Which of the following is not a level of military data-classification system?

A. Unclassified

B. Normal

C. Confidential

D. Top secret

Which of the following formulas is used to determine the Single Loss Expectancy (SLE)?

A. Single Loss Expectancy x Annualized Rate of Occurrence

B. ALE before implementing safeguard + ALE after implementing safeguard + annual cost of safeguard

C. ALE before implementing safeguard – ALE after implementing safeguard – annual cost of safeguar

D. Asset Value x Exposure factor

Which of the following law does not protect intellectual property?

A. Murphy’s law

B. Patent law

C. Trademark

D. Copyright

The Children's Online Privacy Protection Act makes it illegal for Web sites to collect information from children under __ years of age without verifiable permission of a parent?

A. 15

B. 13

C. 10

D. 21

E. 18

Identify whether the given statement is true or false.
"Replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network."

A. False

B. True

You work as a Network Administrator for NetTech Inc. When you enter http://66.111.64.227 in the browser's address bar, you are able to access the site. But, you are unable to access the site when you enter http://www.PassGuide.com. What is the most likely cause?

A. The site’s Web server has heavy traffic.

B. WINS server has no NetBIOS name entry for the server.

C. DNS entry is not available for the host name.

D. The site’s Web server is offline.

Which of the following is a technique used to attack an Ethernet wired or wireless network?

A. DNS poisoning

B. Keystroke logging

C. Mail bombing

D. ARP poisoning

Which of the following are the major tasks of risk management?
Each correct answer represents a complete solution. Choose two.

A. Building Risk free systems

B. Risk control

C. Risk identification

D. Assuring the integrity of organizational data

?

A. L2TP

B. SLIP

C. PPP

D. PPTP

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

A. Visitors

B. Customers

C. Employees

D. Hackers

Which of the following should propose applicable and effective security controls for managing the risks?

A. Risk assessment

B. Risk treatment plan

C. Risk communication

D. Risk management plan

Which of the following acts as an intermediary between a user on the internal network and a service on the external network such as the Internet?

A. DNS server

B. Firewall

C. Proxy server

D. WINS server

A ________ attack occurs when an attacker successfully inserts an intermediary software or program between two communicating hosts.

A. Man-in-the-middle

B. Brute force

C. Denial of Service (DoS)

D. Dictionary

Which of the following statements about DES (Data Encryption Standard) is true?

A. Its most widely used symmetric encryption algorithm uses a 56-bit key.

B. Its most widely used symmetric encryption algorithm uses a 32-bit key.

C. Its most widely used symmetric encryption algorithm uses a 128-bit key.

D. Its most widely used symmetric encryption algorithm uses a 64-bit key.

An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?

A. Biometrics

B. Anonymous

C. Mutual

D. Multi-factor

Which of the following are the types of access controls?
Each correct answer represents a complete solution. Choose three.

A. Technical

B. Administrative

C. Automatic

D. Physical

Which of the following key sizes is used by International Data Encryption Algorithm (IDEA)?

A. 64-bit

B. 16-bit

C. 32-bit

D. 128-bit

Which of the following protocols is used with a tunneling protocol to provide security?

A. EAP

B. IPSec

C. FTP

D. IPX/SPX

Which of the following is a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number?

A. Snooping

B. Phishing

C. SYN attack

D. Spoofing

is true?

A. It hides the public network from internal hosts.

B. It hides internal hosts from the public network.

C. It uses public IP addresses on an internal network.

D. It translates IP addresses into user friendly names.

Which of the following are examples of passive attacks?
Each correct answer represents a complete solution. Choose all that apply.

A. Shoulder surfing

B. Dumpster diving

C. Placing a backdoor

D. Eavesdropping

Which of the following protocols provides maintenance and error reporting function?

A. ICMP

B. IGMP

C. PPP

D. UDP

consist of?
Each correct answer represents a complete solution. Choose two.

A. Data service

B. Account service

C. Authentication service

D. Ticket-granting service

fire?

A. Cooking oil fire

B. Electrical fire

C. Wooden fire

D. Combustible metal fire

Which of the following is a reason to implement security logging on a DNS server?

A. For monitoring unauthorized zone transfer

B. For preventing malware attacks on a DNS server

C. For recording the number of queries resolved

D. For measuring a DNS server’s performance

Which of the following tools can be used by a user to hide his identity?
Each correct answer represents a complete solution. Choose all that apply.

A. War dialer

B. IPchains

C. Anonymizer

D. Proxy server

E. Rootkit

Which of the following entities is used by Routers and firewalls to determine which packets should be forwarded or dropped?

A. Rootkit

B. Backdoor

C. Access control list

D. Rainbow table

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

A. Corroborating

B. Circumstantial

C. Direct

D. Incontrovertible

Which of the following are the phases of the Certification and Accreditation (C&A) process?
Each correct answer represents a complete solution. Choose two.

A. Auditing

B. Initiation

C. Detection

D. Continuous Monitoring

Which of the following is the method of hiding data within another media type such as graphic or document?

A. Spoofing

B. Cryptanalysis

C. Steganography

D. Packet sniffing

Which of the following techniques allows an attacker to take network traffic coming towards a host at one port and redirect it from that host to another host.

A. Blackbox testing

B. Port redirection

C. Firewalking

D. Brainstorming

work?

A. Session layer

B. Transport layer

C. Application layer

D. Data-link layer

In which of the following attacks does the attacker confuse the switch itself into thinking two ports have the same MAC address?

A. ARP spoofing

B. Replay

C. Brute force

D. MAC duplicating

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users?

A. Spoofing

B. System hardening

C. Shielding

D. Auditing

algorithm?

A. Password

B. Access control entry

C. Key exchange

D. Access control list

Which of the following is a program that monitors data packets traveling across a network?

A. Sniffer

B. Smurf

C. Hacker

D. BitLocker

Which of the following is a source port forwarder and redirector tool?

A. Fpipe

B. NMAP

C. SuperScan

D. NSLOOKUP

At which of the following layers of the Open System Interconnection (OSI) model the Internet Control Message Protocol (ICMP) and the Internet Group
Management Protocol (IGMP) work?

A. The Physical layer

B. The Network layer

C. The Data-Link layer

D. The Presentation layer

Which of the following refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system?

A. Piggybacking

B. Hacking

C. Session hijacking

D. Keystroke logging

?
Each correct answer represents a complete solution. Choose three.

A. Authentication

B. Data encryption

C. Authorization

D. Accounting

of the OSI model?
Each correct answer represents a complete solution. Choose two.

A. Firewalls

B. Hub

C. Routers

D. MAC addresses

Which of the following is a process of monitoring data packets that travel across a network?

A. Packet sniffing

B. Packet filtering

C. Shielding

D. Password guessing

?

A. TCP port 22

B. UDP port 161

C. UDP port 138

D. TCP port 443

Which of the following rate systems of Orange book has mandatory protection of the Trusted Computing Base (TCB)?

A. B-rated system

B. A-rated system

C. D-rated system

D. C-Rated system

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

A. B-rated

B. A-rated

C. D-rated

D. C-rated

Which of the following refers to a computer that must be secure because it is accessible from the Internet and is vulnerable to attacks?

A. LMHOSTS

B. Bastion host

C. Firewall

D. Gateway

on a network?
Each correct answer represents a complete solution. Choose all that apply.

A. It enhances network security.

B. It cuts down dial-up charges.

C. It is used for automated assignment of IP addresses to a TCP/IP client in the domain.

D. It uses a single registered IP address for multiple connections to the Internet.

You work as a Network Administrator for NetTech Inc. Employees in remote locations connect to the company's network using Remote Access Service (RAS).
Which of the following will you use to protect the network against unauthorized access?

A. Bridge

B. Antivirus software

C. Gateway

D. Firewall

terminal at
home to connect to the company's network. You have to configure your company's router for it. By default, which of the following standard ports does the SSH protocol use for connection?

A. 21

B. 443

C. 80

D. 22

?
Each correct answer represents a complete solution. Choose all that apply.

A. 10.0.0.3

B. 192.168.15.2

C. 192.166.54.32

D. 19.3.22.17