1. Which security test is appropriate for detecting system weaknesses such as misconfiguration, default passwords, and potential DoS targets?
- vulnerability scanning*
- network scanning
- integrity checkers
- penetration testing
2. How does network scanning help assess operations security?
- It can simulate attacks from malicious sources.
- It can log abnormal activity.
- It can detect open TCP ports on network systems.*
- It can detect weak or blank passwords.
3. What is the objective of the governing policy in the security policy hierarchy structure?
- It covers all rules pertaining to information security that end users should know about and follow.
- It outlines the company’s overall security goals for managers and technical staff.*
- It provides general policies on how the technical staff should perform security functions.
- It defines system and issue-specific policies that describe what the technical staff does.
4. Which type of security policy document is it that includes implementation details that usually contain step-by-step instructions and graphics?
- best practices document
- procedure document*
- standards document
- guideline document
5. What is the purpose of a security awareness campaign?
- to teach skills so employees can perform security tasks
- to focus the attention of employees on security issues*
- to provide users with a training curriculum that can ultimately lead to a formal degree
- to integrate all the security skills and competencies into a single body of knowledge
6. What is the goal of network penetration testing?
- detecting configuration changes on network systems
- detecting potential weaknesses in systems
- determining the feasibility and the potential consequences of a successful attack*
- detecting weak passwords
7. What network security testing tool has the ability to provide details on the source of suspicious network activity?
- SIEM
- SuperScan
- Zenmap
- Tripwire
8. What network scanning tool has advanced features that allows it to use decoy hosts to mask the source of the scan?
- Nessus
- Metasploit
- Tripwire
- Nmap*
9. What network testing tool can be used to identify network layer protocols running on a host?
- SIEM
- Nmap*
- L0phtcrack
- Tripwire
10. What type of network security test would be used by network administrators for detection and reporting of changes to network systems?
- penetration testing
- vulnerability scanning
- integrity checking*
- network scanning
11. What testing tool is available for network administrators who need a GUI version of Nmap?
- Nessus
- SIEM
- Zenmap*
- SuperScan
12. Which initial step should be followed when a security breach is found on a corporate system?
- Create a drive image of the system.
- Isolate the infected system.*
- Establish a chain of custody.
- Photograph the system.
13. What step should be taken after data is collected, but before equipment is disconnected, if a security breach is found on a system?
- Create a drive image of the system.
- Isolate the infected system.
- Photograph the system.*
- Determine if data tampering has occurred.
14. Which security program is aimed at all levels of an organization, including end users and executive staff?
- educational degree programs
- certificate programs
- awareness campaigns*
- firewall implementation training courses
15. What is implemented by administration to instruct end users in how to effectively conduct business safely within an organization?
- security awareness program*
- governing policy
- noncompliance consequences
- technical policy
16. What are two major components of a security awareness program? (Choose two.)
- technical policy
- procedure documents
- awareness campaigns*
- guideline documents
- education and training*
17. Which type of documents include implementation details that usually contain step-by-step instructions and graphics?
- standards documents
- procedure documents*
- guideline documents
- end-user policy documents
18. Which type of documents help an organization establish consistency in the operations of the network by specifying criteria that must be followed?
- guidelines
- standards*
- procedures
- end user policies
19. Which policy outlines the overall security goals for managers and technical staff within a company?
- acceptable use policy
- technical policy
- governing policy*
- end-user policy
20. Which type of security policy includes network access standards and server security policies?
- end user policy
- technical policy*
- governing policy
- acceptable use policy
21. Which type of security policy includes acceptable encryption methods?
- governing policy
- acceptable use policy
- technical policy*
- end-user policy
22. What is the determining factor in the content of a security policy within an organization?
- the security staff
- the audience*
- the chief executive officer
- the best practices
23. Which executive position is ultimately responsible for the success of an organization?
- Chief Technology Officer
- Chief Executive Officer*
- Chief Security Officer
- Chief Information Officer
24. Match the network security testing tool with the correct function. (Not all options are used.)
Question
Answer
Download PDF File below: