Failed test 5
A software developer is concered abbout DLL hijacking inan application being written. Which of the following is the MOST viable mitigation measure of this type of attack?
All calls to diffrent DLL's should be hard-coded in the application
A helthcare organization is in the process of building and deploying a new web server in the DMZ that will en able public internet users the ability to securely send and receieve messages from this primary care physicians. Which of the following should the security administrator consider?
An asymmetric algorithm for the key exchange and a symmetric algorithm for the session
Which of the following BEST describes the impact of an unremediated session timeout vulnerability?
An attacker could use an exsisting session that has been initiated by a legitimate user
An adminsitrator is configuring a wireless network. Security policy states that depricated cryptography should not be used when there is an alternative choice. Whcich of the following should the administrator use for the wireless network's cryptography protocol?
CCMP
During a lessons learned meeting regarding a previous incident, the security team receives a follow-up action with the following requriments: Allow authentication from within the united states anytime Allow authentication is the user is accessing email or a shared file system Do not allow authentication if the AV program is two days out of date Do not allow authentication if the location of the device is in two specific countries Given the requriments, which of the following mobile deployment authentication types is being utilized?
Context-aware authentication
A systems administrator is deploying a new mission-essential server into a virtual enviroment. Which of the following is BEST mitigated by the enviroment's rapid elasticity characteristic?
Denial of service
Which of the following are primary differences between an incremental and differential backup? (select TWO)
Differential backups only backup files since the last full backup / Incremental backups take less time to complete
An energy company os in the final phase of the testing it's new billing service. The testing team wants to use production data in the test system for stress testing. Which of the following is the BEST way to use production data without sending false notification to the customers?
Disable notifications in the production system
Which of the following components of printers and MFDs are MOST likely to be used as vectors of compromise if they improperly configured?
Embedded web server
A security technician has been receiving alerts from several servers that indicate load balancers have had a significant incerease in traffic. The technician initiates a system sca. The scan results illustrate that the disk space on several servers has reached capacity. The csan also indicate that incoming internet traffic to the servers has increased. Which of the following is the MOST likely cause of the decreased disk space?
Logs and events anomalies
Which of the following algorithms has well documented collisions? (select TWO)
MD5 / SHA
A web developer improves client access to the company's REST API. Authentication needs to be tokenized but not exposed the client's password. Which of the following methods would BEST meet the developer's requriments?
OAuth
A security administrator has implomented a policy to prevent data loss. Which of the following is the BEST method of enforcement?
Only USB devices supporting encryption are to be used
A security administrator needs to address the following audit recommendations for a public-facing SFTP server. Users should be restricted to upload and download files to their own home directories only users should not be allowed to use interactive shell login Which of the following configuration parameters should be implemented? (select TWO)
PrmitTTY / ChrootDirectory
When performing data acquisition on a workstation, which of the following should be captured based on memory volatility? (Select TWO)
RAM / swap/pagefile
An employee receives an email, which appears to be from the ChiefExecutiveOfficer (CEO), asking for a report of security credentials for all users. Which of the following types of attack is most likely occuring?
Spear phishing
A programmer sets up a hidden account within a program to track users personal information and habits. The programmer then uses this information to send targeted email messages to users. Which of the following best describes this hidden account?
Spyware
The security analyst is updating the a BIA document. The security analyst notices the support vendor's time to replace a server hard drive went from eight hours to two hours. Given these new metrics, Which of the following can be concluded? (select TWO)
The MTTR is faster / The RTO has decreassed
When trying to log onto a company's new ticketing systems, some employees receive the following message: Access denied: too many concurrent session. The ticketing systems was recently installed on a small VM with only the recommended hardware specifications. Which of the following is the MOST likely cause for this error message?
The VM does not have enough processing power
Recentently clients are stating they can no longer access a secure banking site's webpage. In reveiwing the clients web browser settings, the certificate chain is showing the following: Certificate chain: X Digi Cert Digi Cert High assurance C3 *banksite.com Certificate store Digi Cert Others Certificate Store Digi Cert High Assurance C3 Others Certificate Store Based on the information provided, which of the following is the problem when connecting to the website?
The clients do not trust the certificate authority
A malicious system continusly sends an extremely large number of SYN packets to a server. Which of the following BEST describes the resulting effect?
The server will exhaust it's memory maintaining half-open connections
Which of the following are used to increase the computing time it takes to brute force a password using an offline attack? ( select TWO)
bcrypt / PBKDF2
An organization employee resigns without giving adaquet notice. The following day , it is determined that the employee is still in possesion of several company-owned mobile devices which of the following could have reduced the risk of this occuring? ( select three)
exit interview / proper offboarding procedures / acceptable use policies
vulnerability in the underlying SSL/TLS library used by a web server has been announced. The vulnerability allows and attacker to access the web server's memory. Which of the following actions should be taken after the vulnerability is patched? (select TWO)
instruct users of the website to change their passwords / replace the server's private key
After a security incident, management is meeting with involved employees to document the incident and it's aftermath. Which of the following BEST describes this phase of the incident response process?
lessons learned