Cert
As the number and types of clients increases on a company's network, the company sees a need to place greater controls on access to its mainframe. The mainframe is deployed on a screened subnet with critical network servers and bounded by a stateful firewall. You want to implement a solution that filters traffic by port, protocol, and detailed packet content. What should you use?
Application firewall
Your application development plan calls for fuzzing. What is fuzzing used to test for?
Application flaws relating to data input
A company wants to allow users to access the network using company-issued tablets. Only approved apps can be installed on the devices. What MDM feature provides the necessary functionality to meet this requirement?
Application whitelisting
What is the primary risk of an integer overflow attack?
Arbitrary code execution
You are working with your company's security team to set security standards for mobile devices. One suggestion was to disable unused features and functionality. You need to determine if a disabled feature would adversely impact security measures that are already in place. One of the security team recommends disabling GPS on all company-owned mobile phones. Which security feature would this impact?
Asset tracking
Identify the attack types by dragging each attack type to the box next to its common attack vector and target.
Attempt/Cell - Vishing E-mail/Upper - Whaling Redirecting/Internet - Page Hijacking Rouge/Internet - Scamware
An attack has performed privilege escalation. How can you ensure that you are aware that such an attack has occurred?
Audit failed and successful account management events.
A user connects to a corporate network using a VPN client. He has a valid username and password. A network administrator discovers that the user was able to execute a restricted command on a server. Other than applying an ACL if needed, which policy should the administrator verify or change to find the solution?
Authorization policy
Which security goal is compromised by a DDoS attack?
Availability
You are helping an organization develop a backup plan. You need to ensure that data backups are available in case of a catastrophic failure. You need to keep the plan as inexpensive as possible. What should you do?
Back up to removable media and store a copy offsite.
Which of the following protocols are meant for use with passwords and can help mitigate dictionary and brute-force attacks? (Choose two).
Bcrypt PBKDF2
You are developing an Internet-based application. Users will need to create passwords that are eight or more characters in length for authentication. You need a secure method to store user passwords. You want a solution that is as secure as possible against brute force attacks. Which two algorithms can you use for creating password-based key derivations? (Choose two.)
Bcrypt PBKDF2
An e-mail server supports IMAP connections. You need to ensure that all IMAP traffic is encrypted. What should you do? (Choose two.)
Block traffic on TCP port 143. Allow traffic on TCP port 993.
Select the primary risk associated with each type of attack.
Bluejacking - Spam Bluesnarfing - Unauthorized data disclosure WPS attack - Unauthorized data disclosure Evil twin - Unauthorized data disclosure
Which of the following can be used to launch a coordinated DDoS attack?
Bot
A company is comparing available reconnaissance methods. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Both - No Active reconnaissance requires - No Active reconnaissance can - Yes Many - Yes
A computer configured as a router protects your network from the Internet. You discover that the router has been reconfigured. How might an attacker have gained access to the router? (Choose two.)
By logging on to a default account Through a rootkit infection
A company is located on one floor of an office building. The company has employees onsite twenty-four hours a day. A receptionist is seated in the lobby at all times. The server room stores the equipment that used for the internal network and the DMZ. The web server on the perimeter network hosts an ecommerce application that utilizes the database server on the internal network. The company needs to mitigate the following risks:* Employees being robbed or mugged* Customers being unable to access the website* XSS attacks* SQL injection attacks* Attacks that use known vulnerabilities* Data theft by a malicious insider Attempted attacks against the servers on the perimeter network should be discoverable. The risk of false positives should be minimized. Which security controls should you implement? Select the additional equipment required to meet the requirements from each drop-down menu.
CCTV Lights SAN Patch management Database server Web server Load balancer Honeynet Lock
Client computers need to connect with an older server through a PPP connection. You need to support a wide variety of operating systems and versions. You are concerned about the potential risk of replay attacks and compromise of authentication credentials. Which authentication type should you use?
CHAP
Which component of PKI is necessary for a CA to know whether to accept or reject certificates from another CA?
CRL
A company is configuring a secure Web server. What must be submitted to a certificate authority (CA) when requesting a SSL certificate?
CSR
Your company provides specialized assistance to other companies working on projects that require a high level of technical expertise. Your company's employees are organized around work teams that contract with outside companies. You must ensure that the employees on a team trust certificates from the contracting company. They should not trust certificates that are associated with a project if they are not part of the project team. You need to implement a PKI trust model that lets you specify which users will trust which CAs. You must be able to end this relationship at the end of the contract. What should you use?
CTL
A company wants to introduce a new enterprise mobility strategy for all users. Which deployment model will the enterprise use if it wants to allow an employee to choose a mobile phone from a company-approved list of devices?
CYOD
You are investigating some malware that has infected a server in your company. You make a digital copy of the hard drive that you can analyze. You place the original drive in a secure cabinet. Which aspect of incident response does this illustrate?
Chain of custody
A programmer wants to develop and release a very important security fix for a web application. Which process will allow him to enforce staging deployment policies, control the outcome, and mitigate operational risks?
Change control
Your boss is concerned that an administrator might accidentally introduce a security vulnerability when installing a new server. What can you use to mitigate this risk?
Change management
Your network is isolated from the Internet by a firewall that also acts as a proxy server. You suspect that a potential attacker has been probing your network looking for open ports. What should you do?
Check the firewall log.
You are tasked with determining the best use of client-side and server-side validation for a new web-based application. What is a potential risk of using client-side validation?
Client-side validation can be easily bypassed.
Three companies are working together to produce a movie. A subscription to a service allows them to share data related to the project and host online meetings. Each organization has some management capabilities. What does this exemplify?
Community cloud
A server is the victim of a data breach. Customer password information is exposed to the attacker. Which step in the incident response process is necessary to mitigate the risk of a reoccurrence of the attack?
Conduct a post-mortem review to identify lessons learned.
You install a wireless access point in a classroom. You need to meet the following requirements:* Classroom computers must be able to connect to the access point.* Students must not be able to connect using their personal laptop computers or other Wi-Fi devices. What should you do?
Configure MAC filtering.
Your network connects to the Internet through a single firewall. The internal network is configured as a single subnet. You need to deploy a public Web server to provide product information to your customers. What should you do?
Configure a DMZ and deploy the Web server on the DMZ.
You are deploying a corporate telephony solution. The network includes several branch offices in remote geographic locations. You need to provide VoIP support among all office locations. You need to design a network infrastructure to support communications. You need to minimize the impact on network security. You need to minimize the costs related to deploying the solution. What should you do?
Configure a DMZ in each office.
What can be done at the client to mitigate the risk of XSS?
Configure the browser to disable script processing.
An administrator is deploying a MFD on your company's network. He needs to make the device to be as secure as possible. A limited group of users will be given access to the device. Which two actions should the administrator take to secure the device? (Choose two.)
Configure the device with a static IP address. Change all default passwords.
A company's internal network is divided into multiple subnets. The network is isolated from the Internet by a perimeter network. The perimeter network is bounded by routers. Subnets are defined using routers, Layer 3 switches, and Wi-Fi routers. This is an example of what type of defense policy?
Control diversity
A SCADA network is used to monitor and manage a utilities distribution substation. The system must be able to recover from device failures as quickly as possible. What should you use to help ensure this?
Control redundancy and diversity
What should you do to ensure that messages between an SNMP management station and SNMP agents are encrypted?
Create IPSec filters for ports 161 and 162.
An attack was launched against a Web server. You need to ensure that any evidence you discover during your investigation can be used to prosecute the attacker. What steps should you take? Select the steps you should take.
Create a bit Create a hash of the hard Create a has of the image Store Document
You set up a VM for testing different versions of an application. You want to be able to return to the baseline state as quickly as possible between each test. What should you do?
Create a snapshot of the VM.
You discover attempts to compromise your Web site. The attacks are based on commands sent from authenticated users' Web browsers to the Web site. The commands execute at the user's permission level. Users who have been contacted had no idea that the commands were being sent from their computers. What kind of attack does this represent?
Cross-site request forgery
You created custom error pages for your Web site. An attacker modified the error pages through data input through a data form on the Web site. Error pages are dynamically generated when an error occurs and the page is rendered containing script that directs the user to a malicious Web site. This is an example of what type of attack?
Cross-site scripting
A small online retailer's security is breached, and administrators discover evidence of data theft. The attacker collected a large amount of PII about both employees and customers. Which type of attack threat does this describe?
Cyber criminal
You are deploying a network for a small project group. Each group member should be responsible for securing access to his or her own computer's resources. What access control model should you use?
DAC
You are concerned about the use of ciphers that can be implemented with a weak key, resulting in an encryption that is not secure. Which two of the following are ciphers with known weak keys? (Choose two.)
DES RC4
A company with a UTM wants to ensure that documents with the words "confidential" or "revenue" inside them are not sent outside the company through email or copied to a cloud service. Which UTM feature should the company configure?
DLP
You discover that when network users attempt to navigate to your company's public Web site, they are being redirected to a different Web site. This is an example of which type of attack?
DNS poisoning
Drag the type of attack that is most closely associated with each type of server to the box identifying the server type.
DSN Injection/SQL injection/DDoS
A company is devising their incident response policy. Choose the forensics procedure that relates to each statement.
Data - Big data Must be - Timestamp Required - Log f man hours Helps a lawyer - Expert witness
A company performs information classification. What is the outcome of this process?
Data is categorized in terms of confidentiality, integrity, and availability requirements.
You are hiring a consultant to provide a social media presence for your organization. The consultant will use her own computer. What are two potential security implications that should be covered by a legally binding policy document? (Choose two.)
Data ownership for content created Unauthorized data sharing
You encrypt your smart phone using the built-in hardware encryption. What is a potential risk of this?
Decrypting the device will result in data loss.
You need to prevent access to servers on a subnet based on the IP address of the source and the port being used. Your network uses dedicated router devices throughout the network. You need to minimize the network changes necessary to configure the solution and minimize the administrator effort necessary to maintain the solution. What should you do?
Define an ACL on the router to the subnet.
Your company is implementing BYOD. The company will take advantage of cloud-based apps to synchronize data between the user's computer and tablet. Which two tasks should the company's BYOD policy address as part of its offboarding policy? (Choose two.)
Deleting accounts for cloud-based apps Removing company data from the personal device
You suspect that someone is trying to gather information about your network. Your network is isolated from the Internet by a perimeter network. You need to gather as much information about the attacker as possible. You want to prevent the attacker from knowing that the attempt has been detected. What should you do?
Deploy a honeypot in the perimeter network.
You are deploying a sensitive database server on your network. You need to make sure you are alerted about anything suspicious in the network traffic in and out of the server, or any attempts to change system files on the server. What should you do?
Deploy an HIDS.
A company is developing a new, very large web application. Developers run periodic vulnerability scans. The scans report multiple vulnerabilities. The developers have traced these to false positives from text on some of the web pages. What is the risk if this continues?
Developers may miss valid vulnerabilities.
A company wants to develop a new application. A manager has been asked to recommend the best process to follow. Which well-known four-tier architecture should the manager recommend?
Development, Testing, Staging, Production
Your company is limiting the data which mobile devices are allowed to use. This is an example of which type of device security?
Device access control
Which of the following relies on both a public and private key for encryption and decryption?
Diffie-Hellman
You are tasked with finding a way to ensure non-repudiation on outgoing e-mails. What should you use?
Digital signature
You need to be able to prevent users on social media sites from learning your location based on the pictures you share from your smartphone. What should you do?
Disable GPS tagging.
A portion of the company network is shown in the exhibit. The DNS server has crashed twice in a 24-hour period. Analysis of network traffic indicates that the DNS server has been receiving ICMP packets that are larger than allowed by the IP protocol. What type of attack does this indicate?
DoS
You find the following lines in a real-time log viewer on a network device: [port_scan][1.1.1.21:53->191.23.1.1:32181][UDP][HLen=10, TLen=308] [udp_RP_flood, timeout=10][1.1.1.21->191.23.1.1:21314][UDP][HLen=10, TLen=116] Which network attack is happening?
DoS
A company deploys a DLP system. A security officer wants to create a policy to match and block access to documents that include any linked PII. Which three of the following should be included? (Choose three.)
E-mail addresses Credit card numbers Personal phone numbers
A company wants to introduce EAP to secure all WLAN connections. The solution has to use mutual authentication and a valid certificate for the client and the server. Which protocol should the company implement to meet these requirements?
EAP-TLS
Which solution has been implemented to provide higher security in the DH protocol?
ECC
A company wants to create a secure tunnel between two sites. Which set of protocols will offer the highest level of security and efficiency? Choose THE BEST answer.
ECDH-384, AES, and SHA-512
Two devices communicate using NFC. Which attack represents the greatest vulnerability?
Eavesdropping
What is the most cost-effective way to defend against whaling attacks?
Educate and train upper management.
A company has an office on the fifth floor of a building in a city that is prone to earthquakes. Earthquakes have been identified as the most important risk to mitigate. Which three risk mitigation controls would be most important to ensuring employee safety? (Choose three.)
Emergency lighting Escape plans Drills
A company wants to deploy a secure system that will constantly monitor the network devices and alert a network administrator. What is the BEST solution?
Enable SNMPv3 and send traps to a dedicated SIEM system.
What actions can be taken to protect a Web site from XSRF attacks? (Choose two.)
Enforce session timeout. Require a unique value sent in a hidden form field.
When calculating risk assessment for an organization, what is the role of impact assessment?
Estimating the potential costs related to a threat
A server application is currently under development. It has been discovered that some errors, such as a divide by zero error, can leave the application running in an unstable condition. The application needs to respond more appropriately to errors and generate an error message when they occur. What should you implement? (Choose the BEST answer.)
Exception handling
Which of the following can be used to prevent external electrical fields from affecting sensitive equipment?
Faraday cage
Which firewall feature can you enable to mitigate the risk of DoS attacks against the AAA service
Flood guard
All computers in your organization come with TPM installed. What type of data encryption most often uses keys generated from the TPM?
Full disk encryption
Which of the following are block cipher modes? (Choose three.)
GCM ECB CBC
What is the most appropriate type of fire suppression system to install in a data center computer room?
Gaseous fire suppression
You are deploying a new website. You need to request an SSL certificate from a public CA. What should you do first?
Generate a public and private key pair for the server.
A company wants to implement a stronger security policy on mobile devices. All phones are equipped with GPS and a dedicated app. Which three options can help you achieve this goal? (Choose three.)
Geofencing MDM White-listing
A company want to perform non-intrusive testing on an application that was developed in-house. Testing should take place with a level of access and understanding similar to that of a standard application user. You need to determine the appropriate type of testing. What should you recommend?
Gray box
A company needs to speed up the process of RSA operations. What should the company implement?
HSM
You are deploying a PKI in your domain. You want to use a hardware device separate from your Windows servers to manage and maintain cryptographic keys. What should you use?
HSM
You want to be able to issue and manage encryption keys for your network. You do not want to fully deploy a PKI on the network. What should you use?
HSM
A company uses a sophisticated SCADA system. A security analyst is concerned about the security of this system. What should be recommended to secure the SCADA system? (Choose two.)
Harden physical protection. Deploy host-based anti-virus software.
A company is launching a team to conduct a forensics investigation. They need to analyze the low-level content of a suspected hard disk. What is the BEST tool for this activity?
Hex editor
The administrator deploys three web servers, all hosting the same web application and data, on his company's perimeter network. The administrator implements load balancing through use of a load balancer. This is BEST described as an example of which resiliency strategy?
High availability
Match the Smartphone and thin client characteristic with the related categories. Some answers may be used more than once, and not all answers are used.
Highly mobile Remote wipe iOS or Android Wireless Only Locking cable No storage Windows and Linux Wired/Wireless
You receive an email message that appears to be from the IT director at your company. The email warns you about a zero-day virus and instructs you to find and delete a certain file on your computer. When you delete the file, your computer no longer boots. Which two attack methods were used? (Choose two.)
Hoax Impersonation
A company's internal network has experienced several attempted attacks from the Internet. The administrator needs to collect as much information about the attackers and their attack methods as possible. The administrator should minimize the risk to your internal network. What should the administrator use?
Honeynet
Which is BEST described as a type of compensating control?
Hot site
What is used to provide secure communication over a L2TP VPN connection?
IPSec
Which protocol can you use to ensure that a server accepts Telnet traffic only from a designated computer?
IPSec
You find the following lines in the log of a firewall: ISAKMP:(0):Sending an IKE IPv4 Packet ISAKMP:(0): retransmitting phase 1 MM_NO_STATE... ISAKMP (0): incrementing error counter on sa Which protocol is failing?
IPSec
You have deployed PKI within your organization. To meet legal reporting requirements, you need to implement a way to provide decryption keys to a third party on an as-needed basis. What should you do?
Implement a key escrow arrangement.
What can be done to help minimize the risk of malware infection while a mobile device is browsing the Internet from a connection that is provided by a corporate network? (Choose two.)
Implement patch management Disable unused features
You are preparing to deploy an e-commerce Web site. The Web site uses dynamically generated Web pages based on user input. This is a requirement for the application running on the Web site. You need to design the site to prevent cross-site scripting attacks. You need to choose the most appropriate action to take. What should you do?
Implement user input validation.
Users report that an application is failing and displaying detailed messaging including stack traces, data dumps, and detailed codes. This results from what type of vulnerability?
Improper error handling
A company web site is configured to support encrypted communication only. The web site has several forms that customers can fill out electronically to place service requests for different products. The web site has experienced problems lately. Information in the error logs indicates code injection errors. What type of vulnerability is most likely responsible?
Improper input handling
You deploy a two-factor authentication system for your network computers using a smart card and PIN. Despite this, unauthorized personnel are gaining access to the network. What should you do to help prevent this in the future?
Improve user education and awareness training.
After installing a new firewall, users complain they have intermittent access to the Internet. The firewall rules are shown in the exhibit. What should the administrator do to fix the issue?
In rule number 7, change UDP to TCP under PORT.
You are considering using cloud-based storage for a secure database. What is generally accepted as the greatest risk to data in cloud storage?
Inappropriate access to data
A company includes security awareness training as part of the new hire process. What three topics should always be covered by a security bulletin? (Choose three.)
Industry regulation changes Zero-day threats New viruses
A solution vendor bills customers for access to a three-tier application based on usage. The application is deployed in the vendor's data center as sets of clustered virtual machines. Which type of network design element is exemplified?
Infrastructure as a service
Engineering department computers are deployed on a screened subnet. You need to protect the computers against malware attacks. What should you do?
Install a HIDS on each of the departmental computers.
You deploy an application server on your network. You need to control the types of traffic coming into and out of the server. You want to keep the effort and network changes necessary to implement and manage this to a minimum. What should you do?
Install a host-based firewall on the server.
Field sales personnel have product and price lists loaded on their smartphones. This is critical data for your business. You need to ensure that this data is not accidentally disclosed or compromised while salespeople are traveling or are at customer sites. What should you do? (Choose two.)
Install and enable remote wipe. Require Passwords on mobile devices.
A company deploys a highly advanced HVAC system in a datacenter. Which two security measures should be recommended for that system by a security specialist? (Choose two.)
Install cameras and alarms. Isolate HVAC management devices.
An application's executable is digitally signed using a software developer's private key. What does this ensure?
Integrity
A company is concerned about the impact that could occur if an employee opened a malicious hyperlink. What type of security assessment should the company use?
Internal penetration test
Users report that they lose connection to the wireless access point. You investigate and discover radio frequencies that have a similar pattern to those transmitted by the access point. What type of attack should you suspect?
Jamming
Which two attacks are DoS attacks against a Wi-Fi network? (Choose two.)
Jamming Replay
Your company has three computer security professionals. Every month, a different one is assigned to auditing duties. What principle does this illustrate?
Job rotation
Your business relies on a server-based, mission-critical application. It is a commercially produced proprietary application. What actions should you take to keep the application secure? (Choose two.)
Keep application patches and fixes up-to-date. Physically uninstall any unnecessary applications from the application server.
A company is setting up a small network that will use smart cards for logon. Which authentication protocol provides native support for smart card logon?
Kerberos
An administrator is configuring a perimeter network Internet-facing firewall to support authentication protocols. In the drop-downs, select the default port for each authentication protocol the administrator should use.
Kerberos - 88 RADIUS - 1812 SAML - 443 TACACS+ - 49
Identify authentication criteria. Place the authentication criteria under the node containing the appropriate category.
Know: Password/PIN Have: ID/Card/Smartcard/USB token Are: Retinal/Finterprint/Voice/Keystroke
A company is concerned that accessing data from an Active Directory domain is not secure. Which protocol should you implement?
LDAP over SSL
Your network is configured as a distributed directory environment. You want to configure an SSO environment through your intranet. All traffic related to authentication should be encrypted. What should you use?
LDAPS
You are asked to analyze logs from a couple of network devices. Which devices have MOST likely generated these messages?
LOG 1 - IPS, LOG 2 - Firewall
Identify the attack types by dragging each attack type to the box next to its common attack vector and target.
Locks/Internet - Ransomware Redirection/Internet - Pharming E-Mail/Multiple - Phishing Theft/Wireless - Bluesmurfing
A virus is designed to format a computer's hard disk based on a specific calendar date. What kind of threat is this?
Logic bomb
You are designing a secure application environment. You need to ensure that data is kept as secure as possible. You need to select the strictest access control model. What access control model should you use?
MAC
Which hash algorithm is used by common implementations of CHAP?
MD5
You have several computers that use the NTLM authentication protocol for client authentication. Network policy requires user passwords with at least 16 characters. What hash algorithm is used for password authentication?
MD5
Company A is planning to partner with Company B on a project. The project will require an application server at Company A to access a database server at Company B. You need to document the business and compliance requirements of the connection. What should you use?
MOU
A server has failed four times in the past year. Which measurement is used to determine the amount of time the server was operational?
MTBF
What is the difference between the MTBF and the MTTR of a system component?
MTBF identifies the reliability of a component, while MTTR measures the time it takes to fix a component.
Your recovery plan states that it will take, on average, three hours to restore services to an operational level after a catastrophic failure. This value is known as what?
MTTR
You are determining environmental control requirements for a data center that will contain several computers? What is the role of an HVAC system in this environment? (Choose two.)
Maintain appropriate humidity levels Provide an appropriate ambient temperature
An individual is contracted to set up a Web farm that includes an access portal for your network. That same individual uses the information gained during that process to infiltrate your network at a later time. How is this type of attack categorized?
Malicious insider
A company wants to protect a network against common attacks. Choose the BEST solution for each protection goal in the drop-down menus.
Malware/Malware - Avoid homogeneity Passwords/Protect - Use key derivation SLA/Achieve high SLAs - Deploy an IPS Proactive approach/Be proactive - Set up honeypots
What physical security control can a company use to help prevent tailgating?
Mantrap
Identify the control type for each listed control. To answer, choose the most appropriate control type from the drop-down menus.
Mantrap - Physical Recovery - Administrative IDS - Technical Honeypot - Technical Biometric lock - Physical
A company needs to ensure that, if anyone enters the server room after hours, the doors are locked and cannot be opened from the inside. The company wants to minimize the recurring costs related to the solution. What should the company install?
Motion detector
To avoid a single point of failure, a company wants to host all servers in a high-availability datacenter. What redundancy level is shown in the exhibit?
N+1
You are designing a solution to protect your network from Internet-based attacks. You need to ensure that devices that connect to the network have operating system updates and current antivirus. Devices that do not should be automatically remediated. What should you implement?
NAC
You reconfigure your firewall to support a perimeter network. You deploy two Web servers on the perimeter network. You want to deploy a security tool that can help reconfigure the network automatically in response to detected threats. What should you use?
NIPS
A company works with a large, volatile set of certificates to maintain security throughout the organization. The company wants to avoid the need for clients to frequently download status information about certificates.What technology does the company need to implement?
OCSP
Which key metric supports the delivery of an SLA and is often related to internal support groups?
OLA
A company is deploying the PKI infrastructure shown in the work area. The network administrator needs to determine whether each certificate authority should be deployed as an online or offline CA to provide a secure infrastructure. Users must be able to request certificates for local use. To answer, choose the correct deployment option from the drop-down menus.
Offline Offline/Offline Online/Online/Online
A set of switches is used to implement a VLAN. Where should you enable loop protection?
On all ports of each switch
A company's SMTP server is blacklisted by several ISPs. After further investigation, it is determined that several users in the company inadvertently sent out emails to all the users on their contact list. You need to mitigate the risk that such an incident will reoccur. What should you implement?
Outbound spam filter
A secure email client is being developed. You need to choose an appropriate method for digitally signing and encrypting messages. The method chosen must be supported across a broad base of platforms. What should you recommend?
PGP
You are looking for ways to prevent users from copying data from their computer systems to an external drive. You have disabled all floppy disk drives, and the computers are configured with read-only CD\DVD players. What else should you do? (Choose two.)
Password protect the system BIOS. Disable all USB ports in the system BIOS.
A new server application is deployed on your network. This is a recently released version of the application. You need to ensure that fixes to any vulnerabilities are applied as quickly as feasible. All changes need to be documented. What should you implement?
Patch management
You have deployed a mission-critical server. You have been asked to recommend a security assessment method. Place the activity performed by the security assessment method under the appropriate security assessment method.
Penetration testing - Bypasses security controls Exploits a vulnerability Identifies the compromised data Vulnerability scanning - Finds only known vulverabilities Creates a baseline of vulnerabilities
You want to use a backup scheme that does not take too much time or require very high capacity tapes each night. Because you do not have to restore data that often, you do not care if the restore process is lengthier as a result, but you do not want it to take an unreasonable amount of time. Which of the following would be the best backup scheme to meet your goals?
Perform a full backup weekly. Perform incremental backups nightly.
A company has implemented a BYOD policy that applies only to members of the Sales department. The company has also performed information classification. Only members of management can access information that is classified as High. Members of the Human Resources (HR) department have access to PII for the company employees. Other employees have access to only information that is classified as Medium or Low. For each type of security training, indicate whether it should be organization-wide or role-based.
Personal device policy - Role-based Data handling policy - Role-based Tailgating policy - Organization-wide Proper disposal policy - Role-based
Several employees received e-mails that appeared to be from an online auction site. When the users click on the link, they are prompted for personal information. When you investigate the link, you discover that it does not go to the auction site, but to a duplicate site set up by an attacker. What kind of attack has occurred?
Phishing
What kinds of attacks are best prevented through user education and awareness training? (Choose two.)
Phishing Dumpster diving
Which is at the outermost (topmost) level of a defense in depth strategy?
Policies and procedures
You need to allow computers on the Internet to initiate connections to a host on the internal network with the address 192.168.50.12/24.What should you use?
Port forwarding
A company establishes a six-step incident response plan. Drag the appropriate phase name to each description.
Preparation - Develop Identification - Make a full Containment - Limit Eradication - Remove Recovery - Test Lessons - Make improvements
You are designing a Web-based application. You design the application so that it runs under a security context that has been granted only the permissions required for the application to run. This is an example of which of the following?
Principle of least privilege
A company recently started allowing employees to use personal mobile devices to connect to the company network. Users are concerned about the discovery and use (or misuse) of personally identifiable data stored on the devices. What type of policy should the company issue?
Privacy
What type of policy is posted on a company's website and describes how it uses and protects customer data?
Privacy policy
Which two statements describe the advantages of using the Agile method for application development? (Choose two.)
Projects are change-oriented and decisions are made by the whole team. Teams use continuous integration techniques.
What is the primary purpose of a CDP?
Protecting the confidentiality of data
You need to identify the source of malformed network packets flooding your network. What should you use?
Protocol analyzer
You suspect that an attacker is sending damaged packets into your network to compromise your firewall. You need collect as much information about network traffic as possible. What should you use?
Protocol analyzer
You are preparing to perform vulnerability analysis on a network. Which tools require a computer with a network adapter that can be placed in promiscuous mode? (Choose two.)
Protocol analyzer Vulnerability scanner
You are hired as the security administrator for a financial services company. You have been directed to set up a key escrow for all encrypted data. What should you do?
Provide copies of all keys to a designated third party.
You are looking for a method to manage access to a secure area. You want to allow entry through a locked gate that unlocks automatically and track individuals going into and out of the area. Which method should you use?
Proximity reader
A company is implementing IEEE 802.1X to support authentication. The company wants to keep the cost to support this decision to a minimum. What should the company use as an authentication server?
RADIUS
A company has a database that is used to store product inventory. The cost to the company is very high if the database is not available. Which two technology controls could be used to improve the database's availability? (Choose two.)
RAID Clustering
You have six 100 GB hard disks available for data storage. Which RAID configuration will provide the most available storage with fault tolerance?
RAID-5
Which of the following is a stand-alone algorithm that can be used for message authentication of a plaintext (non-encrypted) message?
RIPEMD
An application is being designed to digitally sign files as it publishes them for distribution. What algorithm should be used for this purpose?
RSA
An attacker is attempting to hack into a secure server. An insider provides the attacker with a file containing the server's hashed passwords. Company guidelines recommend using multiple word passwords. Which type of attack would be used to most quickly find passwords in the hashed password file?
Rainbow table attack
A user was browsing the Internet looking for information to resolve a problem. The user's computer restarted spontaneously. After starting up, the computer displayed a banner stating that the computer was locked, its data files were encrypted, and that legal authorities will be contacted. The banner demanded a payment in Bitcoin to receive a code to unlock the computer. Which type of malware attack does this indicate?
Ransomware
A critical web server is compromised by a persistent XSS attack. Which two steps would you take as part of the containment process? (Choose two.)
Redirect traffic to a different web server. Create a forensic image of the server.
An in-house forensic team responds to a security incident. The team needs to prioritize the order in which data should be collected. To answer, arrange all data to be collected in the correct order.
Registers Data Running System Remote Backup
You are beginning your investigation of a server that was the victim of a DoS attack. Where should you look for evidence first?
Registers and cache
Your Web site has been the repeated target of cross-site request forgery (XSRF) attacks. You want to try to prevent these from occurring. What should you do?
Require a secure, user-specific token for form submissions.
You are devising an incident management plan. What should be the primary goal of the incident management plan for a DoS attack on the company's ecommerce servers?
Restore normal operations as quickly as possible.
Tabletop exercises are used during which aspect of business continuity planning (BCP)?
Review and fine-tuning
You need to secure access to network file servers. Your first task is to determine current access permissions. What should you do?
Review effective access permissions.
Users report that Web server response was slow overnight. You suspect an attempted attack against the Web server. The Web server is deployed in a perimeter network. What should you do? (Choose two.)
Review the Web server log files. Review the firewall log files.
A set of programs provide a hacker with administrator access to a computer that cannot be detected through normal means. What is the BEST description of this threat?
Rootkit
You are designing network access control so that remote users are limited to accessing the network during normal business hours only. Policies regarding user access apply to all users. This is an example of which type of access control?
Rule-based access control
A critical server application is susceptible to shell injection privilege escalation attacks. How can you minimize the potential impact of this type of attack?
Run the application with the minimum permissions required.
A company is looking to develop an Internet-level browser-based SSO solution. What should they use to accomplish this?
SAML
A company needs a single SSL certificate that can be used across the following domains: * company.com * company.org * company.net * company2.com * dev.company2.com Secure access is required for external users. What type of certificate is needed?
SAN
For which of the following would you be likely to mitigate the risk of attack through use of a screened subnet?
SCADA
Which mechanism should be used to handle runtime and compile-time errors when creating a Windows-based application?
SEH
Which of the following is designed to perform one-way encryption?
SHA
A remote collection server is managed through command-line commands. Until recently, you have been using Telnet to connect to the server, but you suspect that one or more passwords have been compromised. You are going to disable Telnet connectivity on the server. You need to use a more secure method for logging in and executing commands. What should you use?
SSH
A security analyst has enabled a protocol analyser to capture and analyse network traffic. The report has recommended disabling a weak protocol on one device based on the following capture: Transmission Control Protocol, Src Port: 1251, Dst Port: 23, Seq: 199, Ack: 133, Len: 0 Transmission Control Protocol, Src Port: 23, Dst Port: 1251, Seq: 101, Ack: 199, Len: 32 Which protocol should be enabled instead?
SSH
When users log on to the domain, in addition to being given access to domain file resources, they are given access to a Microsoft SQL Server database server and an internal Web site through Windows integrated authentication. This is an example of which authentication model?
SSO
A subscription to a productivity application allows users in a company to create and share documents. The service is not hosted on a dedicated server. What two things is this an example of? (Choose two.)
SaaS Public cloud
Your network includes a secure server that is protected by a host firewall. You are concerned about potential risks in the firewall protection. What should you do?
Scan the firewall's incoming ports with a port scanner.
Your organization has recently seen an increase in thefts of laptop computers and other electronic equipment. You want to keep equipment as accessible as possible while trying to prevent equipment theft. User actions needed to keep the equipment secure must be kept to a minimum. What should you do?
Secure equipment with cable locks.
You are a member of your company's security team and a network administrator. You arrive at the office early one Monday morning, enter the server room, and see that the cabinet holding the daily backup tapes has been forced open and tapes are spilled out onto the floor and table. You also notice that one of the servers is running a backup. What should you do first?
Secure the area.
You are designing physical security for network servers. The design requirements call for the servers to be kept in a locked room with limited physical access. You want to ensure that physical access is controlled as tightly as possible and prevent unauthorized access. What should you do?
Secure the room with a biometric-based lock.
Your company recently updated security to include: * Limited physical access to mainframes and critical servers. * Multifactor authentication required for all clients. * Certificate-based encryption when communicating with iOS and Android devices. This is an example of what type of risk mitigation?
Security layers
You are designing security for a financial application. You need to ensure that all tasks relating to the transfer of money require actions by more than one user through a series of checks and balances. All activity must be audited and logged. On what access control method should you design your security model?
Separation of duties
You are deploying a new server application that accepts input forms from the Web. You are concerned about injection attacks against a database server that acts as the backend for the application. Which action will help prevent attacks?
Server-side input validation
An attacker exploits a valid session to gain access to a secure network computer. This is an example of what type of attack?
Session hijacking
An attacker sniffs a cookie from the HTTP packets sent between a web server and a browser. What attack might be in progress?
Session hijacking
On a network that uses Kerberos, what does the client computer present as authentication to the server that contains a resource?
Session ticket
A systems administrator has been asked to grant access to a resource for a junior technician to perform a one-time task on a server. The change request has specified the following requirements: * The user can view folder contents. * The user can view and open a file.* The user can write to a file. * The user cannot modify any file names. * The user cannot encrypt any files, set up a password, or change permissions. Which numbered set of permissions in the exhibit should the administrator apply using the least privilege rule?
Set 1
An organization hires temporary users to assist with end-of-quarter and end-of-year resources. All temps need access to the same domain resources when accessing the network. Temps are hired for a specific period with a set completion date. You need to ensure that user accounts used by temps can only be used during the specific end-of-quarter and end-of-year periods. You need to ensure that the accounts are not available at other times. The solution should require minimal administrative effort to maintain. What should you do?
Set expiration dates for the temp user accounts.
A portion of the results of a recent security audit are shown in the table in the exhibit. What should you do to correct the vulnerability shown in the exhibit?
Set the password maximum age policy.
You are a security administrator for a company that has been contracted by a local government agency for a data collection and reporting project. Data must be stored locally to your organization and the company will be issuing weekly summary reports. At some point, it may be necessary for the government agency to view the raw data, but only after receiving proper authorization from its supervising agents or through a court order. You need to ensure this capability. What should you do?
Set up a key escrow.
You are working on a confidential report in a crowded airport terminal. You are not connected to the airport's Wi-Fi hotspot. What type of attack is most likely to occur?
Shoulder surfing
Identify the control type used in each control example. Drag the appropriate control type to each control example.
Signs warn - Deterrent A server - Corrective Security guards - Deterrent Video cameras - Detective Firewalls - Preventive
A company discovers that is has been under attack from an APT for several months. Through which type of attack was the initial breach most likely accomplished?
Spear phishing
Which two types of attacks rely mainly on the attacker seeming to be familiar to the victim for their effectiveness? (Choose two.)
Spear phishing Tailgating
You discover a program running in the background on a computer. The program is collecting address and computer name information from your network and sending it to an address on the Internet. This is an example of what kind of threat?
Spyware
Which server is a mirror of the real environment and is used by developers to test and finalize new software prior to rollout?
Staging
A company needs to share some top-secret data with a partner. Which control will provide both secrecy and privacy?
Steganography
You discover that company confidential information is being encoded into graphics files and sent to a destination outside of the company. This is an example of which kind of cryptography?
Steganography
A company processes and archives extremely sensitive data. The company needs to ensure that the servers used for archive are protected from EMP. Which action should the company take?
Store the servers in a faraday cage.
A server application produces plain text output. The output needs to be encrypted before being delivered to local and remote client computers. Output varies in length depending on the client request. The processing requirements and the volume of data sent should be kept to a minimum. What type of cipher should be used?
Stream cipher
A data analysis application will use a session key when transferring results. What will be used for encrypting data?
Symmetric key
You want to deploy a centralized authentication structure that can be used to authenticate routers, servers, and switches. You want this structure to be as secure as possible. What should you use?
TACACS+
You are configuring the firewall between the Internet and your perimeter network. There are two servers on the perimeter network. Both servers host a Web application that uses TLS. Which port should you configure to allow incoming and outgoing traffic?
TCP 443
What kinds of attacks involve intercepting network packets? (Choose two.)
TCP/IP hijacking Man-in-the-middle
You need to secure traffic between SMTP servers over the Internet. You want to make sure that servers that can connect securely use a secure connection, but you do not want to lose connections with servers that cannot connect securely. Which protocol offers the best solution?
TLS
A company needs to set up two-factor authentication for a cloud-based application. The authentication should include a one-time use, limited time password that is delivered to the user through the Google Authenticator mobile app. The password should be based on a shared key and the current date and time. What type of authentication should the company use?
TOTP
A security network engineer has to collect information about open ports and application information running on a remote server. Which protocol should be used?
Telnet
You receive a security bulletin that a patch is available for an application running on all network client computers. The application is a mission-critical application. You download the patch to a directory on a network server. What should you do next?
Test the patch on select isolated computers.
You need to test a program that might be a previously unknown type of malware. You need to minimize the risk while testing and also minimize the effort necessary to recover after testing. What should you do?
Test the program on a virtual machine (VM).
A company deploys a DNS server with a single zone in a test environment as a proof of concept. Which step is required to add DNSSEC on the DNS server?
The DNS zone has to be digitally signed.
Your company is preparing to deploy several new computers that have the most recent version of TPM hardware installed. What is the significance of TPM being installed in the computers?
The TPM will work with encryption to generate keys that require a TPM and system platform measurements for decryption.
A user installs an application on a computer. After installing the application, the computer begins receiving a series of pop-up ads. The ads do not display after the user enables the popup blocker. What is most likely wrong?
The application installed adware on the computer.
A user has arrived at a datacenter and has been challenged by three authentication methods as shown in the exhibit. What is the BEST description of the multifactor authentication policy that is in use?
The authentication depends on something he has, something he is, and somewhere he is.
Which statement best describes an SSL or TLS connection?
The client and server negotiate to determine the algorithms that will be used.
A company needs to identify the appropriate type of recovery sites to meet business requirements. Drag the appropriate recovery site to each set of business requirements.
The company must ensure - Hot Site The company must have - Cold Site The company must be - Hot Site
A system administrator is adding a new identity certificate to a device using the screen shown in the exhibit. The device is used for remote SSL VPN access. What is the MOST likely result of this configuration?
The connection will be allowed and encrypted. The end user will receive a warning message that a certificate has been issued by an untrusted authority.
The basic formula for calculating ALE uses what two values? (Choose two.)
The number of times you can expect a risk to occur during a year Revenue loss from a single risk occurrence
An outgoing message is encrypted before transmission using asymmetric cryptography. What does the recipient need to decrypt the message?
The recipient's private key
Which key is used to encrypt data in an asymmetric encryption system?
The recipient's public key.
A company is comparing vulnerability scanning options. Which statement accurately describes a non-credentialed scan?
The scan is run from outside the target host system.
You have conducted a risk assessment and identified a list of possible security controls. Which security controls should you implement first?
The security controls that will mitigate the threats with the highest risk
You are configuring TLS using a block cipher algorithm for transport encryption. You are using a key exchange that supports forward security. What is the advantage of using forward security?
The session key is not compromised even if a private key used in generating it is compromised.
You need to choose the most appropriate algorithm for verifying that a data file did not change during transmission. How is using a hash function for this purpose different from other block cryptographic algorithms?
The value produced by a hash function cannot be decrypted, only compared.
For each description, select the most appropriate type of threat actor.
This is an actor whose primary goal - Hacktivist This is an actor primarily - State-sponsored This is an actor that is best - Internal This is an actor that is motivated - Organized crime
An administrator is preparing a guidelines document for requesting certificates to meet various security scenarios. Identify certificate types by dragging the appropriate certificate type to each certificate description.
This is the most - PEM This is a binary format file that - DER This is a binary format file typically - PFX
For each statement, select the most closely matching cloud computing servers from the drop-down lists.
This supplies - PaaS This service - IaaS This option - SaaS
What can you do to prevent an Internet attacker from using a replay attack to gain access to a secure public Web site?
Timestamp session packets.
Which one is the MAIN reason for a security administrator to run a password cracker in a company?
To identify weak passwords
What is the justification for installing screen filters on laptop computers?
To prevent shoulder surfing
You download a file management application from the Internet. When you launch the application, your screen goes blank and your hard disk's active light starts flashing. You restart the computer and discover that your hard disk partitions have been deleted. This is an example of what kind of threat?
Trojan horse
You receive a direct message from a friend on a social network. The message tells you about an offer to receive a $100 gift card if you are one of the first 25 to respond to a survey. You click the link and become infected with malware. Which two attack principles contribute to the effectiveness of this attack? (Choose two.)
Trust Scarcity
You need to determine the appropriate OS platform for developing a highly secure application. The OS must have built-in support for multilevel security. The OS should be evaluated based on Common Criteria for Information Technology Security Evaluation (Common Criteria). What security designation do you need to look for in the OS? (Choose the BEST answer.)
Trusted
An administrator needs to deploy multiple virtual machines (VMs) to consolidate systems and minimize your hardware requirements. The virtualization manager should have direct access to the physical server hardware and the administrator should have full management control over the environment. The administrator's solution should optimize physical resource use and performance. Which solution should the administrator select?
Type I hypervisor
A company has a main office and three branch offices. They need to meet the following security requirements: * All website traffic must be scanned for malware. * All email traffic must be scanned for malware. * Traffic between the main office and the branch offices should be secure. * Users should not be able to access sites with inappropriate content while at work. What should you implement?
UTM appliance
A company has completed a security audit, which has highlighted some gaps. The report has recommended upgrading some network components. The company has provided the following requirements: * Implement a security device that consolidates multiple functions to protect the network, filter malicious websites, and stop SPAM messages. * Implement a tool to identify malware and security incidents using real-time and historical analysis. Which of the following set of devices and tools is BEST suited for that purpose?
UTM with SIEM
A security analyst finds that an online banking application is vulnerable to CSRF attacks. Which solution will MOST likely help to address this?
Unique verification tokens
Your company plans to maintain copies of critical business and sales analysis information on USB removable media. The information needs to be kept secure, but must be accessible from different computers running different operating systems on an as-needed basis. The media will be stored in a safe in the locked server room when not in use. What should you do?
Use drives with built-in hardware encryption.
You are configuring security for a network that is isolated from the Internet by a perimeter network. Three Web servers and an NIDS are deployed in the perimeter network. You need to test the network's ability to detect and respond to a DoS attack against the applications running on the Web servers. What should you do?
Use penetration testing.
A security audit indicates that a company has been the target of multiple social engineering attack attempts. The attacks have taken various forms. What is the BEST way to prevent damage from social engineering attacks?
User education
For each attack target and description, select the most appropriate attack type from the drop-down list.
Users/Web - Watering hole All/Data - Keylogger Critical/A network - Backdoor Corporate/Attempts - Whaling
Which is an example of an alternate business practice that could be included in a business continuity plan (BCP)?
Using hand-written invoices during a computer failure
A company has a fully functional wireless network with a single SSID and two standalone access points using WPA2-PSK. The company wants to add a new SSID that will be isolated from the existing SSID. A new IP range will be introduced. Which solution BEST supports that deployment?
VLAN
Your organization has two groups that work with confidential projects. Membership in these groups changes as project requirements change. For each group, access to and communications with the computers of the other users in the group must be managed. You need to be able to quickly reconfigure your network to control security and bandwidth usage between computers. You need to be able to reconfigure the network quickly, without having to physically relocate computers or reroute cables at the network patch panel. What should you configure?
VLAN
A company wants to install a VOIP system internally and between two branch offices. Which two technologies will assist in a secure deployment? (Choose two).
VLAN TLS
A user connects to a corporate network using a secure tunnel. He needs to provide a valid username and password. He is also asked to insert a smart card to be authenticated. After this process, he can access all resources without any login prompts. Which three technologies are in use? (Choose three.)
VPN SSO MFA
A company wants to open a new office. Both offices have a reliable link to the Internet. The company has provided the following requirements for this project:* All communication between the two sites has to be protected and secured using AES.* Implement a solution to prevent theft of company data from the inside. Which solution should you recommend?
VPN IPSec tunnel and DLP
Many users in your company telecommute. All users have a high-bandwidth Internet connection. You need to allow secure remote access to the company network from users' home computers. All data sent between users' home computers and the company network must be encrypted. What should you install?
VPN concentrator
A script kiddie would most likely be involved in what type of activity?
Vandalizing public web sites
You are looking for a way to know when people approach any of several secure areas. The method must be active 24-hours a day. You want to keep recurring expenses related to the solution to a minimum. What should you use?
Video surveillance
A company has hired an administrator to design and implement a new wireless solution based on the following requirements: * Coverage for 10 floors * RADIUS server to authenticate users* Proactive monitoring and reporting * Secure protocols A password policy that forces a strong password will also be used. What is the BEST solution?
WLC and access points with 802.1x. SNMPv3 for monitoring
An administrator is connected to an access point as shown in the exhibit. Which security mode should the administrator select to configure 802.1x settings?
WPA2 Enterprise
Your organization has developed a fault-tolerant design to help ensure business continuity in case of a disaster. The disaster recovery site has mission-critical hardware already installed and connectivity already established. Data backups of critical data are on hand, but they may be up to a week old. This is an example of which of the following:
Warm site
You are reviewing the results of a credentialed scan. Which two results are considered to be misconfigurations? (Choose two.)
Weak password policies Default user and passwords
Targeted e-mail attacks directed at a company's senior executives is an example of what type of social engineering attack?
Whaling
A DoS has occurred. Which two questions should be answered during the incident identification phase? (Choose two.)
What is the impact to the business? What servers have been compromised?
When should a company perform a qualitative risk assessment?
When working within a limited time frame or budget
You are trying to determine ways in which your network might be vulnerable to attack by a malicious insider with detailed knowledge of your infrastructure. What type of testing should you use?
White box
Your network is attacked by a self-replicating program. What type of malware does this indicate?
Worm
A company has identified the risks shown in the exhibit. Arrange the entries in the order of rank. Place the highest ranking risk at the top of the list.
Xss SQL DoS Fire
You need to determine whether to use a credentialed or non-credentialed scan to find the information you need about target host computer. For each of the following statements, select Yes if the statement is true about credentialed scans. Otherwise, select No.
Yes No Yes No
You are performing a security assessment on a company's network. For each description, identify the technique you are using.
You compare - Baseline reporting You identify - Attack surface analysis You examine - Code review You view - Architecture review
Which command has produced the output shown in the exhibit?
netstat -no
Your network is configured as shown in the exhibit. There are three web servers in the web farm. You need to meet the following requirements: * The database server should be protected against a SQL injection attack. * Remote users should be able to access the company network securely. * Remote and local users should be protected against malware. * Local users should be protected against malicious URLs. * If one web server in the web farm goes down, Internet users must be able to access the website. * The attack surface of all client and server computers should be minimized. Select the appropriate security measures for each location.
1/2 1/3 1/3 1/2/3/4 2/4 1/3
A company's network is shown in the work area. The company wants to make the most efficient use of IP addresses. Select the IP address that the administrator should assign to each subnet from the drop-down menus.
13 - 192.168.20.244/28 20 - 192.168.20.0/27 4 - 192.168.20.240/29
Your network administrator backs up the server by using an incremental backup strategy. He uses seven tapes, one tape per day, and he performs the backup at the end of each business day. He does a full backup on Friday and Tuesday and an incremental on the other days (Sunday, Monday, Wednesday, Thursday, and Saturday). The server crashes on Sunday morning before the opening of business. How many tapes will he use to perform the restore on Sunday?
2
A company has an Ethernet network with four switches, as well as two wireless APs. All devices that connect to either network must be authenticated using EAP. What should you use?
802.1X
A company uses a Layer 2 switch to segment a network. Each department is assigned to a separate network segment. The conference room contains a wireless AP. You need to ensure that when a user connects a laptop computer to the wireless AP in the conference room, the user can access only resources in their own VLAN. What should you use?
802.1x
An administrator connects to an access point and finds the security profile shown in the exhibit. Which of the following is the MOST likely to have been enabled by these settings?
802.1x
What is a limitation of using a CRL to determine if a certificate is valid?
A CRL does not provide for real-time updates.
You are preparing to conduct a vulnerability scan of an application server. You need to determine whether to conduct a credentialed scan or a non-credentialed scan. Which two criteria would cause you to select a credentialed scan? (Choose two.)
A credentialed scan allows you to generate a list of USB devices that have been attached. A credentialed scan allows you to identify missing patches.
A competitor learns company secrets by examining the contents of a USB drive that he found in a trash can during a site visit. How can you best mitigate this risk?
A data disposition policy
Match each network requirement with the appropriate technology.
A dedicated - VPN concentrator A network device - Proxy A device - Load balancer Network - Extranet
Which of the following best describes a digital signature?
A message hash encrypted with the sender's private key.
A university introduce a data protection policy with a role matrix. Choose the data role name for each description of duties in the drop-down menus.
A person responsible - Data Custodian A person with a decision - Data Steward An authorized user - Data Consumer A senior manager - Data Owner
What is the impact of enabling single sign-on in an enterprise network?
A user logs on once and can access multiple applications and services.
You need to control user access to files and folders on a network file server. The ability to read, write, and modify data needs to be managed based on individual users and on the groups to which they belong. What type of security control do you need to use?
ACL
Which algorithm uses minimal resources and can be implemented with WPA2?
AES
You are setting up a Wi-Fi access point. Only clients able to support WPA2-Personal should be able to connect through the access point. You want to ensure that communications with the access point are as secure as possible. Which encryption method should you use? (Choose the BEST answer.)
AES
You need to encrypt the contents of a USB flash drive using the strongest possible encryption. Which type of encryption should you use?
AES
Some network traffic is being redirected to a client that is infected with a Trojan. The IP addresses and MAC addresses on the redirected packets do not match up correctly. All packets have the MAC address of the infected system. The IP addresses are legitimate host addresses. This is a symptom of which kind of attack?
ARP poisoning
A security officer is notified about a new vulnerability in RTOS. Which two devices are the MOST likely to be affected? (Choose two.)
ATM POS terminal
A security officer wants to design a policy that will define the appropriate and acceptable use of internal IT resources in a company. Which document should be prepared?
AUP
You want to create a document that describes what types of things employees are permitted to do regarding e-mail and Web usage. What should you create?
Acceptable use policy
Your company has started allowing personal mobile devices on the company network. When users connect to the company Wi-Fi, a screen appears that describes what they can and cannot do on the network, and prompts them to click to acknowledge their agreement. If a user does not click Yes, he or she 'is not allowed to connect to the network. This is an example of what?
Acceptable use policy
What are two advantages of implementing a vendor diversity policy? (Choose two.)
Access to the most recent technologies Reduced equipment costs
Your company has a web server, an IPS, and a database server on the perimeter network. You need to determine if there are vulnerabilities that would permit an attacker to compromise the database server. What are two possible ramifications of performing an intrusive vulnerability scan? (Choose two.)
Additional vulnerabilities might be introduced. Services might become inaccessible.
A company is setting up networking for a new research and development facility on its corporate campus. The network must be as secure as possible to prevent data loss or compromise. Only research and development personnel should have any access to the network. While working in the facility, users do not need access to any external resources. What should be configured to meet the requirements?
Air gap
A laptop computer is configured with a single self-encrypting drive (SEC). The user changes the DEK. What is the impact of this action?
All data on the drive is lost.
You are configuring a server to be used as an FTPS server. You plan to use well-known port assignments. Only connections encrypted with TLS should be permitted. The host firewall is configured for implicit deny. You define the following firewall rules: Allow UDP port 989Allow TCP port 989 Which additional firewall rules should you define? (Choose two.)
Allow TCP port 990 Allow UDP port 990
An administrator needs to match authentication protocol choices to different scenarios. To answer, drag a protocol to the most appropriate box next to each authentication scenario.
An administrator is configuring authentication for a PPP - MSCHAP An administrator is configuring authentication based on an open - Kerberos An administrator is configuring web site authentication - OAUTH An administrator is configuring authentication for a wide - PAP
A company is planning to outsource the application hosting for a critical business application. You need to determine the policies that are required. Select the policy that corresponds to each definition.
An agreement that is not legally binding- MOU An agreement that permits repetitive purchases - BPA A legally binding agreement -SLA An agreement that governs the connectivity - ISA
Match each attack description with the correct vulnerability type.
An attack - Zero day Successful - User training Recently - Default A web - Design weakness
Which is an advantage of implementing a policy of control diversity in a network?
An attack is less likely to impact multiple devices.