USA: +1(669)289-8683 
Sign in
I will send details once accepted.
Set1: Practice Questions **
1. Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain
the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs? A.
Hashing
B. Digital signature
C. Encryption
D. Certificate
2. You want to ensure that messages sent from administrators to managers arrive unchanged. Which security goal are
you addressing?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
3. Your organization recently implemented two servers that act as failover devices for each other. Which security goal is
your organization pursuing?
A. Safety
B. Integrity
C. Confidentiality
D. Availability
4. Management at your company recently decided to implement additional lighting and fencing around the property.
Which security goal is your company MOST likely pursuing?
A. Confidentiality
B. Integrity
C. Availability
D. Safety
5. You are logging on to your bank’s web site using your email address and a password. What is the purpose of the
email address in this example?
A. Identification
B. Authentication
C. Authorization
D. Availability
6. Your organization has a password policy with a password history value of 12. What does this
indicate? A. Your password must be at least 12 characters long.
B. Twelve different passwords must be used before reusing the same password.
C. Passwords must be changed every 12 days.
D. Passwords cannot be changed until 12 days have passed.
7. A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices
is the BEST choice for what the help-desk professional should do before resetting the password?
A. Verify the user’s original password.
B. Disable the user’s account.
C. Verify the user’s identity.
D. Enable the user’s account.
8. Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants
to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this
requirement? A. HOTP
B. TOTP
C. CAC
D. Kerberos
9. Which type of authentication is a fingerprint scan?
A. Something you have
B. Biometric
C. PAP
D. One-time password
10. When users log on to their computers, they are required to enter a username, a password, and a PIN. Which of
the following choices BEST describes this?
A. Single-factor authentication
B. Two-factor authentication
C. Multifactor authentication
D. Mutual authentication
11. The security manager at your company recently updated the security policy. One of the changes requires
dual-factor authentication. Which of the following will meet this requirement?
A. Hardware token and PIN
B. Fingerprint scan and retina scan
C. Password and PIN
D. Smart card
12. Your network infrastructure requires users to authenticate with something they are and something they know. Which of
the following choices BEST describes this authentication method?
A. Passwords
B. Dual-factor
C. Biometrics
D. Diameter
13. Which of the following authentication services uses tickets for user credentials?
A. RADIUS
B. Diameter
C. Kerberos
D. LDAP
14. A network includes a ticket-granting ticket server. Which of the following choices is the primary purpose of this
server? A. Authentication
B. Identification
C. Authorization
D. Access control
15. Your network uses an authentication service based on the X.500 specification. When encrypted, it uses TLS.
Which authentication service is your network using?
A. SAML
B. Diameter
C. Kerberos
D. LDAP
16. When you log on to your online bank account, you are also able to access a partner’s credit card site,
check-ordering services, and a mortgage site without entering your credentials again. What does this describe? A. SSO
B. Same sign-on
C. SAML
D. Kerberos
17. Your organization recently made an agreement with third parties for the exchange of authentication and
authorization information. The solution uses an XML-based open standard. Which of the following is the MOST
likely solution being implemented?
A. RADIUS
B. Diameter
C. TACACS+
D. SAML
18. Which of the following provides authentication services and uses PPP?
A. Diameter and biometrics
B. Kerberos and LDAP
C. SAMLand SSO
D. PAP and CHAP
19. Users in your organization access your network from remote locations. Currently, the remote access solution uses
RADIUS.
However, the organization wants to implement a stronger authentication service that supports EAP. Which of the
following choices BEST meets this goal?
A. TACACS+
B. Diameter
C. Kerberos
D. Secure LDAP
20. Which of the following choices provide authentication services for remote users and devices? (Select
TWO.) A. Kerberos
B. RADIUS
C. Secure LDAP
D. Diameter
Set 1: Practice Question Answers
1. C. Encryption is the best choice to provide confidentiality of any type of information, including Personally Identifiable
Information (PII). Hashing, digital signatures, and certificates all provide integrity, not confidentiality. 2. B. Integrity
provides assurances that data has not been modified, and integrity is commonly enforced with hashing. Confidentiality
prevents unauthorized disclosure of data but doesn’t address modifications of data. Availability ensures systems are up and
operational when needed and uses fault tolerance and redundancy methods. Authentication provides proof that users are
who they claim to be.
3. D. Your organization is pursuing availability. A failover cluster uses redundant servers to ensure a service will continue to
operate even if one of the servers fail. Safety methods provide safety for personnel and other assets. Integrity methods ensure
that data has not been modified. Confidentiality methods such as encryption prevent the unauthorized disclosure of data. 4.
D. Lighting and fencing are two methods that can enhance the security goal of safety. Confidentiality is enhanced with
encryption and access controls. Integrity is enhanced with hashing, certificates, and digital signatures. Availability is
enhanced with redundancy and fault-tolerance procedures.
5. A. The email address provides identification for you and your account. The password combined with the email
address provides authentication, proving who you are. Based on your identity, you are granted authorization to view
your account details. Availability is unrelated to identification, authentication, and authorization.
6. B. The password history indicates how many passwords a system remembers and how many different passwords must be
used before a password can be reused. Password length identifies the minimum number of characters. Password maximum
age identifies when users must change passwords. Password minimum age identifies the length of time that must pass before
users can change a password again.
7. C. Before resetting a user’s password, it’s important to verify the user’s identity. Users often need the password reset
because they have forgotten their original password, so it’s not possible to verify the user’s original password. It’s not
necessary to disable a user account to reset the password. You would enable the account if it was disabled or locked out,
but the scenario doesn’t indicate this is the case.
8. B. A Time-based One-Time Password (TOTP) meets this requirement. Passwords created with TOTP expire after 30
seconds. HMAC-based One-Time Password (HOTP) creates passwords that do not expire. A Common Access Card (CAC)
is a type of smart card, but it does not create passwords. Kerberos uses tickets instead of passwords. 9. B. A fingerprint scan
is a biometric method of authentication in the something you are factor of authentication. The something
you have factor of authentication refers to something you can hold, such as a hardware token for a one-time password.
Password Authentication Protocol (PAP) is an authentication method that sends passwords across the network in
cleartext. 10. A. Both the password and the PIN are in the something you know factor of authentication, so this is
single-factor authentication. Two-factor authentication requires the use of two different authentication factors.
Multifactor authentication requires two or more factors of authentication. Mutual authentication is when both entities in
the authentication process authenticate with each other and it doesn’t apply in this situation.
11. A. A hardware token (such as an RSA token or a USB token) is in the something you have factor of authentication and
the PIN is in the something you know factor of authentication. Combined, they provide dual-factor authentication. The
remaining answers only provide single-factor authentication. A fingerprint scan and a retina scan are both in the something
you are factor of authentication. A password and a PIN are both in the something you know factor of authentication. A
smart card is in the something you have factor of authentication.
12. B. This is dual-factor authentication because users must authenticate with two different factors of authentication
(something you are and something you know). Passwords are in the something you know factor and biometrics are in the
something you are factor, but the scenario includes both factors, not just one. Diameter is a remote access authentication
service that supports Extensible Authentication Protocol (EAP).
13. C. Kerberos uses a ticket-granting ticket server to create tickets for users and these tickets include user credentials for
authentication. Remote Authentication Dial-In User Service (RADIUS) provides authentication for remote users. Diameter
is an alternative to RADIUS and it can utilize Extensible Authentication Protocol (EAP). Lightweight Directory Access
Protocol (LDAP) is an X.500-based authentication service.
14. A. Kerberos uses a ticket-granting ticket server for authentication. Users claim an identity with a username for
identification. They prove their identity with credentials for authentication and Kerberos incorporates these credentials
in tickets. Users are authorized access to resources with permissions, but only after they have been authenticated by an
authentication service such as Kerberos. Access controls restrict access to resources after users are identified and
authenticated.
15. D. Lightweight Directory Access Protocol (LDAP) uses X.500-based phrases to identify components and Secure LDAP
can be encrypted with Transport Layer Security (TLS). Security Assertion Markup Language (SAML) is an Extensible
Markup Language (XML) used for single sign-on (SSO), but it is not based on X.500. Diameter is an alternative to Remote
Authentication Dial-In User Service (RADIUS), but neither of these are based on X.500.
16. A. This is an example of single sign-on (SSO) capabilities because you can log on once and access all the resources
without entering your credentials again. Same sign-on requires you to reenter your credentials for each new site, but you use
the same credentials. Security Assertion Markup Language (SAML) is an SSO solution used for web-based applications and
the bank might be using SAML, but other SSO solutions are also available. Kerberos is used in an internal network. 17. D.
Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used for single sign-on (SSO)
solutions. Remote Authentication Dial-In User Service (RADIUS) is a remote access authentication service. Diameter is an
alternative to RADIUS. Terminal Access Controller Access-Control System Plus (TACACS+) is an authentication service
that replaces the older TACACS protocol. RADIUS, Diameter, and TACACS+ do not use XML.
18. D. Both Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) use
Point-to Point Protocol (PPP). Diameter is an authentication service, but biometrics is an authentication method. Kerberos is
an authentication service, but it doesn’t use PPP and Lightweight Directory Access Protocol (LDAP) as a method of
querying directories. Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML)–based data
format used for single sign-on (SSO), but it doesn’t use PPP.
19. B. Diameter is an alternative to Remote Authentication Dial-In User Service (RADIUS) and it can utilize Extensible
Authentication Protocol (EAP). Terminal Access Controller Access-Control System Plus (TACACS+) is an authentication
service that replaces older TACACS. Kerberos is an internal authentication protocol that uses tickets. Secure Lightweight
Directory Access Protocol (LDAP) is an X.500-based authentication service that can be secured with Transport Layer
Security (TLS).
20. B, D. Both Remote Authentication Dial-In User Service (RADIUS) and Diameter are authentication services for remote
users and devices. Diameter is more secure than RADIUS. Kerberos is an authentication service used with a domain or
realm and Secure Lightweight Directory Access Protocol (LDAP) uses Transport Layer Security (TLS) for encryption and is
used to query directories.
Set 2: Practice Questions
1. What protocol does IPv6 use for hardware address resolution?
A. ARP
B. NDP
C. RDP
D. SNMP
2. What is the default port for SSH?
A. 22
B. 23
C. 25
D. 80
3. You are configuring a host-based firewall so that it will allow SFTP connections. Which of the following is
required? A. Allow UDP 21
B. Allow TCP 21
C. Allow TCP 22
D. Allow UDP 22
4. You need to send several large files containing proprietary data to a business partner. Which of the following is the
BEST choice for this task?
A. FTP
B. SNMP
C. SFTP
D. SSH
5. Your organization is planning to establish a secure link between one of your mail servers and a business partner’s
mail server. The connection will use the Internet. What protocol is the BEST choice?
A. TLS
B. SMTP
C. HTTP
D. SSH
6. You recently learned that a network router has TCP ports 22 and 80 open, but the organization’s security policy
mandates that these should not be accessible. What should you do?
A. Disable the FTP and HTTP services on the router.
B. Disable the DNS and HTTPS services on the router.
C. Disable the SSH and HTTP services on the router.
D. Disable the Telnet and Kerberos services on the router.
7. You need to prevent the use of TFTP through your firewall. Which port would you block?
A. TCP 69
B. UDP 69
C. TCP 21
D. UDP 21
8. You need to enable the use of NetBIOS through a firewall. Which ports should you open?
A. 137 through 139
B. 20 and 21
C. 80 and 443
D. 22 and 3389
9. Lisa wants to manage and monitor the switches and routers in her network. Which of the following protocols would she
use? A. Telnet
B. SSH
C. SNMP
D. DNS
10. You need to divide a single Class B IP address range into several ranges. What would you
do? A. Subnet the Class B IP address range.
B. Create a virtual LAN.
C. Create a DMZ.
D. Implement STP.
11. You need to reboot your DNS server. Of the following choices, which type of server are you MOST likely to
reboot? A. Unix server
B. Apache server
C. BIND server
D. Web server
12. Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on
your internal network. Which of the following choices is the BEST option?
A. Implement subnetting.
B. Implement secure zone transfers.
C. Block outgoing traffic on UDP port 53.
D. Add a WAF.
13. A network technician incorrectly wired switch connections in your organization’s network. It effectively disabled
the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future? A.
Install an IDS.
B. Only use Layer 2 switches.
C. Install SNMP on the switches.
D. Implement STP or RSTP.
14. Your organization frequently has guests visiting in various conference rooms throughout the building. These guests
need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need
access to both the internal network and the Internet. What would BEST meet this need?
A. PAT and NAT
B. DMZ and VPN
C. VLANs and 802.1x
D. Routers and Layer 3 switches
15. Your network currently has a dedicated firewall protecting access to a web server. It is currently configured with
the following two rules in the ACLalong with an implicit allow rule at the end:
PERMIT TCP ANY ANY 443
PERMIT TCP ANY ANY 80
You have detected DNS requests and zone transfer requests coming through the firewall and you need to block them.
Which of the following would meet this goal? (Select TWO. Each answer is a full solution.)
A. Add the following rule to the firewall: DENY TCP ALLALL53.
B. Add the following rule to the firewall: DENY UDP ALLALL53.
C. Add the following rule to the firewall: DENY TCP ALLALL25.
D. Add the following rule to the firewall: DENY IP ALLALL53.
E. Change the implicit allow rule to implicit deny.
16. Your organization wants to prevent users from accessing file sharing web sites. Which of the following choices will
meet this need?
A. Content inspection
B. Malware inspection
C. URLfilter
D. Web application firewall
17. Your organization wants to combine some of the security controls used on the network. What could your
organization implement to meet this goal?
A. SSO
B. UTM
C. VPN
D. VLAN
18. Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic
from internal network traffic. Which of the following provides the BEST solution?
A. VLAN
B. Firewall
C. DMZ
D. WAF
19. Network administrators connect to a legacy server using Telnet. They want to secure these transmissions using
encryption at a lower layer of the OSI model. What could they use?
A. IPv4
B. IPv6
C. SSH
D. SFTP
20. Which of the following operates on the HIGHEST layer of the OSI model, and is the most effective at blocking
application attacks?
A. IDS
B. Router
C. WAF
D. Stateless firewall
Set 2: Practice Question Answers
1. B. IPv6 uses the Neighbor Discovery Protocol (NDP) to resolve IPv6 addresses to media access control (MAC)
addresses (also called hardware addresses). IPv4 uses the Address Resolution Protocol (ARP) to resolve IPv4 addresses to
MAC addresses. Remote Desktop Protocol (RDP) is used to connect to remote systems over port TCP 3389.
Administrators use Simple Network Management Protocol (SNMP) to monitor and manage network devices.
2. A. Secure Shell (SSH) uses Transmission Control Protocol (TCP) port 22 by default, and it is commonly used with
other protocols, such as Secure Copy (SCP) and Secure File Transfer Protocol (SFTP). Telnet uses port 23. SMTP uses
port 25. HTTP uses port 80.
3. C. You should create a rule to allow traffic using Transmission Control Protocol (TCP) port 22. Secure File Transfer
Protocol (SFTP) uses Secure Shell (SSH) on TCP port 22. FTP uses TCP port 21. SSH does not use UDP. 4. C. File
Transfer Protocol (FTP) is the best choice to send large files, and Secure File Transfer Protocol (SFTP) is the best choice to
send large files that need to be protected with encryption. SFTP encrypts data with Secure Shell (SSH) on port 22. FTP
data is cleartext and is not suitable for proprietary data. Simple Network Management Protocol (SNMP) is used to manage
network devices. Secure Shell (SSH) provides encryption for other protocols, but is not the best choice to send files
without combining it with FTP (as SFTP).
5. A. Transport Layer Security (TLS) is a good choice to create a secure connection between two systems over the Internet.
Although the mails servers will likely exchange mail using Simple Mail Transfer Protocol (SMTP), SMTP by itself will not
create a secure link. Similarly, Hypertext Transfer Protocol (HTTP) doesn’t create a secure link. Although Secure Shell
(SSH) creates a secure connection, it isn’t used with SMTP.
6. C. You should disable the Secure Shell (SSH) and Hypertext Transfer Protocol (HTTP) services because they use TCP
ports 22 and 80 by default. File Transfer Protocol (FTP) uses ports 20 and 21. Domain Name System (DNS) uses port 53.
Telnet uses port 23. Kerberos uses port 88.
7. B. You should block UDP port 69 to block Trivial File Transfer Protocol (TFTP). TFTP does not use TCP. File
Transfer Protocol (FTP) uses TCP port 21.
8. A. Network Basic Input/Output System (NetBIOS) uses ports 137 through 139. File Transfer Protocol (FTP) uses ports
20 and 21. Hypertext Transfer Protocol (HTTP) uses port 80 and HTTP Secure (HTTPS) uses port 443. You can connect to
remote systems with Secure Shell (SSH) using port 22, and Remote Desktop Protocol (RDP) using port 3389. 9. C. Simple
Network Management Protocol version 3 (SNMPv3) monitors and manages network devices. She can use Telnet to connect
to the devices, but not monitor them. Secure Shell (SSH) is a more secure alternative than Telnet, but it cannot monitor the
devices either. Domain Name System (DNS) provides name resolution services.
10. A. You can divide any classful IP address range by subnetting it. This breaks up a larger range of IP addresses into
smaller network segments or blocks of IP addresses. A virtual local area network (VLAN) divides groups of computers
logically, but doesn’t use IP ranges. A demilitarized zone (DMZ) is a buffered zone between a protected network and a
public network. Spanning Tree Protocol (STP) prevents looping problems caused by incorrect cabling.
11. C. Berkeley Internet Name Domain (BIND) is a type of Domain Name System (DNS) software commonly used on the
Internet and in some internal networks, so a BIND server is a DNS server. BIND runs on Unix servers, but not all Unix
servers are BIND servers. Apache is a type of web server software that runs on Unix and Linux systems. 12. B. By
implementing secure zone transfers on internal Domain Name System (DNS) servers, it prevents attackers from
downloading zone data and mapping out IP addresses and devices. Subnetting divides classful IP address ranges into smaller
subnets, but it doesn’t prevent attacks. DNS name resolution queries use UDP port 53, so blocking outgoing traffic on UDP
port
53 would prevent internal users from using DNS on the Internet. A web application firewall (WAF) protects a web server.
13. D. Spanning Tree Protocol (STP) or Rapid STP (RSTP) will prevent switching loop problems. It’s rare for a wiring
error to take down a switch. However, if two ports on a switch are connected to each other, it creates a switching loop and
effectively disables the switch. An intrusion detection system (IDS) will not prevent a switching loop. Layer 2 switches are
susceptible to this problem. Administrators use Simple Network Management Protocol (SNMP) to manage and monitor
devices, but it doesn’t prevent switching loops.
14. C. An 802.1x server provides port-based authentication and can authenticate clients. Clients that cannot authenticate (the
guests in this scenario) can be redirected to a virtual local area network (VLAN) that grants them Internet access, but not
access to the internal network. None of the other solutions provides port security or adequate network separation. Port
Address Translation (PAT) and Network Address Translation (NAT) each translate private IP addresses to public IP
addresses. A demilitarized zone (DMZ) provides a buffer zone between a public network and a private network for
public-facing servers. A virtual private network (VPN) provides access to a private network via a public network. Routers
work on Layer 3, and Layer 3 switches mimic some of the functionality of routers.
15. D, E. The easiest way is to change the implicit allow rule to implicit deny and that is preferred because it will protect the
server from unwanted traffic. You can also deny all IP traffic using port 53 with DENY IP ALLALL53. DNS requests use
UDP port 53, and zone transfers use TCP port 53 so both UDP 53 and TCP port 53 need to be blocked. You can achieve that
goal with DENY IP ALLALL53.
16. C. A URLfilter blocks access to specific web sites based on their URLs. Proxy servers and unified threat management
(UTM) devices include URLfilters. UTM devices include content inspection to identify and filter out different types of
files and traffic, and malware inspection to identify and block malware. A web application firewall (WAF) protects a web
server from incoming attacks.
17. B. A unified threat management (UTM) device combines multiple security controls into a single device. Single sign-on
allows users to sign on once and access multiple resources without signing on again. Users can access a private network over
a public network via a virtual private network (VPN). You can configure a virtual local area network (VLAN) on a switch to
group computers together logically.
18. C. A demilitarized zone (DMZ) is a buffered zone between a private network and the Internet, and it will separate the
web server’s web-facing traffic from the internal network. You can use a virtual local area network (VLAN) to group
computers together based on job function or some other administrative need, but it is created on switches in the internal
network. A firewall does provide protection for the web server, but doesn’t necessarily separate the web-facing traffic from
the internal network. A web application firewall (WAF) protects a web server from incoming attacks, but it does not
necessarily separate Internet and internal network traffic.
19. B. IPv6 includes the use of Internet Protocol security (IPsec), so it is the best choice and it operates on Layer 3 of the
Open Systems Interconnection (OSI) reference model. IPv4 doesn’t support IPsec natively. Although you can use Secure
Shell (SSH) instead of Telnet, they both operate on Layer 7 of the OSI model. IPv6 operates on Layer 3. Secure File Transfer
Protocol (SFTP) is useful for encrypting large files in transit, but it doesn’t encrypt Telnet traffic.
20. C. A web application firewall (WAF) operates on multiple layers up to Layer 7 of the OSI reference model and blocks
attacks against a web server. An intrusion detection system (IDS) also operates on multiple layers up to Layer 7 of the OSI
model; however, it is more effective at detecting attacks than blocking them. A router operates on Layer 3 of the OSI model
and it can perform packet filtering. A stateless firewall only performs packet filtering and isn’t effective against Application
layer attacks.
Set 3: Practice Questions
1. Which of the following types of malware is the MOST difficult to reverse engineer?
A. Logic bomb
B. Trojan
C. Armored virus
D. Ransomware
2. Recently, malware on a company computer destroyed several important files after it detected that Homer was no
longer employed at the company. Which of the following BEST identifies this malware?
A. Logic bomb
B. Rootkit
C. Backdoor
D. Adware
3. A recent antivirus scan on a server detected a Trojan. A technician removed the Trojan, but a security administrator
expressed concern that unauthorized personnel might be able to access data on the server. The security administrator decided
to check the server further. Of the following choices, what is the administrator MOST likely looking for on this server? A.
Backdoor
B. Logic bomb
C. Rootkit
D. Botnet
4. After Maggie turned on her computer, she saw a message indicating that unless she made a payment, her hard drive would
be formatted. What does this indicate?
A. Armored virus
B. Ransomware
C. Backdoor
D. Trojan
5. A security administrator recently noticed abnormal activity on a workstation. It is connecting to computers outside the
organization’s internal network, using uncommon ports. Using a security toolkit, the administrator discovered the
computer is also running several hidden processes. Which of the following choices BEST indicates what the administrator
has found? A. Rootkit
B. Backdoor
C. Spam
D. Trojan
6. What type of malware uses marketing pop-ups and does not attempt to hide itself?
A. Blocker
B. Rootkit
C. Trojans
D. Adware
7. Of the following malware types, which one is MOST likely to monitor a user’s computer?
A. Trojan
B. Spyware
C. Adware
D. Ransomware
8. Lisa is a database administrator and received a phone call from someone identifying himself as a technician working with
a known hardware vendor. The technician said he’s aware of a problem with database servers they’ve sold, but it only
affects certain operating system versions. He asks Lisa what operating system the company is running on its database
servers. Which of the following choices is the BEST response from Lisa?
A. Let the caller know what operating system and versions are running on the database servers to determine if any
further action is needed.
B. Thank the caller and end the call, report the call to her supervisor, and independently check the vendor for
issues. C. Ask the caller for his phone number so that she can call him back after checking the servers.
D. Contact law enforcement personnel.
9. A security administrator at a shopping mall discovered two wireless cameras pointing at an automatic teller machine.
These cameras were not installed by mall personnel and are not authorized. What is the MOST likely goal of these cameras?
A. Tailgating
B. Dumpster diving
C. Vishing
D. Shoulder surfing
10. Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow
her when she goes back inside. What does this describe?
A. Spear phishing
B. Whaling
C. Mantrap
D. Tailgating
11. An organization’s security policy requires employees to incinerate paper documents. Of the following choices, which
type of attack is this MOST likely to prevent?
A. Shoulder surfing
B. Tailgating
C. Vishing
D. Dumpster diving
12. While cleaning out his desk, Bart threw several papers containing PII into the recycle bin. Which type of attack can
exploit this action?
A. Vishing
B. Dumpster diving
C. Shoulder surfing
D. Tailgating
13. Marge reports that she keeps receiving unwanted emails about personal loans. What does this
describe? A. Phishing
B. Spear phishing
C. Spam
D. Vishing
14. A recent spear phishing attack that appeared to come from your organization’s CEO resulted in several employees
revealing their passwords to attackers. Management wants to implement a security control to provide assurances to
employees that email that appears to come from the CEO actually came from the CEO. Which of the following should be
implemented? A. Digital signatures
B. Spam filter
C. Training
D. Metrics
15. Attackers are targeting C-level executives in your organization. Which type of attack is
this? A. Phishing
B. Vishing
C. Spam
D. Whaling
16. You manage a group of computers in an isolated network without Internet access. You need to update the
antivirus definitions manually on these computers. Which of the following choices is the MOST important
concern? A. Running a full scan of the systems before installing the new definitions
B. Running a full scan of the systems after installing the new definitions
C. Ensuring the definition file hash is equal to the hash on the antivirus vendor’s web site
D. Ensuring the update includes all signature definitions
17. A user wants to reduce the threat of an attacker capturing her personal information while she surfs the Internet. Which of
the following is the BEST choice?
A. Antivirus software
B. Anti-spyware software
C. Pop-up blocker
D. Whitelisting
18. Bart is complaining that new browser windows keep opening on his computer. Which of the following is the BEST
choice to stop these in the future?
A. Malware
B. Adware
C. Pop-up blocker
D. Antivirus software
19. Your organization recently suffered a loss from malware that wasn’t previously known by any trusted sources. Which
type of attack is this?
A. Phishing attack
B. Zero-day
C. Buffer overflow
D. Integer overflow
20. Homer received an email advertising the newest version of a popular smartphone, which is not available elsewhere.
It includes a malicious link. Which of the following principles is the email author using?
A. Authority
B. Intimidation
C. Scarcity
D. Trust
Set 3: Practice Question Answers
1. C. An armored virus uses one or more techniques to make it difficult for antivirus researchers to reverse engineer it. A
logic bomb executes in response to an event, but it is often implemented with simple code. A Trojan appears to be something
beneficial, but it includes a malicious component. Ransomware takes control of a user’s system or data and then demands
payment as ransom.
2. A. A logic bomb executes in response to an event. In this scenario, the logic bomb is delivering its payload when it detects
that Homer is no longer employed at the company. A rootkit doesn’t respond to an event. A backdoor provides another
method of accessing a system, but it does not delete files. Adware uses advertising methods, such as pop-up windows. 3. A.
The security administrator is most likely looking for a backdoor because Trojans commonly create backdoors, and a
backdoor allows unauthorized personnel to access data on the system. Logic bombs and rootkits can create backdoor
accounts, but Trojans don’t create logic bombs and would rarely install a rootkit. The computer might be joined to a botnet,
but it wouldn’t be a botnet.
4. B. Ransomware attempts to take control of a user’s system or data and then demands ransom to return control. An armored
virus uses one or more techniques to make it more difficult to reverse engineer. It’s possible that Maggie’s computer was
infected with a Trojan, which created a backdoor. However, not all Trojans or backdoor accounts demand payment as ransom.
5. A. A rootkit typically runs processes that are hidden and it also attempts to connect to computers via the Internet. Although
an attacker might have used a backdoor to gain access to the user’s computer and install the rootkit, backdoors don’t run
hidden processes. Spam is unwanted email and is unrelated to this question. A Trojan is malware that looks like it’s
beneficial, but is malicious.
6. D. Adware commonly causes pop-up windows to appear with marketing advertisements and adware doesn’t try to hide
itself. Many web browsers include pop-up blockers that block these pop-ups. A rootkit does attempt to hide itself and keep
any rootkit processes hidden. Trojans perform some malicious activity such as creating a backdoor account, and they hide
their activity.
7. B. Spyware monitors a user’s computer and activity. Trojans often install backdoor accounts, but they don’t necessarily
monitor systems and activity. Adware typically causes pop-up windows for advertising, and although it might monitor the
user to target ads, not all adware monitors users. Ransomware is primarily concerned with getting the user to make a ransom
payment.
8. B. This sounds like a social engineering attack where the caller is attempting to get information on the servers, so it’s
appropriate to end the call, report the call to a supervisor, and independently check the vendor for potential issues. It is not
appropriate to give external personnel information on internal systems from a single phone call. The caller has not committed
a crime by asking questions, so it is not appropriate to contact law enforcement personnel.
9. D. Shoulder surfing is the practice of peering over a person’s shoulder to discover information. In this scenario, the
attacker is using the wireless cameras to discover PINs as users enter them. Tailgating is the practice of following closely
behind someone else without using credentials. Dumpster diving is the practice of searching trash dumpsters for
information. Vishing is a form of phishing using the phone.
10. D. Tailgating is the practice of following closely behind someone else without using credentials. In this scenario, Bart
might be an employee who forgot his badge, or he might be a social engineer trying to get in by tailgating. Mantraps
prevent tailgating. Spear phishing and whaling are two types of phishing with email.
11. D. Dumpster diving is the practice of looking for documents in the trash dumpsters, but shredding or incinerating
documents ensures dumpster divers cannot retrieve any paper documents. Shoulder surfers attempt to view something on a
monitor or other screen, not papers. Tailgating refers to entering a secure area by following someone else. Vishing is a form
of phishing using the phone.
12. B. Dumpster divers look through trash or recycling containers for valuable paperwork, such as documents that include
Personally Identifiable Information (PII). Instead, paperwork should be shredded or incinerated. Vishing is a form of
phishing that uses the phone. Shoulder surfers attempt to view monitors or screens, not papers. Tailgating is the practice of
following closely behind someone else, without using proper credentials.
13. C. Spam is unwanted emails from any source. Phishing and spear phishing are types of attacks using email.
Vishing is similar to phishing but it uses telephone technology.
14. A. A digital signature provides assurances of who sent an email and meets the goal of this scenario. Although a spam
filter might filter a spear phishing attack, it does not provide assurances about who sent an email. A training program would
help educate employees about attacks and would help prevent the success of these attacks, but it doesn’t provide assurances
about who sent an email. Metrics can measure the success of a training program.
15. D. Whaling is a type of phishing that targets high-level executives, such as CEOs, CIOs, and CFOs. Because whaling is
more specific than phishing, phishing isn’t the best answer. Vishing is similar to phishing, but it uses the phone instead. Spam
is unwanted email, but spam isn’t necessarily malicious.
16. C. When downloading files as important as antivirus definitions, it’s important to ensure they do not lose data integrity,
and you can do so by verifying the hashes. It’s not necessary to run a full scan either before or after installing new
definitions, but the new definitions will help.
17. B. Anti-spyware is the best choice to protect an individual’s personal information while online. Many antivirus software
applications include anti-spyware components, but not all of them do. A pop-up blocker prevents pop-up windows, caused
by adware. Whitelisting identifies specific applications authorized on a system, but does not necessarily prevent the theft of
personal information.
18. C. A pop-up blocker is the best choice to stop these windows, which are commonly called pop-up windows. They might
be the result of malware or adware, but more malware or adware will not stop them. Some antivirus software may block the
pop ups, but a pop-up blocker is the best choice.
19. B. A zero-day exploit is one that isn’t known by trusted sources such as antivirus vendors or operating system vendors.
Trusted sources know about many phishing attacks, buffer overflow attacks, and integer overflow attacks. 20. C. The attacker
is using scarcity to entice the user to click the link. A user might realize that clicking on links from unknown sources is risky,
but the temptation of getting the new smartphone might cause the user to ignore the risk.
Exam 2
Protocols and ports
Class notes 3 and 4
Some general knowledge questions
