



QUESTION 115

You are the Security Consultant and have been contacted by a client regarding their encryption andhashing algorithms. Their in-house network administrator tells you that their current hashing algorithm is anolder one with known weaknesses and is not collision resistant.Which algorithm are they most likely usingfor hashing?

A. PKIB. SHAC. KerberosD. MD5



QUESTION 116You work as a Network Administrator for Net Perfect Inc. The company has a Linux-based network. Youneed to configure a firewall for the company. The firewall should be able to keep track of the state ofnetwork connections traveling across the network. Which of the following types of firewalls will youconfigure to accomplish the task?

A. Stateful firewallB. Host-based application firewallC. A network-based application layer firewallD. An application firewall



QUESTION 117Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premisesof an organization. This attack is often performed by looking surreptitiously at the keyboard of anemployee's computer while he is typing in his password at any access point such as a terminal/Web site.Which of the following is violated in a shoulder surfing attack?

A. IntegrityB. AvailabilityC. AuthenticityD. Confidentiality



QUESTION 118Which of the following plans is designed to protect critical business processes from natural or man-madefailures or disasters and the resultant loss of capital due to the unavailability of normal businessprocesses?

A. Disaster recovery planB. Contingency plan

C. Business continuity planD. Crisis communication plan



QUESTION 119Which of the following processes is used by remote users to make a secure connection to internalresources after establishing an Internet connection?

A. SpoofingB. Packet sniffingC. TunnelingD. Packet filtering



QUESTION 120You work as a Security Manager for Tech Perfect Inc. A number of people are involved with you in the DRPefforts. You have maintained several different types of plan documents, intended for different audiences.Which of the following documents will be useful for you as well as public relations personnel who require anon-technical perspective on the entire organization's disaster recovery efforts?

A. Technical guideB. Executive summaryC. ChecklistD. Department-specific plan



QUESTION 121Which of the following protects against unauthorized access to confidential information via encryption andworks at the network layer?

A. FirewallB. NATC. MAC addressD. IPSec



QUESTION 122Which of the following statements are true about Public-key cryptography? Each correct answer representsa complete solution. Choose two.

A. Data encrypted with the secret key can only be decrypted by another secret key.B. The secret key can encrypt a message, and anyone with the public key can decrypt it.C. The distinguishing technique used in public key-private key cryptography is the use of symmetric key

algorithms.D. Data encrypted by the public key can only be decrypted by the secret key.

Correct Answer: DBSection: Volume BExplanation


QUESTION 123Which of the following backup types backs up files that have been added and all data that have beenmodified since the most recent backup was performed?

A. Differential backupB. Incremental backupC. Daily backupD. Full backup



QUESTION 124You are the administrator for YupNo.com. You want to increase and enhance the security of yourcomputers and simplify deployment. You are especially concerned with any portable computers that areused by remote employees. What can you use to increase security, while still allowing your users toperform critical tasks?


A. BitLockerB. Smart CardsC. Service AccountsD. AppLocker



QUESTION 125

You have just set up a wireless network for customers at a coffee shop. Which of the following are goodsecurity measures to implement? Each correct answer represents a complete solution. Choose two.

A. MAC filtering the routerB. Not broadcasting SSIDC. Using WEP encryptionD. Using WPA encryption

Correct Answer: CDSection: Volume BExplanation


QUESTION 126Which of the following protocols provides the highest level of VPN security with a VPN connection that usesthe L2TP protocol?

A. IPSecB. PPPoEC. PPPD. TFTP



QUESTION 127Which of the following encryption methods comes under symmetric encryption algorithm? Each correctanswer represents a complete solution. Choose three.

A. DESB. BlowfishC. RC5D. Diffie-Hellman

Correct Answer: ABCSection: Volume BExplanation


QUESTION 128Which of the following uses public key cryptography to encrypt the contents of files?

A. EFSB. DFSC. NTFSD. RFS



QUESTION 129An access control secures the confidentiality, integrity, and availability of the information and data of anorganization. In which of the following categories can you deploy the access control? Each correct answerrepresents a part of the solution. Choose all that apply.

A. Detective access controlB. Corrective access controlC. Administrative access controlD. Preventive access control

Correct Answer: DABSection: Volume BExplanation


QUESTION 130You are the Network Administrator for a bank. In addition to the usual security issues, you are concernedthat your customers could be the victim of phishing attacks that use fake bank Web sites. Which of thefollowing would protect against this?

A. MACB. Mutual authenticationC. Three factor authenticationD. Two factor authentication



QUESTION 131You are responsible for security at a defense contracting firm. You are evaluating various possibleencryption algorithms to use. One of the algorithms you are examining is not integer based, uses shorterkeys, and is public key based. What type of algorithm is this?

A. SymmetricB. None - all encryptions are integer based.C. Elliptic CurveD. RSA



QUESTION 132Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of thefollowing formulas best describes the Single Loss Expectancy (SLE)?

A. SLE = Asset Value (AV) * Exposure Factor (EF)B. SLE = Asset Value (AV) * Annualized Rate of Occurrence (ARO)

C. SLE = Annualized Loss Expectancy (ALE) * Annualized Rate of Occurrence (ARO)D. SLE = Annualized Loss Expectancy (ALE) * Exposure Factor (EF)



QUESTION 133Which of the following are man-made threats that an organization faces? Each correct answer represents acomplete solution. Choose three.

A. TheftB. Employee errorsC. StrikesD. Frauds

Correct Answer: ABDSection: Volume BExplanation

Explanation/Reference:Corrected.

QUESTION 134Which of the following methods for identifying appropriate BIA interviewees' includes examining theorganizational chart of the enterprise to understand the functional positions?

A. Executive management interviewsB. Overlaying system technologyC. Organizational chart reviewsD. Organizational process models



QUESTION 135Which of the following describes the acceptable amount of data loss measured in time?

A. Recovery Consistency Objective (RCO)B. Recovery Time Objective (RTO)C. Recovery Point Objective (RPO)D. Recovery Time Actual (RTA)



QUESTION 136In which of the following access control models, owner of an object decides who is allowed to access theobject and what privileges they have?

A. Access Control List (ACL)B. Mandatory Access Control (MAC)C. Role Based Access Control (RBAC)D. Discretionary Access Control (DAC)



QUESTION 137Which of the following is the process of finding weaknesses in cryptographic algorithms and obtaining theplaintext or key from the ciphertext?

A. KerberosB. CryptographyC. CryptographerD. Cryptanalysis



QUESTION 138Which of the following encryption algorithms is used by the Clipper chip, which supports the escrowedencryption standard?

A. SkipjackB. BlowfishC. AESD. IDEA



QUESTION 139Which of the following statements about Network Address Translation (NAT) are true? Each correctanswer represents a complete solution. Choose three.

A. It hides the internal IP addressing scheme.B. It protects network from the password guessing attacks.C. It is used to connect private networks to the public Internet.D. It shares public Internet addresses with a large number of internal network clients.

Correct Answer: CADSection: Volume BExplanation


QUESTION 140An organization has implemented a hierarchical-based concept of privilege management in whichadministrators have full access, HR managers have less permission than the administrators, and dataentry operators have no access to resources. Which of the following access control models is implementedin the organization?

A. Role-based access control (RBAC)B. Network-based access control (NBAC)C. Mandatory Access Control (MAC)D. Discretionary access control (DAC)



QUESTION 141Which of the following Incident handling process phases is responsible for defining rules, collaboratinghuman workforce, creating a back-up plan, and testing the plans for an enterprise?

A. Eradication phaseB. Recovery phaseC. Containment phaseD. Preparation phaseE. Identification phase



QUESTION 142Which of the following is an entry in an object's discretionary access control list (DACL) that grantspermissions to a user or group?

A. Access control entry (ACE)B. Discretionary access control entry (DACE)C. Access control list (ACL)D. Security Identifier (SID)



QUESTION 143Access control systems enable an authority to control access to areas and resources in a given physicalfacility or computer-based information system. Which of the following services provided by access controlsystems is used to determine what a subject can do?

A. AuthenticationB. Authorization

C. AccountabilityD. Identification



QUESTION 144You work as a Security Manager for Tech Perfect Inc. The management tells you to implement a hashingmethod in the organization that can resist forgery and is not open to the man-in-the-middle attack. Which ofthe following methods will you use to accomplish the task?

A. MDB. NTLMC. MACD. SHA



QUESTION 145You work as a Network Administrator for company Inc. The company has deployed an ASA at the networkperimeter. Which of the following types of firewall will you use to create two different communications, onebetween the client and the firewall, and the other between the firewall and the end server?

A. Stateful firewallB. Endian firewallC. Packet filter firewallD. Proxy-based firewall



QUESTION 146You are the Security Administrator for a consulting firm. One of your clients needs to encrypt traffic.However, he has specific requirements for the encryption algorithm. It must be a symmetric key blockcipher. Which of the following should you choose for this client?

A. PGPB. SSHC. DESD. RC4



QUESTION 147You work as an administrator for Techraft Inc. Employees of your company create 'products', which aresupposed to be given different levels of access. You need to configure a security policy in such a way thatan employee (producer of the product) grants accessing privileges (such as read, write, or alter) for hisproduct. Which of the following access control models will you use to accomplish this task?

A. Discretionary access control (DAC)B. Role-based access control (RBAC)C. Mandatory access control (MAC)D. Access control list (ACL)


Explanation/Reference:Answer is renovated.

QUESTION 148Which of the following decides access control on an object in the mandatory access control (MAC)environment?

A. Sensitivity labelB. Event logC. System Access Control List (SACL)D. Security log



QUESTION 149Which of the following protocols should a Chief Security Officer configure in the network of his company toprotect sessionless datagram protocols?

A. SWIPEB. S/MIMEC. SKIPD. SLIP



QUESTION 150Which of the following protocols supports encapsulation of encrypted packets in secure wrappers that canbe transmitted over a TCP/IP connection?

A. PPTPB. UDPC. IPSecD. PAP



QUESTION 151You work as a remote support technician. A user named Rick calls you for support. Rick wants to connecthis LAN connection to the Internet. Which of the following devices will you suggest that he use?

A. HubB. RepeaterC. BridgeD. SwitchE. Router

Correct Answer: ESection: Volume BExplanation


QUESTION 152Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH-2protocol? Each correct answer represents a complete solution. Choose all that apply.

A. TIS authenticationB. Rhosts (rsh-style) authenticationC. Kerberos authenticationD. Password-based authentication



QUESTION 153Fill in the blank with the appropriate encryption system. The ______ encryption system is an asymmetrickey encryption algorithm for the public-key cryptography, which is based on the Diffie- Hellman keyagreement.

A. ElGamal



QUESTION 154John works as an Ethical Hacker for company Inc. He wants to find out the ports that are open incompany's server using a port scanner. However, he does not want to establish a full TCP connection.Which of the following scanning techniques will he use to accomplish this task?

A. TCP FIN

B. Xmas treeC. TCP SYN/ACKD. TCP SYN



QUESTION 155Which of the following layers of the OSI model provides non-repudiation services?

A. The application layerB. The data-link layerC. The presentation layerD. The physical layer



QUESTION 156You work as a Network Administrator for McNeil Inc. The company has a TCP/IP-based network.Performance of the network is slow because of heavy traffic. A hub is used as a central connecting devicein the network. Which of the following devices can be used in place of a hub to control the network trafficefficiently?

A. RepeaterB. BridgeC. SwitchD. Router



QUESTION 157Which of the following categories of access controls is deployed in the organization to prevent all directcontacts with systems?

A. Detective access controlB. Physical access controlC. Technical access controlD. Administrative access control



QUESTION 158Which of the following is an infrastructure system that allows the secure exchange of data over anunsecured network?

A. PMKB. PTKC. PKID. GTK



QUESTION 159Which of the following algorithms is found to be suitable for both digital signature and encryption?

A. SHA-1B. MD5C. AESD. RSA



QUESTION 160Which of the following is responsible for maintaining certificates in a public key infrastructure (PKI)?

A. Domain ControllerB. Certificate UserC. Certification AuthorityD. Internet Authentication Server



QUESTION 161Which of the following authentication methods is based on physical appearance of a user?

A. Key fobB. BiometricsC. ID/password combinationD. Smart card



QUESTION 162Which of the following is a correct sequence of different layers of Open System Interconnection (OSI)model?

A. Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, andapplication layer

B. Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, andapplication layer

C. application layer, presentation layer, network layer, transport layer, session layer, data link layer, andphysical layer

D. Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, andapplication layer



QUESTION 163Which of the following are used to suppress gasoline and oil fires? Each correct answer represents acomplete solution. Choose three.

A. WaterB. CO2C. HalonD. Soda acid

Correct Answer: BCDSection: Volume BExplanation


QUESTION 164Fill in the blank with the appropriate phrase. The is a simple document that provides a high- level view ofthe entire organization's disaster recovery efforts.

A. Executive summary



QUESTION 165You work as a Chief Security Officer for Tech Perfect Inc. You have configured IPSec and ISAKMPprotocol in the company's network in order to establish a secure communication infrastructure. ccording tothe Internet RFC 2408, which of the following services does the ISAKMP protocol offer to the network?Each correct answer represents a part of the solution.Choose all that apply.

A. It relies upon a system of security associations.B. It provides key generation mechanisms.C. It authenticates communicating peers.

D. It protects against threats, such as DoS attack, replay attack, etc.

Correct Answer: CBDSection: Volume BExplanation


QUESTION 166Which of the following methods offers a number of modeling practices and disciplines that contribute to asuccessful service-oriented life cycle management and modeling?

A. Service-oriented modeling framework (SOMF)B. Service-oriented modeling and architecture (SOMA)C. Sherwood Applied Business Security Architecture (SABSA)D. Service-oriented architecture (SOA)


Explanation/Reference:Absolutely right.

QUESTION 167The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures neededto create, manage, distribute, use, store, and revoke digital certificates. Which of the following componentsdoes the PKI use to list those certificates that have been revoked or are no longer valid?

A. Certification Practice StatementB. Certificate PolicyC. Certificate Revocation ListD. Certification Authority



QUESTION 168You work as an Incident handling manager for a company. The public relations process of the companyincludes an event that responds to the e-mails queries. But since few days, it is identified that this processis providing a way to spammers to perform different types of e-mail attacks. Which of the following phasesof the Incident handling process will now be involved in resolving this process and find a solution? Eachcorrect answer represents a part of the solution. Choose all that apply.

A. IdentificationB. EradicationC. RecoveryD. ContaminationE. Preparation

Correct Answer: DCBSection: Volume BExplanation


QUESTION 169Which of the following ports must be opened on the firewall for the VPN connection using Point-to-PointTunneling Protocol (PPTP)?

A. TCP port 110B. TCP port 443C. TCP port 5060D. TCP port 1723



QUESTION 170Which of the following plans is a comprehensive statement of consistent actions to be taken before, during,and after a disruptive event that causes a significant loss of information systems resources?

A. Disaster recovery planB. Contingency planC. Business Continuity planD. Continuity of Operations plan



QUESTION 171Which of the following types of ciphers operates on a group of bits rather than an individual character or bitof a message?

A. Block cipherB. Classical cipherC. Substitution cipherD. Stream cipher



QUESTION 172Which of the following techniques can be used by an administrator while working with the symmetricencryption cryptography? Each correct answer represents a complete solution.Choose all that apply.

A. Block cipherB. Stream cipherC. Transposition cipherD. Message Authentication Code

Correct Answer: ABDSection: Volume BExplanation


QUESTION 173Which of the following are types of access control attacks? Each correct answer represents a completesolution. Choose all that apply.

A. Dictionary attackB. Mail bombingC. SpoofingD. Brute force attack

Correct Answer: CDBSection: Volume BExplanation


QUESTION 174Which of the following authentication protocols sends a user certificate inside an encrypted tunnel?

A. PEAPB. EAP-TLSC. WEPD. EAP-FAST



QUESTION 175Which of the following is a form of gate that allows one person to pass at a time?

A. BiometricB. Man-trapC. TurnstileD. Fence



QUESTION 176Which of the following algorithms can be used to check the integrity of a file? Each correct answerrepresents a complete solution. Choose two.

A. md5B. rsa

C. blowfishD. sha

Correct Answer: ADSection: Volume BExplanation


QUESTION 177You work as a Network Administrator for NetTech Inc. The company's network is connected to the Internet.For security, you want to restrict unauthorized access to the network with minimum administrative effort.You want to implement a hardware-based solution. What will you do to accomplish this?


A. Connect a brouter to the network.B. Implement a proxy server on the network.C. Connect a router to the network.D. Implement firewall on the network.



QUESTION 178The service-oriented modeling framework (SOMF) introduces five major life cycle modeling activities thatdrive a service evolution during design-time and run-time. Which of the following activities integrates SOAsoftware assets and establishes SOA logical environment dependencies?

A. Service-oriented business integration modelingB. Service-oriented logical design modelingC. Service-oriented discovery and analysis modelingD. Service-oriented logical architecture modeling



QUESTION 179You are responsible for security at a building that has a lot of traffic. There are even a significant number ofnon-employees coming in and out of the building. You are concerned about being able to find out who is inthe building at a particular time. What is the simplest way to accomplish this?

A. Implement a sign in sheet at the main entrance and route all traffic through there.B. Have all people entering the building use smart cards for access.C. Implement biometric access.

D. Implement cameras at all entrances.



QUESTION 180Which of the following security architectures defines how to integrate widely disparate applications for aworld that is Web-based and uses multiple implementation platforms?

A. Sherwood Applied Business Security ArchitectureB. Service-oriented modeling and architectureC. Enterprise architectureD. Service-oriented architecture



QUESTION 181Which of the following methods of encryption uses a single key to encrypt and decrypt data?

A. AsymmetricB. SymmetricC. S/MIMED. PGP



QUESTION 182The OSI reference model is divided into layers and each layer has a specific task to perform. At which layerof OSI model is the File and Print service performed?

A. Session layerB. Presentation layerC. Transport layerD. Application layer



QUESTION 183Which of the following cables provides maximum security against electronic eavesdropping on a network?

A. Fibre optic cable

B. STP cableC. UTP cableD. NTP cable



QUESTION 184Which of the following password authentication schemes enables a user with a domain account to log on toa network once, using a password or smart card, and to gain access to multiple computers in the domainwithout being prompted to log in again?

A. Single Sign-OnB. One-time passwordC. DynamicD. Kerberos


Explanation/Reference:Accurate Answer.

QUESTION 185Which of the following authentication methods provides credentials that are only valid during a singlesession?

A. Kerberos v5B. Smart cardC. CertificateD. Token



QUESTION 186Perfect World Inc., provides its sales managers access to the company's network from remote locations.The sales managers use laptops to connect to the network. For security purposes, the company'smanagement wants the sales managers to log on to the network using smart cards over a remoteconnection. Which of the following authentication protocols should be used to accomplish this?

A. Challenge Handshake Authentication Protocol (CHAP)B. Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)C. Open Shortest Path First (OSPF)D. Extensible Authentication Protocol (EAP)



QUESTION 187You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and youwant to discuss it with your team members for getting appropriate responses of the disaster. In which of thefollowing disaster recovery tests can this task be performed?

A. Full-interruption testB. Parallel testC. Simulation testD. Structured walk-through test



QUESTION 188Your customer is concerned about security. He wants to make certain no one in the outside world can seethe IP addresses inside his network. What feature of a router would accomplish this?

A. Port forwardingB. NATC. MAC filteringD. Firewall



QUESTION 189Your company is covered under a liability insurance policy, which provides various liability coverage forinformation security risks, including any physical damage of assets, hacking attacks, etc. Which of thefollowing risk management techniques is your company using?

A. Risk acceptanceB. Risk avoidanceC. Risk transferD. Risk mitigation



QUESTION 190Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnelin the field of security management. She is giving a tutorial on DRP. She explains that the major goal of adisaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs andasks for the other objectives of the DRP. If you are among some of the newly recruited personnel inSoftTech Inc, what will be your answer for her question? Each correct answer represents a part of thesolution. Choose three.

A. Guarantee the reliability of standby systems through testing and simulation.B. Protect an organization from major computer services failure.C. Minimize the risk to the organization from delays in providing services.D. Maximize the decision-making required by personnel during a disaster.

Correct Answer: BCASection: Volume BExplanation


QUESTION 191You work as a Network Consultant. A company named Tech Perfect Inc. hires you for security reasons.The manager of the company tells you to establish connectivity between clients and servers of the networkwhich prevents eavesdropping and tampering of data on the Internet. Which of the following will youconfigure on the network to perform the given task?

A. WEPB. IPsecC. VPND. SSL



QUESTION 192The security controls that are implemented to manage physical security are divided in various groups.Which of the following services are offered by the administrative physical security control group? Eachcorrect answer represents a part of the solution. Choose all that apply.

A. Construction and selectionB. Site managementC. Awareness trainingD. Access controlE. Intrusion detection

F:Personnel control



QUESTION 193Jasmine is creating a presentation. She wants to ensure the integrity and authenticity of the presentation.Which of the following will she use to accomplish the task?

A. Mark as finalB. Digital SignatureC. Restrict PermissionD. Encrypt Document

Correct Answer: B



QUESTION 194Which of the following elements of planning gap measures the gap between the total potential for themarket and the actual current usage by all the consumers in the market?

A. Project gapB. Product gapC. Competitive gapD. Usage gap



QUESTION 195Which of the following terms refers to the method that allows or restricts specific types of packets fromcrossing over the firewall?

A. HackingB. Packet filteringC. Web cachingD. Spoofing



QUESTION 196You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e- mails. Which ofthe following will you use to accomplish this?

A. PGPB. PPTPC. IPSecD. NTFS



QUESTION 197Peter works as a Network Administrator for Net World Inc. The company wants to allow remote users toconnect and access its private network through a dial-up connection via the Internet. All the data will besent across a public network. For security reasons, the management wants the data sent through theInternet to be encrypted. The company plans to use a Layer 2 Tunneling Protocol (L2TP) connection.Which communication protocol will Peter use to accomplish the task?

A. IP Security (IPSec)B. Microsoft Point-to-Point Encryption (MPPE)C. Pretty Good Privacy (PGP)D. Data Encryption Standard (DES)



QUESTION 198Which of the following protocols multicasts messages and information among all member devices in an IPmulticast group?

A. ARPB. ICMPC. TCPD. IGMP



QUESTION 199Which of the following security devices is presented to indicate some feat of service, a specialaccomplishment, a symbol of authority granted by taking an oath, a sign of legitimate employment orstudent status, or as a simple means of identification?

A. SensorB. AlarmC. Motion detectorD. Badge



QUESTION 200You are responsible for a Microsoft based network. Your servers are all clustered. Which of the followingare the likely reasons for the clustering? Each correct answer represents a complete solution. Choose two.

A. Reduce power consumptionB. Ease of maintenanceC. FailoverD. Load balancing



QUESTION 201Which of the following is the most secure method of authentication?

A. Smart cardB. AnonymousC. Username and passwordD. Biometrics



QUESTION 202Which of the following are the phases of the Certification and Accreditation (C&A) process? Each correctanswer represents a complete solution. Choose two.

A. DetectionB. Continuous MonitoringC. InitiationD. Auditing



QUESTION 203Which of the following cryptographic algorithm uses public key and private key to encrypt or decrypt data ?

A. AsymmetricB. HashingC. NumericD. Symmetric



QUESTION 204Sonya, a user, reports that she works in an electrically unstable environment where brownouts are aregular occurrence. Which of the following will you tell her to use to protect her computer?

A. UPSB. MultimeterC. SMPSD. CMOS battery

Correct Answer: A



QUESTION 205An authentication method uses smart cards as well as usernames and passwords for authentication.Which of the following authentication methods is being referred to?

A. MutualB. AnonymousC. Multi-factorD. Biometrics



QUESTION 206You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in thenetwork of your company. You develop a signature based on the characteristics of the detected virus.Which of the following phases in the Incident handling process will utilize the signature to resolve thisincident?

A. EradicationB. IdentificationC. RecoveryD. Containment



QUESTION 207In which of the following access control models can a user not grant permissions to other users to see acopy of an object marked as secret that he has received, unless they have the appropriate permissions?

A. Discretionary Access Control (DAC)B. Role Based Access Control (RBAC)C. Mandatory Access Control (MAC)D. Access Control List (ACL)



QUESTION 208Which of the following protocols provides connectionless integrity and data origin authentication of IPpackets?

A. ESPB. AHC. IKED. ISAKMP



QUESTION 209The network you administer allows owners of objects to manage the access to those objects via accesscontrol lists. This is an example of what type of access control?

A. RBACB. MACC. CIAD. DAC



QUESTION 210Which of the following processes is used to identify relationships between mission critical applications,processes, and operations and all supporting elements?

A. Critical path analysisB. Functional analysisC. Risk analysisD. Business impact analysis


Explanation/Reference:Renewed.

QUESTION 211You are responsible for security at a hospital. Since many computers are accessed by multiple employees24 hours a day, 7 days a week, controlling physical access to computers is very difficult. This iscompounded by a high number of non employees moving through the building. You are concerned aboutunauthorized access to patient records. What would best solve this problem?

A. The use of CHAP.B. Time of day restrictions.C. The use of smart cards.D. Video surveillance of all computers.



QUESTION 212In which of the following cryptographic attacking techniques does the attacker pick up the information to beencrypted and take a copy of it with the encrypted data?

A. Chosen ciphertext attackB. Known plaintext attackC. Chosen plaintext attackD. Ciphertext only attack



QUESTION 213Which of the following are the goals of a public key infrastructure (PKI)? Each correct answer represents apart of the solution. Choose all that apply.

A. AuthenticityB. GlobalizationC. MobilityD. IntegrityE. Confidentiality

F:Nonrepudiation

Correct Answer: ADESection: Volume BExplanation

Explanation/Reference:Still Valid.

QUESTION 214Which of the following encryption modes has the property to allow many error correcting codes to functionnormally even when applied before encryption?

A. OFB modeB. CFB modeC. CBC modeD. PCBC mode



QUESTION 215In which of the following phases of the SDLC does the software and other components of the systemfaithfully incorporate the design specifications and provide proper documentation and training?

A. InitiationB. Programming and training

C. DesignD. Evaluation and acceptance



QUESTION 216Which of the following authentication methods support mutual authentication? Each correct answerrepresents a complete solution. Choose two.

A. MS-CHAP v2B. NTLMC. EAP-MD5D. EAP-TLS

Correct Answer: DASection: Volume BExplanation


QUESTION 217Which of the following keys is derived from a preshared key and Extensible Authentication Protocol (EAP)?

A. Pairwise Transient KeyB. Group Temporal KeyC. Private KeyD. Pairwise Master Key



QUESTION 218Which of the following schemes is used by the Kerberos authentication?

A. Public key cryptographyB. One time passwordC. Private key cryptographyD. OPIE



QUESTION 219You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centersfor the district they will need to be able to work from an alternate location.However, budget is an issue. Which of the following is most appropriate for this client?

A. Warm siteB. Cold siteC. Off siteD. Hot site



QUESTION 220Which of the following are the centralized administration technologies? Each correct answer represents acomplete solution. Choose all that apply.

A. RADIUSB. TACACS+C. Media Access controlD. Peer-to-Peer


Explanation/Reference:Still Reliable.

QUESTION 221You are implementing some security services in an organization, such as smart cards, biometrics, accesscontrol lists, firewalls, intrusion detection systems, and clipping levels. Which of the following categories ofimplementation of the access control includes all these security services?

A. Administrative access controlB. Logical access controlC. Physical access controlD. Preventive access control



QUESTION 222You are the Network Administrator for a large corporate network. You want to monitor all network traffic onyour local network for suspicious activities and receive a notification when a possible attack is in process.Which of the following actions will you take for this?

A. Install a network-based IDSB. Install a host-based IDSC. Install a DMZ firewallD. Enable verbose logging on the firewall



QUESTION 223You work as a Network Administrator for McRoberts Inc. You are expanding your company's network. Afteryou have implemented the network, you test the connectivity to a remote host by using the PINGcommand. You get the ICMP echo reply message from the remote host. Which of the following layers ofthe OSI model are tested through this process? Each correct answer represents a complete solution.Choose all that apply.

A. Layer 3B. Layer 2C. Layer 4D. Layer 1

Correct Answer: DBASection: Volume BExplanation


QUESTION 224In which of the following Person-to-Person social engineering attacks does an attacker pretend to be anoutside contractor, delivery person, etc., in order to gain physical access to the organization?

A. In person attackB. Third-party authorization attackC. Impersonation attackD. Important user posing attack



QUESTION 225You work as a Chief Security Officer for Tech Perfect Inc. The company has an internal room without anywindow and is totally in darkness. For security reasons, you want to place a device in the room. Which ofthe following devices is best for that room?

A. Photoelectric motion detectorB. BadgeC. Closed-circuit televisionD. Alarm



QUESTION 226Which of the following encryption methods does the SSL protocol use in order to provide communicationprivacy, authentication, and message integrity? Each correct answer represents a part of the solution.Choose two.

A. Public keyB. IPsecC. MS-CHAPD. Symmetric

Correct Answer: ADSection: Volume AExplanation


QUESTION 227John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from thecompany for personal reasons. He wants to send out some secret information of the company. To do so,he takes an image file and simply uses a tool image hide and embeds the secret file within an image file ofthe famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file tosend the data, the mail server of his company is unable to filter this mail. Which of the following techniquesis he performing to accomplish his task?

A. Email spoofingB. Social engineeringC. Web rippingD. Steganography



QUESTION 228Which of the following intrusion detection systems (IDS) monitors network traffic and compares it againstan established baseline?

A. Network-basedB. Anomaly-basedC. File-basedD. Signature-based



QUESTION 229Which of the following are the initial steps required to perform a risk analysis process? Each correctanswer represents a part of the solution. Choose three.

A. Estimate the potential losses to assets by determining their value.B. Establish the threats likelihood and regularity.C. Valuations of the critical assets in hard costs.D. Evaluate potential threats to the assets.

Correct Answer: ABD

Section: Volume AExplanation


QUESTION 230Which of the following protocols uses the Internet key Exchange (IKE) protocol to set up securityassociations (SA)?

A. IPSecB. L2TPC. LEAPD. ISAKMP



QUESTION 231Sam is creating an e-commerce site. He wants a simple security solution that does not require eachcustomer to have an individual key. Which of the following encryption methods will he use?

A. Asymmetric encryptionB. Symmetric encryptionC. S/MIMED. PGP



QUESTION 232You want to implement a network topology that provides the best balance for regional topologies in termsof the number of virtual circuits, redundancy, and performance while establishing a WAN network. Which ofthe following network topologies will you use to accomplish the task?

A. Bus topologyB. Fully meshed topologyC. Star topologyD. Partially meshed topology



QUESTION 233Which of the following protocols is an alternative to certificate revocation lists (CRL) and allows theauthenticity of a certificate to be immediately verified?

A. RSTP

B. SKIPC. OCSPD. HTTP



QUESTION 234Which of the following does PEAP use to authenticate the user inside an encrypted tunnel? Each correctanswer represents a complete solution. Choose two.

A. GTCB. MS-CHAP v2C. AESD. RC4

Correct Answer: BASection: Volume AExplanation


QUESTION 235Which of the following terms refers to a mechanism which proves that the sender really sent a particularmessage?

A. IntegrityB. ConfidentialityC. AuthenticationD. Non-repudiation



QUESTION 236Adam works as a Security Analyst for Umbrella Inc. CEO of the company ordered him to implement two-factor authentication for the employees to access their networks. He has told him that he would like to usesome type of hardware device in tandem with a security or identifying pin number. Adam decides toimplement smart cards but they are not cost effective. Which of the following types of hardware devices willAdam use to implement two- factor authentication?

A. Biometric deviceB. One Time PasswordC. Proximity cardsD. Security token



QUESTION 237Maria works as a Network Security Officer for Gentech Inc. She wants to encrypt her network traffic. Thespecific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which ofthe following techniques will she use to fulfill this requirement?

A. IDEAB. PGPC. DESD. AES




Documents

- GRATIS EXAM · PDF fileTime Limit : 120 min File Version : ... Guaranteed 100 percent Success at this VCE with Real Questions and their Verified Answers. ... A. Risk analysis