Sec + Sample Quiz 1

What port is used for SSH, by default?

22

A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. What is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?

3DES

Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. What is the ALE of this server?

$5,000

What function provides an output which cannot be reversed and converts data into a string of characters?

Hashing

The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO).

validate and filter input on the server side and client side & restrict and sanitize use of special characters in input and URLs

What should an administrator implement to research current attack methodologies?

Honeypot

A network engineer is designing a secure tunneled VPN. What protocol would be the MOST secure?

IPsec

The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. What phase of incident response is MOST appropriate as a FIRST response?

Identification

After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. What would be MOST effective in reducing data leaks in this situation?

Information Security Awareness

What is a step in deploying a WPA2-Enterprise wireless network?

Install a digital certificate on the authentication server

What is true about input validation in a client-server architecture, when data integrity is critical to the organization?

It should be performed on the server side

A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. What practice(s) are being implemented?

Job rotation

Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. What is an authentication method Jane should use?

LEAP

Which means of wireless authentication is easily vulnerable to spoofing?

MAC Filtering

What implementation steps would be appropriate for a public wireless hot-spot?

Open system authentication

Three of the primary security control types that can be implemented are?

Operational, technical, and management.

Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO's office with various connected cables from the office. What describes the type of attack that was occurring?

Packet sniffing

What is BEST used to capture and analyze network traffic between hosts on the same network segment?

Protocol analyzer

What would a security administrator implement in order to identify a problem between two systems that are not communicating properly?

Protocol analyzer

What cipher would be BEST used to encrypt streaming video?

RC4

Deploying a wildcard certificate is one strategy to:

Reduce the certificate management burden

A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. What would be an appropriate mitigation technique?

Rogue machine detection

What protocol operates at the HIGHEST level of the OSI model?

SCP

By default, what uses TCP port 22?

SCP, SSH, SFTP

What is used to verify data integrity?

SHA

An achievement in providing worldwide Internet security was the signing of certificates associated with which protocol?

SSL

What can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended?

Screen lock

A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of?

Single factor authentication

A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on what?

Social networking

What encrypts data a single bit at a time?

Stream cipher

A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. What would fulfill the CISO's requirements?

USB token and PIN

A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. What would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?

Vulnerability scan

What is BEST at blocking attacks and providing security at layer 7 of the OSI model?

WAF

A network administrator has been tasked with securing the WLAN. What cryptographic products would be used to provide the MOST secure environment for the WLAN?

WPA2 CCMP

What can be implemented in hardware or software to protect a web server from cross-site scripting attacks?

Web Application Firewall

A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability. What describes this exploit?

Zero-day

What is being tested when a company's payroll server is powered off for eight hours?

Continuity of operations plan

Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:

the security controls on the USB drive can be bypassed

A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs: 10.10.3.16, 10.10.3.23, 212.178.24.26, 217.24.94.83. These attempts are overloading the server to the point that it cannot respond to traffic. What attack is occurring?

DDoS

A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. What BEST protects the credit card data?

Database field encryption

What preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?

Disabling unnecessary services

A security manager must remain aware of the security posture of each system. What supports this requirement?

Establishing baseline reporting

What can result in significant administrative overhead from incorrect reporting?

False positives

A network administrator is configuring access control for the sales department which has high employee turnover. What is BEST suited when assigning user rights to individuals in the sales department?

Group based privileges

What control would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?

802.1x

What risk concept requires an organization to determine the number of failures per year?

ALE

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. What would need to be implemented?

Access control lists

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. What is this an example of?

Advanced persistent threat

A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. What process could MOST effectively mitigate these risks?

Application patch management

Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. What does this illustrate?

Chain of custody