1. Which of the following is most likely to be broken using a birthday attack?
2. Which of following methods is best suited in a situation where bulk encryption is required?
3. The main purposes for using cryptography include all but which one of the following?
4. Which of the following best describes the purpose of the key zeroization process?
a. To encrypt asymmetric data
b. To create an MD5 hash
c. To clear media of a key value
d. To encrypt symmetric data
5. Digital signatures are used for all but which one of the following purposes?
6. All but which one of the following is security vulnerability found in RIP?
a. Broadcasts all data
b. No authentication
c. Travels only 56 hops
d. Subject to route poisoning
7. Which of the following statements is true in regard to TCP?
a. It makes a best effort at delivering information.
b. It guarantees delivery of information.
c. It does not establish session connection.
d. It is considered an OSI Layer 2 protocol
8. Which of the following is a factor that makes scanning UDP more difficult?
a. Low overhead
b. Lack of startup and shutdown
d. Packet structure
9. Which of the following is a common application layer attack?
a. Port scanning
c. Session hijack
d. SYN attack
10. Which of the following activities is the responsibility of the OSI reference model transport layer?
a. Physical layer connectivity
b. Delivery of IP packets
c. Formatting the data
d. Physical framing
11. Focal length defines which of the following camera qualities?
a. Degree of granularity
b. Ability to zoom
c. Scope of color
d. Horizontal and vertical view
12. A false acceptance rate is also known as which of the following errors?
a. Type A
b. Type B
c. Type 1
d. Type 2
13. If an active fax machine is discovered during an assessment, which of the following is of the least concern?
a. The phone number is publicly available.
b. The fax machine is in an open, unsecured area.
c. Faxes frequently sit in the printer tray.
d. The fax machine uses a ribbon.
14. Which of the following lock grades should be selected in order to appropriately protect critical business assets?
a. Grade 4
b. Grade 2
c. Grade 1
d. Grade 3
15. Which of the following biometric authentication methods is most frequently found on laptops?
d. Voice recognition
16. Which of the following is a tool used for network mapping?
17. A ___________ scan detects packets in which all flags are active.
18. Modems can be located by conducting what type of attack?
d. Port scans
19. What does OS fingerprinting allow?
a. OS vulnerability testing
b. OS port scanning
c. Host OS identification
d. Packet capture
20. Which of the following is a tool used for wardriving?
21. Which of the following is a penetration testing framework?
c. RFC 1087
d. NIST 800-53
22. Which of the following types of penetration testing is designed to attack an organization’s physical security?
a. Social engineering attack
b. Stolen equipment attack
c. Outsider attack
d. Insider attack
23. Which of the following terms best describes hackers that occupy the lowest level of the hacker hierarchy?
24. Which of the following statements is most accurate in regard to successful security professionals?
a. Once certified, they are current for as long as they practice
b. They must have at minimum a masters level college degree
c. They commit to lifelong learning
d. They only need to know general terms of technology
25. In which of the following phases does an attacker passively acquire information about the intended victim’s systems?
d. Escalation of privilege
26. Which of the following tools is used to determine the path to a specific IP address?
27. Which of the following databases would be valuable for obtaining information about a company’s financial history?
a. Internet Assigned Numbers Authority (IANA)
28. In order to locate domain information on a Canadian organization, which of the following Regional Internet Registries would be checked first?
29. Which of the following best describes the first two steps of the footprinting process?
a. Passive information gathering
b. Active information gathering
c. Actively mapping an organization’s vulnerabilities
d. Using vulnerability scanners to map an organization
30. In order to locate domain information on a European organization, which of the following Regional Internet Registries would be checked first?