Chapter 15: Vulnerability Assessment
1. At what point in a vulnerability assessment would an attack tree be utilized?
2. In the software development process, when should a design review be conducted?
As the functional and
Chapter 10: Mobile Device Security
1. Which technology is NOT a characteristics of a mobile device?
2. Each optional feature is found on most mobile devices except removable storage media.
3. Which type of computer most
Chapter 14: Risk Mitigation
1. An event that appears to be a risk but turns out not to be one is called a false positive.
2. Which of these is NOT a response to risk?
3. All of these approaches are part of the Simple Risk Model
Chapter 11: Access Control Fundamentals
1. What is the current of TACACS?
2. How is the Security Assertion Markup language (SAML) used?
It allows secure web domains to exchange user authentication and authorization data
3. A Radiu
Chapter 13: Business Continuity
1. IT contingency planning is the process of developing an outline of procedures to be followed in the
event of a major IT incident or an incident that directly impacts IT.
2. Who should be involved in a ta
Chapter 12: Authentication and Account Management
1. Which authentication factor is based on a unique talent that a user possesses?
What you do
2. Which of these is not a characteristic of a week password?
A long password
3. Which attack
Chapter 7: Network Security Fundamentals
1. Which secure feature does a load balancer NOT Provide?
Filter Packets Based on protocol settings
2. Which of these would NOT be a filtering mechanism found in a firewall rule?
3. A (n) Web
Chapter 5: Basic Cryptography
1. The Hashed Message Authentication Code (HMAC) encrypts the key and the message.
2. What is the latest version of the Secure Hash Algorithm?
3. All of the following can be broken mathematically EXCEPT
Chapter 9: Wireless Network Security
1. Which technology is predominately used for contactless payments systems?
Near field communication (NFC)
2. Bluetooth falls under the category of Personal area network (PAN).
3. Which of these IEEE W
Chapter 8: Administering a Secure Network
1. Which high-speed storage network protocols used by a SAN is IP-based?
2. Which Fibre channel zone is the most restrictive?
FC hard zone
3. An attacker can use NetBIOS to determine each of
Chapter 6: Advanced Cryptography
1. A Certificate Signing Request (CSR) is a specially formatted encrypted message that validates the information
the CA requires to issue a digital certificate.
2. Online Certificate Status Protocol (OCSP)
Chapter 4: Host, Application, and Data Security
1. What type of controls are the processes for developing and ensuring that policies and procedures are carried
2. Which of the following is NOT an activity phas
Chapter 2: Malware and Social Engineering Attacks
1. A Virus requires a user to transport it from one computer to another.
2. Which of these is NOT an action that a virus can take?
Ans: Transport itself through the network to another devi
Chapter 3: Applications and Networking Based Attacks
1. Which of these is NOT a reason why securing server-side web applications is difficult?
The processors on clients are smaller than on web servers and thus they are easier to defend.
Chapter 1: Introduction to Security
1. Which of the following is not a characteristic of advanced persistent threat (APT)?
Ans: Is only used by hactivists against foreign enemies
2. Which of the following was used to describe attackers wh