Comptia Test
6 steps - incident response
1) Preparation 2) Identification 3) Containment 4) Eradication 5) Recovery/Repairing the Damage 6) Lessons learned
Which option provides port-based security for a wireless network by communicating with an authentication server to provide network authentication?
802.1X
Your organization has implemented a security policy that requires that unnecessary accounts be purged from the network. Which account practices would be helpful n identifying unnecessary accounts? (Choose TWO.)
Account maintenance Recertification
Amplicfication
An attack that is asymmetric where a small number of resources are needed to inflict a significant amount of damage.
Man-in-the-browser
An attack where an attacker relays communication between devices to another device
Domain hijacking
An attacker gains access to registration information of a domain
Open
Any device may authenticate and attempt to communicate with the access point
BYOD
Approve personal devices for business use
Which type of interoperability agreement is used to establish a partnership?
BPA
Which of the following is a form of smart card?
CAC
As the application developer for your company you are concerned about ensuring that your data is stored using a fast and efficient enciphering mechanism. All else being equal, which of the following cipher mode would be the worst choice in terms of performance?
CBC
Preshared Key
Clients and access point authenticate using a defined string known on the access point and the connecting device
Enterprise
Clients and authentication server authenticate using EAP with provided key
Captive Portals
Clients connecting to the access point are directed to a web site, where users authenticate to the http server before gaining further network access
Your company uses a PKI. As a member of your local IT team, you have been tasked with implementing a method of storing keys that can be used by law enforcement to decrypt encrypted document. What should you do to meet this requirement?
Configure a key escrow
DNSSEC
Confirms the authenticity of domain name records
Misconfigured devices are an easy entry point into your system for unauthorized users.
Content filter Access points Firewall
Which vulnerability scanning concept is best decribed as logging into a network with a valid user account to run vulnerability scans?
Credentialed vulnerability scanning
As a developer overseeing security for your software you are concerned with the specific .dll being used to provide the cryptographic mechanisms for your program. This is an example of what aspects of managing cryptography? (select two)
Crypto service provider selection Implementation Selection
Mobile device management involves centralizing the
Custom firmware Jalibreaking Sideloading Carrier unlocking
In preparation for the real incident, you schedule an exercise and have documented the incident types and category definitions. Which components are part of the incident response plan?
Cyber-incident response teams Reporting requirements/escalation Roles and responsibilities
Which Diffie-Hellman group is the minimally acceptable for Cisco ASA devices?
DH Group 14
VDI
Deploy devices that don't run any business-specific applications locally
Misconfiguration of devices and systems can cause several security issues. How can you prevent or minimize instances of data exfiltration?
Disable all USB ports
You have added an important document to a file share on your organization's network. You have given individual users different permission levels to access this file. Which type of access control model have you implemented?
Discretionary access control
You need to provide a solution that eill allow you to use asymmetric cryptography to encrypt data
ECC
You need to provide a solution that will allow you to use asymmetric cryptography to encrypt data on mobile devices, while keeping overhead at a minimum. Which of the following options would BEST accomplish this task?
ECC
WPS
Enables wireless access via a PIN when pushing a button on the access point
LDAPS
Encrypts all the data sent to and from a directory services server
SNMPv3
Encrypts all the data sent to and from a directory services server
As a network technician within your company, you have been tasked with applying changes to your corporate account management policy. You are required to ensure that users must use 20 unique passwords before an old account password can be reused. You must also ensure that their user account passwords are forced to be updated every 30 days. Which account policies should you use to meet these requirements? (Select TWO.)
Enforce password history Maximum password
IKEv2
Establishes and maintains Security Associations
A malicious user disconnects an AP from the network. They proceed to configure their personal laptop with the same name as the AP. Which type of attack was launched?
Evil twin
As the director of Incident response, you are tasked with tracking and reducing man hours. You compile reports regarding several recent breaches and analyze: --Initial incident response times --Time to executive management notice --Average Incident Response Completion Time Which of the following would help you reduce man hours and shorten response times?
Exercises/tabletop
Application or multi-purpose
Filters requests for data based on configurable criteria such as the originating and destination IP address or port number
The secure sockets layer, or SSL, protocol can be used to encrypt network traffic between endpoints, thereby improving security overall, But such encrypted data need to be decrypted again to ensure it's accessible by authorized clients. Which device can be configured to act as an SSL decryptor?
Firewalls
Reverse
Forwards a request for information originating from the Internet to act as an intermediary between online servers and internal network servers
Compiled code
Generally runs faster Considered more secure
Interpreted Code
Generally runs slower Considered less secure
Forward
Handles requests for online content and fetches the relevant information from the Internet and presents it internally to the client device
You need to provide a username, PIN, and a generated passcode to successfully log in to a computer. The passcode is obtained from the display of a small handheld device. Which of the following options is this an example of?
Hardware token
You need to provide a username, PIN, and generated passcode to successfully log in to a computer. The passcode is obtained from the display of a small handheld device. What does this describe.
Hardware token
The purpose of performing vulnerability scans is to: (Choose TWO)
Identify a lack of security Identify misconfigured software
You are leading a software project in which security is one of the most important considerations. Once the project is complete there will be no changes
Immutable systems Baselining
You are working for a company that suspects an unauthorized user on the company network is sending classified data to another user over the Internet. What should you do to make a copy of the data to be analyzed?
Implement SPAN
Which term describes an individual or a group of people who can be the most destructive to a small or medium sized business?
Insiders
Authentication Header
Is only used in Tunneling mode
Encapsulating Security Payloads
Is used to encrypt the data being transmitted
Coprorate-owned or CYOD
Issue a corporate-owned device that the user may sometimes choose
COPE
Issue corporate-owned devices for business and private use
Which authentication method is used as part of an SSO implementation?
Kerberos
Which type of attack can be used to intercept and alter data that is sent between hosts?
Man-in-the-middle attack
Which security measure is implemented to help detect fraud from internal employees?
Mandatory vacations Job rotation
As a security administrator trying to manage the possible impact of various risk you need to identify the specific services or functions that your company provides that must be either fault tolerant or able to resume quickly after a disruption. In doing this you are identifying which of the following?
Mission-Essential Functions
Yo are attending a concert for a local band. You wish to purchase some merchandise from a vender. The vender accepts cash, but also accepts credit cards. If you use your credit card, which of the following attacks should you be concerned with? (Choose Two)
NFC Replay Attack
You work for a new private organization in the United States. You will be responsible for creating a security program that will allow your company to respond to cyber-attacks. Which framework is most appropriate for this particular need?
NIST CSF
You are working on a project that involves a new database and tables. Part way through the project you notice that redundant data about a customer is being stored in a Customer Identity table. What should be incorporated to ensure redundant data is not being stored in the Customer Identity table?
Normalization
Junior developers in your organization have been taking training on creating secure applications. One of the techniques taught to the developers is to write programs that humans will have a difficult time understanding their purpose. This an example of which technique?
Obfuscation
As part of data center planning you have leased rack space in two offsite datacenteres
Offsite backups
As part of data center planning you have leased rack space in two offsite datacenters, one in the US as the site used for offsite backups and recover the other in Mexico as the failover and alternative processing site, and you will maintain the datacenter at HQ in the US. All sites are at a distance of 1500 miles from each other. You receive notice from legal that due to the recent award of a DOD contract no technical specifications, nor the required encryption technology can leave the country. Which geographic consideration is properly planned for in this situation?
Offsite backups
netcat
Opens a port on a system and sends data to that port across the network
During an active incident you have data to acquire from the machine hard drives, the active RAM, the log files and the USB device suspected to have brought the malicious payload inside the network. You decide to capture the RAM first based on what procedural principle?
Order of volatility
As the security administrator in your organization you need to export the private key and certificate from one web server to another. Which of the following file types will allow you to do so with a single file? (Select TWO)
P7B DER
You oversee a group of developers creating a sales application. The application is being created in parts. One of the developers is checking how the piece of code responds to various inputs. What is this an example of at this point in the project?
Performing dynamic analysis
nmap
Performs port scans on a network to identify running services and connected devices
A user reports that they have received an e-mail from their credit card company. The e-mail states there is a problem with their account. The e-mail provides a link to follow to correct the issue; however, upon further inspection, the user notices the URL looks suspicious. Of which of the following is this MOST likely an example?
Phishing attack
A smart card is an example of which control type?
Physical
Which of the following are examples of active reconnaissance? (Select THREE.)
Port scanning The usage of the tool Traceroute A vulnerability scanner
Transparent
Processes requests for information on behalf of clients without requiring any intervention or software configuration on the part of the client
As system administrator, you need to be familiar with a range of technologies, tools, and devices. What is the function of a hardware security module, or HSM?
Provides specialized cryptographic processing power
ISAKMP
Provides the authentication framework
Which type of malware usually delivers itself via a Trojan and is used for controlling a system over a network as if it was being controlled locally>
RAT
You require an asymmetric encryption type that can be used for encryption and digital signatures. Which encryption type should you select?
RSA
Which of these attacks attempt to discover a password by reversing the password's has value?
Rainbow table attacks
Your company has just been brought out by another company and the companies have merged. As a result, the IT security policies from both companies have been reviewed. Something that was not considered in wither policy were peripheral devices. A new IT security policy is put in place that considers peripheral devices. Which action represents an example of securing peripheral devices in a secure state while in use?
Replace Wi-Fi SD cards with regular SD cards.
Which type of access control model is typically used to secure access to a database system?
Role-Based Access Control
The secure sockets layer, or SSL, protocol can be used to encrypt
Router
You have configured a firewall to filter external traffic entering your
Rule-based access control
You have configured a firewall to filter external traffic entering your company's network. Which type of access control does a firewall use?
Rule-based access control
You are in the process of upgrading the organization's email security, both within the corporate network and for users who need to access their corporate email remotely. Which protocols can you use to accomplish this? (Choose three.)
S/MIME Secure POP/IMAP HTTPS
Remote VPN access File transfers Voice and video data streams Domain name resolution Directory services Router and switch monitoring
SSTP or L2TP SFTP or SCP SRTP DNSSEC LDAPS SNMPv3
Which of the following describes the process of adding secret data to an input before the hashing process?
Salting
What data loss prevention, or DLP, measures can you implement in the organizational network? (Choose three)
Scanning outgoing e-mail message for sensitive or proprietary content that should not be shared Prohibiting proprietary or other sensitive data from being copied to USB devices Preventing the sharing of and storage of confidential or sensitive data to the cloud
Which CA certificates would be created in -house rather than purchased from a third-party vendor?
Self-signed Root
E-mail has become the norm in may organizations but brings with it certain risks
Server-to-server encryption Spam filter Data loss prevention
The system administrator at a small corporation is in the process of upgrading the network intrusion detection system but doesn't have time to build an extensive threat database or establish a threat threshold from scratch. Rather, the administrator chooses to rely on the cumulative data compiled by various trusted security vendors regarding known network security threats to guard against. Which monitoring methodology would be most likely to report false negatives under these circumstances?
Signature-based monitoring
E-mail has become the norm in many organizations but brings with it certain risks that administrators need to guard against. What can you do to secure mail gateways within the network infrastructure? (Choose three.)
Spam filter Server-to-server encryption Data loss prevention
Which technologies provide centralized authentication, authorization, and accounting for remote users?
TACACS+ RADIUS
The incident response team has responded to a security threat where an employee's computer has been infected with a virus. During the recovery phase of incident response, what should be done?
The computer should be rebuilt
A hacker located an unknown security issue by using their coding skills. Which option correctly describes this?
The hacker discovered a zero-day vulnerability
Which option represents the strongest block encryption algorithms?
Twofish
Which special purpose device should consider the use of ISO 14508 for security
UAV
Installing and maintaining applications on a network can lead to several issues
Use biometrics or one-time access codes Ensure that each application uses its own account
You work in a highly classified environment for a military branch of the government. You need to improve the security of the network to make it virtually impossible for top-secret information to be exposed by hackers. What should you do? (Select TWO)
Use physical isolation in the environment Create an air gap in your network
Pass the hash
Uses a NTLM or LanMan hash of a user's pasword to gain access to a system
What can be used to service several network connections over an unsecure network?
VPN concentrator
You need to implement biometric access controls to a high security location in your office. Which biometric factor would be considered the least accurate?
Voice Recognition
Which type of wireless attack involves searching for unsecured wireless networks in a community?
War driving
You have been hired as a security consultant for a small company. Management is concerned about the security of their web server due to some recent DoS attacks. They have asked you to provide them with specific procedures to follow to get the web server back online as quickly as possible if another attack occurs. Which of the following will assist in this task?
create an incident management document