ITN260 FINAL EXAM QUESTIONS
WITH 100% CORRECT DETAILED
ANSWERS
Which of the following protocol can be used for secure routing and switching?
a. IPsec
b. HTTP
c. HTTPS
d. DNSSEC - Answer-a. IPsec
David is asked to test a new configuration on a virtual machine; if it does not work, it
should roll back to the older state. What should David do before testing the new
configurations so he can roll it back to the previous state if needed?
a. Enable "roll back" on the previous configuration before testing the new configuration
b. Take a screenshot of the virtual machine before testing the configuration
c. Take a snapshot of the virtual machine before loading the configuration
d. Use sandboxing in the virtual machine before testing the configuration - Answer-c.
Take a snapshot of the virtual machine before loading the configuration
Which of the following protocols can make accessing data using man-in-the-middle
attacks difficult while web browsing?
a. IPv6
b. SFTP
c. DNSSEC
d. HTTP - Answer-a. IPv6
Under which vulnerability can an attacker steal information from a user's phone using a
device to connect to the phone without physically touching it?
a. Device theft
b. Eavesdropping
c. Data theft
d. Man-in-the-middle - Answer-c. Data theft
Which of the following statements correctly defines jamming?
a. An attacker intentionally floods the RF spectrum with extraneous RF signal "noise"
that creates interference and prevents communications
b. An attacker circumvents the security protections in the company's network, accessing
the network behind the firewall
c. An attacker creates false deauthentication or diassociation management frames that
appear to come from another client device, causing the client to disconnect form the AP
,d. An attacker tries to mimic an authorized AP, so a user's mobile device such as a
laptop or tablet unknowingly connects to the evil twin instead - Answer-a. An attacker
intentionally floods the RF spectrum with extraneous RF signal "noise" that creates
interference and prevents communications
Which of the following protocols allows John to prevent unwanted network access,
provide security, and be configured to permit traffic only from specific addresses?
a. WPS
b. WEP
c. MAC
d. WPA - Answer-c. MAC
Which probe is designed exclusively to monitor the RF for transmissions and can only
monitor the airwaves?
a. Dedicated probe
b. Desktop probe
c. Wireless device probe
d. Access point probe - Answer-a. Dedicated probe
What type of APs can be managed by wireless LAN controllers (WLCs)?
a. Controller AP
b. Captive portal APs
c. Standalone APs
d. Fat AP - Answer-a. Controller AP
After a disaster disrupted your organization's functioning, you were assigned to
determine the sequence for reinstating systems. Which of the following documents
should you refer to when deciding the restoration order?
a. Single point of failure
b. Business impact analysis
c. Disaster recovery plan
d. COOP plan - Answer-c. Disaster recovery plan
"Keep passwords secure and do not share accounts. Authorized users are responsible
for the security of their passwords and accounts." "All computers and laptops should be
secured with a password-protected screensaver, setting the automatic activation feature
set at 10 minutes or less, or logging off when the host is unattended."
Which policy includes these directives?
a. Separation of duties
b. Acceptable use policy
c. Least privilege
d. Onboarding and offboarding - Answer-b. Acceptable use policy
Which of the following best describes an acceptable use policy?
a. A policy that defines the tasks associated with hiring a new employee
,b. A policy that defines the actions users may perform while accessing systems and
networking equipment
c. A policy that addresses assigning labels based on the use and importance of
information
d. A policy that allows only the minimum number of privileges necessary to perform a
job or function should be allocated - Answer-b. A policy that defines the actions users
may perform while accessing systems and networking equipment
which of the following documents provide alternative modes of operation for interrupted
business activities?
a. Disaster Recovery plan
b. Business impact analysis
c. Business continuity plan
d. Continous data protection - Answer-c. Business continuity plan
Which of the following policies restrict employees from being in a position to manipulate
security configurations by limiting the time they spend with control of those
configurations?
a. Job rotation
b. Mandatory vacation
c. Clean disk space
d. Separation of duties - Answer-a. Job rotation
You have been hired as a security administrator. While analyzing your organization's
personnel policies, you notice the presence of multiple orphaned accounts. How should
you handle this situation?
a. Change the domain group policy for password history
b. Change the 'accounts password ages
c. Change the domain group policy for password complexity
d. Change the account expiration settings - Answer-d. Change the account expiration
settings
Japan's cybercrime control center noticed that around 200,000 Tokyo computers are
infected by bots, and all these bots are remotely controlled by a single attacker. What is
this attacker referred to as?
a. Botnet
b. Zombie
c. Bot herder
d. Payload - Answer-c. Bot herder
Which of the following is a characteristic of a potentially unwanted program (PUP)?
a. A PUP pretends to perform natural activities while also performing malicious activities
b. A PUP interferes and obstructs the user with web browsing and pop-up windows
c. A PUP gives the threat agent remote access to the user's device using specially
configured communication protocols
, d. A PUP gives access to the computer, program, or a service, circumventing the
system's normal security protections - Answer-b. A PUP interferes and obstructs the
user with web browsing and pop-up windows
Which of the following describes a memory leak attack?
a. In a memory leak attack, the threat actor takes advantage of the programming error
of not freeing the memory after executing a process, taking advantage of the device's
low memory conditions to attack.
b. Memory leak attacks take advantage of the token generated and sent to the user's
browser by the website as part of the authentication.
c. A memory leak occurs when a process attempts to store data beyond a fixed-length
storage buffer's boundaries.
d. In a memory leak attack, an attacker changes the variable's value to something
outside the range the programmer had intended. - Answer-a. In a memory leak attack,
the threat actor takes advantage of the programming error of not freeing the memory
after executing a process, taking advantage of the device's low memory conditions to
attack
Ian, a systems administrator, was checking systems on Monday morning when he
noticed several alarms on his screen. He found many of the normal settings in his
computer and programs changed, but he was sure no one had physically entered his
room since Friday. If Ian did not make these changes, which of the events below is the
most likely reason for the anomalies?
a. The power went out over the weekend and caused the programs to move back to
their default settings.
b. A firewall scan that was run over the weekend shut down the computer and the
programs.
c. The security administrator ran a penetration test over the weekend and did not tell
anyone.
d. A backdoor was installed previously and utilized over the weekend to access the
computer and the programs - Answer-d. A backdoor was installed previously and
utilized over the weekend to access the computer and the programs
The files in James's computer were found spreading within the device without any
human action. As an engineer, you were requested to identify the problem and help
James resolve it. During file code inspection, you noticed that certain types of files in the
computer have similar codes.
You found that the problem is coming from a set of codes that are not part of the actual
files, appended at the bottom of the file. You also noticed a transfer control code written
at the beginning of the files giving control to the code at the bottom of the file.
Which type of infection is this a characteristic of?
a. This is a typical characteristic of an endpoint device infected with a file-based virus
attack
b. This is a typical characteristic of files infected by keystrokes in an endpoint.
c. This is a typical characteristic exhibited by files attacked by ransomware in the
device.
WITH 100% CORRECT DETAILED
ANSWERS
Which of the following protocol can be used for secure routing and switching?
a. IPsec
b. HTTP
c. HTTPS
d. DNSSEC - Answer-a. IPsec
David is asked to test a new configuration on a virtual machine; if it does not work, it
should roll back to the older state. What should David do before testing the new
configurations so he can roll it back to the previous state if needed?
a. Enable "roll back" on the previous configuration before testing the new configuration
b. Take a screenshot of the virtual machine before testing the configuration
c. Take a snapshot of the virtual machine before loading the configuration
d. Use sandboxing in the virtual machine before testing the configuration - Answer-c.
Take a snapshot of the virtual machine before loading the configuration
Which of the following protocols can make accessing data using man-in-the-middle
attacks difficult while web browsing?
a. IPv6
b. SFTP
c. DNSSEC
d. HTTP - Answer-a. IPv6
Under which vulnerability can an attacker steal information from a user's phone using a
device to connect to the phone without physically touching it?
a. Device theft
b. Eavesdropping
c. Data theft
d. Man-in-the-middle - Answer-c. Data theft
Which of the following statements correctly defines jamming?
a. An attacker intentionally floods the RF spectrum with extraneous RF signal "noise"
that creates interference and prevents communications
b. An attacker circumvents the security protections in the company's network, accessing
the network behind the firewall
c. An attacker creates false deauthentication or diassociation management frames that
appear to come from another client device, causing the client to disconnect form the AP
,d. An attacker tries to mimic an authorized AP, so a user's mobile device such as a
laptop or tablet unknowingly connects to the evil twin instead - Answer-a. An attacker
intentionally floods the RF spectrum with extraneous RF signal "noise" that creates
interference and prevents communications
Which of the following protocols allows John to prevent unwanted network access,
provide security, and be configured to permit traffic only from specific addresses?
a. WPS
b. WEP
c. MAC
d. WPA - Answer-c. MAC
Which probe is designed exclusively to monitor the RF for transmissions and can only
monitor the airwaves?
a. Dedicated probe
b. Desktop probe
c. Wireless device probe
d. Access point probe - Answer-a. Dedicated probe
What type of APs can be managed by wireless LAN controllers (WLCs)?
a. Controller AP
b. Captive portal APs
c. Standalone APs
d. Fat AP - Answer-a. Controller AP
After a disaster disrupted your organization's functioning, you were assigned to
determine the sequence for reinstating systems. Which of the following documents
should you refer to when deciding the restoration order?
a. Single point of failure
b. Business impact analysis
c. Disaster recovery plan
d. COOP plan - Answer-c. Disaster recovery plan
"Keep passwords secure and do not share accounts. Authorized users are responsible
for the security of their passwords and accounts." "All computers and laptops should be
secured with a password-protected screensaver, setting the automatic activation feature
set at 10 minutes or less, or logging off when the host is unattended."
Which policy includes these directives?
a. Separation of duties
b. Acceptable use policy
c. Least privilege
d. Onboarding and offboarding - Answer-b. Acceptable use policy
Which of the following best describes an acceptable use policy?
a. A policy that defines the tasks associated with hiring a new employee
,b. A policy that defines the actions users may perform while accessing systems and
networking equipment
c. A policy that addresses assigning labels based on the use and importance of
information
d. A policy that allows only the minimum number of privileges necessary to perform a
job or function should be allocated - Answer-b. A policy that defines the actions users
may perform while accessing systems and networking equipment
which of the following documents provide alternative modes of operation for interrupted
business activities?
a. Disaster Recovery plan
b. Business impact analysis
c. Business continuity plan
d. Continous data protection - Answer-c. Business continuity plan
Which of the following policies restrict employees from being in a position to manipulate
security configurations by limiting the time they spend with control of those
configurations?
a. Job rotation
b. Mandatory vacation
c. Clean disk space
d. Separation of duties - Answer-a. Job rotation
You have been hired as a security administrator. While analyzing your organization's
personnel policies, you notice the presence of multiple orphaned accounts. How should
you handle this situation?
a. Change the domain group policy for password history
b. Change the 'accounts password ages
c. Change the domain group policy for password complexity
d. Change the account expiration settings - Answer-d. Change the account expiration
settings
Japan's cybercrime control center noticed that around 200,000 Tokyo computers are
infected by bots, and all these bots are remotely controlled by a single attacker. What is
this attacker referred to as?
a. Botnet
b. Zombie
c. Bot herder
d. Payload - Answer-c. Bot herder
Which of the following is a characteristic of a potentially unwanted program (PUP)?
a. A PUP pretends to perform natural activities while also performing malicious activities
b. A PUP interferes and obstructs the user with web browsing and pop-up windows
c. A PUP gives the threat agent remote access to the user's device using specially
configured communication protocols
, d. A PUP gives access to the computer, program, or a service, circumventing the
system's normal security protections - Answer-b. A PUP interferes and obstructs the
user with web browsing and pop-up windows
Which of the following describes a memory leak attack?
a. In a memory leak attack, the threat actor takes advantage of the programming error
of not freeing the memory after executing a process, taking advantage of the device's
low memory conditions to attack.
b. Memory leak attacks take advantage of the token generated and sent to the user's
browser by the website as part of the authentication.
c. A memory leak occurs when a process attempts to store data beyond a fixed-length
storage buffer's boundaries.
d. In a memory leak attack, an attacker changes the variable's value to something
outside the range the programmer had intended. - Answer-a. In a memory leak attack,
the threat actor takes advantage of the programming error of not freeing the memory
after executing a process, taking advantage of the device's low memory conditions to
attack
Ian, a systems administrator, was checking systems on Monday morning when he
noticed several alarms on his screen. He found many of the normal settings in his
computer and programs changed, but he was sure no one had physically entered his
room since Friday. If Ian did not make these changes, which of the events below is the
most likely reason for the anomalies?
a. The power went out over the weekend and caused the programs to move back to
their default settings.
b. A firewall scan that was run over the weekend shut down the computer and the
programs.
c. The security administrator ran a penetration test over the weekend and did not tell
anyone.
d. A backdoor was installed previously and utilized over the weekend to access the
computer and the programs - Answer-d. A backdoor was installed previously and
utilized over the weekend to access the computer and the programs
The files in James's computer were found spreading within the device without any
human action. As an engineer, you were requested to identify the problem and help
James resolve it. During file code inspection, you noticed that certain types of files in the
computer have similar codes.
You found that the problem is coming from a set of codes that are not part of the actual
files, appended at the bottom of the file. You also noticed a transfer control code written
at the beginning of the files giving control to the code at the bottom of the file.
Which type of infection is this a characteristic of?
a. This is a typical characteristic of an endpoint device infected with a file-based virus
attack
b. This is a typical characteristic of files infected by keystrokes in an endpoint.
c. This is a typical characteristic exhibited by files attacked by ransomware in the
device.
