Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. It is a short-range wireless communication technology intended to replace the cables connecting portables of fixed deviceswhile maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short- range wireless connection.
Which of the following terms best matches the definition?
A. Bluetooth
B. Radio-Frequency Identification
C. WLAN
D. InfraRed
Answer: A
Q2. This international organizationregulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described?
A. Payment Card Industry (PCI)
A. B. International Security Industry Organization (ISIO)
C. Institute of Electrical and Electronics Engineers (IEEE)
D. Center for Disease Control (CDC)
Answer: B
Q3. Which of the following parameters describe LM Hash: I – The maximum password length is 14 characters.
II – There are no distinctions between uppercase and lowercase.
III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.
A. I
B. I and II
C. II
D. I, II and III
Answer: D
Q4. Which of the following is the BEST way to defend against network sniffing?
A. Using encryption protocols to secure network communications
B. Restrict Physical Access to Server Rooms hosting Critical Servers
C. Use Static IP Address
D. Register all machines MAC Address in a centralized Database
Answer: A
Q5. An attacker gains access to a Web server’s database and display the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?
A. Insufficient security management
B. Insufficient database hardening
C. Insufficient exception handling
D. Insufficient input validation
Answer: D
Q6. An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, digital Subscriber Line (DSL), wireless data services, and virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is most likely able to handle this requirement?
A. DIAMETER
B. Kerberos
C. RADIUS
A. D. TACACS+
Answer: D
Q7. Which of the following is a design pattern based on distinct pieces ofsoftware providing application functionality as services to other applications?
A. Lean Coding
B. Service Oriented Architecture
C. Object Oriented Architecture
D. Agile Process
Answer: B
Q8. When you return to your desk after a lunch break, you notice a strange email in your inbox. The senders is someone you did business with recently but the subject line has strange characters in it.
What should you do?
A. Forward the message to your company’s security response team and permanently delete the message from your computer.
B. Delete the email and pretend nothing happened.
C. Forward the message to your supervisor andask for her opinion on how to handle the situation.
D. Reply to the sender and ask them for more information about the message contents.
Answer: A
Q9. Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening port on the targeted system.
If a scanned port is open, what happens?
A. The port will ignore the packets.
B. The port will send an RST.
C. The port will send an ACK.
D. The port will send a SYN.
Answer: A
Q10. Which of the followingtypes of firewalls ensures that the packets are part of the established session?
A. Switch-level firewall
B. Stateful inspection firewall
C. Application-level firewall
D. Circuit-level firewall
Answer: B
Q11. Which of the following statements regarding ethical hacking is incorrect?
A. Testing should be remotely performed offsite.
B. Ethical hackers should never use tools that have potential of exploiting vulnerabilities in the
organizations IT system.
C. Ethical hacking should not involve writing to or modifying the target systems.
D. An organization should use ethical hackers who do not sell hardware/software or other consulting services.
Answer: B
Q12. Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
A. Kismet
B. Netstumbler
C. Abel
D. Nessus
Answer: A
Q13. A company’s security states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?
A. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
B. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.
C. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
D. Attempts by attacks to access the user and password information stores in the company's SQL database.
Answer: C
Q14. A Regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?
A. Move the financial data to another server on the same IP subnet
B. Place a front-end web server in a demilitarized zone that only handles external web traffic
C. Issue new certificates to the web servers from the root certificate authority
D. Require all employees to change their passwords immediately
Answer: A
Q15. Risk = Threats x Vulnerabilities is referred to as the:
A. Threat assessment
B. Disaster recovery formula
C. BIA equation
D. Risk equation
Answer: D
Q16. The configuration allows a wired or wireless network interface controller to pass all trafice it receives to thecentral processing unit (CPU), rather than passing only the frames that the controller is intended to receive.
Which of the following is being described?
A. WEM
B. Multi-cast mode
C. Promiscuous mode
D. Port forwarding
Answer: B
Q17. Which of the following incident handling process phases is responsible for defining rules, creating a back-up plan, and testing the plans for an enterprise?
A. Preparation phase
A. B. Recovery phase
C. Identification phase
D. Containment phase
Answer: A
Q18. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
A. Inherent Risk
B. ResidualRisk
A. C. Deferred Risk
D. Impact Risk
Answer: B
Q19. A common cryptographically tool is the use of XOR. XOR the following binary value: 10110001
00111010
A. 10001011
B. 10011101
C. 11011000
D. 10111100
Answer: A
Q20. You are performing a penetration test. You achieved access via a bufferoverflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account.
What should you do?
A. Do not transfer the money but steal the bitcoins.
B. Report immediately to the administrator.
A. C. Transfer money from the administrator’s account to another account.
D. Do not report it and continue the penetration test.
Answer: B
Q21. It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up windows, webpage,or email warning from what looks like an officialauthority. It explains your computer has been locked because of possible illegal activities and demands payment before you can access your files and programs again.
Which term best matches this definition?
A. Spyware
B. Adware
C. Ransomware
D. Riskware
Answer: C