Comprehensive Final Exam B
1. Which of the following protocols can be used to build a chain of trust for IPSec keys, SSH
fingerprints, and similar records?
a. The Domain Name System Security Extension (DNSSEC) focuses on ensuring that Domain
Name System (DNS) information is not modified or malicious, but it doesn't provide
confidentiality like many of the other secure protocols. DNSSEC can also be used to build
a chain of trust for Internet Protocol Security (IPSec) keys, Secure Shell (SSH)
fingerprints, and similar records.
b. Answer D is incorrect. The Simple Network Management Protocol, version 3 (SNMPv3)
improves on previous versions of SNMP by providing authentication of message sources,
message integrity validation, and confidentiality via encryption.
c. Answer C is incorrect. The Secure Real-Time Protocol (SRTP) is a secure version of the
Real-time Protocol (RTP), a protocol designed to provide audio and video streams via
networks.
d. Answer A is incorrect. The Secure Lightweight Directory Application Protocol (LDAPS) is a
Transport Layer Security (TLS)-protected version of LDAP that offers confidentiality and
integrity protection
2. which of the following tools is an exploitation framework commonly used by penetration
testers?
a. Metasploit is the most popular exploitation framework used by penetration testers. It
simplifies the use of vulnerabilities by providing a modular approach to configuring and
deploying vulnerability exploits.
b. Answer B is incorrect. Wireshark is a protocol analyzer. It provides a graphical user
interface (GUI) and a wide range of filtering, protocol analysis, and inspection tools
c. Answer A is incorrect. Aircrack-ng is a wireless network security testing tool.
d. Answer C is incorrect. The Social Engineer’s Toolkit (SET) is a framework for conducting
social engineering attacks.
3. What protocol is used to prevent network loops?
a. STP, or Spanning Tree Protocol, is used to detect loops. STP ensures that every segment
is accessible but that loops are detected and blocked.
b. Answers A, C, and B are incorrect. BGP (Border Gateway Protocol), OSPF (Open Shortest
Path First), and EIGRP (Enhanced Interior Gateway Routing Protocol) are routing
protocols.
4. Susan is designing the physical security controls for her organizations new building and wants to
ensure that the front doors are protected from a vehicle being used to ram through them. What
physical security control is typically put in place to prevent this?
a. Bollards are pillars or other structures placed to prevent vehicles from passing through
an area. Many bollards look like metal poles or concrete pillars. Planters, large boulders,
and other structures can also serve as bollards.
b. Answers B, C, and A are incorrect. A moat is not a typical security control unless your
organization has a castle, and walls and fences are more frequently used to prevent
access by people.
,5. Samantha has configured an unused network segment at her company to appear to be
vulnerable and has added instrumentation and data gathering capabilities so that she can
observe and analyze what attackers do while attempting to exploit that network. What type of
environment has she set up?
a. Samantha has set up a honeynet, which is a network that is built to have intentional
vulnerabilities that will attract attackers whose actions can then be recorded and
studied. It is a group of honeypots set up to be even more convincing and to provide
greater detail on attacker tools due to the variety of systems and techniques required to
make it through the network of systems.
b. Answer A is incorrect. Load balancers are used to distribute traffic to multiple systems,
provide redundancy, and allow for ease of upgrades and patching.
c. Answer D is incorrect. A black hole is a network location where traffic is sent that will not
be further forwarded.
d. Answer C is incorrect. A tarpit is a system configured to slow down attackers.
6. Gavin is drafting a document that provides a detailed step-by-step process that users may follow
to connect to the virtual private network (VPN) from remote locations. Alternatively, users may
ask IT to help them configure the connection. What term best describes this document?
a. A procedure offers a step-by-step process for completing a cybersecurity activity. The
VPN instructions that Gavin is creating are best described using this term. Similar to
checklists, procedures ensure a consistent process for achieving a security objective.
b. Answer D is incorrect. Policies are high-level statements of management intent.
Compliance with policies is mandatory.
c. Answer C is incorrect. Standards provide mandatory requirements describing how an
organization will carry out its information security policies.
d. Answer B is incorrect. Guidelines provide best practices and recommendations related to
a given concept, technology, or task.
7. What term best describes data that is in the memory of a computer system?
a. Data in processing or data in use is data that is stored in the active memory of a
computer system where it may be accessed by a process running on that system.
b. Answer A is incorrect. Data in motion, or data on the wire, is data being transmitted
across a network between two systems.
c. Answer D is incorrect. Data at rest is stored data that resides on hard drives, on tapes, in
the cloud, or on other storage media.
d. Answer C is incorrect. Data in storage is not one of the types of data.
8. Tom wants to duplicate all traffic passing through a network connection but does not want to
add any additional load to the switch that it is passing through. What component should he add
to accomplish this? This type of question contains radio buttons and checkboxes for selection of
options.
a. Tom should use a tap, which is a device that independently sends a copy of network
traffic to another path or location. Both active and passive taps exist, and they offer the
advantage of not requiring the switch or router to process the traffic.
b. Answer B is incorrect. Honeypots are systems that are intentionally configured to appear
to be vulnerable but that are actually heavily instrumented and monitored systems that
, will document everything an attacker does while retaining copies of every file and
command they use.
c. Answer A is incorrect. Load balancers are used to distribute traffic to multiple systems,
provide redundancy, and allow for ease of upgrades and patching.
d. Answer D is incorrect. Proxy servers accept and forward requests, centralizing the
requests and allowing actions to be taken on the requests and responses.
9. Jim wants to equip his mobile phone with the ability to create, store, and manage certificates.
What hardware device is purpose built for this use?
a. Hardware security modules (HSMs) come in many forms, ranging from rack-mounted
servers and appliances to USB-based HSMs. MicroSD (secure digital) HSMs are designed
to allow mobile devices equipped with the proper application to interact with the HSM,
providing a way to create, manage, and store certificates using a mobile device with
hardware-based assurance.
b. Answers D and A are incorrect. Both hashing store and one-time password (OTP) are not
hardware devices.
c. Answer C is incorrect. A USB (universal serial bus) blocker blocks data from being sent via
USB cables to prevent data theft.
10. Which of the following replaces the preshared keys used in a WPA2 and requires interaction
between both the client and network to validate both sides?
a. Wireless Protected Access 3 (WPA3)-Personal provides additional protection for
password-based authentication, using a process known as Simultaneous Authentication
of Equals (SAE). SAE replaces the preshared keys used in WPA2 and requires interaction
between both the client and network to validate both sides.
b. Answer D is incorrect. The Secure Real-Time Protocol (SRTP) is a secure version of the
Real-time Protocol (RTP), a protocol designed to provide audio and video streams via
networks.
c. Answer C is incorrect. The Secure Lightweight Directory Application Protocol (LDAPS) is a
Transport Layer Security (TLS)-protected version of the Lightweight Directory Access
Protocol (LDAP) that offers confidentiality and integrity protections.
d. Answer B is incorrect. The Domain Name System Security Extension (DNSSEC) focuses on
ensuring that the Domain Name System (DNS) information is not modified or malicious,
but it doesn't provide confidentiality like many of the other secure protocols.
11. The biometric authentication system that Patricia has deployed has been allowing users to
authenticate whose fingerprints do not match the users who they are authenticating. What type
of error is this called in biometric systems?
a. This type of problem is an issue with false acceptance and can be a major issue for
biometric systems. Type II errors or false acceptance errors occur when a biometric
factor is presented and is accepted when it shouldn't be. Patricia needs to tune the
system to reduce the false acceptance rates while minimizing false rejection rates.
b. Answer D is incorrect. The crossover error rate describes the point where the false reject
rate (FRR) and false accept rate (FAR) are equal.
c. Answer A is incorrect. False rejection errors mean that a legitimate biometric measure
was presented and the system rejected it.
d. Answer C is incorrect. There is no such term as crossover acceptance rate.
1. Which of the following protocols can be used to build a chain of trust for IPSec keys, SSH
fingerprints, and similar records?
a. The Domain Name System Security Extension (DNSSEC) focuses on ensuring that Domain
Name System (DNS) information is not modified or malicious, but it doesn't provide
confidentiality like many of the other secure protocols. DNSSEC can also be used to build
a chain of trust for Internet Protocol Security (IPSec) keys, Secure Shell (SSH)
fingerprints, and similar records.
b. Answer D is incorrect. The Simple Network Management Protocol, version 3 (SNMPv3)
improves on previous versions of SNMP by providing authentication of message sources,
message integrity validation, and confidentiality via encryption.
c. Answer C is incorrect. The Secure Real-Time Protocol (SRTP) is a secure version of the
Real-time Protocol (RTP), a protocol designed to provide audio and video streams via
networks.
d. Answer A is incorrect. The Secure Lightweight Directory Application Protocol (LDAPS) is a
Transport Layer Security (TLS)-protected version of LDAP that offers confidentiality and
integrity protection
2. which of the following tools is an exploitation framework commonly used by penetration
testers?
a. Metasploit is the most popular exploitation framework used by penetration testers. It
simplifies the use of vulnerabilities by providing a modular approach to configuring and
deploying vulnerability exploits.
b. Answer B is incorrect. Wireshark is a protocol analyzer. It provides a graphical user
interface (GUI) and a wide range of filtering, protocol analysis, and inspection tools
c. Answer A is incorrect. Aircrack-ng is a wireless network security testing tool.
d. Answer C is incorrect. The Social Engineer’s Toolkit (SET) is a framework for conducting
social engineering attacks.
3. What protocol is used to prevent network loops?
a. STP, or Spanning Tree Protocol, is used to detect loops. STP ensures that every segment
is accessible but that loops are detected and blocked.
b. Answers A, C, and B are incorrect. BGP (Border Gateway Protocol), OSPF (Open Shortest
Path First), and EIGRP (Enhanced Interior Gateway Routing Protocol) are routing
protocols.
4. Susan is designing the physical security controls for her organizations new building and wants to
ensure that the front doors are protected from a vehicle being used to ram through them. What
physical security control is typically put in place to prevent this?
a. Bollards are pillars or other structures placed to prevent vehicles from passing through
an area. Many bollards look like metal poles or concrete pillars. Planters, large boulders,
and other structures can also serve as bollards.
b. Answers B, C, and A are incorrect. A moat is not a typical security control unless your
organization has a castle, and walls and fences are more frequently used to prevent
access by people.
,5. Samantha has configured an unused network segment at her company to appear to be
vulnerable and has added instrumentation and data gathering capabilities so that she can
observe and analyze what attackers do while attempting to exploit that network. What type of
environment has she set up?
a. Samantha has set up a honeynet, which is a network that is built to have intentional
vulnerabilities that will attract attackers whose actions can then be recorded and
studied. It is a group of honeypots set up to be even more convincing and to provide
greater detail on attacker tools due to the variety of systems and techniques required to
make it through the network of systems.
b. Answer A is incorrect. Load balancers are used to distribute traffic to multiple systems,
provide redundancy, and allow for ease of upgrades and patching.
c. Answer D is incorrect. A black hole is a network location where traffic is sent that will not
be further forwarded.
d. Answer C is incorrect. A tarpit is a system configured to slow down attackers.
6. Gavin is drafting a document that provides a detailed step-by-step process that users may follow
to connect to the virtual private network (VPN) from remote locations. Alternatively, users may
ask IT to help them configure the connection. What term best describes this document?
a. A procedure offers a step-by-step process for completing a cybersecurity activity. The
VPN instructions that Gavin is creating are best described using this term. Similar to
checklists, procedures ensure a consistent process for achieving a security objective.
b. Answer D is incorrect. Policies are high-level statements of management intent.
Compliance with policies is mandatory.
c. Answer C is incorrect. Standards provide mandatory requirements describing how an
organization will carry out its information security policies.
d. Answer B is incorrect. Guidelines provide best practices and recommendations related to
a given concept, technology, or task.
7. What term best describes data that is in the memory of a computer system?
a. Data in processing or data in use is data that is stored in the active memory of a
computer system where it may be accessed by a process running on that system.
b. Answer A is incorrect. Data in motion, or data on the wire, is data being transmitted
across a network between two systems.
c. Answer D is incorrect. Data at rest is stored data that resides on hard drives, on tapes, in
the cloud, or on other storage media.
d. Answer C is incorrect. Data in storage is not one of the types of data.
8. Tom wants to duplicate all traffic passing through a network connection but does not want to
add any additional load to the switch that it is passing through. What component should he add
to accomplish this? This type of question contains radio buttons and checkboxes for selection of
options.
a. Tom should use a tap, which is a device that independently sends a copy of network
traffic to another path or location. Both active and passive taps exist, and they offer the
advantage of not requiring the switch or router to process the traffic.
b. Answer B is incorrect. Honeypots are systems that are intentionally configured to appear
to be vulnerable but that are actually heavily instrumented and monitored systems that
, will document everything an attacker does while retaining copies of every file and
command they use.
c. Answer A is incorrect. Load balancers are used to distribute traffic to multiple systems,
provide redundancy, and allow for ease of upgrades and patching.
d. Answer D is incorrect. Proxy servers accept and forward requests, centralizing the
requests and allowing actions to be taken on the requests and responses.
9. Jim wants to equip his mobile phone with the ability to create, store, and manage certificates.
What hardware device is purpose built for this use?
a. Hardware security modules (HSMs) come in many forms, ranging from rack-mounted
servers and appliances to USB-based HSMs. MicroSD (secure digital) HSMs are designed
to allow mobile devices equipped with the proper application to interact with the HSM,
providing a way to create, manage, and store certificates using a mobile device with
hardware-based assurance.
b. Answers D and A are incorrect. Both hashing store and one-time password (OTP) are not
hardware devices.
c. Answer C is incorrect. A USB (universal serial bus) blocker blocks data from being sent via
USB cables to prevent data theft.
10. Which of the following replaces the preshared keys used in a WPA2 and requires interaction
between both the client and network to validate both sides?
a. Wireless Protected Access 3 (WPA3)-Personal provides additional protection for
password-based authentication, using a process known as Simultaneous Authentication
of Equals (SAE). SAE replaces the preshared keys used in WPA2 and requires interaction
between both the client and network to validate both sides.
b. Answer D is incorrect. The Secure Real-Time Protocol (SRTP) is a secure version of the
Real-time Protocol (RTP), a protocol designed to provide audio and video streams via
networks.
c. Answer C is incorrect. The Secure Lightweight Directory Application Protocol (LDAPS) is a
Transport Layer Security (TLS)-protected version of the Lightweight Directory Access
Protocol (LDAP) that offers confidentiality and integrity protections.
d. Answer B is incorrect. The Domain Name System Security Extension (DNSSEC) focuses on
ensuring that the Domain Name System (DNS) information is not modified or malicious,
but it doesn't provide confidentiality like many of the other secure protocols.
11. The biometric authentication system that Patricia has deployed has been allowing users to
authenticate whose fingerprints do not match the users who they are authenticating. What type
of error is this called in biometric systems?
a. This type of problem is an issue with false acceptance and can be a major issue for
biometric systems. Type II errors or false acceptance errors occur when a biometric
factor is presented and is accepted when it shouldn't be. Patricia needs to tune the
system to reduce the false acceptance rates while minimizing false rejection rates.
b. Answer D is incorrect. The crossover error rate describes the point where the false reject
rate (FRR) and false accept rate (FAR) are equal.
c. Answer A is incorrect. False rejection errors mean that a legitimate biometric measure
was presented and the system rejected it.
d. Answer C is incorrect. There is no such term as crossover acceptance rate.
