Security+ Questions
Which cryptographic attacks attempt to produce the same hash value from a brute-force attack using two inputs? (Choose two.)
Collision Birthday
Users are complaining that the new biometric identification system is difficult to use. They are saying that even thought he initial login worked fine, they have difficulty logging in later. In addition to user training, what should you investigate?
FRR (False rejection rate)
Your organization recently experienced an XSS attack. What is the best protection against this type of attack?
Disable the running of scripts
Management has asked you to implement MD5 to verify data integrity. However, you are concerned that MD5 is not strong enough. Which size checksum does this algorithm produce?
128-bit
You need to implement a protocol for dial-up connections that uses a challenge/response mechanism. Which protocol should you use?
CHAP (Challenge Handshake Authentication Protocol)
Your organization has decided to implement an encryption algorithm to protect data. One IT staff member suggests that the organization use IDEA. Which strength encryption key is used in this encryption algorithm?
128-bit
You have been asked to choose a hashing algorithms for your organization. You decide to implement SHA-1. Which size checksum is produced by this algorithm?
160-bit
A user complains that he is unable to communicate with a remote virtual private network (VPN) using L2TP. You discover that the port this protocol uses is blocked on the routers in your network. You need to open this port to ensure proper communication. Which port number should you open?
1701
A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the internet side of the DMZ firewall.
20
Which ISO standard provides best practices and guidance for applying security controls to information systems?
27000 series
Your company management has recently purchased a RADIUS server. This RADIUS server will be used by remote employees to connect to internal resources. You need to ensure that multiple client computers, including Windows 7 and Windows 10, are able to connect to the RADIUS server in a secure manner. What should you deploy?
802.1x
You are the security administrator for an organization. Management decides that all communications on the network should be encrypted using the data encryption standard (DES) or Triple DES (3DES) algorithm. Which statement is true of these algorithms?
A Triple DES (3DES) algorithm uses 48 rounds of computation.
You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. Which type of network should you deploy?
A VLAN
After a recent vulnerability assessment, your company has decided to implement several new security devices and mechanisms, including anomaly-based monitoring. You are researching several different anomaly-based monitoring products. What must be in place for this type of monitoring to be effective?
A baseline
During a forensic investigation, you are asked to make a copy of the contents of a hard drive. You need to ensure that this evidence can be used in court if needed. Which statement is true of disk imaging in this investigation?
A bit-level copy of the disk assists in the forensic investigation
You are investigating a point-of-sale (POS) terminal to verify that financial information will be protected. Which one of the following signs indicates a potential skimmer is installed?
A bulky casing is installed over the card reader
You have recently been hired as the security administrator for a company who recently won a government contract. As part of this contract, the company must implement mandatory access control (MAC) for all governmental data. Under this access control type, which entities would exist as an object?
A computer A file A printer
The new security plan for your organization states that all data on your servers must be classified to ensure appropriate access controls are implemented. Which statements are true of information classification? (Choose three.)
A data owner must determine the information classification of an asset. The two primary classes of data classification deal with military institutions and commercial organizations. Data classification refers to assigning security labels to information assets.
You have been hired by a law firm to create a demilitarized zone (DMZ) on their network. Which network device should you use to create this type of network?
A firewall
An IT technician has been assigned to install a new embedded firewall. What statement best describes this type of firewall?
A firewall that is integrated into a router
Which concept involves contracting with a third party who will provide a location and equipment to be used in the event of an emergency?
Alternate processing sites
The new anti-virus application that your company purchased claims that it protects against all types of viruses, including multipart viruses. Which statement correctly defines this type of virus?
A multipart virus can infect executable files and boot sectors of hard disk drives.
You have decided to attach a digital timestamp to a document that is shared on the network. Which attack does this prevent?
A replay attack
How does using a syslog server make processing more efficient?
A syslog server makes it easier to coordinate events and combine information into a single log
Your organization recently experienced a cross-site scripting (XSS) attack. In which situation does XSS pose the most danger?
A user accesses a financial organization's site using his or her login credentials
Recently, your organization implemented a new security policy which states that watermarks must be used for all copyrighted material. Which statement is true of a watermark?
A watermark can enable you to detect copyright violations.
You have a mobile sales force that must regularly access customer records from remote sites. You are concerned about security in the event a laptop or tablet is stolen. You want to implement measures that would not only include user authentication via username and password, but also evaluate other factors, such as time of day and location. What should you implement?
ABAC (Attribute-Based Access Control)
Your organization is using a STIX/TAXII client to review cyber threat indicators provided by ISAC. What is the most likely source of this information?
AIS (Automated Indicator Sharing)
Your employees are allowed to use personal fitness monitors and other wearable devices inside your facility. You are concerned about proprietary communication with these devices because of eavesdropping. Which of these techniques is the wireless communication with which you should be concerned?
ANT
Which type of threat involves a highly skilled group of attackers that keep their presence hidden, so they can continually exploit their targets.
APT
Your company implements Kerberos 5 to provide authentication services. Which entity in this deployment authenticates users?
AS (Authentication Service)
You are the security administrator for your company. You identify a security risk. You decide to continue with the current security plan. However, you develop a contingency plan to implement if the security risk occurs. What type of plan are you demonstrating?
Acceptance
You collect evidence after an attack has occurred. You need to ensure that the evidence collected follows chain of custody procedures. Which stage is NOT a part of the life cycle of evidence?
Accreditation
Organize the steps of the information life cycle into the correct order
Acquire/Collect Use Delete/Dispose (Legal Hold not used in this instance)
Over time, your company has implemented different authentication methods for different resources. The system is now very complex. To simplify the network, your company has decided to implement single sign-on (SSO) authentication. Which technologies provide this? (Choose all that apply.)
Active Directory SESAME Kerberos
You need a secondary server to remain on standby until the load on the primary server reaches a critical point. Which of the following should you implement?
Active-passive
Management has notified you that the mean time to repair (MTTR) a critical hard drive is too high. You need to address this issue with the least amount of expense. What should you do?
Add another hard drive, and implement disk mirroring.
Your organization's SIEM server collects security and operational logs from all security-related devices on the network.It then combines all of these logs together into one log. What is the term for this process?
Aggregation
You are incorporating a perimeter network into a network redesign and are adding several new devices to enhance security. Which of these would NOT be best placed in the new perimeter network?
Aggregation switches
You administer a small corporate network. On Friday evening, after close of business, you performed a full backup of the hard disk of one of the company's servers. On Monday evening you performed a differential backup of the same server's hard disk, and on Tuesday, Wednesday, and Thursday evening you performed incremental backups of the server's hard disk. Which files are recorded in the backup you performed Thursday?
All of the files on the hard disk that were changed or created since the incremental backup on Wednesday
You need to install a network-based intrusion detection system (NIDS) for your company. Which statement is NOT a characteristic of this device?
An NIDS analyzes encrypted information.
You have been authorized by management to use a vulnerability scanner once every three months. What is this tool?
An application that identifies security issues on a network and gives suggestions on how to prevent the issues.
Which policy defines the sensitivity of a company's data?
An information policy
Your company recently implemented an internal public key infrastructure (PKI). You need to ensure that all of the PKI components are secure and are currently researching the vulnerabilities on the entity that signs the certificates. Which entity are you examining?
An issuer
Your company has decided to install multiple types of monitoring devices on your network. Which type of monitoring is most likely to produce a false alert?
Anomaly-based
You have been asked to research the encryption algorithms available and make recommendations to management about which to implement. One of the encryption algorithms that you are researching is RSA. Which type of encryption algorithm does this algorithm represent?
Asymmetric with authentication.
You are researching the different types of firewall that you can install to protect your company's network and assets. Which type of firewall is most detrimental to network performance?
Application-level proxy firewall
You are evaluating several biometric authentication systems. Which is the best metric to use to quantify the effectiveness of the subject system?
CER (Crossover error rate)
Your organization has recently adopted a new security policy. As part of this policy, you must implement the appropriate technologies to provide confidentiality. Which technology provides this?
Asymmetric encryption
Your company has decided to deploy a new wireless network at a branch office. This branch office is located in a busy commercial district. Management has asked you to fully assess the external vulnerabilities of the wireless network before it is deployed. Which three conditions should you assess?
Antenna Type Access Point Power Antenna Placement
Which of these requirements would indicate that you needed to install a router as opposed to a NIPS/NIDS?
Anti-Spoofing
To gain more insight into activities performed on your network hosts, you can enable and configure application monitoring through logging. Application logs are useful for forensics, activity auditing, and compliance. Which of the following application logs should you enable for forensics investigations on user workstations? (Choose all that apply.)
Antivirus Browser HIPS (host-based prevention system)
During a meeting, you present management with a list of the access controls used on your network. You explain that these controls include preventative, detective, and corrective controls. Which control is an example of a corrective control?
Antivirus software
You suspect that several users are attempting to install unauthorized software. Upon researching, you discover that the attempts were unsuccessful. What tool did you implement that logged those attempts and identified the users?
Application whitelisting
Which of these represents a decision made when installing a firewall?
Application-based vs. network-based
Your company has deployed an application that requires access to a user's Google account. What would OpenID Connect provide in this deployment?
Authentication of the user's Google account.
You have just installed a new FTP server, but you do not know what information the FTP server is transmitting when a user initially connects to it. Which tool could you use to discover that information, and consequently know what information an attacker could exploit?
Banner grabbing
You are exploring the attack surface of a Linux host. Which scripting environment is an automation standard for most Linux/Unix systems?
Bash
You are creating an IDS solution for you company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of IDS are you using?
Behavior-based
Which type of file contains low-level instructions to be executed directly on a specific system or computer platform?
Binary
Your company has recently purchased several computers that have Trusted Platform Module (TPM) hardware. Which technology works with this hardware?
BitLocker
Your organization recently was the victim of an attack wherein the attacker sent unsolicited messages over a Bluetooth connection. Which attack occurred?
Blue jacking
Your network contains four segments. Which network devices can you you use to connect two or more of the LAN segments together without collisions? (Choose three.)
Bridge Router Switch
You are responsible for managing your company's virtualization environment. Which feature should NOT be allowed on a virtualization host?
Browsing the internet
You company implements and unsigned Java applet. How does it enforce security in JDK 1.1?
By using sandboxes
Your company implements an unsigned Java applet. How does it enforce security in JDK 1.1?
By using sandboxes
Provisioning requests for the IT department have been backlogged for months. You are concerned that employees are using unauthorized cloud services to deploy VMs and store company data. Which of the following services can be used to bring the shadow IT back under the corporate security policy?
CASB (Cloud Access Security Broker)
Which type of control is an example of a detection control?
CCTV (Closed-Circuit TV)
During routine investigation of a DLP system log on a system, you notice that at least a thousand customer records have been breached. Who should you notify of the breach FIRST?
CISO (Chief Information Security Officer)
Which deployment model allows an organization complete control and ownership of mobile devices, but allows its employees the flexibility for some personal use outside of the office?
COPE (Corporate Owned, Personally Enabled)
You suspect that several users are using expired digital certificates and that other digital certificates are very close to expiration. You need to examine the list of serial numbers of digital certificates that have not expired but should be considered invalid. Which PKI component should you examine?
CRL (Certificate Revocation List)
Which organization provides a controls framework, consisting of 13 domains, to specifically address security in cloud computing?
CSA (Cloud Security Alliance)
You must ensure that data is preserved for a digital investigation. Move the items in the list from the left column to the right column and place them in the correct order in which the forensic analyst should preserve them, starting with the first term on top.
Cache RAM Running processes Hard drives Backup media
You are building a public-access Wi-Fi system for a new hotel. You want to require the users to accept a fair use policy before connecting to the internet. Which of the following should you implement?
Captive Portal
You are configuring a wireless guest network, but you need to prevent guests from accessing the corporate intranet, while informing them of the acceptable use policy. Which access method should you use?
Captive Portal
When connecting to a website using SSL/TLS, the client browser uses the root CA's public key to decrypt the digital signature of each certificate until finally verifying the identity associated with the website's certificate. Which term or phrase describes this PKI concept?
Certificate chaining
You discover that an investigator made some mistakes during a recent forensic investigation. You need to ensure that the investigator follows the appropriate process for the collection, analysis, and preservation of evidence. Which term should you use for this process?
Chain of custody
Which principle stipulates that multiple modifications to a computer system should NOT be made at the same time?
Change Management
You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack. What should you do? (Choose all that apply.)
Change the default SSID (Service Set Identifier) Configure the network to use WPA or WPA2 Disable SSID broadcast Configure the network to use authenticated access only
What is typically part of an information policy?
Classification of information
You are trying to identify the source of a security issue. You notice that the device in question uses PAP for authentication, and you believe it to be the source of the issue. Which two security concepts would validate your theory? (Choose two.)
Clear text passwords Unencrypted credentials
Your client provides application software that can be downloaded over the internet. The client wants customers to trust that they are purchasing and downloading the application from a validated source. What type of certificate should you consider?
Code signing
You are explaining to a new employee the proper process of evidence collection. As part of this explanation, you need to ensure that the new employee understands the evidence life cycle. Place the steps in order from first to last.
Collect Analyze Store Present Return
An accounting job role requires separation of duties to reduce the risk of fraud, with tasks spread across two employees. Due to a staffing shortage, you only have one person available to perform all of the tasks. You ask your business's bank to start sending you weekly statements instead of monthly, and to create an automated email that will alert you if a withdrawal above a certain threshold is made. Which type or category of control did you implement?
Compensating
You have been hired as a security consultant. One of your recommendations is that the organization should implement encryption for all data, including data at rest, data in use, and data in transit. Which security service does this provide?
Confidentiality
You are securing a Windows file server according to system hardening best practices. The file server contains sensitive customer information and should be only available to extranet employees. Which of the following actions should you perform? (Choose two.)
Configure full disk encryption on shared folders Prevent access to the registry and command line in group policy
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?
Containment
You are choosing a wireless access point (WAP) to install. You need to manage several WAPs from a single location. Which of the following should you implement?
Controller-based
Recently, your organization experienced an attack wherein the text file that stores persistent Web settings was modified. Which attack does this describe?
Cookie poisoning
You are comparing cryptographic solutions to implement at your organization. Which two items should you focus on when you are evaluating implementation versus algorithm selection? (Choose two.)
Crypto service providers Crypto modules
The client's specifications dictate that you use a Base64 ASCII-encoded certificate. Which of the following certificate types would NOT be acceptable?
DER (Distinguished Encoding Rules)
Management asks you to implement an encryption standard that uses a single 56-bit encryption key to encrypt 64-bit blocks of data. Which encryption standard should you implement?
DES (Data Encryption Standard)
Your company deploys several LDAP servers, which is used to allow users to locate resources. What contains LDAP entries?
DIT (Directory Information Tree)
Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST likely help mitigate this issue?
DNSSEC and DEMARC
Your company implements several databases. You are concerned with the security of the data in the databases. Which statement is correct for database security?
Data control language (DCL) implements security through access control and granular restrictions.
Wich term describes the process of PII leaving your network?
Data exfiltration
Management has requested that the administrator ensure that data normalization is implemented in the databases. Which statement best describes data normalization?
Data normalization ensures that attributes in a database table depend on the primary key.
You have been hired as a security consultant by a real estate company. The company currently implements discretionary access control (DAC) on its network. Who is primarily responsible for determining access control using this access control model?
Data owner
You need to ensure that a set of users can access information regarding departmental expenses. However, each user should only be able to view the expenses for the department in which they work. Senior managers should be able to view the expenses for all departments. Which database security feature provides this granular access control?
Database view.
You are deploying a database that will store personal customer information to a hybrid cloud environment. The database will be housed by the cloud provider but accessed using a local intranet application. Which of the following security controls should you apply to ensure high confidentiality? (Choose all that apply.)
Database-level encryption Private endpoint access to the database
Your organization is designing a database warehouse. Database administrators are trying to decide between implementing database-level, application-level, or warehouse-level security for the data warehouse. Which statements are true? (Choose all that apply.)
Database-level security is best if there will be more than 100 users for the data warehouse. The security table will likely become the largest table within the wrehouse Application-level security secures both the data and the functions of the warehouse. Database-level security is best if more than one application is being used to access the data warehouse.
You have just discovered that an application that your company purchased is intentionally embedded with software code that allows a developer to bypass the regular access and authenticate mechanisms. Which software code is being described?
Debugging Hooks
You are performing a qualitative risk analysis by having experts fill out anonymous questionnaires. Which method are you using?
Delphi technique
A user reports that she is unable to access a file server. You discover that there are numerous open connections on the file server from several servers and routers. Which type of attack has occurred?
Denial-of-service (DOS) attack
In which lower environment are the basic errors of an application detected and resolved?
Development
You need to implement voice over IP (VOIP) and wireless services for you company. Which AAA implementation was created to deal with these?
Diameter
You need to implement voice over IP (VoIP) and wireless services for your company. Which AAA implementations was created to deal with these?
Diameter
Which cryptographic technique changes multiple output bits when you change a single input bit?
Diffusion
An advanced user has recently had several new peripheral devices added to his desktop computer. You are concerned about peripheral devices becoming infected with malware. Which peripheral devices should you examine? (Choose all that apply.)
Digital camera External storage devices WI-Fi enabled Micro-SD cards
Your company underwent an attack that involved injecting a command to access the underlying files system. Which type of attack occurred?
Directory Traversal
Which one of these is NOT characterized by identifying or exploiting a vulnerability when found?
Discovering a false positive
Which of the following best describe the phrase "threat hunting"?
Discovering threats that have bypassed existing security mechanisms
A member of management recently read an article about an attack that involved the use of multiple computers with the purpose of denying legitimate access to a critical server. Which type of attack was being discussed?
Distributed denial-of-service (DDoS) attack
Your client is developing a new website. The web administrator has indicated that she would like to use a low-cost certificate to offer Transport Layer Security (TLS) to the new domain. What type of certificate should you recommend?
Domain validation
You are designing a website that allows customers to set their payment options for a subscription service. Which of the following authentication management methods is recommended for a new account holder?
Dynamic KBA (Knowledge-based Authentication)
Your organization is trying to decide whether to use RSA (Rivest, Shamir, and Adleman) or ECC (Elliptic Curve Cryptography) to encrypt cellular communications. What is an advantage of ECC over the RSA algorithmm?
ECC requires fewer resources
Management has asked you to implement an encryption algorithm that is based on the Diffie-Hellman key agreement. Which encryption algorithm should you implement?
ElGamal
Management has recently expressed concern over port security. You have been asked to ensure that all network ports are as secure as possible. Which of the following methods of port security should you implement?
Ensure that TCP and UDP ports are managed properly. Ensure that the MAC addresses of connected devices are monitored Ensure that wiring closets are locked
What is the responsibility of the data controller?
Ensure that the data subject consents and protect that data
A hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred?
Escalation of privileges
Management has asked that the software developers take the appropriate actions to avoid buffer overflows. What is the BEST method to do so?
Execute a well written program
You are designing security for a new e-commerce web site. You know that you will use HTTPS as the browser protocol. The legal team has asked you to validate using the name of the responsible legal entity in the certificate, to supply other validation parameters, and to provide a higher level of trust than domain validation. Which certificate would you use?
Extended validation certificate
Your company has recently started adopting formal security policies to comply with several state regulations. One of the security policies states that certain hardware is vital to the organization. As part of this security policy, you must ensure that you have the required number of components plus one extra to plug into any system in case of failure. Which strategy is this policy demonstrating?
Fault tolerance
E-Commerce payment systems, like PayPal and Google Checkout, allow the user to use a single identity across multiple platforms. Of which identity and access service is that an example?
Federation
Your organization needs to implement a system that logs changes to files> What category of solution should you research?
File integrity checks
When using a cloud provider, which of the following aspects are the responsibility of the customer organization to secure?
Firewall configurations
Your manager has asked you to improve network security by confining sensitive internal data traffic to computers on a specific subnet using access control lists (ACLs). On which device(s) should the ACLs be deployed?
Firewalls
Which controls should you implement to mitigate the security risks of a Supervisory Control and Data Acquisition (SCADA) system? (Choose all that apply.)
Firmware version control ACLs Application firewalls Network segments
You are about to begin a forensic investigation. Which of the following is NOT part of the investigation?
Follow the incident response plan
You need to remove data from a storage media that is used to store confidential information. Which method is NOT recommended?
Formatting
An employee has reported their mobile device stolen. Which of the following MDM options provide the BEST confidentiality for the device?
Full device encryption
You have been hired as a security consultant for a large corporation. During a meeting with the IT department, the IT manager indicates that one of their applications uses a private key encryption standard that was developed in Russia and uses 256-bit encryption keys. Which encryption standard does the application use?
GOST
Management has recently become concerned about privilege escalation based on an article that was circulated. Which of the following is an example of this?
Gaining access to a restricted file by changing the permissions of your valid account.
Management is concerned that mobile device location information can be revealed to attackers. Which mobile device feature should you investigate?
Geotagging
To gain more insight into activities performed on your network hosts, you can enable and configure application monitoring through logging. Application logs are useful for forensics, activity auditing, and compliance. Which of the following application logs should you enable for forensics investigations? (Choose all that apply.)
HIPS Browser Antivirus
You have been hired as the security administrator for a company. During your first weeks, you discover that most of the client and server computers are not protected from intrusions in any way. For the servers, management wants you to implement a solution that will prevent intrusions on a single server. Which system should you implement to satisfy management's request?
HIPS (Host Intrusion Prevention System)
You decide to implement a key-based authentication method for an internal SFTP server. The IT department has a large inventory of existing client machines without cryptoprocessors that must be supported. Which of the following components should be installed on existing machines to support the new authentication method?
HSM (hardware security module)
Management has decided to purchase a new appliance firewall that will be installed between public and private networks owned by your company. Which type of firewall is also referred to as an appliance firewall?
Hardware
Which technique can tip off an investigator that data files have been altered from a previous version?
Hashing
Your company decides to implement a RAID-5 array on several file servers. Which feature is provided by this deployment?
High Availability
What is defined in an acceptable use policy?
How users are allowed to employ company hardware
Which type of state-sponsored attack targets another state's critical vulnerabilities in cyberspace, so as to weaken that state's governance or sow dissent throughout its populace?
Hybrid warfare
You are describing attacks that specifically target virtual machines in cloud-based deployment environments. Which of the following is an example of a virtual machine attack?
Hyperjacking
A user was the victim of an attack wherein the user was redirected to a fake website. Which type of attack occurred?
Hyperlink spoofing
Your organization is trying to increase network security. After a recent security planning meeting, management decides to implement a protocol that digitally signs packet headers and encrypts and encapsulates packets. Which protocol should you implement?
IPSec
You work for a company that installs networks for small businesses. During a recent deployment, you configure a network to use the Internet Protocol Security (IPSec) protocol. The business owner asks you to explain why this protocol is being used. Which three are valid reasons for using this protocol? (Choose three.)
IPSec can work in either tunnel mode or transport mode. IPSec uses ESP (Encapsulating Security Protocol) and AH (Authentication Header) as security protocols for encapsulation. The IPSec framework is used in VPN implementation to secure transmission.
Which of these options is NOT an aspect of personnel management that relates to general security policies or standard operating procedures?
ISA (Interconnection Security Agreement)
Which process allows you to deploy, configure, and manage data centers through scripts?
IaC (Infrastructure as Code)
You are designing an access control system for a new company. The company has asked that you ensure that users are authenticated with a central server. In addition, users should only have access to files they need to perform their jobs. When implementing access control, what is the appropriate order?
Identification Authentication Authorization
Which option includes verifying appropriate access controls, authentication controls, input validation, and proper logging, among others?
Identifying a lack of security controls
A man wearing a service provider's coveralls and carrying a toolbox approaches you facility's security guard. He says that his work crew is running some new Ethernet cable inside your office, but he left his mobile phone at home, so he can't call his crew to let him in. The security guard admits the man through your secured door. The following week you find an undocumented network device installed in a closet. Which social engineering attack techniques were used? (Choose all that apply.)
Impersonation Pretexting
The Cyber Kill Chain starts with reconnaissance of the target. You are the security manager for a company and are asked to present the concept of reconnaissance to the board of trustees. Which of the following aspects should you NOT present to the board?
Implement defensive strategies to reduce the impact from information gained by reconnaissance techniques
You are aware that any system in the demilitarized zone (DMZ) is accessible from the internet. What should you do to mitigate the risk?
Implement every computer on the DMZ as a bastion host
An application that your company developed is susceptible to buffer overflows. Which type of vulnerability is demonstrated by them?
Improper input handling
While developing an incident response plan for your client, you outline the roles and responsibilities of a cyber-response team. You also describe the establishment and formation of that team. What time frame should you specify for the formation of a cyber-incident response team?
In advance of an incident occurring
As the lead for a software development team, you must establish secure development requirements. Which of the following best practices must be included for secure software development? (Choose all that apply.)
Input sanitization should validate all characters against a whitelist Use only HTTP POST requests for sending web authentication credentials
Your company has recently adopted a new security policy that states that all confidential e-mails must be signed using a digital signature. Which three elements are provided by implementation of this technology?
Integrity Authentication Non-repudiation
Which of the following mitigation techniques would help contain the spread of a worm throughout the network with minimal disruption?
Isolating hosts on separate network segments
Your organization has recently implemented a new security policy that includes the implementation of the principle of least privilege. You need to ensure that users understand this principle and implement the appropriate procedures to adhere to this principle. What is the best implementation of this principle?
Issuing the Run as command to execute administrative tasks during a regular user session.
You have implemented a backup plan that includes both full and incremental backups. What does an incremental backup do?
It backs up all new files and any files that have changed since the last full or incremental backup and resets the archive bit
Management wants to install hardware and software firewalls where appropriate on your company's network. They have asked you to research the difference between hardware and software firewalls. Which of the following is a disadvantage of a hardware firewall compared to a software firewall?
It has a fixed number of available interfaces
Management has decided to install a network-based intrusion detection system (NIDS). What is the primary advantage of using this device?
It is low maintenance
During a recent security audit, you discovered that several company users are not adequately protected. You are working to harden your Web servers. As part of the hardening of the Web servers, you implement filters. What is the purpose of a filter in this scenario?
It limits the traffic that is allowed through
Management at your company has requested that you implement DLP. What is the purpose of this technology?
It monitors data on computers to ensure the data is not deleted or removed
Your organization has recently adopted a new organizational security policy. As part of this new policy, management has decided to implement an iris scanner wanting access to the secure data center. Which procedure does this use to authenticate users?
It takes a picture of the user's eye and compares the picture with pictures on file
Your company has recently decided to implement a Kerberos environment for user authentication. What is the most important component in a Kerberos environment?
KDC (Key Distribution Center)
You need to digitally sign packets that are transmitted on IPSec connections for your organization's VPN. Which of the following should you implement?
KHMAC
When you are hired as a security practitioner for your company, the administrator informs you that the company's authentication system grants TGTs. Which protocol is being used?
Kerberos
You are a security consultant. An organization hires you to implement a biometric system. This system should work in conjunction with a password to provide increased security. Which method should you implement?
Keystroke Dynamics
You are implementing a new VPN for your organization. You need to use an encrypted tunneling protocol that protects transmitted traffic and supports the transmission of multiple protocols. Which protocol should you use?
L2TP over IPSec
Your company implements LDAP servers to share directory entries. Which option allows this feature?
LDIF (LDAP Data Interchange Format)
Which operation must you undertake to avoid the mishandling of tapes, CDs, DVDs and printed material
Labeling
What preserves the existence and integrity of relevant electronic records (and paper records) when litigation is imminent?
Legal hold
What is another term for technical controls?
Logical controls
Which SIEM feature would be best for long-term storage and security?
Logs/WORM (Write Once Read Many)
When implementing a security solution for mobile devices, which two common use cases are of primary concern? (Choose two.)
Low latency Low power devices
As a security professional, you have been asked to advise an organization on which access control model to use. You decide that role-based access control (RBAC) is the best option for the organization. What are two advantages of implementing this access control model? (Choose two.)
Low security cost Easier to implement
To justify the expenses of the forensic investigation, what is one thing that you should closely document?
Man-hours
On-path browser attack formerly known as?
Man-in-the-browser
On-path network attack formerly known as?
Man-in-the-middle
Your organization has been awarded a federal government contract. You have been instructed to set up a server with an operating system that will enforce the access control rules required by the federal government. Which access control method should be implemented?
Mandatory Access Control
Management is concerned that applications have been developed using poor programming processes. Which of these issues may result from this? (Choose all that apply.)
Memory leak Pointer dereference Buffer overflow Integer overflow
You have just been hired as a security administrator for you company. In the security documentation, it mentions that message authentication code (MAC) is implemented. What does this ensure?
Message integrity
You have been asked to configure a new file server. Management has stipulated that you need to implement an authentication method that checks the identity of both ends of the connection. Which authentication method should you use?
Mutual Authentication
What is the purpose of a BPA between companies that exchange sensitive information?
Mutually agreed upon security measures to protect exchanged data
You need to install a network device or component that ensures the computers on the network meet an organization's security policies. Which device or component should you install?
NAC (Network Access Control)
You install a network device that acts as the interface between a local area network and the Internet using one IP address. Which device did you install?
NAT router
Which events should be considered as part of the business continuity plan?
Natural disaster Hardware failure
You need to ensure that backdoor applications are not installed on any devices in your network. Which tool is NOT a backdoor application?
Nessus
You need to display the current protocol statistics and port connections for Windows and UNIX/Linux computers. Which command should you use?
Netstat
Which factor does NOT minimize the security breach incidents committed by internal employees?
Nondisclosure agreements signed by employees
Which of the following would be considered an example of a design weakness?
Not including a DMZ
You are designing an application that will allow a user to log in to the application with the user's existing Facebook or Twitter credentials. Which service would you incorporate in the application?
OAuth
You have found that your system for validating keys has a latency period of 24-48 hours. As a result, a key that had been breached was accepted. You want to provide a real-time solution that will reduce this latency period. Which technology should you implement?
OCSP (Online Certificate Status Protocol)
You need to validate the address information of the certificate owner by examining the certificates. What could you examine to accomplish this?
OID (Object Identifiers)
Your company must implement a subnetwork that is highly secure. Management asks you to implement an encryption method that is used only once for a single document. Which encryption method should you use?
OTP (one-time pad)
Your company-provided Android devices are all under the control of a mobile device management (MDM) console. You want to use this console to prevent users from rooting their devices. How does this support security?
On an unrooted device, the user cannot allow apps to escape the isolated virtual sandbox they run in
What are examples of an on-path browser attack?
On the victim computer Malware/Trojan does the proxy work Proxy encrypted data easily Victim is unaware Waits for the victim to login and steals credentials
As your organization's security officer, you are currently completing audits to ensure that your security settings meet the established baselines. In which phase of the security management life cycle are you engaged?
Operate and maintain
You are investigating the CIS Controls. Which category of controls are focused on the people and processes within an organization?
Organizational
Which of the following describe an inherent vulnerability found in many drone and unmanned aerial vehicles?
Overwhelming the device with large amounts of data, causing it to crash
Recently, your organization has experienced several password attacks. Management has asked you to provide additional security to ensure that this does not happen again. You decide to implement a key stretching function. Which of the following could you use? (Check all that apply.)
PBKDF2 (Password-Based Key Derivation Function 2) Bcrypt
Your organization will be launching a retail website that will handle cardholder data. Which regulation should you recommend following to avoid any potential fines due to a data breach?
PCI-DSS (Payment Card Industry Data Security Standard)
Your client is migrating from an Apache-based server to a Windows server. Which X.509 certificate file extension is NOT going to be compatible with the new server?
PEM (Privacy Enhanced Mail)
Your client is migrating from a Windows-based server to an Apache server. You need to convert the current X.509 certificate so that it can be used on the new Apache server. What is the original file extension for the X.509 certificate?
PFX
You are working on a new security system for a federal courthouse. You must ensure that both employees and contractors are able to enter the building using certificate-based authentication. Which authentication system should you integrate?
PIV (Personal Identity Verification)
Which encryption techniques are used by AES, DES, and Blowfish? (Choose two.)
PRNG (pseudo-random number generator) Symmetric algorithm
You have been asked to install a new firewall that only examines the packet header information. Which type of firewall are you installing?
Packet-filtering firewall
You are setting up the network for a small business. The small business is concerned with data security. You need to configure the network so that users log in with a username and password. You investigate the types of passwords that the company can use. Which password type is usually the easiest to remember?
Passphrase
Although the network requires multiple credentials to access systems, you need to ensure that each password is unique and meets the complexity and length requirements of the company. Which of the following storage can help users maintain access across multiple systems?
Password Vault
As the project lead for a development project, you must ensure that web application code is protected against the OWASP Top 10 exploits. Which of the following best practices should you follow? (Choose three.)
Perform input sanitization and validation to protect against injection attacks Separate untrusted data from active browser content to mitigate XSS attacks Maintain a reliable patch management policy to mitigate known software vulnerabilities
You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do?
Periodically complete a site survey
Management has requested that you ensure all firewalls are securely configured against attacks. You examine one of your company's packet-filtering firewalls. You have configured the following rules on your firewall. Permit all traffic to and from local hosts. Permit all inbound TCP connections. Permit all SSH traffic to linux1.cybervista.net Permit all SMTP traffic to SMTP.cybervista.net Which rule will most likely result in a security breach?
Permit all inbound TCP connections
Order the six phases of the software development life cycle from first to the last phase
Plan Design implement Test Deploy Maintain
You are exploring the attack surface of a Windows 10 host. Which scripting environment is an automation standard for modern Windows systems?
PowerShell
You are researching file-less malware that targets Windows-based platforms. Which scripting environment is used to download the payload directly on these systems?
PowerShell
Your company's security policy includes system testing and security awareness training guidelines. Which control type is this considered?
Preventative administrative control
You perform a server scan and find that you have a high amount of Telnet traffic. You have installed several new peripheral devices on the server. Which newly installed peripheral device is most likely causing this problem?
Printer
Your client is migrating from an Apache-based server to a Windows server. Which X.509 certificate file is NOT going to be compatible with the new server?
Privacy Enhanced Mail (PEM)
You need to validate the address of the certificate owner by examining the certificates. What could you examine to accomplish this?
Private key
What is the difference between production honeypots and research honeypots?
Production honeypots mitigate risks to production systems by aiding in attack prevention, detection, and response. Research honeypots are information-gathering resources
Your manager suspects that your network is under attack. You have been asked to provide information regarding traffic flow and statistical information for your network. Which tool should you use?
Protocol analyzer
Although your organization is not required to comply with GDPR, which of the following recommendations will minimize its potential impact? (Choose all that apply.)
Provide reasonable notifications to subject when their data is collected or has been breached. Anonymize or generalize subject data for analysis, instead of processing personal data directly.
You need to ensure that resources are only allocated when they are needed. Which secure coding technique should you use?
Provisioning and deprovisioning
You want to configure SSH without requiring a password. Which of the following can be used as a credential?
Public RSA key
Which team is responsible for debriefing both attackers and defenders after an attack simulation?
Purple team
You need to provide centralized remote user authentication, authorization, and accounting for your company's network. Which solution should you employ?
RADIUS (Remote Authentication Dial-In Service)
You need to allow remote access users to log on to a network through a shared authentication database. Which of the following should you deploy?
RADIUS (Remote Authentication Dial-In User Service)
You are designing a wireless network for commercial tenants in a shopping area. As a group, the tenants want to build a community network where their customers have internet access throughout the area, regardless of which retailer's network the customer is using. What technology would allow you to do that?
RADIUS Federation
You are currently comparing stream ciphers and block ciphers. You have decided to use only block ciphers and hash algorithms on your organization's network. Which cryptographic algorithm is a stream cipher?
RC4 (Rivest Cipher 4)
You have been hired as a security consultant. The company owner asks you to implement public key encryption to protect messages traveling between two points. Which algorithm should you implement?
RSA (Rivest, Shamir, Adleman)
Which of these options is particularly dangerous because it processes data with little or no latency?
RTOs (Real Time Operating System)
Your organization uses several applications that are considered to be multi-threaded. Which memory vulnerability is associated with these applications?
Race Condition
Your organization uses several applications that are considered to be multithreaded. Which memory vulnerability is associated with these applications?
Race condition
Which of the following tools could be used to automate a brute-force attack using a dictionary?
RainbowCrack
You are investigating the email metadata associated with a phishing attempt. Which field in the email header is most likely to help locate where the email originated?
Received
Your client's HR practices include promotion from within, and transferring people between offices on a regular basis. It seems like the most common question you hear when employees talk on the phone is "What office are you working at now and what are you doing?" What practice will ensure that a user's permissions are relevant and current?
Recertification
What are some disadvantages to using a cold site? (Choose all that apply.)
Recovery time Testing availability
What are examples of an on-path network attack?
Redirects your traffic ARP poisoning
You manage the security for a small corporate network that includes a hub and firewall. You want to provide protection against traffic sniffing. What should you do?
Replace the hub with a switch
Your organization is a subcontractor for a major government defense contractor. While writing an incident response plan, you must determine the circumstances under which to bring in an outside contractor. Which portion of the incident response plan includes this information?
Reporting and escalation guidelines
Which general mechanism is used by cloud consumers to limit security exposure and running expenses?
Resource policies
When applying the NIST functions in the Cybersecurity framework, which function includes incident analysis and mitigation activities?
Respond
What is the purpose of the MITRE ATT&CK framework?
Respond to tactics and techniques found in real world attacks.
You have been hired as a security administrator by your company. You have recommended that the organization implement a biometric system to control access to the server room. You recommend implementing a system that identifies an employee by the pattern of blood vessels at the back of the employee's eyes. Which biometric system are you recommending?
Retina scan
You need to implement an authentication system that verifies the identity of the users. Which type of authentication should you implement?
Retinal scan
You have decided to install a proxy server on your network. Which type of proxy is also called a surrogate proxy.
Reverse proxy
Your company's network has multiple networks that are connected via different devices. Which device is designed to provide the most efficient transmission of traffic that is NOT specifically denied between networks?
Router
Which of these is part of a scan to identify a common misconfiguration?
Router with a default password
Your manager has asked you to improve network security by confining sensitive internal data traffic computers on a specific subnet using access control lists (ACLs). On which device(s) should ACLs be deployed?
Routers
You need to include some additional information in the certificate definition. Specifically, you would like to include the host name associated with the certificate. Which of the following would provide a solution?
SAN (Subject Alternative Name)
Your company needs to protect message integrity. Management decides that you need to implement an algorithm that uses 160-bit checksums. Which algorithm should you implement?
SHA (Secure Hashing Algorithm)
You need a tool that can aggregate logs from multiple firewalls, send alerts when certain behaviors are detected in the network, provide trend analysis, and analyze user behaviors. What should you choose?
SIEM (Security Information and Event Management)
After a recent security audit, several security issues were found. The auditor mad suggestions on technologies that your organization should deploy. One of the suggestions made is to deploy SKIP. Which statement is true of SKIP?
SKIP is a key distribution protocol
Your organization has decided to outsource its e-mail service. The company chosen for this purpose has provided a document that details the e-mail functions that will be provided for a specified period, along with guaranteed performance metrics. What is this document called?
SLA (Service Level Agreement)
Recently, your company's network has been attacked from outside the organization. The attackers then changed the configuration of several network devices. Management has asked you to monitor network devices on a regular basis. Which protocol should you deploy?
SNMP (Simple Network Management Protocol)
Your company's network consists of multiple subnetworks that each implements its own authentication system. Often users must login separately to each subnetwork to which they want access. You have been asked to implement technology that allows users to freely access all systems to which their account has been granted access after the initial authentication. Which of the following should you implement?
SSO (Single-Sign On)
Your company implements an Ethernet network. During a recent analysis, you discover that network throughput capacity has been wasted as a result of the lack of loop protection. What should you deploy to prevent this problem?
STP (Spanning Tree Protocol)
Which variation of the point-to-point VPN accepts secure HTTP traffic and translates the traffic into the direct access protocols needed to access cloud-based VMs?
SWG (Secure Web Gateway)
You are concerned about vulnerabilities that may be caused by a failed test in the research and development department. How do you keep the production network safe? (Choose two.)
Sandboxing Air Gap
Which tool to used to perform a vulnerability test?
Scanning tool
You have a cloud-based application that associates encryption keys with each logged in user. Which cloud mechanism should you use to secure the encryption keys?
Secrets management
Your company has recently decided to create a custom application instead of purchasing a commercial alternative. As the security administrator, you have been asked to develop security policies and procedures on examining the written code to discover any security holes that may exist. Which assessment type will be performed as a result of this new policy?
Secure code review
A company implements an application that accesses confidential information from a database. You need to allow guest access that uses time-sensitive passwords. Which device will generate these passwords?
Security token
Your organization recently had a cross-site request forgery (CSRF) attack. What is another name for this attack?
Session riding
You install a type of monitoring that requires updates to be regularly obtained to ensure effectiveness. Which type of monitoring did you install?
Signature-Based
An attacker carried out an IP spoofing that included saturating your network with ICMP messages. Which attack occurred?
Smurf
A user accidentally installed a driver that had issues. You have been asked to return the computer to its state prior to the driver installation. Which of these is most likely the quickest method of meeting this requirement?
Snapshots
You need to design a backup plan for your company's file server. You are most concerned with the restoration time. Which of the following would take the least amount of time to restore?
Snapshots
You need to educate several members of management regarding the susceptibility of password to attacks. To which attacks are passwords susceptible? (Choose all that apply.)
Social engineering Sniffing Brute force Dictionary
Which suppression methods are recommended when paper, laminates, and wooden furniture are the elements of a fire in the facility? (Choose two.)
Soda acid Water
Your organization has several applications and servers that implement different password types. You need to document the different password types that are used because your company wants to later implement a single sign-on (SSO) system. Which password types are usually the hardest to remember? (Choose all that apply.)
Software-generated password Dynamic password
Your organization has decided to implement keyboard cadence as part of authentication. Of which type of authentication factor is this an example?
Something you do
Using the NetFlow/IPFIX protocol, which of the following fields define a unique network flow? (Choose all that apply.)
Source/Destination IP Addresses Source/Destination Ports
What is ARP poisoning a form of?
Spoofing
You are responsible for code quality and testing. What should you incorporate to ensure that memory allocations have corresponding deallocations?
Static code analyzers
Your organization has a security policy in place that states that all precautions should be taken to prevent physical theft of mobile devices. Which precaution would prevent this?
Store mobile devices in a locked cabinet.
You need to protect against injection attacks. Which of the following should you use?
Stored procedures
A hacktivist group claims responsibility for infecting a manufacturer's systems by planting an infected USB drive at the company's office. The manufacturer's distributor, several vendors, and hundreds of customers were all eventually infected with the malware that stole important credential information from those infected. Which term describes this attack strategy?
Supply chain
A huge customer data breach occurred at a retail store. It originated from the store's point-of-sales system contractor, who did not have adequate malware protection. Which risk mitigation concept could the store have implemented to avoid the breach?
Supply chain assessment
Your company has recently decided to implement a BYOD policy for the network. Management has asked you to write the initial BYOD security policy. Which of the following should be included as part of this policy? (Choose all that apply.)
Support ownership Data ownership Patch management Application white-listing and black-listing
Which of the following common use cases would address the issue of data leakage from a side-channel attack?
Supporting high resiliency
You have been asked to segment traffic so that traffic within one department is isolated from the traffic for other departments. You decide to implement a virtual LAN. Which equipment should you use to do this?
Switch
Which encryption techniques are used by AES, DES and Blowfish?
Symmetric algorithm PRNG (Pseudo-Random Number Generation)
You have been promoted to security administrator. Recently, management implemented a security policy that states that symmetric cryptography must be used. However, your research indicates the symmetric cryptography is a better choice for your organization. Which statement is true of symmetric cryptography?
Symmetric cryptography is faster that asymmetric cryptography.
Your users often forget their passwords and ask for assistance. You send a link to reset the password. You would like to incorporate a time limit for the user to respond to the link. Which would you incorporate?
TOTP (Time-based One Time Passwords)
You have been asked to implement hardware-based encryption on a Windows computer. What is required to do this?
TPM chip
In which lower environment are general security requirements verified in an application before being released to the general public?
Testing
After researching different security mechanisms, your company decides to implement PGP (Pretty Good Policy) instead of a formal PKI and trust certificates. Which of the following is a characteristic of PGP?
The establishment of a web of trust between the users.
A Windows computer is located on a TCP/IP network that uses DHCP. You want the computer to release its lease on the TCP/IP configuration that it received from the DHCP server. Which command should you issue to release the configuration?
The ipconfig command
Management has recently become worried about DNS poisoning after reading an article about it. Which of the following BEST describes the attack?
The practice of dispensing IP addresses and host names with the goal of traffic diversion.
Management has asked you to ensure that the certificates that have been validated in the corporate PKI are protected. What must be secured in the PKI?
The private key of the root CA
When users log into the network locally, they must provide their username and password. When user's log in to the network remotely, they must provide their username, password and smart card. Which two statements are true regarding your organization's security?
The remote network login uses two-factor authentication The local network login uses one-factor authentication
An advanced user bypassed the company's security policy by rooting his corporate Android phone so that he could have more freedom to install special third-party mobile apps. Which of the following is the greatest security risk of rooting an Android phone?
The user could brick the device and void the manufacturer's warranty
You have recently been hired as a network administrator. The CIO informs you that their wireless networks are protected using firewalls. He has asked that you implement MAC filtering on all access points. What is the purpose of using this technology?
To restrict the clients that can access a wireless network
You are setting up a complex PKI where clients might have to get a certificate from somewhere other than their own CA. What should you include in the implementation to define the relationships between various CAs?
Trust model
Your company has a backup solution that performs a full backup each Saturday evening and a differential backup Monday through Friday evenings. A vital system crashes on Tuesday morning. How many backups will need to be restored?
Two
You have implemented three databases that your organization uses to ensure that an entire transaction must be executed to ensure data integrity. If a portion of a transaction cannot complete, the entire transaction is not performed. Which database security mechanism are you using.
Two-phase commit
Which of the following sources would provide a threat hunter with the most recent software and other security vulnerabilities discovered over the past week?
US CERT Bulletin
You have several independent security monitoring solutions, each with different logging mechanisms. You are concerned that they are not working well together, and that the separate logs may not present all the necessary information. In addition, the costs of maintaining the separate products are rising. You need to provide a centralized solution that will include centralized logging. What could you replace them with?
UTM (Unified Threat Management)
Your organization has discovered the cost savings associated with virtual machines and is encouraging rapid adoption. Which concept should you implement before things get out of control?
VM Sprawl Avoidance
You need to access a virtual machine that was recently created by the IT department. Which of the following security controls should you configure for the MOST secure remote access.
VPC endpoint
While performing routine network monitoring for your company, you notice a lot of IPSec traffic. When you report your findings to management, management wants you to explain the high amount of IPSec traffic. What is a common implementation of this protocol that you should mention?
VPN
You are designing a network. In addition to placing devices in a peripheral network, you need to place security devices in several key departments. Which of the following security devices could NOT be placed wherever they are needed in the network?
VPN concentrators
You are responsible for designing your company's identification, and authorization system to ensure that the company's network is protected from unauthorized access. What is the purpose of the authentication of this network?
Verifying the identity of users
Which integrity strategy is used to ensure that application code has not been tampered with since it was checked in by a developer?
Versioning control
Which type of computers are targeted by RedPill and Scooby Doo attacks?
Virtual Machines
Which type of test relies heavily on automated scanning tools and reporting?
Vulnerability Test
Which of the following transmit data via Wi-Fi or Bluetooth only to a host device and are vulnerable to data interception and attack?
Wearable Technology
Smart devices and Internet of Things (IoT) are growing rapidly. Which of these include embedded systems that are security risks? (Choose all that apply.)
Wearable Technology Home Automation Devices Medical Devices Printers
Recently, several confidential messages from your company have been intercepted. Your company has decided to implement PGP (Pretty Good Policy) to encrypt files. Which type of model does this encryption use?
Web
Management wants to protect all traffic on the company's HTTP/HTTPS server. You have been asked to recommend a solution. Which device is the BEST solution?
Web application firewall
You find general purpose guides and platform/vendor-specific guides for deploying the items below. Which of the following should you deploy using vendor-specific guides as a best practice? (Choose all that apply.)
Web server Operating system Network infrastructure devices Application server
You instruct a user to issue the ipconfig command with the /release and /renew options. In which two situations would it be appropriate to ask a user to do this? (Choose two.)
When recent scope changes have been made on the DHCP server. When the result of running ipconfig /all command indicates a 169.254.163.3 address
You are performing user account reviews. You need to determine whether user accounts are active. Which property should you verify?
When the last logon occurred
You need to explain to personnel how a Cross-site Request Forgery (XSRF) attack occurs. Which of the following best describes the attack?
When unauthorized commands are executed on a Web server by a trusted user
Which of the following scenarios describes a man-in-the-browser (MitB) attack?
When users attempt to access a legitimate website, they are instead redirected to a malicious website
Which of the following scenarios describes a man-in-the-browser (MIB) attack?
When users attempt to access a legitimate website, they are instead redirected to a malicious website.
You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security while providing support for older wireless clients. Which protocol should you choose?
Wi-Fi Protected Access (WPA)
Your company has a website based on their domain name. In addition to the website, they also operate mail and FTP servers using the same domain name. Which of the following options would simplify certificate management?
Wildcard Certificates
Which cipher uses a binary key and is often combined with or incorporated into a symmetric algorithm because it is not secure when used by itself?
XOR
Microsoft releases a notification to all users that a vulnerability has been recently discovered in SQL Server 2017 (version 14.0) that could allow an attacker to control your computer remotely. They are working on a fix, but do not have a workaround available. Which term best describes this risk?
Zero-day vulnerability
Often the sales people for your company need to connect some wireless devices together without having an access point available. You need to setup their laptops to ensure that this communication is possible. Which communications mode should you use?
ad hoc
Recently, an IT administrator contacted you regarding a file server. Currently, all users are granted access to all of the files on this server. You have been asked to change the configuration and designate which users can access the files. What should you use to do this?
an ACL
You discover that a malicious program has been installed on several host computers on your network. This program's execution was remotely triggered. Of what is this an example?
botnet
You need to set permissions for the Tablemaker file so that users can read, write, or execute it and members of the user's group can execute it. Which command will you run?
chmod u=rwx,g=rx,o=r Tablemaker
After troubleshooting an issue on a Windows computer, the IT technician determines that the computer has been infected by a platform-independent virus that was written in an application's language and is capable of infecting any files using that language. Which virus is present?
macro virus
Which protocol is used to consolidate event information from multiple devices on a network into a single storage location?
syslog