Comptia Test

6 steps - incident response

1) Preparation 2) Identification 3) Containment 4) Eradication 5) Recovery/Repairing the Damage 6) Lessons learned

Which option provides port-based security for a wireless network by communicating with an authentication server to provide network authentication?

802.1X

Your organization has implemented a security policy that requires that unnecessary accounts be purged from the network. Which account practices would be helpful n identifying unnecessary accounts? (Choose TWO.)

Account maintenance Recertification

Amplicfication

An attack that is asymmetric where a small number of resources are needed to inflict a significant amount of damage.

Man-in-the-browser

An attack where an attacker relays communication between devices to another device

Domain hijacking

An attacker gains access to registration information of a domain

Open

Any device may authenticate and attempt to communicate with the access point

BYOD

Approve personal devices for business use

Which type of interoperability agreement is used to establish a partnership?

BPA

Which of the following is a form of smart card?

CAC

As the application developer for your company you are concerned about ensuring that your data is stored using a fast and efficient enciphering mechanism. All else being equal, which of the following cipher mode would be the worst choice in terms of performance?

CBC

Preshared Key

Clients and access point authenticate using a defined string known on the access point and the connecting device

Enterprise

Clients and authentication server authenticate using EAP with provided key

Captive Portals

Clients connecting to the access point are directed to a web site, where users authenticate to the http server before gaining further network access

Your company uses a PKI. As a member of your local IT team, you have been tasked with implementing a method of storing keys that can be used by law enforcement to decrypt encrypted document. What should you do to meet this requirement?

Configure a key escrow

DNSSEC

Confirms the authenticity of domain name records

Misconfigured devices are an easy entry point into your system for unauthorized users.

Content filter Access points Firewall

Which vulnerability scanning concept is best decribed as logging into a network with a valid user account to run vulnerability scans?

Credentialed vulnerability scanning

As a developer overseeing security for your software you are concerned with the specific .dll being used to provide the cryptographic mechanisms for your program. This is an example of what aspects of managing cryptography? (select two)

Crypto service provider selection Implementation Selection

Mobile device management involves centralizing the

Custom firmware Jalibreaking Sideloading Carrier unlocking

In preparation for the real incident, you schedule an exercise and have documented the incident types and category definitions. Which components are part of the incident response plan?

Cyber-incident response teams Reporting requirements/escalation Roles and responsibilities

Which Diffie-Hellman group is the minimally acceptable for Cisco ASA devices?

DH Group 14

VDI

Deploy devices that don't run any business-specific applications locally

Misconfiguration of devices and systems can cause several security issues. How can you prevent or minimize instances of data exfiltration?

Disable all USB ports

You have added an important document to a file share on your organization's network. You have given individual users different permission levels to access this file. Which type of access control model have you implemented?

Discretionary access control

You need to provide a solution that eill allow you to use asymmetric cryptography to encrypt data

ECC

You need to provide a solution that will allow you to use asymmetric cryptography to encrypt data on mobile devices, while keeping overhead at a minimum. Which of the following options would BEST accomplish this task?

ECC

WPS

Enables wireless access via a PIN when pushing a button on the access point

LDAPS

Encrypts all the data sent to and from a directory services server

SNMPv3

Encrypts all the data sent to and from a directory services server

As a network technician within your company, you have been tasked with applying changes to your corporate account management policy. You are required to ensure that users must use 20 unique passwords before an old account password can be reused. You must also ensure that their user account passwords are forced to be updated every 30 days. Which account policies should you use to meet these requirements? (Select TWO.)

Enforce password history Maximum password

IKEv2

Establishes and maintains Security Associations

A malicious user disconnects an AP from the network. They proceed to configure their personal laptop with the same name as the AP. Which type of attack was launched?

Evil twin

As the director of Incident response, you are tasked with tracking and reducing man hours. You compile reports regarding several recent breaches and analyze: --Initial incident response times --Time to executive management notice --Average Incident Response Completion Time Which of the following would help you reduce man hours and shorten response times?

Exercises/tabletop

Application or multi-purpose

Filters requests for data based on configurable criteria such as the originating and destination IP address or port number

The secure sockets layer, or SSL, protocol can be used to encrypt network traffic between endpoints, thereby improving security overall, But such encrypted data need to be decrypted again to ensure it's accessible by authorized clients. Which device can be configured to act as an SSL decryptor?

Firewalls

Reverse

Forwards a request for information originating from the Internet to act as an intermediary between online servers and internal network servers

Compiled code

Generally runs faster Considered more secure

Interpreted Code

Generally runs slower Considered less secure

Forward

Handles requests for online content and fetches the relevant information from the Internet and presents it internally to the client device

You need to provide a username, PIN, and a generated passcode to successfully log in to a computer. The passcode is obtained from the display of a small handheld device. Which of the following options is this an example of?

Hardware token

You need to provide a username, PIN, and generated passcode to successfully log in to a computer. The passcode is obtained from the display of a small handheld device. What does this describe.

Hardware token

The purpose of performing vulnerability scans is to: (Choose TWO)

Identify a lack of security Identify misconfigured software

You are leading a software project in which security is one of the most important considerations. Once the project is complete there will be no changes

Immutable systems Baselining

You are working for a company that suspects an unauthorized user on the company network is sending classified data to another user over the Internet. What should you do to make a copy of the data to be analyzed?

Implement SPAN

Which term describes an individual or a group of people who can be the most destructive to a small or medium sized business?

Insiders

Authentication Header

Is only used in Tunneling mode

Encapsulating Security Payloads

Is used to encrypt the data being transmitted

Coprorate-owned or CYOD

Issue a corporate-owned device that the user may sometimes choose

COPE

Issue corporate-owned devices for business and private use

Which authentication method is used as part of an SSO implementation?

Kerberos

Which type of attack can be used to intercept and alter data that is sent between hosts?

Man-in-the-middle attack

Which security measure is implemented to help detect fraud from internal employees?

Mandatory vacations Job rotation

As a security administrator trying to manage the possible impact of various risk you need to identify the specific services or functions that your company provides that must be either fault tolerant or able to resume quickly after a disruption. In doing this you are identifying which of the following?

Mission-Essential Functions

Yo are attending a concert for a local band. You wish to purchase some merchandise from a vender. The vender accepts cash, but also accepts credit cards. If you use your credit card, which of the following attacks should you be concerned with? (Choose Two)

NFC Replay Attack

You work for a new private organization in the United States. You will be responsible for creating a security program that will allow your company to respond to cyber-attacks. Which framework is most appropriate for this particular need?

NIST CSF

You are working on a project that involves a new database and tables. Part way through the project you notice that redundant data about a customer is being stored in a Customer Identity table. What should be incorporated to ensure redundant data is not being stored in the Customer Identity table?

Normalization

Junior developers in your organization have been taking training on creating secure applications. One of the techniques taught to the developers is to write programs that humans will have a difficult time understanding their purpose. This an example of which technique?

Obfuscation

As part of data center planning you have leased rack space in two offsite datacenteres

Offsite backups

As part of data center planning you have leased rack space in two offsite datacenters, one in the US as the site used for offsite backups and recover the other in Mexico as the failover and alternative processing site, and you will maintain the datacenter at HQ in the US. All sites are at a distance of 1500 miles from each other. You receive notice from legal that due to the recent award of a DOD contract no technical specifications, nor the required encryption technology can leave the country. Which geographic consideration is properly planned for in this situation?

Offsite backups

netcat

Opens a port on a system and sends data to that port across the network

During an active incident you have data to acquire from the machine hard drives, the active RAM, the log files and the USB device suspected to have brought the malicious payload inside the network. You decide to capture the RAM first based on what procedural principle?

Order of volatility

As the security administrator in your organization you need to export the private key and certificate from one web server to another. Which of the following file types will allow you to do so with a single file? (Select TWO)

P7B DER

You oversee a group of developers creating a sales application. The application is being created in parts. One of the developers is checking how the piece of code responds to various inputs. What is this an example of at this point in the project?

Performing dynamic analysis

nmap

Performs port scans on a network to identify running services and connected devices

A user reports that they have received an e-mail from their credit card company. The e-mail states there is a problem with their account. The e-mail provides a link to follow to correct the issue; however, upon further inspection, the user notices the URL looks suspicious. Of which of the following is this MOST likely an example?

Phishing attack

A smart card is an example of which control type?

Physical

Which of the following are examples of active reconnaissance? (Select THREE.)

Port scanning The usage of the tool Traceroute A vulnerability scanner

Transparent

Processes requests for information on behalf of clients without requiring any intervention or software configuration on the part of the client

As system administrator, you need to be familiar with a range of technologies, tools, and devices. What is the function of a hardware security module, or HSM?

Provides specialized cryptographic processing power

ISAKMP

Provides the authentication framework

Which type of malware usually delivers itself via a Trojan and is used for controlling a system over a network as if it was being controlled locally>

RAT

You require an asymmetric encryption type that can be used for encryption and digital signatures. Which encryption type should you select?

RSA

Which of these attacks attempt to discover a password by reversing the password's has value?

Rainbow table attacks

Your company has just been brought out by another company and the companies have merged. As a result, the IT security policies from both companies have been reviewed. Something that was not considered in wither policy were peripheral devices. A new IT security policy is put in place that considers peripheral devices. Which action represents an example of securing peripheral devices in a secure state while in use?

Replace Wi-Fi SD cards with regular SD cards.

Which type of access control model is typically used to secure access to a database system?

Role-Based Access Control

The secure sockets layer, or SSL, protocol can be used to encrypt

Router

You have configured a firewall to filter external traffic entering your

Rule-based access control

You have configured a firewall to filter external traffic entering your company's network. Which type of access control does a firewall use?

Rule-based access control

You are in the process of upgrading the organization's email security, both within the corporate network and for users who need to access their corporate email remotely. Which protocols can you use to accomplish this? (Choose three.)

S/MIME Secure POP/IMAP HTTPS

Remote VPN access File transfers Voice and video data streams Domain name resolution Directory services Router and switch monitoring

SSTP or L2TP SFTP or SCP SRTP DNSSEC LDAPS SNMPv3

Which of the following describes the process of adding secret data to an input before the hashing process?

Salting

What data loss prevention, or DLP, measures can you implement in the organizational network? (Choose three)

Scanning outgoing e-mail message for sensitive or proprietary content that should not be shared Prohibiting proprietary or other sensitive data from being copied to USB devices Preventing the sharing of and storage of confidential or sensitive data to the cloud

Which CA certificates would be created in -house rather than purchased from a third-party vendor?

Self-signed Root

E-mail has become the norm in may organizations but brings with it certain risks

Server-to-server encryption Spam filter Data loss prevention

The system administrator at a small corporation is in the process of upgrading the network intrusion detection system but doesn't have time to build an extensive threat database or establish a threat threshold from scratch. Rather, the administrator chooses to rely on the cumulative data compiled by various trusted security vendors regarding known network security threats to guard against. Which monitoring methodology would be most likely to report false negatives under these circumstances?

Signature-based monitoring

E-mail has become the norm in many organizations but brings with it certain risks that administrators need to guard against. What can you do to secure mail gateways within the network infrastructure? (Choose three.)

Spam filter Server-to-server encryption Data loss prevention

Which technologies provide centralized authentication, authorization, and accounting for remote users?

TACACS+ RADIUS

The incident response team has responded to a security threat where an employee's computer has been infected with a virus. During the recovery phase of incident response, what should be done?

The computer should be rebuilt

A hacker located an unknown security issue by using their coding skills. Which option correctly describes this?

The hacker discovered a zero-day vulnerability

Which option represents the strongest block encryption algorithms?

Twofish

Which special purpose device should consider the use of ISO 14508 for security

UAV

Installing and maintaining applications on a network can lead to several issues

Use biometrics or one-time access codes Ensure that each application uses its own account

You work in a highly classified environment for a military branch of the government. You need to improve the security of the network to make it virtually impossible for top-secret information to be exposed by hackers. What should you do? (Select TWO)

Use physical isolation in the environment Create an air gap in your network

Pass the hash

Uses a NTLM or LanMan hash of a user's pasword to gain access to a system

What can be used to service several network connections over an unsecure network?

VPN concentrator

You need to implement biometric access controls to a high security location in your office. Which biometric factor would be considered the least accurate?

Voice Recognition

Which type of wireless attack involves searching for unsecured wireless networks in a community?

War driving

You have been hired as a security consultant for a small company. Management is concerned about the security of their web server due to some recent DoS attacks. They have asked you to provide them with specific procedures to follow to get the web server back online as quickly as possible if another attack occurs. Which of the following will assist in this task?

create an incident management document