Security+ Chapter 8
C
A company hires outside security experts to evaluate the security status of the corporate network. All of the company's IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed? A. Penetration testing B. WAF testing C. Vulnerability scanning D. White box testing
A
A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as: A. Black box testing B. White box testing C. Black hat testing D. Gray box testing
D
A quality assurance analyst is reviewing a new software product for security: and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing? A. Black box B. Penetration C. Gray box D. White box
A
A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies? A. User rights and permissions review B. Change management C. Data loss prevention D. Implement procedures to prevent data theft
C
A security administrator is aware that a portion of the company's Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised: but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform? A. Patch management assessment B. Business impact assessment C. Penetration test D. Vulnerability assessment
C
A security administrator is tasked with calculating the total ALE on servers. In a two year period of time: a company has to replace five servers. Each server replacement has cost the company $4:000 with downtime costing $3:000. Which of the following is the ALE for the company? A. $7:000 B. $10:000 C. $17:500 D. $35:000
A D F
A security administrator must implement all requirements in the following corporate policy: - Passwords shall be protected against offline password brute force attacks. - Passwords shall be protected against online password brute force attacks. Which of the following technical controls must be implemented to enforce the corporate policy? (Select THREE). A. Account lockout B. Account expiration C. Screen locks D. Password complexity E. Minimum password lifetime F. Minimum password length
D
A security administrator plans on replacing a critical business application in five years. Recently: there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2:000. Patching the application today would cost $140:000 and take two months to implement. Which of the following should the security administrator do in regards to the application? A. Avoid the risk to the user base allowing them to re-enable their own accounts B. Mitigate the risk by patching the application to increase security and saving money C. Transfer the risk replacing the application now instead of in five years D. Accept the risk and continue to enable the accounts each month saving money
C
A security administrator wants to check user password complexity. Which of the following is the BEST tool to use? A. Password history B. Password logging C. Password cracker D. Password hashing
B
A security administrator wants to get a real time look at what attackers are doing in the wild: hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal? A. Penetration testing B. Honeynets C. Vulnerability scanning D. Baseline reporting
A
A set of standardized system images with a pre-defined set of applications is used to build end user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the: A. Attack surface. B. Application hardening effectiveness. C. Application baseline. D. OS hardening effectiveness.
C
A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module: the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application? A. Black box testing B. White box testing C. Gray box testing D. Design review
D
After a recent security breach: the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies? A. Change management B. Implementing policies to prevent data loss C. User rights and permissions review D. Lessons learned
D
An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing? A. Penetration B. White box C. Black box D. Gray box
A
An administrator is concerned that a company's web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform? A. Vulnerability scan B. Risk assessment C. Virus scan D. Network sniffer
A
An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame. Which of the following strategies would the administrator MOST likely implement? A. Full backups on the weekend and incremental during the week B. Full backups on the weekend and full backups every day C. Incremental backups on the weekend and differential backups every day D. Differential backups on the weekend and full backups every day
A
Ann: a security analyst: is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system: Ann would use which of the following? A. Vulnerability scanning B. SQL injection C. Penetration testing D. Antivirus update
C
Ann: a security technician: is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation: she discovers that this is normal activity for her network. Which of the following BEST describes these results? A. True negatives B. True positives C. False positives D. False negatives
A
Ann: the security administrator: received a report from the security technician: that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event? A. Routine log audits B. Job rotation C. Risk likelihood assessment D. Separation of duties
D
Ann: the software security engineer: works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions: buffer overflows: and other similar vulnerabilities prior to each production release? A. Product baseline report B. Input validation C. Patch regression testing D. Code review
A
Based on information leaked to industry websites: business management is concerned that unauthorized employees are accessing critical project information for a major: well-known new product. To identify any such users: the security administrator could: A. Set up a honeypot and place false project documentation on an unsecure share. B. Block access to the project documentation using a firewall. C. Increase antivirus coverage of the project servers. D. Apply security updates and harden the OS on all project servers.
A
During a security assessment: an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use? A. Port scanner B. Network sniffer C. Protocol analyzer D. Process list
A
End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer: A. Date of birth. B. First and last name. C. Phone number. D. Employer name.
B
In which of the following categories would creating a corporate privacy policy: drafting acceptable use policies: and group based access control be classified? A. Security control frameworks B. Best practice C. Access control methodologies D. Compliance activity
A
Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform? A. Vulnerability assessment B. Black box testing C. White box testing D. Penetration testing
B
Jane: a security analyst: is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company? A. Vulnerability scanner B. Honeynet C. Protocol analyzer D. Port scanner
D
Joe: an administrator: installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server. However: the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server? A. DMZ B. Honeynet C. VLAN D. Honeypot
D
Joe: the system administrator: is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Joe take into consideration? A. A disk-based image of every computer as they are being replaced. B. A plan that skips every other replaced computer to limit the area of affected users. C. An offsite contingency server farm that can act as a warm site should any issues appear. D. A back-out strategy planned out anticipating any unforeseen problems that may arise.
B
Matt: the Chief Information Security Officer (CISO): tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test? A. The security company is provided with all network ranges: security devices in place: and logical maps of the network. B. The security company is provided with no information about the corporate network or physical locations. C. The security company is provided with limited information on the network: including all network diagrams. D. The security company is provided with limited information on the network: including some subnet ranges and logical network diagrams.
A
Pete: a developer: writes an application. Jane: the security analyst: knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct? A. Gray Box Testing B. Black Box Testing C. Business Impact Analysis D. White Box Testing
C
Requiring technicians to report spyware infections is a step in which of the following? A. Routine audits B. Change management C. Incident management D. Clean desk policy
B
Sara: a security analyst: is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach? A. $1:500 B. $3:750 C. $15:000 D. $75:000
D
Sara: the Chief Security Officer (CSO): has had four security breaches during the past two years. Each breach has cost the company $3:000. A third party vendor has offered to repair the security hole in the system for $25:000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk? A. Accept the risk saving $10:000. B. Ignore the risk saving $5:000. C. Mitigate the risk saving $10:000. D. Transfer the risk saving $5:000.
B
The annual loss expectancy can be calculated by: A. Dividing the annualized rate of return by single loss expectancy. B. Multiplying the annualized rate of return and the single loss expectancy. C. Subtracting the single loss expectancy from the annualized rate of return. D. Adding the single loss expectancy and the annualized rate of return.
A
The security consultant is assigned to test a client's new software for security: after logs show targeted attacks from the Internet. To determine the weaknesses: the consultant has no access to the application program interfaces: code: or data structures. This is an example of which of the following types of testing? A. Black box B. Penetration C. Gray box D. White box
C
The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. Which of the following risk mitigation strategies is MOST important to the security manager? A. User permissions B. Policy enforcement C. Routine audits D. Change management
C
To help prevent unauthorized access to PCs: a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation? A. Management B. Administrative C. Technical D. Operational
A
Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes? A. User rights and permissions review B. Configuration management C. Incident management D. Implement security controls on Layer 3 devices
B
When designing secure LDAP compliant applications: null passwords should NOT be allowed because: A. null password can be changed by all users on a network B. a null password is a successful anonymous bind C. null passwords can only be changed by the administrator D. LDAP passwords are one-way encrypted
D
Which of the following BEST describes both change and incident management? A. Incident management is not a valid term in IT: however change management is B. Change management is not a valid term in IT: however incident management is C. Incident management and change management are interchangeable terms meaning the same thing D. Incident management is for unexpected consequences: change management is for planned work
B
Which of the following assessments would Pete: the security administrator: use to actively test that an application's security controls are in place? A. Code review B. Penetration test C. Protocol analyzer D. Vulnerability scan
D
Which of the following can Joe: a security administrator: implement on his network to capture attack details that are occurring while also protecting his production network? A. Security logs B. Protocol analyzer C. Audit logs D. Honeypot
C
Which of the following can be used by a security administrator to successfully recover a user's forgotten password on a password protected file? A. Cognitive password B. Password sniffing C. Brute force D. Social engineering
B
Which of the following consists of peer assessments that help identify security threats and vulnerabilities? A. Risk assessment B. Code reviews C. Baseline reporting D. Alarms
A
Which of the following could mitigate shoulder surfing? A. Privacy screens B. Hashing C. Man traps D. Screen locks
A
Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise? A. Vulnerability scanning B. Port scanning C. Penetration testing D. Black box
B
Which of the following is a management control? A. Logon banners B. Written security policy C. SYN attack prevention D. Access Control List (ACL)
A
Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft? A. Disk encryption B. Encryption policy C. Solid state drive D. Mobile device policy
A
Which of the following is an example of a false positive? A. Anti-virus identifies a benign application as malware. B. A biometric iris scanner rejects an authorized user wearing a new contact lens. C. A user account is locked out after the user mistypes the password too many times. D. The IDS does not identify a buffer overflow.
D
Which of the following is the MOST intrusive type of testing against a production system? A. White box testing B. War dialing C. Vulnerability testing D. Penetration testing
D
Which of the following network devices is used to analyze traffic between various network interfaces? A. Proxies B. Firewalls C. Content inspection D. Sniffers
C
Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies? A. To ensure that false positives are identified B. To ensure that staff conform to the policy C. To reduce the organizational risk D. To require acceptable usage of IT systems
A
Which of the following risk mitigation strategies will allow Ann: a security analyst: to enforce least privilege principles? A. User rights reviews B. Incident management C. Risk based controls D. Annual loss expectancy
C
Which of the following security strategies allows a company to limit damage to internal systems and provides loss control? A. Restoration and recovery strategies B. Deterrent strategies C. Containment strategies D. Detection strategies
B
Which of the following should an administrator implement to research current attack methodologies? A. Design reviews B. Honeypot C. Vulnerability scanner D. Code reviews
D
Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network? A. Application white listing B. Remote wiping C. Acceptable use policy D. Mobile device management
A
Which of the following tests a number of security controls in the least invasive manner? A. Vulnerability scan B. Threat assessment C. Penetration test D. Ping sweep
B C
Which of the following would BEST be used to calculate the expected loss of an event: if the likelihood of an event occurring is known? (Select TWO). A. DAC B. ALE C. SLE D. ARO E. ROI
C
Which of the following would a security administrator implement in order to discover comprehensive security threats on a network? A. Design reviews B. Baseline reporting C. Vulnerability scan D. Code review
C
Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses? A. Penetration test B. Code review C. Vulnerability scan D. Brute Force scan
B
Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application? A. Protocol analyzer B. Vulnerability scan C. Penetration test D. Port scanner
C
Which statement is TRUE about the operation of a packet sniffer? A. It can only have one interface on a management network. B. They are required for firewall operation and stateful inspection. C. The Ethernet card must be placed in promiscuous mode. D. It must be placed on a single virtual LAN interface.