Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

What is the purpose of an Internet Protocol (IP) spoofing attack?

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

An external attacker has compromised an organization’s network security perimeter and
installed a sniffer onto an inside computer. Which of the following is the MOST effective
layer of security the organization could have implemented to mitigate the attacker’s ability
to gain further information?

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

A.

Link layer

B.

Physical layer

C.

Session layer

D.

Application layer

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is
responsible for negotiating and establishing a connection with another node?

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

A manufacturing organization wants to establish a Federated Identity Management (FIM)
system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification