- (Topic 3)
What is the main reason the use of a stored biometric is vulnerable to an attack?

1. A. The digital representation of the biometric might not be unique, even if the physical characteristic is unique.
2. B. Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.
3. C. A stored biometric is no longer "something you are" and instead becomes "something you have".
4. D. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Correct Answer: D

- (Topic 7)
Which definition among those given below best describes a covert channel?

1. A. A server program using a port that is not well known.
2. B. Making use of a protocol in a way it is not intended to be used.
3. C. It is the multiplexing taking place on a communication link.
4. D. It is one of the weak channels used by WEP which makes it insecure.

Correct Answer: B
A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information.

- (Topic 4)
The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

1. A. Investigate based on the maintenance schedule of the affected systems.
2. B. Investigate based on the service level agreements of the systems.
3. C. Investigate based on the potential effect of the incident.
4. D. Investigate based on the order that the alerts arrived in.

Correct Answer: C

- (Topic 8)
What type of attack changes its signature and/or payload to avoid detection by antivirus programs?

1. A. Polymorphic
2. B. Rootkit
3. C. Boot sector
4. D. File infecting

Correct Answer: A
In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.

- (Topic 1)
How do you defend against DHCP Starvation attack?

1. A. Enable ARP-Block on the switch
2. B. Enable DHCP snooping on the switch
3. C. Configure DHCP-BLOCK to 1 on the switch
4. D. Install DHCP filters on the switch to block this attack

Correct Answer: B