JK0 015

http://www.TwPass.com

JK0-015

CompTIA

CompTIA E2C Security+ (2008 Edition) Exam

http://www.twpass.com/twpass.com/exam.aspx?eCode= JK0-015

The JK0-015 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The JK0-015 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently.

The JK0-015 exam is very challenging, but with our JK0-015 questions and answers practice exam, you can feel confident in obtaining your success on the JK0-015 exam on your FIRST TRY!

CompTIA JK0-015 Exam Features

- Detailed questions and answers for JK0-015 exam

- Try a demo before buying any CompTIA exam

- JK0-015 questions and answers, updated regularly

- Verified JK0-015 answers by Experts and bear almost 100% accuracy

- JK0-015 tested and verified before publishing

- JK0-015 exam questions with exhibits

- JK0-015 same questions as real exam with multiple choice options

Acquiring CompTIA certifications are becoming a huge task in the field of I.T. More over these exams like JK0-015 exam are now continuously updating and accepting this challenge is itself a task.

This JK0-015 test is an important part of CompTIA certifications. We have the resources to prepare you for this. The JK0-015 exam is essential and core part of CompTIA certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take advantage of the Real JK0-015 Test and save time and money while developing your skills to pass

your CompTIA JK0-015 Exam? Let us help you climb that ladder of success and pass your JK0-015 now!

JK0-015

QUESTION:

1

Which of the following logical access control methods would a security administrator need to modify in order to control network traffic passing through a router to a different network?

A. Configuring VLAN 1

B. ACL

C. Logical tokens

D. Role-based access control changes

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

2

Which of the following tools limits external access to the network?

A. IDS

B. VLAN

C. Firewall

D. DMZ

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=2

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

3

Which of the following tools was created for the primary purpose of reporting the services that are open for connection on a networked workstation?

A. Protocol analyzer

B. Port scanner

C. Password crackers

D. Vulnerability scanner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=3

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

4

Which of the following is MOST likely to be an issue when turning on all auditing functions within a system?

A. Flooding the network with all of the log information

B. Lack of support for standardized log review tools

C. Too much information to review

D. Too many available log aggregation tools

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=4

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

5

Upon opening the browser, a guest user is redirected to the company portal and asked to agree to the acceptable use policy. Which of the following is MOST likely causing this to appear?

A. NAT

B. NAC

C. VLAN

D. DMZ

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=5

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

6

USB devices with a virus delivery mechanism are an example of which of the following security threats?

A. Adware

B. Trojan

C. Botnets

D. Logic bombs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=6

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

7

Cell phones with network access and the ability to store data files are susceptible to which of the following risks?

A. Input validation errors

B. SMTP open relays

C. Viruses

D. Logic bombs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=7

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

8

When establishing a connection between two IP based routers, which of the following protocols is the MOST secure?

A. TFTP

B. HTTPS

C. FTP

D. SSH

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=8

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

9

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

A. MD5

B. SHA-1

C. LANMAN

D. NTLM

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=9

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

10

Which of the following access control technologies provides a rolling password for one-time use?

A. RSA tokens

B. ACL

C. Multifactor authentication

D. PIV card

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=10

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

11

Which of the following technologies is used to verify that a file was not altered?

A. RC5

B. AES

C. DES

D. MD5

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=11

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

12

Which of the following uses an RC4 key that can be discovered by eavesdropping on plain text initialization vectors?

A. WEP

B. TKIP

C. SSH

D. WPA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=12

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

13

An administrator wants to crack passwords on a server with an account lockout policy. Which of the following would allow this without locking accounts?

A. Try guessing passwords slow enough to reset the bad count interval.

B. Try guessing passwords with brute force.

C. Copy the password file offline and perform the attack on it.

D. Try only real dictionary words.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=13

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

14

A user reports that each time they attempt to go to a legitimate website, they are sent to an inappropriate website. The security administrator suspects the user may have malware on the computer, which manipulated some of the user s files. Which of the following files on the user s system would need to be checked for unauthorized changes?

A. SAM

B. LMhosts

C. Services

D. Hosts

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=14

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

15

An administrator needs to limit and monitor the access users have to the Internet and protect the internal network. Which of the following would MOST likely be implemented?

A. A heuristic firewall

B. DNS caching on the client machines

C. A pushed update modifying users local host file

D. A content-filtering proxy server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=15

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

16

Which of the following is a malicious program used to capture information from an infected computer?

A. Trojan

B. Botnet

C. Worm

D. Virus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=16

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

17

The security administrator needs to make a change in the network to accommodate a new remote location. The new location will be connected by a serial interface, off the main router, through a commercial circuit. This remote site will also have traffic completely separated from all other traffic. Which of the following design elements will need to be implemented to accommodate the new location?

A. VLANs need to be added on the switch but not the router.

B. The NAT needs to be re-configured to allow the remote location.

C. The current IP scheme needs to be subnetted.

D. The switch needs to be virtualized and a new DMZ needs to be created

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=17

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

18

Which of the following is the MOST secure authentication method?

A. Smartcard

B. Iris

C. Password

D. Fingerprints

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=18

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

19

Mitigating security risks by updating and applying hot fixes is part of:

A. patch management.

B. vulnerability scanning.

C. baseline reporting.

D. penetration testing.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=19

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

20

When reviewing IDS logs, the security administrator notices many events pertaining to a

"NOOP sled". Which of the following attacks is occurring?

A. Man-in-the-middle

B. SQL injection

C. Buffer overflow

D. Session hijacking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=20

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

21

Which of the following is the MAIN difference between a hotfix and a patch?

A. Hotfixes follow a predetermined release schedule while patches do not.

B. Hotfixes are smaller than patches.

C. Hotfixes may be released at anytime and will later be included in a patch.

D. Patches can only be applied after obtaining proper approval, while hotfixes do not need management approval

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=21

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

22

A vulnerability assessment was conducted against a network. One of the findings indicated an out- dated version of software. This is an example of weak:

A. security policies.

B. patch management.

C. acceptable use policies.

D. configuration baselines.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=22

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

23

Which of the following tools can execute a ping sweep?

A. Protocol analyzer

B. Anti-virus scanner

C. Network mapper

D. Password cracker

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=23

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

24

Which of the following is a newer version of SSL?

A. SSH

B. IPSec

C. TLS

D. L2TP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=24

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

25

A technician visits a customer site which prohibits portable data storage devices. Which of the following items would be prohibited? (Select TWO).

A. USB Memory key

B. Bluetooth-enabled cellular phones

C. Wireless network detectors

D. Key card

E. Items containing RFID chips

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=25

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

26

Which of the following is used when performing a qualitative risk analysis?

A. Exploit probability

B. Judgment

C. Threat frequency

D. Asset value

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=26

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

27

A certificate has been revoked, and the administrator has issued new keys. Which of the following must now be performed to exchange encrypted email?

A. Exchange private keys with each other

B. Recover old private keys

C. Recover old public keys

D. Exchange public keys with each other

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=27

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

28

Exploitation of security vulnerabilities is used during assessments when which of the following is true?

A. Security testers have clear and written authorization to conduct vulnerability scans.

B. Security testers are trying to document vulnerabilities without impacting network operations.

C. Network users have permissions allowing access to network devices with security weaknesses.

D. Security testers have clear and written authorization to conduct penetration testing.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=28

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

29

Which of the following should a technician deploy to detect malicious changes to the system and configuration?

A. Pop-up blocker

B. File integrity checker

C. Anti-spyware

D. Firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=29

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

30

In order to prevent data loss in case of a disk error which of the following options would an administrator MOST likely deploy?

A. Redundant connections

B. RAID

C. Disk striping

D. Redundant power supplies

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=30

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

31

A technician has installed security software; shortly thereafter the response time slows considerably. Which of the following can be used to determine the effect of the new software?

A. Event logs

B. System monitor

C. Performance monitor

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=31

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

32

After installing database software the administrator must manually change the default administrative password, remove a default database, and adjust permissions on specific files.

These actions are BEST described as:

A. vulnerability assessment.

B. mandatory access control.

C. application hardening.

D. least privilege

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=32

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

33

Which of the following is the BEST mitigation method to implement when protecting against a discovered OS exploit?

A. NIDS

B. Patch

C. Antivirus update

D. HIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=33

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

34

Which of the following is the primary concern of governments in terms of data security?

A. Integrity

B. Availability

C. Cost

D. Confidentiality

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=34

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

35

Which of the following is BEST used to change common settings for a large number of deployed computers?

A. Group policies

B. Hotfixes

C. Configuration baselines

D. Security templates

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=35

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

36

Which of the following solutions would a company be MOST likely to choose if they wanted to conserve rack space in the data center and also be able to manage various resources on the servers?

A. Install a manageable, centralized power and cooling system

B. Server virtualization

C. Different virtual machines on a local workstation

D. Centralize all blade servers and chassis within one or two racks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=36

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

37

A rogue wireless network is showing up in the IT department. The network appears to be coming from a printer that was installed. Which of the following should have taken place, prior to this printer being installed, to prevent this issue?

A. Installation of Internet content filters to implement domain name kiting.

B. Penetration test of the network to determine any further rogue wireless networks in the area.

C. Conduct a security review of the new hardware to determine any possible security risks.

D. Implement a RADIUS server to authenticate all users to the wireless network.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=37

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

38

Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?

A. Eavesdropping

B. Process hiding

C. Self-replication

D. Popup displays

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=38

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

39

Which of the following is used to generate keys in PKI?

A. AES

B. RSA

C. DES

D. 3DES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=39

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

40

Which of the following methods is a best practice for granting access to resources?

A. Add ACLs to computers; add computers to groups.

B. Add ACLs to users; add users to groups.

C. Add users to ACLs; add computers to groups.

D. Add groups to ACLs; add users and computers to groups.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=40

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

41

Which of the following may cause a user, connected to a NAC-enabled network, to not be prompted for credentials?

A. The user s PC is missing the authentication agent.

B. The user s PC is not fully patched.

C. The user s PC is not at the latest service pack.

D. The user s PC has out-of-date antivirus software.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=41

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

42

When used to encrypt transmissions, which of the following is the MOST resistant to brute force attacks?

A. SHA

B. MD5

C. 3DES

D. AES256

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=42

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

43

Which of the following BEST describes how the private key is handled when connecting to a secure web server?

A. The key is not shared and remains on the server

B. Anyone who connects receives the key

C. Only users from configured IP addresses received the key

D. All authenticated users receive the key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=43

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

44

A user visits their normal banking website. The URL is correct and the website is displayed in the browser, but the user gets an SSL warning that the SSL certificate is invalid as it is signed by an unknown authority. Which of the following has occurred?

A. Domain name kiting

B. Privilege escalation

C. Replay attack

D. Man-in-the-middle attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=44

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

45

A technician reviews the system log entries for an internal DNS server. Which of the following entries MOST warrants further investigation?

A. DNS query from a source outside the organization

B. DNS query from a source inside the organization

C. Zone transfer to a source inside the organization

D. Zone transfer to a source outside the organization

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=45

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

46

Monitoring a computer s logs and critical files is part of the functionality of a

A. NIPS.

B. HIDS.

C. firewall.

D. honeypot.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=46

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

47

Which of the following can be implemented as an OS hardening practice to mitigate risk?

A. Domain name kiting

B. Removable storage

C. Input validation

D. Security templates

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=47

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

48

Continuously documenting state and location of hardware from collection to disposition during a forensic investigation is known as:

A. risk mitigation.

B. data handling.

C. chain of custody.

D. incident response.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=48

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

49

Which of the following is an example of two factor authentication?

A. PIN and password

B. Smartcard and token

C. Smartcard and PIN

D. Fingerprint and retina scan

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=49

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

50

Which of the following uses a three-way-handshake for authentication and is commonly used

in PPP connections?

A. MD5

B. CHAP

C. Kerberos

D. SLIP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=50

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

51

A security analyst has been notified that one of the web servers has stopped responding to web traffic. The network engineer also reports very high bandwidth utilization to and from the

Internet. Which of the following logs is MOST likely to be helpful in finding the cause and source of the problem?

A. Access log

B. Event log

C. System log

D. Firewall log

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=51

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

52

Which of the following ports would need to be open to allow TFTP by default?

A. 69

B. 110

C. 137

D. 339

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=52

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

53

Which of the following transmission types would an attacker most likely use to try to capture data packets?

A. Shielded twisted pair

B. Fiberoptic

C. Bluesnarfing

D. Wireless

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=53

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

54

Which of the following describes a port that is left open in order to facilitate access at a later date?

A. Honeypot

B. Proxy server

C. Open relay

D. Backdoor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=54

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

55

Which of the following is often bundled with freely downloaded software?

A. Cookies

B. Logic bomb

C. Adware

D. Spam

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=55

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

56

Which of the following security types would require the use of certificates to verify a user s identity?

A. Forensics

B. CRL

C. PKI

D. Kerberos

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=56

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

57

Which of the following can increase risk? (Select TWO]

A. Vulnerability

B. Mantrap

C. Configuration baselines

D. Threat source

E. Mandatory vacations

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=57

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

58

An administrator believes a user is secretly transferring company information over the Internet.

The network logs do not show any non-standard traffic going through the firewall. Which of the following tools would allow the administrator to better evaluate the contents of the network traffic?

A. Vulnerability scanner

B. Network anomaly detection

C. Protocol analyzer

D. Proxy server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=58

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

59

Which of the following monitoring technology types is MOST dependent on receiving regular updates?

A. Signature-based

B. Kerberos-based

C. Behavior-based

D. Anomaly-based

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=59

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

60

A company has just recovered from a major disaster. Which of the following should signify the completion of a disaster recovery?

A. Verify all servers are back online and working properly.

B. Update the disaster recovery plan based on lessons learned.

C. Conduct post disaster recovery testing.

D. Verify all network nodes are back online and working properly.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=60

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

61

Which of the following is a public key cryptosystem?

A. RSA

B. SHA-1

C. 3DES

D. MD5

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=61

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

62

A user tries to plug their laptop into the company s network and receives a warning that their patches and virus definitions are out-of-date. This is an example of which of the following mitigation techniques?

A. NAT

B. Honeypot

C. NAC

D. Subnetting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=62

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

63

A file has been compromised with corrupt data and might have additional information embedded within it. Which of the following actions should a security administrator follow in order to ensure data integrity of the file on that host?

A. Disable the wireless network and copy the data to the next available USB drive to protect the data

B. Perform proper forensics on the file with documentation along the way.

C. Begin chain of custody for the document and disallow access.

D. Run vulnerability scanners and print all reports of all diagnostic results.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=63

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

64

Every company workstation contains the same software prior to being assigned to workers.

Which of the following software options would give remote users the needed protection from outside attackers when they are outside of the company s internal network?

A. HIDS

B. Vulnerability scanner

C. Personal firewall

D. NIPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=64

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

65

To ensure users are logging into their systems using a least privilege method, which of the following should be done?

A. Create a user account without administrator privileges.

B. Employ a BIOS password that differs from the domain password.

C. Enforce a group policy with the least amount of account restrictions.

D. Allow users to determine their needs and access to resources.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=65

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

66

A recent security audit shows an organization has been infiltrated with a former administrator s credentials. Which of the following would be the BEST way to mitigate the risk of this vulnerability?

A. Conduct periodic audits of disaster recovery policies.

B. Conduct periodic audits of password policies.

C. Conduct periodic audits of user access and rights.

D. Conduct periodic audits of storage and retention policies.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=66

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

67

A security administrator is analyzing the packet capture from an IDS triggered filter. The packet capture shows the following string:

<scrip>source=http://www.evilsite.jp/evil.js</script> Which of the following attacks is occurring?

A. SQL injection

B. Redirection attack

C. Cross-site scripting

D. XLM injection

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=67

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

68

A user wants to edit a file that they currently have read-only rights to; however, they are unable to provide a business justification, so the request is denied. This is the principle of:

A. separation of duties.

B. job-based access control

C. least privilege.

D. remote access policy.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=68

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

69

Which of the following concepts addresses the threat of data being modified without authorization?

A. Integrity

B. Key management

C. Availability

D. Non-repudiation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=69

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

70

An attacker sends packets to a host in hopes of altering the host s MAC table. Which of the following is the attacker attempting to do?

A. Port scan

B. Privilege escalation

C. DNS spoofing

D. ARP poisoning

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=70

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

71

Which of the following is a best practice for organizing users when implementing a least privilege model?

A. By function

B. By department

C. By geographic location

D. By management level

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=71

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

72

Which of the following describes how long email messages are available in case of a subpoena?

A. Backup procedures

B. Retention policy

C. Backup policy

D. Email server configuration

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=72

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

73

Management would like to know if anyone is attempting to access files on the company file server. Which of the following could be deployed to BEST provide this information?

A. Software firewall

B. Hardware firewall

C. HIDS

D. NIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=73

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

74

Which of the following is the correct risk assessment equation?

A. Risk = exploit x number of systems x cost of asset

B. Risk = infections x number of days infected x cost of asset

C. Risk = threat x vulnerability x cost of asset

D. Risk = vulnerability x days unpatched x cost of asset

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=74

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

75

Which of the following is of the GREATEST concern in regard to a rogue access point?

A. Rogue access points are hard to find and remove from the network.

B. Rogue access points can scan the company s wireless networks and find other unencrypted and rouge access points

C. The radio signal of the rogue access point interferes with company approved access points.

D. Rogue access points can allow unauthorized users access the company s internal networks.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=75

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

76

The process of validating a user s claimed identity is called

A. identification.

B. authorization.

C. validation.

D. repudiation.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=76

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

77

Which of the following is a benefit of utilizing virtualization technology?

A. Lowered cost of the host machine

B. Less overhead cost of software licensing

C. Streamline systems to a single OS

D. Fewer systems to monitor physical access

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=77

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

78

The security administrator wants to increase the cipher strength of the company s internal root certificate. Which of the following would the security administer use to sign a stronger root certificate?

A. Certificate authority

B. Registration authority

C. Key escrow

D. Trusted platform module

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=78

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

79

Which of the following describes a semi-operational site that in the event of a disaster, IT operations can be migrated?

A. Hot site

B. Warm site

C. Mobile site

D. Cold site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=79

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

80

Which of the following devices hooks into a LAN and captures traffic?

A. Protocol analyzer

B. Protocol filter

C. Penetration testing tool

D. Vulnerability assessment tool

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=80

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

81

When assessing a network containing resources that require near 100% availability, which of the following techniques should be employed to assess overall security?

A. Penetration testing

B. Vulnerability scanning

C. User interviews

D. Documentation reviews

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=81

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

82

Which of the following would MOST likely contain a <SCRIPT> tag?

A. Cookies

B. XSS

C. DOS

D. Buffer overflow

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=82

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

83

Which of the following is a reason why wireless access points should not be placed near a building s perimeter?

A. Rouge access points

B. Vampire taps

C. Port scanning

D. War driving

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=83

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

84

A new enterprise solution is currently being evaluated due to its potential to increase the company s profit margins. The security administrator has been asked to review its security implications. While evaluating the product, various vulnerability scans were performed. It was determined that the product is not a threat but has the potential to introduce additional vulnerabilities. Which of the following assessment types should the security administrator also take into consideration while evaluating this product?

A. Threat assessment

B. Vulnerability assessment

C. Code assessment

D. Risk assessment

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=84

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

85

Which of the following tools BEST identifies the method an attacker used after they have entered into a network?

A. Input validation

B. NIDS

C. Port scanner

D. HIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=85

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

86

Which of the following is a major risk associated with cloud computing?

A. Loss of physical control over data

B. Increased complexity of qualitative risk assessments

C. Smaller attack surface

D. Data labeling challenges

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=86

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

87

Which of the following is MOST likely the reason why a security administrator would run a

Nessus report on an important server?

A. To analyze packets and frames

B. To report on the performance of the system

C. To scan for vulnerabilities

D. To enumerate and crack weak system passwords

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=87

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

88

Which of the following BEST describes how the mandatory access control (MAC) method works?

A. It is an access policy based on a set of rules.

B. It is an access policy based on the role that the user has in an organization.

C. It is an access policy based on biometric technologies.

D. It is an access policy that restricts access to objects based on security clearance.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=88

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

89

Using a smartcard and a physical token is considered how many factors of authentication?

A. One

B. Two

C. Three

D. Four

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=89

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

90

Which of the following protocols is considered more secure than SSL?

A. TLS

B. WEP

C. HTTP

D. Telnet

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=90

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

91

A NIDS monitoring traffic on the public-side of a firewall provides which of the following?

A. Faster alerting to internal compromises

B. Intelligence about external threats

C. Protection of the external firewall interface

D. Prevention of malicious traffic

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=91

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

92

Which of the following is an important part of disaster recovery training?

A. Schemes

B. Storage locations

C. Chain of custody

D. Table top exercises

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=92

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

93

Which of the following would a network administrator implement to control traffic being routed between networks or network segments in an effort to preserve data confidentiality?

A. NAT

B. Group policies

C. Password policies

D. ACLs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=93

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

94

The security administrator wants each user to individually decrypt a message but allow anybody to encrypt it. Which of the following MUST be implemented to allow this type of authorization?

A. Use of digital certificates

B. Use of public keys only

C. Use of private keys only

D. Use of public and private keys

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=94

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

95

A security administrator is analyzing the packet capture from an IDS triggered filter. The packet capture shows the following string: a or1 ==1-- Which of the following attacks is occurring?

A. Cross-site scripting

B. XML injection

C. Buffer overflow

D. SQL injection

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=95

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

96

Which of the following has been implemented if several unsuccessful login attempts were made in a short period of time denying access to the user account, and after two hours the account becomes active?

A. Account lockout

B. Password expiration

C. Password disablement

D. Screen lock

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=96

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

97

Which of the following BEST describes an intrusion prevention system?

A. A system that stops an attack in progress.

B. A system that allows an attack to be identified.

C. A system that logs the attack for later analysis.

D. A system that serves as a honeypot.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=97

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

98

In the event of a disaster, in which the main datacenter is immediately shutdown, which of the following would a company MOST likely use with a minimum Recovery Time Objective?

A. Fault tolerance

B. Hot site

C. Cold site

D. Tape backup restoration

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=98

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

99

Which of the following methods involves placing plain text data within a picture or document?

A. Steganography

B. Digital signature

C. Transport encryption

D. Stream cipher

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=99

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

100

Which of the following is a detective security control?

A. CCTV

B. Firewall

C. Design reviews

D. Bollards

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=100

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

101

Which of the following can cause hardware based drive encryption to see slower deployment?

A. A lack of management software

B. USB removable drive encryption

C. Role/rule-based access control

D. Multifactor authentication with smart cards

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=101

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

102

Which of the following is a reason to implement Kerberos over local system authentication?

A. Authentication to multiple devices

B. Centralized file integrity protection

C. Non-repudiation

D. Greater password complexity

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=102

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

103

Which of the following should a security administrator implement to ensure there are no security holes in the OS?

A. Encryption protocols

B. Firewall definitions

C. Patch management

D. Virus definitions

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=103

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

104

Which of the following cipher types is used by AES?

A. Block

B. Fourier

C. Stream

D. Turing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=104

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

105

Which of the following control systems is used to maintain proper environmental conditions in a datacenter?

A. HVAC

B. Bollards

C. CCTV

D. Mantrap

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=105

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

106

A penetration test shows that almost all database servers were able to be compromised through a default database user account with the default password. Which of the following is MOST likely missing from the operational procedures?

A. Application hardening

B. OS hardening

C. Application patch management

D. SQL injection

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=106

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

107

A user reports that their 802.11n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last month. Which of the following is

MOST likely causing the disconnections?

A. An attacker inside the company is performing a bluejacking attack on the user s laptop.

B. Another user s Bluetooth device is causing interference with the Bluetooth on the laptop.

C. The new access point was mis-configured and is interfering with another nearby access point.

D. The attacker that breached the nearby company is in the parking lot implementing a war driving attack.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=107

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

108

Which of the following facilitates computing for heavily utilized systems and networks?

A. Remote access

B. Provider cloud

C. VPN concentrator

D. Telephony

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=108

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

109

A security administrator finished taking a forensic image of a computer s memory. Which of the following should the administrator do to ensure image integrity?

A. Run the image through AES128.

B. Run the image through a symmetric encryption algorithm.

C. Compress the image to a password protected archive.

D. Run the image through SHA256.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=109

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

110

Which of the following is a reason to use TACACS+ over RADIUS?

A. Combines authentication and authorization

B. Encryption of all data between client and server

C. TACACS+ uses the UDP protocol

D. TACACS+ has less attribute-value pairs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=110

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

111

A customer has called a company to report that all of their computers are displaying a rival company s website when the user types the correct URL into the browser. All of the other websites the user visits work correctly and other customers are not having this issue. Which of the following has MOST likely occurred?

A. The website company has a misconfigured firewall.

B. The customer has a virus outbreak.

C. The customer s DNS has been poisoned.

D. The company s website has been attacked by the rival company

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=111

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

112

A targeted email attack sent to the company s Chief Executive Officer (CEO) is known as which of the following?

A. Whaling

B. Bluesnarfing

C. Vishing

D. Dumpster diving

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=112

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

113

Which of the following describes an attack technique by which an intruder gains physical access by following an authorized user into a facility before the door is closed?

A. Shoulder surfing

B. Tailgating

C. Escalation

D. Impersonation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=113

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

114

Which of the following should be reviewed periodically to ensure a server maintains the correct

security configuration?

A. NIDS configuration

B. Firewall logs

C. User rights

D. Incident management

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=114

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

115

Which of the following is true when a user browsing to an HTTPS site receives the message: a

Site name mismatch ?

A. The certificate CN is different from the site DNS A record.

B. The CA DNS name is different from the root certificate CN.

C. The certificate was issued by the intermediate CA and not by the root CA.

D. The certificate file name is different from the certificate CN.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=115

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

116

Which of the following will contain a list of unassigned public IP addresses?

A. TCP port

B. 802.1x

C. Loop protector

D. Firewall rule

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=116

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

117

DRPs should contain which of the following?

A. Hierarchical list of non-critical personnel

B. Hierarchical list of critical systems

C. Hierarchical access control lists

D. Identification of single points of failure

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=117

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

118

Which of the following access control methods provides the BEST protection against attackers

logging on as authorized users?

A. Require a PIV card

B. Utilize time of day restrictions

C. Implement implicit deny

D. Utilize separation of duties

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=118

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

119

Several PCs are running extremely slow all of a sudden. Users of the PCs report that they do a lot of web browsing and explain that a disgruntled employee from their department was recently fired. The security administrator observes that all of the PCs are attempting to open a large number of connections to the same destination. Which of the following is MOST likely the issue?

A. A logic bomb has been installed by the former employee

B. A man-in-the-middle attack is taking place.

C. The PCs have downloaded adware.

D. The PCs are being used in a botnet

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=119

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

120

Which of the following is the BEST way to secure data for the purpose of retention?

A. Off-site backup

B. RAID 5 on-site backup

C. On-site clustering

D. Virtualization

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=120

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

121

In the event of a disaster resulting in the loss of their data center, a company had determined that they will need to be able to be back online within an hour or two, with all systems being fully up to date. Which of the following would BEST meet their needs?

A. Off-site storage of backup tapes

B. A hot backup site

C. A cold backup site

D. A warm backup site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=121

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

122

Which of the following has a programmer MOST likely failed to consider if a user entering improper input is able to compromise the integrity of data?

A. SDLM

B. Error handling

C. Data formatting

D. Input validation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=122

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

123

Which of the following provides EMI protection?

A. STP

B. UTP

C. Grounding

D. Anti-static wrist straps

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=123

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

124

A user reports that a web browser stopped working after it was updated. Which of the following BEST describes a probable cause of failure?

A. The browser was previously compromised and corrupted during the update.

B. Anti-spyware is preventing the browser from accessing the network.

C. A faulty antivirus signature has identified the browser as malware.

D. A network based firewall is blocking the browser as it has been modified.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=124

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

125

Which of the following devices is MOST likely to be installed to prevent malicious attacks?

A. VPN concentrator

B. Firewall

C. NIDS

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=125

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

126

Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch?

A. ARP poisoning

B. MAC spoofing

C. pWWN spoofing

D. DNS poisoning

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=126

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

127

Which of the following protocols uses UDP port 69 by default?

A. Kerberos

B. TFTP

C. SSH

D. DNS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=127

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

128

Which of the following would a security administrator use to diagnose network issues?

A. Proxy

B. Host-based firewall

C. Protocol analyzer

D. Gateway

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=128

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

129

Which of the following should be implemented on a mobile phone to help prevent a conversation from being captured?

A. Device encryption

B. Voice encryption

C. GPS tracking

D. Sniffer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=129

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

130

A user wishes to encrypt only certain files and folders within a partition. Which of the following methods should a technician recommend?

A. EFS

B. Partition encryption

C. Full disk

D. BitLocker

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=130

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

131

Centrally authenticating multiple systems and applications against a federated user database is an example of:

A. smart card.

B. common access card.

C. single sign-on.

D. access control list.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=131

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

132

Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?

A. Eavesdropping

B. Process hiding

C. Self-replication

D. Popup displays

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=132

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

133

A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel?

A. RTP

B. SNMP

C. IPSec

D. 802.1X

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=133

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

134

Which of the following uses tickets to identify users to the network?

A. RADIUS

B. LDAP

C. TACACS+

D. Kerberos

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=134

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

135

Which of the following forensic artifacts is MOST volatile?

A. CD-ROM

B. Filesystem

C. Random access memory

D. Network topology

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=135

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

136

A security administrator notices an unauthorized vehicle roaming the area on company grounds. The security administrator verifies that all network connectivity is up and running and that no unauthorized wireless devices are being used to authenticate other devices; however, the administrator does notice an unusual spike in bandwidth usage. This is an example of which of the following attacks?

A. Rogue access point

B. Bluesnarfing

C. Evil twin

D. War driving

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=136

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

137

Which of the following is a best practice when securing a switch from physical access?

A. Disable unnecessary accounts

B. Print baseline configuration

C. Enable access lists

D. Disable unused ports

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=137

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

138

Risk can be managed in the following ways EXCEPT:

A. mitigation.

B. acceptance.

C. elimination.

D. transference.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=138

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

139

A security administrator needs to implement a wireless system that will only be available within a building. Which of the following configurations can the administrator modify to achieve this? (Select TWO).

A. Proper AP placement

B. Disable SSID broadcasting

C. Use CCMP

D. Enable MAC filtering

E. Reduce the power levels

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=139

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

140

Which of the following environmental variables reduces the potential for static discharges?

A. EMI

B. Temperature

C. UPS

D. Humidity

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=140

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

141

Which of the following is an example of implementing security using the least privilege principle?

A. Confidentiality

B. Availability

C. Integrity

D. Non-repudiation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=141

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

142

A user reports that the spreadsheet they use for the department will not open. The spreadsheet is located on a server that was recently patched. Which of the following logs would the technician review FIRST?

A. Access

B. Firewall

C. Antivirus

D. DNS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=142

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

143

Which of the following helps prevent a system from being fingerprinted?

A. Personal firewall

B. Complex passwords

C. Anti-spam software

D. OS patching

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=143

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

144

An attacker captures valid wireless traffic in hopes of transmitting it repeatedly to generate enough traffic to discover the encryption key. Which of the following is the attacker MOST likely using?

A. War driving

B. Replay attack

C. Bluejacking

D. DNS poisoning

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=144

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

145

Which of the following is an authentication method that uses symmetric key encryption and a key distribution center?

A. MS-CHAP

B. Kerberos

C. 802.1x

D. EAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=145

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

146

Which of the following is a preventative physical security measure?

A. Video surveillance

B. External lighting

C. Physical access log

D. Access control system

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=146

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

147

An employee keeps getting pop-ups from a program on their computer stating it blocked an attacking IP address. Which of the following security applications BEST explains this behavior?

A. Antivirus

B. Anti-spam

C. Personal firewall

D. Pop-up blocker

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=147

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

148

A Maintenance Manager requests that a new group be created for a new development project, concerning power distribution, in order to email and setup conference meetings to the whole project team. Which of the following group types would need to be created?

A. Default power users

B. Restricted group

C. Distribution

D. Security

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=148

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

149

Which of the following is an example of data obfuscation within a data stream?

A. Cryptography

B. Steganography

C. Hashing

D. Fuzzing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=149

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

150

Which of the following is a malicious program that infects a host computer and has the ability to replicate itself?

A. Spyware

B. Virus

C. Rootkit

D. Spam

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=150

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

151

Which of the following concepts is applied FIRST when a user logs into a domain?

A. Virealization

B. Non-repudiation

C. Authorization

D. Identification

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=151

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

152

Which of the following tools will allow a technician to detect devices and associated IP addresses on the network?

A. Network intrusion detection software

B. Network mapping software

C. Port scanner

D. Protocol analyzers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=152

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

153

An application programmer at a company conducts security assessments and reports findings to senior management. Which of the following principles does this scenario violate?

A. Separation of duties

B. Job rotation

C. Vulnerability assessment

D. Least privilege

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=153

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

154

Which of the following attacks involves sending unsolicited contact information to Bluetooth devices configured in discover mode?

A. Impersonation

B. Bluejacking

C. War driving

D. Bluesnarfing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=154

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

155

Which of the following has the capability to perform onboard cryptographic functions?

A. Smartcard

B. ACL

C. RFID badge

D. Proximity badge

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=155

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

156

Shielded communications media is MOST often used to prevent electrical emanations from being detected and crosstalk between which of the following?

A. Networks

B. Cables

C. VLANs

D. VPNs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=156

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

157

Which of the following measures ensures unauthorized users cannot access a WAP in a user s home?

A. Proper WAP placement

B. Turn off the computers when not in use

C. Set the SSID to hidden

D. Change the administrator password on the computer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=157

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

158

Which of the following BEST describes where L2TP is used?

A. VPN encryption

B. Authenticate users using CHAP

C. Default gateway encryption

D. Border gateway protocol encryption

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=158

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

159

The president of the company is trying to get to their bank s website, and the browser is displaying that the webpage is being blocked by the system administrator. Which of the following logs would the technician review?

A. DNS

B. Performance

C. System

D. Content filter

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=159

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

160

Which of the following should a technician run to find user accounts that can be easily

compromised?

A. NMAP

B. SNORT

C. John the Ripper

D. Nessus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=160

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

161

Which of the following defines the role of a root certificate authority (CA) in PKI?

A. The root CA is the recovery agent used to encrypt data when a user s certificate is lost.

B. The CA stores the user s hash value for safekeeping.

C. The CA is the trusted root that issues certificates.

D. The root CA is used to encrypt email messages to prevent unintended disclosure of data

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=161

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

162

Which of the following malicious programs compromises system security by exploiting system access through a virtual backdoor?

A. Virus

B. Trojan

C. Spam

D. Adware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=162

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

163

Which of the following BEST represents why a system administrator should download security patches from the manufacturer s website directly?

A. Maintain configuration baseline

B. Implement OS hardening

C. Ensure integrity of the patch

D. Ensure patches are up-to-date

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=163

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

164

While responding to a confirmed breach of the organization s web server, the security administrator determines the source of the attack was from a rival organization s IP address range. Which of the following should the security administer do with this information?

A. Notify the Help Desk

B. Notify ICANN

C. Notify management

D. Notify the rival organization s IT department

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=164

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

165

The BEST location for a spam filter is

A. on the local LAN.

B. on a proxy server.

C. behind the firewall.

D. in front of the mail relay server.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=165

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

166

Biometrics is an example of which of the following type of user authentication?

A. Something the user is

B. Something the user has

C. Something the user does

D. Something the user knows

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=166

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

167

Which of the following contains a database of users and passwords used for authentication?

A. CHAP

B. SAM

C. TPM

D. DNS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=167

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

168

Mandatory Access Control (MAC) allows:

A. access rights indicated by the role of the individual

B. access associated with the classification of data.

C. a system administrator to centralize policy.

D. rights to be assigned by the data owner.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=168

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

169

The accounting group, clinical group and operations group only have access to their own applications. The company often needs auditors to have access to all three groups applications with little notice. Which of the following would simplify the process of granting auditors permissions to all the applications?

A. Create an auditors group and merge the members of the accounting, clinical and operations groups.

B. Create an auditors group and add each user to the accounting, clinical and operations groups individually.

C. Create an auditors group and add each of the accounting, clinical and operations groups to the auditors group

D. Create an auditors group and add the group to each of the accounting, clinical and operations groups.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=169

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

170

Which of the following solutions would an administrator MOST likely perform in order to keep upto- date with various fixes on different applications?

A. Service pack installation

B. Patch management

C. Different security templates

D. Browser hotfixes

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=170

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

171

Attackers may be able to remotely destroy critical equipment in the datacenter by gaining control over which of the following systems?

A. Physical access control

B. Video surveillance

C. HVAC

D. Packet sniffer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=171

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

172

Which of the following situations applies to disaster recovery exercises?

A. Vulnerability scans should be performed after each exercise.

B. Separation of duties should be implemented after each exercise.

C. Passwords should be changed after each exercise.

D. Procedures should be updated after each exercise.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=172

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

173

The administrator needs to require all users to use complex passwords. Which of the following would be the BEST way to do this?

A. Set a local password policy on each workstation and server

B. Set a domain password policy

C. Set a group policy to force password changes

D. Post a memo detailing the requirement of the new password complexity requirements

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=173

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

174

Purchasing insurance on critical equipment is an example of which of the following types of risk mitigation techniques?

A. Risk avoidance

B. Risk transfer

C. Risk retention

D. Risk reduction

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=174

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

175

Which of the following would be used to eliminate the need for an administrator to manually

configure passwords on each network device in a large LAN?

A. RADIUS

B. OVAL

C. RAS

D. IPSec VPN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=175

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

176

A security administrator responds to a report of a web server that has been compromised. The security administrator observes the background has been changed to an image of an attacker group. Which of the following would be the FIRST step in the incident response process?

A. Run an antivirus scan

B. Disable the network connection

C. Power down the server

D. Print a copy of the background

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=176

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

177

After completing a forensic image of a hard drive, which of the following can be used to confirm data integrity?

A. Chain of custody

B. Image compression

C. AES256 encryption

D. SHA512 hash

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=177

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

178

A security administrator wants to prevent corporate users from being infected with viruses from flash based advertisements while using web browsers at work. Which of the following could be used to mitigate this threat?

A. Content filter

B. Firewall

C. IDS

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=178

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

179

Which of the following tools provides the MOST comprehensive view of the network s security?

A. Vulnerability assessment

B. Network anomaly detection

C. Penetration test

D. Network mapping program

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=179

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

180

Which of the following practices improves forensic analysis of logs?

A. Ensuring encryption is deployed to critical systems.

B. Ensuring SNMP is enabled on all systems.

C. Ensuring switches have a strong management password.

D. Ensuring the proper time is set on all systems.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=180

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

181

A user is concerned about threats regarding social engineering and has asked the IT department for advice. One suggestion offered might be to:

A. install a removable data backup device for portability ease.

B. verify the integrity of all data that is accessed across the network.

C. ensure that passwords are not named after relatives.

D. disallow all port 80 inbound connection attempts.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=181

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

182

When disposing of old or damaged computer systems, which of the following is the primary security concern?

A. Integrity of company HR information

B. Compliance with industry best practices

C. Confidentiality of proprietary information

D. Adherence to local legal regulations

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=182

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

183

Which of the following is performed during a security assessment?

A. Remediate the machines with incorrectly configured controls.

B. Quarantine the machines that have no controls in place.

C. Calculate the cost of bringing the controls back into compliance.

D. Determine the extent to which controls are implemented correctly

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=183

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

184

The root certificate for the CA for a branch in a city was generated by the CA in a city in another country. Which of the following BEST describes this trust model?

A. Chain of trust

B. Linear trust

C. Hierarchical trust

D. Web of trust

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=184

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

185

The security administrator needs to determine whether common words and phrases are being used as passwords on the company server. Which of the following attacks would MOST easily accomplish this task?

A. NTLM hashing

B. Dictionary

C. Brute force

D. Encyclopedia

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=185

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

186

Conducting periodic user rights audits can help an administrator identity:

A. new user accounts that have been created.

B. users who are concurrently logged in under different accounts.

C. unauthorized network services.

D. users who can view confidential information.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=186

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

187

Which of the following has a 128-bit message digest?

A. NTLM

B. MD5

C. SHA

D. 3DES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=187

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

188

Which of the following BEST describes a security benefit of a virtualization farm?

A. Increased anomaly detection

B. Stronger authentication

C. Stronger encryption

D. Increased availability

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=188

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

189

The company president wants to replace usernames and passwords with USB security tokens for company systems. Which of the following authentication models would be in use?

A. Two factor

B. Form factor

C. Physical factor

D. Single factor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=189

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

190

A security administrator wants to detect and prevent attacks at the network perimeter. Which of the following security devices should be installed to address this concern?

A. NIPS

B. IDS

C. HIPS

D. NDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=190

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

191

Which of the following presents the GREATEST security risk to confidentiality of proprietary corporate data when attackers have physical access to the datacenter?

A. Solid state drives

B. Cell phone cameras

C. USB drives

D. NAS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=191

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

192

Which of the following allows a systems administrator to regain lost keys within a PKI?

A. Recovery agent

B. One time pad

C. CRL

D. Asymmetric keys

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=192

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

193

A vulnerable service is required between two systems on a network. Which of the following should an administrator use to prevent an attack on that service from outside the network?

A. Proxy server

B. NIDS

C. Firewall

D. HIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=193

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

194

A technician needs to validate that a sent file has not been modified in any way. A co-worker recommends that a thumbprint be taken before the file is sent. Which of the following should be done?

A. Take an AES hash of the file and send the receiver both the hash and the original file in a signed and encrypted email.

B. Take a MD5 hash of the file and send the receiver both the hash and the original file in a signed and encrypted email.

C. Take a NTLM hash of the file and send the receiver both the hash and the original file in a signed and encrypted email.

D. Take a LANMAN hash of the file and send the receiver both the hash and the original file in a signed and encrypted email.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=194

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

195

A technician needs to setup a secure room to enable a private VTC system. Which of the following should be installed to prevent devices from listening to the VTC?

A. Shielding

B. HIDS

C. HVAC

D. MD5 hashing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=195

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

196

Which of the following is a primary effect of allowing P2P connections on a network?

A. Increased amount of spam

B. Input validation on web applications

C. Possible storage of illegal materials

D. Tracking cookies on the website

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=196

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

197

Which of the following services should be turned off on a printer to prevent malicious reconnaissance attempts?

A. FTP

B. Spooler

C. SNMP

D. IP printing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=197

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

198

Environmental monitoring includes which of the following? (Select TWO]

A. EMI shielding

B. Redundancy

C. Video monitoring

D. Humidity controls

E. Load balancing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=198

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

199

Which of the following is the security concept that describes a user who only has enough access to complete their work?

A. Least privilege

B. Single sign-on

C. Explicit allow

D. Implicit deny

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=199

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

200

A security administrator wants to ensure that only authorized personnel are able to gain entry into a secure area. There is currently no physical security other than a badge reader. Which of the following would MOST likely be installed to regulate right of entry?

A. Security alarms

B. Video surveillance

C. Access list

D. Proximity readers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=200

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

201

Which of the following can be a risk of consolidating servers onto a single virtual host?

A. Data emanation

B. Non-repudiation

C. Environmental control

D. Availability

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=201

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

202

Which of the following is a security best practice that allows a user to have one ID and password for all systems?

A. SSO

B. PIV

C. Trusted OS

D. Token

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=202

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

203

An administrator is explaining the conditions under which penetration testing is preferred over vulnerability testing. Which of the following statements correctly describes these advantages?

A. Identifies surface vulnerabilities and can be run on a regular basis

B. Proves that the system can be compromised

C. Safe for even inexperienced testers to conduct

D. Can be fairly fast depending on number of hosts

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=203

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

204

An employee is not able to receive email from a specific user at a different organization; however, they can receive emails from other users. Which of the following would the administrator MOST likely check to resolve the user s issue?

A. Browser pop-up settings

B. Spam folder settings

C. User local antivirus settings

D. The local firewall settings

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=204

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

205

Which of the following encryption schemes can be configured as the LEAST secure?

A. RC4

B. Twofish

C. 3DES

D. DES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=205

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

206

Which of the following security precautions needs to be implemented when securing a wireless network? (Select THREE)

A. Enable data encryption on all wireless transmissions using WPA2.

B. Enable the lowest power setting necessary to broadcast to the targeted range.

C. Enable the highest power setting possible to make sure the broadcast reaches the targeted range.

D. Enable data encryption on all wireless transmissions using WEP.

E. Authentication should take place using a pre-shared key (PSK) of no more than six characters.

F. Enable the ability to verify credentials on an authentication server.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=206

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

207

Which of the following is reversible when encrypting data?

A. A private key

B. A public key

C. A hashing algorithm

D. A symmetric key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=207

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

208

Which of the following can be exploited for session hijacking while accessing the Internet?

A. P2P

B. Browser history

C. Cookies

D. SQL

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=208

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

209

A large amount of continuous small transmissions are originating from multiple external hosts to the corporate web server, which is also inaccessible to users. Which of the following attacks is MOST likely the cause?

A. Spoofing

B. DNS poisoning

C. DDoS

D. DoS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=209

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

210

Which of the following asymmetric algorithms was designed to provide both encryption and digital signatures?

A. Diffie-Hellman

B. DSA

C. SHA

D. RSA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=210

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

211

Which of the following can cause data leakage from web based applications?

A. Device encryption

B. Poor error handling

C. Application hardening

D. XML

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=211

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

212

Which of the following describes a design element that requires unknown computers connecting to the corporate network to be automatically part of a specific VLAN until certain company requirements are met?

A. RAS

B. NAC

C. NAT

D. RADIUS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=212

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

213

The benefit of using software whole disk encryption is:

A. the data can be retrieved easier if the disk is damaged

B. the disk s MBR is encrypted as well.

C. unauthorized disk access is logged in a separate bit.

D. the entire file system is encrypted in case of theft.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=213

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

214

Which of the following organizational disaster recovery types would provide a building and network equipment but not current application data?

A. Warm site

B. Field site

C. Cold site

D. Hot site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=214

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

215

Which of the following best practices would a security administrator implement in order to prevent one user from having too many administrative rights?

A. Complex passwords

B. Least privilege

C. Job rotation

D. System accounts with minimal rights

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=215

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

216

An administrator is providing management with a mobile device that allows email access. The mobile device will be password protected in case of loss. Which of the following additional security measures should the administrator ensure is in place?

A. The mobile device should erase itself after a set number of invalid password attempts.

B. The password should be alpha-numeric only, due to keypad limitations.

C. The password should be common so that the mobile device can be re-assigned.

D. The mobile device should use and be equipped with removal storage for sensitive data retrieval.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=216

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

217

Which of the following BEST identifies the sensitivity of a document?

A. Metadata

B. Information classification

C. Risk transference

D. Access control list

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=217

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

218

Which of the following alternate site types is the MOST affordable after implementation?

A. Cold site

B. Off site

C. Hot site

D. Warm site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=218

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

219

Which of the following can use a trust system where public keys are stored in an online directory?

A. DES

B. AES

C. PGP

D. WEP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=219

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

220

Which of the following elements has the ability to hide a node s internal address from the public network?

A. NAT

B. NAC

C. NDS

D. VLAN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=220

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

221

An administrator would like to update a network machine with a number of vendor fixes concurrently. Which of the following would accomplish this with the LEAST amount of effort?

A. Install a service pack

B. Install a patch.

C. Install a hotfix.

D. Install a new version of the program

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=221

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

222

A port scan of a network identified port 25 open on an internal system. Which of the following types of traffic is this typically associated with?

A. Web traffic

B. File sharing traffic

C. Mail traffic

D. Network management traffic

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=222

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

223

If an end-user forgets the password that encrypts the content of a critical hard drive, which of the following would aid in recovery of the data?

A. Key escrow

B. Symmetric key

C. Certificate authority

D. Chain of custody

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=223

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

224

A technician needs to ensure that all major software revisions have been installed on a critical network machine. Which of the following must they install to complete this task?

A. HIDS

B. Hotfixes

C. Patches

D. Service packs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=224

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

225

A security administrator needs to determine if an assistant s workstation is sending out corporate information. Which of the following could be used to review the assistant s network traffic?

A. Systems monitoring

B. Performance monitoring

C. Performance baselining

D. Protocol analysis

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=225

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

226

An administrator has discovered that regular users are logging into a stand-alone computer and editing files they should have read-only access to. Which of the following should the administrator investigate FIRST?

A. Users installing worms under their own accounts to mine data.

B. Users escalating their privileges using an administrator account.

C. Users remotely connecting from their workstation with administrator privileges.

D. Users creating new accounts with full control to the files.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=226

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

227

Which of the following is a reason to perform a penetration test?

A. To passively test security controls within the enterprise

B. To provide training to white hat attackers

C. To identify all vulnerabilities and weaknesses within the enterprise

D. To determine the impact of a threat against the enterprise

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=227

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

228

A technician notices that unauthorized users are connecting to a wireless network from outside

of the building. Which of the following can BEST be implemented to mitigate this issue?

A. Change the SSID

B. The wireless router needs to be replaced

C. Install CAT6 network cables

D. The wireless output range can be reduced

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=228

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

229

The company s NIDS system is setup to match specifically configured traffic patterns. Which of the following BEST describes this configuration?

A. Anomaly-based

B. Behavior-based

C. OVAL-based

D. Role-based

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=229

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

230

Which of the following is commonly used to secure HTTP and SMTP traffic?

A. SHA

B. SFTP

C. TLS

D. SCP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=230

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

231

Company A recently purchased the much smaller Company B. The security administrator for

Company A reviews the servers of Company B and determines that all employees have access to all of the files on every server. Which of the following audits did the security administrator perform?

A. User access and rights

B. Group policy

C. Storage policy

D. System policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=231

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

232

An administrator is concerned that users are not utilizing strong passwords. Which of the following can be done to enforce user compliance?

A. Implement a strict domain level group policy.

B. Supply the users with suggested password guidelines.

C. Offer user training regarding proper policy.

D. Supply the users with a third-party application to hash their passwords.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=232

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

233

Hooking processes and erasing logs are traits of which of the following?

A. Spam

B. Rootkit

C. Buffer overflow

D. Cross-site scripting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=233

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

234

Which of the following are used by security companies to discover the latest Internet attacks?

A. Port scanner

B. Firewall

C. NIPS

D. Honeypot

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=234

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

235

Which of the following is true about PKI? (Select TWO).

A. When encrypting a message with the public key, only the public key can decrypt it.

B. When encrypting a message with the private key, only the private key can decrypt it

C. When encrypting a message with the public key, only the CA can decrypt it.

D. When encrypting a message with the public key, only the private key can decrypt it.

E. When encrypting a message with the private key, only the public key can decrypt it.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=235

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

236

An email server appears to be running with an increased load. Which of the following can be used to compare historical performance?

A. Performance baselines

B. Systems monitor

C. Protocol analyzer

D. Performance monitor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=236

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

237

Which of the following allows a security administrator to separate networks from each other?

A. Implicit deny

B. Subnetting

C. SaaS

D. laaS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=237

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

238

A user wants to send personally identifiable information to the security office via email, so they can perform a background check. Which of the following should be used to send the information to the security office?

A. Level of importance

B. Digital signature

C. Encryption

D. Signature line

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=238

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

239

Which of the following is used to prevent attacks against the OS on individual computers and servers?

A. NAT

B. HIDS

C. HIPS

D. NIPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=239

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

240

Which of the following is reversible when encrypting data?

A. A private key

B. A public key

C. A hashing algorithm

D. A symmetric key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=240

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

241

Which of the following is an example of a smart card?

A. PIV

B. MAC

C. One-time passwords

D. Tokens

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=241

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

242

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?

A. Recovery agent

B. Certificate authority

C. Trust model

D. Key escrow

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=242

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

243

Which of the following is seen as non-secure based on its ability to only store seven uppercase characters of data making it susceptible to brute force attacks?

A. PAP

B. NTLMv2

C. LANMAN

D. CHAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=243

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

244

A user reports that after a recent business trip, their laptop started having performance issues and unauthorized emails have been sent out from the laptop. Which of the following will resolve this issue?

A. Updating the user s laptop with current antivirus

B. Updating the anti-spam application on the laptop

C. Installing a new pop-up blocker

D. Updating the user s digital signature

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=244

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

245

Which of the following describes the direction a signal will emanate from if a Yagi antenna is placed parallel to the floor?

A. In a downward direction, perpendicular to the floor

B. Up and down, perpendicular to the floor

C. Side to side, parallel with the floor

D. Directly from the point of the antenna, parallel to the floor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=245

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

246

Which of the following is a trusted OS implementation used to prevent malicious or suspicious code from executing on Linux and UNIX platforms?

A. SELinux

B. vmlinuz

C. System File Checker (SFC)

D. Tripwire

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=246

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

247

Which of the following wireless attacks uses a counterfeit base station with the same SSID name as a nearby intended wireless network?

A. War driving

B. Evil twin

C. Rogue access point

D. War chalking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=247

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

248

Which of the following should be performed if a smartphone is lost to ensure no data can be retrieved from it?

A. Device encryption

B. Remote wipe

C. Screen lock

D. GPS tracking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=248

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

249

A user receives an unsolicited email to change their online banking password. After clicking on the link contained in the email the user enters their banking credentials and changes their password. Days later, when checking their account balance they notice multiple money transfers to other accounts. Which of the following BEST describes the type of attack?

A. Malicious insider

B. Phishing

C. Smurf attack

D. Replay

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=249

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

250

A company is testing their backup procedures and realizes that certain critical systems are unable to be restored properly with the latest tapes. Which of the following is the MOST likely cause?

A. The backups are differential

B. EMI is affecting backups

C. Backup contingency plan is out-of-date

D. The backups are incremental

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=250

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

251

Which of the following is a way to control system access by department function?

A. Role-Based Access Control

B. Rule-Based Access Control

C. Mandatory Access Control

D. Discretionary Access Control

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=251

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

252

Which of the following BEST describes the function of TPM?

A. High speed secure removable storage device

B. Third party certificate trust authority

C. Hardware chip that stores encryption keys

D. A trusted OS model

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=252

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

253

A new product is being evaluated by the security team. Which of the following would take financial and business impacts into consideration if this product was likely to be purchased for large scale use?

A. Risk assessment

B. Strength of security controls

C. Application vulnerability

D. Technical threat

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=253

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

254

A user reports that the spreadsheet they use for the department will not open. The spreadsheet is located on a server that was recently patched. Which of the following logs would the technician review FIRST?

A. Access

B. Firewall

C. Antivirus

D. DNS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=254

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

255

An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?

A. Virtual servers require OS hardening but not patching or antivirus.

B. Virtual servers have the same information security requirements as physical servers.

C. Virtual servers inherit information security controls from the hypervisor.

D. Virtual servers only require data security controls and do not require licenses.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=255

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

256

Which of the following access control methods requires significant background investigations?

A. Discretionary Access Control (DAC)

B. Rule-based Access Control (RBAC)

C. Role-based Access Control (RBAC)

D. Mandatory Access Control (MAC)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=256

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

257

Which of the following is capable of providing the HIGHEST encryption bit strength?

A. DES

B. 3DES

C. AES

D. WPA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=257

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

258

Which of the following risk mitigation strategies would ensure that the proper configurations are applied to a system?

A. Incident management

B. Application fuzzing

C. Change management

D. Tailgating

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=258

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

259

Which of the following is the way of actively testing security controls on a system?

A. White box testing

B. Port scanning

C. Penetration testing

D. Vulnerability scanning

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=259

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

260

A hard drive of a terminated employee has been encrypted with full disk encryption, and a technician is not able to decrypt the data. Which of the following ensures that, in the future, a technician will be able to decrypt this information?

A. Certificate authority

B. Key escrow

C. Public key

D. Passphrase

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=260

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

261

Employees are allowed access to webmail while on the company network. The employees use this ability to upload attachments and send email from their corporate accounts to their webmail. Which of the following would BEST mitigate this risk?

A. Clean Desk Policy

B. Acceptable Use Policy

C. Data Leak Prevention

D. Fuzzing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=261

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

262

When WPA is implemented using PSK, which of the following authentication types is used?

A. MD5

B. LEAP

C. SHA

D. TKIP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=262

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

263

Which of the following is another name for a malicious attacker?

A. Black hat

B. White hat

C. Penetration tester

D. Fuzzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=263

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

264

Which of the following logical controls does a flood guard protect against?

A. Spanning tree

B. Xmas attacks

C. Botnet attack

D. SYN attacks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=264

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

265

Which of the following allows a security administrator to divide a network into multiple zones?

(Select TWO]

A. PAT

B. EIGRP

C. VLAN

D. NAT

E. Subnetting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=265

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

266

Isolation mode on an AP provides which of the following functionality types?

A. Segmentation of each wireless user from other wireless users

B. Disallows all users from communicating directly with the AP

C. Hides the service set identifier

D. Makes the router invisible to other routers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=266

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

267

Which of the following assessments is directed towards exploiting successive vulnerabilities to bypass security controls?

A. Vulnerability scanning

B. Penetration testing

C. Port scanning

D. Physical lock testing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=267

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

268

Which of the following is MOST relevant to a buffer overflow attack?

A. Sequence numbers

B. Set flags

C. IV length

D. NOOP instructions

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=268

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

269

The benefit of using software whole disk encryption is:

A. the data can be retrieved easier if the disk is damaged

B. the disk s MBR is encrypted as well.

C. unauthorized disk access is logged in a separate bit.

D. the entire file system is encrypted in case of theft.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=269

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

270

The company Chief Information Officer (CIO) contacts the security administrator about an email asking for money in order to receive the key that would decrypt the source code that the attacker stole and encrypted. Which of the following malware types is this MOST likely to be?

A. Worm

B. Virus

C. Spyware

D. Ransomware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=270

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

271

Which of the following is an advantage of an employer providing smartphones to their employees instead of regular cellular phones?

A. Smartphones can be tied to multiple PCs for data transferring.

B. Smartphone calls have a second layer of encryption.

C. Smartphones can encrypt and password protect data.

D. Smartphones can be used to access open WAPs for coverage redundancy.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=271

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

272

Which of the following is specific to a buffer overflow attack?

A. Memory addressing

B. Directory traversal

C. Initial vector

D. Session cookies

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=272

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

273

A security administrator performs various audits of a specific system after an attack. Which of the following BEST describes this type of risk mitigation?

A. Change management

B. Incident management

C. User training

D. New policy implementation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=273

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

274

Which of the following is the BEST choice for encryption on a wireless network?

A. WPA2-PSK

B. AES

C. WPA

D. WEP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=274

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

275

Which of the following protocols assists in identifying a user, by the generation of a key, to establish a secure session for command line administration of a computer?

A. SFTP

B. FTP

C. SSH

D. DNS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=275

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

276

In which of the following locations can password complexity be enforced via group policy?

A. Domain controllers

B. Local SAM databases

C. ACLs

D. NAC servers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=276

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

277

Security related training should be used to teach the importance of which of the following behaviors?

A. Routine audits

B. Data mining

C. Data handling

D. Cross-site scripting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=277

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

278

A company has remote workers with laptops that house sensitive data. Which of the following

can be implemented to recover the laptops if they are lost?

A. GPS tracking

B. Whole disk encryption

C. Remote sanitation

D. NIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=278

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

279

An administrator is updating firmware on routers throughout the company. Where should the administrator document this work?

A. Event Viewer

B. Router s System Log

C. Change Management System

D. Compliance Review System

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=279

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

280

Which of the following reduces the likelihood of a single point of failure when a server fails?

A. Clustering

B. Virtualization

C. RAID

D. Cold site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=280

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

281

Which of the following is an example of requiring users to have a password that consists of alphanumeric and two special characters?

A. Password complexity requirements

B. Password recovery requirements

C. Password length requirements

D. Password expiration requirements

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=281

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

282

Which of the following elements of PKI are found in a browser s trusted root CA?

A. Private key

B. Symmetric key

C. Recovery key

D. Public key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=282

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

283

Which of the following tools can execute a ping sweep?

A. Protocol analyzer

B. Anti-virus scanner

C. Network mapper

D. Password cracker

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=283

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

284

Which of the following would be used to distribute the processing effort to generate hashes for a password cracking program?

A. RAID

B. Clustering

C. Redundancy

D. Virtualization

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=284

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

285

Which of the following will help prevent unauthorized access to a smartphone?

A. Remote wipe

B. GPS tracking

C. Screen lock

D. Voice encryption

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=285

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

286

Several classified mobile devices have been stolen. Which of the following would BEST

reduce the data leakage threat?

A. Use GPS tracking to find the devices.

B. Use stronger encryption algorithms.

C. Immediately inform local law enforcement.

D. Remotely sanitize the devices.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=286

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

287

A security administrator is setting up a corporate wireless network using WPA2 with CCMP but does not want to use PSK for authentication. Which of the following could be used to support 802.1x authentication?

A. LDAP

B. RADIUS

C. Kerberos

D. Smart card

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=287

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

288

Which of the following would a security administrator implement if a parking lot needs to be constantly monitored?

A. Video surveillance

B. Mandatory access control

C. Mantraps

D. Proximity readers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=288

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

289

Which of the following devices would be installed on a single computer to prevent intrusion?

A. Host intrusion detection

B. Network firewall

C. Host-based firewall

D. VPN concentrator

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=289

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

290

A CRL is comprised of:

A. malicious IP addresses

B. trusted CA s.

C. untrusted private keys.

D. public keys.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=290

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

291

When examining HTTP server logs the security administrator notices that the company s online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?

A. Spim

B. DDoS

C. Spoofing

D. DoS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=291

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

292

Which of the following components is MOST integral to HTTPS?

A. PGP

B. Symmetric session keys

C. Diffie-Hellman key exchange

D. Mutual authentication

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=292

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

293

Which of the following uses TCP port 22 by default?

A. SSL, SCP, andTFTP

B. SSH, SCP, and SFTP

C. HTTPS, SFTP, andTFTP

D. TLS, TELNET, and SCP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=293

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

294

A system administrator sees a firewall rule that applies to 10.4.4.58/27. Which of the following

IP address ranges are encompassed by this rule?

A. 10.4.4.2710.4.4.58

B. 10.4.4.3210.4.4.63

C. 10.4.4.5810.4.4.89

D. 10.4.4.5810.4.4.127

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=294

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

295

A security administrator wants to implement a more secure way to login to a VPN in addition to a username and password. Which of the following is the MOST secure way to log in to a

VPN?

A. Implementing an ACL

B. Setting up a PKI

C. Implementing a single sign on process

D. Setting up two VPNs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=295

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

296

Which of the following is the BEST example of a physical security policy?

A. All doors to the server room must have signage indicating that it is a server room.

B. All server room users are required to have unique usernames and passwords.

C. All new employees are required to be mentored by a senior employee for their first few months on the job.

D. New server room construction requires a single entrance that is heavily protected.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=296

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

297

Which of the following audit types would a security administrator perform on the network to ensure each workstation is standardized?

A. Group policy

B. Domain wide password policy

C. Storage and retention policy

D. User access and rights

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=297

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

298

The success of a user security education and awareness plan is largely dependent on support from:

A. contractors.

B. project management.

C. human resources.

D. senior management.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=298

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

299

Which of the following signature-based monitoring systems is used to detect and remove known worms and Trojans on a host?

A. NIPS

B. Antivirus

C. Anti-spam

D. HIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=299

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

300

Which of the following is the MOST efficient way to secure a single laptop from an external attack?

A. NIPS

B. HIDS

C. Software firewall

D. Hardware firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=300

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

301

Disabling the SSID broadcast removes the identifier from which of the following wireless packets?

A. Probe

B. ACK

C. Beacon

D. Data

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=301

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

302

Which of the following describes the role of a proxy server?

A. Analyzes packets

B. Serves as a honeypot

C. Blocks access to the network

D. Forwards requests for services from a client

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=302

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

303

Which of the following standards encodes in 64-bit sections, 56 of which are the encryption key?

A. SHA

B. AES

C. DES

D. Blowfish

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=303

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

304

Which of the following would be used for authentication in Active Directory?

A. TACACS

B. RAS

C. PPTP

D. Kerberos

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=304

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

305

Which of the following is used to both deploy and reapply baseline security configurations?

A. Performance baseline

B. Security agent

C. Security template

D. Configuration baseline

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=305

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

306

Which of the following is BEST suited to detect local operating system compromises?

A. Personal firewall

B. HIDS

C. Anti-spam

D. System log

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=306

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

307

Why is an ad-hoc network a security risk?

A. An ad-hoc network allows access to another computer at the same level of the logged in user, compromising information.

B. An ad-hoc network allows access to the nearest access point which may allow a direct connection to another computer.

C. An ad-hoc network allows access to the nearest access point which may give elevated rights to the connecting user.

D. An ad-hoc network allows access to another computer but with no rights so files cannot be copied or changed.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=307

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

308

Which of the following is a benefit of network access control (NAC)?

A. A user is able to distribute connections to the network for load balancing using a centralized list of approved devices.

B. A user is able to distribute connections to the network using cached credentials on a local machine.

C. A user is able to control connections to the network using a centralized list of approved devices.

D. A user is able to control connections to the network using cached credentials on a local machine.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=308

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

309

Which of the following uses multiple encryption keys to repeatedly encrypt its output?

A. AES256

B. DES

C. 3DES

D. AES128

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=309

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

310

Which of the following encryption technologies is BEST suited for small portable devices such as PDAs and cell phones?

A. TKIP

B. PGP

C. AES192

D. Elliptic curve

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=310

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

311

Which of the following protocols correspond to port 514 by default?

A. SYSLOG

B. SNMP

C. IMAP

D. FTP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=311

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

312

Which of the following is achieved and ensured by digitally signing an email?

A. Availability

B. Confidentiality

C. Delivery

D. Integrity

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=312

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

313

A penetration tester is required to conduct a port scan on a network. Which of the following security tools can be used to conduct this scan? (Select TWO).

A. Kismet

B. Snort

C. netcat

D. nslookup

E. Nmap

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=313

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

314

Which of the following is BEST used for providing protection against power fluctuation?

A. Generator

B. Voltmeter

C. UPS

D. Redundant servers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=314

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

315

A technician wants to make sure all users in the network are in compliance with company standards for login. Which of the following tools can the technician use?

A. Network mapping software

B. Digital signatures

C. Password crackers

D. Performance baselines

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=315

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

316

Which of the following increases availability during periods of electromagnetic interference?

(Select TWO).

A. Fiber optic cable

B. Straight-through cable

C. STP cable

D. Crossover cable

E. UTP cable

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=316

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

317

A secure company portal, accessible publicly but only to company employees, frequently fails to renew its certificates, resulting in expired certificate warnings for users. These failures:

(Select TWO).

A. Increase resources used by the company�s web-servers.

B. Expose traffic sent between the server and the user�s computer.

C. Breed complacency among users for all certificate warnings.

D. Permit man-in-the-middle attacks to steal users� credentials.

E. Are irritating to the user but the traffic remains encrypted.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=317

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

318

Which of the following security controls would a company use to verify that their confidential and proprietary data is not being removed?

A. Man traps

B. Chain of custody

C. Video surveillance

D. Vulnerability scanners

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=318

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

319

The last company administrator failed to renew the registration for the corporate web site (e.g. https://wrtw.comptia.org). When the new administrator tried to register the website it is discovered that the registration is being held by a series of small companies for very short periods of time. This is typical of which of the following?

A. Spoofing

B. TCP/IP hijacking

C. Domain name kiting

D. DNS poisoning

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=319

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

320

Which of the following should a web application programmer implement to avoid SQL injection attacks?

A. Encryption and hashing

B. Session cookie handling

C. Authentication and authorization

D. Proper input validation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=320

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

321

Which of the following system security threats negatively affects confidentiality?

A. Spam

B. Adware

C. Spyware

D. Worm

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=321

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

322

Which of the following describes an action taken after a security breach?

A. Disaster recovery planning

B. Business continuity planning

C. Forensic evaluation

D. Change management

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=322

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

323

Which of the following is true about the application of machine virtualization?

A. Virtualization hosting is only possible on one specific OS.

B. Machine vitalization is only possible in a 64-bit environment.

C. Some malware is able to detect that they are running in a virtual environment.

D. The vitalization host OS must be within two revisions of the guest OS.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=323

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

324

Which of the following can be implemented to prevent malicious code from executing?

A. Hardware fire wall

B. Anti-spam software

C. Antivirus software

D. Personal software firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=324

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

325

All administrators are now required to use 15 character passwords. Which of the following is the BEST method to enforce this new password policy?

A. Email announcements

B. Account expiration configuration

C. Group policy

D. Forcing all users to change their password on next login

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=325

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

326

Which of the following BEST describes a reason to implement virtualization technology?

A. Reduce data center footprint

B. Decreased administrative overhead

C. Smaller routing tables

D. Diminishing number of end users

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=326

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

327

Management has requested increased visibility into how threats might affect their organization.

Which of the following would be the BEST way to meet their request without attempting to exploit those risks?

A. Conduct a penetration test.

B. Conduct a risk assessment.

C. Conduct a social engineering test.

D. Conduct a security awareness seminar.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=327

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

328

Which of the following stores information with a trusted agent to decrypt data at a later date,

even if the user destroys the key?

A. Key registration

B. Recovery agent

C. Key escrow

D. Public trust model

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=328

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

329

Which of the following will help hide the IP address of a computer from servers outside the network?

A. NAT

B. PAT

C. ACL

D. NAC

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=329

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

330

When developing a new firewall policy, which of the following methods provides the MOST secure starting point?

A. Implicit deny

B. Least privilege

C. Stateful inspection

D. Due diligence

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=330

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

331

Which of the following should be updated whenever software is upgraded on a production system?

A. Baseline

B. Group policy

C. LDAP entry

D. Antivirus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=331

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

332

An administrator is required to keep certain workstations free of malware at all times, but those workstations need to be able to access any Internet site. Which of the following solutions would be the BEST choice?

A. Updated antivirus software

B. Pop-up blockers

C. Personal firewall

D. Updated anti-spam software

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=332

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

333

Which of the following combinations of items would constitute a valid three factor authentication system?

A. Password, retina scan, and a one-time token

B. PIN, password, and a thumbprint

C. PKI smartcard, password and a one-time token

D. Fingerprint, retina scan, and a hardware PKI token

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=333

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

334

Which of the following BEST describes a tool used to encrypt emails in transit?

A. Whole disk encryption

B. SSL over VPN

C. Digital signatures

D. S/MIME certificates

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=334

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

335

Which of the following security threats would MOST likely use IRC?

A. Botnets

B. Adware

C. Logic bombs

D. Spam

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=335

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

336

A user reports that after opening an email from someone they knew, their computer is now displaying unwanted images. Which of the following software can the technician MOST likely install on the computer to mitigate this threat?

A. Anti-spam

B. Antivirus

C. HIDS

D. Firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=336

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

337

Which of the following tools will detect protocols that are in use?

A. Spoofing

B. Port scanner

C. Proxy server

D. DMZ

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=337

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

338

An auditor would use credentials harvested from a SQL injection attack during which of the following?

A. Forensic recovery

B. Vulnerability assessment

C. Penetration test

D. Password strength audit

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=338

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

339

Key escrow is the process of:

A. Entrusting the keys to a third party.

B. Backing up the key to local storage.

C. Removing the public key.

D. Removing the private key.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=339

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

340

Which of the following will allow a technician to restrict access to one folder within a shared folder?

A. NTLM

B. IPSec

C. NTLMv2

D. NTFS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=340

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

341

A data entry technician uses an application from the Internet to gain administrative rights on a system. Gaining unauthorized domain rights is an example of:

A. A logic bomb.

B. A rootkit.

C. Spyware.

D. Privilege escalation.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=341

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

342

Which of the following would be implemented to provide a check and balance against social engineering attacks?

A. Password policy

B. Single sign-on

C. Separation of duties

D. Biometric scanning

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=342

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

343

Which of the following tools would BEST allow a security administrator to view the contents of unencrypted network traffic?

A. Web application firewall

B. Protocol analyzer

C. Network access control

D. Honeypot

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=343

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

344

A NIPS is primarily used for which of the following purposes?

A. To monitor network traffic in promiscuous mode

B. To alert the administrator to known anomalies

C. To log any known anomalies

D. To take action against known threats

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=344

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

345

Which of the following algorithms provides the LOWEST level of encryption?

A. SHA1

B. Blowfish

C. DES

D. AES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=345

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

346

At midnight on January 1st, an administrator receives an alert from the system monitoring the servers in the datacenter. All servers are unreachable. Which of the following is MOST likely to have caused the DOS?

A. Rootkit

B. Virus

C. Logic bomb

D. Botnet

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=346

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

347

Which of the following would an auditor use to determine if an application is sending credentials in clear text?

A. Vulnerability scanner

B. Protocol analyzer

C. Rainbow table

D. Port scanner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=347

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

348

Which of the following security controls targets employee accounts that have left the company without going through the proper exit process?

A. Password complexity policy

B. Account expiration policy

C. Account lockout policy

D. Access control lists

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=348

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

349

Which of the following logs would MOST likely indicate that there is an ongoing brute force attack against a servers local administrator account?

A. Firewall

B. System

C. Performance

D. Access

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=349

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

350

A technician reports that an employee that retired five years ago still has access to the marketing department�s folders. Which of the following should have been conducted to avoid this security risk?

A. Job rotation review

B. Separation of duties review

C. Retention policy review

D. Regular user access review

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=350

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

351

Which of the following security concepts is supported by HVAC systems?

A. Availability

B. Integrity

C. Confidentiality

D. Privacy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=351

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

352

Which of the following can be implemented to mitigate the risks associated with open ports on a server?

A. Enable MAC filtering

B. Implement a password policy

C. Disable unnecessary programs

D. Disable network cards

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=352

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

353

After a disaster, a security administrator is helping to execute the company disaster recovery plan. Which of the following security services should be restored FIRST?

A. Auditing and logging of transactions.

B. Authentication mechanisms for guests.

C. Help desk phones and staffing.

D. New user account creation services.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=353

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

354

Which of the following security concerns stern from the use of corporate resources on cell phones? (Select TWO).

A. Cell phones are easily lost or stolen.

B. MITM attacks are easy against cell phones.

C. There is no antivirus software for cell phones.

D. Cell phones are used for P2P gaming.

E. Encryption on cell phones is not always possible.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=354

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

355

A user notices that in the morning the email system is slow. Which of the following tools would the technician use FIRST to identify the issue?

A. Protocol analyzer

B. VPN

C. Performance monitor

D. Spam filter

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=355

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

356

A network security administrator is worried about potential man-in-the-middle attacks against users when they access a corporate website from their workstations. Which of the following is the BEST mitigation against this type of attack?

A. Implementing server-side PKI certificates for all connections

B. Mandating only client-side PKI certificates for all connections

C. Requiring client and server PKI certificates for all connections

D. Requiring strong authentication for all DNS queries

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=356

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

357

Which of the following should be disabled to help prevent boot sector viruses from launching when a computer boots?

A. SNMP

B. DMZ

C. USB

D. Hard Drive

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=357

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

358

Which of the following technologies will ensure the datacenter remains operational until backup power can be obtained?

A. UPS

B. Transfer switch

C. Circuit breaker

D. Backup generator

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=358

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

359

In a standard PKI implementation, which of the following keys is used to sign outgoing messages?

A. Sender�s private key

B. Recipient�s public key

C. Sender�s public key

D. Recipient�s private key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=359

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

360

The security administrator is investigating a breach of the company�s web server. One of the web developers had posted valid credentials to a web forum while troubleshooting an issue with a vendor. Logging which of the following would have created the BEST way to determine when the breach FIRST occurred? (Select TWO).

A. Unsuccessful login

B. Source OS

C. Destination IP

D. Number of hops from source

E. Source IP

F. Successful login

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=360

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

361

Which of the following authentication models often requires different systems to function together and is complicated to implement in non-homogeneous environments?

A. One factor authentication

B. Single sign-on

C. Two factor authentication

D. Three factor authentication

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=361

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

362

Which of the following would be MOST useful for a security technician to run on a single,

standalone machine with no network interface to verify its overall security posture?

A. Password cracker

B. Protocol analyzer

C. Network mapper

D. Port scanner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=362

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

363

One of the primary purposes of visualization in a data center is to reduce which of the following?

A. Volume of physical equipment needing to be secured

B. Total complexity of the overall security architecture

C. Number of logical hosts providing services for users

D. Amount of application logging required for security

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=363

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

364

Which of the following would MOST likely determine which user inadvertently shut down the company�s web server?

A. Access logs

B. Application logs

C. DNS logs

D. Performance logs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=364

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

365

Patches and updates should be applied to production systems:

A. After vetting in a test environment that mirrors the production environment.

B. As soon as the vendor tests and makes the patch available.

C. After baselines of the affected systems are recorded for future comparison.

D. As soon as the Configuration Control Board is alerted and begins tracking the changes.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=365

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

366

On network devices where strong passwords cannot be enforced, the risk of weak passwords is

BEST mitigated through the use of which of the following?

A. Limited logon attempts

B. Removing default accounts

C. Reverse proxies

D. Input validation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=366

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

367

Which of the following can ensure the integrity of email?

A. MD5

B. NTLM

C. Blowfish

D. LANMAN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=367

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

368

Which of the following allows management to track whether staff members have accessed an authorized area?

A. Physical tokens

B. Physical access logs

C. Man-traps

D. Hardware locks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=368

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

369

Which of the following is used to provide a fixed-size bit-string regardless of the size of the input source?

A. SHA

B. 3DES

C. PGP

D. WEP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=369

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

370

A new application support technician is unable to install a new approved security application on a departmental�s workstation. The security administrator needs to do which of the following?

A. Add that user to the local power users group

B. Add that user to the domain administrators group

C. Add that user to the domain remote desktop group

D. Add that user to the security distribution group

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=370

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

371

An intruder has gained access to a server and installed an application to obtain credentials.

Which of the following applications did the intruder MOST likely install?

A. Account dictionary

B. Vulnerability scanner

C. Protocol analyzer

D. Password cracker

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=371

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

372

Which of the following is a goal of penetration testing?

A. Passively assess web vulnerabilities

B. To check compliance of the router configuration

C. Provide a passive check of the network�s security

D. Actively assess deployed security controls

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=372

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

373

The BEST way to protect data-at-rest from an attacker is:

A. strong authentication.

B. restricting read permission.

C. secure network protocols.

D. whole disk encryption.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=373

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

374

The firewall administrator sees an outbound connection on IP port 50 and UDP port 500.

Which of the following is the cause?

A. IPSec VPN connection

B. SSH tunneling

C. Certificate revocation list look-up

D. Incorrect DNS setup

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=374

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

375

A penetration tester is attempting to run a brute-force attack to discover network passwords.

Which of the following tools would be BEST suited to this task?

A. John the Ripper

B. Metasploit

C. OVAL

D. Milw0rm

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=375

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

376

A user reports that they cannot print anything from the file server or off the web to the network printer. No other users are having any problems printing. The technician verifies that the user�s computer has network connectivity. Which of the following is the MOST probable reason the user cannot print?

A. The printer is not setup up correctly on the server.

B. The user does not have full access to the file server.

C. The user does not have Internet access.

D. The user does not have access to the printer.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=376

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

377

A remote network administrator calls the helpdesk reporting that they are able to connect via

VPN but are unable to make any changes to the internal web server. Which of the following is

MOST likely the cause?

A. IPSec needs to be reinstalled on the administrator�s workstation.

B. The administrator needs to be added to the web server�s administration group.

C. The VPN concentrator needs to be configured.

D. The administrator does not have the correct access rights to dial in remotely.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=377

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

378

Which of the following standards could be used to rate the risk exposure of vulnerabilities on a network?

A. RADIUS

B. Certificate authority

C. OVAL

D. TACACS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=378

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

379

A security administrator has reports of an employee writing harassing letters on a workstation, but every time the security administrator gets on the workstation there is no evidence of the letters. Which of the following techniques will allow the security administrator to acquire the necessary data?

A. VLAN

B. Memory forensics

C. Firewall

D. Dumpster diving

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=379

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

380

An administrator needs to implement a backup strategy that provides the fastest recovery in case of data corruption. Which of the following should the administrator implement?

A. Full backup on Sunday and differential backups every other day

B. Full backup on Sunday and incremental backups every other day

C. Full backup on Sunday and a full backup every day

D. Full backup on Sunday and alternating differential and incremental every other day

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=380

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

381

A network administrator places a firewall between a file server and the public Internet and another firewall between the file server and the company�s internal servers. This is an example of which of the following design elements?

A. DMZ

B. Subnetting

C. VLAN

D. NAT

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=381

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

382

Which of the following describes what has occurred after a user has successfully gained access to a secure system?

A. Authentication

B. Authenticity

C. Identification

D. Confidentiality

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=382

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

383

Which of the following security attacks would be MOST likely to occur within the office without the use of technological tools?

A. Phishing

B. Cold calling

C. Shoulder surfing

D. SPIM

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=383

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

384

Which of the following is a service that provides authentication, authorization and accounting to connecting users?

A. LANMAN

B. WPA

C. RADIUS

D. CHAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=384

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

385

Which of the following would MOST likely monitor user web traffic?

A. A proxy server

B. Enable cookie monitoring

C. A software firewall

D. Enable Internet history monitoring

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=385

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

386

When implementing a group policy restricting users from running software installations, the administrator needs to be aware of which of the following disadvantages?

A. The policy will restrict remote patching of user workstations.

B. Such a policy requires a great deal of administrative overhead.

C. Not all users will know which files are executable installations.

D. Some users may have a legitimate need for installing applications.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=386

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

387

Which of the following uses a trusted third party key distribution center to generate authentication tokens?

A. TACACS

B. CHAP

C. LDAP

D. Kerberos

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=387

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

388

Which of the following key types would a user MOST likely receive from a secure ecommerce website?

A. Private key

B. Public key

C. CRL

D. Key escrow

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=388

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

389

Which of the following can be used to prevent ongoing network based attacks?

A. NIDS

B. HIDS

C. NAT

D. NIPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=389

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

390

Regression testing and deployment are part of the:

A. Least privilege principle.

B. Vulnerability assessment process.

C. Patch management process.

D. Disaster recovery process.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=390

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

391

A user reports that they opened an attachment from an email received through a distribution list. At a later date, several computers started behaving abnormally. Which of the following threats has MOST likely infected the computer?

A. Pop-ups

B. Spyware

C. Spam

D. Logic bomb

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=391

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

392

A technician notices that folder permissions are changing randomly on the server. Which of the following tools would the technician use to identify the issue?

A. System monitor

B. DMZ

C. Firewall

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=392

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

393

Which of the following protocols allows a user to selectively encrypt the contents of an email message at rest?

A. SSL/TLS

B. Digital signature

C. Secure SMTP

D. S/MIME

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=393

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

394

A technician completes a WLAN audit and notices that a number of unknown devices are connected. Which of the following can BEST be completed to mitigate the issue?

A. Replace the wireless access point

B. Replace the firewall

C. Change the SSID

D. Enable MAC filtering

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=394

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

395

Which of the following is provided at a cold site?

A. Fully operational equipment and installed network equipment

B. Live redundant computers, network connections and UPS

C. Active network jacks

D. New equipment ready to be installed

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=395

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

396

A company sets up wireless access points for visitors to use wireless devices. Which of the following encryption methods should they implement to provide the highest level of security?

A. SHA-256

B. WEP

C. WPA2

D. WPA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=396

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

397

Which of the following would a security administrator be MOST likely to use if a computer is suspected of continually sending large amounts of sensitive data to an external host?

A. Performance baseline

B. Virus scanner

C. Honeypot

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=397

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

398

Which of the following contains a list of certificates that are compromised and invalid?

A. CA

B. CRL

C. TTP

D. RA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=398

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

399

Which of the following is part of the patch management process?

A. Documenting the security assessment and decision.

B. Reverse engineering non-vendor supplied patches.

C. Examining firewall and NIDS logs.

D. Replacing aging network and computing equipment.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=399

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

400

If an administrator wanted to be able to identify exactly which Internet sites are being accessed most frequently, which of the following tools would MOST likely be used?

A. Port scanner

B. IDS

C. Proxy server

D. Firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=400

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

401

Which of the following methods allows the administrator to create different user templates to comply with the principle of least privilege?

A. Rule-based access control

B. Mandatory access control

C. Physical access control

D. Role-based access control

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=401

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

402

Which of the following processes describes identity proofing?

A. Access control and identity verification

B. Identification and non-repudiation

C. Identification and authentication

D. Authentication and authorization

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=402

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

403

In order for an organization to be successful in preventing fraud from occurring by a disgruntled employee, which of the following best practices should MOST likely be in place?

A. Job rotation

B. Least privilege

C. Separation of duties

D. Access controls

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=403

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

404

A web server that the employees use to fill out their time cards needs to be protected. The web server needs to be accessible to employees both inside the campus and at remote sites. Some of the employees use computers that do not belong to the company to do their work. Which of the

following would BEST protect the server?

A. Place the server in a DMZ and require all users to use the company�s VPN software to access it.

B. Place the server in a subnet that is blocked at the firewall.

C. Place the server in a DMZ after hardening the OS.

D. Require all users to use a PKI token stored on a physical smart card to authenticate to the server.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=404

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

405

The director of security for a company needs to determine how the security and network administrators would respond to a compromised system. Which of the following would be the

BEST way for the director to test the team�s response?

A. Penetration test

B. Vulnerability scan

C. Port scan

D. Social engineering

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=405

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

406

The security administrator wants to know if a new device has any known issues with its available applications. Which of the following would be BEST suited to accomplishing this task?

A. Vulnerability scanner

B. Port scanner

C. Network mapper

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=406

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

407

Which of the following are BEST practices in regards to backup media? (Select TWO).

A. Format tapes annually.

B. Keep the tapes user accessible.

C. Store tapes near the servers.

D. Store backup�s off site.

E. Label the media.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=407

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

408

During an annual risk assessment, it is discovered the network administrators have no clear timeline of when patches must be installed. Which of the following would BEST solve this issue?

A. Creating and disseminating a patch management policy

B. Report the issue to management and revisit it during the next risk assessment

C. Training network administrators on the importance of patching

D. Hiring more administrators to better assist in the patching of servers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=408

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

409

Which of the following is an advanced security tool used by security administrators to divert malicious attacks to a harmless area of the network?

A. Firewall

B. TCP/IP hijacking

C. Proxy server

D. Honeypot

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=409

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

410

Which of the following would be the BEST course of action to maintain network availability during an extended power outage?

A. Install UPS units on each critical device

B. Implement a SONET ring

C. Install backup generators

D. Use multiple servers for redundancy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=410

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

411

When investigating data breaches caused by possible malicious action, it is important for members of the CIRT to document the location of data at all times. Which of the following

BEST describes what the CIRT is trying to document?

A. Proper authorization procedures

B. Disaster recovery plan

C. Chain of custody

D. Damage mitigation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=411

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

412

Which of the following redundancy planning concepts is generally the LEAST expensive?

A. Warm site

B. Hot site

C. Mobile site

D. Cold site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=412

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

413

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

A. Restore a random file.

B. Perform a full restore.

C. Read the first 512 bytes of the tape.

D. Read the last 512 bytes of the tape.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=413

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

414

Which of the following groups should be able to view the results of the risk assessment for an organization? (Select TWO).

A. HR employees

B. Information security employees

C. All employees

D. Executive management

E. Vendors

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=414

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

415

Which of the following does a risk assessment include?

A. Exploits, attacks, and social engineering

B. Threats, vulnerabilities, and asset values

C. Management, cost, and budget

D. Policies, procedures, and enforcement

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=415

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

416

Identification is the process of verifying which of the following?

A. The user or computer system

B. The user�s access level

C. The uniqueness of a user�s token

D. The association of a user

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=416

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

417

In general, which of the following is considered the MOST resistant to physical eavesdropping methods?

A. Coaxial cable

B. Wireless access points

C. Fiberoptic cable

D. CAT5 network cable

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=417

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

418

Which of the following behavioral biometric authentication models should a technician deploy in a secure datacenter?

A. Voice recognition

B. Fingerprint recognition

C. Iris scan

D. Retina scan

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=418

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

419

Which of the following is a tactic used by malicious domain purchasing organizations?

A. ARP spoofing

B. Kiting

C. DNS

D. DDoS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=419

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

420

Which of the following would allow an administrator to perform internal research on security threats and common viruses on multiple operating systems without risking contamination of the production environment?

A. AVLAN

B. A firewall

C. A virtual workstation

D. A honey pot

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=420

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

421

Which of the following threats is mitigated by ensuring operating system patches are current?

A. ARP poisoning

B. Distributed DoS

C. Unknown threats

D. Known threats

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=421

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

422

Which of the following environmental controls would require a thermostat within the datacenter?

A. Air flowcontrol

B. Moisture control

C. Temperature control

D. Fire suppression

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=422

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

423

A server needs to be configured to allow the sales department ability to read and write a file.

Everyone else in the company only needs read access. Which of the following access control lists will do this?

A. Sales: Read=Allow; Write=Allow Everyone: Read=Allow; Write=None

B. Sales: Read=Allow; Write=Allow Everyone: Read=Deny; Write=Deny

C. Sales: Read=None; Write=Allow Everyone: Read=Allow; Write=Allow

D. Sales: Read=Allow; Write=Allow Everyone: Read=None; Write= None

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=423

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

424

Which of the following will allow a security administrator to help detect a DDoS?

A. Performance baseline

B. Task manager

C. NetBIOS

D. NIC bindings

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=424

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

425

An administrator wants to make sure that all users of a large domain are restricted from installing software. Which of the following should MOST likely be done?

A. A security policy template is implemented

B. A security IP audit is completed

C. Administrative rights are manually removed

D. All workstations are rebuilt

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=425

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

426

A single point of failure is a security concern primarily because it affects which of the following?

A. Cryptography

B. Confidentiality

C. Integrity

D. Availability

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=426

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

427

Which of the following is MOST likely the reason why a security administrator would run a

NMAP report on an important server?

A. To correlate which MAC addresses are associated with a switchport

B. To identify vulnerabilities in available services

C. To determine open ports and services

D. To capture network packets for analysis

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=427

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

428

Which of the following should be done if a USB device is found in a parking lot?

A. Call the manufacturer of the USB device.

B. Plug it in to a computer to see who it belongs to.

C. Turn it in to the appropriate security person.

D. Reformat it for personal use at home.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=428

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

429

Which of the following, if implemented on a server, will ensure availability if half of the drives fail?

A. RAID 0

B. RAID 1

C. RAID 3

D. RAID 5

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=429

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

430

Proper planning for disaster recovery includes which of the following?

A. Testing the plan on a regular basis

B. Having system administrators electronically sign the plan

C. Documenting all HDD serial numbers

D. Executing the continuity plan at random

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=430

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

431

Using a digital signature during an online transaction is a form of:

A. Key management.

B. Availability.

C. Confidentiality.

D. Non-repudiation.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=431

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

432

Which of the following is a best practice relating to non-administrative user rights on a server?

A. Deny printer access

B. Deny local logon

C. Deny file access

D. Deny network logon

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=432

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

433

Which of the following is MOST likely to occur if the input of a web form is not properly sanitized? (Select TWO).

A. SQL injection

B. Backend file system crash

C. Web load balancing

D. Cross-site scripting

E. Logic bomb

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=433

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

434

Rainbow tables are primarily used to expose which of the following vulnerabilities?

A. Available ports

B. Weak encryption keys

C. Weak passwords

D. Available IP addresses

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=434

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

435

Which of the following can be an attack vector against employees who share pictures, location, and updates with family and friends online?

A. Social networking sites

B. Personal electronic devices

C. Clean desk policy

D. Zero day exploits

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=435

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

436

Which of the following tools allows a security company to identify the latest unknown attacks utilized by attackers?

A. IDS

B. Honeypots

C. Port scanners

D. Code reviews

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=436

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

437

Which of the following is the BEST reason to conduct annual security awareness training?

A. To reinforces user compliance with security policies

B. To remind users of the consequences of noncompliance

C. To teach users about the latest malware attacks

D. To allow the organization to meet due diligence

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=437

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

438

If continuity plans are not regularly exercised, which of the following aspects of business continuity planning are often overlooked until a disaster occurs?

A. Zero day exploits

B. Succession planning

C. Tracking of man hours

D. Single points of failure

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=438

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

439

Large, partially self-governing, collection of hosts executing instructions for a specific purpose is an example of which type of malware?

A. Virus

B. Worm

C. Trojan

D. Botnet

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=439

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

440

Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code?

A. Spoofing

B. Man-in-the-middle

C. Spear phishing

D. DoS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=440

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

441

Which of the following attacks is BEST described as an attempt to convince an authorized user to provide information that can be used to defeat technical security controls?

A. Shoulder surfing

B. Tailgating

C. Impersonation

D. Packet sniffing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=441

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

442

Randomly attempting to connect to wireless network access points and documenting the locations of accessible networks is known as which of the following?

A. Packet sniffing

B. War chalking

C. Evil twin

D. War driving

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=442

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

443

Penetration testing should only be used during controlled conditions with express consent of the system owner because:

A. white box penetration testing cannot identify zero day exploits.

B. vulnerability scanners can cause massive network flooding during risk assessments.

C. penetration testing passively tests policy controls and can identify vulnerabilities.

D. penetration testing actively tests security controls and can cause system instability.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=443

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

444

Which of the following PKI implementation element is responsible for verifying the authenticity of certificate contents?

A. CRL

B. Key escrow

C. Recovery agent

D. CA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=444

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

445

Which of the following should be checked regularly to avoid using compromised certificates?

A. CRL

B. PKI

C. Key escrow

D. CA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=445

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

446

A user was able to access a system when they arrived to work at 5:45 a.m. Just before the user left at 6:30 p.m., the user was unable to access the same system, even though the user could

ping the system. In a Kerberos realm, which of the following is the MOST likely reason for this?

A. The user�s ticket has expired.

B. The system has lost network connectivity.

C. The CA issued a new CRL.

D. The authentication server is down.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=446

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

447

A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?

A. Block port 23 on the L2 switch at each remote site.

B. Block port 23 on the network firewall.

C. Block port 25 on the L2 switch at each remote site.

D. Block port 25 on the network firewall.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=447

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

448

A company is looking at various solutions to manage their large datacenter. The company has a lot of sensitive data on unreliable systems. Which of the following would allow the company to minimize their footprint?

A. Infrastructure as a Service

B. Implement a NAC server

C. Software as a Service

D. Create a new DMZ

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=448

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

449

A small company needs to invest in a new expensive database. The company�s budget does not include the purchase of additional servers or personnel. Which of the following solutions would allow the small company to save money on hiring additional personnel and minimize the footprint in their current datacenter?

A. Allow users to telecommute

B. Setup a load balancer

C. Infrastructure as a Service

D. Software as a Service

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=449

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

450

Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?

A. Password behaviors

B. Clean desk policy

C. Data handling

D. Data disposal

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=450

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

451

The security administrator has recently informed all users of a new attack from individuals sending out emails pretending to represent reputable companies to gain personal and financial information. Which of the following attacks is the security administrator trying to make users aware of in the company?

A. Vishing attacks

B. Phishing attacks

C. Smurf attacks

D. Zero day attacks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=451

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

452

The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffic on the network. Which of the following is the MOST likely cause?

A. NIPS is blocking activities from those specific websites.

B. NIDS is blocking activities from those specific websites.

C. The firewall is blocking web activity.

D. The router is denying all traffic from those sites.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=452

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

453

A visitor plugs their laptop into the network and receives a warning about their antivirus being outof- date along with various patches that are missing. The visitor is unable to access the

Internet or any network resources. Which of the following is the MOST likely cause?

A. The IDS detected that the visitor�s laptop did not have the right patches and updates so the IDS blocked access to the network.

B. The security posture is disabled on the network but remediation must take place before access is given to the visitor on that laptop.

C. The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop.

D. The IPS detected that the visitor�s laptop did not have the right patches and updates so it prevented its access to the network.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=453

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

454

A security administrator notices unusual activity from a server when reviewing system logs and finds it has been compromised. After investigating the incident, the administrator determines the attack successfully exploited a vulnerability in IIS. This application can be disabled to prevent any further incidents because it was not necessary for any server functions. Which of the following could have prevented this incident?

A. Disabling unnecessary accounts

B. Reviewing centralized logs

C. Disabling unnecessary services

D. Enhanced password complexity

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=454

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

455

Which of the following is true about the private key in a PKI?

A. It is used by the recovery agent to generate a lost public key

B. It is used by the CA to validate a user�s identity

C. It is used to decrypt the email hash in signed emails

D. It is used to encrypt the email hash in signed emails

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=455

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

456

Which of the following is true about the CRL?

A. It should be kept public

B. It signs other keys

C. It must be kept secret

D. It must be encrypted

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=456

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

457

Which of the following is an example of authentication using something a user has and something a user is?

A. Username and PIN

B. Token and PIN

C. Password and retina scan

D. Token and fingerprint scan

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=457

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

458

The recovery agent is used to recover the:

A. root certificate.

B. key in escrow.

C. public key.

D. private key.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=458

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

459

Which of the following must a security administrator do when the private key of a web server has been compromised by an intruder?

A. Submit the public key to the CRL.

B. Use the recovery agent to revoke the key.

C. Submit the private key to the CRL.

D. Issue a new CA.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=459

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

460

Which of the following is a security administrator MOST likely to use to centrally manage authentication across network devices? (Select TWO).

A. TACACS+

B. Kerberos

C. RADIUS

D. LDAP

E. MSSQL

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=460

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

461

Which of the following should a security administrator implement to prevent users from disrupting network connectivity, if a user connects both ends of a network cable to different switch ports?

A. VLAN separation

B. Access control

C. Loop protection

D. DMZ

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=461

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

462

Which of the following attacks is MOST likely prevented when a website does not allow the a�?<� character as the input in a web form field?

A. Integer overflow

B. SQL injection

C. Buffer overflow

D. Cross-site scripting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=462

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

463

Which of the following must be installed on a flash drive to allow for portable drive data confidentiality?

A. USB encryptor

B. Hardware write lock

C. USB extension cable

D. Ext2 file system

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=463

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

464

A disgruntled employee inserts additional code into the payroll system which will activate only if the employee is dismissed. Which of the following BEST describes this type of threat?

A. Logic bomb

B. Backdoor

C. Rootkit

D. Spyware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=464

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

465

While browsing the Internet, an administrator notices their browser behaves erratically, appears to download something, and then crashes. Upon restarting the PC, the administrator notices performance is extremely slow and there are hundreds of outbound connections to various websites. Which of the following BEST describes what has occurred?

A. The PC has become part of a botnet.

B. The PC has become infected with spyware.

C. The PC has become a spam host.

D. The PC has become infected with adware.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=465

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

466

A user downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?

A. Logic bomb

B. Worm

C. Trojan

D. Adware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=466

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

467

An online banking portal is not accessible by customers during a holiday season. IT and network administrators notice sustained, extremely high network traffic being directed towards the web interface of the banking portal from various external networks. Which of the following BEST describes what is occurring?

A. X-Mas attack

B. DDoS attack

C. DNS poisoning

D. DOS attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=467

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

468

While chatting with friends over IM, a user receives numerous instant messages from strangers advertising products or trying to send files. Which of the following BEST describes the threat?

A. Spear phishing

B. Spam

C. Spim

D. Spoofing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=468

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

469

Which of the following is the MOST secure way of storing keys or digital certificates used for decryption/encryption of SSL sessions?

A. Database

B. HSM

C. Key escrow

D. Hard drive

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=469

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

470

Which of the following is the MOST likely implication of a corporate firewall rule that allows

TCP port 22 from any internal IP to any external site?

A. Data leakage can occur as an SSH tunnel may be established to home PCs.

B. NAT of external websites to the internal network will be limited to TCP port 22 only.

C. Host based firewalls may crash due to protocol compatibility issues.

D. IPSec VPN access for home users will be limited to TCP port 22 only.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=470

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

471

Which of the following is MOST likely to result in data leakage?

A. Accounting transferring confidential staff details via SFTP to the payroll department.

B. Back office staff accessing and updating details on the mainframe via SS

H.

C. Encrypted backup tapes left unattended at reception for offsite storage.

D. Developers copying data from production to the test environments via a USB stick.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=471

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

472

A network administrator changes the default users and passwords on an 802.11n router. Which of the following is an example of network management?

A. System hardening

B. Rule-based management

C. Network separation

D. VLAN management

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=472

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

473

Which of the following is the file transfer function that utilizes the MOST secure form of data transport?

A. TFTP

B. FTP active

C. FTP passive

D. SFTP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=473

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

474

Which of the following, when used in conjunction with software-based encryption, enhances platform authentication by storing unique RSA keys and providing cryptoprocessing?

A. LDAP

B. TPM

C. Kerberos

D. Biometrics

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=474

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

475

Which of the following is the BEST way to mitigate data leakage if a portable device is compromised?

A. Full disk encryption

B. Common access card

C. Strong password complexity

D. Biometric authentication

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=475

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

476

Which of the following is a removable device that may be used to encrypt in a high availability clustered environment?

A. Cloud computer

B. HSM

C. Biometrics

D. TMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=476

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

477

Which of the following devices provides storage for RSA or asymmetric keys and may assist in user authentication? (Select TWO).

A. Trusted platform module

B. Hardware security module

C. Facial recognition scanner

D. Full disk encryption

E. Encrypted USB

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=477

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

478

Which of the following exploitation types involves injection of pseudo-random data in order to crash or provide unexpected results from an application?

A. Cross-site forgery

B. Brute force attack

C. Cross-site scripting

D. Fuzzing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=478

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

479

Which of the following can be disabled to prevent easy identification of a wireless network?

A. WEP

B. MAC filtering

C. SSID

D. LEAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=479

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

480

Which of the following should be enabled to ensure only certain wireless clients can access the network?

A. DHCP

B. SSID broadcast

C. MAC filtering

D. AP isolation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=480

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

481

The security administrator implemented privacy screens, password protected screen savers, and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate? (Select TWO).

A. Whaling

B. Dumpster diving

C. Shoulder surfing

D. Tailgating

E. Impersonation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=481

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

482

A security administrator wants to prevent users in sales from accessing their servers after 6:00 p.m., and prevent them from accessing accounting s network at all times. Which of the

following should the administrator implement to accomplish these goals? (Select TWO).

A. Separation of duties

B. Time of day restrictions

C. Access control lists

D. Mandatory access control

E. Single sign-on

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=482

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

483

Which of the following would be implemented if an administrator wants a door to electronically unlock when certain employees need access to a location?

A. Device locks

B. Video surveillance

C. Mantraps

D. Proximity readers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=483

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

484

Which of the following protocols can be implemented to monitor network devices?

A. IPSec

B. FTPS

C. SFTP

D. SNMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=484

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

485

Which of the following attacks allows a user to access a location by following someone who has access?

A. Session hijacking

B. Bluesnarfing

C. Tailgating

D. Shoulder surfing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=485

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

486

Which of the following is considered strong authentication?

A. Trusted OS

B. Smart card

C. Biometrics

D. Multifactor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=486

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

487

Which of the following access control methods is considered the MOST difficult to forge?

A. RFIDs

B. Biometrics

C. Passwords

D. User IDs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=487

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

488

Which of the following is MOST likely to be the last rule contained on any firewall?

A. IP allow any any

B. Implicit deny

C. Separation of duties

D. Time of day restrictions

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=488

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

489

Which of the following allows a user to have a one-time password?

A. Biometrics

B. SSO

C. PIV

D. Tokens

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=489

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

490

Which of the following is an example of the type of access control methodology provided on

Windows systems by default?

A. Single Sign-On

B. Discretionary Access Control (DAC)

C. Mandatory Access Control (MAC)

D. Rule based Access Control (RBAC)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=490

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

491

Which of the following is the MOST thorough way to discover software vulnerabilities after its release?

A. Baseline reporting

B. Design review

C. Code review

D. Fuzzing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=491

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

492

Which of the following identifies some of the running services on a system?

A. Determine open ports

B. Review baseline reporting

C. Review honeypot logs

D. Risk calculation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=492

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

493

Which of the following describes a passive attempt to identify weaknesses?

A. Vulnerability scanning

B. Zero day attack

C. Port scanning

D. Penetration testing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=493

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

494

Which of the following is another name for fuzzing proprietary software?

A. Grey box testing

B. Black box testing

C. White box testing

D. Blue jacking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=494

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

495

Which of the following application attacks can be used against Active Directory based systems?

A. XML injection

B. SQL injection

C. LDAP injection

D. Malicious add-ons

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=495

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

496

Which of the following is a security best practice implemented before placing a new server online?

A. On-demand computing

B. Host software baselining

C. Virtualization

D. Code review

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=496

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

497

Which of the following can be implemented as a physical security control?

A. Antivirus

B. GPS tracking

C. Cable locks

D. Device encryption

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=497

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

498

Which of the following is a technical control that should be implemented to prevent data loss

from laptop theft?

A. GPS tracking

B. Antivirus

C. Hard drive encryption

D. Cable locks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=498

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

499

Which of the following software types helps protect against non-malicious but irritating malware?

A. Pop-up blockers

B. Antivirus

C. Host-based firewalls

D. Anti-spyware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=499

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

500

Which of the following is the MOST common security issue on web-based applications?

A. Hardware security

B. Transport layer security

C. Input validation

D. Fuzzing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=500

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

501

Which of the following is a preventative physical security control?

A. CCTV

B. Armed guard

C. Proper lighting

D. Access list

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=501

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

502

Which of the following security concerns is MOST prominent when utilizing cloud computing

service providers?

A. Video surveillance

B. Mobile device access

C. Removable storage media

D. Blended systems and data

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=502

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

503

Which of the following is an example of forcing users to change their password every 90 days?

A. Password recovery requirements

B. Password length requirements

C. Password expiration requirements

D. Password complexity requirements

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=503

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

504

Which of the following is an example of requiring users to have a password of 16 characters or more?

A. Password recovery requirements

B. Password complexity requirements

C. Password expiration requirements

D. Password length requirements

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=504

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

505

Which of the following is an example of allowing a user to perform a self-service password reset?

A. Password length

B. Password recovery

C. Password complexity

D. Password expiration

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=505

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

506

Which of the following is a security control that can utilize a command such as a�?deny ip any any�?

A. ACL

B. Content inspection

C. Network bridge

D. VPN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=506

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

507

Which of the following is a security best practice when an employee leaves the company?

A. Account password complexity

B. Account disablement

C. Account password recovery

D. Account reissue

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=507

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

508

Which of the following is an account management principle for simplified user administration?

A. Ensure password complexity requirements are met.

B. Disable unused system accounts.

C. Implement access based on groups.

D. Ensure minimum password length is acquired.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=508

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

509

Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?

A. LDAP injection

B. SQL injection

C. Error and exception handling

D. Cross-site scripting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=509

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

510

Which of the following appears to the user as a legitimate site but is in fact an attack from a malicious site?

A. Phishing

B. DoS

C. XSRF

D. XSS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=510

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

511

Role-based access control is:

A. multifactor.

B. single sign-on.

C. user specific.

D. job function specific.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=511

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

512

A system administrator could have a user level account and an administrator account to prevent:

A. password sharing.

B. escalation of privileges.

C. implicit deny.

D. administrative account lockout.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=512

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

513

Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?

A. Document scan results for the change control board.

B. Organize data based on severity and asset value.

C. Examine the vulnerability data using a network analyzer.

D. Update antivirus signatures and apply patches.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=513

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

514

A Black Box assessment of an application is one where the security assessor has:

A. access to the source code and the development documentation.

B. no access to the application�s source code and development documentation.

C. access to the UAT documentation but not the source code.

D. no access to the source code but access to the development documentation.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=514

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

515

A user browsing the Internet sees a message on a webpage indicating their computer is infected. The message states that antivirus software should be downloaded from the site to clean the infection. Which of the following is occurring in this situation?

A. Social engineering

B. Adware

C. Botnet

D. Trojan

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=515

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

516

Which of the following BEST explains the security benefit of a standardized server image?

A. All current security updates for the operating system will have already been applied.

B. Mandated security configurations have been made to the operating system.

C. Anti-virus software will be installed and current.

D. Operating system license use is easier to track.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=516

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

517

A business-critical application will be installed on an Internet facing server. Which of the following is the BEST security control that should be performed in conjunction with updating the application to the MOST current version?

A. The firewall should be configured to allow the application to auto-update.

B. The firewall should be configured to prevent the application from auto-updating.

C. A port scan should be run against the application�s server.

D. Vendor-provided hardening documentation should be reviewed and applied.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=517

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

518

A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?

A. Change the server�s SSL key and add the previous key to the CRL.

B. Install a host-based firewall.

C. Install missing security updates for the operating system.

D. Add input validation to forms.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=518

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

519

A company needs to reduce the risk of employees emailing confidential data outside of the company. Which of the following describes an applicable security control to mitigate this threat?

A. Install a network-based DLP device

B. Prevent the use of USB drives

C. Implement transport encryption

D. Configure the firewall to block port 110

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=519

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

520

Which of the following security controls should be implemented to prevent server administrators from accessing information stored within an application on a server?

A. File encryption

B. Full disk encryption

C. Change management

D. Implicit deny

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=520

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

521

Which of the following should be enforced on mobile devices to prevent data loss from stolen devices?

A. Device encryption

B. HIDS

C. USB encryption

D. Host-based firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=521

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

522

Which of the following can be deployed to provide secure tunneling services?

A. IPv6

B. DNSSEC

C. SNMPv2

D. SNMPv3

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=522

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

523

Which of the following is MOST likely used to secure the creation of cryptographic keys?

A. Common access card

B. Hashing algorithm

C. Trusted platform module

D. One-time pad

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=523

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

524

Which of the following is MOST likely to reduce the threat of a zero day vulnerability?

A. Patch management

B. Network-based intrusion detection system

C. Disabling unnecessary services

D. Host-based intrusion detection system

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=524

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

525

A proximity badge is provided to all users, each with the owners� photo. The photos are not checked and users trade badges to be able to access resources for which they are not personally authorized. This is an example of which of the following?

A. Authentication without authorization verification

B. Authorization verification without authentication

C. Neither authentication nor authorization verification

D. Both authentication and authorization verification

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=525

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

526

During the analysis of malicious code, a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?

A. Buffer overflow

B. XML injection

C. SQL injection

D. Distributed denial of service

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=526

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

527

A security administrator discovers that Server1 and Server2 have been compromised, and then observes unauthorized outgoing connections from Server1 to Server2. On Server1 there is an executable named tcpdump and several files that appear to be network dump files. Finally, there are unauthorized transactions in the database on Server2. Which of the following has

MOST likely occurred?

A. A logic bomb has been installed on Server1.

B. A backdoor has been installed on Server2.

C. A replay attack has been used against Server2.

D. A botnet command and control has been installed on Server1.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=527

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

528

Which of the following MOST likely occurs when a user discovers a packet capture attack on a computer connected to a wireless network?

A. Invalid checksums

B. Large dump files

C. Sequence numbers

D. Header manipulation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=528

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

529

Which of the following is MOST relevant when investigating a SQL injection attack?

A. Stored procedures

B. Header manipulation

C. Malformed frames

D. Java byte code

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=529

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

530

Which of the following MOST relevant to a buffer overflow attack?

A. Sequence numbers

B. Set flags

C. IV length

D. NOOP instructions

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=530

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

531

Which of the following is specific to header manipulation?

A. Overlap

B. Java instructions

C. Payload section

D. Flags

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=531

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

532

A system administrator was recently laid off for compromising various accounting systems within the company. A few months later, the finance department reported their applications were not working correctly. Upon further investigation, it was determined that unauthorized accounting software was installed onto a financial system and several application exploits existed within that system. This is an example of which of the following?

A. Rootkit

B. Logic bomb

C. Worm

D. Trojan horse

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=532

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

533

A user reports that there have been several invalid charges on their company credit card. The user said these charges occurred after a recent phone call to the bank due to an unusual email the user received. While examining the email, the security administrator notices that the phone number on the email does not match the phone number listed on the bank�s website. Upon calling that number, the technician did reach the exact answering system as the bank and eventually to an actual bank representative. This is an example of which of the following?

A. Vishing

B. Phishing

C. SPIM

D. Spear Phishing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=533

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

534

During a company�s relocation, a security administrator notices that several hard copies of company directories are being thrown away in public dumpsters. Which of the following attacks is the company vulnerable to without the proper user training and awareness?

A. Hoaxes

B. Pharming

C. Social engineering

D. Brute force

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=534

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

535

A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?

A. Interference

B. Rogue access points

C. IV attack

D. Bluejacking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=535

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

536

Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems, the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to identify the issue?

A. Hardware baseline review

B. Vulnerability scan

C. Data integrity check

D. Penetration testing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=536

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

537

A security administrator has recently performed a detailed datacenter inventory of all hardware and software. This analysis has resulted in identifying a lot of wasted resources. Which of the following design elements would eliminate the wasted resources and improve the datacenter�s footprint?

A. NAC

B. Virtualization

C. Remote access implementation

D. Hosted IP Centrex

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=537

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

538

A user reports that after a recent business trip, their laptop started having performance issues and unauthorized emails have been sent out from the laptop. Which of the following will resolve this issue?

A. Updating the user�s laptop with current antivirus

B. Updating the anti-spam application on the laptop

C. Installing a new pop-up blocker

D. Updating the user�s digital signature

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=538

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

539

The company encryption policy requires all encryption algorithms used on the corporate network to have a key length of 128-bits. Which of the following algorithms would adhere to company policy?

A. DES

B. SHA

C. 3DES

D. AES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=539

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

540

If a security administrator is reviewing a JPEG�s metadata and hash against an unverified copy of the graphic, which of the following is the administrator looking for?

A. Steganography

B. Chain of custody

C. Digital signatures

D. Whole disk encryption

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=540

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

541

Which of the following technologies is often used by attackers to hide the origin of an attack?

A. Open proxy

B. Load balancer

C. Flood guard

D. URL filtering

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=541

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

542

Which of the following is susceptible to reverse lookup attacks if not configured properly?

A. SSL

B. IPSec

C. ICMP

D. DNS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=542

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

543

Which of the following are the two basic components upon which cryptography relies?

A. PKI and keys

B. Algorithms and key escrow

C. Key escrow and PKI

D. Algorithms and keys

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=543

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

544

Which of the following can be used to verify the integrity of a message�s content as well as the identity of the sender?

A. Recovery agent

B. Digital signature

C. Key escrow

D. Trust models

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=544

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

545

Which of the following describes the direction the signal will emanate from if a wireless omnidirectional antenna is placed parallel to the floor?

A. In a downward direction, perpendicular to the floor

B. Directly from the point of the antenna, parallel to the floor

C. Side to side, parallel with the floor

D. Up and down, perpendicular to the floor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=545

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

546

Which of the following should be checked for when conducting a wireless audit? (Select

TWO).

A. Open relays

B. Antenna placement

C. Encryption of wireless traffic

D. URL filtering

E. Open proxies

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=546

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

547

Which of the following passwords have the MOST similar key space? (Select TWO).

A. AnDwWe9

B. check123

C. Mypassword!2~

D. C0mPTIA

E. 5938472938193859392

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=547

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

548

A security administrator has discovered through a password auditing software that most passwords can be discovered by cracking the first seven characters and then cracking the second part of the password. Which of the following is in use by the company?

A. LANMAN

B. MD5

C. WEP

D. 3DES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=548

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

549

A security engineer working at a public CA is implementing and installing a new CRL. Where should the administrator logically place the server?

A. On a wireless network

B. Inside the DMZ

C. On an non-routable network

D. On a secure internal network

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=549

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

550

A security engineer is deploying a new CA. Which of the following is the BEST strategy for the root CA after deploying an intermediate trusted CA?

A. It should be placed outside of the firewall.

B. It should be placed in the DMZ.

C. It should be placed within an internal network.

D. It should be shut down and kept in a secure location.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=550

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

551

A security administrator has installed a new server and has asked a network engineer to place the server within VLAN 100. This server can be reached from the Internet, but the security engineer is unable to connect from the server to internal company resources. Which of the following is the MOST likely cause?

A. The server is connected with a crossover cable.

B. VLAN 100 does not have a default route.

C. The server is in the DMZ.

D. VLAN 100 is on the internal network.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=551

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

552

A security administrator is researching the main difference between TACACS and TACACS+ before deciding which one to install. The administrator has discovered that:

A. TACACS does not encrypt authentication while TACACS+ does.

B. TACACS+ uses TCP while TACACS can use either TCP or UDP.

C. TACACS can only be used on switches and routers while TACACS+ supports firewalls as well.

D. TACACS uses IPX and TACACS+ only supports IP.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=552

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

553

Which of the following is true when a user browsing to an HTTPS site receives the message: a�?The site�s certificate is not trusted�?

A. The certificate has expired and was not renewed.

B. The CA is not in the browser�s root authority list.

C. The intermediate CA was taken offline.

D. The CA is not in the default CRL.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=553

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

554

An security administrator shows a user a method of hiding information by printing text so small that it appears as a period or colon. Which of the following BEST describes this security type?

A. Steganography

B. Quantum cryptography

C. Transport encryption

D. Hashing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=554

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

555

An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement?

A. Software based firewall

B. Mandatory Access Control (MAC)

C. VPN concentrator

D. Web security gateway

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=555

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

556

A network administrator must configure an FTP server in active-mode. Which of the following is the control port by default?

A. 20

B. 21

C. 22

D. 23

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=556

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

557

A technician must configure a network device to allow only certain protocols to the external servers and block requests to other internal sources. This is an example of a:

A. demilitarized zone.

B. load balancer.

C. layer 2 switch.

D. stateful firewall.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=557

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

558

Which of the following protocols should be used to ensure that the data remains encrypted

during transport over the Internet? (Select THREE).

A. TLS

B. SSL

C. FTP

D. SSH

E. HTTP

F. TFTP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=558

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

559

A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?

A. Anti-virus software

B. ACLs

C. Anti-spam software

D. NIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=559

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

560

Which of the following can be used to help prevent man-in-the-middle attacks?

A. HTTP

B. HTTPS

C. SFTP

D. Kerberos

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=560

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

561

Which of the following controls would the security administrator implement if clients have to use at least ten upper and lower case alpha-numeric characters and special symbols?

A. Password complexity

B. Username lockout

C. File encryption strength

D. Account disablement

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=561

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

562

Which of the following account policies would be enforced if a user tried to log into their account several times and was disabled for a set amount of time?

A. Recovery

B. Expiration

C. Lockout

D. Disablement

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=562

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

563

Which of the following security controls should be implemented if an account was created for a temporary user that will only be employed for the next four months?

A. Expiration

B. Disablement

C. Lockout

D. Complexity

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=563

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

564

Which of the following should be used to help prevent device theft of unused assets?

A. HSM device

B. Locking cabinet

C. Device encryption

D. GPS tracking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=564

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

565

Which of the following is BEST described as a scenario where organizational management decides not to provide a service offering because it presents an unacceptable risk to the organization?

A. Mitigation

B. Acceptance

C. Deterrence

D. Avoidance

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=565

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

566

Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?

A. 21

B. 25

C. 110

D. 143

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=566

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

567

Which of the following should be integrated into the fire alarm systems to help prevent a fire from spreading?

A. HVAC

B. Humidity controls

C. Video monitoring

D. Thermostats

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=567

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

568

Which of the following can be implemented that will only prevent viewing the home screen on a mobile device if left momentarily unattended?

A. Whole disk encryption

B. Screen lock

C. Cable lock

D. Remote wipe

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=568

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

569

An in-line network device examines traffic and determines that a parameter within a common protocol is well outside of expected boundaries. This is an example of which of the following?

A. Anomaly based detection

B. Behavior based detection

C. IV attack detection

D. Signature based detection

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=569

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

570

A malicious insider obtains a copy of a virtual machine image for a server containing client financial records from the in-house virtualization cluster. Which of the following would BEST prevent the malicious insider from accessing the client records?

A. Cloud computing

B. Separation of duties

C. Portable media encryption

D. File and folder encryption

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=570

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

571

Based on logs from file servers, remote access systems, and IDS, a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss, but the insider�s lawyer insists the laptop cannot be identified. Which of the following would BEST be used to identify the specific computer used by the insider?

A. IP address

B. User profiles

C. MAC address

D. Computer name

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=571

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

572

Which of the following is the MOST effective method to provide security for an in-house created application during software development?

A. Third-party white box testing of the completed application before it goes live

B. Third-party black box testing of the completed application before it goes live

C. Explicitly include security gates during the SDLC

D. Ensure an application firewall protects the application

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=572

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

573

Which of the following is MOST likely occurring if a website visitor has passwords harvested from the web browser�s cache?

A. Buffer overflow

B. XSRF

C. Cookies

D. Pharming

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=573

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

574

An attacker incorrectly submits data on a website�s form and is able to determine the type of database used by the application and the SQL statements used to query that database. Which of the following is responsible for this information disclosure?

A. SQL injection

B. Fuzzing

C. XSS

D. Error handling

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=574

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

575

Which of the following describes why the sender of an email may encrypt the email with a private key?

A. Confidentiality

B. Non-repudiation

C. Transmission speed

D. Transport encryption

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=575

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

576

When granting access, which of the following protocols uses multiple-challenge responses for authentication, authorization and audit?

A. TACACS

B. TACACS+

C. LDAP

D. RADIUS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=576

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

577

Upper management decides which risk to mitigate based on cost. This is an example of:

A. qualitative risk assessment.

B. business impact analysis.

C. risk management framework.

D. quantitative risk assessment.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=577

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

578

Which of the following is the primary purpose of using a digital signature? (Select TWO).

A. Encryption

B. Integrity

C. Confidentiality

D. Non-repudiation

E. Availability

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=578

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

579

Which of the following authentication methods is typical among corporate environments to authenticate a list of employees?

A. Twofish

B. ACLs

C. LDAP

D. Kerberos

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=579

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

580

Which of the following attacks is manifested as an embedded HTML image object or

JavaScript image tag in an email?

A. Exception handling

B. Adware

C. Cross-site request forgery

D. Cross-site scripting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=580

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

581

Which of the following increases the key space of a password the MOST?

A. Letters, numbers, and special characters

B. 25 or more alpha-numeric characters

C. Two-factor authentication

D. Sequential alpha-numeric patterns

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=581

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

582

Which of the following file transfer protocols is an extension of SSH?

A. FTP

B. TFPT

C. SFTP

D. FTPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=582

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

583

Which of the following is the primary security reason why social networking sites should be blocked in a large corporation?

A. The proxy server needs to be specially configured for all social networking sites.

B. The data traffic can cause system strain and can overwhelm the firewall rule sets.

C. The users� work productivity decreases greatly.

D. The users can unintentionally post sensitive company information.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=583

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

584

Which of the following describes the importance of enacting and maintaining a clean desk policy?

A. To ensure that data is kept on encrypted network shares

B. To avoid passwords and sensitive data from being unsecured

C. To verify that users are utilizing data storage resources

D. To guarantee that users comply with local laws and regulations

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=584

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

585

An online book review forum is being designed for anonymous customers to share feedback with other potential readers. The intention for the forum is to integrate into an existing online bookstore in order to boost sales. Which of the following BEST represents the expected level of confidentiality, integrity, and availability needed for the forum content that has been contributed by users?

A. High confidentiality, high integrity, low availability

B. Low confidentiality, low integrity, low availability

C. High confidentiality, high integrity, high availability

D. Low confidentiality, medium to high integrity, medium availability

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=585

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

586

Which of the following protocols implements security at the lowest OSI layer?

A. IPSec

B. SSL

C. ICMP

D. SSH

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=586

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

587

In which of the following locations would a forensic analyst look to find a hooked process?

A. BIOS

B. Slack space

C. RAM

D. Rootkit

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=587

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

588

Which of the following processes collects business/unit requirements as a main input when developing a business continuity plan?

A. SLA

B. DRP

C. BIA

D. NIST

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=588

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

589

Which of the following is a method for validating a BCP?

A. Business impact analysis

B. Annual test

C. Disaster recovery planning

D. Review audit logs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=589

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

590

Which of the following provides integrity verification when storing data?

A. Encryption

B. Hashing

C. PKI

D. ACL

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=590

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

591

Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?

A. Rogue APs

B. War driving

C. Packet analysis

D. RF interference

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=591

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

592

Which of the following is the MOST secure wireless protocol?

A. WPA

B. TKIP

C. CCMP

D. WEP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=592

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

593

The decision to build a redundant data center MOST likely came from which of the following?

A. Application performance monitoring

B. Utilities cost analysis

C. Business impact analysis

D. Security procedures review

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=593

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

594

During business continuity planning, it is determined that a critical application can have no more than one hour of recovery time. Which of the following will be needed to meet this objective?

A. Off-site storage

B. Hot site

C. Warm site

D. Cold site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=594

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

595

A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?

A. Authenticity

B. Integrity

C. Availability

D. Confidentiality

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=595

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

596

In high traffic areas, security guards need to be MOST concerned about which of the following attacks?

A. War driving

B. Blue jacking

C. Shoulder surfing

D. Tailgating

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=596

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

597

Which of the following BEST describes an attack whereby unsolicited messages are sent to nearby mobile devices?

A. Smurf attack

B. Bluejacking

C. Bluesnarfing

D. War driving

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=597

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

598

Which of the following protocols would an administrator MOST likely use to monitor the parameters of network devices?

A. SNMP

B. NetBIOS

C. ICMP

D. SMTP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=598

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

599

Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?

A. Incident management

B. Server clustering

C. Change management

D. Forensic analysis

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=599

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

600

Which of the following network ACL entries BEST represents the concept of implicit deny?

A. Deny UDP any

B. Deny TCP any

C. Deny ANY any

D. Deny FTP any

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=600

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

601

Applying detailed instructions to manage the flow of network traffic at the edge of the network, including allowing or denying traffic based on port, protocol, address, or direction is an implementation of which of the following?

A. Virtualization

B. Port security

C. IPSec

D. Firewall rules

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=601

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

602

Which of the following cloud computing concepts is BEST described as providing an easytoconfigure OS and on-demand computing for customers?

A. Platform as a Service

B. Software as a Service

C. Infrastructure as a Service

D. Trusted OS as a Service

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=602

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

603

User awareness training about proper disclosure of information, handling of corporate data, and security policies is important due to the popularity of which of the following?

A. Social networking sites

B. Wireless networks

C. Virtual private networks

D. Zero day exploits

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=603

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

604

Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?

A. Fire suppression

B. Video monitoring

C. EMI shielding

D. Hot and cold aisles

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=604

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

605

Information classification is used to protect which of the following?

A. Best practices

B. Phishing attacks

C. Clustering

D. Sensitive data

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=605

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

606

Which of the following is the MOST appropriate risk mitigation strategy to use in order to identify an unauthorized administrative account?

A. Change management

B. Incident management

C. Routine audits of system logs

D. User�s rights and permissions review

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=606

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

607

Which of the following would be used to notify users of proper system usage?

A. Acceptable Use Policy

B. Separation of Duties

C. Audit Logs

D. Job Description

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=607

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

608

Which of the following concepts ensures that the data is only viewable to authorized users?

A. Availability

B. Biometrics

C. Integrity

D. Confidentiality

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=608

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

609

Which of the following concepts ensures that the data does not change in route to its final destination?

A. Integrity

B. Redundancy

C. Confidentiality

D. Availability

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=609

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

610

A security administrator is in charge of a datacenter, a hot site and a cold site. Due to a recent disaster, the administrator needs to ensure that their cold site is ready to go in case of a disaster.

Which of the following does the administrator need to ensure is in place for a cold site?

A. Location with all required equipment loaded with all current patches and updates

B. Location with duplicate systems found in the datacenter

C. Location near the datacenter that meets power requirements

D. Location that meets power and connectivity requirements

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=610

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

611

Which of the following business continuity activities would a company implement in order to restore a critical system after a disruption or failure?

A. Continuity of day to day operations

B. Business continuity testing

C. Disaster recovery

D. Succession planning

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=611

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

612

Which of the following would a security administrator MOST likely look for during a vulnerability assessment?

A. Ability to gain administrative access to various systems

B. Identify lack of security controls

C. Exploit vulnerabilities

D. Actively test security controls

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=612

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

613

Which of the following is used in conjunction with PEAP to provide mutual authentication between peers?

A. LEAP

B. MSCHAPv2

C. PPP

D. MSCHAPv1

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=613

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

614

A security administrator must implement AES encryption throughout a company�s wireless network. Which of the following MUST be configured?

A. WPA

B. TKIP

C. 802.11n

D. CCMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=614

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

615

The MAIN difference between qualitative and quantitative risk assessment is:

A. quantitative is based on the number of assets while qualitative is based on the type of asset.

B. qualitative is used in small companies of 100 employees or less while quantitative is used in larger companies of 100 employees or more.

C. quantitative must be approved by senior management while qualitative is used within departments without specific approval.

D. quantitative is based on hard numbers while qualitative is based on subjective ranking.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=615

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

616

Performing routine security audits is a form of which of the following controls?

A. Preventive

B. Detective

C. Protective

D. Proactive

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=616

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

617

Which of the following is used when performing a quantitative risk analysis?

A. Focus groups

B. Asset value

C. Surveys

D. Best practice

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=617

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

618

In an 802.11n network, which of the following provides the MOST secure method of both encryption and authorization?

A. WEP with 802.1x

B. WPA Enterprise

C. WPA2-PSK

D. WPA with TKIP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=618

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

619

Which of the following is the MOST secure method of utilizing FTP?

A. FTP active

B. FTP passive

C. SCP

D. FTPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=619

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

620

An offsite location containing the necessary hardware without data redundancy would be an example of which of the following off-site contingency plans?

A. Cluster

B. Cold site

C. Warm site

D. Hot site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=620

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

621

Upon investigation, an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?

A. Trojan

B. Virus

C. Logic bomb

D. Rootkit

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=621

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

622

Which of the following is an example of obtaining unauthorized information by means of casual observation?

A. Whaling

B. Shoulder surfing

C. Dumpster diving

D. War driving

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=622

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

623

Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?

A. Evil twin

B. Tailgating

C. Impersonation

D. Shoulder surfing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=623

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

624

Which of the following methods of access, authentication, and authorization is the MOST secure by default?

A. Kerberos

B. TACACS

C. RADIUS

D. LDAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=624

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

625

Which of the following would be implemented to allow access to services while segmenting access to the internal network?

A. IPSec

B. VPN

C. NAT

D. DMZ

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=625

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

626

Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?

A. Spam filter

B. IDS

C. Firewall

D. Malware inspection

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=626

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

627

Which of the following is the technical implementation of a security policy?

A. VLAN

B. Flood guards

C. Cloud computing

D. Firewall rules

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=627

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

628

Which of the following prevents numerous SYN packets from being accepted by a device?

A. VLAN management

B. Transport encryption

C. Implicit deny

D. Flood guards

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=628

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

629

Which of the following stops malicious traffic from affecting servers?

A. NIDS

B. Protocol analyzers

C. Sniffers

D. NIPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=629

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

630

Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices?

A. HTTPS

B. SSH

C. IPv4

D. ICMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=630

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

631

Which of the following should be performed before a hard drive is analyzed with forensics tools?

A. Identify user habits

B. Disconnect system from network

C. Capture system image

D. Interview witnesses

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=631

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

632

Which of the following assists in identifying if a system was properly handled during transport?

A. Take a device system image

B. Review network traffic and logs

C. Track man hours and incident expense

D. Chain of custody

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=632

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

633

Which of the following requires special handling and explicit policies for data retention and data distribution?

A. Personally identifiable information

B. Phishing attacks

C. Zero day exploits

D. Personal electronic devices

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=633

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

634

Which of the following will teach employees about malicious attempts from an attacker to obtain bank account information?

A. Password complexity requirements

B. Phishing techniques

C. Handling PII

D. Tailgating techniques

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=634

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

635

Which of the following software types BEST dissects IP frames for inspection or review by a security administrator?

A. Protocol analyzer

B. Load balancer

C. Software firewall

D. Gateway

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=635

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

636

Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks?

A. Load balancer

B. URL filter

C. VPN concentrator

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=636

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

637

Actively monitoring data streams in search of malicious code or behavior is an example of:

A. load balancing.

B. an Internet proxy.

C. URL filtering.

D. content inspection.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=637

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

638

Which of the following port numbers is used for SCP, by default?

A. 22

B. 69

C. 80

D. 443

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=638

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

639

A technician needs to allow seven specific users connection to a new access point. Which of the following should be performed to achieve this action?

A. Enable MAC filtering

B. Disable SSID broadcast

C. Adjust antenna placement

D. Decrease WAP power levels

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=639

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

640

Which of the following systems implements a secure key distribution system that relies on hardcopy keys intended for individual sessions?

A. Blowfish

B. PGP/GPG

C. One-time pads

D. PKI

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=640

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

641

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses:

A. multiple keys for non-repudiation of bulk data.

B. different keys on both ends of the transport medium.

C. bulk encryption for data transmission over fiber.

D. the same key on each end of the transmission medium.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=641

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

642

Which of the following devices is typically used at the enclave boundary to inspect, block, and

reroute network traffic for security purposes?

A. Load balancers

B. Protocol analyzers

C. Firewalls

D. Spam filter

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=642

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

643

Which of the following BEST describes the proper method and reason to implement port security?

A. Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.

B. Apply a security control which ties specific networks to end-device IP addresses and prevents new devices from being connected to the network.

C. Apply a security control which ties specific ports to end-device MAC addresses and prevents all devices from being connected to the network.

D. Apply a security control which ties specific ports to end-device IP addresses and prevents mobile devices from being connected to the network.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=643

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

644

Which of the following secure protocols is MOST commonly used to remotely administer

Unix/Linux systems?

A. SSH

B. SCP

C. SFTP

D. SNMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=644

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

645

Which of the following BEST describes the process of key escrow?

A. Maintains a copy of a user�s public key for the sole purpose of recovering messages if it is lost

B. Maintains a secured copy of a user�s private key to recover the certificate revocation list

C. Maintains a secured copy of a user�s private key for the sole purpose of recovering

the key if it is lost

D. Maintains a secured copy of a user�s public key in order to improve network performance

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=645

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

646

Which of the following devices should be used to allow secure remote network access for mobile users?

A. NIDS

B. Protocol analyzer

C. SFTP

D. VPN concentrator

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=646

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

647

Which of the following technologies is used to verify that a file was not altered?

A. RC5

B. AES

C. DES

D. MD5

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=647

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

648

Webmail is classified under which of the following cloud-based technologies?

A. Demand Computing

B. Infrastructure as a Service (IaaS)

C. Software as a Service (SaaS)

D. Platform as a Service (PaaS)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=648

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

649

IPSec has been chosen for remote access VPN connections for telecommuters. Which of the following combinations would BEST secure the connection?

A. Transport mode, ESP

B. Transport mode, AH

C. Tunnel mode, AH

D. Tunnel mode, ESP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=649

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

650

Which of the following ports are used for NetBIOS by default? (Select TWO).

A. 135

B. 139

C. 143

D. 443

E. 445

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=650

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

651

Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?

A. Succession planning

B. Remove single points of failure

C. Risk management

D. Business impact analysis

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=651

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

652

Employees are unable to open internal company documents as they all appear to be encrypted.

The company CIO has received an email asking for $10,000 in exchange for the documents decryption key. Which of the following BEST describes this type of attack?

A. Adware

B. Ransomware

C. Trojan attack

D. Rootkit attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=652

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

653

Which of the following should the network administrator use to remotely check if a

workstation is running a P2P application?

A. Port scanner

B. Network mapper

C. Ping sweeper

D. ARP scanner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=653

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

654

Which of the following is mitigated by implementing proper data validation?

A. Rootkits

B. DNS poisoning

C. SMTP open relays

D. Cross-site scripting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=654

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

655

Which of the following practices is MOST relevant to protecting against operating system security flaws?

A. Patch management

B. Antivirus selection

C. Network intrusion detection

D. Firewall configuration

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=655

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

656

Which of the following is MOST commonly implemented to transport network device logs to a logging server?

A. SOCKS

B. SHTTP

C. SYSLOG

D. SMTP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=656

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

657

Which of the following access control methods prevents a user from accessing network resources after the end of the users typical shift?

A. Group policy

B. Time of day restrictions

C. Password policy

D. Acceptable use policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=657

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

658

A user reports that after searching the Internet for office supplies and visiting one of the search engine results websites, they began receiving unsolicited pop-ups on subsequent website visits.

Which of the following is the MOST likely cause of the unsolicited pop-ups?

A. Virus

B. Spam

C. Trojan

D. Adware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=658

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

659

Which of the following is a required component for deploying Kerberos?

A. Extensible authentication protocol

B. Ticket granting server

C. Remote access server

D. Certificate authority

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=659

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

660

Which of the following would protect an employees network traffic on a non-company owned network?

A. 802.1x

B. VPN

C. RADIUS

D. Antivirus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=660

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

661

The technician just finished bringing up a new server in a live environment. Which of the following should the technician perform NEXT?

A. Update group policies

B. Install antivirus software

C. Performance baseline

D. Install OS patches

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=661

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

662

Assigning access on a need-to-knows basis is a best practice in which of the following controls?

A. Account management

B. Risk assessment

C. Vulnerability assessment

D. Patch management

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=662

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

663

Which of the following security threats MOST frequently uses IRC to communicate with a remote host?

A. Spam

B. Phishing

C. Botnets

D. Worm

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=663

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

664

Which of the following can restrict a computer from receiving network traffic?

A. HIDS

B. NIDS

C. Antivirus

D. Software firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=664

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

665

The newly hired security administrator for a company suspects that the previous security administrator has maliciously left code to corrupt the logging systems in 30 days. Which of the following is suspected to be in the system?

A. Virus

B. Trojan

C. Logic bomb

D. Spyware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=665

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

666

PGP is a cryptosystem based on which of the following encryption method?

A. SSL

B. Certificate authority

C. Symmetric

D. Asymmetric

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=666

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

667

Which of the following is the BEST solution for an administrator to implement in order to learn more about the zeroday exploit attacks on the internal network?

A. A stateful firewall

B. An IDS

C. A Honeypot

D. A HIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=667

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

668

A user reports that their system is slow and reboots on its own. The technician is unable to remotely control the computer and realizes that they no longer have administrative rights to that workstation. Which of the following is MOST likely the cause?

A. Rootkit

B. DDoS

C. Adware

D. Spam

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=668

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

669

Most mission impacting vulnerabilities in a formal risk assessment should be:

A. accepted.

B. ignored.

C. avoided.

D. mitigated.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=669

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

670

Which of the following is a mitigation technique that addresses signal emanation?

A. Placing shielding on one side of a wireless router

B. Turning off the SSID broadcast on the wireless router

C. Installing a WIDS in addition to the wireless router

D. Configuring WPA instead of WEP on the wireless router

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=670

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

671

Which of the following describes bringing risk to an acceptable level?

A. Risk avoidance

B. Risk mitigation

C. Leveraging positive risk

D. Avoiding negative risk

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=671

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

672

Which of the following are reasons why a key may be revoked? (Select TWO).

A. Lost password

B. CA compromise

C. Key compromise

D. Lost trust

E. Public key compromise

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=672

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

673

System resource monitors and baselines on web servers should be used by security team members to detect:

A. the need for increased bandwidth availability.

B. denial-of-service conditions.

C. expired accounts in use.

D. new server policies.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=673

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

674

Which of the following security tools can view the SSIDs of wireless networks even when they have SSID broadcasting disabled?

A. NMAP

B. Kismet

C. RADIUS

D. Netstumbler

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=674

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

675

A recent risk assessment has identified vulnerabilities on a production server. The technician realizes it was recently re-imaged after a component failed on it. Which of the following is the

FIRST item to assess when attempting to mitigate the risk?

A. If all current service packs and hotfixes were re-applied

B. If the spam filters have been properly applied

C. If all device drivers were updated

D. If the firewall ruleset does not allow incoming traffic to the vulnerable port

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=675

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

676

The security policy at a company clearly specifies that server administrators cannot have access to log servers or permissions to review log files. These rights are granted only to security

administrators. This policy is an example of which of the following industry best practices?

A. Separation of duties

B. Implicit deny

C. Privilege escalation

D. Job rotation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=676

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

677

Multiple machines are detected connecting to a specific web server during non-business hours and receiving instructions to execute a DNS attack. Which of the following would be responsible?

A. Adware

B. Logic Bomb

C. Virus

D. Botnet

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=677

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

678

Which of the following security tools can be used for vulnerability scanning?

A. Nessus

B. RADIUS

C. L0phtcrack

D. Milw0rm

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=678

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

679

A network administrator is alerted to an incident on a file server. The alerting application is a file integrity checker. Which of the following is a possible source of this HIDS alert?

A. ARP poisoning

B. Teardrop attack

C. Rootkit

D. DDOS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=679

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

680

Which of the following is the BEST mitigation against DoS attacks?

A. Distributed, redundant datacenters with IPS

B. Redundant ISPs, power sources, and NAT

C. Distributed power sources, NAC, and VLANs

D. Two-factor server authentication, NIDS, and VPNs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=680

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

681

When managing user access to files and system resources with groups, users should be placed into groups based on which of the following?

A. Concept of least privilege, required access, and security role

B. Job rotation, server location, and MAC

C. Concept of implicit deny, printer location, and biometrics

D. MAC, RBAC, and IP address

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=681

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

682

Which of the following is the MOST common way to allow a security administrator to securely administer remote *NIX based systems?

A. SSH

B. IPSec

C. PPTP

D. SSL/TLS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=682

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

683

Which of the following is the BEST way for an attacker to conceal their identity?

A. Deleting the cookies

B. Increase the max size of the log

C. Shoulder surfing

D. Disable logging

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=683

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

684

Which of the following is the primary location where global policies are implemented in an organization?

A. Domain

B. Physical memory

C. User documentation

D. Security group

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=684

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

685

The physical location of rogue access points can be discovered by using which of the following?

A. War driving

B. Remote monitoring

C. IPS

D. Creating honeypots

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=685

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

686

Which of the following should be implemented to mitigate the security threat of adware?

A. Antivirus

B. Pop-up blockers

C. Anti-spam

D. Subnetting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=686

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

687

Which of the following security measures can be used with 802.1x?

A. Network address translation

B. Network access control

C. IPSec VPNs

D. Internet content filter

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=687

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

688

Which of the following BEST secures ingress and egress points in a data center?

A. ID badges

B. Proximity cards

C. Escorts

D. Log book

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=688

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

689

Virtualization technology can be implemented to positively affect which of the following security concepts?

A. Non-repudiation

B. Integrity

C. Confidentiality

D. Availability

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=689

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

690

After disabling SSID broadcast for all wireless routers on the network, the administrator noticed that the Same unauthorized users were still accessing the network. Which of the following did the administrator fail to do?

A. Change the SSI

D.

B. Disallow 802.11a traffic on the network.

C. Enable ARP cache spoofing protection.

D. Re-enable the SSID.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=690

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

691

Which of the following best practices should be applied to print resources to enforce existing information assurance controls?

A. Remove unnecessary users from groups with permissions to the resources.

B. Restrict group membership to users who do not print often.

C. Set the printer to standby mode after hours.

D. Ensure that all user groups have permission to all printers.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=691

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

692

Wireless access points with SSID broadcast make it easier to do which of the following?

A. War driving

B. Implement encryption

C. Physically tap the network

D. Decrease wireless coverage

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=692

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

693

A company is having a problem with users setting up rogue access points. Which of the following solutions would be the BEST for the administrator to implement?

A. Implement least privilege access

B. Password policy hardening

C. MAC address filtering

D. Stop SSID broadcasting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=693

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

694

A recipient s public key can be used by a data sender to ensure which of the following?

A. Sender anonymity

B. Data confidentiality

C. Sender authentication

D. Data availability

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=694

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

695

Limiting access to a file resource to only the creator by default, is an example of applying which of the following security concepts?

A. Behavior-based security

B. Logical tokens

C. Least privilege

D. Role-based access control

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=695

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

696

Which of the following SSH configurations mitigate brute-force login attacks? (Select

THREE).

A. Disabling default accounts

B. Enabling SSH version 2

C. Changing the default service port

D. Limiting failed logon attempts

E. Enforcing use of cryptographic keys

F. Filtering based upon source address

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=696

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

697

Which of the following is MOST likely to be used to transfer malicious code to a corporate network by introducing viruses during manufacturing?

A. Cell phones

B. USB drives

C. BIOS chips

D. P2P software

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=697

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

698

Which of the following authentication models is the MOST vulnerable to password crackers?

A. Two factor

B. Physical tokens

C. Single factor

D. Three factor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=698

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

699

Which of the following is an email attack targeted at a specific individual to trick the individual into revealing personal information?

A. Hoax

B. Pharming

C. Phishing

D. Spear phishing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=699

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

700

Integrity is BEST provided by which of the following technologies?

A. Symmetric key cryptography

B. Whole disk encryption

C. Asymmetric key cryptography

D. Digital signatures

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=700

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

701

Which of the following is the EASIEST to implement for protecting an individual system?

A. Protocol analyzer

B. Internet content filter

C. Proxy server

D. Personal software firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=701

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

702

A user reports a problem with resetting a password on the company website. The help desk determined the user was redirected to a fraudulent website. Which of the following BEST describes attack type?

A. Spyware

B. Logic bomb

C. XSS

D. Worm

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=702

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

703

During a change management meeting, changes within the firewall were approved. Which of the following processes should an administrator follow?

A. Put firewall offline to perform all changes and return it online.

B. Log all changes being performed.

C. Save all current entries and perform changes.

D. Backup all current entries, perform and log all changes.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=703

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

704

Which of the following audit systems should be enabled in order to audit user access and be able to know who is trying to access critical systems?

A. Password policy

B. Failed logon attempts

C. Account expiration

D. Group policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=704

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

705

During a data exfiltration penetration test, which of the following is the NEXT step after gaining access to a system?

A. Privilege escalation

B. Attack weak passwords

C. DoS

D. Use default accounts

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=705

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

706

Which of the following should be protected from disclosure?

A. Public key infrastructure

B. User s private key passphrase

C. User s public key

D. Certificate revocation list

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=706

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

707

Rule-based access control is closely aligned with which of the following?

A. Implicit deny

B. Mandatory access control

C. Access control lists

D. Role-based access control

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=707

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

708

A user is recording a file on disk. Which of the following will allow a user to verify that the file is the original?

A. NTFS

B. MD5

C. RSA

D. 3DES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=708

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

709

The administrator needs to set permissions for the new print server for a company comprised of

320 people in 18 departments. Each department has its own set of printers. Which of the following options is the BEST way to do this?

A. Place all the people into distribution groups. Assign printer access by access group.

B. Place all the people into departmental groups. Assign printer access by matching individuals to printer groups.

C. Place all the people into departmental groups. Assign access to all printers for each group.

D. Place all the people into departmental groups. Assign printer access by matching group to department.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=709

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

710

Which of the following BEST describes the function of a NIDS?

A. Analyzing network traffic for suspicious traffic

B. Analyzing LAN traffic for file sharing software

C. Diverting suspicious traffic in real-time

D. Diverting spyware traffic to the DMZ

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=710

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

711

An employee with a regular user account has downloaded a software program which allowed the user to join the administrator group. Which of the following is occurring?

A. Buffer overflow

B. Privilege escalation

C. Trojan

D. Virus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=711

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

712

Command-and-Control is a key element of a:

A. logic bomb.

B. trojan.

C. rootkit.

D. botnet.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=712

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

713

WPA2-Enterprise can use which of the following to authenticate a user?

A. RRAS

B. TKIP

C. RADIUS

D. RSA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=713

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

714

The IT department has been having issues lately with vulnerabilities occurring on the network due to outdated software on new computers that are deployed. Which of the following would be the BEST way for the administrator to address this issue?

A. Establish configuration baselines for the images

B. Implement group policies

C. Build security templates for the OS

D. Ensure that all patches are installed by employees

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=714

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

715

Which of the following authentication models often requires different systems to function together and is complicated to implement in non-homogeneous environments?

A. Three factor authentication

B. Single sign-on

C. One factor authentication

D. Two factor authentication

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=715

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

716

Which of the following attacks can be mitigated by shredding confidential documents?

A. Shoulder surfing

B. Phishing

C. Hoax

D. Dumpster diving

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=716

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

717

The manager has tasked an administrator to test the security of the network. The manager wants to know if there are any issues that need to be addressed, but the manager is concerned about affecting normal operations. Which of the following should be used to test the network?

A. Use a protocol analyzer.

B. Use a vulnerability scanner.

C. Launch a DDoD attack in the network and see what occurs.

D. Read the log files on each system on the network.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=717

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

718

In order to help maintain system security, employees are only given rights to perform their current job function. Which of the following BEST describes this practice?

A. Implicit deny

B. Job rotation

C. Separation of duties

D. Least privilege

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=718

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

719

Which of the following relies on prime numbers to generate keys?

A. IPSec

B. Elliptic curve

C. RSA

D. AES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=719

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

720

The network administrator has been asked to turn off access to the command prompt for some users. Which of the following is the BEST choice to complete this request?

A. Deploy a hotfix.

B. Deploy patches.

C. Deploy service packs.

D. Deploy a group policy.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=720

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

721

A computer is displaying an MBR error upon restart. The technician is told the user has just installed new software. Which of the following threats is the MOST likely cause of this error?

A. Distributed DoS

B. Boot sector virus

C. Trojan

D. ActiveX

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=721

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

722

Which of the following is a best practice when creating groups of user and computer accounts in a directory service?

A. Naming conventions and technical aptitude

B. Delegation of administration and policy deployment

C. Department and salary divisions

D. Seniority at the company and access level

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=722

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

723

Which of the following can be implemented to ensure an employee cannot use the system outside of normal business hours?

A. Time of day restrictions

B. Implicit deny

C. Account expiration

D. Two factor authentication

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=723

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

724

Which of the following BEST describes NAC?

A. Provides access based on predetermined characteristics

B. Translates between DHCP requests and IP addresses

C. Provides access based on ARP requests

D. Translates between private addresses and public addresses

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=724

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

725

Which of the following tools is used to report a wide range of security and configuration problems on a network?

A. Vulnerability scanner

B. Port scanner

C. TACACS

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=725

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

726

Which of the following will allow a security administrator to determine potentially malicious traffic traversing the network?

A. Protocol analyzer

B. Systems monitor

C. Task manager

D. Performance monitor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=726

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

727

Which of the following is MOST closely associated with email?

A. S/MIME

B. IPSec

C. TLS

D. SSH

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=727

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

728

Which of the following is performed when conducting a penetration test?

A. Documentation of security vulnerabilities and policy gaps.

B. Demonstrations of network capabilities and resiliency.

C. Demonstrations of security vulnerabilities and flaws in policy implementation.

D. Documentation of network security settings, policy gaps and user errors.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=728

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

729

On which of the following algorithms is PGP based?

A. DES

B. MD5

C. WPA

D. RSA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=729

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

730

Which of the following allows two people to communicate securely without having to know each other prior to communicating?

A. AES

B. 3DES

C. Symmetric keys

D. PKI

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=730

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

731

The MOST expensive and effective alternate site that provides the HIGHEST level of availability, is called a:

A. primary site.

B. warm site.

C. cold site.

D. hot site.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=731

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

732

Which of the following is an example of a single sign-on?

A. Authentication to individual systems with a single authentication factor.

B. The use of three factor authentication on single systems.

C. Access to individual systems with a single password.

D. Access to multiple systems with a single authentication method.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=732

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

733

A security administrator has detected that the company websites source code contains suspicious numbers of white spaces and non-printable characters at the end of each line of code. Which of the following is being used in order to leak sensitive information to the competition?

A. Encryption

B. Steganography

C. Obfuscation

D. Code fuzzing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=733

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

734

A system administrator wants to verify that the corporate users are following the security policy

on password complexity requirements. Which of the following could be used to verify the passwords?

A. Password hashing

B. Password hardening

C. Password enumeration

D. Password cracking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=734

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

735

The company s NIDS system is configured to pull updates from the vendor and match traffic patterns based on these updates. Which of the following BEST describes this configuration?

A. Signature-based

B. OVAL-based

C. Anomaly-based

D. Behavior-based

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=735

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

736

Which of the following desktop solutions can a user implement to detect and delete downloaded malware?

A. Desktop firewall

B. HIPS

C. HIDS

D. Antivirus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=736

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

737

After deploying a new IDS, an administrator notices a large amount of notifications coming from a filter inspecting port 445. Which of the following can BEST help the administrator in determining if the notifications are false positives?

A. The router tables

B. Firewall log

C. IDS performance monitor

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=737

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

738

Which of the following BEST characterizes a DMZ?

A. A trusted network that is encrypted end-to-end.

B. A connection between two trusted networks.

C. A trusted segment to a VPN concentrator.

D. A network that resides between trusted and non-trusted networks.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=738

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

739

Which of the following would be used to gain access to a data center where the administrator would have to use multiple authentication factors?

A. Fingerprint and retina scan

B. Enter two different passwords

C. Fingerprint scan and password

D. ID badge and smartcard

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=739

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

740

A security manager decides to assign the daily responsibility of firewall and NIDS administration to different technicians. This is an example of which of the following?

A. Job rotation

B. Implicit deny

C. Separation of duties

D. Least privilege

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=740

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

741

A security administrator is worried about attackers accessing a specific server within the company s network. Which of the following would allow the security staff to identify unauthorized access to the server?

A. Honeypot

B. Antivirus

C. HIDS

D. Anti-spyware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=741

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

742

Which of the following ports is susceptible to DNS poisoning?

A. 23

B. 8080

C. 80

D. 53

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=742

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

743

Which of the following is the main disadvantage of implementing a certificate revocation list?

A. It is a single point of failure and expensive to maintain.

B. Only a certain number of certificates can be revoked.

C. Revocation is not instantaneous.

D. The CRL database cannot be duplicated.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=743

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

744

Which of the following would an administrator MOST likely update after deploying a service pack?

A. Group policy

B. Hotfix

C. Configuration baseline

D. Patch

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=744

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

745

A computer or device that is setup on the network merely to monitor the habits and techniques of a suspected attack is known as a:

A. content filter.

B. proxy.

C. honeypot.

D. dummy terminal.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=745

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

746

Which of the following devices would be used to gain access to a secure network without affecting network connectivity?

A. Fiber-optic splicer

B. Firewall

C. Vampire tap

D. Router

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=746

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

747

Which operating system hardening procedure can be implemented to ensure all systems have the most up-todate version available?

A. Patch management

B. Configuration baselines

C. Group policies

D. Security templates

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=747

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

748

Which of the following is the primary difference between role-based access control and rulebased access control?

A. Both are based on local legal regulations but role based provides greater security.

B. One is based on job function and the other on a set of approved instructions.

C. One is based on identity and the other on authentication.

D. Both are based on job title but rule based provides greater user flexibility.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=748

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

749

The network administrator has determined that a large number of corporate workstations on the network are connecting to an IRC server on the Internet, and these same workstations are executing DDOS attacks on remote systems. Which of the following terms BEST describes this

situation?

A. Worm

B. Botnet

C. Rootkit

D. Spam

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=749

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

750

Which of the following is used to determine who transported a hard drive during an incident response investigation?

A. Damage and loss control

B. Disclosure guidelines

C. Chain of custody

D. Forensic policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=750

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

751

Which of the following is the MAIN difference between bluejacking and bluesnarfing?

A. Bluejacking involves some social engineering while bluesnarfing does not.

B. Bluejacking involves sending unsolicited messages to a phone while bluesnarfing involves accessing the phone data.

C. Bluesnarfing can be done from a greater distance than bluejacking.

D. Bluesnarfing involves sending unsolicited messages to a phone while bluejacking involves accessing the phone data.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=751

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

752

Which of the following keys is used to sign an email message?

A. CA key

B. Symmetric

C. Private

D. Public

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=752

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

753

Which of the following BEST describes the purpose of risk mitigation?

A. Reducing the time from vulnerability discovery to patch deployment.

B. Reducing the work associated with patch management.

C. Reducing the chances that a threat will exploit a vulnerability.

D. Reducing the cost to recover from a security incident.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=753

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

754

Organizational policy requiring employees to login using their username and password and a random number from their key fob is an example of:

A. two factor authentication.

B. four factor authentication.

C. single factor authentication.

D. three factor authentication.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=754

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

755

A server administrator wants to do a vulnerability assessment on a server that is not on the production network to see if FTP is open. Which of the following tools could be used?

A. Intrusion detection system

B. Port scanner

C. Antivirus software

D. Anti-spyware software

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=755

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

756

A network device contains a feature that provides emergency administrator access from any port by sending a specific character sequence. This is an example of a:

A. DDoS attack.

B. default account.

C. back door.

D. DoS attack.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=756

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

757

Which of the following provides active protection to critical operating system files?

A. HIDS

B. Firewall

C. HIPS

D. NIPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=757

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

758

Which of the following redundancy planning concepts would MOST likely be used when trying to strike a balance between cost and recovery time?

A. Warm site

B. Field site

C. Cold site

D. Hot site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=758

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

759

Which of the following was created to standardize the security assessment process?

A. OVAL

B. Vulnerability scanner

C. TACACS

D. Network mapper

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=759

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

760

In PKI, which of the following keys should be kept secret at all times?

A. Private key

B. Public key

C. Diffie-Hellman key

D. Shared key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=760

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

761

Employee A sends employee B an encrypted message along with a digital signature. Employee

B wants to make sure that the message is truly from employee A. Which of the following will employee B do to verify the source of the message?

A. Use employee B s public key to unencrypted the message.

B. Use employee A s public key to verify the digital signature.

C. Use employee B s private key to unencrypted the message.

D. Use employee A s private key to verify the digital signature.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=761

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

762

An administrator is having difficulty getting staff to adhere to group policy directives regarding streaming audio. Bandwidth utilization increases around the time that a popular radio show is broadcast. Which of the following is the BEST solution to implement?

A. Implement time of day restrictions

B. Change the password policy

C. Deploy content filters

D. Enforce group policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=762

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

763

Which of the following is the FINAL phase of disaster recovery?

A. Hold a follow-up meeting to review lessons learned.

B. Notify all personnel that a disaster has taken place.

C. Restore all network connectivity.

D. Perform a full recovery so all devices are back in working order.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=763

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

764

A small company wants to hire a security assessment team for the server and network infrastructure. Which of the following needs to be defined before penetration testing occurs?

A. Vulnerability scan

B. Bandwidth requirements

C. Protocols analysis

D. Rules of engagement

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=764

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

765

A user logs onto a laptop with an encrypted hard drive. There is one password for unlocking the encryption and one password for logging onto the network. Both passwords are synchronized and used to login to the machine. Which of the following authentication types is this?

A. Two factor

B. Biometric

C. Single sign-on

D. Three factor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=765

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

766

A user wants to ensure that if a computer s hard drive is removed, the files cannot be accessed without authentication. Which of the following would be used?

A. Disk encryption

B. Single sign-on

C. Digital signature

D. Biometric reader

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=766

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

767

Which of the following would a user need to decrypt a data file that has been encrypted with the user s public key?

A. PGP s public key

B. Sender s private key

C. User s public key

D. User s private key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=767

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

768

Which of the following is BEST suited to determine which services are running on a remote host?

A. Protocol analyzer

B. Antivirus

C. Log analyzer

D. Port scanner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=768

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

769

A security administrator would use which of the following to control access between network segments?

A. Firewall

B. NIDS

C. Subnetting

D. RADIUS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=769

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

770

Verifying the time and date certain users access a server is an example of which of the following audit types?

A. Retention policy

B. Account lockout

C. Account login

D. User rights

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=770

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

771

A technician wants to implement a change across the production domain. Which of the following techniques should the technician perform?

A. Edit the access control list.

B. Deploy a group policy.

C. Install service packs on the domain.

D. Change the acceptable use policy.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=771

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

772

Which of the following has a primary goal of hiding its processes to avoid detection?

A. Logic bomb

B. Rootkit

C. Worm

D. Virus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=772

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

773

Which of the following is the BEST example of a technical security policy?

A. Posting a sign on the door to the server room indicating that access is restricted to authorized personnel only.

B. Installing electronic locks on the door to the server room that only allow access to a person swiping an administrators smartcard.

C. Removing all the keyboards from the server room and requiring all administrators to bring keyboards from their desks.

D. Building a new server room that only has a single entrance that is heavily protected.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=773

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

774

Employee A wants to send employee B an encrypted message that will identify employee A as the source of the message. Which of the following will employee A do to accomplish this?

(Select TWO).

A. Use employee A s private key to sign the message.

B. Use the message application to mark the message as urgent.

C. Use only symmetric encryption to send the message.

D. Use employee B s private key to encrypt the message.

E. Use employee B s public key to encrypt the message.

F. Use employee A s public key to sign the message.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=774

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

775

From which of the following can a virus be loaded before an OS starts?

A. TPM

B. P2P

C. USB drive

D. Hardware locks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=775

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

776

Management wants a security assessment conducted on their network. The assessment must be conducted during normal business hours without impacting users. Which of the following would BEST facilitate this?

A. A vulnerability scan

B. A penetration test

C. A honeynet

D. A risk assessment

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=776

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

777

Which of the following activities often involves consulting with the legal department?

A. Updating domain password policies

B. Network infrastructure planning

C. User account creation and management

D. Reviewing storage and retention policies

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=777

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

778

Which of the following protocols is used to connect a remote office LAN into the central office so resources can be shared?

A. SSH

B. HTTPS

C. IPSec

D. SNMP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=778

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

779

Which of the following protocols uses a three-way handshake during communication with multiple hosts?

A. UDP

B. RDP

C. SMTP

D. TCP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=779

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

780

Which of the following technologies requires encryption and authentication?

A. WEP

B. 802.1x

C. 802.11n

D. TKIP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=780

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

781

A security administrator has received an SD memory card for the purpose of forensic analysis.

The memory card is left on the administrator s office desk at the end of the day. The next day the security guard returns the SD card to the administrator because it was found by the night janitor. Which of the following incident response procedures has been violated?

A. Securing the site

B. Chain of custody

C. Evidence gathering

D. Data retention

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=781

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

782

Organization policy requiring employees to display their corporate badge at all times is an example of:

A. non-repudiation.

B. identification.

C. authentication.

D. confidentiality.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=782

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

783

Which of the following cryptographic methods provides the STRONGEST security when implemented correctly?

A. Elliptic curve

B. NTLM

C. MD5

D. WEP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=783

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

784

An on-going attack on a web server has just been discovered. This server is non-critical but holds data that could be very damaging to the company if it is disclosed. Which of the following should the administrator choose as their FIRST response?

A. Launch a counter attack on the other party.

B. Disconnect the server from the network.

C. Call over a manager and document the attack.

D. Monitor the attack until the attacker can be identified.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=784

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

785

Which of the following is a common evasion technique by attackers to avoid reverse engineering?

A. Determining if the host is already infected

B. Determining if the host if a virtual or physical

C. Determining if the host is Windows or Linux based

D. Determining if the host can connect to the Internet

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=785

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

786

When used properly, a one time pad is considered an unbreakable algorithm because:

A. it is a symmetric key.

B. it uses a stream cipher.

C. the key is not reused.

D. it is based on the generation of random numbers.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=786

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

787

Which of the following uses multiple encryption keys to repeatedly encrypt its output?

A. AES256

B. AES128

C. DES

D. 3DES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=787

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

788

Employees in the accounting department move between accounts payable and accounts receivable roles every three months. This is an example of which of the following security concepts?

A. Separation of duties

B. Group policies

C. Least privilege

D. Job rotation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=788

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

789

After accessing several different Internet sites a user reports their computer is running slow.

The technician verifies that the antivirus definitions on that workstation are current. Which of the following security threats is the MOST probable cause?

A. Spam

B. Worm

C. Trojan

D. Spyware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=789

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

790

A technician reports that the email server is being compromised. Files are being uploaded to change the email portal webpage. Which of the following tools can be used to determine how the files are being uploaded?

A. VPN

B. Protocol analyzer

C. DMZ

D. Performance monitor

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=790

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

791

The primary purpose of a hot site is to ensure which of the following?

A. Adequate HVAC to meet environmental initiatives

B. Recovery of operations within 30 days after a disaster

C. Transition of operations in a short time period in a disaster

D. Seamless operations in the event of a disaster

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=791

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

792

User A moved from Human Resources to Accounting. A year later they mistakenly print to a network printer back in HR. This indicates which of the following needs to happen?

A. Updates and patching of the users workstation

B. Installation of antivirus software on the users workstation

C. An audit of the security logs

D. An account access and rights audit

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=792

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

793

Which of following protocols can operate in tunnel mode?

A. SHTTP

B. IPSec

C. SFTP

D. SSL

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=793

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

794

Cloud computing uses which of the following technologies to automatically provision guests on demand?

A. Cloning

B. Spoofing

C. Imaging

D. Virtualization

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=794

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

795

Which of the following encryption methods is being used when both parties share the same secret key?

A. Kerberos

B. Asymmetric

C. Symmetric

D. Certificate based

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=795

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

796

An administrator discovers evidence that a co-worker has been violating the law with the contents of some of their emails. Which of the following should the administrator do FIRST?

A. Inform upper management or law enforcement.

B. Confront the co-worker and demand all illegal actions cease.

C. Take what was found to another peer and have the peer confront the co-worker.

D. Go through the email server and accumulate as much evidence as possible.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=796

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

797

Which of the following should an HVAC system do when a fire is detected in a data center?

A. It should shut down.

B. It should change to full cooling.

C. It should decrease humidity.

D. It should increase humidity.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=797

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

798

Which of the following encryption implementations would be the MOST secure?

A. 3DES

B. SHA1

C. MD4

D. WEP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=798

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

799

Which of the following allows a technician to retroactively identify a security incident?

A. NIDS

B. Internet content filter

C. DMZ

D. Proxy server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=799

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

800

A number of users on the company network have been contracting viruses from required social networking sites. Which of the following would be MOST effective to prevent this from happening?

A. Firewall

B. Honeypot

C. NIDS

D. Proxy server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=800

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

801

Which of the following would a technician implement to mitigate SQL injection security risks?

A. Use software firewalls.

B. Use input validation.

C. Disable Java on Internet browsers.

D. Delete Internet history.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=801

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

802

Which of the following concepts is applied when a user enters a password to gain authorized access to a system?

A. Authentication

B. Non-repudiation

C. Privatization

D. Identification

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=802

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

803

Which of the following vulnerability assessment tools would be used to identify weaknesses in a Company s router ACLs or firewall?

A. Brute force attacks

B. Rainbow tables

C. Port scanner

D. Intrusion prevention systems

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=803

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

804

Multiple users are having trouble connecting to a secure corporate website and experience a minor delay when logging onto the website. The URL for the website is also slightly different than normal once the users are connected. The network administrator suspects which of the following attacks is being carried out?

A. Phishing

B. Man-in-the-middle

C. Spam

D. Bluesnarfing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=804

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

805

A company is looking for the lowest cost option for their disaster recovery operations, regardless of the amount of time it will take to bring their systems back online. Which of the following would be BEST suited for their needs?

A. Live site

B. Cold site

C. Warm site

D. Hot site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=805

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

806

Which of the following tools depends MOST heavily on regular updates to remain effective?

A. Network mapper

B. Vulnerability scanner

C. Protocol analyzer

D. Port scanner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=806

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

807

Which of the following can be used to create a unique identifier for an executable file?

A. DES

B. Blowfish

C. NTLM

D. SHA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=807

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

808

An administrator is configuring a new system in a domain. Which of the following security events is MOST important to monitor on the system?

A. Password changes

B. Logon attempts

C. Failed data moves

D. Data file updates

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=808

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

809

Which of the following cryptography concepts requires two keys?

A. Secret

B. Symmetric

C. Asymmetric

D. TPM

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=809

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

810

Which of the following would be used to observe a runaway process?

A. Protocol analyzer

B. Performance monitor

C. Performance baseline

D. Application log

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=810

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

811

Which of the following determines if traffic is blocked or allowed?

A. Logical keys

B. Network-based Intrusion Detection System (NIDS)

C. Access Control List (ACL)

D. Username and passwords

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=811

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

812

Which of the following is MOST often used in a DDoS?

A. Worm

B. Virus

C. Trojan

D. Botnet

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=812

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

813

IPSec provides which of the following?

A. NAT traversal

B. Payload encryption

C. New IP headers

D. Payload compression

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=813

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

814

The company s administrative assistant acts as the main point of contact for outside sales vendors and provides information over the phone. Which of the following is the GREATEST threat that the administrative assistant should be educated about?

A. Providing the corporate mailing address to unidentified callers

B. Data information verification and up-to-date reporting structure

C. Providing employee personal contact information

D. Non-redundant personnel role distribution

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=814

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

815

Which of the following centralizes authentication on a wireless network?

A. RADIUS

B. CHAP

C. RDP

D. VPN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=815

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

816

Which of the following is the BEST course of action to ensure an email server is not an open relay?

A. Require authentication for all inbound SMTP traffic.

B. Require authentication for all inbound and outbound SMTP traffic.

C. Block all inbound traffic on SMTP port 25.

D. Require authentication for all outbound SMTP traffic.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=816

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

817

Which of the following helps protect logs from compromise?

A. View logs regularly.

B. Turn on all logging options.

C. Centralize log management.

D. Log failed logon attempts.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=817

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

818

An administrator wants to implement disk encryption and wants to have a disaster recovery plan to decrypt data if the key is unknown. Which of the following should be implemented?

A. Certificate authority

B. Public key infrastructure

C. Certificate revocation list

D. Recovery agent

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=818

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

819

Which of the following provides an organization with the ability to hide an internal private network, while simultaneously providing additional IP addresses?

A. NAT

B. VPN

C. DMZ

D. VLAN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=819

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

820

To follow industry best practices for disaster recovery planning, an alternate site should be geographically:

A. near to the primary site to reduce outage duration due to conveyance of primary site staff and hardware.

B. near to the primary site to ensure frequent inspection by the primary sites staff.

C. similar to the primary sites to ensure availability of resources and environmental functions.

D. distant from the primary site to decrease the likelihood of an event affecting both.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=820

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

821

If a user lost their private key, which of the following actions would an administrator need to take?

A. Use a recovery agent

B. Obtain a public key

C. Redesign the PKI

D. Purchase a new CA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=821

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

822

A library provides an administrator with criteria and keywords to prevent children from accessing certain websites. Which of the following would BEST accomplish this goal?

A. Discretionary access control list

B. Mandatory access control list

C. Proxy server

D. Internet content filter

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=822

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

823

Which of the following ensures that an employee cannot continue carrying out fraudulent activities?

A. Biometric reader

B. Two-factor authentication

C. Job rotation

D. Role-based access control

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=823

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

824

Which of the following does a malicious insider install in order to attack the system at a predetermined date?

A. Spam

B. Virus

C. Worm

D. Logic bomb

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=824

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

825

Implementing a mandatory vacation policy for administrators is a security best practice because of which of the following?

A. Increases administrators skills by providing them with a vacation.

B. Detects malicious actions by users with remote access to network resources.

C. Makes it easier to implement a job rotation policy and cross train administrators.

D. Detects malicious actions by an administrator responsible for reviewing logs.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=825

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

826

In the event of a fire, the MOST appropriate setting for electronic cipher locks would be to:

A. allow personnel to exit the building without any forms of authentication.

B. allow personnel to exit the building only after security confirms the threat and electronically releases all locks.

C. allow personnel to exit the building using only a photo ID badge.

D. allow personnel to exit the building only after using a valid swipe card and key.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=826

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

827

Which of the following is made possible by some commercial virtualization hosting applications?

A. Seamless switching between telephony and IP telephony

B. Transfer of network infrastructure components to meet demand

C. Automatic transfer of applications when hardware fails

D. Automatic redundancy for power in the event of a blackout

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=827

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

828

Logs from a company s DNS server show requests from a remote ISPs DNS server for random sequences of characters as non-existent sub-domains to the legitimate domain name (e.g.

1357acef246.company.com). These logs MOST likely suggest the possibility of which of the following attacks?

A. ARP poisoning

B. DNS poisoning

C. TCP/IP hijacking

D. Domain name kiting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=828

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

829

Which of the following logs would show that someone has been querying information about a

Company s networks?

A. Application logs for service start and stop events

B. Security logs for failed logon attempts

C. DNS logs for zone transfers

D. System logs for patch and reboot events

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=829

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

830

A company s laptops use whole disk encryption to encrypt their hard drives. A user lost their key and the technicians do not have a copy of the key. This resulted in the user losing all the data on their hard drive. Which of the following could have been implemented to prevent this situation?

A. Digital signatures

B. Non-repudiation

C. Trusted Platform Module (TPM)

D. Key escrow

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=830

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

831

In which of the following would a user find a list of activities which are prohibited when connecting to a corporate network?

A. Network procedures

B. Privacy policy

C. Due diligence

D. Acceptable use policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=831

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

832

A few computers have been off the network for 70 days and a new company policy dictates that all computers that are not on the network for over 60 days need to be disabled. These computers are for a class that is conducted every three months. Which of the following is the

BEST solution?

A. Add those computers to a special group and set group policy to disable all computers within that group.

B. Perform a query every 60 days to identify those computers and disable them all at once.

C. Disable each computer as it reaches 60 days, perform queries every 30 days to identify those computers.

D. Add those computers to a special group and perform a query every 45 days to identify additional computers.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=832

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

833

Which of the following would be implemented to provide a check and balance against social engineering attacks?

A. Password policy

B. Biometric scanning

C. Separation of duties

D. Single sign-on

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=833

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

834

In which of the following situations is a web application firewall MOST likely used?

A. Communication between DNS servers needs to be encrypted.

B. External requests to UDP port 445 needs to be blocked.

C. Input to an application needs to be screened for malicious content.

D. Physical access to a console needs to be secured.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=834

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

835

Which of the following offers the MOST difficult to break encryption?

A. Block cipher

B. 3DES

C. One time pad

D. Blowfish

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=835

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

836

Which of the following describes a situation where management decided the financial impact is less than the cost of fixing the security threat?

A. Risk denial

B. Rick avoidance

C. Risk acceptance

D. Risk mitigation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=836

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

837

Which of the following is required for an anomaly detection system to evaluate traffic properly?

A. Baseline

B. Vulnerability assessment

C. Protocol analyzer

D. Signature

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=837

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

838

Which of the following could be used to gather evidence against an attacker?

A. Network mapper

B. Honeypots

C. Internet content filter

D. Encryption devices

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=838

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

839

Which of the following should be done FIRST after creating a formal disaster recovery plan?

A. Distribute the plan.

B. Update the plan as needed.

C. Store the plan where all employees can see it.

D. Test the plan.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=839

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

840

Which of the following system types would a security administrator need to implement in order to detect and mitigate behavior-based activity on the network?

A. NIPS

B. Antivirus server

C. NIDS

D. Signature-based security devices

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=840

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

841

Which of the following should a developer use to protect cookies while in transit?

A. Proprietary formatting

B. Protocol analyzer

C. Encryption

D. Digital signing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=841

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

842

Which of the following sits inline with network traffic and helps prevent malicious behavior as it occurs by either dropping packets or correcting TCP stream related issues?

A. HIPS

B. NIPS

C. NIDS

D. HIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=842

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

843

An administrator is concerned about the amount of time it would take to investigate email that may be subject to inspection during legal proceedings. Which of the following could help limit the company s exposure and the time spent on these types of proceedings?

A. Adjust user access rights assignments

B. Decentralize email servers

C. Encrypting email transmissions

D. Storage and retention policies

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=843

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

844

Which of the following BEST controls traffic between networks?

A. Firewall

B. HIPS

C. NIDS

D. Access point

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=844

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

845

Which of the following BEST describes what users are required to provide in a two factor authentication system?

A. Two distinct items from one of the authentication factor groups.

B. Two distinct items they know from the same authentication factor group.

C. Two distinct items from each of the authentication factor groups.

D. Two distinct items from distinct categories of authentication factor groups.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=845

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

846

Which of the following would a security administrator use to perform vulnerability scanning without doing any penetration testing?

A. Logic bombs

B. Protocol analyzer

C. Brute force

D. SQL injection

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=846

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

847

An administrator believes a user has more access to a financial application than they should.

Which of the following policies would this MOST likely violate?

A. Storage and retention

B. Group policy

C. User rights assignment

D. Server configuration policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=847

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

848

Which of the following security applications is used to mitigate malware?

A. HIDS

B. Anti-spam

C. Personal firewall

D. Anti-spyware

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=848

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

849

Which of the following BEST describes the use of geographically distinct nodes to flood a site or sites with an overwhelming volume of network traffic?

A. DoS

B. Replay

C. Spoofing

D. DDoS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=849

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

850

Which of the following cryptographic algorithms would be the MOST secure choice for encrypting email?

A. TKIP

B. AES

C. 3DES

D. PGP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=850

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

851

Which of the following security concerns stem from the use of corporate resources on cell phones? (Select TWO).

A. There is no antivirus software for cell phones.

B. Cell phones are easily lost or stolen.

C. Cell phones are used for P2P gaming.

D. MITM attacks are easy against cell phones.

E. Encryption on cell phones is not always possible.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=851

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

852

Which of the following is a best practice for managing user accounts?

A. Use the most privilege rule to grant access to senior users.

B. Assign users to all groups in order to avoid access problems.

C. Notify account administrators when a user leaves or transfers.

D. Lock out user accounts while the user is on extended leave.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=852

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

853

A new software application is designed to interact with the company s proprietary devices.

Systems where the software is installed can no longer connect to the devices. Which of the following should the administrator do FIRST?

A. Consult the firewall logs for blocked process threads or port communication.

B. Verify that the devices are not rogue machines and blocked by network policy.

C. Check the antivirus definitions for false positives caused by the new software.

D. Ensure that the software is compliant to the system s host OS.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=853

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

854

A cipher lock system is which of the following security method types?

A. Biometrics

B. Proximity reader

C. Man-trap design

D. Door access

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=854

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

855

Which of the following tools is MOST commonly used to assess a system s network for a security audit?

A. Vulnerability scanner

B. Password cracker

C. Protocol analyzer

D. Physical security control

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=855

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

856

The company s new administrative assistant wants to use their name as a password and asks if it is appropriate. Which of the following is the BEST reason for not allowing this?

A. It will require too much time to conduct due diligence.

B. Change management approval has not been granted.

C. The password risks disclosure of Personally Identifiable Information (PII).

D. The proposed password does not meet complexity requirements.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=856

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

857

Which of the following happens to a risk when a company buys insurance to mitigate that risk?

A. Acceptance

B. Elimination

C. Transference

D. Avoidance

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=857

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

858

A user is issued a new smartcard that stores both their new private and public key. Now the user is unable to open old encrypted emails. Which of the following needs to be completed to resolve the issue?

A. Restore old private key from the RA

B. Revoke the new private key

C. Restore old public key from the RA

D. Old encrypted email needs to be resent

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=858

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

859

Which of the following describes the characteristic of an anomaly-based IDS?

A. Sending an alert when suspicious activity has been prevented from entering the network.

B. Sending an alert only when a pre-specified pattern is observed.

C. Comparing traffic and sending an alert when it differs from historical patterns.

D. Detecting traffic for specific patterns of misuse and sending an alert for each incident.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=859

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

860

Which of the following can assesses threats in non-encrypted traffic?

A. Proxy server

B. Firewall

C. NIDS

D. Internet content filter

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=860

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

861

A security administrator works for a corporation located in a state with strict data breach disclosure laws. Compliance with these local legal regulations requires the security administrator to report data losses due to which of the following?

A. Hacking

B. Backup corruption

C. Power failures

D. Cryptography

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=861

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

862

A third party conducted an assessment of a company s network, which resulted in the company s website going offline. Which of the following MOST likely occurred?

A. Penetration testing took the system offline.

B. Password crackers were used and took the system offline.

C. Performance monitors were analyzing the network traffic and took the system offline.

D. Vulnerability scanners took the system offline.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=862

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

863

A user creates an archive of files that are sensitive and wants to ensure that no one else can access them. Which of the following could be used to assess the security of the archive?

A. Firewall

B. Port scanner

C. Protocol analyzer

D. Password cracker

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=863

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

864

Which of the following is the BEST way to restrict the GUI interface on a workstation?

A. Registry edits

B. Local policy

C. Group policy

D. Batch file

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=864

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

865

Which of the following is the reason fiber optic cable is MORE secure than CAT5 cable?

A. It is harder to tap into.

B. Data is automatically encrypted.

C. It has heavier shielding.

D. It transmits signals faster.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=865

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

866

NIDS can be used to help secure a network from threats MOST effectively by watching network traffic in order to:

A. inspect and analyze data being passed through SSH tunnels.

B. verify adequate bandwidth is being provided for existing traffic.

C. observe if any systems are communicating using unauthorized protocols.

D. ensure proper password strength.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=866

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

867

A new administrative assistant starts with the company and tries to access the personnel file for the Vice President of Operations, but is denied. Which of the following BEST describes this access control method?

A. Least privilege

B. Implicit deny

C. Job rotation

D. Separation of privilege

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=867

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

868

Which of the following is considered the MOST secure replacement for telnet?

A. SSH

B. L2TP

C. SSL

D. IPSec

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=868

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

869

A disaster recovery exercise should include which of the following action types?

A. Enforcing change management

B. Testing server restoration

C. Creating a chain of custody

D. Testing the performance of each workstations UPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=869

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

870

After a recent viral intrusion, an administrator wishes to verify the servers functionality postcleanup. The administrator should:

A. compare the systems performance against the configuration baseline.

B. install any hotfixes that may have been overlooked.

C. ensure that the antivirus applications definitions are up-to-date.

D. analyze the NIDS logs for any errant connections that may have been recorded.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=870

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

871

Which of the following security applications would an administrator use to help reduce the amount of bandwidth used by web browsing?

A. Personal software firewall

B. NIPS

C. HIDS

D. Proxy server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=871

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

872

Which of the following provides a security buffer, after passing through a firewall, by separating a network and still allowing access to that network?

A. NAC

B. NAT

C. DMZ

D. VLAN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=872

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

873

Which of the following should an administrator make sure is disabled or changed prior to putting a device node into a live environment?

A. Domain user accounts

B. Local user accounts

C. Remote user accounts

D. Default account

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=873

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

874

Which of the following is associated with a command and control system?

A. Rootkit

B. Logic bomb

C. Virus

D. Botnet

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=874

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

875

Which of the following authentication methods is the MOST expensive to implement?

A. Username and password

B. Group policies

C. Biometric reader

D. Access Control List (ACL)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=875

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

876

Which of the following events are typically written to system logs?

A. Service startup

B. DNS zone transfers

C. Web GET requests

D. Database usage

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=876

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

877

Which of the following allows an attacker to join a network and view traffic on the network by physical connection?

A. Firewall

B. IPS

C. Vampire tap

D. IDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=877

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

878

Which of the following security protocols could be configured to use EAP when connecting to a wireless access point?

A. WPA2-enterprise

B. RADIUS

C. IPSec

D. WPA-personal/TKIP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=878

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

879

An employee in the Human Resources department transfers to the Accounting department. The employee is given access to the accounting systems but no longer has access to the Human

Resources systems. This is an example of which of the following security concepts?

A. Default accounts

B. Privilege escalation

C. Least privilege

D. Chain of custody

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=879

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

880

Which of the following symmetric encryption algorithms provides the HIGHEST key strength?

A. RSA

B. Elliptic curve

C. 3DES

D. AES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=880

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

881

An administrator needs to ensure that all machines deployed to the production environment follow strict company guidelines. Which of the following are they MOST likely to use?

A. Vertical scans

B. Horizontal scans

C. Mandatory Access Control (MAC)

D. Security templates

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=881

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

882

An attacker uses an account that allows read-only access to the firewall for checking logs and configuration files to gain access to an account that gives full control over firewall configuration. This type of attack is BEST known as:

A. privilege escalation.

B. exploiting a weak password.

C. exploiting a back door.

D. a man-in-the-middle attack.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=882

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

883

Exploitation of the 5-day grace period for domain name registration is referred to as:

A. domain name service.

B. domain name poisoning.

C. domain name lookup.

D. domain name kiting.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=883

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

884

Which of the following defines the process and accounting structure for handling system upgrades and modifications?

A. Change management

B. Service level agreement

C. Loss control

D. Key management

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=884

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

885

Which of the following security applications would be MOST useful to traveling employees?

(Select THREE).

A. NIDS

B. Anti-spam

C. NIPS

D. External corporate firewall

E. Personal software firewall

F. Antivirus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=885

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

886

Which of the following poses the GREATEST risk of data leakage?

A. 802.1x

B. BIOS

C. Thin client

D. USB drive

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=886

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

887

A company wants a security technician to make sure that users cannot use common words for their passwords. Which of the following can the technician implement? (Select TWO).

A. Two factor authentication

B. Single sign-on

C. Complex passwords

D. Logical tokens

E. Group policies

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=887

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

888

An administrator wants to make sure that network machines stay up-to-date with current solutions, which of the following should be done on a regular basis to help facilitate this need?

A. Driver updates

B. Group policy updates

C. Patch management

D. Configuration baselines

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=888

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

889

A rainbow table is used for which of the following?

A. Password cracking

B. Cryptographic hashing

C. Single sign-on

D. Protocol analysis

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=889

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

890

Which of the following does an attacker with minimal rights need to accomplish to continue attacking a compromised system?

A. Privilege escalation

B. Logic bomb

C. Cross-site scripting

D. Rootkit

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=890

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

891

Which of the following is a component of a disaster recovery plan for a company that expects a site to be rendered non-usable during a disaster and needs a nearly transparent transfer of operations?

A. Alternate site

B. Hot site

C. Warm site

D. Cold site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=891

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

892

Which of the following does file encryption protect?

A. Identification

B. Confidentiality

C. Availability

D. Authenticity

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=892

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

893

Which of the following security concepts is supported by shielding?

A. Reliability

B. Portability

C. Availability

D. Confidentiality

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=893

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

894

Which of the following technologies address key management?

A. Advanced encryption standard

B. Diffie-Hellman

C. Blowfish

D. Digital signature algorithm

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=894

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

895

Which of the following security applications can be implemented to mitigate port scanning attacks from the Internet?

A. Pop-up blockers

B. Antivirus software

C. Patch management software

D. Personal software firewalls

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=895

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

896

Which of the following allows remote access servers to authenticate to a central server?

A. WLAN properties

B. RADIUS

C. Password authentication

D. Authentication protocols

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=896

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

897

A user reports that they can no longer access the accounting share drive. That user was moved to the Finance department but still needs access to the accounting share drive. Which of the following actions should an administrator MOST likely do?

A. Add the user to the correct security group

B. Provide the user with full access rights to that shared drive

C. Add the user to the correct distribution group

D. Give that specific user rights to the shared drive

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=897

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

898

A security administrator reassembles the output of a captured TCP stream to diagnose problems with a web server. Which of the following is the administrator MOST likely using?

A. Port scanner

B. Replay attack

C. Protocol analyzer

D. Session hijacking

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=898

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

899

Which of the following is MOST likely the reason why a security administrator would run a

Wire shark report on an important server?

A. To detect files that have been altered during downloads

B. To enumerate and crack weak system passwords

C. To analyze packets and frames

D. To decrypt WEP traffic and keys

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=899

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

900

A security flaw in an operating system allows backdoor access into the system. The operating system vendor releases a solution quickly outside of its normal update cycle. Which of the following has the vendor released?

A. Patch

B. Cookies

C. Hotfix

D. Service pack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=900

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

901

Which of the following is the BEST reason why a security administrator should periodically get a list of current employees and positions from the Human Resource department?

A. To immediately create accounts for new employees

B. To update the employee directory with new offices and phone numbers

C. To ensure all users have the appropriate access

D. To disable the accounts of employees who have move to a different department

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=901

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

902

Which of the following will MOST likely block known network attacks?

A. HIDS

B. NIPS

C. NIDS

D. HIPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=902

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

903

Which of the following network security devices is the BEST to use when increasing the security of an entire network, or network segment, by preventing the transmission of malicious packets from known attacking sources?

A. NIDS

B. Firewall

C. HIDS

D. Honeypot

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=903

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

904

In the past several weeks, there have been an increased amount of failed remote desktop login attempts from an external IP address. Which of the following ports should the administrator change from its default to control this?

A. 25

B. 4658

C. 21

D. 3389

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=904

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

905

The network administrator has been tasked with creating a VPN connection to a vendors site.

The vendor is using older equipment that does not support AES. Which of the following would be the network administrators BEST option for configuring this link?

A. PGP

B. 3DES

C. DES

D. One time pad

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=905

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

906

Which of the following might be referenced to determine if a server is functioning abnormally?

A. Performance baseline

B. Chain of custody

C. Video surveillance

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=906

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

907

A SQL database MOST likely implements which of the following access security mechanisms?

A. Biometrics

B. Domain password policy

C. Discretionary access control

D. Mandatory access control

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=907

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

908

The IPSec authentication header provides which of the following?

A. Integrity protection

B. Payload encryption

C. End-point confidentiality

D. Payload compression

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=908

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

909

In evaluating risk assessments, senior level managers would MOST likely accept a risk based on which of the following reasons?

A. Physical security measures will take weeks to install

B. Cost of mitigation outweighs the risk

C. The potential impact of the risk is easily mitigated

D. Complexity of fixing the vulnerability

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=909

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

910

The technical user group has read and writes access to a network share. The executive user group has full control of the same network share. A user is a member of both groups. Which of the following BEST describes the user s permissions on the share?

A. The user is able to modify, write and delete documents in network share.

B. The user is able to modify and write documents in network share.

C. The user is able to modify, write, delete and read documents in network share.

D. The user is able to write and read documents in the network share.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=910

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

911

An important file has been deleted off the departments file server. Management would like to know who was responsible for deleting the file. Which of the following log files can be used to inform management of the answer?

A. The access logs on the server and then the system logs on the workstation.

B. The system logs on the server and then the access logs on the workstation.

C. The access logs on the server and then the access logs on the workstation.

D. The application logs on the server and then the access logs on the workstation.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=911

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

912

Which of the following is consistent with the least privilege best practice?

A. Deploying privileged users accounts to all department managers

B. Restricting user permissions so only one person can print

C. Restricting administrator permissions to the smallest amount of staff possible

D. Enforcing physical access controls so no one can enter the data center

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=912

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

913

Modern cell phones present a security risk to corporate networks because of which of the following?

A. Cell phones are vulnerable to logic bombs.

B. Cell phone signals interfere with fiber networks.

C. Cell phones can be used to spread computer viruses.

D. It is difficult to push security policies to cell phones.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=913

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

914

Which of the following is a weakness of single sign-on?

A. Multiple points of entry into the network

B. A single point of failure on the network

C. Increased overhead for server processing

D. Requirement to remember one password

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=914

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

915

A user reports random windows opening and closing after installing new software. Which of the following has MOST likely infected the computer?

A. Spam

B. Adware

C. Rootkit

D. Worm

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=915

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

916

Which of the following tools is BEST suited to determine if an IDS has triggered a false positive?

A. Port scanner

B. Netflow collector

C. Network mapper

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=916

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

917

Which of the following techniques embeds an encrypted message within the bits of an image file?

A. Proxy avoidance

B. Steganography

C. Cipher-text attack

D. Cryptographic hashing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=917

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

918

A user can no longer access the Internet from their laptop. A technician checks the computer and realizes that it is sending out spam messages throughout the company. The computer is

MOST likely the victim of which of the following security threats?

A. XSS

B. Botnet

C. DOS

D. Virus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=918

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

919

Which of the following is used to verify if internal web servers are redirecting traffic to a malicious site?

A. IDS

B. Access logs

C. DNS record

D. Performance logs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=919

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

920

A user from the accounting department is in the Customer Service area and tries to connect to the file server through their laptop, but is unable to access the network. The network administrator checks the network connection and verifies that there is connectivity. Which of the following is the MOST likely cause of this issue?

A. Wrong VLAN

B. File server is not on the DMZ

C. IPS has blocked access

D. NAT is not properly configured

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=920

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

921

Which of the following allows the administrator to verify a file is the same as the original?

A. 3DES

B. AES

C. MD5

D. RSA

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=921

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

922

In order to closely monitor and detect suspicious activity on a single server, which of the following should be used?

A. Group policies

B. NIDS

C. Software firewall

D. HIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=922

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

923

Which of the following are the MOST critical resources needed during Disaster Recovery Plan development? (Select TWO).

A. Data owners

B. Commercial vendors

C. End users

D. Customers

E. System administrators

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=923

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

924

A network administrator was recently promoted from their former position as a server administrator and now can no longer log on to servers they previously supported. This is an example of:

A. job rotation.

B. single sign on.

C. separation of duties.

D. implicit deny.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=924

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

925

One of the company s sales representatives had been working as the accounts payable representative while that associate was out on leave. The accounts payable representative has returned and now the sales representative is unable to access the files on the accounting server.

Which of the following BEST describes the access control method used to limit access to the accounting server?

A. Job rotation

B. Separation of duties

C. Implicit deny

D. Least privilege

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=925

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

926

Which of the following BEST describes why USB storage devices present a security risk to the confidentiality of data?

A. High raw storage capacity combined with wireless transfer capability.

B. High volume and transfer speeds combined with ease of concealment.

C. Ability to remotely install keylogger software and bypass network routing.

D. Slow data transfer speeds combined with ease of concealment.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=926

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

927

Which of the following would be used to send an encrypted email?

A. SSH

B. PPTP

C. S/MIME

D. LT2P

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=927

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

928

A new application support technician is unable to install a new approved security application on a departments workstation. The security administrator needs to do which of the following?

A. Add that user to the local power users group

B. Add that user to the domain administrators group

C. Add that user to the domain remote desktop group

D. Add that user to the security distribution group

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=928

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

929

A call center uses 50 remote representatives to handle calls for clients. The representatives run software based IP phones on their laptops, and connect back to the call center over the Internet.

However, one of the representatives reports that they can no longer connect to the call center

PBX. Which of the following is the reason that only this call center representative is unable to connect to the PBX?

A. The representative has a disk defragmentation program installed.

B. The call center has recently installed HIDS.

C. The call center has placed the firewall on the edge of the network.

D. The representative has a mis-configured software firewall.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=929

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

930

A technician places a network jack in the parking garage for administrative use. Which of the following can be used to mitigate threats from entering the network via this jack?

A. Install wireless access points

B. Replace CAT5 with CAT6 plenum

C. Disable ports when not in use

D. Install a firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=930

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

931

Which of the following is able to detect that a local system has been compromised?

A. NIDS

B. Anti-spam

C. HIDS

D. Personal firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=931

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

932

Which of the following logs contains user logons and logoffs?

A. Security

B. DNS

C. Application

D. System

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=932

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

933

Which of the following is the MOST secure condition a firewall should revert to when it is overloaded with network traffic?

A. Fail danger

B. Fail open

C. Fail safe

D. Fail closed

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=933

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

934

Which of the following BEST describes when code that is initiated on a virtual machine directly affects the host?

A. VM hardware abstraction

B. VM hypervisor

C. VM escape

D. VM cluster

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=934

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

935

Users report that websites are loading slowly. Which of the following web proxy logs is MOST likely to help a system administrator identify the cause for slow web traffic?

A. System

B. Access

C. Performance

D. Security

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=935

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

936

Which of the following describes an attack where a person searches for open access points?

A. Weak SSID

B. War driving

C. Rogue access point

D. WEP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=936

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

937

Which of the following is used to encrypt the data sent from the server to the browser in an

SSL session?

A. Public key

B. Asymmetric encryption

C. Symmetric encryption

D. Private key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=937

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

938

A user contacts technical support stating they received notification in a web browser that their computer is infected with a virus. Which of the following would help prevent this in the future?

A. Spam blocker

B. Pop-up blocker

C. Anti-Spyware

D. Antivirus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=938

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

939

A factory fresh install has just been completed on a computer. Which of the following should be done FIRST once the computer is connected to the network?

A. Modify group policies.

B. Establish a baseline.

C. Install OS updates.

D. Install application patches.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=939

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

940

A user reports that they are seeing ads appear for sites that are not safe for work while they are reading blogs. Which of the following would be the BEST way to solve this issue?

A. Provide a second web browser for reading the blogs.

B. Install and configure a pop-up blocker on the workstation.

C. Update the Acceptable Use Policy (AUP).

D. Deploy HIDS to the workstation.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=940

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

941

One of the primary purposes of virtualization in a data center is to reduce which of the following?

A. Amount of application logging required for security

B. Number of logical hosts providing services for users

C. Total complexity of the overall security architecture

D. Volume of physical equipment needing to be secured

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=941

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

942

Which of the following technologies can be used as a means to isolate a host OS from some types of security threats?

A. Virtualization

B. Intrusion detection

C. Cloning

D. Kiting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=942

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

943

Which of the following is a valid two-factor authentication model?

A. Smartcard and hardware token

B. Retina scan and palm print

C. Iris scan and user password

D. User password and user PIN

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=943

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

944

Which of the following allows an attacker to use a company s email server to distribute spam?

A. Instant messaging

B. Buffer overflow

C. Cross-site scripting

D. Open relay

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=944

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

945

Which of the following logs would a system administrator scan to reveal names and IP addresses of all websites visited by a company s employees?

A. DHCP logs

B. Security log

C. DNS logs

D. Firewall logs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=945

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

946

Which of the following is of the GREATEST concern when using a biometric reader?

A. True positives

B. False positives

C. True negatives

D. False negatives

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=946

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

947

Which of the following is the process by which encryption keys are distributed?

A. User access and rights review

B. Key escrow

C. Key management

D. Trusted Platform Module (TPM)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=947

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

948

Which of the following is the process of trying to locate unsecured wireless networks?

A. War driving

B. Net hacking

C. Spoofing

D. War dialing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=948

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

949

Which of the following is the purpose of key escrow in a PKI system?

A. Ensures the security of public keys by storing the keys confidentially

B. Ensures that all private keys are publicly accessible to PKI users

C. Provides a system for recovering encrypted data when public keys are corrupted

D. Provides a system for recovering encrypted data even if the users lose private keys

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=949

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

950

A user loses a USB device containing credit card numbers. Which of the following would

BEST protect the data?

A. Password protection which destroys data on the device after 12 incorrect attempts

B. Password protection which destroys data on the device after 10 incorrect attempts

C. Encryption of the device with the key stored elsewhere

D. Encryption of the laptop to which the device is connected

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=950

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

951

Which of the following should be performed during a forensic evaluation?

A. Power off the system.

B. Establish chain of custody.

C. Troubleshoot system performance.

D. Update virus definitions.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=951

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

952

Which of the following actions is an employee able to take if they are given administrative access to a workstation?

A. Installing applications, creating local user accounts, and modifying any accounts on the domain.

B. Upgrading the operating system, creating local user accounts, and modifying any accounts on the system.

C. Upgrading the operating system, creating local user accounts, and modifying accounts on the network.

D. Installing applications on remote systems, creating local user accounts, and modifying accounts they created.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=952

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

953

Which of the following prevents unsolicited email messages from entering the company s network?

A. Anti-spyware

B. Pop-up blockers

C. Anti-spam

D. Antivirus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=953

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

954

Which method is LEAST intrusive to check the environment for known software flaws?

A. Port scanner

B. Vulnerability scanner

C. Penetration test

D. Protocol analyzer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=954

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

955

On a remote machine, which action will you usually take to determine the operating system?

A. MAC flooding

B. System fingerprinting

C. DNS spoofing

D. Privilege escalation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=955

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

956

For the following sites, which one has the means (e.g. equipment, software, and communications) to facilitate a full recovery within minutes?

A. Cold site

B. Hot site

C. Warm site

D. Reciprocal site

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=956

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

957

Which description is true about the process of securely removing information from media (e.g. hard drive) for future use?

A. Deleting

B. Reformatting

C. Sanitization

D. Destruction

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=957

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

958

Choose the access control method which provides the most granular access to protected objects?

A. Capabilities

B. Access control lists

C. Permission bits

D. Profiles

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=958

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

959

Why malware that uses virtualization techniques is difficult to detect?

A. The malware may be implementing a proxy server for command and control.

B. A portion of the malware may have been removed by the IDS.

C. The malware may be using a Trojan to infect the system.

D. The malware may be running at a more privileged level than the antivirus software.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=959

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

960

Which one of the following options is an attack launched from multiple zombie machines in attempt to bring down a service?

A. TCP/IP hijacking

B. DoS

C. DDoS

D. Man-in-the-middle

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=960

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

961

You work as the network administrator at certways .com. The certways .com network uses the

RBAC (Role Based Access Control) model. You must plan the security strategy for users to access resources on the certways .com network. The types of resources you must control access to are mailboxes, and files and printers. Certways.com is divided into distinct departments and functions named Finance, Sales, Research and Development, and Production respectively. Each user has its own workstation, and accesses resources based on the department wherein he/she works. You must determine which roles to create to support the RBAC (Role Based Access

Control) model. Which of the following roles should you create?

A. Create mailbox, and file and printer roles.

B. Create Finance, Sales, Research and Development, and Production roles.

C. Create user and workstation roles.

D. Create allow access and deny access roles.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=961

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

962

What technology is able to isolate a host OS from some types of security threats?

A. Kiting

B. Virtualization

C. Cloning

D. Intrusion detection

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=962

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

963

Which method could identify when unauthorized access has occurred?

A. Implement session termination mechanism.

B. Implement previous logon notification.

C. Implement session lock mechanism.

D. Implement two-factor authentication.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=963

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

964

On the topic of the DAC (Discretionary Access Control) model, choose the statement(s) which are TRUE.

A. All files that do not have a specified owner cannot be modified.

B. The system administrator is an owner of all objects.

C. The operating system is an owner of all objects.

D. All objects have an owner, and this owner has full control over that specific object.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=964

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

965

The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates. An executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of the email, the executive wants to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which asymmetric key should be used by the executive to encrypt the signature?

A. Shared

B. Private

C. Hash

D. Public

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=965

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

966

Why implement security logging on a DNS server?

A. To monitor unauthorized zone transfers

B. To perform penetration testing on the DNS server

C. To control unauthorized DNS DoS

D. To measure the DNS server performance

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=966

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

967

Which one of the following items will permit an administrator to find weak passwords on the network?

A. A password generator

B. A network mapper

C. A hash function

D. A rainbow table

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=967

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

968

Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item.

A. MACs (Mandatory Access Control) method

B. RBACs (Role Based Access Control) method

C. LBACs (List Based Access Control) method

D. DACs (Discretionary Access Control) method

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=968

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

969

You work as a network administrator for your company. Taking personal safety into consideration, what fire suppression substances types can effectively prevent damage to electronic equipment?

A. Halon

B. CO

C. Water

D. Foam

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=969

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

970

A programmer plans to change the server variable in the coding of an authentication function for a proprietary sales application. Which process should be followed before implementing the new routine on the production application server?

A. Change management

B. Secure disposal

C. Password complexity

D. Chain of custody

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=970

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

971

A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties. This is an example of:

A. separation of duties

B. least privilege

C. concurrent session control

D. access control

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=971

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

972

Which item will MOST likely permit an attacker to make a switch function like a hub?

A. MAC flooding

B. DNS spoofing

C. ARP poisoning

D. DNS poisoning

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=972

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

973

Which of the following can be used to implement a procedure to control inbound and outbound traffic on a network segment?

A. Proxy

B. NIDS

C. ACL

D. HIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=973

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

974

A company s new employees are asked to sign a document that describes the methods of and purposes for accessing the company s IT systems. Which of the following BEST describes this document?

A. Privacy Act of 1974

B. Authorized Access Policy

C. Due diligence form

D. Acceptable Use Policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=974

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

975

Which item can reduce the attack surface of an operating system?

A. Installing HIDS

B. Patch management

C. Installing antivirus

D. Disabling unused services

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=975

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

976

Which encryption method is often used along with L2TP?

A. 3DES

B. S/MIME

C. SSH

D. IPSec

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=976

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

977

Who is responsible for establishing access permissions to network resources in the MAC access control model?

A. The system administrator.

B. The owner of the resource.

C. The system administrator and the owner of the resource.

D. The user requiring access to the resource.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=977

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

978

A company has a complex multi-vendor network consisting of UNIX, Windows file servers and database applications. Users report having too many passwords and that access is too difficult. Which of the following can be implemented to mitigate this situation?

A. Biometric authentication

B. Multifactor authentication

C. User groups

D. Single sign-on

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=978

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

979

After the maximum number attempts have failed, which of the following could set an account to lockout for 30 minutes?

A. Account lockout threshold

B. Account lockout duration

C. Password complexity requirements

D. Key distribution center

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=979

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

980

You work as a network technician. You have been asked to reconstruct the infrastructure of an organization. You should make sure that the virtualization technology is implemented securely.

What should be taken into consideration while implementing virtualization technology?

A. The technician should perform penetration testing on all the virtual servers to monitor performance.

B. The technician should verify that the virtual servers and the host have the latest service packs and patches applied.

C. The technician should verify that the virtual servers are dual homed so that traffic is securely separated.

D. The technician should subnet the network so each virtual server is on a different network segment.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=980

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

981

Which of the following is the BEST place to obtain a hotfix or patch for an application or system?

A. An email from the vendor

B. A newsgroup or forum

C. The manufacturer s website

D. A CD-ROM

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=981

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

982

Which algorithms can best encrypt large amounts of data?

A. Asymmetric key algorithms

B. Symmetric key algorithms

C. ECC algorithms

D. Hashing algorithms

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=982

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

983

A security technician is MOST likely to find usernames on which of the following?

A. Firewall logs

B. Application logs

C. DHCP logs

D. DNS logs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=983

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

984

Which of the following is a suppression method for a Class C fire?

A. Water

B. Soda acid

C. Dry powder

D. Carbon dioxide (CO2)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=984

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

985

Look at the following items carefully, which one is a cryptographic representation of

nonrepudiation?

A. Digital signature

B. Symmetric key

C. Internet key exchange

D. Certificate authority

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=985

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

986

Which of the following can be used by an attacker to footprint a system?

A. Man-in-the-middle attack

B. RADIUS

C. Port scanner

D. Password cracker

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=986

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

987

Choose the terminology or concept which best describes a (Mandatory Access Control) model.

A. Lattice

B. Bell La-Padula

C. BIBA

D. Clark and Wilson

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=987

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

988

You work as a network administrator for your company. Your company requires you to improve the physical security of a data center located inside the office building. The data center already maintains a physical access log and has a video surveillance system. Which additional control can be performed?

A. ACL

B. Defense-in-depth

C. Logical token

D. Mantrap

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=988

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

989

After analyzing vulnerability and applying a security patch, which non-intrusive action should be taken to verify that the vulnerability was truly removed?

A. Update the antivirus definition file.

B. Apply a security patch from the vendor.

C. Repeat the vulnerability scan.

D. Perform a penetration test.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=989

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

990

Which of the following sequences is correct regarding the flow of the CHAP system?

A. Logon request, encrypts value response, server, challenge, compare encrypts results, authorize or fail

B. Logon request, challenge, encrypts value response, server, compare encrypted results, authorize or fail

C. Logon request, challenge, server, encrypts value response, compare encrypted results, authorize or fail

D. Logon request, server, encrypts value response, challenge, compare encrypted results, authorize or fail

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=990

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

991

Which item best describes an instance where a biometric system identifies legitimate users as being unauthorized?

A. False acceptance

B. False positive

C. False rejection

D. False negative

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=991

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

992

What is the objective of using a password cracker?

A. To look for weak passwords on the network

B. To change users passwords if they have forgotten them

C. To change a users passwords when they leave the company

D. To enforce password complexity requirements

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=992

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

993

Which authentication method does the following sequence: Logon request, encrypts value response, server, challenge, compare encrypts results, authorize or fail referred to?

A. Certificates

B. Security Tokens

C. CHAP

D. Kerberos

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=993

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

994

A protocol analyzer will most likely detect which security related anomalies?

A. Many malformed or fragmented packets

B. Passive sniffing of local network traffic

C. Decryption of encrypted network traffic

D. Disabled network interface on a server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=994

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

995

Which of the following can be used by an administrator to proactively collect information on attackers and their attempted methods of gaining access to the internal network?

A. DMZ

B. Honeypot

C. NIDS

D. NIPS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=995

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

996

Which of the following statements is TRUE regarding the CHAP authentication system?

A. A certificate being handed from the server to the client once authentication has been established. If you have a pass, you can wander throughout the network. BUT limited access is allowed.

B. If your token does not grant you access to certain information, that information will either not be displayed or your access will be denied. The authentication system creates a token every time a user or a session begins. At the completion of a session, the token is destroyed

C. The authentication process uses a Key Distribution Center (KDC) to orchestrate the entire process. The KDC authenticates the network. Principles can be users, programs, or systems. The KDC provides a ticket to the network. Once this ticket is issued, it can be used to authenticate against other principles. This occurs automatically when a request or service is performed by another network.

D. The initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server.

The server compares the value from the client and if the information matches, the server grants authorization. If the response fails, the session fails and the request phase starts over

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=996

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

997

Which description is true about how to accomplish steganography in graphic files?

A. Replacing the most significant bit of each byte

B. Replacing the most significant byte of each bit

C. Replacing the least significant byte of each bit

D. Replacing the least significant bit of each byte

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=997

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

998

In computing, promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it � a feature normally used for packet sniffing. Which of the following is placed in promiscuous mode, according to the data flow, to permit a NIDS to monitor the traffic?

A. Filter

B. Sensor

C. Appliance

D. Console

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=998

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

999

Identify the service provided by message authentication code (MAC) hash:

A. data recovery.

B. fault tolerance.

C. key recovery.

D. integrity

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=999

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1000

Which security policy will be most likely used while attempting to mitigate the risks involved with allowing a user to access company email via their cell phone?

A. The cell phone should require a password after a set period of inactivity.

B. The cell phone should have data connection abilities disabled.

C. The cell phone should only be used for company related emails.

D. The cell phone data should be encrypted according to NIST standards.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1000

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1001

Which item will allow for fast, highly secure encryption of a USB flash drive?

A. 3DES

B. SHA-1

C. MD5

D. AES256

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1001

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1002

Communication is important to maintaining security because communication keeps:

A. the network bandwidth usage under control

B. the user community informed of threats

C. law enforcement informed of what is being done

D. the IT security budget justified

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1002

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1003

Which tool can help the technician to find all open ports on the network?

A. Router ACL

B. Performance monitor

C. Protocol analyzer

D. Network scanner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1003

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1004

Which security action should be finished before access is given to the network?

A. Identification and authorization

B. Identification and authentication

C. Authentication and authorization

D. Authentication and password

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1004

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1005

To aid in preventing the execution of malicious code in email clients, which of the following should be done by the email administrator?

A. Spam and anti-virus filters should be used

B. Regular updates should be performed

C. Preview screens should be disabled

D. Email client features should be disabled

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1005

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1006

Which security applications require frequent signature updates? (Select TWO).

A. Antivirus

B. Firewall

C. PKI

D. IDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1006

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1007

In computing, virtualization is a broad term that refers to the abstraction of computer resources.

Which is a security reason to implement virtualization throughout the network infrastructure?

A. To implement additional network services at a lower cost

B. To analyze the various network traffic with protocol analyzers

C. To isolate the various network services and roles

D. To centralize the patch management of network servers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1007

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1008

Which of the following access control models uses roles to determine access permissions?

A. MAC

B. DAC

C. RBAC

D. None of the above.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1008

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1009

A user receives an email asking the user to reset the online banking username and password.

The email contains a link and when the user accesses the link, the URL that appears in the browser does not match the link. This would be an example of:

A. spoofing

B. phishing

C. hijacking

D. redirecting

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1009

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1010

In computer networking, network address translation (NAT) is the process of modifying network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another. Which description is true about a static NAT?

A. A static NAT uses a many to many mapping.

B. A static NAT uses a one to many mapping.

C. A static NAT uses a many to one mapping.

D. A static NAT uses a one to one mapping.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1010

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1011

Which of the following protects the confidentiality of data by making the data unreadable to

those who don t have the correct key?

A. Hashing

B. Digital signatures

C. Encryption

D. Non-repudiation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1011

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1012

The term tunneling protocol is used to describe when one network protocol called the payload protocol is encapsulated within a different delivery protocol. Which of the following can be used to institute a tunneling protocol for security?

A. FTP

B. IPX/SPX

C. IPSec

D. EAP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1012

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1013

John works as a network administrator for his company. He uses a tool to check SMTP, DNS,

POP3, and ICMP packets on the network. This is an example of which of the following?

A. A vulnerability scan

B. A protocol analyzer

C. A penetration test

D. A port scanner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1013

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1014

Which system is setup to distract potential attackers?

A. DMZ

B. VLAN

C. Honeypot

D. Firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1014

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1015

Most current encryption schemes are based on:

A. digital rights management

B. time stamps

C. randomizing

D. algorithms

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1015

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1016

Look at the following scenarios, which one would a penetration test BEST be used for?

A. When providing a proof of concept demonstration for a vulnerability

B. When conducting performance monitoring

C. While in the reconnaissance phase

D. When performing network mapping

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1016

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1017

For the following items, which is a security limitation of virtualization technology?

A. A compromise of one instance will immediately compromise all instances.

B. It increases false positives on the NIDS.

C. Patch management becomes more time consuming.

D. If an attack occurs, it could potentially disrupt multiple servers.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1017

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1018

The IPSec Security Association is managed by

A. ESP

B. ISAKMP

C. IEEE

D. AH

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1018

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1019

Why implement virtualization technology? (Select TWO).

A. To reduce recovery time in the event of application failure

B. To eliminate virtual redundancy

C. To decrease access to security resources

D. To provide a secure virtual environment for testing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1019

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1020

Which description is correct about a virtual server implementation attack?

A. system registry will affect all virtual instances.

B. OS kernel will affect all virtual instances.

C. disk partition will affect all virtual instances.

D. RAM will affect all virtual instances.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1020

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1021

For the following items, which is a protocol analyzer?

A. Cain Abel

B. WireShark

C. Nessus

D. John the Ripper

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1021

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1022

Message authentication codes are used to provide which service?

A. Integrity

B. Fault recover

C. Key recovery

D. Acknowledgement

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1022

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1023

What are the best practices while installing and securing a new system for a home user? (Select

THREE).

A. Use a strong firewall.

B. Install remote control software.

C. Apply all system patches.

D. Apply all service packs.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1023

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1024

How is access control permissions established in the RBAC access control model?

A. The system administrator.

B. The owner of the resource.

C. The role or responsibilities users have in the organization.

D. None of the above.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1024

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1025

Which of the following can help an administrator to implement a procedure to control inbound and outbound traffic on a network segment?

A. NIDS

B. HIDS

C. ACL

D. Proxy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1025

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1026

Which access control model uses Access Control Lists to identify the users who have permissions to a resource?

A. MAC

B. RBAC

C. DAC

D. None of the above.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1026

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1027

A company wants to monitor all network traffic as it traverses their network. Which item will

be used by the technician?

A. Honeypot

B. Protocol analyzer

C. HIDS

D. Content filter

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1027

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1028

What is steganography primarily used for?

A. Data integrity

B. Message digest

C. Hide information

D. Encrypt information

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1028

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1029

The Lightweight Directory Access Protocol or LDAP is an application protocol for querying and modifying directory services running over TCP/IP. A user needs to implement secure

LDAP on the network. Which port number will secure LDAP use by default?

A. 53

B. 389

C. 443

D. 636

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1029

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1030

A user has a sensitive message that needs to be sent in via email. The message needs to be protected from interception. Which of the following should be used when sending the email?

A. Digital signatures

B. Social engineering

C. Encryption

D. Non-repudiation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1030

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1031

Which intrusion detection system will use well defined models of how an attack occurs?

A. Anomaly

B. Protocol

C. Signature

D. Behavior

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1031

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1032

Which of the following refers to the ability to be reasonably certain that data is not disclosed to unintended persons?

A. Non-repudiation

B. Integrity

C. Authentication

D. Confidentiality

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1032

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1033

While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. The pop-up window is a certificate which validates the identity of the plug-in developer. Which of the following BEST describes this type of certificate?

A. Software publisher certificate

B. Web certificate

C. Certificate Authority (CA) certificate

D. Server certificate

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1033

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1034

Which item specifies a set of consistent requirements for a workstation or server?

A. Patch management

B. Vulnerability assessment

C. Imaging software

D. Configuration baseline

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1034

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1035

Which one of the following options is a vulnerability assessment tool?

A. AirSnort

B. John the Ripper

C. Cain Abel

D. Nessus

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1035

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1036

Which key can be used by a user to log into their network with a smart card?

A. Public key

B. Cipher key

C. Shared key

D. Private key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1036

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1037

Which of the following describes a type of algorithm that cannot be reversed in order to decode the data?

A. Symmetric

B. One Way Function

C. Asymmetric

D. Pseudorandom Number Generator (PRNG)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1037

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1038

Which option is not an organizational policy that reduces the impact of fraud?

A. escorting procedures.

B. password complexity rules.

C. separation of duties.

D. job rotation.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1038

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1039

Which description is correct about authentication headers (AH)?

A. The authentication information is a keyed hash based on all of the bytes in the packet.

B. The authentication information may be the same on different packets if the integrity remains in place.

C. The authentication information hash will increase by one if the bytes remain the same on transfer.

D. The authentication information hash will remain the same if the bytes change on transfer.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1039

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1040

The MOST common Certificate Server port required for secure web page access is port:

A. 25

B. 80

C. 443

D. 446

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1040

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1041

Encryption is the conversion of data into a form, called a ciphertext that cannot be easily understood by unauthorized people. Which encryption is the strongest by use of mathematical evaluation techniques?

A. 3DES

B. ROT13

C. AES

D. DES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1041

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1042

Many unauthorized staff have been entering the data center by piggybacking authorized staff.

The CIO has mandated to stop this behavior. Which technology should be installed at the data center to prevent piggybacking?

A. Mantrap

B. Token access

C. Security badges

D. Hardware locks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1042

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1043

Secret Key encryption is also known as:

A. symmetrical

B. replay

C. one way function.

D. asymmetrical

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1043

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1044

A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

A. Senders public key

B. Receivers private key

C. Receivers public key

D. Senders private key

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1044

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1045

Which access control system allows the owner of a resource to establish access permissions to that resource?

A. MAC

B. DAC

C. RBAC

D. None of the above.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1045

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1046

A public key _____________ is a pervasive system whose services are implemented and delivered using public key technologies that include Certificate Authority (CA), digital certificates, non-repudiation, and key history management.

A. cryptography scheme

B. distribution authority

C. exchange

D. infrastructure

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1046

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1047

Which key is generally applied FIRST to a message digest to provide non-repudiation by use of asymmetric cryptography?

A. Public key of the sender

B. Private key of the sender

C. Public key of the receiver

D. Private key of the receiver

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1047

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1048

Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Which of the following is considered the weakest encryption?

A. SHA

B. DES

C. RSA

D. AES

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1048

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1049

For the following items, which one is a collection of server�s setup to attract hackers?

A. Honeypot

B. VLAN

C. Honeynet

D. DMZ

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1049

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1050

An administrator wants to make sure that no equipment is damaged when encountering a fire or false alarm in the server room. Which type of fire suppression system should be used?

A. Carbon Dioxide

B. Deluge sprinkler

C. Hydrogen Peroxide

D. Wet pipe sprinkler

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1050

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1051

Which of the following statements regarding access control models is FALSE?

A. The MAC model uses predefined access privileges to a resource to determine a user s access permissions to a resource.

B. The RBAC model uses the role or responsibilities users have in the organization to determine a user s access permissions to a resource.

C. In the DAC model a user s access permissions to a resource is mapped to the user s account.

D. The MAC model uses Access Control Lists (ACLs) to map a user s access permissions to a resource.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1051

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1052

Which of the following statements regarding the MAC access control models is TRUE?

A. The Mandatory Access Control (MAC) model is a dynamic model.

B. In the Mandatory Access Control (MAC) the owner of a resource establishes access privileges to that resource.

C. In the Mandatory Access Control (MAC) users cannot share resources dynamically.

D. The Mandatory Access Control (MAC) model is not restrictive.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1052

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1053

You are a network technician of your company. You have just detected an intrusion on your company s network from the Internet. What should be checked FIRST?

A. The firewall logs

B. The performance logs

C. The DNS logs

D. The access logs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1053

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1054

Choose the mechanism that is NOT a valid access control mechanism.

A. DAC (Discretionary Access Control) list.

B. SAC (Subjective Access Control) list.

C. MAC (Mandatory Access Control) list.

D. RBAC (Role Based Access Control) list.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1054

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1055

Why does a technician use a password cracker?

A. To look for weak passwords on the network

B. To enforce password complexity requirements

C. To change users passwords if they have forgotten them

D. To change a users passwords when they leave the company

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1055

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1056

In computing, a Uniform Resource Locator (URL) is a type of Uniform Resource Identifier

(URI) that specifies where an identified resource is available and the mechanism for retrieving it. When a user attempts to go to a website, he notices the URL has changed, which attack will

MOST likely cause the problem?

A. ARP poisoning

B. DLL injection

C. DNS poisoning

D. DDoS attack

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1056

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1057

Which of the following are types of certificate-based authentication? (Select TWO)

A. Many-to-one mapping

B. One-to-one mapping

C. One-to-many mapping

D. Many-to-many mapping

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1057

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1058

What should be taken into consideration while executing proper logging procedures? (Select

TWO).

A. The information that is needed to reconstruct events

B. The password requirements for user accounts

C. The virtual memory allocated on the log server

D. The amount of disk space required

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1058

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1059

Which of the following would be an example of a high-availability disk technology?

A. Load balancing

B. Clustering

C. RAID

D. Remote access

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1059

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1060

Network traffic is data in a network. Which tool can be used to review network traffic for clear text passwords?

A. Firewall

B. Protocol analyzer

C. Password cracker

D. Port scanner

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1060

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1061

Virtualized applications, such as virtualized browsers, can protect the underlying operating

system from which of the following?

A. Malware installation from suspects Internet sites

B. DDoS attacks against the underlying OS

C. Man-in-the-middle attacks

D. Phishing and spam attacks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1061

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1062

In computer security, an access control list (ACL) is a list of permissions attached to an object.

Which log will reveal activities about ACL?

A. Performance

B. Mobile device

C. Firewall

D. Transaction

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1062

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1063

The ability to logon to multiple systems with the same credentials is typically known as:

A. decentralized management

B. single sign-on

C. Role Based Access Control (RBAC)

D. centralized management

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1063

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1064

The first step in risk identification would be to identify:

A. assets

B. costs

C. threats

D. vulnerabilities

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1064

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1065

Which of the following would be MOST important to have to ensure that a company will be

able to recover in case of severe environmental trouble or destruction?

A. Disaster recovery plan

B. Alternate sites

C. Offsite storage

D. Fault tolerant systems

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1065

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1066

In computing, a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as

TCP streams, UDP communication) traveling across it. You have been studying stateful packet inspection and want to perform this security technique on the network. Which device will you use to BEST utilize stateful packet inspection?

A. Switch

B. Hub

C. IDS

D. Firewall

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1066

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1067

Which access control system allows the system administrator to establish access permissions to network resources?

A. MAC

B. DAC

C. RBAC

D. None of the above.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1067

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1068

During a live response to an unauthorized access, a forensics specialist executes a command on the computer being investigated. Which of the following commands would be used to display the current network connections on the local computer?

A. NETSTAT

B. IPCONFIG / IFCONFIG

C. nmap

D. netcat

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1068

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1069

Patch management must be combined with full-featured systems management to be effective.

Determining which patches are needed, applying the patches and which of the following are three generally accepted activities of patch management?

A. Backing up the patch file executables to a network share

B. Updating the firewall configuration to include the patches

C. Auditing for the successful application of the patches

D. Running a NIDS report to list the remaining vulnerabilities

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1069

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1070

Documentation describing a group expected minimum behavior is known as:

A. the need to know

B. acceptable usage

C. the separation of duties

D. a code of ethics

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1070

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1071

The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw.

A. The DAC (Discretionary Access Control) model uses only the identity of the user or specific process to control access to a resource. This creates a security loophole for

Trojan horse attacks.

B. The DAC (Discretionary Access Control) model uses certificates to control access to resources. This creates an opportunity for attackers to use your certificates.

C. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. This allows anyone to use an account to access resources.

D. The DAC (Discretionary Access Control) model does not have any known security flaws.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1071

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1072

Which of the following is not an organizational policy that reduces the impact of fraud?

A. job rotation.

B. password complexity rules.

C. escorting procedures.

D. separation of duties.

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1072

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1073

An important component of a good data retention policy is:

A. backup software licensing

B. offsite storage

C. magnetic media sorting

D. server drive redundancy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1073

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

1074

After installing new software on a machine, what needs to be updated to the baseline?

A. Honeypot

B. Signature-based NIPS

C. Signature-based NIDS

D. Behavior-based HIDS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=JK0-015&qno=1074

-------------------------------------------------------------------------------------------------------------------------------------

TwPass Certification Exam Features;

- TwPass offers over

2500

Certification exams for professionals.

- More than

98,800

Satisfied Customers Worldwide.

- Average

99.8%

Success Rate.

- Over

120

Global Certification Vendors Covered.

- Services of Professional & Certified Experts available via support.

- Free 90 days updates to match real exam scenarios.

- Instant Download Access!

No Setup required.

- Price as low as $19, which is 80% more cost effective than others.

- Verified answers researched by industry experts.

- Study Material

updated

on regular basis.

- Questions / Answers are downloadable in

PDF

format.

- Mobile Device Supported (Android, iPhone, iPod, iPad)

-

No authorization

code required to open exam.

-

Portable

anywhere.

-

Guaranteed Success

.

- Fast, helpful support 24x7.

View list of All Exams (AE);

http://www.twpass.com/twpass.com/vendors.aspx

Download Any Certication Exam DEMO.

http://www.twpass.com/twpass.com/vendors.aspx

To purchase Full version of exam click below; http://www.TwPass.com/

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement