Security+ Practice Exam 1

Thomas is seeking options for controlling physical access to the server room. He would like a hands-free solution. Which of the following would be his best choice? A.Smart cards B.Proximity cards C.Tokens D.Fingerprint scanners

B. Proximity Cards Explanation The best choice for a hands-free solution would be Proximity cards as they only need to be within close range for the reader to work correctly. Smart cards have to be inserted or swiped, tokens don't have a hands-free option and fingerprint scanners are not hands-free as they require the use of local fingerprints.

Of the items listed, which provides additional encryption strength by repeating the encryption process with additional keys? A.3DES B.AES C.Twofish D.Blowfish

A. 3DES 3DES adds additional encryption strength by repeating the process. All other options do not repeat the encryption process.

Josh is a security technician who's been tasked with implementing PKI on the company's network. When verifying the validity of the certificate, he needs to ensure bandwidth isn't being consumed. What can be implemented? A.CRL B.OCSP C.Key Escrow D.CA

A. CRL Explanation Certificate revocation list, or CRL, can be implemented to provide a list of digital certificates that have been revoked, therefore, no longer allowing access. OCSP is a status protocol, Key escrow is key storage, and CA is the certificate-issuing authority.

Isaac is in need of an authentication protocol that would be effective when it comes to stopping a session hijacking. Which of the following would be the best choice? ​ A.CHAP B.PAP C.SPAP D.Radius

A. CHAP Explanation: CHAP is the best choice designed to stop a session hijack. All other options are incorrect.

Amy manages mobile device security for her company, an insurance firm. The company currently uses BYOD. She's concerned about employees' personal device usage compromising company data on the mobile devices. What technology could best assist with this concern? A.Containerization B.Screen locks C.FDE D.Biometrics

A. Containerization Containerization is a great resource since it establishes secure isolated connections to applications and isolates the rest of the phone. Screen locks do not assist with this concern, FDE is a great idea but doesn't segregate data and Biometrics is a great idea for authentication but they do not address this issue.

Of the listed principles, which process would transpire if a user provides a correct username and password? A.Identification B.Authentication C.Authorization D.Accounting

B. Authentication Explanation Authentication is what happens when a user provides a correct name and password. Identification is when you explain your identity, authorization is when you're granted access and accounting is the logging of information related to specific accounts/processes, etc.

Kim would like to implement a server authentication method that depends on TPM in a server. What's the best approach? A.Hardware-based access control B.Software-based access control C.Digital certificate-based access control D.Chip-based access control

A. Hardware -based access conntrol Explanation TPM can be used for authentication, therefore, hardware-based access control is the best approach. For hardware-based access control, you would need the chip in order to be able to access the information on the machine. Software-based access control isn't related to this scenario, digital certificates aren't completely related to this scenario and chip-based access control is not an industry term.

Cassie is worried about credential management on a network where users often have over six passwords to remember. She's currently interested in finding a solution to this problem. Which would be the best way to address this issue? A.Implement a manager B. Use short passwords C.Implement OAuth D.Implement Kerberos

A. Implement a manager Explanation: The best way to address this solution would be to implement a manager for the passwords. Using short passwords is a security risk. OAUTH allows a users account information to be shared and Kerberos will not reduce the number of passwords that must be remembered.

Jay is a security administrator for a large company and has about 100 hosts on his network that were recently attacked by a virus. He's concerned because there was a patch available that would have minimized the impact from the virus. What is the best solution to implement on the network? A.Install patch management software B.using automatic updates C.Putting unpatches machines on a bridge D.Scanning all machines for patches every day

A. Install patch management software Explanation Patch management software will help roll out patches onto the network. Automatic updates shouldn't be used on corporate networks if they will interfere with productivity and network consistency. Putting unpatched machines on a bridge will not solve the issue and scanning all machines for patches every day will slow down production.

You're responsible for network protocols. The network time protocol has been failing periodically. What is the most affected? A.kerberos B.RADIUS C.CHAP D.LDAP

A. Kerberos Explanation Kerberos is the best option. This system uses various tickets, each with a certain time limit. The tickets are typically only good for five minutes or less. All other options are incorrect because none of these are prone to have a significant effect.

Which is the least secure hashing algorithm? A.MD5 B.RIPEMD C.SHA-1 D.AES

A. MD5 Explanation The least secure hashing algorithm is MD5 as it creates a 128bit hash regardless of the length of the text. RIPEMD creates a 128/160/256/320bit message, SHA1 creates a 160bit hash regardless of the length of text and AES is a secure encryption not considered a hashing algorithm.

As the security manager, you need to reduce the risk of employees working in collusion to embezzle funds. Which process would you implement? A .Mandatory vacation B.Clean desk C.NDA D.Continuing education

A. Mandatory vacation Explanation The process that should be implemented is mandatory vacations. This process is used to detect fraud. Clean desk policy ensures all sensitive documents are removed from a desk and locked up, an NDA is a nondisclosure agreement that prevents sensitive data from being shared and continuing education does not apply here.

Your supervisor has asked you about protecting the privacy of personally identifiable information (PII) that is collected. As the security administrator, which is the best option to meet these requests? A.PIA B.BIA C.RTO D.SPF

A. PIA Explanation A PIA is a privacy impact assessment, which is a measurement of the private information that belongs to the company while in the possession of a PII. BIA determines the effects of interruption, RTO is the time it takes for services to be restored following a disaster and SPF is a single point-of-failure, which does not assist with privacy.

You work for a company that is issuing portable devices to employees for both work and personal use. The company is doing this so they can control the security of the devices. As an employee, what issue is raised by using a company-owned device for your work-related data and personal use? A.Personal information being exposed B.Company data being exfiltrated C.No issues D.

A. Personal information being exposed Explanation With company-owned devices, you can still use the device for personal use and save your personal information on this device, therefore, your personal and private data is being exposed to your company. By storing your personal data on a company-owned device, the employee is giving up some of their privacy. All other options are incorrect.

Of the listed items, which is not a step of the incident response process? A.Snpashot B.Preparation C.Recovery D. Containment

A. Snapshot The incident response process does not include snapshot as a step. All other options are steps of that process.

What type of attack is based on sending more data to a target than the target can hold? A.Bluesnarfing B.Buffer overflow C.Bluejacking D.DDos

B. Buffer overflow Explanation Sending more data to a target than the target is capable of holding is called a buffer overflow attack. Bluesnarfing and Bluejacking are both Bluetooth attacks and a DDoS is not described in this scenario.

Jonathan works for a large bank and one of his responsibilities is to ensure that web bank logins are as secure as possible. He's concerned that a customer's account login could be compromised and someone else would gain access to that customer's account. What is the best way to mitigate this threat? A.Use SMS authentication for any logins from an unknown computer or location B.Encrypt all traffic via TLS C.Require strong passwords D.Dpo not allow customer to log on from any place other than their home computer

A. Use SMS authentication for any logins from an unknown computer or location Explanation Most banks have a policy for sending a customer an SMS message with a code (2FA). Banks are already encrypted with TLS; strong passwords are an excellent idea but don't address the problem at hand and placing major restrictions on customers will give customers another reason to go elsewhere.

You currently work for a large company and are concerned about ensuring all workstations have a common configuration, do not contain a rogue software installation, and all patches are kept up to date. Of the following, which would be most effective to accomplish this? A.Use VDE B.Implement strong policies C.Use an image for all workstations D.Implement strong patch management

A. Use VDE The best option is to implement a VDE or a virtual desktop environment. This would give you the opportunity to manage patches, configurations and software installations/updates/maintenance in a single location. Policies are great but they do not accomplish the task at hand. An image for workstations is great for their original configurations, but it won't assist with keeping patches up to date or preventing software from being installed. Strong patch management is great, but it doesn't address all of the requests.

Josh, as an administrator for a health care company, is required to support an older, legacy application. He's concerned about the application having some vulnerabilities that would affect the remainder of the network. Of the following, which option is the most efficient way to mitigate this? ​ A.Use an application container ​ B.Implement SDN ​ C.Run the application on a separate VLAN ​ D.Insist on an updated version of the application

A. Use an application container The best option would be to use an application container which isolates applications from the host operating system. Virtual environments are allowed to run an application in an application container. SDN is software-defined networking, which will not accomplish the task at hand. Running applications on separate VLANs has nothing to do with the host operating system and insisting on updated versions still does not accomplish the task.

Janet has to deploy and support a legacy application where the configuration for this application and the OS are very specific and cannot be changed. Of the following options, which is the best approach to deploy this software? A. Use an immutable server B. Use a VM C.Set permissions on the application so it cannot be changed D.Place the application on a separate VLAN

A. Use an immutable server Explanation Immutable server is a server that has a configuration that cannot be changed. This would be the best option. VMs are fully configurable. Permissions for applications do not prevent the OS from being changed and applications on a separate VLAN doesn't address the aforementioned issues.

You are currently testing your company network for security issues. The test you're conducting involves using automated and semi-automated tools to look for known vulnerabilities with various systems. Which of the following best describes this test? A. Vulnerability scan B. Penetration testing C.Security audit. D.Security test

A. Vulnerability scan Explanation Vulnerability scans use automated tools to find known vulnerabilities, so this is the correct answer. Penetration tests typically work to exploit found vulnerabilities and break into networked systems, while security audits typically focus on checking policies, incident reports, and documents. Security test is a generic broad term for any type of test run to test network security.

Jason needs to renew the certificate for his company's web server. Which of the following is recommended to be submitted to the CA? A.CSR B.Key Escrow C.CRL D.OCSP

A.CSR Explanation A CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate. Key escrow stores keys, CRL is a list of revoked certificates and the OCSP is a status of certificates which provides validity such as "good" "revoked" or "unknown".

Which of the following works like stream ciphers? A.One-tme pad B.RSA C.AES D.DES

A.One-time pad Explanation Stream ciphers work similar to one-time pads. They provide the same protection as OTP. RSA is an asymmetric algorithm, AES is a symmetrical block (not stream) cipher, and DES is a symmetric block cipher as well.

Which should be required by a company to mitigate the impact of a custom piece of software being installed by a vendor in case the vendor later goes out of business? A.A detailed credit investigation prior to acquistion B.A third-party source code escrow C.Substantial penalties for breach of contract D.Standby contract with other vendors

B. A third-party source code escrow Explanation The correct answer would be a source code escrow. This would assist with granting you the source code in the event the vendor goes out of business, so you can maintain the source code yourself. Detailed investigations are a great idea but this won't help you with a failing vendor. Penalties for breach of contract are no longer effective when a vendor goes out of business and even if another vendor creates a standby by contract with you, they can't do what they need to without the source code.

Which encryption type offers easy key exchange and key management? A.Obfuscation B.Asymmetric C.Symmetric D.hasing

B. Asymmetric Explanation Asymmetric encryption is typically the one that provides easy key exchange and management. Asymmetric encryption is the system that protects keys from loss or misuse as well. Obfuscation is a process of making something difficult to read, Symmetric encryption uses the same key to encrypt/decrypt and Hashing ensures data integrity.

Scott works for a large bank that is trying to limit the risk associated with unapproved USB devices to company documents. Which is the best solution for this problem? A.IDS B.DLP C.Content filtering D.NIPS

B. DLP Explanation DLP or data loss prevention would be great with limiting the unapproved technologies. IDS, content filtering and NIPS would not address this scenario.

Peter manages network security at a large company and is concerned about the variety of attacks, specifically DNS poisoning. Which of the following would be the best option to mitigate this issue? A.IPSec B.DNNSEC C.L2TP D.TLS

B. DNSSEC Explanation DNSSEC stands for domain name system security extensions and it is a group of extensions that add security to a DNS protocol. This makes the DNS protocol less susceptible to attacks. IPSec and L2TP work on VPNs and TLS doesn't assist much with mitigation for DNS poisoning.

Joe is concerned about attacks to an e-commerce server. He's especially concerned about a cross-site scripting attack and SQL injection. Which of the following would defend against these two attacks? A.Encrypted web traffic B.Filtering user input C.Firewall D.An IDS

B. Filtering user input Explanation Filtering user input is the best way to defend against attacks. Encrypting web traffic would have no effect on these attacks. Web application firewalls (WAF) can mitigate these attacks but it would fall secondary to filtering user input, and IDS simply detects attacks and doesn't stop them.

Logan would like to test his company's web application and evaluate if it's handling input validation and data validation properly. Of the following, which testing method would be most effective for this scenario? A.Static code analysis B.Fuzzing C.baselining D.Version control

B. Fuzzing Explanation The best method to handle input validation is fuzzing. Fuzzing is a technique where a tester enters the wrong information intentionally to see how the application will process or handle the data. Static code analysis scans for issues; baselining establishes standards and version control tracks changes to the versions of the code.

Brandon is a network administrator and has received a popup window that tells him his files are now encrypted and he must pay a certain amount of bitcoins to get them decrypted. He tried to check the files in question, but their extensions have all changed and he cannot open them. What best explains the given scenario? A.His machine has a rootkit B.His machine has ransomware C.His machine has a logic bomb D.His machine has been the target of whaling

B. His machine has ransomware Explanation Brandon's machine has been affected by ransomware. Ransomware requests payment in return for the files being "held hostage" or encrypted/decrypted. Rootkits provide administrative access, logic bombs execute when certain conditions are met and this scenario has nothing in it that describes whaling.

Of the following, which is the most important benefit from implementing SDN? A.It will stop malware B.It provides scalability CIt will detect intrusions. D.It will prevent session hijacking

B. It provides scalability Explanation The most important benefit of a software-defined network (or SDN) is scalability. SDNs do not prevent malware, do not detect intrusions, and do not prevent session hijacking.

JB is a security administrator for a bank and has discovered a piece of software on the database server that is not supposed to be there. It looks as though the software will begin deleting files if a certain employee is terminated. What best describes this process? A.Worm B.Logic Bomb C.Trojan horse D.Rootkit

B. Logic Bomb Explanation Logic bomb is the correct answer. Logic bombs are a type of malware that performs it's activity when certain conditions are met. Worms self-propagate, Trojan horse is a malware attached to a program and rootkits are malware that get administrative privileges.

Which is a term for technical controls? A.Access controls B.Logical Controls C.Detective controls D.Preventative controls

B. Logical controls Explanation Technical controls are logical controls. These are controls you can use to restrict data access like applications, devices, and encryption. Access controls can be technical controls, but this also encompasses other things as well. Detective controls detect things but do not prevent things and preventative controls are typically used to assist in avoiding a security breach.

How would you appropriately categorize the authentication method that displays a one time password on a token? (Note: the hardware token is being by itself used for authentication.) A.Biometric Authentication B.One-time password authentication C.Multi-factor Authentication D.PAP authentication

B. One-time password authentication Explanation: For the exam, you need to know the different categories of authentication and what type of authentication methods belong to each category. A hardware security token like the one displayed creates a one-time use password by presenting the user with a random string of numbers that changes every 30-60 seconds. When used by itself, it is considered a one-time password authentication method. If combined with a username and password, it would become a multi-factor authentication scheme.

Alissa has deployed session tokens on her network. What would these tokens be the most effective in protecting against? A. DDos B.Replay C.SYN Flood D.Malware

B. Replay Explanation Session tokens are used to authenticate sessions and can protect you against replay attacks and session hijacking attacks. Session tokens cannot mitigate DDoS, SYN flood or malware attacks.

Larry is a network administrator for a small accounting firm and has heard some of his users complaining of slow connectivity. When he started investigating the firewall logs, he saw a large number of half-open connections. What best describes his findings? A.DDos BSYN Flood C.Buffer Overflow D.ARP Poisoning

B. SYN Flood Explanation SYN flood is the correct answer. Half-open connections are a classic example of a SYN flood attack. Nothing in the question demonstrates any part of a DDoS attack. Buffer overflows involve sending too much data to a target and ARP poisoning alters the ARP tables and isn't related to website hacking.

Walt, a sales manager at your company, has been complaining about his computer performing slowly. When you investigate the issue, you noticed some spyware on his computer, but he insists the only thing he has downloaded lately was a freeware stock trading application. What best explains this situation? A.Logic Bomb B.Trojan Horse C.Rootkit D.Macro virus

B. Trojan horse Explanation: Trojan horse is the correct answer - because it attaches a malicious program to a legitimate program. When the user downloads and installs, they get the malicious program. Logic bombs are malware files that activate when certain conditions are met. Rootkits are malware files that get administrative access and macro viruses embed themselves in documents as macros (a set of actions).

Which plan identifies critical systems and components to ensure assets are safe and protected? A.DRP B.BCP C.IT contingency plabn D.Succession plan

B.BCP Explanation A business continuity plan identifies critical systems and components that need to be protected. DRP (disaster recovery plan) has information relating to the disaster recovery strategy such as how the company will require with minimal lost time and money, an IT contingency plan specifies alternate procedures for disruptions of service and succession plan works through personnel coming in to take someone else's place upon leaving the company.

Pat is working to allocate appropriate numbers of IP addresses for various subnets in the network for his company. What would be the proper CIDR notation for an IP v4 subnet with 72 nodes? A./27 B./29 C./24 D./26

C. /24 Explanation: Options /27 (32 IPs), /29 (8 IPs) and /26 (64 IPs) all yield subnets that are too small.

Jakob is worried that someone will use a password cracker on the computers in his company. He's concerned that common passwords will be attempted in order to gain access to a system. Which would be the best option to mitigate the threat? A.Password age restrictions B.Password minimum length requirements C.Account lockout policies D.Account usage auditing

C. Account lockout policies Explanation The best way to mitigate the possibility of a password cracker would be that accounts should be locked out after a small number of login attempts. Typically, companies use 3 attempts. Password aging forces users to change passwords but doesn't affect the password guessing attempts. Longer passwords are harder to guess and account usage auditing has nothing to do with this issue.

Josh is a bank manager and has suspicions that one of his tellers has stolen money from their respective station. After talking with his supervisor, he places the employee on leave with pay, changes their computer account to suspended, and takes their prox card and building keys. Which procedure was followed? A.Mandatory vacation B.Exit interview C.Adverse action D.Onboarding

C. Adverse actions Explanation The procedure that was followed was adverse actions. These are actions that are placed against employees when a wrongdoing has been found. Mandatory vacation is used to detect fraud, exit interviews are used when an employee leaves a company to try to determine what they can do better and onboarding is used when an employee/vendor is added to the systems.

You work for a company that has outsourced development of a specific application to a local programming firm, however, after three months of using the product, one of your accountants accidentally discovers a way to log in and bypass all security and authentication. Of the following options, what best describes this? A.Logic bomb B.Trojan horse C.Backdoor D.Rootkit

C. Backdoor Explanation Backdoor is the correct answer. It's a method for passing normal security and directly accessing a system "through a back door". Logic bombs are malware files that activate when certain conditions are met, Trojan horses attach to a legitimate program and rootkits have administrative privileges.

Of the listed principles, which one states that multiple changes made to computer systems shouldn't be made simultaneously? A. Due diligence B.Acceptable use C.Change management D.Due cae

C. Change management Explanation Change management is a process that states that multiple changes should never be made to a network and computers simultaneously. This is a process of documenting all changes made, which assists with problem tracking. Due diligence is an investigation, acceptable use policies determine what you can and cannot do on a corporate network and due care is used when you make an extra effort to avoid harm to another party.

Mark noticed that one of the employees at his company tethers to his smartphone to bypass corporate web security to access prohibited websites while still being connected to the LAN. What is the best way to prevent this? A.Disable wireless access B.Implement a WAF C.Implement a policy against tethering D.Implement a HIPS

C. Implement a policy against tethering Explanation In order to be effective here, you'd need to implement a policy against tethering, therefore, repercussions can be possible. Implementing a WAF wouldn't help much as that's a firewall, disabling wireless access wouldn't help much because she isn't using company wireless, and HIPS doesn't work unless it's testing it on the machine that's being tethered.

Choose the attack that depends on the attacker entering JavaScript into a text area that is intended for users to enter text that can be viewed by other users: A.SQL Injection B.Clickjacking C. Cross-site scripting D.Bluejacking

C. Cross-site scripting Explanation Cross-site scripting is the correct answer. XSS involves entering a script into text areas that users can view. SQL injection is not about entering scripts, but instead, commands. Clickjacking is tricking users into clicking the wrong things and Bluejacking is a Bluetooth attack.

Wayne works for a large law firm and manages network security. It's common for guests who come to the law firm to need to connect to the WiFi. He wishes to ensure that he provides maximum security when these guests connect using their own devices, but also seeks to provide assurance to the guests that his company will have minimal impact on their devices. What is the best solution? A.Permanent NAC agent B.Agentless NAC C.Dissolvable NAC agent D.Implement COPE

C. Dissolvable NAC Agent Explanation Network Access Control systems can perform a health check on devices to make sure they meet minimum security standards prior to connecting. Permanent NAC would have an impact on visitor devices; agentless NAC has less impact and COPE devices aren't possible to give to guests.

James is worried about how his company will respond to breaches. He's interested in finding a way that will identify files that have been altered during the breach. What is the best solution for him to implement? A.NAC B.NIDS C.File integrity checker D.Vulnerability scanner

C. FIle integrity checker Explanation File integrity checkers store hashes of various files and this integrity checker can detect changes to any files. NAC is used to ensure devices meet the minimum security standards; NIDS doesn't know whether files have been altered and vulnerability scanner only scans for known vulnerabilities.

Which recovery site is the easiest to test? A.Warm site B.Cold site C.Hot site D.Medium site

C. Hot site Explanation The hot site is the easiest recovery site to test. Hot sites are set up and ready to go. Warm sites are harder because there is no employees or company data. The warm site contains very limited equipment and the medium site is not an industry term.

Lori is concerned about DHCP starvation attacks, especially since learning that anyone can download a software called a "gobbler" and use it to execute a DHCP starvation attack. What technology would help mitigate this risk? A.Encrypt all DHCP communication with TLS B.FDE on the DHCP server C.Network address Allocation D.IPSec for all DHCP communications

C. Network address allocation Explanation Network address allocation allocates network addresses (hence the name). This can be done either by limiting the IP addresses to a certain number as well as a few other ways. Encrypting communications is a great idea but it doesn't mitigate the issue, FDE doesn't mitigate the issue either and IPSec can be a good answer, but the transmission is not the issue in this scenario.

Matthew is working to select an authentication method for his company that will support REST as well as many web-based and mobile clients. Which of the following would be the best choice? A.Shibboleth B.RADIUS C.OpenID Connect D.OAuth

C. OpenID Connect Explanation OpenID works with OAuth and supports REST. OpenID Connect is used for authentication whilst using OAuth for authorization and that is why OpenID Connect is correct in this question. Shibboleth uses SAML and works over the Internet, RADIUS is a remote access protocol, and OAuth allows a users information to be shared without exposing their password.

What kind of attack is used with a flood of ICMP request? A.Syn Flood B. Smurf Attack C.Ping flood D.DDos

C. Ping Flood Explanation: A Ping flood occurs when an attacker attempts to flood the server by sending too many ICMP echo request packets (which are known as pings). This image is a graphical depiction of this type of attack.

You are responsible for the web application security for your company's e-commerce server. You're especially concerned with XSS and SQL injection. Of the following, which technique would be the most effective at mitigating these attacks? A.Proper error handling B.The use of stored procedures C.Proper input validation D.Code Signing

C. Popper input validation Explanation The aforementioned attacks are typically mitigated with input validation. This helps prevent XSS and SQL injections from happening. Error handling doesn't mitigate attacks. Stored procedures are great but they don't prevent attacks and Code signing is used for code downloaded from the web, to protect the client computer, not the web application itself.

You are working as part of a cyber incident response team. An ongoing attack has been identified on your web server. Your company wants to take legal action against the criminals who have hacked your server, so they have brought in a forensic analyst from the FBI to collect the evidence from the server. What order should the digital evidence be collected based on the order of volatility? A.Hard Drive or USB Drive, Swap File, Random Access Memory, Processor Cache B. Process Cache, Swap File, Random Access Memory, Hard Drive or USB Drive C.Processor Cache, Random Access Memory, Swap File, Hard Drive or USB Drive D.Swap File, Processor Cache, Random Access memory, Hard Drive or USB drive

C. Processor Cache, Random Access memory, Swap File, Hard Drive or USB Drive Explanation: The correct order for evidence collection based on the order of volatility is the Processor Cache, Random Access Memory, Swap File , and then the Hard Drive or USB Drive. Since the Processor Cache is the most volatile and changes the most frequently, it should be captured first. Random Access Memory (RAM) is temporary storage in a computer, can quickly change or overwritten, and the information stored in RAM is lost when power is removed from the computer, so it should be collected second. Swap files are temporary files on a hard disk that are used as virtual memory, and therefore, should be collected third. The files on a hard disk or USB drive are the least volatile of the four options presented since it is used for long-term storage of data and is not lost when the computer loses power.

Alissa manages network security at her company. She's had several calls from users stating that their personal data is being stolen when they use the wireless network. Several of them have insisted they only connect to the corporate wireless access point (WAP), but logs for the WAP show the users have never connected to it. Which of the following explains this situation? A.Session hijacking B.Clickjacking C.Rogue access point D.Bluejacking

C. Rogue access point Explanation Rogue access points show up as the same WAP that someone has been using, but could lead to a different device, which, in turn, does not show the user connecting to the trusted device in the logs. Session hijacking involves taking over an authenticated session, clickjacking involves causing users to visit other websites and click on the wrong item and bluejacking is a Bluetooth attack.

Lisa manages incident response for a bank. The bank has a website that's been attacked. The attacker utilized the login screen, and rather than entering proper login credentials, the attacker entered some odd text: ' or '1'='1. What is this attack known as? A.Cross-site scripting B.Cross-site request forgery C.SQL injection D.ARP poisoning

C. SQL injection Explanation The correct answer is a SQL injection. The text in the question is a classic example of a basic SQL injection that works to log in to a site. Cross-site scripting uses JavaScript, Cross-site request forgery doesn't involve test and ARP poisoning alters an ARP table, which isn't related to website hacking.

John is a sales manager at his company. He has recently received an email asking him to click a link to fill out a survey. The email seems suspicious but it does mention a major association of which he's familiar, and makes him think it may be a legitimate email. Of the following, which best describes this attack? A.Phishing B.Social Engineering C.Spear phishing D.Trojan horse

C. Spear phishing Explanation The correct answer is spear phishing. Spear phishing targets a specific group, and it's relatively easy to do when attackers can find individuals from public sources via source intelligence. Phishing is too broad of a term. Social engineering is incorrect; while it is a part of every phishing attack, this scenario goes deeper than social engineering. Trojan horse and/or malware is not even part of this attack.

Eddie is your security manager and he received a call from law enforcement telling him that some of his computers on his network participated in a massive DoS attack. He's certain that none of his employees would be involved in a cybercrime. What best explains the given scenario? A.It is a result of social engineering B.The machines all have backdoors C.The machines are bots D.The machines are infected with crypto viruses

C. The machines are bots Explanation The machines become bots, and they react according to the central station they become attached to. Social engineering is when someone tries to manipulate someone else into giving information. Backdoors seem unlikely in this scenario and Crypto-viruses are not related to DDoS attacks.

You have recently completed a review of company network traffic and saw where most of the malware infections are caused by users who visit illicit websites. You would like to implement a solution that will block these websites while scanning all network traffic for signs of malware and block the malware before it enters the company network. Which technology would be the best solution? ​ A.IDS B.Firewall C.UTM ​D.SIEM

C. UTM Explanation: UTM devices include firewall, IDS, antivirus and some other devices. The IDS detects intrusions, the firewall blocks incoming traffic and a SIEM is used for log aggregations

Laura is concerned about social engineering, specifically that this technique could be used by an attacker to obtain information about their network, even those relating to passwords. What countermeasure can be taken to ensure she's most effective in combating social engineering? A.SPI firewall B.IPS C.User training. D.Strong policies

C. User training Social engineering can only be countered by properly training and educating your users. There is no technology that can prevent social engineering, as your users are your weakest link and strong policies only help if the users are well trained in the policies.

Wanda is responsible for network connectivity for her company. The sales department is transitioning to VoIP. What two protocols must be allowed through the firewall for this to be successful? ​ A.RADIUS and SNMP ​B.TCP and UDP ​C.SIP and RTP D.RADIUS and SIP

C.SIP and RTP Explanation: VoIP works with SIP and RTP. SIP is session initiation protocol and RTP is real-time transport protocol and these are used to establish the call and send the data. RADIUS is a remote authentication and SNMP is to manage a network. TCP/UDP are types of protocols.

Choose the appropriate attack that sends two different messages using the same hash function, therefore, causing a collision: A.Xmas attack B.DoS C. Logic Bomb D.Birthday Attack

D. Birthday Attack Of the list provided, the appropriate attack that sends different messages using the same hash function and causing a collision would be a birthday attack. Xmas attack creates a TCP packet that turns on flags to scan the system, a DoS attack prevents services or resources in a network, and a logic bomb activates when specific conditions are met.

Sharon is responsible for the security on web applications. She's looking to see if all applications have input validation. What is the best way to implement validation? A. Server-side validation B.Client-side validation C.Validate in trust D.Client-side and server side validation

D. Client-side and server-side validation Explanation The best option is client-side with server-side validation. Using these together would provide Sharon with the best validation solution. Server-side validation individually and client-side validation individually are both incorrect. Validate in trust is not a validation method.

Backup tapes are stored off-site. What should be done with them? A.Generate a file hash for each backup file B.Scan the backup data for viruses C.Perform a chain of custody for the backup tape D.Encrypt the backup data

D. Encrypt the backup data Explanation Encryption of the backup data should be done prior to storing tapes off-site because if something happens to the tape physically, the data would still be okay. File hashes verify integrity, scanning for viruses isn't part of the backup process and chain of custody occurs when evidence is needed.

Josh manages network security at his company and has noticed that NTP is not working correctly. What security protocol will be affected by this? A.Radius B.DNSSEC C.IPSec D.Kerberos

D. Keberos Explanation: Kerberos is a key distribution center and provides keys with certain time limits. These expire after a certain amount of time and may not be used. All other options are incorrect because they function without a dependency of time synchronization.

Gary is concerned about unauthorized people entering the company's building. Of the following, which would be most effective in preventing this? A.Alarm systems B.Fencing C.Cameras D.Security guards

D. Security Guards Explanation Security guards are the most effective way, out of the aforementioned options, to prevent unauthorized access to the building. All other options will not prevent access.

Nate is considering the use of biometric access control systems for his company. He's concerned about the crossover error rate (CER), so which of the following processes would most accurately describe the CER? A.The rate of false acceptance B.The rate of false rejection C.The point at which false rejections outpace false acceptances D.The point at which false rejections and false acceptances are equal

D. The point at which false rejections and false acceptances are equal Explanation CER is the rate of false rejections and false acceptance are equal. All other options are not related.

Of the following, which is the most significant disadvantage of federated identities? A.They cannot be used with kerberos B.They dont implement least privileges C.Poor password management D.Transitive trust

D. transitive trust Explanation The most significant disadvantage of federated identities is transitive trust. The security of federated identities is impacted by the security of others. Kerberos can be configured to work with them, and federated identities don't impact password management and least privileges.

You are working as a help desk technician and received a call from a user who is complaining about their computer's performance having slowed down over the last week since they installed a new free video game on the computer. As part of your troubleshooting efforts, you enter the command prompt in Windows and run the following command "netstat -anb" "Outputshows ports 135 and 445 as listening" A.Keylogger B.Worm C.RAT D. Spam

RAT Explanation: Based on the scenario and the output provided, the best choice is a RAT. A RAT is a Remote Access Trojan and it is usually installed accidently by a user when they install free software on their machine that has a RAT embedded into it. The first two lines of the output shows that ports 135 and 445 are open and listening for an inbound connection (which is typical of a RAT). This is not an example of a worm because the user admitted to installing a free program, and worms can install themselves and continue to send data outbound across the network to continue to spread. There is no indication in the scenario that a keylogger is being used, nor that spam (unsolicited emails) have been received.