Q1
Which of the following is a common environmental reconnaissance task that is performed to
help gain insight on how an organization's networked systems are connected, or mapping the
network?
Answer: Topology Discovery
Q2
If an unexpected issue occurred during an application installation on a Windows system, which
of the following event log categories would be best to reference for troubleshooting?
Answer: Not System or Security. Maybe Setup
Q3
The federal version of certification and accreditation guidance that applies to departments and
agencies within the Department of Defense is:
Answer: DIACAP
Q4
Which security mechanism can social engineering help bypass?
Answer: Intrusion Detection Systems Firewalls Domain Security Policies (No) All of the
Above None of the Above
Q5
Which type of intrusion detection may terminate processes or redirect traffic upon detection of
a possible intrusion?
Answer: Active
Q6
Which of the following is a potential consequence of not limiting or protecting communications
during an incident?
Answer: All of the Above (Customer confidence may be negatively impacted,
Competitors may recognize weakness or advantage, Media may include information
not intended for release)
, Q7
Which one of the following can be managed through group policies (GPO)?
Answer: All the Above (Authentication settings, Software installation and update,
IPsec connections)
Q8
What is used to record the order in which evidence was handled, by whom, and the nature of
the evidence handling?
Answer: Chain of custody
Q9
The procedure of developing controls as vulnerabilities are discovered to keep them from being
exploited is known as:
Answer: Change Control Management Compensating Control Development
Vulnerability Control Patch Remediation Control Development (No)
Q10
Which of the following are Windows event severity levels:
Answer: error, warning, information
Q11
Which of the following intrusion detection systems uses statistical analysis to detect intrusions?
Answer: Anomaly
Q12
Which one of the following is a use for Network Flow Data?
Answer: All of the Above (Attack identification and attribution such as DoS detection,
Traffic engineering such as a host analysis, Accounting to cross verify other sources)
Q13
Which of the following is an attacker most likely to use to attempt to view packets containing
data in clear text?
Answer: Wireshark