Encryption protects confidentiality, hashing enforces data integrity, and message authentication code renders authenticity of data origin. Which of the following is the best candidate that implies all the three security properties are fulfilled?
A. AES
B. HMAC
C. CBC-MAC
D. Digital Signature Standard (DSS)
Your organization implemented an intrusion detection system (IDS) with passive sensors that receive traffic from switch hubs through spanning ports. However, it cannot analyze the activity within encrypted network communications. Which of the following is the most effective solution?
A. Install IDS agents on endpoints.
B. Install an IDS load balancer to distribute traffic.
C. Install an inline IDS sensor in front of the firewall.
D. Install an IDS sensor tapped to the firewall internal interface.
You are evaluating solutions to protect data at rest. Which of the following is correct?
A. Full Disk Encryption (FDE) is a software solution that protects data at rest.
B. A Self-Encrypting Drive (SED) doesn’t rely on the CPU and has no degradation in performance.
C. The Data Encryption Key (DEK) of a SED should be stored on and protected by a trusted platform module (TPM).
D. A TPM is a built-in component on a SED to speed up cryptographic operations and protect keys.
Which of the following authentication protocols is least likely to be used to establish a point-to-point connection?
A. EAP-MD5
B. Password Authentication Protocol (PAP)
C. Extensible Authentication Protocol (EAP)
D. Challenge-Handshake Authentication Protocol (CHAP)
An information system is categorized as a high-impact level system. Which of the following actions should be taken next?
A. Develop the business case
B. Implement security controls
C. Determine the scope of safeguards
D. Apply emergent patches to fix high-priority vulnerabilities.
The 802.11i (WPA2) WLAN security standard was approved in June 2004, which fixes WEP and WPA flaws. Which of the following is not correct about 802.11i?
A. A block cipher with counter mode replaces the stream cipher.
B. The cryptographic key can be cached to enable fast and secure roaming.
C. Hash-based message authentication code is added to enforce frame authenticity.
D. 802.1X is used for authentication relying on Extensible Authentication Protocol (EAP).
The Extensible Authentication Protocol (EAP) is not a wire protocol; instead, it only defines message formats and typically runs directly over data link layers. Which of the following protocols is not used to encapsulate EAP messages?
A. PPP (Point-to-Point Protocol)
B. PEAP (Protected Extensible Authentication Protocol)
C. LEAP (Lightweight Extensible Authentication Protocol)
D. EAPoL (EAP over LAN)
The head of the customer service department reports that the workload of customer requests for resetting passwords overwhelms customer service representatives (CSRs) and suggests the system in question, supported by a Linux shadow file, shall allow customers to retrieve their passwords through email or short message notification. Which of the following is the best solution that meets the requirement?
A. MD5
B. Blowfish
C. SHA-256
D. Multi-factor authentication (MFA)
As a CISO, which of the following should you consider first?
A. Develop information security policies
B. Conduct business continuous planning
C. Formulate information security strategy
D. Implement information security programs
After vulnerability assessment, you are moving on to exploit an E-Commerce website’s prioritized vulnerabilities in a well-planned penetration testing project. As a penetration tester, which of the following risk should you consider foremost for the customer’s sake?
A. Failure of the target
B. Lack of the get-out-of-jail-free card
C. Detailed documentation of the exploitation
D. Objectivity of the evaluation of exploitation endeavor