Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which of the following functions provides an output which cannot be reversed and converts data into a string of characters?
A. Hashing
B. Stream ciphers
C. Steganography
D. Block ciphers
Answer: A
Explanation:
Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables one of its characteristics is that it must be one-way – it is not reversible.
Q2. A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect’s emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered.
Which of the following is occurring?
A. The user is encrypting the data in the outgoing messages.
B. The user is using steganography.
C. The user is spamming to obfuscate the activity.
D. The user is using hashing to embed data in the emails.
Answer: B
Explanation:
Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. It is also the process of hiding a message in a medium such as a digital image, audio fi le, or other fi le. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message.
Q3. On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge. Which of the following does this describe?
A. Tailgating
B. Shoulder surfing
C. Interference
D. Illegal downloading
Answer: B
Explanation:
Q4. Which of the following is the MOST secure protocol to transfer files?
A. FTP
B. FTPS
C. SSH
D. TELNET
Answer: B
Explanation:
FTPS refers to FTP Secure, or FTP SSL. It is a secure variation of File Transfer Protocol (FTP).
Q5. When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?
A. Trust models
B. CRL
C. CA
D. Recovery agent
Answer: C
Explanation:
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. The CA affirms the identity of the certificate owner.
Q6. Methods to test the responses of software and web applications to unusual or unexpected inputs are known as:
A. Brute force.
B. HTML encoding.
C. Web crawling.
D. Fuzzing.
Answer: D
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.
Q7. The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. Which of the following would be MOST effective for preventing this behavior?
A. Acceptable use policies
B. Host-based firewalls
C. Content inspection
D. Application whitelisting
Answer: D
Explanation:
Q8. How must user accounts for exiting employees be handled?
A. Disabled, regardless of the circumstances
B. Disabled if the employee has been terminated
C. Deleted, regardless of the circumstances
D. Deleted if the employee has been terminated
Answer: A
Explanation:
You should always disable an employee’s account as soon as they leave. The employee knows the username and password of the account and could continue to log in for potentially malicious purposes. Disabling the account will ensure that no one can log in using that account.
Q9. A malicious individual is attempting to write too much data to an application’s memory. Which of the following describes this type of attack?
A. Zero-day
B. SQL injection
C. Buffer overflow
D. XSRF
Answer: C
Explanation:
Explanation: A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Q10. Which of the following is the BEST reason for placing a password lock on a mobile device?
A. Prevents an unauthorized user from accessing owner's data
B. Enables remote wipe capabilities
C. Stops an unauthorized user from using the device again
D. Prevents an unauthorized user from making phone calls
Answer: A
Explanation:
Q11. After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).
A. Recovery
B. User assigned privileges
C. Lockout
D. Disablement
E. Group based privileges
F. Password expiration
G. Password complexity
Answer: F,G
Explanation:
Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some character type complexity, the more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days.
Q12. Sara, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following?
A. Acceptable Use Policy
B. Physical security controls
C. Technical controls
D. Security awareness training
Answer: D
Explanation:
Security awareness and training include explaining policies, procedures, and current threats to both users and management. A security awareness and training program can do much to assist in your efforts to improve and maintain security. A good security awareness training program for the entire organization should cover the following areas: Importance of security; Responsibilities of people in the organization; Policies and procedures; Usage policies; Account and password-selection criteria as well as Social engineering prevention.
Q13. The public key is used to perform which of the following? (Select THREE).
A. Validate the CRL
B. Validate the identity of an email sender
C. Encrypt messages
D. Perform key recovery
E. Decrypt messages
F. Perform key escrow
Answer: B,C,E
Explanation:
B: The sender uses the private key to create a digital signature. The message is, in effect, signed
with the private key. The sender then sends the message to the receiver. The receiver uses the
public key attached to the message to validate the digital signature. If the values match, the
receiver knows the message is authentic.
C: The sender uses the public key to encrypt a message, and the receiver uses the private key to
decrypt the message.
E: You encrypt data with the private key and decrypt with the public key, though the opposite is
much more frequent.
Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic
protocols based on algorithms that require two separate keys, one of which is secret (or private)
and one of which is public. Although different, the two parts of this key pair are mathematically
linked.
Q14. Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?
A. Honeynet
B. Vulnerability scanner
C. Port scanner
D. Protocol analyzer
Answer: A
Explanation:
Q15. Which of the following offerings typically allows the customer to apply operating system patches?
A. Software as a service
B. Public Clouds
C. Cloud Based Storage
D. Infrastructure as a service
Answer: D
Explanation:
Cloud users install operating-system images and their application software on the cloud infrastructure to deploy their applications. In this model, the cloud user patches and maintains the operating systems and the application software.