c178 plsgt
You are providing a report to management on the types of controls that your company uses for security. Match each access control type with the example that best fits with that type.
1) Technical - encryption protocols 2) Administrative - security policies 3) Physical - locks
Which of these requirements would indicate that you needed to install a router as opposed to a NIPS/NIDS? A) Anti-spoofing B) Inline vs. passive C) in-band vs. out-of-band D) Rules
A) Anti-spoofing #Antispoofing is a router function, where an application compares the incoming or outgoing IP address to an ACL. Other types of anti-spoofing perform similar functions on MAC addresses or switch ports. A NIDS or NIPS would not check IP address traffic for spoofing.
Your company has deployed an application that requires access to a user's Google account. What would OpenID Connect provide in this deployment? A) Authentication of the user's Google account B) Markup language C) None of these options D) Authorization to access the Google account
A) Authentication of the user's Google account #OpenID Connect provides the authentication necessary in OAuth 2.0. It authenticates the user and stores the user information in a secure token. A secure token contains the user information and authentication information used by OpenID. #OAuth is Open Authorization. The current standard, OAuth 2.0, grants an application limited access to a user's account on a third-party site, such as Facebook or Twitter. #OAuth could grant the application access to a friend's list or give the application the ability to post on the user's behalf.
You are building a public-access Wi-Fi system for a new hotel. You want to require the users to accept a fair use policy before connecting to the Internet. Which of the following should you implement? A) Captive portal B) 802.1x C) WPS D) RADIUS federation
A) Captive portal #Captive portals are associated with public-access Wi-Fi networks. Once you select the network, you are directed to a web page. There, you typically have to sign on and agree to a policy such as an acceptable use or fair use policy. Once your agreement is accepted, you can use the network. These portals are typically found in a public place, such as a hotel, coffee shop, or airport.
When connecting to a website using SSL/TLS, the client browser uses the root CA's public key to decrypt the digital signature of each certificate until finally verifying the identity associated with the website's certificate. Which term or phrase describes this PKI concept? A) Certificate chaining B) Key escrow C) Key pairing D) Certificate revocation
A) Certificate chaining #Certificate chaining refers to the trust relationships between CAs and helps determine which certificate has the highest level trust. For example, if you get a certificate from "A," and "A" trusts the root certificate, the highest level trust is the root certificate.
You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack. What should you do? (Choose all that apply.) A) Change the default Service Set Identifier (SSID). B) Disable SSID broadcast. C) Configure the network to use WPA or WPA2. D) Configure the network to use authenticated access only.
A) Change the default Service Set Identifier (SSID). B) Disable SSID broadcast. C) Configure the network to use WPA or WPA2. D) Configure the network to use authenticated access only. #Configure the network to use authenticated access only - This ensures that no unauthenticated connections can occur. #Configure the network to use WPA or WPA2 - WEP is easily broken. Wireless networks should use WPA or WPA2.
Which one of these is NOT characterized by identifying or exploiting a vulnerability when found? A) Discovering a false positive B) Identifying common misconfigurations C) Passively testing security controls D) Identifying a lack of security control
A) Discovering a false positive #A false positive can occur when a vulnerability is identified that, in reality, is not a vulnerability.
Which of the following protection methods applies to data in processing or in use? (Choose all that apply.) A) Hashing B) Backup management C) Access control D) Encryption E) Physical protection F) Fault tolerance
A) Hashing C) Access control D) Encryption #For securing data in use, enterprises often choose to encrypt the sensitive data prior to moving it or use encrypted connections to protect it. Access control methods can help secure the networks and routes used to transmit data against malware attacks or malicious intrusions. It is also important to hash sensitive and important data such as passwords to protect them from malicious actors and unwanted prying eyes. NOTE: Backup management, physical protection and fault tolerance are protected methods that apply to data at rest, when stored on archive systems.
The Cyber Kill Chain starts with reconnaissance of the target. You are the security manager for a company and are asked to present the concept of reconnaissance to the board of trustees. Which of the following aspects should you NOT present to the board? A) Implement defensive strategies to reduce the impact from information gained by reconnaissance techniques B) Proactively scan existing and new systems for the latest vulnerabilities and patches C) Implement deep packet inspection to detect and block malicious payloads D) Information from reconnaissance can be limited by implementing employee awareness training
A) Implement defensive strategies to reduce the impact from information gained by reconnaissance techniques #The purpose of the Cyber Kill Chain is to identify and stop advanced persistent threats (APTs) before data is exfiltrated. In penetration testing, the goal is to identify and exploit system vulnerabilities using an attacker mindset.
Your organization has recently adopted a new organizational security policy. As part of this new policy, management has decided to implement an iris scanner wanting access to the secure data center. Which procedure does this use to authenticate users? A) It takes a picture of the user's eye and compares the picture with pictures on file. B) It scans the user's handwriting and compares the handwriting with a sample on file. C) It scans the blood vessels in the user's eye and compares the pattern with patterns on file. D) It scans the shape of the user's face and compares the face scan with faces on file.
A) It takes a picture of the user's eye and compares the picture with pictures on file. #An iris scanner determines whether to authenticate a user by taking a picture of the iris of the user's eye and comparing the picture with iris pictures on file.
When implementing a security solution for mobile devices, which two common use cases are of primary concern? (Choose two.) A) Low latency B) Obfuscation C) Authentication D) Non-repudiation E) Lower power devices
A) Low latency E) Lower power devices #Lower power devices should use cryptographic techniques that require less time to encrypt and decrypt data. #Low latency is a concern with any cipher. Latency refers to the delay between the time the plain text is input, and the cipher text is generated. Supporting authentication is validating that the message originator is indeed who they say they are, and not an imposter. This is often implemented using digital certificates.
Management is concerned that applications have been developed using poor programming processes. Which of these issues may result from this? (Choose all that apply.) A) Pointer dereference B) Integer overflow C) Memory leak D) Buffer overflow
A) Pointer dereference B) Integer overflow C) Memory leak D) Buffer overflow #Memory leaks can be caused by a programmer failing to free up memory once the process using that memory has been completed. C and C++ are particularly prone to memory leaks. #A buffer overflow is an example of improper input handling being allowed by the application code, and the impact can include crashing the application.
Which research source can help in discovering new vulnerabilities and potential threats in existing Internet standards? A) RFCs B) STIX C) TTPs D) TAXII
A) RFCs #A Request for Comments (RFC) is a numbered document, which includes appraisals, descriptions, and definitions of online protocols, concepts, methods, and programs. RFCs are administered by the IETF (Internet Engineering Task Force). RFCs occur when a new technology is accepted as a web standard, which become useful when discovering new vulnerabilities and potential threats in existing internet standards.
Which social engineering attack can be conducted without any prior knowledge of the target's habits, job, or personal information? A) Reconnaissance B) Whaling C) Invoice scam D) Spear phishing
A) Reconnaissance #Reconnaissance does not require prior knowledge of the target. It helps the attacker gather information for a later attack. Remember that reconnaissance can mean visiting a target to observe security controls in person, but it also can refer to digital and remote intelligence gathering techniques.
When a large data breach occurs, which impact to the business is difficult to measure in monetary terms but influences how customers perceive the brand in the marketplace? A) Reputation loss B) Availability disruption C) Security awareness D) Identity theft
A) Reputation loss #Reputation loss is intangible damage to the organization that occurs due to a company suffering a data breach. NOTE: Availability disruption is not a term used when discussing security or breaches.
Your client is a small retailer that accepts orders via e-mail. The e-mail form submitted by a client's customer includes credit card information, and you demonstrate to the client how risky that is. As a result, the client adds secure credit card processing to their website, and no longer accepts e-mail orders. Which risk management concept does this represent? A) Risk avoidance B) Risk transference C) Risk mitigation D) Risk acceptance
A) Risk avoidance #Risk avoidance means identifying the risk, and then no longer engaging the activities associated with that risk. An example could be to no longer accept credit card information via e-mail.
You need to ensure that several confidential files are not changed. You decide to use an algorithm to create message digests for the confidential files. Which algorithm should you use? A) SHA-1 B) IDEA C) AES D) DES
A) SHA-1 #Secure hash algorithm (SHA)-1 is a hashing algorithm that creates a message digest, which can be used to determine whether a file has been changed since the message digest was created. An unchanged message should create the same message digest on multiple passes through a hashing algorithm. #AES, IDEA and DES are secret key encryption standards.
You have discovered that data was injected into your database, thereby causing security issues. Which injection attack most likely occurred? A) SQL injection B) command injection C) LDAP injection D) XML injection
A) SQL injection #A SQL injection affects a database. In this type of attack, the interface is expecting a user to enter data, but the interface is not properly designed to only allow a specific data type. A malicious user can enter SQL code.
As the lead for a software development team, you must establish secure development requirements. Which of the following best practices must be included for secure software development? (Choose all that apply.) A) Use only HTTP POST requests for sending web authentication credentials B) Session IDs should be included in the URL for web applications C) If a TLS connection fails, the connection should default back to standard HTTP D) Input sanitization should validate all characters against a whitelist E) Input validation should be performed only on the server-side to limit client buffer overflows
A) Use only HTTP POST requests for sending web authentication credentials D) Input sanitization should validate all characters against a whitelist #To do : input sanitization to validate all characters against a whitelist and using only HTTP POST requests for sending web authentication credentials. #Not to do: (for secure software development practices) Session IDs should not be included in the URL for web applications, as this will reduce the complexity in performing session hijacking attacks. You should not use standard HTTP over TLS, because the web traffic is no longer encrypted. NOTE: Input validation is for preventing an attacker at multiple layers from performing an injection attack. (Input validation should be performed on both client-side and server-side systems)
You need to restrict access to resources on your company's Windows Active Directory domain. Which criteria can be used to restrict access to resources? A) all of these choices B) location C) transaction type D) groups E) roles F) time of day
A) all of these choices #Regardless of the criteria used, access administration can be simplified by grouping objects and subjects. Access control lists (ACLs) can be used to assign users, groups, or roles access to a particular resource. If you implement time of day restrictions with ACLs, security is improved. #Groups are created to incorporate users that need the same access permissions into one common entity. When these users need access to a resource, the permission is granted to the entire group. Using groups simplifies access control administration.
Your company has deployed a firewall that includes two network interfaces. Which firewall architecture has been deployed? A) dual-homed firewall B) screened subnet C) bastion host D) screened host
A) dual-homed firewall #A dual-homed firewall has two network interfaces. One interface connects to the public network, usually the Internet. The other interface connects to the private network. The forwarding and routing function should be disabled on the firewall to ensure that network segregation occurs.
You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: -The VPN gateway should require the use of Internet Protocol Security (IPsec). -All remote users must use IPsec to connect to the VPN gateway. -No internal hosts should use IPsec. Which IPsec mode should you use? A) host-to-gateway B) gateway-to-gateway C) host-to-host D) This configuration is not possible.
A) host-to-gateway #You should deploy host-to-gateway IPSec mode. In this configuration, the VPN gateway requires the use of IPsec for all remote clients. The remote clients use IPsec to connect to the VPN gateway. IPsec is not used for any communication between the VPN gateway and the internal hosts on behalf of the remote clients. Only the traffic over the Internet uses IPsec. NOTE: Host-to-gateway and host-to-host VPNs are also referred to as remote access VPNs.
A user was a victim of an attack wherein the user was redirected to a fake website. Which type of attack occurred? A) hyperlink spoofing B) ICMP packet spoofing C) network address hijacking D) land attack
A) hyperlink spoofing #Hyperlink spoofing, which is also referred to as Web spoofing, is used by an attacker to persuade the Internet browser to connect to a fake server that appears as a valid session. The primary purpose of hyperlink spoofing is to gain access to confidential information, such as PIN numbers, credit card numbers, and bank details of users. This is also referred to as URL spoofing.
Which operation must you undertake to avoid mishandling of tapes, CDs, DVDs, and printed material? A) labeling B) zeroization C) degaussing D) offsite storage
A) labeling #Proper labeling is required to avoid mishandling of the information on storage media, such as tapes and DVDs. NOTE: Degaussing and Zeroization are not a media handling technique but a media sanitization technique.
You need to display the current protocol statistics and port connections for Windows and UNIX/Linux computers. Which command should you use? A) netstat B) nbtstat C) ping D) tracert
A) netstat #Netstat is a TCP/IP utility that you can use to determine the computer's inbound and outbound TCP/IP connections. It displays current connections and their listening ports.
Which types of computers are targeted by RedPill and Scooby Doo attacks? A) virtual machines B) Windows Server 2016 computers C) terminal servers D) Windows 10 clients
A) virtual machines #RedPill and Scooby Doo attacks target virtual machines. These attacks attempt to detect virtual servers and machines on a network. Once the virtual machines are identified, various techniques are used to attack the virtual machines to breach the host and eventually the network.
During a forensic investigation, you are asked to make a copy of the contents of a hard drive. You need to ensure that this evidence can be used in court if needed. Which statement is true of disk imaging in this investigation? A) A byte-level copy of the disk assists in the forensic investigation. B) A bit-level copy of the disk assists in the forensic investigation. C) The content of the memory should not be dumped. D) The original copy of the disk should be used.
B) A bit-level copy of the disk assists in the forensic investigation. #A bit-level copy of the original disk proves helpful in the forensic investigation. A bit-level copy of a hard disk refers to making a copy at the sector level to cover every part of the area that can store user data, such as slack space and free space. When creating a copy of the original disk, you should also perform a forensic hashing of the disk contents, both before and after the copy is made. In addition, a forensic hashing of the image itself should be performed. By doing so, you can ensure that image remains intact by comparing the hash values that are generated.
Your organization recently experienced a cross-site scripting (XSS) attack. In which situation does XSS pose the most danger? A) A user accesses a static content Web site. B) A user accesses a financial organization's site using his or her login credentials. C) A user accesses a knowledge-based site using his or her login credentials. D) A user accesses a publicly accessible Web site.
B) A user accesses a financial organization's site using his or her login credentials. #The problem is not that the hacker will take over the server. It is more likely that the hacker will take over the client's session. This will allow the hacker to gain information about the legitimate user that is not publicly available. To prevent XSS, a programmer should validate input to remove hypertext. You can mitigate XSS by preventing the use of HTML tags or JavaScript image tags.
Management has notified you that the mean time to repair (MTTR) a critical hard drive is too high. You need to address this issue with the least amount of expense. What should you do? A) Add another hard drive, and implement disk striping. B) Add another hard drive, and implement disk mirroring. C) Replace the hard drive with a faster hard drive. D) Add two more hard drives, and implement disk striping with parity.
B) Add another hard drive, and implement disk mirroring. #Disk mirroring copies the contents written on one hard drive to the other hard drive. This will lower the MTTR for the hard drive's data.
Your company has decided to deploy a new wireless network at a branch office. This branch office is located in a busy commercial district. Management has asked you to fully assess the external vulnerabilities of the wireless network before it is deployed. Which three conditions should you assess? (Choose three.) A) Number of users B) Antenna placement C) Speed of connection D) Access point strength E) Captive portals F) Antenna type
B) Antenna placement D) Access point strength F) Antenna type #Antenna type (such as the use of directional versus omnidirectional antennas) plays an important role in protecting a wireless network. Using a directional antenna can limit the area that is covered by the antenna. #Antenna placement will also have an effect on the vulnerabilities of a wireless system. Antennas should be placed as far away from exterior walls as possible. Otherwise, the signal will go outside the building. This allows anyone outside the building to attach to your network. That is why RADIUS and other technologies are required for wireless networks. #The strength of the access points should be adjusted to a level that is just strong enough for the operation of the network, but not so strong that signals escape to the outside of the building. You should reduce power levels for better security to ensure that the signal does not extend beyond its needed range. #The number of users and the speed of the connection will not cause external vulnerabilities to a wireless system. The number of user addresses is, however, a cause of external vulnerabilities.
You must deploy the appropriate hardware to satisfy the needs of an organization. The organization has a DMZ that must be fully protected from the Internet. The internal network must have an additional layer of security from the DMZ. The internal network contains two subnets (Subnet A and Subnet B) and two VLANs (named Research and Development). You need to deploy a total of four hardware devices. For each Device (A, B, C, or D) in the graphic below, select the required device for that location in the network. All four locations require a device. Devices may be deployed more than once or not at all. A) Device A - Firewall Device B - Router Device C - Firewall Device D - Switch B) Device A - Firewall Device B - Firewall Device C - Router Device D - Switch C) Device A - Firewall Device B - Firewall Device C - Router Device D - Router D) Device A - Firewall Device B - Router Device C - Router Device D - Switch
B) Device A - Firewall Device B - Firewall Device C - Router Device D - Switch #To protect the DMZ, you need to place a firewall between the DMZ and Internet. To protect the internal network, you need to place a firewall between the DMZ and internal network. The router needs to be placed so that it manages the two subnets and is connected to the switch. The switch must be deployed so that it connects to the two VLANs and the router.
You have been hired as a security consultant for a large corporation. During a meeting with the IT department, the IT manager indicates that one of their applications uses a private key encryption standard that was developed in Russia and uses 256-bit encryption keys. Which encryption standard does the application use? A) RC5 B) GOST C) CAST-128 D) IDEA
B) GOST #GOST is a Russian private key encryption standard that uses a 256-bit encryption key. GOST was developed as a counter to the Data Encryption Standard (DES).
You need to ensure that improper data is not allowed into the executed program. Which of the following should you use? A) Provisioning B) Input validation C) Encryption D) Stored procedures
B) Input validation #Input handling means that every input is validated against a range of acceptable values. If the input does not match that range of values, the input is rejected, and an error message is generated. Program crashes occur when an invalid input produces unexpected results. Proper input validation is essential in any application development project. NOTE: Encryption protects existing data, but does not guard against improper input.
During a recent security audit, you discovered that several company servers are not adequately protected. You are working to harden your Web servers. As part of the hardening of the Web servers, you implement filters. What is the purpose of a filter in this scenario? A) It locates suspicious traffic. B) It limits the traffic that is allowed through. C) It limits the users that are allowed connections. D) It prevents the Web server from being infected with viruses.
B) It limits the traffic that is allowed through. #Traffic filter!!!! #Filters on a Web server limit the traffic that is allowed through. #Access control lists (ACLs) limit the users that are allowed connections. #A protocol analyzer can be used to locate suspicious traffic. #An anti-virus application would prevent a Web server from being infected with viruses.
Which threat actor type would most likely have the most resources available? A) Script kiddies B) Nation states C) Hacktivist D) Organized crime
B) Nation states #Nation-state / Advanced Persistent Threat (APT) attacks would most likely have the most resources available. Nation states are external attacks. These attacks are conducted by one nation upon another, or upon a significant entity within the target country, with large sophisticated attacks. APTs have attackers who have very significant amounts of time and funding resources. Motives could be financial, political, disruption of the economy, or theft of intellectual property, such as military secrets.
Although the network requires multiple credentials to access systems, you need to ensure that each password is unique and meets the complexity and length requirements of the company. Which of the following storage can help users maintain across multiple systems? A) User certificate B) Password vault C) Secrets management D) Password key
B) Password vault #Password vault is a password management computer program that encrypts and stores individuals' passwords so that they are both secure from outside threats and easy for employees and the organization to keep track of. A password vault or password manager makes it possible to have different, complex passwords for each resource or system within an organization. They are also quite popular for personal use, allowing you to store login information for all your personal online accounts. Think of it as a safe for all your different passwords to be securely protected from unauthorized users and prying eyes.
A man wearing a service provider's coveralls and carrying a toolbox approaches your facility's security guard. He says that his work crew is running some new Ethernet cable inside your office, but he left his mobile phone at home, so he can't call his crew to let him in. The security guard admits the man through your secured door. The following week you find an undocumented network device installed in a closet. Which social engineering attack techniques were used? (Choose all that apply.) A) Influence campaign B) Pretexting C) Impersonation D) Identity fraud E) Eliciting information
B) Pretexting C) Impersonation #Pretexting (when referring to social engineering) is inventing a scenario that will engage the victim and provide the attacker with an excuse to be in the area. #Impersonation is pretending to be an employee, vendor, IT help desk staff, delivery driver, or other individual with some level of legitimate access. Impersonation can occur on the phone or in person. In this scenario, the guard should have asked an employee inside the building to verify that an authorized work crew was on the grounds.
Why is reviewing script files for malicious code easier than reviewing binary files?? A) Script files use open-source frameworks with more widely available documentation B) Script files contain source code with human readable instructions C) The compilation process condenses the code into human readable instructions D) The interpretation process obfuscates and reduces the likelihood of reverse engineering
B) Script files contain source code with human readable instructions #Script files contain source code with human readable instructions, allowing the data within to be interpreted for malicious code, while a binary file has no readable text and can only be interpreted by the computer. #The compilation process converts human readable instructions into a binary executable that is readable by specific platform, not another human.
Which threat actor type can be characterized by having an unsophisticated skill level, using widely available tools, and being often motivated by the need that they can prove that they can do it? A) Hacktivist B) Script kiddies C) Insiders D) Competitors
B) Script kiddies
Your organization has a security policy in place that states that all precautions should be taken to prevent physical theft of mobile devices. Which precaution would prevent this? A) Implement a screen lock on each mobile device. B) Store mobile devices in a locked cabinet. C) Install a remote sanitation application on each mobile device. D) Implement password protection on each mobile device.
B) Store mobile devices in a locked cabinet. #To prevent physical theft of mobile devices, you should store mobile devices in a locked cabinet or safe. In some cases, you can also purchase cable-lock mechanisms that will lock the mobile device to a desk. This provides mobile device inventory control. Secure cabinets or enclosures should be used for both short- and long-term storage of mobile devices.
You have been asked to implement hardware-based encryption on a Windows computer. What is required to do this? A) EFS B) TPM chip C) Wake-on-LAN D) NTFS
B) TPM chip #Another chip that could be used is a Hardware Security Module (HSM) chip, which is used in public key infrastructure (PKI) and clustered environments. #While TPM chips are permanently mounted on the motherboard and cannot be replaced, HSM is installed as a separate field-replaceable board.
You want to prevent malicious content from automatically running on your laptop. Which physical interfaces should you consider disabling? A) HDMI/VGA B) USB port C) Trackpad/stick D) Ethernet port
B) USB port #Malicious USB cables and USB flash drives are a common way to transfer data quickly and easily. Both a malicious USB cable and a malicious flash drive target the same computer component: a computer's USB ports. However, the medium of the attack is different.
As a security administrator, you are responsible for ensuring that your organization's IT staff understands the security mechanisms employed on the network. You are currently documenting the security mechanisms as part of the IT training. During the documentation, you realize that many of the IT staff do not understand the basic terms used in IT security. You need to document the terms and definitions that you will use. What is a mathematical formula that is used in cryptography to encrypt data? A) key B) algorithm C) plaintext D) ciphertext
B) algorithm #An algorithm is a mathematical formula that is used in cryptography to encrypt data by transforming plaintext into ciphertext. #Plaintest : information in it's pre-encrypted form (clear text) #Ciphertext is data in its post-encrypted form. #A key is information that can be plugged into an encryption algorithm to either encrypt plaintext or decrypt ciphertext.
You need to ensure that a set of users can access information regarding departmental expenses. However, each user should only be able to view the expenses for the department in which they work. Senior managers should be able to view the expenses for all departments. Which database security feature provides this granular access control? A) partitioning B) database view C) noise and perturbation D) save point
B) database view #The database security feature that provides this granular access control are database views. Database views are used to limit user and group access to certain information based on the user privileges and the need to know. Views can be used to restrict information based on group membership, user rights, and security labels. #Views do not provide referential integrity, which is provided by constraints or rules. #Views implement least privilege and need-to-know and provide content-dependent access restrictions.
Management has decided to purchase a new appliance firewall that will be installed between the public and private networks owned by your company. Which type of firewall is also referred to as an appliance firewall? A) software B) hardware C) embedded D) application
B) hardware #A hardware firewall is also referred to as an appliance firewall. Appliance firewalls are often designed as stand-alone black box solutions that can be plugged in to a network and operated with minimal configuration and maintenance. #An application firewall is typically integrated into another type of firewall, such as a hardware firewall, to filter traffic that is traveling at the Application layer of the Open Systems Interconnection (OSI) model.
Which protocol is used to consolidate event information from multiple devices on a network into a single storage location? A) SIP B) syslog C) cron D) secure-Authentication
B) syslog #Syslog is a protocol that is used to consolidate event information from multiple devices on a network into a single storage location. Syslog works on an extremely wide variety of different types of devices and applications, allowing them to send text-formatted log messages to a central server known as a syslog server.
You are training several IT professionals on security and access control. You need to explain to the professionals the most common form of identification and authentication. What identification and authentication mechanism should you explain? A) two-factor authentication B) user identification with reusable password C) smart cards D) biometrics
B) user identification with reusable password #User identifications (IDs) and passwords are something a user knows. #Two-factor authentication is not as common as using user identification and passwords.
You need to ensure that resources are only allocated when they are needed. Which secure coding technique should you use? A) Input validation B) Stored procedures C) Provisioning and deprovisioning D) Encryption
C) Provisioning and de-provisioning #Provisioning and deprovisioning allocates resources based on demand for those resources. Stored procedures are a series of SQL statements that are executed as a group and are similar to scripts. Using properly written stored procedures protects the database from damage caused by poorly written SQL statements and SQL injection attacks.
You have been asked to implement the e-mail security method that is defined in RFC 2632 and RFC 2634. Which e-mail security method should you implement? A) PGP B) MOSS C) S/MIME D) PEM
C) S/MIME #Secure Multipurpose Internet Mail Extension (S/MIME) version 3 is an e-mail security method that is defined in Request for Comments (RFC) 2632 and RFC 2634. S/MIME 3 provides non-repudiation, authentication, and integrity for e-mail messages. NOTE: Privacy Enhanced Mail (PEM) and MIME Object Security Services (MOSS) are older proposals for e-mail security standards that have not been adopted.
You are considering cloud services, and you concerned about the interaction of your security policies and those of the hosting provider. What can alleviate your concern? A) Stress testing B) VM escape protection C) Cloud access security brokers D) VDI
C) Cloud access security brokers #Cloud access security brokers would alleviate your concern because they enforce security policies, whether on-premises or cloud-based. They often sit between the cloud service users and providers, merging the security policies of the user and the provider.
Your organization recently experienced an XSS attack. What is the best protection against this type of attack? A) Install a pop-up blocker. B) Install an antivirus application. C) Disable the running of scripts. D) Validate all values entered into an application.
C) Disable the running of scripts. #The best protection against cross-site scripting (XSS) attacks is to disable the running of scripts in the browser. #Anti-virus & pop-up blocker can't protect against XSS.
You are designing a website that allows customers to set their payment options for a subscription service. Which of the following authentication management methods is recommended for a new account holder? A) Password key B) Static KBA C) Dynamic KBA D) Password vault
C) Dynamic KBA #KBA (Knowledge-based authentication) comes in two forms. 1) The most basic is static KBA, also called shared secrets. 2) Dynamic KBA is a bit more invasive.
Which option includes verifying appropriate access controls, authentication controls, input validation, and proper logging, among others? A) Identifying common misconfigurations B) Passively testing security controls C) Identifying a lack of security controls D) Identifying a false positive
C) Identifying a lack of security controls #When you scan to identify lack of security controls, you are looking for the presence or absence of appropriate access controls, authentication controls, input validation, and proper logging, and other security considerations.
Your company-provided Android devices are all under the control of a mobile device management (MDM) console. You want to use this console to prevent users from rooting their devices. How does this support security? A) On an unrooted device, the user cannot upgrade to a new, untested version of the Android operating system. B) On an unrooted device, the user cannot intentionally or unintentionally download malicious apps from unauthorized sources. C) On an unrooted device, the user cannot allow apps to escape the isolated virtual sandbox they run in. D) On an unrooted device, the user cannot remotely wipe their device.
C) On an unrooted device, the user cannot allow apps to escape the isolated virtual sandbox they run in. #On a rooted mobile device, apps can escape the isolated virtual sandbox, which could allow malware access to the company storage that is normally protected. Unfortunately, users can still compromise their device without rooting. They can download malicious apps from unauthorized sources, remotely wipe their device, and upgrade to a new Android OS version. #An isolated virtual sandbox is an isolated virtual machine in which unsafe software code can run without the acknowledgement of other applications. The cybersecurity researchers utilize isolated virtual sandbox by running suspicious software codes derived from unknown resources in order to observe their behavior.
Your organization has decided to outsource its e-mail service. The company chosen for this purpose has provided a document that details the e-mail functions that will be provided for a specified period, along with guaranteed performance metrics. What is this document called? A) MOU B) BPA C) SLA D) ISA
C) SLA #A service level agreement (SLA) is an agreement between a company and a vendor in which the vendor agrees to provide certain functions for a specified period.
Your client allows the users to choose their own logon names for their account. You have seen opsboss, vpgal, and domainadm used as logons. You are very concerned about these obvious administrative accounts. What security control should you implement? A) Recertification B) File system security C) Standard naming conventions D) Account maintenance
C) Standard naming conventions #Creating a standard naming convention would resolve the issue of obvious account names. Account names should not identify job roles. Recertification is the process of examining a user's permissions and determining if they still need access to what was previously granted. For example, if an employee were transferred from the Chicago, IL office to the Charlotte, NC, it would be reasonable to revoke the user's Chicago permissions.
You are setting up a complex PKI where clients might have to get a certificate from somewhere other than their own CA. What should you include in the implementation to define the relationships between the various CAs? A) Stapling B) Pinning C) Trust model D) Key escrow
C) Trust model #A trust model defines how various certificate authorities (CAs) trust each other. Ultimately, the trust model also defines how the client of a given CA would trust the certificate from another CA. #Certificate chaining refers to the trust relationships between CAs and helps determine which certificate has the highest level trust. For example, if you get a certificate from "A," and "A" trusts the root certificate, the highest level trust is the root certificate.
Which integrity strategy is used to ensure that application code has not been tampered with since it was checked in by a developer? A) Unit testing B) Integration testing C) Versioning control D) Monitoring control
C) Versioning control #In all stages of application development, version control is essential. Version control allows you to manage changes to files over time and store these revisions in a database. Changes one developer made should not necessarily be wiped out by the changes another developer presents, especially if it was meant to be only a temporary modification for testing purposes. Any integration errors should be rolled back, so that they do not cause the entire application to fail. The resolution is to have a version control system that manages those changes across the development team and process stages.
What is a honeypot? A) a skeleton of the network without any data or functionality B) a disruptive strategy that allows you to maximize the effectiveness of your decoy C) a computer system that draws in malicious actors to determine how attackers break into systems D) an enterprise management software designed to mediate access to cloud services
C) a computer system that draws in malicious actors to determine how attackers break into systems #A honeypot is a decoy computer system that draws in malicious actors to determine how attackers break into networks and systems. This gives organization's the ability to learn the attacker's techniques and how they access resources they shouldn't.
An IT technician has been assigned to install a new embedded firewall. What statement best describes this type of firewall? A) a component that is added to a hardware firewall B) a black box device C) a firewall that is integrated into a router D) a firewall that is installed on a server operating system
C) a firewall that is integrated into a router
Which policy defines the sensitivity of a company's data? A) a backup policy B) a security policy C) an information policy D) a use policy
C) an information policy #An information policy defines the sensitivity of a company's data and the proper procedures for storage, transmission, disposal, and marking of a company's data. The cornerstone practice of a company's information policy, as with all security-related policies, is to grant only the level of access that is required to allow particular individuals to fulfill their responsibilities.
You have been asked to research the encryption algorithms available and make recommendations to management about which to implement. One of the encryption algorithms that you are researching is RSA. Which type of encryption algorithm does this algorithm represent? A) asymmetric with authorization B) symmetric with authentication C) asymmetric with authentication D) symmetric with digital signature
C) asymmetric with authentication #RSA is used as the worldwide de facto standard for digital signatures. RSA is a public key algorithm that provides both encryption and authentication. It relies on the hacker's inability to factor large prime numbers.
You have just discovered that an application that your company purchased is intentionally embedded with software code that allows a developer to bypass the regular access and authentication mechanisms. Which software code is being described? A) pseudo-flaw B) multipart virus C) debugging hooks D) logic bomb
C) debugging hooks #A debugging or maintenance hook is software code that is intentionally embedded in the software during its development process to allow the developer to bypass the regular access and authentication mechanisms. These hooks can pose a threat to the security of the software and can be exploited if any maintenance hook is not removed before the software goes into production and an intruder is able to find the maintenance hook.
A hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred? A) maintenance hook B) buffer overflow C) escalation of privileges D) backdoor
C) escalation of privileges #An escalation of privileges attack occurs when an attacker has used a design flaw in an application to obtain unauthorized access to the application. There are two types of privilege escalation: vertical and horizontal.
Which access control principle ensures that a particular role has more than one person trained to perform its duties? A) separation of duties B) least privilege C) job rotation D) implicit deny
C) job rotation #Job rotation ensures that a particular role has more than one person trained to perform its duties. Personnel should be periodically rotated, particularly in important positions. Job rotation and separation of duties also help to prevent collusion.
You have recently been hired as a security administrator for your company. In the security documentation, it mentions that message authentication code (MAC) is implemented. What does this ensure? A) message confidentiality B) message replay C) message integrity D) message availability
C) message integrity #Message authentication code (MAC), which is also referred to as message integrity code (MIC), ensures the integrity of messages. MAC adds authentication capability to a one-way hashing function. MAC does not ensure message replay. It provides protection against message replay attacks. #MAC cannot ensure the availability of the data or the system. Nor does it provide message confidentiality or message replay.
You have been hired as a security administrator by your company. You have recommended that the organization implement a biometric system to control access to the server room. You recommend implementing a system that identifies an employee by the pattern of blood vessels at the back of the employee's eyes. Which biometric system are you recommending? A) iris scan B) eye recognition C) retina scan D) facial scan
C) retina scan #A retina scan is a biometric system that examines the unique pattern of the blood vessels at the back of an individual's eye. In a retina scan, a beam is projected inside the eye to capture the pattern and compare it with the reference records of the individual. The employee is authenticated only if a match is found. Retina scans provide better accuracy than iris scans.
You are configuring a wireless guest network, but you need to prevent guests from accessing the corporate intranet, while informing them of the acceptable use policy. Which access method should you use? A) WPA2-Personal B) WPS C) WPA2-Enterprise D) Captive portal
D) Captive portal #A captive portal is used to display a webpage to the user upon connection. It may or may not require authentication and may also post permissible activities. #WPA2 Enterprise is a version of EAP that uses AES encryption and requires the use of a RADIUS server. #WPA2 Personal is a version of EAP that uses either TKIP or AES encryption and can use passwords.
Management asks you to implement an encryption standard that uses a single 56-bit encryption key to encrypt 64-bit blocks of data. Which encryption standard should you implement? A) TDES B) SSL C) Blowfish D) DES
D) DES #(DES) is a block cipher encryption standard that uses a single 56-bit encryption key to encrypt 64-bit blocks of data. It is a symmetric or private key encryption algorithm. #Triple Data Encryption Standard (TDES) uses multiple DES encryption and decryption processes to create an encryption scheme that is stronger than DES. #Blowfish is a private key encryption algorithm, optimized for use on 32-bit processors, which supports encryption keys with a maximum length of 448 bits. Secure Sockets Layer (SSL) supports an encryption key length of 40 bits or 128 bits.
Given the following IP header in a Wireshark capture: 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 150 Identification: 0x6131 (24881) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set ...0 0000 0000 0000 = Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x15cd [validation disabled] [Header checksum status: Unverified] Source: 192.168.1.14 Destination: 192.168.1.5 Which version of IP addressing is used by the packet? A) TCP B) IPv6 C) UDP D) IPv4
D) IPv4 #The version of addressing used by the packet is IPv4. The version is specified explicitly in the header as the first four bits. The first four bits of an IP header identifies its version. Version 6 is represented in binary as 0110 while version 4 is 0100. The source and destination addresses are also in the dotted quad format associated with IPv4.
As your organization's security officer, you are currently completing audits to ensure that your security settings meet the established baselines. In which phase of the security management life cycle are you engaged? A) Implement B) Plan and Organize C) Monitor and Evaluate D) Operate and Maintain
D) Operate and Maintain #You are engaged in the Operate and Maintain phase of the security management life cycle. This phase includes the following components: #Ensure that all baselines are met. #Complete internal and external audits. #Complete tasks outlined in the blueprints. #Manage service level agreements as outlined in the blueprints. #Completing audits is not part of any of the other phases.
What is the goal when you passively test security controls? A) Interfering with business operations B) Exploiting weaknesses C) Infiltrating the network D) Probing for weaknesses
D) Probing for weaknesses #When you passively test security controls, you are performing a vulnerability scan to identify weakness, but not exploiting those weaknesses. When you are scanning to identify a vulnerability (or several vulnerabilities), you are primarily looking for common misconfigurations and/or a lack of security controls. These misconfigurations or a lack of controls can lead to exploiting the identified weakness, interfere with business operations, and cause infiltration of the network.
Which general mechanism is used by cloud consumers to limit security exposure and running expenses? A) Container security B) Secrets management C) Resource clustering D) Resource policies
D) Resource policies #Cloud service providers can provide users with access to resources via policies. There are two ways to do this, role-based policies or resource based polices. You can use resource-based policies to provide access control where the user in a different cloud can be granted access to a resource in your account. You can also use role-based policies in which you assign a user to a role that has permission to use a resource.
You are signing up for a new account on a web site. After you enter a password, the website prompts you to provide the answers to security questions, such as the name of a childhood sweetheart or the color of your first car. What type of multifactor authentication is this? A) Something you have B) Something you do C) Something you are D) Something you know
D) Something you know #Any security question is something you know. This includes a password, a PIN, the name of a childhood sweetheart, the color of your first car, or the answer to a similar question.
Which of these options simulates a disaster and allows you to check the thoroughness of your disaster recovery plan? A) Critical business functions B) Business continuity plans C) After-action reports D) Tabletop exercises
D) Tabletop exercises #A tabletop exercise simulates a disaster and allows you to check the thoroughness of your disaster recovery plan. You should perform a document review during all exercises. Apart from a tabletop exercises, you can also perform a walkthrough, simulation, parallel testing, and cutover testing to test your disaster recovery plans. If your plan has a weakness, it is better to discover it during an exercise as opposed to discovering it during a live event. NOTE: After-action reports documents how well or how poorly the exercise went.
You are assessing whether your organization will need to comply with GDPR. Which of the following statements indicates compliance may be required? A) The organization anonymizes and generalizes any PHI of medical providers in the EEA. B) The organization consumes or provides services with an organization located in the EEA. C) The organization requires regular reporting and disposal of financial information to the EEA. D) The organization collects or stores PII from citizens located within the EEA.
D) The organization collects or stores PII from citizens located within the EEA. #GDPR is a European act that applies to any company that collects or processes personally identifiable information (PII) of the citizens of the EU. GDPR stands for the General Data Protection Regulation. The law also addresses the transfer of personal data outside of the EU and EEA areas.
Management is concerned that mobile device location information can be revealed to attackers. Which mobile device feature should you investigate? A) remote wiping B) white listing C) screen lock D) geotagging
D) geotagging #Geotagging is the process of attaching location information in the form of geographical metadata to digital media like web sites, videos, and photographs. Geotagging is a security concern because it can reveal location information. This feature embeds unseen code into a picture that records the longitude/latitude information of where the picture was taken. Geotags may also be applied to digital output and communications such as tweets or status updates on social media.
Your manager has asked you to improve network security by confining sensitive internal data traffic to computers on a specific subnet using access control lists (ACLs). On which device(s) should the ACLs be deployed? A) hubs B) firewalls C) modems D) routers
D) routers #The ACLs should be deployed on the routers. The ACLs will improve network security by confining sensitive data traffic to computers on a specific subnet. By implementing ACLs and rules, you can ensure that a secure router configuration is implemented, which will protect the routers and the subnets they manage. Another valid answer is switch. NOTE: Firewalls are typically deployed on the public network interfaces. They typically are not involved in any internal traffic. Therefore, deployment ACLs on firewalls would not confine sensitive internal data traffic to computers on a specific subnet. A firewall is classified as a rule-based access control device. Rules are configured on the firewall to allow or deny packet passage from one network to another. NOTE: hubs are typically deployed to connect hosts in a network. Active hubs provide signal regeneration, while passive hubs do not.
Management has recently become worried about DNS poisoning after reading an article about it. Which of the following BEST describes this attack? A) the practice of many computers transmitting malformed packets to the DNS server to cause the server to crash B) the practice of one computer transmitting malformed packets to the DNS server to cause the server to crash C) the practice of continually sending a DNS server synchronization messages with spoofed packets D) the practice of dispensing IP addresses and host names with the goal of traffic diversion
D) the practice of dispensing IP addresses and host names with the goal of traffic diversion #DNS poisoning is the practice of dispensing IP addresses and host names with the goal of traffic diversion. Properly configured DNS security (DNSSEC) on the DNS server can provide message validation, which, in turn, would prevent DNS poisoning.
What is the current de facto email security standard? a) PEM b) MOSS c) Hashing d) PGP
d) PGP #Pretty Good Privacy (PGP) is the current de facto e-mail security standard. The Internet Engineering Task Force (IETF) is currently developing a version of PGP known as Open-PGP.