Cybrary study guide

General Study Guides

Begin refreshing your memory with our interactive study guide today, so you can be on your way to becoming certified.

3G Definition

3G stands for what?

  1. 3 Galaxy Android Phone
  2. 3rd Generation cellular technology
  3. 3rd Generation iOS
  4. None of the above

Answer: The correct answer is 2.

Breakdown: Cellular networks are referred to by their generation: 2G, 3G, or 4G, which stand for 2nd, 3rd, or 4th Generation cellular technology.

WiFi on iOS Devices

How do you enable WiFi on an iOS device?

  1. Settings, WiFi, tap to toggle on and off.
  2. Setting, Networks, tap Enable WiFi.
  3. Settings, Internet, WiFi, tap to toggle on and off.
  4. Settings, WiFi, tap Enable WiFi.

Answer: The correct answer is 1.

Bluetooth on iOS

True or false? Once Bluetooth is enabled on an iOS device, it will automatically begin scanning for pairable devices.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: Bluetooth is a wireless networking technology that allows short-range communications between devices such as a cellphone and a headset or a table and a PC. With Bluetooth enabled, you must then enable pairing. When Bluetooth is enabled on an iOS device, it will automatically scan for pairable devices.

Email Syncing on Mobile Devices

You have a user who is having trouble syncing email between his Android phone, a tablet, and a PC. What type of email account does he have?

  1. POP3
  2. IMAP

Answer: The correct answer is 2.

Breakdown: POP3 and IMAP are both protocols for managing incoming email, however IMAP offers more functionality. With IMAP you can leave your messages on the server, which can then be accessed from multiple devices. Unlike POP3, the IMAP service can synchronize changes in an email account across several devices.

iPhone Passcode Lock

Which of the following procedures would you use to begin setting a passcode lock on an iPhone?

  1. Access Settings, General, Passcode Lock.
  2. Access Settings, Location and security, Set screen lock.
  3. Access Settings, General, Security, Passcode Lock.
  4. Access Settings, General, Preferences, Passcode Lock.

Answer: The correct answer is 1.

Breakdown: A passcode lock operates much like password protection on a PC or laptop. Its purpose is to prevent casual access to the data on a mobile device and is one of the simplest ways of securing it.

Android Passcodes

Which types of passcodes can you set on an Android device? (Choose all that apply)

  1. PIN
  2. Voice recognition
  3. Password
  4. Pattern

Answer: The correct answer is 1, 3 and 4.

Breakdown: Android offers the option to set passcodes using pattern, PIN, or password methods. You set the passcode on Android devices viSettings, Location and security screen, and tap Set screen lock.

Locate Lost or Stolen iPhone

You can find a lost or stolen iPhone using which of the following applications? (Choose all that apply)

  1. Lost iPhone
  2. Apple iPhone Locator
  3. Find My iPhone
  4. iCloud

Answer: The correct answer is 3.

Breakdown: Find My iPhone is a typical example of an iOS locator application. It uses GPS data from your phone to track it from another device which is connected to the Internet. It requires an account with Apple’s iCloud service (is not an app) along with a valid Apple ID.

Mobile Device Wiping

You can configure a device to erase all data after a set number of:

  1. failed OS updates
  2. failed logon attempts
  3. virus infections
  4. failed backup operations

Answer: The correct answer is 2.

Breakdown: You can further defeat unauthorized access to a device by configuring it to erase its data after a set number of failed login attempts. Currently, this feature is only natively available on iOS devices. Third-party apps are available to provide this feature on Android.

Mobile Software Updates

In which OS can you manually update software using: Settings->About Phone->System updates?

  1. Android
  2. iOS

Answer: The correct answer is 1.

Breakdown: System updates for Android are available from the Settings->About Phone->System updates screen when updates are available, however, the device fragmentation in the Android marketplace leaves updating the Android operating system to the manufacturer. In some cases, the device is locked to an older version of Android without the option to ever upgrade even when newer versions of Android are released by Google.

Data Synchronization

True or false? Videos are one type of data that cannot be synced between devices.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: A wide variety of data can be synchronized between devices with the following the most often synced: Contacts Programs Email Pictures Music Videos

Device Syncing Connection Types

Which of the following types of connections can be used to sync two devices? (Choose all that apply)

iPhone Syncing App

What software application would you use to sync an iPhone with a Windows PC?

  1. Outlook
  2. iTunes
  3. Exchange
  4. Windows Folder and File Sharing

Answer: The correct answer is 2.

Breakdown: Apple’s iTunes is the designated (and only) software for syncing iOS devices. iTunes must first be installed on the PC prior to connecting to the iPhone.

iOS 4.0 Connection Types

True or false? You can sync an iOS 4.0 device using either USB or WiFi.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: You can only sync an iOS 4.0 device using a USB connection to a computer. Data syncing over WiFi was added in iOS 5.0 and requires that the computer be running iTunes 10.5 or later.

Windows Clean Install

In Windows 7 and Windows Vista, what utility do you use to copy all your files and settings to an extra hard drive or other storage device, before doing a clean install?

  1. Files and Settings Transfer Wizards
  2. Upgrade Advisor
  3. User State Migration Tool
  4. Windows Easy Transfer

Answer: The correct answer is 4.

Breakdown: In Windows 7 and Windows Vista, you can use Windows Easy Transfer to automatically copy all of your files and settings to an extra hard drive or other storage device prior to performing a clean install. After the installation is complete, you then use Windows Easy Transfer to reload your files and settings. Keep in mind that you will need to reinstall your applications once the upgrade is complete.

Windows Hardware Recommendations

For which Windows operating system is 1 GB of memory recommended? (Choose all that apply)

  1. Windows XP Professional
  2. Windows Vista Home Basic
  3. Windows Vista Home Premium
  4. Windows Vista Ultimate
  5. Windows 7 32-bit
  6. Windows 7 64-bit

Answer: The correct answer is 3, 4 and 5.

Breakdown: Microsoft recommends a minimum of 1 GB of RAM for Windows 7 32-bit, and Windows Home Premium/Business/Ultimate/Enterprise operating system versions. 2 GB of memory is suggested for Windows 7 64-bit systems.

Windows Vista Upgrade Advisor

True or false? To run the Windows Vista Upgrade Advisor, you must have the Windows .Net Framework 2.0 and MSXML version 6 (MSXML6) installed on your computer.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: Windows 7, Windows Vista, and Windows XP include a free tool called the Upgrade Advisor used to determine if the selected OS supports your hardware and software configuration. The Advisor scans your computer to determine if there are any issues preventing a successful upgrade. In order to run the Windows Vista Upgrade Advisor, you must have the Windows. NET Framework 2.0 and MSXML version 6 (MSXML6) installed. You can download these items for free from Microsoft’s Website.

Windows XP Partition Sizes

What is the partition size limit on Windows XP computers without SP1 or later?

  1. 128 GB
  2. 137 GB
  3. 256 GB
  4. 500 GB
  5. 1 TB

Answer: The correct answer is 2.

Breakdown: Windows XP originally didn’t support 48-bit Logical Block Addressing (LBA) for ATAPI disk drives, thus giving it a 137 GB partition limit. This issue was addressed in Windows XP SP1 as well as in Windows Vista.

Windows Vista Upgrade Path

Which Windows operating system can’t be upgraded to any edition of Windows Vista?

  1. Windows 2000 Professional
  2. Windows XP Home
  3. Windows XP Professional
  4. Windows XP Media Center

Answer: The correct answer is 1.

Breakdown: A clean install is required when upgrading from all versions of Windows 2000 to any version of Windows Vista.

Windows 7 Upgrade Utility

To complete an upgrade from one version of Windows 7 to another, what utility do you use?

  1. Upgrade Wizard
  2. Windows Anytime Upgrade
  3. Windows Easy Transfer
  4. Recovery Console

Answer: The correct answer is 2.

Breakdown: To upgrade from one version of Windows 7 to another you can use the Windows Anytime Upgrade utility. This utility installs components from the Component-based servicing (CBS) store located on the local computer. You must purchase an upgrade key in order to use this utility.

Older Application Nomenclature

What is an application written for an older operating system called?

  1. Legacy application
  2. Old school application
  3. Historic application
  4. Deprecated application

Answer: The correct answer is 1.

Breakdown: Applications written to work under an older version of an operating system are referred to as legacy applications. Such applications may or may not work correctly when run under more recent versions of the operating system. The best option is to upgrade the application to be compatible with the newer OS, though this may involve additional cost.

Windows Installation From Network Share

True or false? You can install Windows 7 and Windows Vista from a network share, but not Windows XP.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: You can perform a network installation of Windows by copying the contents of the installation disk to a network server or by placing the disk in an optical drive on the network server and then sharing the folder or drive. This type of installation is supported by Windows 2000, XP, Vista, and Windows 7.

Network Location Security

Which network location is configured for limited discovery and tighter security?

  1. Home
  2. Office
  3. Public
  4. Work

Answer: The correct answer is 3.

Breakdown: Deciding on the location of where the computer is connected when installing Windows 7 or Windows Vista is important in terms of security. Choosing Public location provides for limited discovery and tighter security.

Problems Downloading Windows Updates

When installing Windows 7 or Windows Vista, if Setup can’t download updates, what is the resolution?

  1. Continue with the install. You can install updates later.
  2. Install the most recent service pack.
  3. Note the type of error and research the cause and solution on Microsoft’s Website.
  4. Replace the NIC with a Vista-compatible NIC and try again.

Answer: The correct answer is 1.

Breakdown: A likely cause of being unable to download updates during a Windows install is because of network connection problems. You can continue with the upgrade and then download and install updates later.

Proprietary Mobile Operating System

Of the two main mobile operating systems, which is proprietary?

  1. Windows Phone
  2. Android
  3. iOS
  4. Nokia

Answer: The correct answer is 3.

Breakdown: Of the two main mobile operating systems, iOS and Android, iOS is proprietary software of Apple, Inc. It isn’t licensed for use in non-Apple products. Developers wishing to create iOS apps must register with Apple and use the company’s development platform which includes an Apple computer and programming environment.

Solid State Drive Features

Which of the following are true about solid state drives? (Choose all that apply)

  1. They use flash memory to store data.
  2. They have few moving parts.
  3. They use power more efficiently than conventional hard drives.
  4. They are less expensive than conventional hard drives.

Answer: The correct answer is 1, 2 and 3.

Breakdown: Solid state drives (SSDs) use flash memory to store data. They have no moving parts and are therefore less susceptible to shock or vibration. They are also smaller, faster and more power-efficient than conventional hard drives. Their main disadvantage is price. This explains why they have a limited storage capacity when compared to HDDs.

Touch Technologies

Using two fingers on a screen to enlarge a photo is an example of which type of touch technology?

  1. Touch flow
  2. Resistive
  3. Multitouch
  4. Capacitive

Answer: The correct answer is 3.

Breakdown: In addition to the two types of touch screens for mobile devices — resistive touch and capacitive touch — there are two touch technologies to be aware of: touch flow and multi touch. Multitouch allows a user to control the tablet or smartphone screen by using multiple, simultaneous touches. An example would be using two fingers to expand and collapse a photo display.

Tablet Components

You can easily swap out which components in any tablet? (Choose all that apply)

  1. Memory module
  2. ROM chip
  3. Battery
  4. None of the above

Answer: The correct answer is 4.

Breakdown: Tablets, in general, have few or no field-serviceable parts. Batteries and hard drives are field-replaceable in some devices. iPads from Apple Computer, has no field-serviceable parts at this time. For most devices where repair is needed (whether Android or iOS), the device should be sent to a qualified repair center or simply replaced entirely.

ARM Mobile Processors

What are the advantages of using an ARM processor in a tablet? (Choose all that apply)

  1. Larger size
  2. Simplicity of design
  3. Low power usage
  4. Reliability

Answer: The correct answer is 2 and 3.

Breakdown: Smartphones and tablets use an ARM (Advanced RISC Machine) processor. Its main advantages are its simple design and low power usage, which is important when considering battery life.

Mobile Display Calibration

What is a way to quickly fix screen calibration problems?

  1. Perform a hard reset
  2. Perform a soft reset
  3. Reflash the ROM
  4. Use a third-party calibration app

Answer: The correct answer is 2.

Breakdown: Sometimes, simply performing a “soft” reset by cycling power to a mobile device is all that is required to resolve a screen calibration problem.

Mobile Device Sensors

In some mobile devices, shaking the device results in undoing a previous action. This is due to which motion sensor?

  1. Accelerometer
  2. Gyroscope
  3. Magnetometer
  4. GPS

Answer: The correct answer is 1.

Breakdown: An accelerometer is an internal sensor in a mobile device that detects and measures motion such as vibration or acceleration. Shaking a mobile device, in some instances, will result in an undo operation within an app or system utility. In addition, accelerometers also sense orientation and can reorient the screen display between portrait and landscapes modes depending on the detected position of the device.

User-Modified Settings Issues

What Windows 7 or Vista utility should you use if user-modified settings cause improper operation at startup?

  1. Driver Rollback
  2. Recovery console
  3. System Configuration Utility
  4. System Recovery Options menu
  5. System Restore

Answer: The correct answer is 4.

Breakdown: In Windows 7 and Windows Vista, the Recovery Console has been replaced with several recovery tools accessible from the Systems Recovery Options menu. These tools can help you repair startup problems, restore your system files from a restore point, test your computer’s RAM, and in some editions of Windows 7 and Windows Vista, restore your entire computer and system files from backups.

Troubleshooting Operating Loading Issues

If a computer successfully boots, but the operating system interface doesn’t load properly, what type of error has occurred?

  1. Startup error
  2. Boot error
  3. Operating system load error
  4. Hardware error

Answer: The correct answer is 3.

Breakdown: Situations where the computer boots but fails to load the Windows GUI are classified as operating system load errors. Possible causes for this condition are: Display or other system driver not working properly. The computer is infected with a virus. Explorer.exe is missing or corrupted.

System Startup Troubleshooting

In the System Configuration utility, which mode can you use to load only basic devices and services while troubleshooting a problem?

  1. Normal
  2. Diagnostic
  3. Selective
  4. Debug

Answer: The correct answer is 2.

Breakdown: The Diagnostic Startup mode in the System Configuration utility, loads only basic devices and services to help narrow down things during the troubleshooting process.

Windows Startup Utility

Which Windows 7, Windows Vista, and Windows XP GUI utility allows you to view, disable, and enable software and services that run at startup?

  1. ASP
  2. Boot.ini
  3. ERD
  4. Msconfig
  5. Recovery Console

Answer: The correct answer is 4.

Breakdown: The System Configuration Utility makes it easier to resolve startup issues and identify issues with background processes. Using the Startup tab, you can troubleshoot problems with programs that are configured to start when Windows starts up.

Device Driver Installation

True or false? For most devices, when you connect a device for the first time, Windows automatically loads the required drivers.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: Via the Plug-n-Play (PnP) feature of Windows, the OS can often find the appropriate driver to install along with newly detected devices. In cases where this is not possible or a newer version of the driver is available, then visit the manufacturer’s Web site and download and install the necessary driver from there.

True or false? In Windows 7, many common problems are resolved transparently, requiring little, if any, user interaction.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Unfortunately, even modern versions of the Windows operating system, such as Windows 7, are occasionally subject to errors. The good news is that the built-in diagnostic tools as well as other recovery tools are available to guide you through troubleshooting OS problems.

VoIP Jitter

True or false? QoS can be used to prioritize video and VoIP transmission to reduce jitter.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: Quality of Service (QoS) mechanisms and policies on the network can be used to prioritize video and VoIP transmission to ensure that the packets receive priority over other types of network traffic. QoS mechanisms can help reduce and eliminate jitter and other types of interference.

Signal Strength

What is the decrease in signal strength along the length of a network wire called?

  1. Suppression
  2. Dampening
  3. Attenuation
  4. Squelching

Answer: The correct answer is 3.

Breakdown: Attenuation is the decrease in signal strength along the length of a network wire. The longer the wire, the greater the degree of attenuation. You can solve this problem either by shortening the wire or inserting a device such as a repeater to boost the signal.

Verify DNS Settings

Which command would you use to verify name resolution (DNS) settings?

  1. ipconfig
  2. ping
  3. nslookup
  4. tracert

Answer: The correct answer is 3.

Breakdown: When two computers communicate with each other by using TCP/IP across the network, the Domain Name System (DNS) service is responsible for resolving the names you specify to their associated IP addresses. To verify that your computer can communicate with its assigned DNS server, enter nslookup [host or FQDN]. If the DNS server responds with the IP address of one or more computers, then communication is successful.

IPCONFIG Command Information

What information does the ipconfig command report? (Choose all that apply)

  1. Current TCP/IP configuration
  2. Full route between client and host
  3. DNS server address
  4. Default gateway IP address
  5. Client IP address

Answer: The correct answer is 1, 3, 4 and 5.

Breakdown: The IPCONFIG command allows you to display and modify the current TCP/IP settings of a user’s computer including the IP address, subnet mask, default gateway, and DNS server address.

Cable Tester

What physical tests can you perform with a cable testing device? (Choose all that apply)

  1. Test hub connections
  2. Test notebook displays
  3. Locate missing cables
  4. Test AC wall outlets

Answer: The correct answer is 1 and 3.

Breakdown: A cable testing device can test both physical cables as well as network functions such as load handling and data throughput.

IP Address Diagnostics

Which command displays the IP address of the host and other configuration information?

  1. getmac
  2. ipconfig
  3. nslookup
  4. ping

Answer: The correct answer is 2.

Breakdown: Though other networking commands also display IP address information of computers on a network, the ipconfig command goes further and also displays configuration information.

Wireless LAN Connection Problems

What might be the cause if you can’t connect to a radio wireless device? (Choose all that apply)

  1. Device tuned to wrong channel
  2. Security settings preventing connections
  3. Device out of range
  4. Mismatched protocols between device and client

Answer: The correct answer is 2 and 3.

Breakdown: There are several possible reasons for being unable to connect to a radio wireless device: being out of range, interference from motors or equipment, drivers not installed, wireless router turned off, or security settings are preventing connections.

LAN Electrical Interference

What steps can you take to minimize electrical interference on a wired LAN? (Choose all that apply)

  1. Use good quality cabling
  2. Add shielding around hubs, switches, and routers
  3. Install cables in separate conduits away from noise sources
  4. Use shielded cables in high-noise environments

Answer: The correct answer is 1, 3 and 4.

Breakdown: Electrical noise can originate internally from the LAN cables themselves as well as externally from electric motors such as those in elevators and from fluorescent lights and air conditioners. In areas where there’s an abundance of electrical noise, you can use shielded cables or other technologies such as fiber optic cables to prevent interference. Running network cables through their own conduit, away from noise sources, is a good practice for minimizing interference.

Resetting Network Adapter

Which utility enables you to reset a computer’s network adapter?

  1. Network map
  2. Windows Network Diagnostics
  3. IPCONFIG
  4. Local Area Connection

Answer: The correct answer is 2.

Breakdown: Windows Network Diagnostics allows you to diagnose many of the common problems encountered on TCP/IP networks. For example, it can typically identify problems such as an incorrect subnet mask or default gateway address, a DNS server that is down, a disabled network adapter, or a network adapter that you need to reset.

Faulty Laser Printer Drum

What are some likely problems caused by a faulty laser printer drum? (Choose all that apply)

  1. Weak or missing color
  2. Black or blank pages
  3. Voided areas
  4. Repetitive image defects

Answer: The correct answer is 2, 3 and 4.

Breakdown: Problems typically encountered from a faulty laser printer drum are repetitive image defects, voided areas, and black or blank pages. You should first inspect and clean the drum and replace it if it’s damaged.

Problems From Low Fuser Temperature

What problems might you see if the temperature of the fuser is too low? (Choose all that apply)

  1. Focus problems
  2. Smearing
  3. Voided areas
  4. Dark images

Answer: The correct answer is 1 and 2.

Breakdown: Incorrect fuser temperature may cause focus and smearing problems. You should inspect the thermistor and thermistor cable and test the fuser assembly, replacing worn or missing pads.

Smudged Print

Which of the following are possible causes of smudged print? (Choose all that apply)

  1. Low toner
  2. Damp paper
  3. Debris on the laser scanning mirror
  4. Limited memory

Answer: The correct answer is 2 and 3.

Breakdown: Possible causes of smudged print are debris on the mirror and damp or moist paper. There are several other causes which should also be investigated.

Ghosting and Shadows

Which of the following is the most likely cause of ghosting and shadows on printed pages?

  1. Broken paper guides
  2. Residual toner on the drum
  3. Accumulated toner on the transfer corona
  4. A faulty sensor in the registration assembly

Answer: The correct answer is 2.

Breakdown: Ghosting and shadows on the printed page have several possible causes: residual toner on the drum, drum not discharging properly, and the primary corona not putting an adequate conditioning charge on the drum.

Improperly Stored Paper Problems

Why might improperly stored paper cause smearing?

  1. Light faded the paper.
  2. Moisture on the paper.
  3. Edges not straight

Answer: The correct answer is 2.

Breakdown: Damp or moist paper due to improper storage and cause smearing during printing. Store all consumables in a dry, cool location.

Low Toner Problems

True or false? Low toner is a likely cause of repetitive image defects.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Repetitive image defects in a laser printer have several possible causes: drum defect, faulty registration rollers, and debris on the heated fusing roller. All of these possibilities should be checked first when troubleshooting this condition. Low toner is often the cause behind light or weak images.

Troubleshooting Print Job From Application

True or false? When you’re troubleshooting a print job from an application, the first thing you should troubleshoot is the printer cable.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Methodical troubleshooting requires focusing on one top-level component area at a time. When troubleshooting a printer problem from the application, focus on just application level causes. Only move on to the next top-level component area to troubleshoot after you have completed all of the testing steps in the current component area.

Common Printer Problems

What are some of the possible sources of a printing problem? (Choose all that apply)

  1. The printer
  2. The application
  3. The operating system and drivers
  4. The connection

Answer: The correct answer is 1, 2, 3 and 4.

Breakdown:. When troubleshooting any problem, always take a “top-down” approach. For printer problems, begin with all of the top-level components and systems involved in the printing process. Once you isolate the problem to one specific item, then you can narrow in on the precise cause of the problem.

Blurry Monitor Display

What are possible causes for a blurry monitor display? (Choose all that apply)

  1. Monitor set to improper resolution.
  2. Monitor output is miscalibrated.
  3. Monitor is going bad.
  4. Noisy AC power to monitor.

Answer: The correct answer is 1, 2 and 3.

Breakdown: All of the chosen reasons above can cause a blurry monitor display, including a failing monitor. Check all configurable display settings first before determining that a monitor is defective and in need of replacement.

Display Troubleshooting

True or false? You should always wear an anti-static wrist strap while working on display components.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: In general you should practice good ESD precautions while working with devices and circuit cards that contain static-sensitive components, however, you should never wear a wrist strap when working on CRT monitors. These devices contain high voltages which can still be present even with the power disconnected. Providing a low-resistance path to ground from your body via a wrist strap presents a potentially hazardous situation should you accidentally come in contact with high voltage.

Laptop Display Problems

What’s one of the most common user-caused problems with laptop displays?

  1. Incorrect resolution selected
  2. Function-key monitor setting incorrect
  3. Incompatible monitor settings
  4. Food and drink spilled on screen

Answer: The correct answer is 2.

Breakdown: Many laptop display problems are caused by the Function-keys being set to the wrong monitor setting, for example, being set to use an external monitor when one isn’t attached. Other incompatible settings may also be the cause of display problems and should also be checked.

Power Measurements

Which power-related measurement is the rate at which power is drawn?

  1. Amperage
  2. Polarity
  3. Voltage

Answer: The correct answer is 1.

Breakdown: There are three power-related measurements for a laptop computer: voltage, amperage rating, and polarity. Amperage is the strength of the electrical current drawn by the system from the battery.

Notebook Wireless Antenna

Some laptops have their wireless antenna in the lid. If the lid is tipped beyond what degree angle, can it potentially adversely affect the bandwidth available for the network connection?

  1. 45 degrees
  2. 60 degrees
  3. 10 degrees
  4. 90 degrees

Answer: The correct answer is 4.

Breakdown: In some laptops, the wireless antenna is in the lid. If the lid is tipped below or beyond a 90 degree angle, it can adversely affect the bandwidth available for the network connection. Sometimes the connection is lost entirely. To correct the problem, you need to reposition the notebook cover. In addition, make certain that the wireless adapter wasn’t inadvertently turned off and also try moving closer to the access point to improve the quality of the connection.

PC Card Installation

True or false? To install PC Cards, you must shut down the computer first.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: PC Cards are hot-swappable and can be inserted while the notebook is running. In the event that there is a problem with installing a PC Card, then try removing any unnecessary peripheral devices to rule out a possible system resource conflict between the two devices.

Troubleshooting Notebook Peripherals

True or false? When troubleshooting notebook peripherals, it’s likely that most problems are due to a damaged port.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Though it’s possible that a damaged port can be responsible for a notebook peripheral not working, it’s much more likely the result of a function-key combination being inadvertently engaged. This happens easily on cramped notebook keyboards. Function-key combinations are used to toggle the monitor mode and even turn off the wireless adapter. Check for these conditions first before suspecting hardware problems.

Noisy Hard Drive

True or false? A noisy and slow hard drive can sometimes be fixed with software solutions.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: A noisy or slow drive may be the result of a high degree of disk fragmentation. Try running a disk defrag utility to see if the condition improves.

Hard Drive Installation Failure

True or false? Upon installing a new hard drive, you notice that its recognized space is less than the size listed on the label. This suggests a faulty drive.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: If a newly-installed hard disk drive doesn’t match the advertised space, then the discrepancy can often be traced back to a misunderstanding in the units being used. Other causes for this condition can be inefficiencies in the FAT32 file system with very large drives or a BIOS misconfiguration with older drives.

Computer Freezing Up

True or false? Bad memory is a possible cause of a computer freezing up.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: There are several possible causes for a computer that intermittently stops working or reboots. Bad or failing memory modules or incorrect memory speed settings are one possible cause. A memory test using a RAM-testing utility is a good place to start when troubleshooting suspected memory problems.

General Protection Fault

True or false? A common cause of a Windows General Protection Fault message is a poorly written software application.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: This error is typically the result of a poorly written application, but can also be the result of bad memory or a failing motherboard. If you suspect a software application, then check the vendor’s Website for updates or patches to the application.

Beep Codes

What does a beep code error of three long beeps indicate?

  1. Memory problem
  2. Video adapter failure
  3. Keyboard error
  4. Boot failure

Answer: The correct answer is 3.

Breakdown: This beep error code indicates a keyboard error: a key is stuck or the keyboard is plugged into the mouse port. Troubleshooting this problem involves attaching a different keyboard and attempting to reboot. Also confirm that the keyboard and mouse are plugged into their respective ports.

POST Beep

You hear one short beep when you first turn on your computer. What problem does that beep code indicate?

  1. Memory error
  2. Power supply problem
  3. CMOS problem
  4. Normal boot up

Answer: The correct answer is 4.

Breakdown: One short beep upon power up indicates that your PC completed the boot process successfully.

BIOS and CMOS

True or false? BIOS and CMOS are the same thing.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: Though working hand-in-hand, the BIOS and CMOS are two different things. The BIOS is a set of instructions in binary form stored in non-volatile memory that handle the boot operation, among other things, of a PC. The CMOS is battery-backed RAM (volatile storage), which stores settings for the BIOS.

CMOS Battery Failure

What’s one symptom of a failed CMOS battery?

  1. Power disabled to motherboard
  2. Reduced display resolution
  3. Only mono sound
  4. Computer loses date and time settings

Answer: The correct answer is 4.

Breakdown: Configuration data is saved to CMOS storage, which is backed by a battery connected to the motherboard. You might need to replace the CMOS battery if your computer is losing its time or date settings when you boot or if you’re receiving error messages with regards to the CMOS.

Power Interruptions

True or false? Brownouts are more common than blackouts.

  1. True
  2. False

Answer: The correct answer is a 1.

Breakdown: Brownouts are a brief decrease or sag in voltage caused when other devices use so much power when starting that they decrease the voltage to other devices on the circuit. These events are more common than a total loss of power otherwise known as a blackout. Blackouts are either local events that are the result of tripped circuit breakers, downed wires or damaged transformers or the result of natural disasters such as hurricanes, earthquakes, or tornadoes.

Multimeter Functions

What multimeter modes can you use to determine if a wire is whole or broken? (Choose all the apply)

  1. Current mode
  2. Continuity mode
  3. Voltage mode
  4. Resistance mode

Answer: The correct answer is 2 and 4.

Breakdown: You can determine if a fuse is good or a wire is whole by measuring continuity. Continuity can be checked by setting the multimeter to resistance mode and looking for zero ohms across the circuit. If your multimeter includes a continuity mode, you can also use that. Technically, for some circuits you could also measure the voltage at certain points to check for continuity, but this requires knowledge of the circuit and whether a measurable voltage potential exists at the test point.

Power_Good Signal

What is the purpose of the Power_Good signal?

  1. Indicates the power supply is receiving AC power.
  2. Indicates the power switch is in the “ON” position.
  3. Indicates there’s sufficient electrical power.
  4. Indicates a clean AC power source.

Answer: The Power_Good signal is a +5 V voltage that is supplied over a specific wire in the connector that sends power from the power supply to the motherboard. If the signal isn’t sent because the electrical power is insufficient, the computer won’t boot.

AP Isolation Basics

What does enabling AP isolation on your wireless router accomplish?

  1. Router isn’t visible outside premises
  2. Wireless clients can’t access one another
  3. Router is placed behind a locked door
  4. Wireless clients can’t connect to the wired network

Answer: The correct answer is 2.

Breakdown: AP isolation puts wireless clients onto individual VLANs so that they cannot access one another. This method is commonly used in public wireless networks to prevent one user from accessing another user’s computer. This method may not be appropriate if users need to directly share files or other resources with one another over the network.

Encryption Methods

Which encryption method uses the Advanced Encryption System (AES) cipher for stronger encryption?

  1. 802.11i
  2. WEP
  3. WPA Personal
  4. WPA2

Answer: The correct answer is 4.

Breakdown: WPA2 is built upon WPA by adding more features from the 802.11i standard. Notably, WPA2 uses the Advanced Encryption System (AES) cipher for stronger encryption.

Access Control Methods

Which access control method might require additional hardware or software devices?

  1. MAC address filtering
  2. Authentication
  3. Static IP addresses
  4. Encryption

Answer: The correct answer is 2.

Breakdown: A much stronger access control protection is client authentication, which verifies user credentials sent by the client. Authentication typically requires the use of additional software or hardware devices, such as a RADIUS server.

Secure IP Address Assignment

True or false? Dynamically-assigned IP addresses are more secure than static IP addresses.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Statically assigning IP addresses to each device on your network provides a small measure of added security over DHCP addressing.

Permitted MAC Addresses

Entering a list of permitted MAC addresses on your router is called what?

  1. IP routing
  2. ACL
  3. Port filtering
  4. MAC filtering

Answer: The correct answer is 4.

Breakdown: On most routers, you can enter a list of permitted MAC addresses, or a list of blocked MAC addresses, to limit connections. This is one way to limit network access to a very specific set of computers.

Network Vulnerability Points

Which are vulnerability points in a network? (Choose all that apply)

  1. Built-in management interfaces
  2. Power lines
  3. Users
  4. Firmware and operating system weaknesses

Answer: The correct answer is 1 and 4.

Breakdown: Devices present the following general vulnerability points: Built-in management interfaces Firmware and operating system weaknesses Susceptibility to physical attack Network hijacking

Important Updates

Outside of Windows itself, what programs are particularly important to keep updated?

  1. MS Office Suite
  2. Software development tools
  3. Accessories
  4. Antivirus software and programs that access the Internet

Answer: The correct answer is 4.

Breakdown: Antivirus and other security software must be regularly updated to keep pace with new threats. Similarly, programs which connect to or read files from the Internet, such as browsers and Adobe Reader need frequent updates in order to remain secure.

Windows Driver Updates

What’s the best source for driver updates?

  1. Microsoft
  2. Device manufacturer’s Website
  3. Third-party driver Website

Answer: The correct answer is 2.

Breakdown: Windows might not install the best or most up-to-date drivers for your device if it’s installed with PnP. At some point, you might need to find additional drivers on the Web, most likely from the device manufacturer’s Website.

Checking System Files

What command is used to check system files for changes?

  1. chkdsk
  2. diskpart
  3. sfc
  4. defrag

Answer: The correct answer is 3.

Breakdown: System File Checker verifies that you have the original protected system files. If it discovers that a protected file has been overwritten, it retrieves the correct version of the file from the cache folder or from the Windows CD-ROM and replaces the incorrect file.

Disk Compression Utility

Which disk maintenance utility arranges files to contiguous areas on the disk?

  1. The chkdsk command
  2. Disk Cleanup
  3. Disk Defragmenter
  4. ScanDisk

Answer: The correct answer is 3.

Breakdown: Disk Defragmenter helps to improve hard disk performance by reorganizing the files on the disk. A file that’s saved in one continuous block of space on the hard disk is called contiguous. Files can become fragmented into many clusters spread across noncontiguous portions of the disk as you add, remove, and the contents of files.

Disk Maintenance Utilities

Which disk maintenance utility identifies file systems or physical errors on a hard disk?

  1. The chkdsk command
  2. Disk Cleanup
  3. Disk Defragmenter
  4. ScanDisk

Answer: The correct answer is 1.

Breakdown: The chkdsk command can check your hard disk for both physical and logical errors. You need to specify if you want to fix these types of errors and whether to scan and fix physical errors.

System Restore Features

Can you use System Restore to uninstall a program?

  1. Yes
  2. No

Answer: The correct answer is 2.

Breakdown: System Restore doesn’t replace the process of uninstalling a program. To completely remove the files installed by a program, Microsoft recommends that you remove the program by using the Add or Remove Programs utility or the program’s own uninstall utility.

Restore Points

When Windows detects the beginning of a request to make a system configuration change, what type of restore point is created?

  1. System checkpoint
  2. Manual restore point
  3. Installation restore point
  4. Automatic checkpoint

Answer: The correct answer is 1.

Breakdown: The System Restore utility creates snapshots of your computer’s configuration. A system checkpoint is automatically created when Windows detects the beginning of a request to make a system configuration change.

Backup Types

Which backup type requires that you have the most recent normal backup in addition to this backup if you want to restore files? (Choose all that apply)

  1. Copy
  2. Daily
  3. Differential
  4. Incremental
  5. Normal

Answer: The correct answer is 3 and 4.

Breakdown: Both differential and incremental backup types require that you have the most recent normal backup in addition to the either the differential or incremental backups if you want to restore files.

Windows Backup Basics

When you use Windows Backup to back up the system state, which files are backed up? (Choose all that apply)

  1. Program files
  2. User data
  3. System files
  4. Registry

Answer: The correct answer is 1, 2, 3 and 4.

Breakdown: The Windows Backup utility is used to back up critical files on a bootable computer. You can choose to backup selected user files or a complete system image.

Malware Removal Steps

What is the final step of the malware removal process?

  1. Secure the system.
  2. Educate the end user.
  3. Enable System Restore.
  4. Update antivirus software.

Answer: The correct answer is 2.

Breakdown: After repairing an infected system, the final step in the process is to instruct the end user on ways to avoid or recognize future threats since many malware infections are the result of an unwary user not employing proper security practices. It also helps to instruct the organization as a whole on recognizing and preventing such an infection so it doesn’t occur to others.

Copy Cisco Router IOS to Backup Host

Which command will copy the Cisco router IOS to a backup host on your network?

  1. transfer IOS to 172.16.10.1
  2. copy run start
  3. copy tftp flash
  4. copy start tftp
  5. copy flash tftp

Answer: The correct answer is 5.

Breakdown: To copy the IOS to a backup host, which is stored in flash memory by default, use the copy flash tftp command.

Data Destruction Methods

What is the least secure method of data destruction?

  1. Low-level formatting
  2. Degaussing tool
  3. Standard formatting
  4. Overwriting

Answer: The correct answer is 3.

Breakdown: Standard formatting is a method of preparing a hard drive to receive new data. This is the least secure method of data destruction since it only deletes the file system, rendering the data invisible but not destroyed. Any number of free file recovery tools could retrieve data you thought had been erased.

Malware Scanners

True or false? It’s best to choose one reliable malware scanner and stick with it through the repair process.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: No one program can remove all malware. Different scanning and repair tools can recognize different threats, and some malware is designed specifically to fool common security software suites. You may wish to run multiple scanners to verify the results of the infection removal process.

Windows 7 Spyware Protection

What is the Windows Vista and Windows 7 built-in spyware protection function called?

  1. Windows Defender
  2. Windows Antispyware
  3. Windows Security Center
  4. Windows Firewall

Answer: The correct answer is 1.

Breakdown: Windows Defender is real-time protection software that detects spyware and blocks pop-ups.

System Restore Utility

True or false? System Restore can prevent malware from being fully removed.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: System Restore can be useful in recovering from operating system damage due to malware, but it can also back up infected files in the process. If you restore a system from a restore point made while it was infected, you may introduce the infection back into the system. Hence, it’s often a good idea to disable System Restore after recovering from an infection in order to delete any potentially infected restore points.

Install Disk Scanning Tool

True or false? The Windows 7 install disk contains an antivirus scanning tool for systems that will not boot.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Windows 7 includes the Windows Recovery Environment or System Recovery Options for systems that won’t boot. While useful in repairing system files, these recovery environments will not find or remove malware; for this, you will need a bootable rescue disk with an antivirus scanner. Typically, you will need to create such a disk yourself.

Physical Data Destruction Methods

Which of the following are examples of physical data destruction methods? (Choose all that apply)

  1. Shredding a floppy disk.
  2. Demagnetizing a tape.
  3. Zeroing a hard drive.
  4. Drilling several holes in a DVD.

Answer: The correct answer is 1, 2 and 4.

Breakdown: The process where the storage medium is removed from a computer and otherwise physically or electromagnetically altered such as drilling holes in it or subjecting it to a strong magnetic field (degaussing) is a form of physical data destruction.

Windows Overwrite Command

In Windows Vista and 7 you can overwrite a hard drive with zeros using which command?

  1. overwrite
  2. wipe
  3. clean
  4. format

Answer: The correct answer is 4.

Breakdown: Beginning in Windows Vista the ability to overwrite existing data with zeros was added to the Format command.

Overwriting Utility

Why might a simple overwriting utility not erase all data from a drive? (Choose all that apply)

  1. It can’t access hidden drive areas.
  2. Its only purpose is to replace user files with zeros.
  3. It can’t access locked drive areas.
  4. It doesn’t overwrite bad sectors on the drive.

Answer: The correct answer is 1, 3 and 4

Breakdown: Overwriting is a method of sanitization that typically replaces existing data with a meaningless pattern such as all zeros. But many of these utilities cannot access hidden or locked drive areas nor can they overwrite bad sectors. This potentially leaves some recoverable information on the drive.

Data Destruction Methods

What is the least secure method of data destruction?

  1. Low-level formatting
  2. Degaussing tool
  3. Standard formatting
  4. Overwriting

Answer: The correct answer is 3.

Breakdown: Standard formatting is a method of preparing a hard drive to receive new dat1. This is the least secure method of data destruction since it only deletes the file system, rendering the data invisible but not destroyed. Any number of free file recovery tools could retrieve data you thought had been erased.

Social Engineering Attack

What is primarily exploited by a social engineering attack?

  1. Facebook
  2. Twitter
  3. Trust
  4. Ignorance

Answer: The correct answer is 3.

Breakdown: Social engineering exploits trust between people to gain information that attackers can then use to gain access to computer systems. The goals of social engineering techniques include fraud, network intrusion, industrial espionage, identity theft, and a desire to disrupt a system or network.

Self-propagating Malware

Which type of malicious software is a self-propagating program meant to disrupt the operation of a PC?

  1. Adware
  2. Spam
  3. Spyware
  4. Worm

Answer: The correct answer is 4.

Breakdown: Worms are programs that replication themselves over the network. A worm attaches itself to a file or a packet on the network and travels of its own accord. It can copy itself to multiple computers, bringing the entire network down.

Social Engineering Methods

In which type of social engineering attack do hackers send e-mail messages or create Web sites that mimic a legitimate site in order to gather usernames and passwords?

  1. Dumpster diving
  2. Phishing
  3. Shoulder surfing
  4. Spam

Answer: The correct answer is 2.

Breakdown: Phishing is an example of social engineering where hackers send e-mail messages or create Web sites that mimic a legitimate site to gather usernames and passwords. Hackers can then use stolen information to place unauthorized credit card purchases or even drain a victim’s bank account.

Malware Infection

What kind of program poses as something else, causing the user to “willingly” afflict the attack on himself or herself?

  1. Virus
  2. Worm
  3. Trojan horse
  4. Spyware

Answer: The correct answer is 3.

Breakdown: Trojan horses are delivery vehicles for destructive code. They appear to be harmless programs but are enemies in disguise. They can delete data, mail copies of themselves to email address lists, steal personal information, and open up other computers for attack. Trojan horses are most often distributed via spam.

Spyware Basics

True or false? Spyware is a computer program designed to destroy data, damage your computer’s operations, and distribute itself without your involvement.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Spyware is software that gets installed on your system without your knowledge. It can cause a lot of problems for the user, including gathering personal or other sensitive information. In addition, spyware often displays ads, referred to as adware.

Malicious Software Basics

What term is used to describe any type of malicious software?

  1. Virus
  2. Worm
  3. Malware
  4. Spyware

Answer: The correct answer is 3.

Breakdown: Security professionals have coined many names to describe malicious software. The broadest term is malware. Specific types of malware vary by their method of propagation, purpose, and severity.

Gmail Authentication

When you sign into Gmail and you find that you are also signed into Google Calendar, what kind of authentication did you receive?

  1. Global
  2. Single sign-on
  3. Google Drive
  4. Run anywhere

Answer: The correct answer is 2.

Breakdown: A server that has already authenticated a user can pass the user’s authentication on to another server so that the user doesn’t need to sign on again in order to access resources. Windows Passport and Gmail are examples of single sign-on applications.

Effective Permissions Tool

True or false? The Effective Permissions tool only accounts for NTFS permissions, not shared permissions.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: The Effective Permissions tool allows you to troubleshoot an access-denied error. You can use it to determine a given user’s effective NTFS permissions for a particular folder or file, however, the tool does not consider share permissions when performing its calculations — only NTFS permissions.

NTFS File Permissions

If you want a colleague to be able to change a file, but not delete it, which NTFS file permission should you assign?

  1. Full Control
  2. Modify
  3. Read and execute
  4. Write

Answer: The correct answer is 2.

Breakdown: The NTFS Modify permission allows users to modify files and folders, but they cannot create or delete them.

Local Account Policies

True or false? If your computer is a member of an Active Directory domain, the local account policies you set might not be active.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: If your computer participates in a domain, such an Active Directory domain, it might inherit security policy settings from the domain. Settings at the domain level override those made at the local computer level.

Removable Media Malware

What is one way to protect workstations from malware that might be hidden in removable media?

  1. Run an antivirus scan with media plugged into computer
  2. Forbid using removable media on all computers
  3. Disable Autoplay
  4. Boot computer into Safe mode

Answer: The correct answer is 3.

Breakdown: The autorun.ini file is a favorite location to hide malware, so you might want to consider disabling Autoplay on a workstation to prevent infection.

Password Policies

Which password policy forces users to include special characters in their passwords?

  1. Account lockout
  2. Enforce password history
  3. Minimum password length
  4. Passwords must meet complexity requirements

Answer: The correct answer is 4.

Breakdown: The Passwords must meet complexity requirements policy forces users’ passwords to meet a set of complexity guidelines, which includes requiring that the password contain characters from three of four of the following categories: English uppercase characters; English lowercase characters; Base 10 digits; and non-alphanumeric (special) characters.

Active Directory Authentication

Which is the primary authentication protocol used in Active Directory domain environments?

  1. Keberos v5
  2. TACACS
  3. Single sign-on
  4. RADIUS

Answer: The correct answer is 1.

Breakdown: Kerberos v5 is the primary authentication protocol used in Active Directory domain environments.

Windows Log On

Which type of authentication is the process by which a user provides his or her username and password in the Log On to Windows dialog box?

  1. Network
  2. Interactive
  3. Windows
  4. Single sign-on

Answer: The correct answer is 2.

Breakdown: The authentication process can be handled in several ways to produce various results, depending on how the environment is structured. Interactive authentication is the process by which a user enters his or her name and password in the Log On to Windows dialog box. There are two types of logons: Domain and Local.

Common User Accounts

Most of the user accounts in your Windows environment will be which type?

  1. Administrator
  2. Guest
  3. User

Answer: The correct answer is 3.

Breakdown: The most common type of user account in a corporate Windows environment is the User account type.

Password Change Frequency

What’s the general rule for when you should change your password?

  1. Less than 30 days
  2. Between 60 and 90 days
  3. Between 30 and 60 days
  4. At 180 days

Answer: The correct answer is 3.

Breakdown: Passwords should be changed frequently. A general rule of thumb is to change your password every 30 to 60 days.

Password Complexity

A complex password consists of letters, numbers, and what other type of characters?

  1. alpha-numeric
  2. mixed case
  3. ASCII
  4. special

Answer: The correct answer is 4.

Breakdown: A complex password can be constructed by taking a phrase and using it as the basis of a password. Users make some of the letters uppercase and some lowercase, and then add numbers and special characters such ans “& % $ #” to make the password more secure.

User Password Rules

True or false? Passwords for Windows user accounts aren’t case sensitive.

The correct answer is 2.

Breakdown: User passwords can contain letters, numbers, characters, but cannot begin or end with a space. Passwords are case sensitive and must be between 1 and 127 characters long.

Anti-Virus Software, the Third Step in Securing a Virtual Environment

Why anti-virus software is the third step in securing a virtual environment and how to properly implement it.

Because virtual machines are set up to be self-contained systems, some kind of anti-virus software is required to protect these systems. Even if an antivirus program is installed…

Answer: …on the host machine, it won’t extend to the virtual machine environments. Anti-virus scans files and folders on the local host machine, but has no way of scanning those items contained in the virtual environment. That is why antivirus must be placed on all the virtual machine environments.

What are Buffer Overflow Attacks?

Describe buffer overflow.

Buffer overflow is the state of an application that has received more data than it is configured to handle. It benefits an attacker not only to deploy malicious code on…

Answer: …the target system but also implement backdoors on the target system to activate further attacks. Buffer overflow attacks are a result of poor programming or faulty memory management by the application developers.

Client-Based Techniques for State Management

What are the primary client-based techniques for state management and what are some of the advantages and disadvantages?

Client-based techniques maintain state of a Web page by holding information either on the page or on a client computer. If the data is stored on the client, it is submitted to a web server by the client with each web request. Here are the known advantages and disadvantages of storing data on the client computer: Advantages/Disadvantages When storing information on a client, if a large amount of data is client-side it has better scalability. Because several users send can increase bandwidth requests simultaneously, utilization and page load is improved for the client times. The disadvantage is storing data on a client side is an unauthorized user may access and compromise the data. Some client-based techniques for state management include:

Answer:

View State: View state is used to continue changes to the state of a web page across postbacks. View state data variables are stored as base 64- encoded strings in one or more embedded fields. It is retrieved by using the ViewState property of a web page. The property provides a dictionary object and maintains page or control property values between multiple user requests for the same web page. Control State: View state data of a custom control for a web page can be stored by using the ControlState property, rather than the ViewState property of the Web page. The ControlState property holds control property data during multiple round trips to the server. The control state data pertains to a custom control and is retained even if the view state is inactive at the page level. Hidden Fields: A hidden field is used to keep ViewState state information in a Web page in a HiddenField control. The control is delivered as an HTML element. A hidden field holds data that’s not visible on a web page. However, it is sent to the web server along with the page post backs. Cookies: A cookie is a client-based method and is a condensed packet of information that stores key-value pairs at the client-side. The information correlates to a specific domain and is sent along with the client request on a Web browser. Cookies hold preferences of users and offer a personalized browsing experience. Query Strings: A query string is a client-based method that keeps state information stored in a query string by affixing it to the URL of a Web page. The actual URL separates the state information with a question mark ‘?’. The state data is represented by a set of key-value pairs, each of which is separated by an ampersand character.

Client-side processing vs. server-side processing

Know the difference between client-side processing vs. server-side processing.

Client-side processing is the function of operations performed by the client in a client-server relationship in a computer network. A client is a system application that’s executed on a user’s computer with…

Answer: …connection to a server when needed. Operations may be conducted client-side when they need available data on the client but not the server. Here the user may need to add input because the server can’t fully process the operations in a timely fashion for all clients it serves. Also, if operations can be handled by the client without transmitting data over the network, it may require less time, bandwidth and have low security risk.

Privilege Escalation in Web Applications

Does privilege escalation play a similar role in web application security, as it does in network security?

As we have discussed before, privilege escalation is the act of exposing a bug or design error in a software application to gain access to…

Answer: …resources that otherwise would have been safeguarded from an application or user. The outcome is the application performs actions with more privileges than intended by the application developer or system administrator.

What is Host Hardening?

Define and describe host hardening.

Host hardening begins with a requirements evaluation to determine server function and to determine the risks involved. Security is a fine balance between ultimate security and usability. In practical terms, the more secure a device is, its usability decreases. Standard Operating Environment is a…

Answer: …specification for employing a standard architecture and applications within an organization. There is no systemized SOE standardization; however, organizations usually employ standard disks, operating systems, computer hardware, and standard applications and software within their own organization.

What is Web Service Security (WS-Security)?

Define Web Service Security (WS-Security).

Web Service Security (WS-Security) is a security service that is used for enabling message-level security for Web services. To activate this service, the user must…

Answer: …verify the related WSSE policy information is available to the Managed Servers. The SOAP messages that are transmitted between two or more Web services can be protected by WS-Security using security tokens, digital signatures, and encryption.

De-provisioning in Cloud Computing

Understand the concept and need for de-provisioning in cloud computing.

Public cloud providers apply multi-tenancy to optimize server workloads and reduce costs. Multi-tenancy shares server space with other organizations so it’s important to know…

Answer: …what security mechanisms your cloud provider has in place. Based on sensitivity of data, encryption may need to be used as well. The method of de-provisioning will become more challenging as password verification methods become more sophisticated. Federated identity management schemes will allow users to log on to multiple clouds, and that will make de-provisioning much trickier.

Troubleshooting Router LAN Connectivity Problems

Which of the following commands can be used for troubleshooting router LAN connectivity problems? (Choose all that apply)

  1. show interfaces
  2. show IP route
  3. tracert
  4. ping
  5. DNS lookups

Answer: The correct answer is 1, 2 and 4.

Breakdown: Pinging the remote host, tracing the IP route, and viewing the interfaces are all useful techniques for troubleshooting LAN connectivity problems from a router. Note: the tracert is a Windows command.

Types of Flow Control

Which of the following are types of flow control? (Choose all that apply)

  1. Buffering
  2. Cut-through
  3. Windowing
  4. Congestion avoidance
  5. VLANs

Answer: The correct answer is 1, 3 and 4.

Breakdown: Buffering, windowing, and congestion avoidance are all common types of flow control.

Understand Unified Communications (UC)

Know the principles behind Unified Communications (UC).

Unified communications (UC) is the combining of real-time communication services with non-real-time communication services. It is a group of products that support an ongoing unified user interface and user experience across multiple devices and media types. Unified communication offers the capability of transmitting a message on one medium and receiving the same communication on another medium. For instance, an individual can…

Answer: …receive an email message and can access it through a cell phone or remote device. If the sender is online according to available status information, the response can be sent immediately through text chat or phone call. Otherwise, the response can be sent as a non-real-time message that can be accessed through another media. Components of unified communications With unified communications, multiple mediums of business communications are cohesively integrated. Unified communication components: Call control and multimodal communications Presence Instant messaging Unified messaging Speech Conferencing Collaboration tools Business process integration (BPI) Business process integration

Unsuccessful Router Telnetting

You are unsuccessful in telnetting from a router into a remote device. What could be the problem? (Choose all that apply)

  1. IP addresses are incorrect.
  2. Access control list is filtering Telnet.
  3. There is a defective serial cable.
  4. The VTY password is missing.

Answer: The correct answer is 2 and 4.

Breakdown: Though the problem could be due to either a defective serial cable or using incorrect IP addresses, these are obvious problems that should be quickly realized. The best answers are that either an access control list is filtering the Telnet session or the VTY password is not set on the remote device.

USB Standards

Which USB version has a top transfer speed of 480 Mbps?

  1. USB 1.0
  2. USB 1.1
  3. USB 2.0
  4. USB 3.0

Answer: The correct answer is 3.

Breakdown: USB 2.0 has a top speed (hi-speed) of 480 Mbps. It has a low-speed of 1.5 Mbps and full-speed of 12 Mbps.

User Account Info

Which of the following items does a user account not include?

  1. Account type
  2. Account policies
  3. First and last name
  4. Password

Answer: The correct answer is 2.

Breakdown: A user account is a collection of settings and privileges associated with a person. The information might include a first and last name, password, group membership information, and other data.

Valid Host Address in Class B Subnet

Which is a valid host address in the following Class B subnet: 172.16.17.0/22?

  1. 172.16.17.1 255.255.255.252
  2. 172.16.0.1 255.255.240.0
  3. 172.16.20.1 255.255.254.0
  4. 172.16.16.1 255.255.255.240
  5. 172.16.18.255 255.255.252.0
  6. 172.16.0.1 255.255.255.0

Answer: The correct answer is 5.

Breakdown: A Class B network with a /22 mask is 255.255.252.0 with a block size of 4 in the third octet. The network address given is in subnet 172.16.16.0 and has a broadcast address of 172.16.19.255. Therefore, the only correct answer is 172.16.18.255 with a subnet mask of 255.255.252.0.

Verifying Network Security

What application would you use to verify the security of a network and also check for any weaknesses?

  1. Honey pot
  2. Posture monitor
  3. Profile scanner
  4. Vulnerability scanner

Answer: The correct answer is 4.

Breakdown: It’s vital that the network security solution of a deployed network be checked on a periodic basis to verify that things work as expected and to also identify and secure any discovered weaknesses. Applications known as security scanners are used for this purpose. Two such applications are Nessus and Nmap. These scanners employ many of the same scanning features that attackers utilize in order to discover network vulnerabilities.

VLSM Network Masks

On a VLSM network, which mask should you use on point-to-point WAN links in order to reduce the wasted IP addresses?

  1. /27
  2. /28
  3. /29
  4. /30
  5. /31

Answer: The correct answer is 4.

Breakdown: A point-to-point link only uses two hosts, therefore, a /30 mask (255.255.255.252) will provide two hosts per subnet.

What are Elements of an Identify Fraud Investigation?

Elements of an Identify Fraud Investigation

Pieces of an identity fraud investigation include…

Answer: Hardware and software tools, including digital cameras, credit card readers, credit card generators and scanners Internet activity, including email and newsgroup posting, online orders, online trading information, erased documents, system files and file slack, and activity at forgery sites ID templates, including birth certificates, check cashing cards, digital photo information, drivers license and fictitious vehicle registration,social security cards, electronic and scanned signatures Negotiable instruments, including business and cashiers checks, credit card numbers, counterfeit currency, fictitious court documents, loan documents and sales receipts

What are Methods for Application and File Analysis?

Elements of Application and File Analysis

Painstaking analysis of files and applications can produce useful information…

Answer: Examine file names for patterns Examine individual files Identify operating systems Match files with applications on the system Examine relationships between files—internet searches with cache files, for example, and email files with attachments Scrutinize unknown file types Search users default storage location for files Examine users configuration files

What are Steps to Follow in Searching for Hidden Files?

Searching for Hidden Files

Using Data Hiding Analysis to search for files can produce important evidence. Some methods for hidden file searches:

Answer: Match file headers to file extensions to find any mismatches, which may indicate an intent to hide files Look for files that are encrypted, password protected and compressed; this may indicate intent to conceal data; Use software to search for files hidden within files—steganography

What are the Challenges in Collecting and Using Digital Evidence?

Challenges in Collecting and Using Digital Evidence

Digital evidence can establish a key link between a crime and the criminal but it is not foolproof…

Answer: There are several ways digital evidence can be manipulated: Can be maliciously tampered with Is unstable if not handled carefully Cannot always be traced Can be lost if computer is turned off Can be erased remotely or overwritten

What are the Different Types of Digital Data?

Different Types of Digital Data

Investigators need to know which data files are permanent and which are temporary…

Answer: Volatile memory: Needs power to remain in the system; disappears when computer is turned off. Includes logged-on users, open files, network information and command history. Non-volatile memory: Used for secondary storage and persists when power is turned off. Includes hidden files, swap files registry settings, unused partitions and events logs. Transient datLost when computer is turned off. Includes open network connection, user logout, programs in memory and cache data. Fragile datInformation temporarily saved on the hard disk, it can be altered or erased. Includes access dates on files and last-access timestamps. Temporarily accessible datStored on the hard drive and accessible for limited time. Includes encrypted file information Active datData used for daily operations. Accessible. Archival datManages long-term storage Backup datCopy of system data that can be accessed at time of recovery after system crash or other disaster Residual datWhen a file is deleted, computer tags the deleted space as residual data; file can be retrieved until space is reused. MetadatContains record for a document, including format, and information about the file’s creation and any modifications

What is a Collaboration Platform?

Define and describe collaboration platforms and what they do within an organization.

Collaboration platform is a unified electronic platform that works with both synchronous and asynchronous communication using a range of devices and mediums. It provides a set of software components and services. These components and services allow users to communicate, share information, and collaborate to carry out common business goals. A collaboration platform has these key elements: Messaging (email, calendaring and scheduling, and contacts) Team collaboration (file synchronization, ideas and notes in a wiki, task management, and full-text search) Real-time communication (presence, instant messaging, web conferencing, application/desktop sharing, voice, and audio and video conferencing) The scope of collaboration platforms and associated tools can be optimized for these different types of users:

Answer: Enterprise class, for business purposes (B2B): meaning high usage volume, numerous simultaneous sessions, with large groups. Also refers to high storage requirements for many files, or large file types such as video, simultaneous use of several tools and availability of high bandwidth; possibly relatively sophisticated users or a savvy moderator. Small to medium sized businesses (SMB), (B2B): lower volume of usage, fewer simultaneous sessions, and fewer attendees per session. Consumers: such as small businesses, social groups or individuals, for business or non-business use.

What is an End-to-End Solution (E2ES)?

Describe an End-to-End (E2ES) solution.

An end-to-end solution (E2ES) indicates that…

Answer: …the supplier of an application program or system will furnish all hardware and software components and resources to accommodate the customer’s requirement and no additional supplier is required in this process.

What is Attestation and What Makes it a Good Security Practice?

Describe attestation and how it applies to reducing organizational risk.

Attestation is the formal process of witnessing the signing of a document, then the witness adds his signature to verify the document was properly signed by those bound to its contents. Attestation conveys a certification review process where…

Answer: …an individual attests to or witnesses/vows to something significant. It specifies a review/certification process that requires resource owners to confirm their authorized users on an ongoing basis. Attestation supplies an organization with a degree of protection from liability and the risks involved with potential negligence of the resource owner to control access to his resource in order to comply with legal or regulatory requirements. These three statements are required for attestation: I am the individual who makes the authorization decision for the specific resource. These individuals and groups are authorized to use the intended resource. I understand which resource I have authorized these individuals to access.

What is Certificate-Based Authentication?

What is certificate-based authentication and what are the processes involved when using it?

A certificate-based authentication scheme is a scheme that uses a public key cryptography and digital certificate to authenticate a user. A digital certificate is an electronic form that contains identification data, public key, and the digital signature of a certification authority derived from that certification authority’s private key. When a user signs on to the server, he provides his digital certificate that has the public key and signature of the certification authority. The server then confirms the validity of the digital signature and if the certificate has been issued by a trusted certificate authority or not. The server then authenticates the user with public key cryptography to confirm the user is in possession of the private key associated with the certificate. The processes involved when using certificate-based mutual authentication:

Answer: A client requests access to a protected resource. The web server presents its certificate to the client. The client verifies the server’s certificate. If verified, the client sends its certificate to the server. The server verifies the client’s credentials. If confirmed, the server grants access to the protected resource requested by the client.

What is Change Management?

Describe change management.

Change Management is used to confirm that standardized methods and procedures are implemented for efficient handling of all changes. A change is “an event that results in a new status of one or more configuration items (CI’s)” affirmed by management, cost effective, enhances business process changes (fixes) – with lowered risk to IT infrastructure. The primary goals of Change Management:

Answer: Minimal disruption of services Reduction in back-out activities Economic utilization of resources involved in the change

What is Decommissioning?

Define the term decommissioning and describe the process behind it.

Decommissioning is a managed process to retire a facility that is no longer needed as safely and securely as possible. During decommissioning, hazardous materials, equipment or structures are cleaned and/or contained so that the facility does not become a risk hazard in the future. This process involves:

Answer: Decontamination Fixing or isolating contaminants Demolition and dismantlement Building conversion and reuse Waste management and disposal

What is Desktop Sharing?

Discuss the concept of desktop sharing.

Desktop sharing allows remote access and remote collaboration on a person’s desktop via a graphical terminal emulator. The most common two scenarios for desktop sharing: click to view

Answer: Remote log-in Real-time collaboration Remote log-in allows users to connect to their desktop from a different location. Systems that support the X Window System, typically Unix-based systems, are configured with this capability. Windows versions starting from Windows 2000 have a built-in solution for remote access as well Remote Desktop Protocol, and the earlier program, Microsoft’s NetMeeting. The open source product VNC allows cross-platform solutions for remote log-in. The disadvantage of the above solutions is they can’t operate outside of a single NAT environment. Several commercial products resolve this restriction by tunneling the traffic through rendezvous servers. Real-time collaboration is an expanded aspect of desktop sharing use, and is an evolving component of robust multimedia communications. Desktop sharing, when used together with other mediums of multimedia communications such as audio and video, creates the experience of virtual space where people can connect, socialize, and collaborate. On a broader scale, this is also referred to as web conferencing.

What is eXtensible Access Control Markup Language (XACML)?

Define and describe eXtensible Access Control Markup Language (XACML).

XACML is the acronym for: eXtensible Access Control Markup Language. It is the specified access control policy language implemented in XML and a processing model, explaining how to interpret the policies. Version 2.0 was ratified by…

Answer: …OASIS standards organization on 1 February 2005. Currently in development, Version 3.0 will add generic attribute categories for the evaluation context and policy delegation profile (administrative policy profile). XACML is applied as a basic, flexible way to define and impose access control policies in a range of environments. It secures content from unauthorized use in business data exchanges. The benefits of using XACML: It is designed and written in XML, which has found a wide and expanding base in global enterprise environments. XACML has been ratified by OASIS, which drives the development, convergence, and adoption of e-business standards. XACML implements a set of powerful features at the disposal of developers. It allows a firm to create and implement authorization policies to match its mix of assets and business use-cases.

What is Included in a Final Report of an Investigation?

Elements of Final Report of Investigation

All elements of the investigation need to be summarized in the report, including…

Answer: Files related to the original search Other files that support the findings Results of all searches of the system All internet evidence Analysis of any graphical evidence Registration data Data analysis Description of programs related to the investigation Hidden or masked data All supporting materials

What is Instant Messaging?

Understand the principle concepts of instant messaging.

Instant messaging (IM) is a method of real-time, text communication between two or more people using personal computers or other devices and shared software. The user’s text is…

Answer: …displayed over a network, such as the Internet. More advanced IM software clients also support upgraded modes of communication, such as live voice or video calling. IM falls under the general terminology known as online chat, and is a real-time text-based networked communication medium, while having the unique component of employing client-based applications such as Buddy List, Friend List or Contact List to facilitate communications between users. Online ‘chat’ also employs web-based applications to generate communication between users in a multi-user environment.

What is Phreaking?

Describe the security / theft concept of Phreaking.

Phreaking, a method used in service theft, is a type of hacking that steals service from a provider, or uses the service while assigning cost to another person. Encryption is not commonly used in SIP, which administers authentication over VoIP calls, so user credentials are exposed to theft. Most hackers are able to…

Answer: …swipe sensitive information through eavesdropping. An unauthorized party can obtain names, passwords and other credentials, granting them unrestricted use of voicemail, calling plan, call forwarding, and billing information. The end result is service theft. Swiping credentials to make free calls is not the sole motivation behind identity theft. Often it’s a means to obtain important information like business data. A phreaker can manipulate calling plans and packages by adding more credit or using the victim’s account to make calls, as well as accessing other confidential information to his benefit.

What is Remote Assistance?

Define the topic of remote assistance.

Remote Assistance is a Windows feature that allows a support team (or helper) to provide technical support to a remote user (host). Through Remote Assistance the helper can view the Windows session of a host on his computer. The basics of Remote Assistance: click to view

Answer: A remote user sends an invitation to an Administrator (or expert) through e-mail or Windows Messenger. The Administrator accepts the request and can then view the user’s desktop. To maintain privacy and security, all communication is encrypted. Remote Assistance can be used only with the permission of the person who requires the assistance. Note: If the user has activated “Allow” (on the computer to be controlled remotely) in the Remote Assistance Settings dialog box, an expert can take control of the keyboard and mouse of a remote computer to guide the user.

What is Route Poisoning?

What is route poisoning?

  1. It sends back the protocol received from a router as a poison pill, which stops the regular updates.
  2. It is information received from a router that can’t be sent back to the originating router.
  3. It prevents regular update messages from reinstating a route that has just come up.
  4. It describes when a router sets the metric for a downed link to infinity.

Answer: The correct answer is 4.

Breakdown: One way to avoid problems caused by inconsistent updates and to stop network loops is with route poisoning. When a network goes down, the distance-vector routing protocol initiates route poisoning by advertising the network with a metric of 16, or unreachable, which is essentially setting it to infinite.

What is a Secure Socket Layer (SSL)?

Describe Secure Socket Layer (SSL) and its purpose.

Secure Socket Layer (SSL) is a protocol used to send private documents over the Internet. SSL uses both public key and symmetric encryption to provide…

Answer: …confidential communication, authentication, and message integrity. With this protocol, clients and servers can exchange information while being safeguarded from eavesdropping and tampering of data on the Internet. Secure Socket Layer protocol is used by many websites to safely obtain confidential user information, such as credit card numbers. URLs that require an SSL connection begin with https: instead of http:. By default, SSL uses port 443 for protected communication. Message integrity assures the message being sent is not being altered in the transmission path. A checksum algorithm is used at the sending and the receiving points to preserve the message so that it’s received intact. Digital signatures are applied to verify user’s identifications.

What is Security Assertion Markup Language (SAML)?

What is Security Assertion Markup Language (SAML)?

Security Assertion Markup Language (SAML) is an XML-based protocol for sharing authentication and…

Answer: …authorization information between security domains, specifically, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.

What is Service Provisioning Markup Language (SPML)?

Define and describe the concept of Service Provisioning Markup Language (SPML).

Service Provisioning Markup Language (SPML) is an XML-based framework developed by OASIS (Organization for the Advancement of Structured Information Standards). SPML is applied to…

Answer: …share user, resource and service provisioning data between participating organizations. SPML is the open standard for the implementation and interoperation of service provisioning requests. The objective is to allow organizations to expediently and safely set up user interfaces for Web applications and services, by letting business platforms such as Web portals, application servers, and service centers create provisioning requests throughout organizations.

What is Simple Object Access Protocol (SOAP)?

Define and describe Simple Object Access Protocol (SOAP).

SOAP (Simple Object Access Protocol) is a communication protocol for XML Web services, and expresses the XML format for messages. It is purposed to share structured and typed information between different applications that support XML Web services. SOAP protocol consists of three parts:

Answer: The first part identifies an envelope that contains the message and is the basic element of exchange between the processors of SOAP messages; the second part identifies a set of data encoding rules that are used to encode application specific data types; the third part identifies the message request or response that is exchanged between XML Web services.

What is Single Sign-On (SSO) and its Benefits?

Let's take a deep look at Single Sign-On (SSO), the available types, and the benefits of using it.

Single sign-on (SSO) is a system functionality giving users access to a number of applications without having to go through the log-on process or key in passwords for each application. In SSO, a user can access all computer applications and systems where he has access permission without having to enter multiple passwords. This minimizes human error and systems failure. There are several commercial SSO solutions available in the market, such as: Central Authentication Service (CAS) The Dutch NREN CoSign Enterprise Single Sign-On (E-SSO) Web Single Sign-On (Web SSO) Security Assertion Markup Language (SAML) Direct SSO Shibboleth The primary benefits of the Single sign-on are:

Answer: Minimizes phishing success, because users are not trained to enter passwords everywhere without thinking. Minimizes password fatigue from various user name and password combinations. Decreases time spent re-entering passwords for the same identity. Can accommodate traditional authentications, such as Windows credentials (username/password). Lowers IT costs due to reduced calls to IT help desk calls about passwords. Security on all levels of entry/exit/access to systems without the need to re-prompt users. Centralized reporting for compliance adherence.

What is the System Development Life Cycle?

Describe System Development Life Cycle (SDLC):

Given the size and complexity of today’s systems, teams of architects, analysts, programmers, testers and users must collaborate to create the exhaustive, explicit, custom-written code that drives our enterprises. To handle this with efficiency, several system development life cycle (SDLC) models have been developed, such as waterfall, fountain, spiral, build and fix, rapid prototyping, incremental, and synchronize and stabilize. The best known and long-standing model is the waterfall: a series of stages in which the output of each stage becomes the input for the next. These stages can be split up and described in various ways, including:

Answer: Project planning and feasibility study Systems analysis and requirements definition Systems design Implementation Integration and testing Acceptance, installation, and deployment Maintenance

What is Telephony?

Describe the concept of telephony.

Telephony is the mechanism that involves the electronic transmission of voice, fax, or other data between distant parties using mediums historically associated with…

Answer: …the telephone, a device containing both a speaker or transmitter and a receiver. With the advancement of computer technology and transmission of digital information over telephone systems and the use of radio to send telephone signals, the line between telephony and telecommunication has become difficult to discern.

What is the Concept of Presence in Telephony?

Describe the concept of Presence, as it pertains to communications.

In the area of telephony, Presence is known as communicating the user’s need and capability to communicate, as well as the medium used for their communication to occur. If a user has a live Internet connection, presence may…

Answer: …indicate that the user is to be reached through the medium of IP telephony. The basis of presence is to allow the user to be located and contacted where they’re physically using the preferred method of communication. Presence information functions as a status reader in a telecommunications network indicating the readiness of a user to communicate. A user’s client signals presence information through a network connection to a presence service, which is logged in the user’s personal availability record and can be dispatched to other users to inform them of his availability for communication. Presence information has extensive application in many communication programs and is one of the innovations advancing the popularity of instant messaging or recent applications of voice over IP clients.

What is the Definition of Digital Evidence?

Definition of Digital Evidence

Digital evidence, which is the core of any cyber investigation, takes many forms and can be found in several places…

Answer: Digital evidence is evidence stored or transmitted in digital format. It can take the form of: Graphic, spreadsheet, word processing files Audio or video files, Server or other log files Emails Internet browser histories. Investigators can collect digital evidence from: Storage media Network traffic Computer files collected during an evidence search

What is the Importance of Ownership and Possession?

Conducting Ownership and Possession Searches

Determine which user created or accessed suspect files…

Answer: The key to an investigation may come from placing a user in the system at a time when other evidence presents proof of wrongdoing.

What is the Security Development Lifecycle?

Define and describe the Security Development Lifecycle, its components and the seven phases.

The Security Development Lifecycle (SDL) is a software development security assurance process introduced by Microsoft. It lowers software maintenance costs while enhancing reliability of software with regard to security related bugs. The Security Development Lifecycle (SDL) involves these seven phases: Training Requirements Design Implementation Verification Release Response During each phase of (SDL) these security practices are followed:

Answer: Phases Security Practices Training Core Security Training Requirements Security and Privacy Requirements Create Quality Gates/Bug Bars Security and Privacy Risk Assessment Design Establish Design Requirements Attack Surface Analysis/Reduction Threat Modeling Implementation Use Approved Tools Deprecate Unsafe Functions Perform Static Analysis Verification Perform Dynamic Analysis Fuzz Testing Attack Surface Review Release Incident Response Plan Final Security Review Release/Archive Response Execute Incident Response Plan

What is the Security Requirements Traceability Matrix (SRTM)?

Define and describe Security Requirements Traceability Matrix (SRTM).

Security Requirements Traceability Matrix (SRTM) is a grid that supplies documentation and a straightforward presentation of the required elements for security of a system. It is vital to incorporate the best level of security in technical projects that require such. SRTM can be used for any type of project. Requirements and tests can be easily tracked in relationship to one another. SRTM assures accountability for all processes and completion of all work. An SRTM between security requirements and test activities have a grid, comparable to an Excel spreadsheet. This spreadsheet contains a column for these items: Requirement identification number Description of the requirement Source of the requirement Objective of the test Verification method for the test Each row indicates a new requirement. An SRTM provides a simple way to review and compare the different requirements and tests appropriated for a specific security project. Adapt solutions to address emerging threats and security trends Increasing threats can come from various sources, both internal and external sources. Examples of emerging threats include:

Answer: New technology Changes in the culture of the organization or environment Unauthorized use of technology, such as wireless technologies, rogue modems, PDAs, unlicensed software, and iPods Changes in regulations and laws Changes in business practices, such as outsourcing and globalization In order to identify and locate emerging threats and vulnerabilities, risk analysis should be done regularly. A vigilant security professional should always be on alert and watch for new threats that may present the need for a new risk review.

What is Validation of Systems Design?

What is the process of validation in systems design?

Validation is a quality control process purposed to keep track of development and verification procedures in a system and that these elements establish a system that meets initial requirements, specifications, and regulations. For a new development flow or verification flow, validation methods may…

Answer: …entail modeling either flow and using simulations to determine faults or gaps that might lead to faulty or incomplete verification or development of a system. A series of validation requirements, specifications, and regulations can be applied as the foundation for assessing a development flow or verification flow for a system. Other validation procedures also include those specialized to make certain all modifications made to an existing qualified development flow or verification flow will bear the end-result of a system that satisfies the initial design requirements, specifications, and regulations. Such validations help sustain qualified flow. Validation of a system affords a high level of assurance that a system achieves its intended requirements. This often includes acceptance of fitness for purpose with end users and other product stakeholders.

What is Video Conferencing?

Know the principles of video conferencing.

Video conferencing is a group of interactive telecommunication mechanisms that connect two or more locations in real time via two-way video and audio transmissions. Video conferencing is different from video phone calls as…

Answer: …it’s designed to support interactive conferencing in a group setting rather than individuals. It uses telecommunications of audio and video to assemble people at different locations to participate in a meeting. This can be a straightforward discussion between two people in private offices (point-to-point) or the interlinking of several sites (multi-point) with several participants in large rooms at different locations. In addition to the audio and visual transmission of meeting activities, videoconferencing can be a tool for file sharing, computer-displayed information, and whiteboards.

What is Voice over Internet Protocol (VoIP)?

Describe Voice over Internet Protocol (VoIP) and the four methods of calls through the internet.

The Voice over Internet Protocol (VoIP) is used for the circulating of voice conversation over the Internet. The VoIP is also referred to as IP Telephony, Broadband Telephony, etc. Analog signals are used in telephones where sound is received as electrical pulsation that is boosted and…

Answer: …sent to a small loudspeaker attached to the other phone, and the call receiver can hear the sound. Analog signals are converted into digital signals in VoIP that are sent to the Internet. With an Internet connection, VoIP is used to make free phone calls through any VoIP software available in the market. There are different methods for making phone calls through the Internet, such as: Through Analog Telephone Adapter (ATA): This method takes a traditional phone and attaches it to the computer through ATA. ATA receives analog signals from the phone and then converts them to digital signals. The digital signals are then received by the Internet Service Providers (ISP), readying the system to make calls over VoIP. Through IP Phone: IP Phones look like traditional phones, but they have RJ-45 Ethernet connectors, instead of RJ-11 phone connectors, to connect to the computers. Computer To Computer: This simplest method to use VoIP. Required components are software, microphone, speakers, sound card and an Internet connection through a cable or a DSL modem. Softphones: This is a software application that can be loaded onto a computer and used anywhere in the broadband spectrum. Soon after VoIP was made available, there was no major concern about security vulnerabilities. The focus was mainly on cost, functionality, and reliability. Now that VoIP is becoming one of the mainstream communication technologies, security has become a major concern.

What is Web Conferencing?

Know the principles of web conferencing.

Web conferencing is used for live meetings, training, and presentations on the Internet. Participants are connected to each other through their computers through a web stream. This can be done via an…

Answer: …application that’s downloaded on each of the attendees’ computers, or a web-based application where attendees are connected through a link distributed by e-mail invitation to access the meeting. Web conferencing software allows multiple people in various locations to participate in an audio conference, video conference, or an audio-video conference. It can be used as a video chat session such as Skype; or a more sophisticated set-up such as an international two-way video conference with many participants. Web conferencing categories: Audio conferencing Video conferencing Webinars Real time conferencing

What Kinds of Digital Evidence Indicates Online Auction Fraud?

Digital Evidence of Online Auction Fraud

Here’s where to look for evidence of online auction fraud…

Answer: Account data at online auction sites Accounting or bookkeeping software Address books Customer information or credit card data Databases Internet browser history of cache files Digital camera software Email, correspondence, notes Financial records

What Kinds of Evidence Suggest a Death Investigation?

Evidence of a Death Investigation

Here’s where to look for evidence of death investigation…

Answer: Address books Diaries Email and other correspondence Financial records Images Internet activity logs Will and other legal documents Medical records Telephone records

What Should an Evidence Examiner’s Report Include?

Elements of An Evidence Examiner’s Report

An evidence Examiner should keep meticulous notes throughout his search…

Answer: Take notes when interviewing investigator Preserve copy of the search authority and chain of custody document Detail each action taken, including date, time, complete description of action and results Note operating system name software and patches.

When are Multiple Warrants Recommended in a Cyber Investigation?

Need for Multiple Warrants in a Cyber Investigation:

A federal search warrant usually applies only to territory in the jurisdiction of the District Court issuing the warrant. Investigators embarking in a search of a computer network may not know in advance where all the files are located…

Answer: …it may be located on computer systems in another District. In instances where agents suspect data may be stored in more than one district, investigators should consider seeking warrants for several districts to ensure that the evidence collected in the search is admissible in court.

Where Can Evidence of Child Exploitation be Found?

Finding Evidence of Child Exploitation

Here’s where to look for evidence of child exploitation…

Answer: Chat logs Date and time stamps Digital camera software Email and other correspondence Games Graphic editing and viewing software Director and file names that describe images Internet logs Images Movie files

Where Can Evidence of Economic Fraud be Found?

Evidence of Economic Fraud

Here’s where to look for evidence of economic fraud…

Answer: Check, currency and money order images Credit card skimmers Images of signatures False financial forms Fraudulent Identification

Where Can Evidence of Email Threats Be Found?

Evidence of Email Threats

Here’s where to look for evidence of email threats…

Answer: Internet activity logs Legal documents Telephone records Background research on victim Email and other correspondence Financial records

Where Can Evidence of Extortion be Found?

Evidence of Extortion

Here’s where to look for evidence of extortion…

Answer: Date and time stamps Email and other correspondence History log Internet activity log Temporary internet files User names

Where Can Evidence of Gambling be Found?

Evidence of Gambling

Here’s where to look for evidence of gambling…

Answer: Database of customers and player records Customer credit card information Electronic currency Statistics on sports betting Image players

Where can Evidence of Narcotics Trafficking be Found?

Evidence of Narcotics Trafficking

Here’s where to look for evidence of narcotics trafficking…

Answer: Address book Calendar Databases Drug recipes False identification Email and other correspondence Financial records Prescription forms Internet activity log

Where can Evidence of Prostitution be Found?

Evidence of Prostitution

Here’s where to look for evidence of prostitution…

Answer: Address books and calendars Biographies Customer databases False identification Financial records Medical records Web advertising Internet activity log

Where Can Evidence of Software Piracy be Found?

Evidence of Software Piracy

Here’s where to look for evidence of software piracy…

Answer: Chat logs Email and other correspondence Image files of software certificates Internet activity logs Serial numbers Software cracking utilities

Where Can Evidence of Telecommunications Fraud Be Found?

Evidence of Telecommunications Fraud

Here’s where to look for evidence of telecommunications fraud…

Answer: Cloning software and customer records Electronic serial number /Mobile identification pair records Email and other correspondence Financial records Manuals on how to Phreak Internet activity and telephone records

Where Evidence of Computer Intrusion Can be Found?

Evidence of Computer Intrusion

Here’s where to look for evidence of computer intrusion…

Answer: Address books Configuration files Email and other correspondence Executable programs Internet activity logs IP addresses and usernames Internet relay chat logs Text files with usernames and passwords Source code

Windows 7 Problem Resolution

True or false? In Windows 7, many common problems are resolved transparently, requiring little, if any, user interaction.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Unfortunately, even modern versions of the Windows operating system, such as Windows 7, are occasionally subject to errors. The good news is that the built-in diagnostic tools as well as other recovery tools are available to guide you through troubleshooting OS problems.

Windows Homegroups

True or false? Homegroups were introduced in Windows Vista.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Windows 7 provides a feature called HomeGroup that allows computers to share pictures, music, videos, documents, and printers with other computers in the same homegroup. To create a homegroup, you must be running Windows 7 Home Premium, Professional, Ultimate, or Enterprise.

Windows Network Connectivity

By default, Windows network interfaces connect by:

  1. Static IP Address
  2. DHCP
  3. Wake-on-LAN
  4. Domain

Answer: The correct answer is 2.

Breakdown: By default, Windows network connections are configured to use DHCP.

Windows User Accounts

True or false? The two types of user accounts are computer administrator and standard user.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: Windows 7 and Windows Vista support two general types of user accounts: computer administrator and standard user. Administrators have full control of the computer, while standard user accounts can use programs but cannot make system changes that affect other user accounts.

Acceptable Internet Use Policy

The organization routinely has issues with employees using all of the available bandwidth on their Internet link for non-work related tasks. How should the company go about defining an acceptable Internet use policy?

  1. The company should mandate that employees only use personal mobile devices to access the Internet for non-work related use.
  2. The company should institute a request system for accessing the Internet for non-work related use.
  3. The company should update their acceptable use policy for use of the corporate network to specify that Internet access is only for work-related use. Exceptions can be made for the occasional personal email.

Answer: The correct answer is 3.

Breakdown: An acceptable use policy should be created as part of the overall information security policy to define which actions are acceptable to be done on employee computing platforms. In the case above, the detrimental impact to throughput on the corporate network due to employee personal Internet usage should be cited and used to justify usage restrictions. An exemption for occasional personal use such as sending personal email can be made to accommodate reality and to make the policy less onerous on employees.

Vendor Minimum Obligations Document

The organization’s HR system has been outsourced and all of the accounting personnel responsible for payroll have complained the system is slow. What document should be reviewed to see if the vendor is meeting the minimum obligations for how they are delivering the service?

  1. NDA
  2. Vendor contract
  3. Purchase order
  4. SLA

Answer: The correct answer is 4.

Breakdown: A service level agreement (SLA) is put in place between two organizations to establish a baseline for services provided from one organization to another. Most commonly, SLAs pertain to transaction-level performance such as up time or certain response time for transactions, but can also be used for nontechnical services such as time for hardware replacement or repair.

Security Events vs. Security Incidents

Which of the following are examples of security incidents? (Choose all that apply)

  1. Malicious port scan
  2. Worm infection on network
  3. DDos attack on corporate Web server
  4. IIS attack against corporate Apache Web server
  5. Employee theft of confidential data

Answer: The correct answer is 2, 3, and 5.

Breakdown: Not every attack encountered by an enterprise is a security incident. To focus the limited resources at their disposal, security professionals delineate between security events and security incidents based on risk. A security event is any activity that takes place that does not pose a risk to the organization such as when an IIS attack is launched against an Apache web server. A security incident occurs when an attack is successful or there is significant risk associated with the event.

Organizational Security Stakeholders

True or false? Organizational security stakeholders can include members from any business discipline.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: Stakeholders can include anyone with an interest in the outcome of the organization or a specific project regardless of business discipline. Stakeholders can include members of the same organization or members of a different organization.

Application Development and Security Policy

With regards to an organization’s security policy, which business discipline is responsible for application development?

  1. Finance
  2. IT department
  3. Training group
  4. Programming group

Answer: The correct answer is 4.

Breakdown: The programming group develops and maintains an enterprise’s applications. It is important to work with programmers during the development stage in order to identify security issues and mitigate them prior to application release.

Waterfall Development Methodology and Organizational Security

In the waterfall development methodology, what phase follows the requirements phase?

  1. Verification
  2. Implementation
  3. Maintenance
  4. Design

Answer: The correct answer is 2.

Breakdown: The waterfall model was developed for technology project management, but can also be applied to implementing secure solutions. There are five phases to this model: Requirements Design Implementation Verification Maintenance

VoIP Deployment Concerns

Which of these is the most important when it comes to VoIP deployment concerns?

  1. Security controls
  2. How many people are in the organization
  3. Network latency and capacity
  4. Number of firewalls

Answer: The correct answer is 1.

Breakdown: Security is typically assumed across traditional phone lines and over cellular networks, but it becomes more of a challenge for VoIP networks where communication can be more easily intercepted and spoofed. Where security concerns are present due to the potential insecurity of the network, both end-to-end encryption and mutual authentication of both parties should be implemented.

Unified Communications Technologies Definition

True or false? The unified communications technologies definition refers to the integration of older communications technologies with newer Internet and cloud-based technologies.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: The concept of Unified Communications (UC) is the integration of a large number of communication technologies that traverse a wide range of networking technologies. While some technologies traverse older technologies such as phone or traditional data networks, the US is rapidly shifting to be carried largely by the various Internet technologies such as the cloud.

Security Best Practices for Mobile Devices

Which is NOT one of the security best practices for mobile devices?

  1. Screen lock
  2. Device encryption
  3. Logging phone calls
  4. Strong password

Answer: The correct answer is 3.

Breakdown: Lost or stolen mobile devices pose a tremendous risk to organizations. Employing some key security best practices for mobile devices can help to minimize these risks: Enable screen lock Require a strong password Require remote wipe/sanitization Configure device encryption

VoIP Traffic Encryption Obstacles

Which is one of the possible VoIP traffic encryption obstacles?

  1. Network cables don’t have encryption built in.
  2. Network doesn’t have enough capacity/throughput to support it.
  3. IDS isn’t able to read encrypted traffic.
  4. VoIP doesn’t support encryption.

Answer: The correct answer is 2.

Breakdown: End-to-end encryption is one of the minimum set of security controls that should be implemented for VoIP, however, the overhead to implement encryption may degrade service delivery due to insufficient throughput on the network.

Security of Email Communications Technologies

When considering the security of email communications technologies, which of the following is not something that you need to worry about?

  1. Security of the server
  2. Security of the email client
  3. Encrypting the email in transit
  4. Susceptibility of the user to phishing

Answer: The correct answer is 2.

Breakdown: Email is largely an “insecure by default” set of protocols, but a basic set of security precautions must be implemented to minimize risk. These consist of protecting email in transit by using encryption, securing the email server(s), and protecting those reading emails in the form of antivirus software and user education to be alert to phishing schemes and other social engineering exploits. Security of the email client falls outside of the scope of the email infrastructure and onto the realm of computer and application security.

Security Issues in System Decommissioning

Which of the following are security issues in system decommissioning?

  1. Data left on devices.
  2. Availability of services once the system is decommissioned.
  3. Not having the piece of hardware anymore.
  4. All of the above.

Answer: The correct answer is 1.

Breakdown: All technology solutions reach the point where they no longer meet business needs or a new solution is put in place to meet those needs. Often, decommissioned systems contain large amounts of the organization’s data which needs to be properly disposed of before the system is completely decommissioned. Failure to do so can result in significant data breaches which subsequently can exact a heavy toll.

New Technology Deployment Concerns

What new technology deployment concerns are significant operational concerns with regard to information security?

  1. New personnel who haven’t taken annual awareness training.
  2. New processes required to support the security of the technology.
  3. Less IT resources for administration.
  4. More developed code in the organization.

Answer: The correct answer is 2.

Breakdown: When a new technology is deployed, information security needs to take into account how the day-to-day operational activities of the security group will change to account for the new solution. These operational activities need to take into consideration the emerging threat and vulnerabilities the new technology solution introduces into the data environment and the additional security operations required to maintain the security of the new system.

Security Issues Remediation Cost

In the SDLC, in which phase is the security issues remediation cost highest?

  1. Requirements Analysis
  2. Project Planning
  3. Testing/Quality Assurance
  4. Implementation

Answer: The correct answer is 3.

Breakdown: Fixing defects along with security concerns becomes progressively more expensive the further into the SDLC they are discovered. Identifying and fixing defects in the Testing/QA phase is much more expensive than if they were anticipated and accounted for during the requirements analysis phase.

Address Range of Class B Network Addresses

What is the address range of Class B network addresses in binary?

  1. 01xxxxxx
  2. 0xxxxxxx
  3. 10xxxxxx
  4. 110xxxxx

Answer: The correct answer is 3.

Breakdown: The range of a Class B network address is 128-191, which in binary is 10xxxxxx.

Application Layer TCP/IP Protocols

Which are application layer TCP/IP protocols in OSI model? (Choose all that apply)

  1. IP
  2. TCP
  3. Telnet
  4. FTP
  5. TFTP

Answer: The correct answer is 3, 4 and 5.

Breakdown: Telnet, FTP, and TFTP are all Application layer protocols. IP is a Network layer protocol and TCP is a Transport layer protocol.

ARP Request For Remote Host

Which of the following allows a router to respond to an ARP request for a remote host?

  1. Gateway DP
  2. Reverse ARP (RARP)
  3. Proxy ARP
  4. Inverse ARP (IARP)
  5. Address Resolution Protocol (ARP)

Answer: The correct answer is 3.

Breakdown: Proxy Address Resolution Protocol (ARP) can help machines on a subnet reach remote subnets without configuring routing or a default gateway.

Basic Router Functions

Which of the following are basic router functions? (Choose all that apply)

  1. Packet switching
  2. Collision prevention
  3. Packet filtering
  4. Broadcast domain enlargement
  5. Internetwork communication
  6. Broadcast forwarding
  7. Path selection

Answer: The correct answer is 1, 3, 5 and 7.

Breakdown: Routers operate at Layer-3 of the OSI model and provide packet switching, packet filtering, internetwork communications, and path selection.

Binary Number Decimal and Hexadecimal Equivalents

For the following binary number: 10110111 What are the decimal and hexadecimal equivalents?

  1. 69/0x2102
  2. 183/B7
  3. 173/A6
  4. 83/0xC5

Answer: The correct answer is 2.

Breakdown: Converting to decimal: 10110111 = 128 + 32 + 16 +4 + 2 + 1 = 183. Breaking the bits into 4-bit nibbles: 1011 0111 we get 11 and 7 decimal, which is 0xB7 in hexadecimal.

Browser Security Settings

What applet would you use to change your browser security settings?

  1. The Action Center
  2. Windows Firewall
  3. Internet Options
  4. System Protection

Answer: The correct answer is 3.

Breakdown: The Internet Options, or Internet Properties, d

Calculate Maximum Number of IP Addresses

Calculate the maximum number of IP addresses that can be assigned to hosts on a local subnet that uses the 255.255.255.224 subnet mask.

  1. 14
  2. 15
  3. 16
  4. 30
  5. 31
  6. 62

Answer: The correct answer is 4.

Breakdown: A /27 subnet mask is 3 bits on and 5 bits off. This provides 8 subnets, each with 30 hosts.

Calculate Subnets and Hosts Number

Calculate the number of subnets and hosts from the following network address: 172.16.0.0/19.

  1. 7 subnets, 30 hosts each
  2. 7 subnets, 2,046 hosts each
  3. 7 subnets, 8,190 hosts each
  4. 8 subnets, 30 hosts each
  5. 8 subnets, 2,046 hosts each
  6. 8 subnets, 8,190 hosts each

Answer: The correct answer is 8.

Breakdown: A /19 subnet mask has 3 ones in the third octet (111111111 11111111 111), hence 2^3 = 8 subnets. Taking the remaining ones bits (13): 2^13 = 8192, then subtracting two: 8192 – 2 = 8190 hosts available in the subnet.

Carry out security activities across the technology life cycle

Carrying out the security in business.

Enterprise security provides objective advice so that technology and vendor selections can accommodate the organizational requirements. A security professional aids in addressing the entire business security life cycle with services and solutions that include:

Answer: Developing security strategies and roadmaps Helping to achieve governance, risk, and compliance needs Creating payment card industry solutions Installing and assisting with infrastructure Managing threats and vulnerabilities

Categorizing Security Controls by Time of Response to the Incident

Security controls can be categorized by the time they can be implemented in accordance to the incident. What are those categorizations?

To help examine or design security controls, they can be categorized by several criteria, very commonly, the duration of time that they act in response to a security incident: Before the event: preventive controls are proposed to prevent an incident from occurring; for example, using video monitors to watch for trespassers. During the event: detective controls are intended to identify and assess an incident in progress; for example, triggering an intruder alarm and alerting authorities. After the event: corrective controls are intended to minimize damage caused by the incident; for example, returning the organization to normal working status as efficiently as possible.

Characteristics of ICMP Packets

Which statements are true regarding the characteristics of ICMP packets? (Choose all that apply)

  1. ICMP guarantees datagram delivery.
  2. ICMP can provide hosts with information about network problems.
  3. ICMP is encapsulated within IP datagrams.
  4. ICMP is encapsulated within UDP datagrams.

Answer: The correct answer is 2 and 3.

Breakdown: ICMP provides hosts with information about network problems such as destination unreachable messages supported by the ping command. ICMP is encapsulated within IP datagrams.

Characteristics of the DHCP Discover Message

Which of the following describe characteristics of the DHCP discovery message? (Choose all that apply)

  1. It uses FF:FF:FF:FF:FF:FF as a layer 2 broadcast.
  2. It uses UDP as the Transport layer protocol.
  3. It uses TCP as the Transport layer protocol.
  4. It does not use a layer 2 destination address.

Answer: The correct answer is 1 and 2.

Breakdown: The layer 2 broadcast for DHCP is all Fs in hex: FF:FF:FF:FF:FF

Cisco Router Ambiguous Command Error

You type Router#sh ru and receive an % ambiguous command error. Why did you receive this Cisco router ambiguous command error?

  1. The command requires additional options or parameters.
  2. There is more than one show command that starts with the letters ru.
  3. There is no show command that starts with ru.
  4. The command is being executed from the wrong router mode.

Answer: The correct answer is 2.

Breakdown: This error means that there is more than one possible command that starts with ru — it’s ambiguous. You should use a question mark to find the correct command.

Cisco Router Command o/r

What does the Cisco router command o/r 0x2142 provide?

  1. Used to restart the router.
  2. used to bypass the configuration in NVRAM.
  3. Used to enter ROM Monitor mode.
  4. Used to view the lost password.

Answer: The correct answer is 2.

Breakdown: The default configuration setting is 0x2102, which tells the router to load the IOS from flash memory and the router configuration from NVRAM. The 0x2142 setting tells the router to bypass the configuration in NVRAM in order to perform password recovery.

Cisco Router Command to find Broadcast Address

You need to find the broadcast address used on a LAN on your router. What command do you need to type into the router from user mode to find the broadcast address?

  1. show running-config
  2. show startup-config
  3. show interfaces
  4. show protocols

Answer: The correct answer is 3.

Breakdown: The show interfaces command will provide the IP address and mask for each interface on the router. From there, you can then determine the mask in order to calculate the broadcast address for a LAN.

Cisco Router Debug IP RIP Command

You type the Cisco router debug ip rip command on your router console and see that 172.16.10.0 is being advertised with a metric of 16. What does this mean?

  1. The router is 16 hops away.
  2. The route has a delay of 16 microseconds.
  3. The route is inaccessible.
  4. The route is queued at 16 messages per second.

Answer: The correct answer is 3.

Breakdown: It’s important to remember that you cannot have 16 hops on a RIP network by default. If you receive a route advertised with a metric of 16, then this means it’s inaccessible.

Cisco Router Default Routes

If the routing table in your Cisco router has a static, a RIP, and an IGRP route to the same network, which route will be used as the default route for packets destined for this network?

  1. Any available route
  2. RIP route
  3. Static route
  4. IGRP route
  5. They will all load-balance

Answer: The correct answer is 3.

Breakdown: Remember that static routes have an administrative distance (AD) of 1 by default. Unless this has been changed in the router’s configuration, a static route will always be used over any other found route. IGRP has an AD of 100 and RIP has an AD of 120 by default.

Cisco Router IP Source and Destinations

A Cisco router receives an IP packet with a source IP address of 192.168.214.20 and a destination address of 192.168.22.3. Looking at the output from the router shown below, what will it do with this packet? Copr#sh ip route [output cut] R 192.168.215.0 [120/2] via 192.168.20.2, 00:00:23, Serial0/0 R 192.168.115.0 [120/1] via 192.168.20.2, 00:00:23, Serial0/0 R 192.168.30.0 [120/1] via 192.168.20.2, 00:00:23, Serial0/0 C 192.168.20.0 is directly connected, Serial0/0 C 192.168.214.0 is directly connected, FastEthernet0/0

  1. The packet will be discarded.
  2. The packet will be routed out the S0/0 interface.
  3. The router will broadcast looking for the destination.
  4. The packet will be routed out the Fa0/0 interface.

Answer: The correct answer is 1.

Breakdown: Since the routing table shows no route to the 192.168.22.0 network, the router will discard the packet and send an ICMP destination unreachable out the interface FastEtherent0/0, which is the source LAN where the packet originated from.

Cisco Router Running-Config Command

You type show running-config and get this output: [output cut] Line console 0 Exec-timeout 1 44 Password 7098C0BQR Login [output cut] What do the two numbers following the exec-timeout command mean?

  1. If no command has been typed in 44 seconds, the console connection will be closed.
  2. If no router activity has been detected in 1 hour and 44 minutes, the console will be locked out.
  3. If no commands have been typed in 1 minute and 44 seconds, the console connection will be closed.
  4. If you’re connected to the router by a Telnet connection, input must be detected within 1 minute and 44 seconds or the connection will be closed.

Answer: The correct answer is 3.

Breakdown: The Exec-timeout value is in minutes and seconds, therefore, in this example, if no commands have been typed in 1 minute and 44 seconds, then the console connection will be closed.

Cisco Router Show Hosts Command

What information is displayed by the Cisco router show hosts command? (Choose all that apply)

  1. Temporary DNS entries.
  2. The names of the routers created using the hostname command.
  3. The IP addresses of workstations allowed access to the router.
  4. Permanent name-to-address mappings created using the ip host command.
  5. The length of time a host has been connected to the router via Telnet.

Answer: The correct answer is 1 and 4.

Breakdown: The show hosts command provides information on temporary DNS entries and permanent name-to-address mappings created using the ip host command.

Cisco Router Running-Config Command

You type show running-config and get this output: [output cut] Line console 0 Exec-timeout 1 44 Password 7098C0BQR Login [output cut] What do the two numbers following the exec-timeout command mean?

  1. If no command has been typed in 44 seconds, the console connection will be closed.
  2. If no router activity has been detected in 1 hour and 44 minutes, the console will be locked out.
  3. If no commands have been typed in 1 minute and 44 seconds, the console connection will be closed.
  4. If you’re connected to the router by a Telnet connection, input must be detected within 1 minute and 44 seconds or the connection will be closed.

Answer: The correct answer is 3.

Breakdown: The Exec-timeout value is in minutes and seconds, therefore, in this example, if no commands have been typed in 1 minute and 44 seconds, then the console connection will be closed.

Cisco Router Show Hosts Command

What information is displayed by the Cisco router show hosts command? (Choose all that apply)

  1. Temporary DNS entries.
  2. The names of the routers created using the hostname command.
  3. The IP addresses of workstations allowed access to the router.
  4. Permanent name-to-address mappings created using the ip host command.
  5. The length of time a host has been connected to the router via Telnet.

Answer: The correct answer is 1 and 4.

Breakdown: The show hosts command provides information on temporary DNS entries and permanent name-to-address mappings created using the ip host command.

Cisco Split Horizon

What is a split horizon with respect to Cisco routers?

The correct answer is 1.

Breakdown: A split horizon will not advertise a route back to the same router it learned the route from.

Class B Network Subnetting

For the following Class B network address: 172.16.45.14/30, what is the subnetwork this host belongs to?

Class B Subnetwork Host Address

For the following Class B Subnetwork host address, what would be the valid subnet address for this host?

  1. 172.16.112.0
  2. 172.16.0.0
  3. 172.16.96.0
  4. 172.16.255.0
  5. 172.16.128.0

Answer: The correct answer is 1.

Breakdown: The /25 mask is 255.255.255.128. When used with a Class B network, the third and fourth octets are used for subnetting with a total of 9 bits, 8 bits in the third octet and 1 bit in the fourth. This places the IP address 172.16.112.1/25 in the 0 subnet making its network address 172.16.112.0.

Class C Broadcast Address

You have an interface on a router with the IP address of 192.168.192.10/29. What is the broadcast address the hosts will use on this LAN?

  1. 192.168.192.15
  2. 192.168.192.31
  3. 192.168.192.63
  4. 192.168.192.127
  5. 192.168.192.255

Answer: The correct answer is 1.

Breakdown: A mask of /29 provides 5 subnet bits in the fourth octet with a block size of 8. This means that the IP address 192.168.192.10 is in the 8.0 subnet and the next subnet is 16.0, hence its broadcast address resides at 192.168.192.15.

Class C Subnetting

For a server on the following Class C subnetwork: 192.168.19.24/29, which address should you assign to the server, assuming the router has the first available host address?

  1. 192.168.19.0 255.255.255.0
  2. 192.168.19.33 255.255.255.240
  3. 192.168.19.26 255.255.255.248
  4. 192.168.19.31 255.255.255.248
  5. 192.168.19.34 255.255.255.240

Answer: The correct answer is 3.

Breakdown: A /29 mask is 255.255.255.248 which is a block size of 8 in the fourth octet. The subnets are 0, 8, 16, 32, etc. The IP address 192.168.19.24 is the 24 subnet, which means that 192.168.19.26 is within this subnetwork and is the next available host address after the router at 192.168.19.25.

Classful Subnet Mask

You need to subnet a network that has 5 subnets, each with at least 16 hosts. Which classful subnet mask would you use?

  1. 255.255.255.192
  2. 255.255.255.224
  3. 255.255.255.240
  4. 255.255.255.248

Answer: The correct answer is 2.

Breakdown: Since you need 5 subnets, each with at least 16 hosts, then the mask 255.255.255.224 which provides 8 subnets, each with 30 hosts is the best answer from all of the choices.

Computer Security Legislation

The Electronic Communications Privacy Act of 1986 deals with eavesdropping and the interception of message contents without discerning between private or public systems. This law updated the Federal privacy clause in the Omnibus Crime Control and Safe Streets Act of 1968 to include digitized voice, data, or video, whether transmitted over wire, microwave, or fiber optics. Court warrants are purposed to intercept wire or oral communications, except for phone companies, the FCC, and police officers that are involved through the consent of one of the parties.

The Computer Security Act of 1987 places mandates on federal government agencies to conduct security-related training, to pinpoint sensitive systems, and to develop a security plan for those sensitive systems. A category of sensitive information called Sensitive But Unclassified (SBU) has to be taken into account. This category, formerly known as Sensitive Unclassified Information (SUI), addresses information below the government’s classified level that is valuable enough to protect, such as medical information, financial information, and research and development knowledge. This act also divided the government’s responsibility for security between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). NIST was given the duty of monitoring information security in general, mainly for the commercial and SBU arenas, and NSA retained the duties for cryptography for classified government and military applications.

The Computer Security Act established the national Computer System Security and Privacy Advisory Board (CSSPAB) a twelve-member advisory group of experts in computer and telecommunications systems security.

The British Computer Misuse Act of 1990 deals with computer-related criminal offenses. The Federal Sentencing Guidelines of 1991 outlines punishment procedures for those found guilty of breaking federal law. Additional laws follow:

Answer: The OECD Guidelines to Serve as a Total Security Framework of 1992 includes laws, policies, technical and administrative measures, and education. The Communications Assistance for Law Enforcement Act of 1994 mandates that all communications carriers make wiretaps possible.

Configure Router to Use Internet

Network 206.143.5.0 was assigned to your company to connect to your ISP. As an administrator, you want to configure a router using the commands to use the Internet. Which of the following commands would you use to configure the Gateway router to allow Internet access to the entire network?

  1. Gateway(config)#ip route 0.0.0.0.0.0.0.0 206.143.5.2
  2. Gateway(config)#router rip
  3. Gateway(config-router)#network 206.143.5.0
  4. Gateway(config)#router rip
  5. Gateway(config)#ip route 206.143.5.0 255.255.255.0 default
  6. Gateway(config)#ip route 206.143.5.0 255.255.255.0 default
  7. Gateway(config)#ip default-network 206.143.5.0

Answer: The correct answer is 1 and 7.

Breakdown: You can set a default route with the 0.0.0.0.0.0.0.0 mask and then specify the next hop as in answer 1. You can also use the same mask and use the exit interface instead of the next hop (not one of the answer choices). Finally, you can use the ip default-network command.

Connection Oriented Session Reliability

A receiving host has failed to receive all of the segments that it should acknowledge. What can the host do to improve the connection oriented session reliability in this case?

  1. Send a different source port number.
  2. Restart the virtual circuit.
  3. Decrease the sequence number.
  4. Decrease the window size.

Answer: The correct answer is 4.

Breakdown: Windows controls how much information is transferred from one end to the other. If a receiving host fails to receive all the segments that it should acknowledge, the host can improve the communication session by decreasing the window size.

Connections That Can Use Full Duplex

Which of the following are connections that can use full duplex? (Choose all that apply)

  1. Hub to hub
  2. Switch to switch
  3. Host to host
  4. Switch to hub
  5. Switch to host

Answer: The correct answer is 2, 3 and 5.

Breakdown: The important point to remember is that hubs can’t run full-duplex. On the other hand, switches and hosts can run full duplexes between one another.

Data Stream Segmentation

Data stream segmentation occurs at which layer of the OSI model?

  1. Physical
  2. Data Link
  3. Network
  4. Transport

Answer: The correct answer is 4.

Breakdown: Services located in the Transport layer segment and reassemble data from upper-layer applications and unite it into the same data stream.

Delete Contents of Router NVRAM

Which command will delete the contents of router NVRAM?

  1. delete NVRAM
  2. delete startup-config
  3. erase NVRAM
  4. erase start

Answer: The correct answer is 4.

Breakdown: The erase startup-config command (erase start) erases the contents of NVRAM and will place the router in setup mode if the router is subsequently restarted.

Determine Subnetwork Address From Host Address

Determine the subnetwork address for a host with the following IP address: 200.10.5.68/28.

  1. 200.10.5.56
  2. 200.10.5.32
  3. 200.10.5.64
  4. 200.10.5.0

Answer: The correct answer is 3.

Breakdown: The /28 subnet mask is: 255.255.255.240, which makes the block size 2^4 = 16. Then 2^16 = 64, which means that the host is in the 64 subnet: 200.10.5.64.

Distance-Vector and Link-State Protocols

Which of the following are true of distance-vector and link-state routing protocols? (Choose all that apply)

  1. Link state sends its complete routing table out all active interfaces on periodic time intervals.
  2. Distance vector sends its complete routing table out all active interfaces on periodic time intervals.
  3. Link state sends updates containing the state of its own links to all routers in the internetwork.
  4. Distance vector sends updates containing the state of its own links to all routers in the internetwork.

Answer: The correct answer is 2 and 3.

Breakdown: The distance-vector routing protocol sends its complete routing table out all active interfaces at periodic time intervals. Link-state routing protocols send updates containing the state of its own links to all routers in the internetwork.

EIGRP Information Held in RAM

Which EIGRP information is held in RAM and maintained through the use of Hello and update packets? (Choose all that apply)

  1. Neighbor table
  2. STP table
  3. Topology table
  4. DUAL table

Answer: The correct answer is 1 and 3.

Breakdown: EIGRP holds three tables in RAM: Neighbor table Topology table Routing table The neighbor and topology tables are built and maintained with the use of Hello packets.

EIGRP Successor Routes Storage

Where are EIGRP successor routes stored?

  1. In the routing table only
  2. In the neighbor table only
  3. In the topology table only
  4. In the routing table and neighbor table
  5. In the routing table and the topology table
  6. In the topology table and the neighbor table

Answer: The correct answer is 5.

Breakdown: Successor routes are stored in the routing table since they are the best path to a remote network. However, the topology table has a link to each and every network, thus making the best answer the topology and routing table.

Enlarging Coverage Area With Layer 1 Devices

For enlarging coverage areas with Layer 1 devices for a single LAN segment, which devices do you use? (Choose all that apply).

  1. Switch
  2. NIC
  3. Hub
  4. Repeater
  5. RJ45 transceiver

Answer: The correct answer is 3 and 4.

Breakdown: A hub and repeater, which is essentially a hub, will enlarge a single-collision domain.

Entering New Router Configuration

When installing a new router with an existing configuration what should you do before entering a new router configuration on the router?

  1. RAM should be erased and the router restarted.
  2. Flash should be erased and the router restarted.
  3. NVRAM should be erased and the router restarted.
  4. The new configuration should be entered and saved.

Answer: The correct answer is 3.

Breakdown: Before configuring the router, you should erase the NVRAM using the erase startup-config command and then reload the router using the reload command.

Enterprise Configuration Management of Mobile

Know the practice of configuration management for enterprise mobile.

After determining how you can best protect the mobile devices on your corporate network from viruses and malware, you need to formulate the plan for remotely enforcing policies for…

Answer: …device management and security. Remote device management policies usually cover configuration management and application management. Configuration management involves usage of IT-approved software versions of supported mobile platforms. If you cannot pinpoint a single solution try to curtail the number of systems you would need to deploy. Configuration management includes elements such as: managing the OS version of mobile devices; application and security patches; or accommodating any other desired corporate policy.

ESA Basics

What are ESAs used for?

  1. Network protection
  2. Service level agreements
  3. Vulnerability scanning
  4. Define baseline for discovering and treating risks

Answer: The correct answer is 4.

Breakdown: Enterprise security assessment (ESA) frameworks are used to define the baseline for discovering and treating risks. They start with an analysis of the risk and quantification of how internal and external threats and vulnerabilities manifest themselves to the organization and from there, proceed to the treatment of each specific threat, vulnerability, and risk.

External Communications Security

Considerations regarding the security principles of external communications.

External communication is the exchanging of information and messages between an organization and other organizations, groups, associates and individuals outside its formal structure. External communication has several…

Answer: …objectives, one of which is to foster cooperation among groups, such as suppliers, investors, and stockholders; and to promote a positive image of an organization and its products or services to potential and existing customers. Several different mediums are employed for external communication such as print or broadcast media, in-person meetings, and electronic communication technologies, such as the web. To protect both the information elements and communications, the system applies a set of security mechanisms.

Financial Considerations of Adding New Technologies

When adding new technologies or services to the business, which step should contain financial discussions?

  1. RFP
  2. RFC
  3. RFQ
  4. RFI

Answer: The correct answer is 3.

Breakdown: Request for Quotations (RFQ) is the step where money finally starts to enter the contract process. After the list of competing vendors is narrowed down, an RFQ is sent to each competitor to discuss the pricing of the solutions being offered.

Find Hardware Address of Local Devices

What protocol is used to find the hardware addresses of local devices on a network?

  1. RARP
  2. ARP
  3. IP
  4. ICMP
  5. BootP

Answer: The correct answer is 2.

Breakdown: Address Resolution Protocol (ARP) is used to find the hardware address (MAC address) of a device from its IP address.

Find IP Address of Remote Switch

You need to find the IP address of a remote switch that is located in Hawaii. What can you do to find the address?

  1. Contact the IT admin at the Hawaii office and have them provide it to you.
  2. Issue the show ip route command on the router connected to the switch.
  3. Issue the show cdp neighbor command on the router connected to the switch.
  4. Issue the show ip arp command on the router connected to the switch.
  5. Issue the show cdp neighbors detail command on the router connected to the switch.

Answer: The correct answer is 5.

Breakdown: You should issue the show cdp neighbors detail command on the router connected to the switch in order to find the IP address of the switch. Of course getting a trip to Hawaii would be nice, but management might not react favorably if you were to propose that as a solution.

IDPS vs. Firewalls

What is the primary purpose of intrusion detection and prevention systems (IDPS) when compared to firewall systems?

  1. A firewall blocks all attacks; IDPS informs us if the firewall was successful.
  2. IDPS will notify the system administrator at every possible attack that has occurred, whether successful or unsuccessful.
  3. A firewall reports all attacks to the IDPS.
  4. IDPS logs and notifies the system administrator of any suspected attacks but may not recognize every attack.

Answer: The correct answer is 4.

Breakdown: The IDPS keeps the transaction log and alerts the system administrator of any suspected attacks. The IDPS can use statistical behavior or signature files to determine whether an attack has occurred.

IEEE Ethernet Frame Header

Which fields are contained within an IEEE Ethernet frame header? (Choose all that apply)

  1. Source and destination MAC address.
  2. Source and destination network address.
  3. Source and destination MAC address and source and destination network address.
  4. FCS field.

Answer: The correct answer is 1 and 4.

Breakdown: An Ethernet frame contains source and destination MAC addresses, an Ether-Type field to identify the Network layer protocol, the data payload, and the Frame Check Sequence (FCS) field that holds the CRC used for error detection.

IGRP to EIGRP Gradual Migration

Your company is running IGRP using an Autonomous System (AD) of 10. You want to configure EIGRP on the network but want to migrate gradually to EIGRP without configuring redistribution. What command would allow you to migrate over time to EIGRP without configuring redistribution?

  1. router eigrp 11
  2. router eigrp 10
  3. router eigrp 10 redistribute igrp
  4. router igrp combine eigrp 10

Answer: The correct answer is 2.

Breakdown: If you enable EIGRP on a router with the same AS number, EIGRP will automatically redistribute IGRP into EIGRP. This will cause the IGRP injected routes to appear as external (EX) routes with an EIGRP AD of 170. This feature permits the gradual migration to EIGRP with no extra configuration.

IP Address Classes

What is the class of IP address 10.1.2.3?

  1. Class A
  2. Class B
  3. Class C
  4. Class D

Answer: The correct answer is 1.

Breakdown: Class A IP addresses are in the range of 10.0.0.0-10.255.255.255

IP Hosts Assignment

You have an interface on a router with the IP address of 192.168.192.10/29. Including the interface, how many hosts can have IP addresses on the LAN attached to the router interface?

  1. 6
  2. 8
  3. 30
  4. 62
  5. 126

Answer: The correct answer is 1.

Breakdown: A mask of /29 provides 5 bits for subnets and 3 for hosts. Therefore, 2^3 = 8. Subtract 2 for the network and broadcast addresses and that leaves 6 total hosts, including the router interface, that can be assigned to this subnetwork.

Layer 2 Bridge Segmentation

What are two purposes served by Layer 2 bridge segmentation?

  1. To add more broadcast domains.
  2. To create more collision domains.
  3. To add more bandwidth for users.
  4. To all more broadcasts for users.

Answer: The correct answer is 2 and 3.

Breakdown: By breaking up collision domains, bridges allow for more bandwidth for users.

Layer 4 Protocol For Telnet Connection

Which layer 4 protocol is used for a Telnet connection?

  1. IP
  2. TCP
  3. TCP/IP
  4. UDP
  5. ICMP

Answer: The correct answer is 2.

Breakdown: Though Telnet uses both TCP and IP, it is TCP that resides at layer 4 of the OSI protocol stack.

Layers in the TCP/IP Model

Which of the following are layers in the TCP/IP model? (Choose all that apply)

  1. Application
  2. Session
  3. Transport
  4. Internet
  5. Data Link
  6. Physical

Answer: The correct answer is 1, 3 and 4.

Breakdown: Remember that the TCP/IP model is the DoD model, which contains fewer layers than the TCP/IP stack: Process/Application, Host-to-Host (Transport), Internet (Network), and Network Access.

Mobile Device Sensors

In some mobile devices, shaking the device results in undoing a previous action. This is due to which motion sensor?

  1. Accelerometer
  2. Gyroscope
  3. Magnetometer
  4. GPS

Answer: A. The correct answer is 1.

Breakdown: An accelerometer is an internal sensor in a mobile device that detects and measures motion such as vibration or acceleration. Shaking a mobile device, in some instances, will result in an undo operation within an app or system utility. In addition, accelerometers also sense orientation and can reorient the screen display between portrait and landscapes modes depending on the detected position of the device.

Network Medium Not Susceptible to EMI

Which type of cabling should you use to implement a network medium not susceptible to EMI?

  1. Thicknet coax
  2. Thinnet coax
  3. Category 5 UTP cable
  4. Fiber-optic cable

Answer: The correct answer is 4.

Breakdown: Where cost is not a deciding factor, fiber-optic cables provide a more secure, long-distance cable that is not susceptible to electro-magnetic interference (EMI) at high speeds.

Network Segmentation and Its Advantages

What is network segmentation and what are the advantages that it presents?

Network segmentation in computer networking is the process or profession of dividing a computer network into sub-networks, each being a network segment or network layer. The advantages of such splitting are mainly for elevating performance and strengthening security, as well as: click to view

Answer: Reduced congestion: Improved performance is evident because on a segmented network, there are fewer hosts per sub-network, reducing local traffic. Improved security: Broadcasts will be contained to the local network. Internal network structure will not be visible from outside. Containing network problems: It curbs the effect of local failures on other parts of the network.

No Routes Viewed in OSPF Routing Table

You type the following into a router: Router(config)#router ospf 1 Router(config-router)#network 10.0.0.0 255.0.0.0 area 0 But you can’t see any routes in the routing table. What configuration error did you make?

  1. The wildcard mask is incorrect.
  2. The OSPF area is wrong.
  3. The OSPF Process ID is incorrect.
  4. The AS configuration is wrong.

Answer: The correct answer is 1.

Breakdown: The error is having typed in the wrong wildcard mask configuration. The wildcard needs to be 0.0.0255.

Order of Data Encapsulation

For the order of data encapsulation which of the following is correct?

  1. Data, frame, packet, segment, bit
  2. Segment, data, packet, frame, bit
  3. Data, segment, packet, frame, bit
  4. Data, segment, frame, packet, bit

Answer: The correct answer is 3.

Breakdown: When data is encapsulated the ordering is: data, segment, packet, frame, bit.

Preventing Routing Loops

Which are features of distance-vector routing protocols that are used to prevent routing loops? (Choose all that apply).

  1. Reverse path forwarding (RPF) check
  2. Split horizon
  3. Poison reverse
  4. Rendezvous point

Answer: The correct answers are 2 and 3. Split horizon: The split horizon feature prevents a route learned on one interface from being advertised back out of that same interface. Poison reverse: The poison reverse feature causes a route received on one interface to be advertised back out of that same interface with a metric considered to be infinite.

Printer Sharing

True or false? A shared printer is the same thing as a network printer.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: There are two ways to share printers: by sharing a local printer (a printer connected to your computer) or by setting up a printer directly connected to the network (network printer).

Prioritizing Traffic and Data Flow with Quality of Service (QoS)

Define Quality of Service (QoS) as it refers to data flow priorities within a network.

In the profession of computer networking and other packet-switched telecommunication networks, the traffic engineering term Quality of Service (QoS) refers to resource reservation control mechanisms rather than the achieved service quality. Quality of service is the capability of offering different priorities to different applications, users, or data flows, or to assure a certain level of performance to a data flow. For instance, a required…

Answer: …bit rate, delay, jitter, packet dropping probability and/or bit error rate may be guaranteed. Quality of service guarantees are invaluable if the network capacity is inadequate, particularly for real-time streaming multimedia programs such as voice over IP, online games, and IP-TV, since these often need a fixed bit rate and are delay sensitive, and in networks where the capacity is limited, for example in cellular data communication. If network congestion is not apparent, QoS mechanisms are not required.

Private IP Addresses

Which of the following are private IP addresses? (Choose all that apply)

  1. 12.0.0.1
  2. 168.172.19.39
  3. 172.20.14.36
  4. 172.33.194.30
  5. 192.168.24.43

Answer: The correct answer is 3 and 5.

Breakdown: The Class A private address range is 10.0.0.0 – 10.255.255.255. The Class B private address range is 172.16.0.0 – 172.31.255.255 and the Class C private address range is 192.168.0.0. – 192.168.255.255.

Privilege Escalation in Web Applications

Does privilege escalation play a similar role in web application security, as it does in network security?

As we have discussed before, privilege escalation is the act of exposing a bug or design error in a software application to gain access to…

Answer: …resources that otherwise would have been safeguarded from an application or user. The outcome is the application performs actions with more privileges than intended by the application developer or system administrator.

Protocol to Automate IP Configuration

Which is a protocol to automate IP configuration including IP address, subnet mask, default gateway, and DNS information?

  1. SMTP
  2. SNMP
  3. DHCP
  4. ARP

Answer: The correct answer is 3.

Breakdown: Dynamic Host Configuration Protocol (DHCP) is used to provide IP information to hosts on a network, most importantly, the assignment of IP addresses, a subnet mask, a default gateway, and DNS information.

Protocols that Employ VoIP

What are the protocols that employ VoIP?

Voice over IP has been applied in different ways using both private and open protocols and standards. Examples of network protocols that employ VoIP: click to view

Answer: H.323 Media Gateway Control Protocol (MGCP) Session Initiation Protocol (SIP) Real-time Transport Protocol (RTP) Session Description Protocol (SDP) Inter-Asterisk eXchange (IAX) The H.323 protocol was one of the first VoIP protocols that found extensive implementation for long-distance traffic and localized network services. Since the arrival of newer and less complicated protocols, such as MGCP and SIP, H.323 usage is increasingly limited to carrying existing long-haul network traffic. For example, the Session Initiation Protocol (SIP) has gained broad VoIP market penetration. A noteworthy proprietary implementation is the Skype protocol, which is in part based on the precepts of peer-to-peer (P2P) networking.

Purpose, Use and Examples of Warning Banners

Define Warning Banners, then provide the purpose and use examples of them.

Warning banners: A widely used method for computer access is the use of warning banners. Warnings are an effective tool for providing adequate notice regarding the obligations and responsibilities entailed with using the server and networking environments. The purpose of warning banners:

Answer: From a legal standpoint, they establish the level of expected privacy and serve as consent to real-time monitoring from a business standpoint. Real-time monitoring can be conducted for security reasons, business reasons, or technical network performance reasons. These banners tell users that their connection to the network signals their consent to monitoring The warning banners can be established by the system or network administrator’s common authority to consent to a law enforcement search. Some use examples of warning banners: Access to this system and network is restricted. Use of this system and network is for official business only. Systems and networks are subject to monitoring at any time by the owner. Using this system implies consent to monitoring by the owner. Unauthorized or illegal users of this system or network will be subject to discipline or prosecution.

Qualities of Classless Routing Protocols

Which statements are true about the qualities of classless routing protocols? (Choose all that apply)

  1. The use of discontiguous networks is not allowed.
  2. The use of variable length subnet masks is permitted.
  3. RIPv1 is a classless routing protocol.
  4. IGRP supports classless routing within the same autonomous system.
  5. RIPv2 supports classless routing.

Answer: The correct answer is 2 and 5.

Breakdown: Classful routing means that all hosts in the internetwork use the same mask. Conversely, classless routing means that you can use Variable Length Subnet Masks (VLSM) and discontiguous networking is supported.

Reinitialize a Cisco Router

What command do you use to reinitialize a Cisco router and replace the current running-config with the current startup-config?

  1. replace run start
  2. copy run start
  3. copy start run
  4. reload

Answer: The correct answer is 4.

Breakdown: In order to completely replace the running-config with the startup-config, you must reload the router by issuing the reload command. The copy start run command sequence doesn’t replace the configuration, but instead, appends to it.

Remote Assistance Utility

True or false? By default, any user can offer assistance to another user by using the Remote Assistance utility.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: Remote Assistance provides a way for a user to ask someone at another computer for help with a computer problem. You must first be invited by the remote user via an invitation email, which contains a password to grant access to the remote session.

Remote Desktop Basics

True or false? To make a Remote Desktop connection you must have user credentials on the remote system.

  1. True
  2. False

Answer: The correct answer is 1.

Breakdown: Remote Desktop allows you to access any program or folder, the Control Panel, network configuration tools, and just about any other feature on the remote computer. To use Remote Desktop, you must have a valid user name and password for the host computer.

Resource Location

A peer-to-peer network requires that all connected computers be running the same OS in order to share resources?

  1. True
  2. False

Answer:

  1. False Though it’s much easier to set up and configure peer-to-peer resource sharing between computers running the same OS, it is possible to install software to enable sharing between computers running different types of operating systems such as Windows and Mac.

RFC vs. ISO Standards

True or false? A standard of business management is an RFC standard rather than an ISO standard.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: While the RFC deals with the Internet specifically, the International Organization for Standardization (ISO) is designed to help create a series of standards that government and industries (business) can adhere to in order to have common guidelines for processes and operations on the international level.

RIP Routing Updates

Two connected routers are configured with RIP routing. What will be the result when a router receives a routing update that contains a higher-cost path to a network already in its routing table?

  1. The updated information will be added to the existing routing table.
  2. The update will be ignored and no further action will occur.
  3. The updated information will replace the existing routing table entry.
  4. The existing routing table entry will be deleted from the routing table and all routes will exchange routing updates to reach convergence.

Answer: The correct answer is 2.

Breakdown: When a routing update is received by a router, the router first checks the administrative distance (AD) and will always choose the route with the lowest AD. In the case of two routes received with the same AD, then the router will choose the route with the lowest metrics — or in the case of RIP — hop count.

RIP Routing Updates

Which command displays RIP routing updates?

  1. show ip route
  2. debug ip rip
  3. show protocols
  4. debug ip route

Answer: The correct answer is 2.

Breakdown: The debug ip rip command is used to show the IP Routing Information Protocol (RIP) updates being sent and received on the router.

RIPv2 Methods to Prevent Routing Loops

Which are RIPv2 methods used to prevent routing loops? (Choose all that apply)

  1. CIDR
  2. Split horizon
  3. Authentication
  4. Classless masking
  5. Holddown timers

Answer: The correct answer is 2 and 5.

Breakdown: RIPv2 uses the same timers and loop-avoidance methods as RIPv1. Split horizon is used to prevent an update from being sent out the same interface it was received on. Holddown timers allow time for a network to become stable in the case of WAN links going up and down (“flapping”).

Risk Management – The Security Risk Implications of Business Decisions

We will take a deep look at the security risk implications of some of the more commonly made business decisions that organizations face. It is important to be able to analyze the scenarios to determine all possible risk possibilities and plan to mitigate them.

Every organization has confidential information and resources to accomplish their business activities. Sensitive information and resources are hot targets and vulnerable to both internal and external threats. Every organization makes critical business decisions that have an integral role in the viability and growth of the organization. It is crucial to determine and understand present risks associated with those decisions in order to preserve sustainability. Risk management of new products, new technologies, and user behaviors The hazards of implementing new products, technologies and user behaviors, if poorly managed can exceed the business benefits. New technology and products commercialization methods hold vital significance in the present competitive corporate world. They open up new opportunities, produce market leaders, and foster growth and fortitude to face the onslaught of competition. New or changing business models/strategies A business model exhibits the rationale of how an organization creates, delivers, and captures value (economic, social, or other forms of value). Business model development is inherent to business strategy. In theory and as demonstrated in employment, the term business model is used for a wide range of informal and formal descriptions to reflect core elements of a business, including purpose, offerings, strategies, infrastructure, organizational structures, trading practices, and operational processes and policies. Thus it offers a comprehensive picture of an organization from a high-level perspective. Once a business is formed, it either explicitly or implicitly applies… click below for more

Answer: …a specific business model that outlines the architecture of the value creation, delivery, and active mechanisms employed by the business enterprise. The fundamental purpose of a business model is that it specifies the manner and method by which the business enterprise delivers value to customers, attracts customers to pay for value, and turns those payments into profit. The business model also represents management’s idea about what the customer wants, how they want it, and how that business can best perform to meet those needs, get paid for doing so, and turn a profit. The business models and strategies follow the various business requirements. These requirements can be partnership, outsourcing, or merging. Partnerships A partnership is a for-profit business association of two or more members. Because the business aspect is broadly defined by state laws, and because “members” or persons can include individuals, groups of individuals, companies, and corporations, partnerships are very fluid in form and vary in complexity. Each partner shares in the organization’s profits and shares control of the business operation. The terms of this profit sharing is that partners are jointly and independently liable for the partnership’s debts. Internal and external influences Various internal factors impact business decisions such as, demographics, lifestyle, personality, motivation, knowledge, attitudes, beliefs, and feelings. Business and consumer habits are also affected by culture, subculture, locality, royalty, ethnicity, family, social class, past experience reference groups, lifestyle, market mix factors. Psychological factors include an individual’s attitudes, preferences and beliefs, while personal factors include economic status, personality, age, profession and lifestyle. Audit findings Audit findings are a useful tool with implementing improvements within a quality management system. Findings and nonconformity statements aren’t always clearly communicated or provide enhancements to an organization. The Effective Audit Findings is specialized to mitigate incomplete findings, as well as those that fail to support the intent of the process. An effective audit assists the organization with how it obtains and analyzes findings from second- and third party auditors with the long-term goal of quality management system improvement. Compliance Compliance is defined as dutifulness, obligingness, pliability, tolerance, and tractability. Compliance requires an organization to manage internal regulations, as well as comply with the laws of the country and requirements of laws at the local level. This may result in conflicts. Client requirements Requirements analysis for the ongoing business viability entails tasks that evaluate the needs or conditions to meet for a new or modified product, finding any conflicting requirements of the various stakeholders, such as beneficiaries or users. This is an early phase of what’s known as requirements engineering which include all functions concerned with eliciting, analyzing, documenting, validating, and managing software or system requirements. Business analysts may attempt to make requirements fit within an existing system or model, rather than starting from scratch and develop a system that reflects the needs of the client. Analysis may be performed by engineers or programmers rather than personnel who have interpersonal knowledge of a client’s needs.

RJ45 UTP Cable Console Port Connection

What type of RJ45 UTP cable do you use to connect a PC’s COM port to a router or switch console port?

  1. Straight-through
  2. Crossover cable
  3. Crossover with a CSU/DSU
  4. Rolled

Answer: The correct answer is 4.

Breakdown: An RJ45 UTP rolled cable is used to connect a PC to a router or switch console port in order to configure it.

RJ45 UTP Cable Used Between Switches

What is the type of RJ45 UTP cable used between switches?

  1. Straight-through
  2. Crossover cable
  3. Crossover with a CSU/DSU
  4. Crossover with a router in between the two switches

Answer: The correct answer is 2.

Breakdown: A crossover cable is typically used to connect two similar devices.

Router Command Entry Mistakes

You type the following command into a router and receive the following output: Router#show serial 0/0 ^ % Invalid input detected at ‘^’ marker. Can you identify the router command entry mistake that produced this error?

  1. You need to be in privileged mode.
  2. You cannot have a space between serial and 0/0.
  3. The router does not have serial0/0 interface.
  4. Part of the command is missing.

Answer: The correct answer is 4.

Breakdown: You can view the interface statistics from users mode, but part of the command is missing. The correct form is show interfaces serial 0/0.

Router Command to Show Available Memory

You want to upgrade the IOS of a router without removing the image currently installed. What Cisco router command is used to show the amount of memory consumed by the current IOS image and indicates whether there is available memory to hold both the current and new images?

  1. show version
  2. show flash
  3. show memory
  4. show buffers
  5. show running-config

Answer: The correct answer is 2.

Breakdown: The show flash command will display the current IOS name and size and the size of flash memory. From this information you can then decide if there is sufficient space in flash to hold both configuration images.

Router Configuration Command

Which router configuration command must be in effect to allow the use of 8 subnets if the Class C subnet mask is 255.255.255.224?

  1. Router(config)#ip classless
  2. Router(config)#ip version 6
  3. Router(config)#no ip classful
  4. Router(config)#ip unnumbered
  5. Router(config)#ip subnet-zero
  6. Router(config)#ip all-nets

Answer: The correct answer is 5.

Breakdown: A Class C subnet mask of 255.255.255.224 provides 8 subnets (2^3) and 30 hosts (2^5-2). However, if the command “ip subnet-zero” is not used, then only 6 subnets would be available for use.

Router Copy Flash TFTP Command

With a laptop connected directly into a router’s Ethernet port, which of the following are among the requirements in order for the router copy flash tftp command to be successful? (Choose all that apply)

  1. TFTP server software must be running on the router.
  2. TFTP server software must be running on the laptop.
  3. The Ethernet cable connecting the laptop directly into the router’s Ethernet port must be a crossover cable.
  4. The laptop must be on the same subnet as the router’s Ethernet interface.
  5. The copy flash tftp command must supply the IP address of the laptop.
  6. There must be enough room in the flash memory of the router to accommodate the file to be copied.

Answer: The correct answer is 2, 3 and 5.

Breakdown: In order to back up an IOS image to a laptop directly connected to a router’s Ethernet port using the copy flash tftp command, you must make certain of the following: TFTP server software is running on the laptop. The Ethernet cable is a crossover cable. The laptop is in the same subnet as the router’s Ethernet port

Router Debug Command Over Telnet

You telnet into a remote device and type debug ip rip, but no output from the debug command is seen. What could be the problem with the router debug command over telnet?

  1. You must type the show ip rip command first.
  2. IP addressing on the network is incorrect.
  3. You must use the terminal monitor command.
  4. Debug output is sent only to the console.

Answer: The correct answer is 3.

Breakdown: In order to see console messages through a Telnet session, you must enter the terminal monitor command.

Router IP Route Command

Which of the following statements are true about the command ip route 172.16.4.0 255.255.255.0 192.168.4.2? (Choose all that apply)

  1. The command is used to establish a static route.
  2. The default administrative distance is used.
  3. The command is used to configure the default route.
  4. The subnet mask for the source address is 255.255.255.0.
  5. The command is used to establish a stub network.

Answer: The correct answer is 1 and 2.

Breakdown: The mask provided is the mask used on the remote network — not the source network and since there is no number at the end of the static route, the default administrative distance of 1 is used.

Router Line Protocol is Down

What layer of the OSI model would you assume the problem is in if you type show interface serial 1 and receive the following message? Serial1 is down, line protocol is down

  1. Physical layer
  2. Data Link layer
  3. Network layer
  4. None, it is a router problem.

Answer: The correct answer is 1.

Breakdown: If you see that a serial interface and the protocol are both down, then you have a Physical layer problem. On the other hand, if you see serial1 is up, line protocol is down, then you are not receiving keepalives from the remote end, which indicates a Data Link layer problem.

Router Show Command

Which form of the router show command displays the configurable parameters and statistics of all interfaces on a router?

  1. show running-config
  2. show startup-config
  3. show interfaces
  4. show versions

Answer: The correct answer is 3.

Breakdown: The show interfaces command allows you to view the configurable parameters along with getting statistics for the interfaces on the router, verifying if the interfaces are shut down, and seeing the IP address of each interface.

Router Show Interface Serial Command

What is the problem with an interface if you type the router show interface serial 0 command and receive the following message? Serial0 is administratively down, line protocol is down

  1. The keepalives are different times.
  2. The administrator has the interface shut down.
  3. The administrator is pinging from the interface.
  4. No cable is attached.

Answer: The correct answer is 2.

Breakdown: If an interface is shut down, the show interface command will show the interface is administratively shut down.

Save Router Configuration to NVRAM

What command do you use to save the router configuration to NVRAM from RAM?

  1. Router(config)#copy current to starting
  2. Router#copy starting to running
  3. Router(config)#copy running-config startup-config
  4. Router#copy run startup

Answer: The correct answer is 4.

Breakdown: To copy the running-config to NVRAM so that it will be retained across a restart, you type the copy running-config startup-config command. The best answer, however, is to use the command shortcut: copy run start which involves much less typing.

Security Best Practices for Mobile Devices

Which is NOT one of the security best practices for mobile devices?

  1. Screen lock
  2. Device encryption
  3. Logging phone calls
  4. Strong password

Answer: The correct answer is 3.

Breakdown: Lost or stolen mobile devices pose a tremendous risk to organizations. Employing some key security best practices for mobile devices can help to minimize these risks: Enable screen lock Require a strong password Require remote wipe/sanitization Configure device encryption

Security Conferences and Conventions

True or false? There are not many conferences or conventions in the security field.

  1. True
  2. False

Answer: The correct answer is 2.

Breakdown: There is a well of information in face-to-face communication in the security community. Nearly every week there are conferences across the globe varying in size from a few dozen people to some reaching thousands of people. Each of these conferences has their own focuses and can be incredibly valuable for a CASP.

Security News Sources

What information source has the highest trustworthiness, but the lowest amount of output?

  1. Blogs
  2. Podcasts
  3. Social news
  4. News sites

Answer: The correct answer is 1.

Breakdown: Blogs in the security field are often personal projects created by industry professionals. They are typically well-researched, but as such, it takes longer to produce content making updates less frequent than that of news sites or on social media channels such as Twitter and Facebook.

Services That Use TCP

Which of the following are services that use TCP? (Choose all that apply)

  1. DHCP
  2. SMTP
  3. SNMP
  4. FTP
  5. HTTP
  6. TFTP

Answer: The correct answer is 2, 5 and 5.

Breakdown: SMTP, FTP, and HTTP are services that use TCP. Unlike TFTP, for example, which utilizes UDP.

Set Router Message

Which command would you use to set a router message that administrators would see upon logging in to the router?

  1. message banner motd
  2. banner message motd
  3. banner motd
  4. message motd

Answer: The correct answer is 3.

Breakdown: The typical banner message is a “message of the day” (motd) and is set by issuing the banner motd command from within the global configuration mode.

Set Secret Password to Cisco

Which of the following commands would you use to set the secret password to Cisco?

  1. enable secret password Cisco
  2. enable secret cisco
  3. enable secret Cisco
  4. enable password Cisco

Answer: The correct answer is 3.

Breakdown: The enable secret password command, issued from global configuration mode, will set the router’s secret password to “Cisco.” Note: the command is case sensitive!

Show Router Password

You’ve set the console password, but when you display the configuration, the password doesn’t show up, instead the output looks like this: [output cut] Line console 0 Exec-timeout 1 44 Password 7098C0BQR Login [output cut] What caused the password to be stored like this?

  1. encrypt password
  2. service password-encryption
  3. service-password-encryption
  4. exec-timeout 1 44

Answer: The correct answer is 2.

Breakdown: The command service password-encryption issued from global configuration mode will encrypt passwords.

S/MIME (Secure/Multipurpose Internet Mail Extensions)

What is S/MIME (Secure/Multipurpose Internet Mail Extensions)?

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a criteria for public key encryption and…

Answer: …signing of email encapsulated in MIME. S/MIME offers these cryptographic security services for electronic messaging applications: authentication, message integrity, nonrepudiation of origin (using digital signatures), privacy, and data security (using encryption).

Subnetwork Block Size

What is the subnetwork number of a host with an IP address of 172.16.66.0/21?

  1. 172.16.36.0
  2. 172.16.48.0
  3. 172.16.64.0
  4. 172.16.0.0

Answer: The correct answer is 3.

Breakdown: The block size for this mask is 8, therefore, the subnetworks are 0, 8, 16, 24, 32, 64, etc. The host with IP address of 172.16.66.0 is in the 64.0 subnet.

Terminate Router Setup Mode

What keystroke will terminate router setup mode?

  1. Ctrl+Z
  2. Ctrl+^
  3. Ctrl+C
  4. Ctrl+Shift+^

Answer: The correct answer is 3.

Breakdown: You can exit setup mode at any time by issuing the key combination: Ctrl+C. This one is easy to remember since the same keystroke combination is used to exit most commands in the Windows command console.

Test IP Stack on Local Host

To test the IP stack on your local host, which IP address would you ping?

  1. 127.0.0.0
  2. 1.0.0.127
  3. 127.0.0.1
  4. 127.0.0.255
  5. 255.255.255.255

Answer: The correct answer is 3.

Breakdown: In order to test the local IP stack on a local host, you would ping the loopback interface at 127.0.0.1.

The Data Mining Process

Data mining is the process of analyzing data to identify and interpret patterns and relationships about the data. The end-result of data mining is metadata, or data about data. The patterns gleaned from the data can help organizations get a clearer perspective on their competitors and understand behavior and patterns of their customers to carry out strategic marketing. Information acquired from the metadata should…

Answer: …be returned for inclusion into the data warehouse to be available for future queries and metadata analyses. The data mining technique is useful in security situations to monitor anomalies or determine whether there are aggregation or inference problems and for analyzing audit information.

The Difference Between Security Policy and Privacy Policy

How does a security policy differ from a privacy policy?

Security policy is a detailed description of what it means to be secure for a system, organization or other entity. For an organization, it deals with the parameters of behavior of its members as well as restrictions imposed on adversaries or unauthorized persons by mechanisms such as doors, locks, keys, and walls. For systems, the security policy specifically deals with…

Answer: …restrictions on functions and flow among them, restrictions on access by external systems and persons including programs and access to data by people. Privacy policy is an official statement or legal document (privacy law) that conveys some or all methods a party gathers, uses, discloses, and manages a customer or client’s data. Personal information is anything that can be used to identify an individual, including: name, address, date of birth, marital status, contact information, ID issue and expiry date, financial records, credit information, medical history.

The Five Phases of Systems Development Life Cycle

Describe the five phases in a generic System Development Life Cycle, which include:

  1. Initiation
  2. Development/acquisition
  3. Implementation
  4. Operation/maintenance
  5. Disposal

The characteristics of each of these phases are itemized as follows: Phase 1: Phase 1 of the SDLC is known as initiation. In this phase, the need for an IT system is expressed and the purpose and scope of the IT system is documented. Phase 2: Phase 2 of the SDLC is known as development or acquisition. In this phase, the IT system is designed, purchased, and programmed. click for more

Answer: Phase 3: Phase 3 of the SDLC is known as implementation. This phase involves the system security features. The system security features should be configured, enabled, tested, and verified. Phase 4: Phase 4 of the SDLC is known as operation or maintenance. This phase describes that the system should be modified on a regular basis through the addition of hardware and software. Phase 5: Phase 5 of the SDLC is known as disposal. This phase involves disposition of information, hardware, and software.

The Importance of Understanding Results of Security Solutions in Advance

Why is it important to understand the results of security solutions prior to implementation?

Information system security processes and activities offer important input on maintaining IT systems and their development, enabling risk identification, planning, and mitigation. Security solutions are proposed continually…

Answer: …balance the safeguarding of agency information and assets with the cost of security controls and adjustment strategies throughout the complete information system development life cycle. The most proactive approach to implementing security activities is to define results of security solutions in advance. Comprehension of these security solutions early on is vital to assets and operations and their relationship to each other. This can be achieved through the system security planning process. It also aids an organization in managing security effectively by establishing priorities. Security administrators are able to facilitate the IT program’s cost-effective performance as well as convey its business impact and value to the organization.

The Role of Incident Response and its Relation to Incident Handling and Management

What is incident response, how does it relate to incident handling and incident management.

Incident response is a process that discovers a problem, finds its cause, minimizes the damages, corrects the problem, and documents each step of response for future reference. One of the main objectives of incident response is to “freeze the scene”. There’s an interconnection between incident response, incident handling, and incident management. The key goal of incident handling is to…

Answer: …contain and fix any damage caused by an event and to suspend any further damage. Incident management administers the overall process of an incident by officially declaring the incident and preparing documentation and post-mortem assessments after the incident has occurred.

Troubleshooting Blank Router Configuration

You save the configuration on a router with the copy running-config startup-config command and then reboot the router. The router, however, comes up with a blank configuration. What is the possible problem when troubleshooting a blank router configuration?

  1. You didn’t boot the router with the correct command.
  2. NVRAM is corrupted.
  3. The configuration register setting is incorrect.
  4. The newly upgraded IOS is not compatible with the hardware of the router.
  5. The configuration you saved is not compatible with the hardware.

Answer: The correct answer is 3.

Breakdown: If you save a configuration and reload the router and it comes up either in setup mode or with a blank configuration, then chances are you have an incorrect configuration register setting.

Troubleshooting Router Connectivity Problems

You are troubleshooting a router connectivity problem on your corporate network and want to isolate the cause. You suspect that a router on the route to an unreachable network is at fault. What IOS user exec command should you use?

  1. Router>ping
  2. Router>trace
  3. Router>show ip route
  4. Router>show interface
  5. Router>show cdp neighbors

Answer: The correct answer is 2.

Breakdown: The command traceroute (trace for short) issued from either user or privileged mode, is used to find the path a packet takes through an internetwork and will also show where the packet stops because of a router error.