The following scenario will be used for questions 29 and 30. John is a network administrator and has been told by one of his network staff members that two servers on the network have recently had suspicious traffic traveling to them and then from them in a sporadic manner. The traffic has been mainly ICMP, but the patterns were unusual compared to other servers over the last 30 days. John lists the directories and subdirectories on the systems and finds nothing unusual. He inspects the running processes and again finds nothing suspicious. He sees that the systems’ NICs are not in promiscuous mode, so he is assured that sniffers have not been planted.

The requirement of erasure is the end of the media life cycle if it contains sensitive information. Which of the following best describes purging? Changing the polarization of the atoms on the media. It is unacceptable when media are to be reused in the same physical environment for the same purposes. Data formerly on the media is made unrecoverable by overwriting it with a pattern. Information is made unrecoverable, even with extraordinary effort.

RAID systems use a number of techniques to provide redundancy and performance. Which of the following activities divides and writes data over several drives? Parity Mirroring Striping Hot-swapping

What is the difference between hierarchical storage management and storage area network technologies? HSM uses optical or tape jukeboxes, and SAN is a standard of how to develop and implement this technology. HSM and SAN are one and the same. The difference is in the implementation. HSM uses optical or tape jukeboxes, and SAN is a network of connected storage. SAN uses optical or tape jukeboxes, and HSM is a network of connected storage systems.

John and his team are conducting a penetration test of a client’s network. The team will conduct its testing armed only with knowledge it acquired from the Web. The network staff is aware that the testing will take place, but the penetration testing team will only work with publicly available data and some information from the client. What is the degree of the team’s knowledge and what type of test is the team carrying out? Full knowledge; blind test Partial knowledge; blind test Partial knowledge; double-blind test Zero knowledge; targeted test

Bob is a new security administrator at a financial institution. The organization has experienced some suspicious activity on one of the critical servers that contain customer data. When reviewing how the systems are administered, he uncovers some concerning issues pertaining to remote administration. Which of the following should not be put into place to reduce these concerns? i. Commands and data should not be sent in cleartext. ii. SSH should be used, not Telnet. iii. Truly critical systems should be administered locally instead of remotely. iv. Only a small number of administrators should be able to carry out remote functionality. v. Strong authentication should be in place for any administration activities. i, ii None of them ii, iv All of them

In a redundant array of inexpensive disks (RAID) systems, data and parity information are striped over several different disks. What is parity information used for? [*] Information used to create new data Information used to erase data Information used to rebuild data Information used to build data

Guidelines should be followed to allow secure remote administration. Which of the following is not one of those guidelines? A small number of administrators should be allowed to carry out remote functionality. Critical systems should be administered locally instead of remotely. Strong authentication should be in place. Telnet should be used to send commands and data.

The relay agent on a mail server plays a role in spam prevention. Which of the following incorrectly describes mail relays? Antispam features on mail servers are actually antirelaying features. Relays should be configured “wide open“ to receive any e-mail message. Relay agents are used to send messages from one mail server to another. If a relay is configured “wide open,“ the mail server can be used to send spam.

A change management process should include a number of procedures. Which of the following incorrectly describes a characteristic or component of a change control policy? Changes that are unanimously approved by the change control committee must be tested to uncover any unforeseen results. Changes approved by the change control committee should be entered into a change log. A schedule that outlines the projected phases of the change should be developed. An individual or group should be responsible for approving proposed changes.

Device backup and other availability solutions are chosen to balance the value of having information available against the cost of keeping that information available. Which of the following best describes fault-tolerant technologies? They are among the most expensive solutions and are usually only for the most mission-critical information. They help service providers identify appropriate availability services for the specific customer. They are required to maintain integrity, regardless of the other technologies in place. They allow a failed component to be replaced while the system continues to run.

Various levels of RAID dictate the type of activity that will take place within the RAID system. Which level is associated with byte-level parity? RAID Level 0 RAID Level 3 RAID Level 5 RAID Level 10

Which of the following incorrectly describes IP spoofing and session hijacking? Address spoofing helps an attacker to hijack sessions between two users without being noticed. IP spoofing makes it harder to track down an attacker. Session hijacking can be prevented with mutual authentication. IP spoofing is used to hijack SSL and IPSec secure communications.

What type of exploited vulnerability allows more input than the program has allocated space to store it? Symbolic links File descriptors Kernel flaws Buffer overflows

There are several different types of important architectures within backup technologies. Which architecture does the graphic that follows represent? [*] Clustering Grid computing Backup tier security Hierarchical Storage Management

Which of the following is not considered a countermeasure to port scanning and operating system fingerprinting? Allow access at the perimeter network to all internal ports Remove as many banners as possible within operating systems and applications Use TCP wrappers on vulnerable services that have to be available Disable unnecessary ports and services

______provides for availability and scalability. It groups physically different systems and combines them logically, which helps to provide immunity to faults and improves performance. Disc duping Clustering RAID Virtualization

Mirroring of drives is when data is written to two drives at once for redundancy purposes. What similar type of technology is shown in the graphic that follows? [*] Direct access storage Disk duplexing Striping Massive array of inactive disks

Brian, a security administrator, is responding to a virus infection. The antivirus application reports that a file has been infected with a dangerous virus and disinfecting it could damage the file. What course of action should Brian take? Replace the file with the file saved from the day before. Disinfect the file and contact the vendor. Restore an uninfected version of the patched file from backup media. Back up the data and disinfect the file.

John is responsible for providing a weekly report to his manager outlining the week’s security incidents and mitigation steps. What steps should he take if a report has no information? Send his manager an e-mail telling her so. Deliver last week’s report and make sure it’s clearly dated. Deliver a report that states “No output.“ Don’t do anything.

Brandy could not figure out how Sam gained unauthorized access to her system, since he has little computer experience. Which of the following is most likely the attack Sam used? Dictionary attack Shoulder surfing attack Covert channel attack Timing attack

Which of the following describes the most likely situation as described in this scenario?

Which of the following best explains why John does not see anything suspicious on the reported systems?