Info Security TestOut

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

In business continuity planning, what is the primary focus of the scope?

Business processes Company assets are the focus of risk assessment for security policy development, not BCP. Human life and safety are considerations for emergency response, but are not the focus of the BCP scope. Recovery time objective is a consideration in the development of emergency response, not an aspect of BCP scope.

What is the primary goal of business continuity planning?

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

Which of the following mobile device security consideration disables the ability to use the device after a short period of inactivity?

Screen Lock

Which of the following is defined as contract that prescribes the technical support or business parameters a provider will bestow to its client?

Service Level Agreement

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs?

Shredding

Which of the following are not reasons to remote wipe a device?

The device is not active for a period of time

Your company security policy requires separation of duties for all network security matters.

The system administrator configures remote access privileges and the security officer reviews and activates each account

Which of the following best defined Single Loss Expectancy (SLE)?

The total monetary loss associated with a single occurrence of a threat

When conducting a risk assessment, how is the annualized rate of occurrence (ARP) calculated?

Through historical data provided by insurance companies and crime statistics

What is the primary purpose of having employees take mandatory one-week vacations?

To check for evidence of fraud

What is the primary purpose of source code escrow?

To obtain change rights over software after the vendor goes out of business

Which of the following is an action that must take place during the release stage of the SDLC?

Vendors develop and release patches in response to exploited vulnerabilities that have been discovered

Your organizaiton entered into an interoperability agreement (IA) with another organization a year ago. As part of this agreement, a federated trust was established between your domain and the partner domian. The partnership has been in the ongoing operations phase for almost nine months now. As a security admin, which tasks should you complete during this phase? ( select two)

Verify compliance with the IA documents Conduct periodic vulnerability assessments

If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?

negligence

When is BCP or DRP design and development actually completed?

never

What is the weakest point in an organizations security infrastructure?

people

In the /etc/shadow file, which character in the password field indicates that a standard user account is locked?

!

You have a computer with three hard disks. . A RAID 0 volume uses space on Disk 1 and Disk 2. . A RAID 1 volume uses space on Disk 2 and Disk 3.

) Data on the RAID 1 volume is accessible ; data on the RAID 0 volume is not

Which chage option keeps a user from changing their password every two weeks?

-m 33

hich file should you edit to limit the amount of concurrent logins for a specific user? (Tip: Enter h to the file.)

/etc/security/limits.conf

manage several Windows systems. All computers are members of a domain. You use an internal website that uses Integrated Windows Authentication. You attempt to connect to the website and are prompted for authentication. You verify that your user account has permission to access the website. You need to ensure that you are automatically authenticated when you connect to the website. What should you do?

0 Add the internal website to the Local intranet zone

Your network uses the following backup strategy: Full backups every Sunday night Incremental backups Monday night through Saturday night On a Thursday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data?

04 You will need to perform four restore procedures: Restore the full backup from Sunday 2. Restore the incremental backup from Monday 3. Restore the incremental backup from Tuesday Restore the incremental backup from Wednesday along with the last differential backup. backup). If you did full backups with differential backups, you would If you did a full backup every night, you would restore only a single backup (Wednesday's restore the last full backup References

You want to close all ports associated with NetBIOS on your network firewalls to prevent attacks directed against NetBIOS. Which ports should you close?

135 , 137-139

Which of the following is not one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server?

169.254.0.0-196.254.255.255

Which of the following ports does FTP use to establish sessions and manage traffic?

20, 21

You have been asked implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5?

3

Which ports does LDAP use by default? (Select two.)

389 636

To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?

443

Which of the following ports are used with TACACS?

49

What is the recommended humidity level for server rooms?

50%

You want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions?

500 resolution, 50mm, .05 LUX

You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. Which port does this action use?

636

You have conducted a risk analysis to protect a key company asset. You identify the following values: Asset value= 400 Exposure factor= 75 Annualized rate of occurrence= .25

75

You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phone used in the office are interfering with the wireless network transmissions. If the cordless phones are causing interference, which of the following wireless standards could the network be using?

802.11g Bluetooth

You want to increase the security of your network by allowing only authenticated users to access network devices through a switch. Which of the following should implement?

802.1x

While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the address of the web server, the correct site is displayed.

: . DNS poisoning

Which of the following are requirements to deploy Kerberos on a network? (Select two.)

A centralized database of users and passwords Time synchronization between devices

Which of the following best describes Active Directory?

A centralized database that contains user account and security information

You want email sent from users in your organization to be encrypted to make messages more secure. Which of the following is an option you can use to enhance the encryption of email messages?

A cryptographic service provider

Which of the following describes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server

What is a cookie?

A file saved on your hard drive that tracks website preferences and use.

What is a service level agreement (SLA)

A guarantee of a specific level of service

Users in the Sales department perform many of their daily tasks, such as emailing and creating sales presentations, on personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information on the organization's network. Your job is to implement a solution that can insiders from accessing sensitive information on personal devices. Which of the following should you implement?

A guest wireless network that is isolated from your organization 's production network

What is mutual authentication?

A process by which each party in an online communication venfties the identity of each other party

A regulation

A requirement published by a government or other licensing body that must be followed. While you are not responsible for writing regulations, you a re responsible for knowing which regulations apply to your organizations and making sure they are understood and adhered to.

Drag the Active Directory component on the left to the appropriate description on the right. A server that holds a copy of the Active Directory database that can be written to.

A server that holds a copy of the Active Directory database that can be written to. Domain Controller A folder that subdivides and organizes network resources within a domain. Organizational Unit An administratively-defined collection of network resources that share a common directory database and security policies. Domain A computing element that identifies resources in the Active Directory databse

Whar tyoe if key or keys are used in aynnetric cryptography?

A shared private key

What is the main difference between a worm and a virus?

A worm can replicate itself, while a virus requires a host for distribution.

A SYN attack or SYN flood exploits or alters which element of the TCP three-way handshake?

ACK

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?

ACL- Access control list

You manage a single domain named widgets.com Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You would like to define a granular password policy for these users. Which tool should you usei?

ADSI Edit

You want to encrypt data on a removable storage device. Which epcryption method would choose to use the strongest method possible?

AES AES is stronger and faster than 3DES when implemented with a large key size (256-bits). DES was one of the first symmetric encryption methods and is now obsolete (known be used to break the encryption). times. It is an acceptable alternative to DES. 3DES improves upon DES by applying the encryption three weaknesses can

Drag the description on the left to the appropriate switch attack type shown on the right.

ARP Spoofing/Poisoning- The source device send frames to the attackers MAC address instead of the correct device Dynamic Trunking Protocol- should ve disabled on the seitches end user ports before implementing the seitxb configurstion into the netowrk MAC Flooding- Causes packets to fill up the forwarding table and consumes so much of the switches memory that it enters a state called fail open mode MAC Spoofing- can be used to hide the identity of the attackers computer or impersonate another device

Which of the following attacks tries to associate incorrect MAC address with a known IP address?

ARP poisoning

Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?

ARP spoofing/poisoning

Which of the following advantages can single sign-on (SSO) provide? (Select two.)

Access to all authorized resources with a single instance of authentication, The elimination of multiple user accounts and passwords for an individual.

Which of the following terms describes the component that is generated following authentication used to gain access to resources following login?

Access token

What is the most important aspect of a biometric device?

Accuracy

A security administrator is system running Linux to the wireless network and then uses NMAP to probe various network conducting a penetration test on a network. She connects a notebook hosts to see which operating system they are running. Which Which process process did did the the administrator administrator use in in the the penetra penetration test in tis scenario?

Active fingerprinting

You have a shared folder named Reports. Members of the Managers group have given write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do?

Add Mark Mangum to the ACL for the Confidential.xds file with Deny permissions.

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do to help reduce problems?

Add a separate A/C unit in the server room

You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl. You want to make sure that these emails never reach your inbox, but you want to make sure that emails from other senders are not affected. What should you do?

Add kenyan.msn.pl to the email blacklist

Which of the following strategies can protect against a rainbow table password attack?

Add random bits to the password before hashing takes place

You manage several Windows systems. Desktop users access in-house application that is hosted on your intranet web server. When a user dicks a specific option in the application, they receive an error blocked. You need to configure the security settings that can see the pop-up without message that the pop-up was compromising overall security. What should you do?

Add the URL of the website to the Local intranet zone.

Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloud-based Windows Intune account. One of your sales representatives left her tablet at an airport. The device contains sensitive information, and you need to remove it in case the device is compromised. Which Intune portal should you use to perform a remote wipe?

Admin portal

Your organization provides with Windows 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in a cloud-based Windows Intune account. One of your sales representatives left his notebook at a customer's site. The device contains sensitive information, and you want to change the password to prevent the data from being compromised Which Intune portal should you use to remotely change the password?

Admin portal

You are the office manager of a small financial credit business. Your company handles personal financial information clients seeking small loans over the internet. You are aware of your obligation to secure clients records. Budget is an issue for your company. Which item would provide the best security for this situation?

All in - ond secunty appliance

What does the netstat -a command show?

All listening and non-listening sockets

You want to allow e-commerce websites that you keep track of your rowsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?

Allow first party cookies, but block third-party cookies

Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is not a means by which file and printer sharing is hardened?

Allowing NetBIOS traffic outside of your secured network

Which of the following describes how access lists can be used ti umprove network security?

An access list filters traffic based on the IP header information such as source or destination UP address, protocol, or socket numbers

Which of the following best describes an evil twin?

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information

Identify and label the following attacks by dragging the term on the left to the definition on the right.

An attacker convinces personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized- Masquerading An attacker pretending to be from a trusted organization sends emails to senior executives and high profile personnel asking them to verify personal information or send money- Whaling Attackers use Voice over IP to pretend to be from a trusted organization an ask victims to verify personal information or send money- Attackers send emails with specific information about the victim ( such as which online banks they use) that ask them to verify personal information-Spear phishing Attackers sen unwanted and unsolicited text messages to many people with the intent to sell products or services- Spim

You are investigating the use of website and URL content filtering to prevent users from visiting certain websites. Which benefits are the result of implementing this technology in your organization?

An increase in bandwidth availability Enforcement of the organisations internet usage policy

When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?

An unauthorized gaining access to sensitive resources

Which of the following is a mathematical attack that targets the complexity of a cryptosystem's algorithm?

Analytic attack An analytic attack is a mathematical that targets the complexity of a cryptosystem's algorithm. goal of an analytic attack is to break the algorithm.

Which of the following statements is true regarding risk analysis? (Select two)

Annualized Rate of Occurrence identifies how often the successful threat attack will occur in a single year. Don't implement a countermeasure if the cost is greater than loss

Which of the following statements about the use of anti-virus software is correct?

Anti-virus software should be configured to download updated virus definition files as soon as they become available.

Which of the following is not incuded in a system level audit event? (Select two.)

Any actions performed by the user. Names of access files

Which of the following firewall types can be a proxy between servers and clients? ( Select two)

Application layer firewall Circuit proxy filtering firewall

You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?

Application level

Match the application-aware network device on the right with the appropriate description on the left. Each description may be used once, more than once, or not at all

Applicatuon aware proxy- imroves applivTion performance Application aware firewall- enforces rules based on the application that is generating netowork traffic instead of the traditional port and protocol Application aware IDS- Analyzes netowrk packets to detect malicious payloads targeted at application layer services

Which of the following is the best recommendation for applying hotfixes to your servers?

Apply only the hotfixes that affect to software running on your systems

A PKI is an implementation for managing which type of encryption?

Asymmetric

Which of the follow are characteristics of ECC? (Select two.)

Asymmetric encryption Uses a finite set of values within an algebraic field

Which of the following statements is true when comparing symmetric and asymmetric cryptography?

Asymmetric key cryptography is used to distribute symmetric keys.

What is another name for a logic bomb?

Asynchronous attack

Which of the following activities are typically associated with a penetration test? (Select two.)

Attempting social engineering Running a port scanner

Which of the following activities typically associated with a penetration test? (Select two.) Interviewing employees to verify that the security policy is being followed

Attempting social engineering Running a port scanner

Which of the following is a collection of recorded data that may incude details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?

Audit trail

A recreation of historical events is made possible through?

Audit trails

Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?

Auditing

RADIUS is primarily used for what purpose?

Authenticating remote dients before access to the network is granted

What common network traffic packets captured and used in a replay attack?

Authentication

Which of the following is the term for the process of validating a subject's identity?

Authentication

A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?

Authentication and authorization

While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets remove this functionality prior to finalizing the code and shipping application What type security weakness does this represent?

Backdoor

What does a differentia/backup do during the backup?

Backs up all files with the archive bit set and does not reset the archive bit

What does an incrementalbackup do during the backup?

Backs up all files with the archive bit set and resets the archive bit.

Network-based intrusion detection is most suited to detect and prevent which types of

Bandwidth - based denial of service

Network-based intrusion detection is most suited to detect and prevent which types of attacks?

Bandwidth - based denial of service

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?

Bastion or sacrificial host

If two different messages or files produce the same hashing digest, then a collision has occurred. Which form of cryptographic attack exploits this condition?

Birthday attack Birthday attacks exploit collisions. Birthday attacks exploit the probability that two messages using the same hash algorithm will produce the same message digest. adaptive

You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose?

BitLocker

Which of the following sends unsolicited business cards and messages to a Bluetooth device?

Bluejacking

Which of the following tools allow for remote management of servers? (Select two.)

Both Telnet and SSH are tools for remote server management. POP3 is for retrieving email from a remote server, and FTP is for transferring files.

A collection zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent?

Botnet

An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing? (#2)

Browsing the organization's website

Which of the following attacks typically takes the longest amount of time to complete?

Brute force attack A brute force attack typically takes the longest amount of time. A brute force attack is a attack that attempts every possible key or password pattern for a message, login prompt, or security file. To combat or protect against brute force attacks, always use strong, complex passwords and wisely use the keyspace of your cryptosystems.

A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?

Buffer overflow

Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?

Buffer overflow

Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?

Buffer overflow

The following are various ways to destroy data:

Burning: the method of building a small fire somewhere legal and safe. Use metal tongs to burn your documents one by one or a few at a time. It's important to ensure that each document is turned into ash-if sensitive information escapes the flames and flies away, it might into the wrong hands. . Shredding: running hard disk through a disk shredder, physically destroying the . Pulping: a way of removing all traces of ink from paper by using chemicals and then mashing the paper into pulp. Since these chemicals can ruin carpet and clothing, you perform this process outside and use protective gloves. Pulverizing: this technique is like shredding, except that it uses a punch press or hammer system to crush a hard disk into a pile of metal confetti.

You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C: Secrets folder and its contents. Which of the following is true in this scenario? (Select two.)

By default, only the user who encrypted the casecrets confidential.docx file will be able to open it. the Secrets confidential docx file s copted to an external USe flash drive, it will be saved in an unencrypted state

Which is a typical goal of MAC spoofing?

Bypassing 802.1x port-based security

You are configuring a dial-up connection to a remote access server. Which protocols would you choose to establish the connection and authenticate, providing the most secure connection possible? (Select two.)

CHAP Choose point-to-point protocol (PPP) for the connection. PPP is preferred over serial line interface protocol (SLIP) because it can negotiate encryption protocols to use for the connection. Point-to- point protocol over Ethernet (PPPoE) is similar to PPP, but is used for a cable (not a dial-up) connection

Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?

CHAP: CHAP is the only remote access authentication protocol that periodically and transparently re- authenticates during a logon session by default.

Click on the object in the TESTOUTDEMO.com Active Directory domain that is used to manage individual desktop workstation access.

CORPWS7 Computer objects are used to manage access for individual computer systems in the domairn, including servers, desktops, and notebooks. In this example, the desktop named cORPWS7 is represented by corresponding computer object in the domain.

Which of the following is used in conjunction with local security authority to generate the private and public key pair used in asymmetric cryptography?

CSP Explanation cryptographic service provider (CSP) resides on the client and generates the key pair. This is a software program that can generate keys using a specific algorithm.

Which of the following conditions does not result in a certificate being added to the certificate revocation list?

Certificate expiration

You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID for access. You've backed up the router configuration to a remote location an encrypted file. You access the router configuration interface from your notebook computer using a Telnet dlient with a user name of admin and a password of admin. You have used the hashing algorithm to protect the password. What should you do to increase the security of this device? (Select two.)

Change administrative name and password Use an SSh client to access the router configuraton

You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (Select two.)

Change default account passwords Apply all patches and updates

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?

Change management

You've just deployed a new Cisco router so you can connect a new segment to your organization's network. The router is physically located in a server room that can only be accessed with an ID card. You've backed up the the router configuration to a remote location in an encrypted file. You access the router configuration from your notebook computer by connecting it to the console port on the router. The web-based management interface uses the default user name of cusadmin and a password of highspeed. What should you do to increase the security of this device?

Change the user name and create a more complex password

Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? (Select three.)

Check user accounts for weak passwords Check for open ports Check for missing patches

Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plaintext to see the resulting ciphertext. Which type of attack is this?

Chosen plaintext Explanation A chosen plaintext attack is captures the resulting cipher text. The attacker can select plaintext that will produce clues can occur when a worker steps away from the computer and the attacker sends a message and where the attacker chooses the plaintext to be encrypted. This event encryption key used.

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?

Circuit-level

which of the following fire extinguisher types is best used for the electrical fires that might result when working with computer component?

Class C

A Service Level Agreement defined the relationship and contractual responsibilities of providers and service recipients. Which of the following are most important when designing an SLA? ( Select two)

Clear and detailed descriptions of penalties if the level of service is not provided Detailed provider responsibilities for all continuity and disaster recovery mechanisms

To help prevent browser attacks, users of public computers should do which of the following?

Clear the browser cache

A code of ethics does all but which of the following?

Clearly defined course of action to take when a complex issue is encountered

You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?

Client-side scripts

When designing a firewall, what is the recommended approach for opening and closing ports?

Close all ports; open only ports required by applications inside the DMZ

Which of the following is not true regarding cloud computing?

Cloud computing requires end user to have knowledge of the physical location and configuration of the system that delivers the services.

portion of the application he was assigned to write for security vulnerabilities. During the application development cycle, developer asks several of his peers to assess the Which assessment technique was used in this scenario?

Code review

Which of the following is a password that relates to things that people know, such as a mother's maiden name or the name of a pet?

Cognitive Cognitive passwords relate to things that people know, such as a mother's maiden name or the name of a pet.

Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present?

Cold site cold site is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present. A cold site does not offer an adequate route recovery for most organizations.

As a BCO or DPR plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?

Collect and destroy all old plan copies

When two different messages produce the same hash value, what has occurred?

Collision collision occurs when two different messages produce the same hash value.

Match each third-party integration phase on the left with the tasks that need to be completed during that phase on the right.

Communicate vulnerability assessment findings with the other party- Ongoing operations Disable VPS configuration- Off boarding Compare your organizations security policies with the partners policies- On boarding Disable the domain trust relationship between the networks- Off-boarding Identify how privacy will be protected- On-boarding Draft an ISA- Onboarding Conduct regular security audits- Ongoing operations

As a victim of a Smurf attack, what protection measure is the most effective during the attack?

Communicate with your upstream provider

Besides protecting a computer from under voltages, a typical UPS also performs which two actions?

Conditions the power signal Protects from over voltages

You are concerned that wireless access points may have been deployed within your organization wiuthout authorization. What should you do?

Conduct a site survey Check the MAC addresses of devices connected to your wired switch

You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal?

Confidentiality Encrypting a file while it is stored on a hard drive is usually done to provide protection for the object's confidentiality.

For users on your network, you want to automatically lock user accounts if four incorrect passwords are used within 10 minutes. What should you do?

Confifure account lockout policies in Group Policy

You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days. What should you do?

Configure account policies in Group Policy

You are the wireless network administrator for your organization. As the size of the organization has grown, you've decide to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. What should you do? (Select two. Each response is a part of the complete solution.)

Configure all wireless access points with client certificates Configure all RADIUS server with a server certificate

You have hired 10 new temporary workers who will be with the company for 3 months. How can you make sure that these users can only log on during regular business hours?

Configure day / time restrictions in the user accounts

You have a small network of devices connected using switch. You want to capture the traffic that is sent from Host A to Host B. on Host , you install packet sniffer that captures network traffic . After running the packet sniffer, you cannot find any captured packets between Host A and Host B

Configure port mirroring

You are the network administrator for a city library. Throughout the library are several groups of difficult. You've had problems with patrons computers that provide public access to the bringing personal laptops into the library and Internet. Supervision of these computers has been disconnecting the network cables from the library computers to connect their laptops to the Internet. The library computers are in groups of four. Each group of four computers is connected access to the network so only the library computers are permitted connectivity to th e nternet. that is connected to the library network through an access port on a switch. You want to restrict What can you do?

Configure port security on the switch .

You've just installed a wireless access point (AP) for your organization's network. You know that the radio signals used by the AP extend beyond your organization's building and are concerned that unauthorized users outside may be able to access your internal network What can you do to protect the wireless network? (Select two.)

Configure the AP to filter out unauthorized MAC addresses Disable DHCP on the AP

A salesperson in your org spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your orgs order database. Which key steps should you take when implementing this configuration? ( Select two)

Configure the VPN connection to use IPsec Configure the browser to send HTTPS requests through the VPN connection

To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine with a new type of malware. Which of the following actions would best prevent this scenario from occurring again?

Configure the software to automatically download the virus definition files as soon as they become available

You have recently discovered that a network attach has compromised your database server. The attacker may have stolen customer credit card numbers.

Contact your customers to let them know about the security breach

Which of the following prevents access based on website rating and classifications?

Content filter

You are an IT consultant and are visiting a new clients site to become familiar with their network. As you walk around their facility you note the follow: Which security-related recommendations should you make to this client? ( Select two)

Control access to the work area with locking doors and card readers Relocate the switch to the locked server closet

The Clark-Wilson security model is primarily based on which element?

Controlled intermediary access applications

Which of the following applications typically use 802.1x authentication? (Select two.)

Controlling access through a switch controlling access through a wireless access point

Which of the following is a text file provided by a website to a client that is stored user's hard drive in order to track and record information about the user?

Cookie

Use of which of the following is a possible violation of privacy?

Cookies Use of cookies is a possible violation of privacy. Cookies can be used to record information about your computer system, your web surfing habits, and much more. Secured environments should restrict the use of cookies all web browsers and other internet service utilities.

Which of the following is considered an out-of-band distribution method for private key encryption?

Copying the key to a USB drive

Which access control type is used to implement short-term repairs to restore basic functionality following an attack?

Corrective

Many organizations use the Information Security Classification Framework, which uses the following classifications: High . Medium Low

Could cause personal hardship or embarrassment. Medium Could cause personal embarrassment or inconvenience Low Could cause loss of life or social hardship. High Could cause operational harm such as loss of control or loss of public trust. High

the domain to use passwords You manage an Active Directory domain. All users in the domain are required by a GPO linked to with at least eight characters, but you want to OU are required to use passwords with at least 10 characters. ensure that users in the Administrators What should you do?

Create a GPO computer policy for the Administrators ou.

You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain. But you want users in the Administrators ouU to have a different set of internet options. What should you do?

Create a GPO user policy for the Administrators oU.

You notice that over the last few months more and more static systems, such as the office environment control system, the security system, and lighting controls, are connecting to your network. You know that these devices can be a security threat. Which of the following measures can you take to minimize the damage these devices can cause if they are compromised?

Create a VLAN to use as a low-trust network zone for these static systems to connect to

You manage a single domain named widgets.com Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users You define a new granular password policy with the required settings. All users in the Directors OU currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members in the Directors OU. What should you do?

Create a granular password policy for matt: apply the new policy directly to matts user account

You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future?

Create a hash of each log.

Which of the following functions are performed by the TPM?

Create a hash of system components

What is the primary function of the IKE protocol used with IPsec?

Create a security association bebween communicating partners

As you go the process of making your network more manageable, you discover that employees in the sales department are on the same network segment as the Human Resources department. Which of the following steps can be used to isolate these departments?

Create a separate VLAN for each department

Hashing algorithms are used to perform what activity?

Create message digest Hashing algorithms are used to create a message digest to ensure that data integrity is maintained. A sender creates a message digest by performing the hash function on the data files that will be transmitted. The receiver performs the same action on the data received and compares the two message digests. If they are the same, then the data was not altered.

A manager has told you she is concerned about her employees writing their passwords for websites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could you use to prevent this behavior?

Credential Manager: Credential Manager securely stores account credentials for network resources, such as file servers, websites, and database resources.

security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario?

Credentialed scan

Which form of access control enforces security based identities and allows individual users to define access controls over owned resources?

DAC

You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?

DAC

Which of the following encryption mechanisms offers the least security because of weak keys?

DES

Which of the following is the weakest symmetric encryption method?

DES

Which of the following is not protection against session hijacking?

DHCP reservations

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?

DMZ

Which protocol should you disable on the user access ports of a switch?

DTP Switches have the ability to automatically detect ports that are trunk ports and to negotiate the trunking protocol used between devices. DTP is not secure and allows unauthorized devices to possibly modify configuration information. You should disable the DTP services on the switch's end user (access) ports.

When you dispose of a computer or sell used hardware and it is crucial that none of the data on the hard disks can be recovered. Which of the following actions can you take to ensure that no data is recoverable?

Damage the hard disks so badly that all data remanence is gone.

You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test system? (Select two.)

Data is stored in the database in an unencrypted The database admin user has no password assigned.

Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?

Data loss prevention

Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?

Data loss prevention Explanation Data loss prevention (DLP) is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization. DLP is used to prevent sensitive data from being whether it is deliberate accidental.

Which of the following defines an object as an entity in the context of access control?

Data, applications, systems, networks, and physical space

Which of the following are subject to SQL injection attacks?

Database servers

Active Directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. Which of the following is not an advantage of Active Directory's hierarchical database structure?

Decentralization

You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains specific vulnerability or security issue that could be present on a system?

Definition - The Open Vulnerability and Assessment Language (OVAL) is an international standard for testing, analyzing, and reporting the security vulnerabilities of a system. Each vulnerability, configuration issue, program, or patch that might be present on a system is identified as a definition OVAL repositories are like libraries or databases that contain multiple definitions.

The following are various ways to destroy data:

Degaussing: purges the hard disk by exposing it to a high magnetic pulse that destroys all of the data on the disk. It also ruins the motors inside the drive. . Purging: the removal of sensitive data, ensuring that the data cannot be reconstructed by any known technique. . Wiping: is a software-based method of overwriting data to completely destroy all electronic data residing on a hard disk drive or other digital media. Wiping uses zeros and ones to overwrite data onto all sectors of the device. The data is rendered unrecoverable and achieves data sanitization.

Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company's customer database. Which action should you take? (Select two. Each response is a part of a complete solution.)

Delete the account that the sales employees are currently using. Train sales employees to use their own user accounts to update the customer database.

Which attack from either exploites a sofware flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occuring?

Denial of service attack

Which of the following can be used to stop piggybacking from occurring at a front entrance where employees swipe smart cards to gain entry?

Deploy a mantrap

What is the purpose of audit trails?

Detect security-violating events

Audit trails produced by auditing activities are which type of security control?

Detective

When securing a newly deployed server, which of the following rules of thumb should followed?

Determine unneeded services and their dependencies before altering the system

Which of the following functions can a port scanner provide? (Select two.)

Determining which ports are open on a firewall Discovering unadvertised servers

Which of the following best describes the concept of a virtual LAN?

Devices on the same network logically grouped as if they were on separate networks

Why do attackers prefer to conduct distributed network attacks in static environments? (Seledt two.)

Devices tend to employ much weaker security than traditional network devices. Devices are, typically, more dfficult to monitor than traditional network devices.

Which type of password attack employs a list of pre-defined passwords that it tries against login prompt or a local copy of security accounts database?

Dictionary A dictionary attack is a type of password attack that employs a list of pre-defined passwords that it tries against a login prompt or a local copy of a security accounts database. A dictionary attack is designed quickly discover passwords that use common words. Dictionary attacks can be customized for the intended victim. If the attacker knows a few details about the victim, hobbies, sports interests, education, or industry, then the dictionary can be customized to focus words, terms, and acronyms related to those topics.

Which of the following algorithms are used in asymmetric encryption? (Select two.)

Diffie - Hellman RSA

Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5, or any other symmetric cryptography solution?

Diffie Hellman Explanation Diffie-Hellman is the only key number that can be used as a key in any symmetric cryptography solution (assuming the number generation system in this list of options. Diffie-Hellman produces a is within the algorithm's keyspace).

At the end of the cryptographic process, output is generated. With one type of output, simple character changes in the plaintext will cause several characters to change in the cipher text. What type of output is this?

Diffusion

Which of the following is a direct protection of integrity?

Digital signature: A digital signature is a direct protection of integrity, as it includes the use of hashing, which detects changes to integrity. Digital envelopes, symmetric encryption, and asymmetric encryption do not provide diredt integrity protection, nor do they use hashing to provide integrity protection.

What is the most obvious means of providing non-repudiation in a cryptography system?

Digital signatures

You are about to enter your office building through a back entrance. A man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do?

Direct him to the front entrence and instruct him to check in with the receptionist

You are designing a wireless network implementation for a small business. The business deals with sensitive information, so data emanation must be reduced as much as possible. The floor plan of the office is shown below. Match each type of access point anten with the appropriate location on the floor plan on the right. Each antenna type can be used on more than once, or not at all

Directional: A B D E F G Omnidirectional: C

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

Disable Bluetooth on the phone

You are implementing a wireless network in a dentist's office. The dentist's practice is small, so you choose to use an inexpensive consumer-grade access point. While reading he documentation, you notice that the access point supports Wi_fi protected setups using a PIN. What should you do to reduce risk?

Disable WPS in the access point's configuration

You've been given an assignment to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. What should you do to harden this database before implementing it in a production environment? (Select two.)

Disable anonymous access Implement an application-layer protocol to encrypt data prior to saving it in the database

Which of the following actions should you take to reduce the attack surface of a server?

Disable unused services

When you inform an employee that they are being terminated, what is the most important activity?

Disabling their network access

You decide to use syslog to send log entries from multiple servers to a central logging server. Which of the following are the most important considerations for your implementation? (Select two.)

Disk space on the syslog server Clock synchronization between all devices

Cloud storage is a virtual service, so the infrastructure is the responsibility of the storage provider. Access control should be set as a local file system would be, with need for the provider to have access to the stored data. You are implementing the following measures to secure your cloud storage: Verifying that security controls are the same as in a physical datacenter. Using data classification policies. Assigning information into categories that determine storage, handling, and access requirements . Assigning information dassification based on information sensitivity and criticality. Which of the following is another security measure you can implement?

Disposing of data when it is no longer needed by using specialized tools.

Match the IT audit activity on the left with the appropriate description on the right. Documents incidents for security violations and incident response.

Documents incidents for security violations and incident response. -usage audting Identifies inefficient IT strategies, such as weak policies and procedures.- risk evaluation Verifies the appropriate use if accounts and priveilages- escalation auditing Checks users/group rights and privilages to identify cases of creeping privilages- privilagr auditing Determines whether privelage-granting processes are appropriate and wheather computer use and escalation processes are in place and working- user access and rights review

Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry?

Double-entry door AND Turnstile

When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You dlick on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?

Drive-by download A drive-by download is an attack where software or malware is downloaded and installed without explicit consent from the user. Drive-by downloads can occur in a few different ways

Which of the following security measures encrypts the entire contents of a hard drive?

DriveLock DriveLock encrypts the entire contents of a hard drive, protecting all files on the disk.

Which of the following are examples of social engineering?( Select two)

Dumpster diving Shoulder surging

You want to connect your small company network to the Internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of NAT should you implement?

Dynamic

Which of the following security solutions would prevent a user from reading a file that she did not create?

EFS is a Windows file encryption option that encrypts individual files so that only the user who created the file can open it. Decryption is automatic when the file owner opens it. Other users cannot open the encrypted file unless specifically authorized

Which of the following statements about ESD is not correct?

ESD is much more likely to occur when the relative humidity is above 50%

Which IPSec subprotocol provides data encryption?

ESP

IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)

ESP AH IPsec is implemented through two separate protocols, IP Authentication Header and IPsec Encapsulating Security Payload. IPsec AH provides authentication and non-repudiation services to verify that the sender is genuine and data has not been modified in transit. IPsec ESP provides data encryption services for the data within the packet.

Advanced cryptography includes various modes of operation. Drag the mode of operation on the left to the appropriate definition on the right. Each cipher

Each cipher text block is fed back into the encryption and then encrypts the next plaintext block. Cipher Feedback Mode Each plaintext block is added to the previous cipher text block and then the result is encrypted with the key Cipher Block Chaining Mode This mode can encrypt or decrypt one fixed-length block. Block Cipher Mode Sender and redipient access a reliable counter that computes a new shared value each time a cipher text block is exchanged. Counter Mode Feeds rhe output blocks back to the block cipher. Output feedback mode

Which of the following are advantages of virtualization? (Select two.)

Easy migration of systems to different hardware Centralized administration

Which of the following are included in an operations penetration test? (Select two.)

Eavesdropping or obtaining sensitive information from items that are not propertly stored. Looking through discarded papers or media for sensitive information.

You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.)

Educate users about malware schedule regular full system scans

Which form of asymmetric cryptography is based upon Diffie-Hellman?

El Gamal El Gamal is based upon Diffie-Hellman.

What is the most common means of virus distribution?

Email

Which of the following is not an important aspect of password management?

Enable account lockout.

Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions. Which actions should you take? ( Select two)

Enable device encryption Implement storage segmentation

You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on external USB device. should you do?

Enable the TPM in the BIOS

In addition to Authentication Header (AH), IPSec is comprised of what other service?

Encapsulating Security Payload (ESP)

Network packet sniffing is often used to gain the information needed to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?

Encryption

Which of the following is a characteristic of TACACS+?

Encrypts the entire packet , not just authentication packets

Which of the following DLP implementations can be used to monitor and control access to the physical devices on workstations or servers?

Endpoint DLP

Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules?

Endpoint DLP

Which of the following DLP implementations can be used to monitor and control access to the physical devices on workstations or servers?

Endpoint DLP Endpoint DLP runs on end user workstations and servers. Endpoint DLP is also referred to as a Chinese Wall solution. It could be something as simple as restricting the use of USB devices. Many endpoint-based systems also provide application controls to prevent confidential information transmission. They also provide some type of immediate feedback to the user. Giving feedback to the user is based on the concept that not all data leakage are malicious. The employee might not realize that the security policy violation notification is appropriate. The intent is to deter the employee from a similar action in the future.

You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again. Which policies should you configure? (Select two.)

Enforce password history Minimum password age

Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is a part of a complete solution.)

Enroll the devices in a mobile device management system Configure and apply security policy settings in a mobile device management system

Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings What is the best approach to take to accomplish this? (Select two. Each option is part of a complete solution.)

Enroll the devices in a mobile device management system. Configure and apply security policy settings in a mobile device management system.

Dumpster diving is a low-tech means of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy

Change control should be used to oversee and manage changes over what aspect of an organization?

Every aspect

What is the primary benefit of CCTV?

Expands the area visible by security guards

Which of the following is an example of a statistical attack against a cryptosystem?

Exploiting a computer's nability to produce random numbers

Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?

Extranet

Which of the following is a secure alternative to FTP that uses SSL for encryption?

FFTPS

Which of the following is likely to be located in a DMz?

FTP server

You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device?

False positive

DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within the file. Which of the following DLP implementations travels with sensitive data files when they are moved or copied?

File - level DLP

DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within the file. Which of the following DLP implementations travel h sensitive data files when they are moved or copied?

File-Level DLP

Which of the following are characteristis of a packet filtering fierwall? ( Select two)

Filters IP address and port Stateless

Which of the following are functions of gateway email spam blockers? ( Select two)

Filters messages containing specific content Blocks emails from specific senders

Which of the following is not an advantage when using an internal auditor to examine security systems and relevant documentation?

Findings in the audit and subsequent summations are viewed objectively.

Which of the following identifies an operating system or network service based on its response to ICMP messages?

Fingerprinting

You suspect denial of service attacks directed against other computers on the Internet. that some of your computers have been hijacked and are being used to perform Which log would you check to see if this is happening?

Firewal

Which of the following is the best device to deploy to protect your private network from a public untrusted network?

Firewall

whether any of your systems are sending data to the attacker. information to a remote attacker on a specific TCP port. You want to be able to easily tell You have heard about a Trojan horse program where the compromised system sends personal Which log would you monitor?

Firewall

You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?

Flag

Match the virtualization feature on the right with the appropriate description on the left.

Flexibility Moving virtual machines between hypervisor hosts Testing Verifying that security controls are working as designed Server consolidation Performing a physical-to-virtual migration (P2V) Sandboxing Isolating a virtual machine from the physical network. Explanation

Which of the following are denial of service attacks?

Fraggle Smurf

Which of the following enters random data to the inputs of an application?

Fuzz testing (also known as fuzzing) is a software testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application. Fuzzing programs come in two types Mutation-based

What is the main function of a TPM hardware chip?

Generate and store cryptographic keys

Drag cryptographic algorithm on the left to the appropriate explanation on the right. (Each algorithm may be used once, more than once, or not at all.)

Generates two different yet mathematically related keys. Asymmetric Only the private key be used to decrypt information. Asymmetric Generates that is used for both encryption and decryption. Symmetric Algorithm used for signature verification and data integrity checking. Hashing The public key can only be used to encrypt information. Asymmetric

You've reviewed the vice president's social media pages. You found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smart phone was never misplaced prior to the attack. Which security weakness is the most likely cause of the security breach?

Geo tagging was enabled on her smart phone

Your organization uses the following tape rotation strategy for its backup tapes: 1. The first set of tapes is used for daily backups. 2. At the end of each week, the latest daily backup tape is promoted to the weekly backup tape 3. At the end of the each month, one of the weekly backup tapes is promoted to the monthly backup tape. What kind of backup tape rotation strategy is being used?

Grandfather organization using a grandfather tape rotation This scheme promoting the latest son (daily) backup tape to become a father (weekly) backup tape. The latest father is promoted to become a grandfather (monthly) tape.

You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers.

Grant the group the necessary user rights. Create a security group for the administrators and add all user accounts to the group.

Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers?

Group Policy

You have contracted with a vendor to supply a custom versions and patches are released, you want to be able to application that runs on Windows workstations. As new application automatically apply them to multiple computers. Which tool is your best choice for accomplishing this task?

Group Policy

desktop background and remove access to administrative tools from the Start menu. For users who are members of the sales team, you want to force computers to use a specific Which solution should you use?

Group Policy

Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two.)

Group Policy WSUS

Which of the following government acts protects medical records and personal health information?

HIPPA

Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sublayer for security?

HTTPS

Which of the following protocols uses port 443?

HTTPS TLS to encrypt sensitive data before it is transmitted. HTTPS uses port 443. Hyper Text Transfer Protocol Secure (HTTPS) is a secure form of HTTP that uses either SSL or Secure

which of the following fire extinguisher types poses a safety risk to users in the area?

Halon AND CO2

Match each physical security control on the left with an appropriate example of that control on the right.

Hardened carrier- Protected cable distribution Biometric authentication- Door locks Barricades- Perimeter barrier Emergency escape plans- Safety Alarmed carrier- Protected cable distribution Anti-pass back system- Physical access control Emergency lighting- Safety Exterior floodlights- Perimeter barrier

By definition, what is the process of reducing security exposure and tightening security controls?

Hardening

Which of the following is used to verify that a downloaded file has not been altered?

Hash

A birthday attack focuses on what?

Hashing algorithms

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

Have Marcus log off and log back in

Data Privacy Laws and Acts

Health insurance Portability and Accountability Act of 1996 (HIPPA)- All orgs that have anything to do with healthcare must protect the health information that they maintain Sarbanes-Oxle Act of 2002 (Sarbox)-requires publicly traded companies to adhere to very stringent reporting requirements and implement strong controls on electronic financial systems.Keep info for a certain time. Gramm_leach_bliley Act (GLBA)- Requires all banks and financial institutions to alert their customers as to that orgs privacy statement. All PII within the org has to be protected. Specifies that a policy must be in place to protect privacy info from foreseeable threats and to maintain data integrity. Patriot Act of 2001- Enables law enforcement agencies to detect and suppress terrorism by giving law enforcement the authority to request info from organizations. All orgs must provide the requested info tot he appropriate law enforcement agencies under the authority of a valid court order or subpoena. California Database Security Breach Act pf 2003-Law specifies that any agency, person, government entity, or company that does business in the state of Cali must inform Cali residents withing 48 hours if a database breach or other security breach occurs in which personal info has been stolen or believed to be stolen. same in many other states- always look up the state your org is doing business with Childrens Online Privacy Protection Act of 1998-(COPPA) Orgs that provide online services designed for kids below 13 must obtain parental consent prior to collecting a child's personal info and using it.

When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream, what type of attack has occurred?

Hijacking

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use?

Host based firewall

What do host-based intrusion detection systems often rely upon to perform detection activities?

Host system auditing capabilities

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution shouid you implement?

Host-based IDS

You have been asked to deploy a network solution that includes an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?

Hot site hot site is a complete disaster recovery facility that could be fully operational within hours or minutes in the event of a disaster. This includes maintaining redundant hardware and up-to-date network data.

Which of the following terms describes a Windows problem and is released on a short-term, periodic basis (typically monthly)?

Hotfix

Which of the following password attacks adds appendages to known dictionary words?

Hybrid

Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?

Hypervisor

Which of the following symmetric cryptography systems does not support a variable block size

IDEA IDEA is a symmetric cryptography system that does not support a variable block size. IDEA only supports a 64-bit block size.

Which of the following devices can monitor a network and detect potential security attacks?

IDS

Which of the following are security devices that perform stateful inspection packet data and look for patterns that indicate malicious code? (Select two.)

IDS IPS

Which of the following devices is capable of detecting and responding to security threats?

IPS

identify and be notified of any attacks. In You are concerned about attacks directed at your network firewall. You want to be able to addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?

IPS

Which of the following is the best countermeasure against man-in-the-middle attacks?

IPSec

Which of the following is the best against man-in-the-middle attacks?

IPsec

Which of the network following traffic? network layer protocols provides authentication and encryption services

IPsec

Your organization is in the process of negotiating an interoperability agreement with another organization. As part of this agreement, the partner org proposes that a federated trust is established between your domain and their domain. As a security admin, which tasks should you complete during this phase? (Select two)

Identify how data will be shared identify how data ownership will be determined

Computer policies include a special category called user rights. Which action does user rights allow an administrator to perform?

Identify users who can perform maintenance tasks on computers in an OU.

Which statement is true regarding application of GPO settings?

If a setting is defined in the Local Group policy on the computer and not defined in the GPO linked to the OU, the setting is applied.

Which of the following is not a form of social engineering?

Impersonating a user by logging on with stolen credentials

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?

Implement BitLocker with a TPM .

A customer has called and indicated that he thinks his neighbor is connecting to his wireless access point (AP) to use his high-speed internet connection. Which of the following will resolve this issue? (Select two.)

Implement MAC address filters Disable SSID broadcast on the AP

The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the internet. If a user does not provide the correct code, they should not be allowed to access the internet

Implement a captive portal

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users You need to make the change as easily as possible. Which should you do?

Implement a granular password policy for the users in the Directors ou

Your organization's security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received anonymous tip that employee has been using BitTorrent dient to download copyrighted media while at work. You research BitTorrent and find that it uses TCP ports 6881-6889 by default. When you check your perimeter firewall configuration, only ports 80 and 443 are open. When you check your firewall logs, you find that no network traffic using ports 6881-6889 has been blocked. What should you do?

Implement an application control solution

As you are helping a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. Which of the following is the best action to take to remembering passwords easier?

Implement end user training

Which form of cryptanalysis focuses on weaknesses in software, the protocol, or the encryption algorithm?

Implementation attack

An attacker inserts SQL database commands into a data input field of an order form used by a Web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser.

Implementing client-side validation.

While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit? (Select two.)

Implementing server-side validation. Implementing client-side validation.

Match each public key cryptography key management mechanism on the left with the corresponding description on the right. Each mechanism may be used once, more than once, or not at all.

Implements the Diffie- Hellman key exchange protocol using elliptic curve cryptography ECDH Exist only for the lifetime of a specific communication session Ephemeral keys Uses no deterministic algorithm when generating public keys Perfect forward secrecy Can be reused by multiple communication sessions Static keys

Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment?

Improve and hold new awareness sessions

Which of the following is not a benefit of NAT?

Imrpoving the throughput rate of traffic

Which of the following are true concerning the Virtual Desktop Infrastructure (VD/)? (Select two.)

In the event of a widespread malware infection, the administrator can quickly reimage all user desktops a few central servers. User desktop environments are centrally hosted on servers instead of on individual desktop systems.

What is the primary purpose of imposing software life cycle management concepts?

Increase the quality of software.

You have decided to perform a double-blind penetration test. Which of the following actions would you perform first?

Inform senior management

Which of the following is the most effective protection against IP packet spoofing on a private network?

Ingress and egress filters

You are replacing wired business network with an 802.11g wireless network. You currently use Active Directory the company network as your directory service. The new wireless network will have multiple wireless access points. You want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.)

Install a RADIUS server and use 802.1x authentication Configure devices to run in infrastructure mode

You would like to control internet access based on users, time of day, and websites visited, How can you do this?

Install a proxy server. Allow internet access only through the proxy server

You manage information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls embedded smart technology that allows them to be managed over an internet connection using a mobile device app. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)

Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.

A user calls to report that she is experiencing intermittent problems while accessing the wireless network from her laptop. While she normally works from her office, today she is trying to access the wireless network from a conference room across the hall and next to the elevator. What is the most likely cause of her connectivity problems?

Inteference is affecting the wirless signal

While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario?

Integer overflow

Which of the following symmetric block ciphers does not use a variable block length?

International Data Encryption Algorithm ( IDEA )

You notice a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known devices, sending and receiving data via wireless network connections.

Internet of things

As a security professional, you need to understand your network on multiple levels. You should focus on the following areas: be Drag used the area of more once, focus than on the once, left or to not the at all.) appropriate example on the right. (Areas of focus may

IoT and SCADA devices. Inherent vulnerabilities Used to identify a weak network architecture or design. Documentation Public-facing servers, workstations, Wi-Fi networks, and personal devices Entry points An older version of Windows that is used for a particular application. Inherent vulnerabilities What activity looks like normal day-to-day usage. Network baseline

You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file?

It has been moved to a secure folder on your computer.

Whic h aspect of a certificate makes it a reliable and useful mechanism for a person, system, or service on the internet?

It is a trusted third-party.

Which of the following best describes spyware?

It monitors the actions you take on your machine and sends the information back to its originating source.

Match each mobile device application control term on the right with the appropriate description on the left. Each description may be used once, more than once, or not at all.

Jailbreaking Allows apps to be installed from sources other than the App Store Sideloading Allows apps to be installed from sources other than the Windows Sandboxing Prevents a running app from accessing data stored by other running apps Assigned Access Defines a whitelist of Windows Store applications

You want to check a server for user accounts that have weak passwords. Which tool should you use?

John the Ripper

Which of the following is not an accepted countermeasure to strengthen a cryptosystem?

Keep the cryptosystem a secret

Which of the following is the most important thing to do to prevent console access to the router?

Keep the router in a locked room

Which of the following is an example of a single sign-on authentication solution?

Kerberos

Which of the following are examples of single sign-on authentication solutions? (Select two.)

Kerberos SESAME Kerberos and SESAME are single sign-on authentication solutions. A single sign-on authentication solution is a mechanism that allows a user to log in to a network once and then be able to roam

Which of the following protocols uses port 88?

Kerberos Terminal Access Controller Access-Control System (TACACS) uses port 49. LDAP uses TCP and UDP ports 389. Secure LDAP uses SSL/TLS over port 636. Layer 2 tunneling protocol (L2TP) uses port 1701. Point-to-point tunneling protocol (PPTP) uses port 1723.

Wh en an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred?

Key clustering

In which type of attack does the attacker have access cipher text, but does not have the ability to encrypt the plain text? to both the plaintext and the resulting

Known plaintext A known plaintext attack is where an attacker has seen the plaintext and the resulting cipher text. attacker can make conclusions about the encrypting key and will have validation if the encrypting key is discovered.

PPTP( Point to Point Tunneling Protocol) is quickly becoming obsolete becuase of which VPN protocol?

L2TP

Which VPN protocol typically employs IPSec as its data encryption mechanism?

L2TP

Which of the following authentication mechanisms is designed to protect a nine-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining characters into another separate hash?

LANMAN

A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

Land attack

When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what?

Land attack

Which of the following describes a false positive when using an IPS device?

Legitimate traffic being flagged as malicious

Within the /etc/security/limits.conf file, you notice the following entry: @guests hard maxlogins 3 What effect does this line have on the Linux system?

Limits the number of logins from the Guest group to three

Which of the following activities are considered passive in regards to the function of an intrusion detection system? (Choose two.)

Listening to network traffic Monitoring the audit trails on a server

You manage a server that runs your company website. The web server has reached its capacity, and the number of client requests is greater than the server can handle. You would like to find a solution so that a second server can respond to requests website content. Which solution should you implement?

Load balancing

You have a web server on your network that hosts the public website for your company. You make sure that the website will continue to be available even if NIC, hard drive, or other problem prevents the server from responding Which solution should you implement?

Load balancing Load balancing configures a group of servers in a logical group (called a server farm). Incoming requests to the group are distributed to individual members within the group. Load balancing provides fault tolerance if the load balancing mechanism is able to detect when a specific farm member is unavailable, automatically distributing new requests to the available members.

Which of the following controls is an example of a physical access control method?

Locks on doors

Which of the following is the single best rule to enforce when designing complex passwords?

Longer passwords

Which of the following do switches and wireless access points use to control access through the device?

MAC address filtering

Which of the following features on a wireless network allows or rejects client connections based on the hardware address?

MAC address filtering

Which of the following attacks, if successful, causes a switch to function like a hub?

MAC flooding overloads the switch's MAC forwarding table to make the switch function like a hub. floods

Which of the following is the weakest hashing algorithm?

MD5

You have two folders that contain documents used by various departments: . The Development group has been given the Write permission to the Design folder. The Sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do?

Make Mark a member of the Sales group ; add Mark 's user account directly to the ACL for the Design folder.

You walk by the server room and notice that a fire has started. What should you do first?

Make sure everyone has cleared the area

Match each manageable network plan milestone on the left with the tasks that are associated with that milestone on the right.

Make sure that remote access connections are secure-Reach your network Create a list of all protocols being used on the network-Map your network Identify the choke points on the network -Protect your network Use timestamps on all documents-Prepare to document Create a list of all devices-Map your network

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which attack type?

Man-in-the-middle attack

Mary wants to send a message to Sam. She wants to digitally sign the message to that she it. Which key would Mary use to create the digital signature?

Mary's private key

You are configuring the Local Security policy of a Windows system. You want to require users passwords that are at least 10 characters long. You also want to prevent login after three unsuccessful login attempts. Which policies should you configure? (Select two.)

Minimum password length Accoubt lockout threshhold

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure?

Mirroring

Most mobile device management systems( MDM) can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right.

Most accurate- GPS More- Wi-Fi triangulation Less- Cell phone tower triangulation Least- IP address resolution

You've just deployed a new Cisco router that connects several network segments in your organization The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with the user name admin01 and the password P@ssWOrd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?

Move the router to a secure server room

Which of the following best describes one-factor authentication?

Multiple authentication credentials may be required , but they are all of the same type

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Mutual authentication

Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches are installed. Which solution should you use?

NAC

Which of the following networking devices or services prevents the use of IPSec in my cases?

NAT

An attacker has hidden an NFC reader behind an NFC-based kiosk in an airport. What kind of atack has occured in this scenario?

NFC relay attack

You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network and control access to files accessed through the network or a local logon. Which solution should you implement?

NTFS and share permissions

Which of the following locations contributes the greatest amount of interference for a wirelss access point?

Near backup generators Near cordless phones

When is the best time to apply for a certificate renewal?

Near the end of the certificate's valid lifetime

Google Cloud, Amazon Web Services, and Microsoft Azure are some of the most widely used Which of the following factors prompt companies to take cloud storage solutions for enterprises. advantage of cloud storage? (Select two.)

Need to bring costs down Growing demand for storage

Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies?

Network DLP

DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property?

Network DLP Network DLP is a software or hardware solution that is typically installed near the network perimeter. It analyzes network traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies.

DLP can be implemented as a software or hardware solution that analyzes trafic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property?

Network DLP Network DLP is a software or hardware solution that is typically installed near the network perimeter. analyzes network traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies.

You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of e-mails for all users. You want to scan the e-mails and prevent any e-mails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?

Network based firewall

You want the results displayed in a graphical diagram. Which tool should you use? You want to identify all devices on a network along with a list of open ports on those devices.

Network mapper

Your network devices are categorized into the following zone types: . No-trust zone Low-trust zone Medium-trust zone High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network?

Network segmentation

Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. you want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?

Network-based firewall

by finding and cdlosing open ports. Which of the following commands You need to increase the security of your Linux system should you use to locate open ports?

Nmap

Which command should you use to scan for open TCP ports on your Linux system? (Tip: Enter the command as if at the command prompt.)

Nmap -sT (make sure to include space)

Which of the following is the star property of the Bell-LaPadula security model?

No write down

A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should he use?

Non-credentialed scan -In a non-credentialed scan, the security administrator does not authenticate to the system prior to running the scan. A non-credentialed scan can be valuable because it allows the scanner to see the system from the same perspective that an attacker would see it. However, a non-creden tialed scan does not typically produce the same level of detail as a credentialed scan

When a sender encrypts a message using their own private key, what security service is being provided to the recipient?

Non-repudiation When a sender encrypts a message using their own private key, the security service of non- repudiation is being provided to the recipient. The encrypted message can be freely decrypted using the public key. Because only the sender knows the private key, encrypting the message with the private key proves that only the sender could have sent the message.

Which of the following can make passwords useless on a router?

Not controlling physical access to the router

Which type of an active scan turns off all flags in a TCP header?

Null

hen should hardware device be replaced in order to minimize downtime?

O Just before it 's MTBF is reached Hardware should be replaced just before its MTBF that the device will operate before experiencing its first serious (mean time between failures) is reached. is the statistical average failure. devices have an MTBF

Which of the following describes a configuration baseline?

OA list of common security settings that a group or all devices share

Which of the following is the strongest form of multi-factor authentication?

OA password, a biometric scan, and a token device

You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change.

OCreate a security group for the managers. Add all users as members of the group. Add the group to the file's DACL

Lori Redford, who the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages but she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is most likely preventing her from accessing this system?

OShe is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override

Sensitive data is monitored by the data loss prevention (DLP) system in four different states. Which of the following is NOT one of the states monitored by DLP?

OWhile a file with sensitive data is being created. DLP does not monitor sensitive data while files are being created Sensitive data is monitored by the DLP system in four different states:

You have a network with three remote access servers, a RADIUS server used for authentication and authorization, and a second RADIUS server used for accounting.

On the RADIUS server used for authentication and authorization

You need to place a wireless access point in your two-story building. While trying avoid interference, which of the following is the best location for the access point?

On the top floor

How many keys are used with symmetric key cryptography?

One

Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments?

Online Certificate Status Protocol

SHA-1 uses which of the following bit length hashing algorithms?

Only 160-bit SHA-1 is a 160-bit hashing algorithm. It is capable of producing 2160 different combinations. MD-2 and MD-4 are both 128-bit hashing algorithms. HAVAL is a 128-bit, 160-bit, 192-bit, 224-bit, and 256- bit hashing algorithm. SHA-2, a newer version of SHA-1, is 224-bit, 256-bit, 384-bit, 512-bit hashing algorithm.

Which of the following are backed up during a differential backup?

Only files that have changed since the last full backup.

Which of the following are backed up during an incremental backup?

Only files that have changed since the last full or incremental backup. Explanation capture files backup plan is that it requires that have changed since the last ful or incremental less storage space and restoration. last full backup and then requires the loading processing time to complete bac kup. The primary An incremental backup will only the backup. Restoration incremental backup for a full starts from the attraction to this of each subsequent

You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages. Which type of email attack is this server susceptible to?

Open SMTP relay

You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access?

Open ports 20 and 21 for inbound and outbound connections

Which of the following authentication protocols transmits passwords in cleartext, and is, therefore, considered too insecure for modern networks?

PAP

Match the authentication factor type s on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once.

PIN Something You Know Smart card Something You Have Password Something You know Retina scan Something You Are Fingerprint scan Something You Are Hardware token Something You Have Pass phrase Something You Knovw Voice recognition Something You Are Wi-Fi triangulation Somewhere You Are Typing behaviors Something You Do

Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?

PaaS delivers everything a developer needs to build an application onto the cloud infrastructure.

Which of the following is a firewall function?

Packet filtering

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall.

Packet sniffer

You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?

Packet sniffer

What type of password is maryhadalittlelamb?

Pass phrase

A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. traffic to try to determine which operating systems are running on network hosts. She then uses a packet sniffer to monitor network process did the administrator use in the penetration test in this scenario?

Passive fingerprinting

Which of the following is the most common form of authentication?

Password

Which of the following is most vulnerable to a brute force attack?

Password authentication

What common design feature among instant messaging clients make them less secure than other means of communicating over the internet?

Peer to - peer networking

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Penetration testing

Your disaster recovery plan choose a method that uses the fewest tapes, but also allows you to quickly safe deposit box at the local bank. Because of this, the disaster recovery plan specifies that you calls for tape backups stored at a different location. The location isa back up and restore files. Which backup strategy would best meet the disaster recovery plan for tape backups?

Perform a full backup once per week and a differential backup the other days of the week

You suspect that your Web server has been the target of a denial of service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine?

Performance

security plan. Which step must be taken to ensure that the informationFis useful in maintaining a Properly configured passive IDS and system audit logs are an integrahpart of a comprehensive secure environment?

Periodic reviews must be conducted to detect malicious activity or policy violations.

CHAP performs which of the following security functions?

Periodically verifies the identity of a peer using a three - way handshake

Drag the network attack technique on the left to the appropriate description or example on the right. (Each technique may be used once, more than once, or not at all.)

Perpetrators attempt to compromise or affect the operations of a system.- Active Unathorized individuals try to breach a network from off site- External Attempting to find the root password kn a web server- Active Attempting to gather information without affecting the flow of information on the netowork- passive Sniffing netowrk packets or performing a port scan- passive

If you lose your wallet or purse and it ends up in the wrong hands, several pieces of information could be used to do personal harm to you. These pieces of information include the following: . Name and address . Driver license number Credit card numbers Date of birth Which of the following classifications does this information fall into?

Personally Identifiable information

An attacker uses an exploit to push modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used in this scenario? (Choose two. Both responses are different names for the same exploit.)

Pharming DNS poisoning

Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain. What kind of attack has occurred?

Phishing

Match the social engineering description on the left with the appropriate attack type on the right.

Phishing -An attacker sends an email pretending to be from a trusted organization, asking users to access a website to verify personal information. Whaling -An attacker gathers personal information about the target individual, who is a CEO. Spear phishing -An attacker gathers personal information about the target individual in an organization. Dumpster diving -An attacker searches through an organization's trash for sensitive information. Piggybacking -An attacker enters a secured building by following an authorized employee through a secure door without providing identification. Vishing -An attacker uses a telephone to convince target individuals to reveal their credit card

You have recently been hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network plan for the network. (Select two)

Physically secure high-value systems Identify and document each users on the network

Which of the following denial of service (DoS) attacks uses ICMP packets and is only successful if the victim has less bandwidth than the attacker?

Ping flood

Which of the following recommendations should you follow when placing access points to provide wireless access for users within company building?

Place access points above where most clients are

As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family view. Which tool can you implement to prevent these windows from showing?

Pop-up blocker

You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?

Port authentication

traffic for specific network services. You want to make sure that a set of servers will only accept You have verified that the servers are only running the necessary services, make sure that the servers will not accept packets sent to those services. but you also want to Which tool should you use?

Port scanner

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting the availability of the network. Which of the following should you implement?

Positive pressure system

To prevent server downtime, which of the following components should be installed redundantly in a server system?

Power supply To prevent server downtime, you should install redundant power supplies in a server system. If one fails, the other can immediately take over, allowing the server to remain running.

e auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored?

Preventative

Match each bring your own device (BYOD) security issue on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all

Preventing malware infections- Implement a network access control (NAC) solution. Supporting mobile device users- Specify who users can call for help with mobile device apps in your acceptable use policy. Preventing loss of control of sensitive data- Enroll devices in a mobile device management system Preventing malicious insider attacks- Specify where and when mobile devices can be possessed in your acceptable use policy. Applying the latest anti-malvare definitions- Implement a network

Drag the Web threat protection method on the left to the correct definition on the right.

Prevents users from visiting malicious websites- Web threat filtering Prevents outside attempts to access confidential information- Anti-phishing software Identifies and disposes of infected content- Virus blockers Prevents unwanted email from reaching your network- Gateway email spam blockers Prevents users from visiting restricted websites- URL content filtering

Instant messaging does not provide which of the following?

Privacy

Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?

Private keys

An attacker has obtained the logon credentials for a regular user on your network. Which type df security threat exists if this user account is used to perform administrative functions?

Privilege escalation

th e other data entry employees' accounts. However, audit logs have shown that this user account A relatively new employee in the data entry cubical farm was assigned a user account similar to has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?

Privilege escalation

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device, which is connected to the same hub that is connected t the router. When you run the software, you only see frames addressed to the workstation, not to other devices Which feature should you configure?

Promiscuous mode

What does hashing of log files provide?

Proof that the files have not been altered

Which of the following is an advantage of a virtual browser?

Protects the host operating system from malicious downloads

You have recently reconfigured FTP require encryption of both passwords and data transfers You would like to check network traffic to verify that all FTP passwords and data are encrypted. Which tool should you use?

Protocol analyzer

You want to identify traffic that is generated and sent through the network by a specific application running on a device. Which tool should you use?

Protocol analyzer

Which of the following is NOT feature of the cloud storage model of data storage?

Provides access control to the file system stored in the cloud .

Match each description on the left with the appropriate cloud technology on the right.

Public cloud Provides cloud services to just about anyone. Private cloud Provides cloud services to a single organization. Community cloud Allows doud services to be shared by several organizations. Hybrid cloud Integrates one cloud service with other cloud services.

How can an organization help prevent social engineering attacks?( Select two)

Publish and enforce clearly written security policies //Educate employees on the risks and countermeasures

Which of the following data destruction techniques uses a punch press or hammer system to crush a hard disk?

Pulverizing

You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)

Put the database server on the private network Put the web server inside the DMZ

You want to implement 802.1x authentication on your wireless network. Which of the following will be required?

RADIUS

Which of the following are differences between RADIUS and TACACS+?

RADIUS combines authentication and authorization into a single function ; TACACS allows these services to be split between different servers.

Which of the following disk configurations might sustain losing two disks? (Select two.)

RAID 1+0 RAID 0+1 RAID 1+0 combines disk mirroring (1) and disk striping (0). Multiple disks are configured into two striped across the other set. RAID 1+0 can sustain multiple drive mirrored arrays, which are then losses as long as no mirror loses all its drives. RAID 0+1 can also continue to work if both failed disks are in the same set; if a set in each disk fails, data is unavailable. RAID 5 and RAID 1 can only sustain a loss of a single disk.

What option is an advantage RAID 5 has over RAID 1?

RAID 5 improves performance over RAID 1 .

You want to set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement?

RAS: RAS stands for Remote Access Service, which enables users to dial in to a server from remote locations. ISDN is a digital communications network that uses existing phone lines. PPP is a remote access protocol. You will likely configure your RAS server to accept PPP connections. RIP stands for Routing Information Protocol and allows routers to share information.

Which version of the Rivest cipher is a block cipher that supports variable bit length keys variable bit block sizes?

RC5 is a block cipher that supports variable bit length keys and variable bit block sizes. RC4 is a stream cipher. RC2 is limited to 64 bit blocks. RSA is not a Rivest cipher

Which of the following protocols can TLS use for key exchange? (Select two.)

RSA, Diffie Hellman TLS uses Diffie-Hellman or RSA to exchange session keys. SSL uses RSA or the Key Exchange Protocol (KEA) for key exchange. IPsec uses IKE for key exchange. ECC (elliptic curve cryptography) is a method that can be used in key exchange.

A router access control list uses information in a packet, such as the destination IP address and port number, to make allow or deny forwarding decisions This is an example of which kind of access control model?

RSBAC Rule set-based access control (RSBAC) uses characteristics of objects or subjects along with rules restrict access. Access entries identify a set of characteristics that are examined for a match. If all characteristics match, access is either allowed or denied based on the rule. An example of a rule-based access control implementation is a router access control list that allows or denies traffic based characteristics within the packet (such IP address or port number).

Which of the following password attacks uses preconfigured matrices of hashed dictionary words?

Rainbow table

Which of the following can be classified as stream cipher?

Rc4 The most frequently used implementation of symmetric key stream ciphers is Ron's code (or Ron's cipher) v4, known as RC4. RC4 uses a variable key up to 256 bits and is commonly used WEP and SSL. It uses the Key Scheduling Algorithm (KSA) and the Pseudo-Random Generation Algorithm (PRGA).

Which of the following best describes the concept of due care or due diligence?

Reasonable precautions, based on industry best practices, are utilized and documented.

Which form of alternate site is the cheapest, but may not all ww an organization to recover before reaching their maximum tolerable downtime?

Reciprocal agreement reciprocal agreement is a contract between two organizations that states in the event of a disaster they will aid each other by sharing their IT processing capabilities. Reciprocal agreements have no initial cost related to them. However, most organizations can barely support their own IT needs, much less the needs of an entire second organization.

Which phase or step of a security assessment is a passive activity?

Reconnaissance

You have lost the private key you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?

Recovery agent

What is the primary security feature that can be designed into a networks infrastructure to protect and support availability?

Redundancy Redundancy is the primary security feature that can be designed into a network's infrastructure to protect and support availability, since it identifies single points of failure.

Which of the following is an entity that accepts and validates information contained within a request for a certificate?

Registration authority A Registration Authority (RA) can be used in large enterprise environments to offload client enrollment request processing by handling client verification prior to certificates issue. The RA accepts registrations, validates identity, and approves or denies certificate requests.

Even if you perform regular backups, what must be done to ensure that you are protected against data loss?

Regularly test restoration procedures The only way to ensure restoration procedures. This activity will reveal whether or not your backup process is functioning that you have protection against data loss is to regularly test your properly and whether or not your restoration and recovery procedures are accurate.

A smart phone was lost at the airport. There is no way to recover the data on the device, which of the following will ensure data confidentiality on the device?

Remote Wipe

You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files. You want the connection to be as secure as possible. Which type of connection il you need?

Remote access

Which of the following are characteristics of a rootkie (Select two.)

Requires administrator-level privileges for installation Hides itself from detection

Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called?

Residual risk

A system backups fastest restoration of all data to its most current state? failure has occurred. Which of the following restoration processes would result in the

Restore the full backup and the last differential backup

Which content filtering option would you choose?

Restrict content based on content categories

You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tools should you use? (Select two.)

Retina Nessus

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?

Rogue Access Points

What form of access control is based on job descriptions?

Role-based access control (RBAC)

Which access control model manages rights and permissions based on job descriptions and responsibilities?

Role-based access control (RBAC)

Which of the following is the most frequently used symmetric key stream cipher?

Ron 's Cipher v4 ( RC4 )

Which of the following is undetectable software that allows administrator-level access?

Rootkit

You have heard about a new malware program that presents itself to users as a virus scanner When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer Which of the following terms best describes this software?

Rootkit

You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk. Which of the following actions would best protect your system?

Run the browser within a virtual environment

You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?

Run the vulnerability assessment again

You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. Which method should you choose?

S / MIME

Which of the following mechanisms can you use to add encryption to email? (Select two.)

S/MIME PGP

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

SASL: Choose SASL (Simple with LDAP. SASL is extensible and lets you use a wide variety of protection methods. Authentication and Security Layer) authentication mode to use Kerberos

Which of the following is a disadvantage of software-defined networking (SDN)?

SDN standards are still being developed .

You have website that accepts input from users for creating customer a ccounts. Input on the form is passed to a database server where the user account information stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?

SQL injection

Telnet is inherently insecure because its communications is in plaintext and easily intercepted. Which of the following is an acceptable alternative to Telnet?

SSH

Which of the following network services or protocols uses TCP/IP port 22?

SSH: The Secure Shell service (SSH) uses TCP/TP port 22. SSH is a terminal emulation program similar to Telnet, which provides secure authenticated sessions on a remote system. It is most commonly associated with Unix and Linux systems

You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run Windows. Neither laptop can find the network. You have come to the conclusion that you must manually configure the wireless access point (AP). Which of the following values uniquely identifies the network AP?

SSID

Which of the following wireless network protection methods prevents the wireless network name from being broadcast?

SSID broadcast

FTPS uses which mechanism to provide security for authentication and data transfer?

SSL

Which protocol does HTTPS use to offer greater security in web transactions?

SSL

You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols would be most likely to be allowed through the widest number of firewalls?

SSL Ports must be opened in firewalls that is often already open to allow HTTPS traffic. In addition, often works through firewalls, when other solutions do not because SSL uses port 443--a port to allow VPN protocols. For this reason, using SSL for the VPN some NAT solutions do not work well with VPN connections.

You are purchasing a hard disk from an online retailer over the internet. What does your browser use to ensure that others cannot see your credit card number on the internet?

SSL begin with HTTPS:// trigger your web browser to use SSL. Your web browser uses SSL (Secure Sockets Layer) to ensure safe web transactions. URLs that

You can use a variety of methods to manage the configuration of a network router. Match the management option on the right with its corresponding description on the left. (Each option can be used more than once.)

SSL- Uses public-key cryptology HTTP- Transfers data in cleartext SSH- uses public key Telnet- Transfers data in cleartext Console port- cannt be sniffed

Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network?

Saas Software as a Service (SaaS) delivers software applications to the client either over the internet or on a local area network.

Mary wants to send a message to Sam so that only Sam can read it. Which key would be used encrypt the message?

Sam 's public key

What is the primary distinguishing characteristic between a worm and a logic

Self - replication

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender.

Sender's public key

SSL (Secure Sockets Layer) operates at which layer of the OSI model?

Session SSL (Secure Sockets Layer) operates at the Session layer of the OSI

What is the effect of the following command? chage -M 60 -W 10 jsmith

Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires

Your organization's security policy specifies that any mobile device that connects to your internal then it must be wiped to remove any sensitive data from it. network must have Remote Wipe enabled, regardless of ownership. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it.

Sign up for a Windows Intune account to manage the tablets .

You r organization's security policy specifies that any mobile device that connects to your internal network must have Remote Wipe enabled, regardless of ownership. If the device is lost stolen then it must be wiped to remove any sensitive data from it. Your organization recently purchased several Windows RT tablets. Which should you do?

Sign up for a Windows Intune account to manage the tablets.

Which of the following is not true of smart cards?

Smart cards a powered internally by a small battery. Smart cards are not powered internally by a small battery; they are powered externally by the smart card reader. Smart cards are plastic credit card-sized cards with an embedded memory chip that contains encrypted authentication information. Be aware that smart cards:

Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf

Which of the following common network monitoring or diagnostic activities can be used as a passive malicious attack?

Sniffing

Match each smart card attack on the left with the appropriate description on the right.

Software Attacks Exploiting vulnerabilities in a card's protocols or encryption methods Eavesdropping Capturing transmission data produced by a card as it is used Fault Generation Deliberately inducing malfunctions in a card Microprobing Accessing the chip surface directly to observe manipulate, and interfere with drcuit

In which phase of the system life cycle is software testing performed? ( Select two)

Software development and coding Installation

Match the Group Policy type on the left with the function that it can perform on the right. (Each item can be used more than once.)

Software that should be installed on a specific computer- computer configuration Software that should be installed for a specific user- user configuration Scripts that should run at startup or shutdown- computer configuration Scripts rhat should run at logon or logoff- user configuration Network communication secuirty settings- computer configuration

Network engineers have the option of using software to configure and intelligently control the network rather than relying on the individual static configuration files that are located on each network device. Which of the following is a relatively new technology that allows network and security professionals software to manage, control, and make changes to a network?

Software-defined networking

What is modified in the most common form of spoofing on a typical IP packet?

Source address

What is modified in the most common form of spoofing on typical IP packet

Source address

An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. What kind of attack has occurred in this scenario?

Spam

result in a denial of service attack if the victimized system had too little free storage Which of the following could easily capacity?

Spam

If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens?

Spamming

messages sent to a wide range of victims? Which type of malicious activity can be described as numerous unwanted and unsolicited email

Spamming

Match the malicious interference tyope on the right with the approiate characteristic

Spark jamming- Repeatedly blasts receiving equipment with high-intensity, short-duration FR bursts at a rapid pace Random Noise Jamming- Produces RF signals using random amplitudes and frequiences Random Pulse Jamming- Uses radio signal pulses of random aplitutue and frequency

Match each interoperabilitty agreement document on the left with the appropriate description on the right.

Specifies exactly which services will be performed by each party-SLA Creates an agreement with a vendor to provide services on an ongoing basis- BPO Summarizes which party is responsible for performing specific tasks- MOU Documents how the networks will be connected-ISA Defines how disputes will be managed- SLA Specifies a present disconnected pricing structure- BPO

A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of what form of attack?

Spoofing

Which type of activity falsifies information in order to mislead or re-direct traffic?

Spoofing

Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)

Ssl, TLS

Which of the following are characteristics of a circuit-level gateway? Select two)

Stateful Filters based on sessions

You are the network administrator for a small company that implements NAT to access the Internet. However, you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 additional registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?

Static

You have a small network at home that is connected to the Internet. On your home network you have a server with the IP address of 192.138.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a Web server and allow Internet hosts to contact the server to browse a personal website. What should you use to allow access?

Static NAT

Which type of virus conceals its presence by intercepting system requests and altering service outputs?

Stealth: Stealth viruses reside in low-level system service functions where they intercept system requests and alter service outputs to conceal their presence. The term rootkit is often used to describe a malicious program that can hide itself and prevent its removal from the system.

A VPN is primarily used for what purpose?

Support secured communications over an untrusted network

What is the primary use of tunneling?

Supporting private traffic through a public communications medium

Which of the following is the least effective loss protection for computer systems?

Surge protector

A virtual LAN can be created using which of the following?

Switch

When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?

Switch port

If a message sender encrypts a message with a key and a message receiver decrypts it using the same key, which type of key exchange is taking place?

Symmetric

Which of the following forms of cryptography is best implemented in hardware?

Symmetric stream

Which of the following is a standard for sending log messages to a central logging server?

Syslog

Over the past few days, a server has gone offline and rebooted automatically several times. You like to see a record when each of these restarts has occurred. Which log type should you check?

System

You are teaching new users about security and passwords. Which of the following is the best example of a secure password?

T1a73gZ9!

Which of the following protocols can be used to centralize remote access authentication?

TACACS

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)

TACACs+ RADIUS

Which of the following is the type of port scan that does not complete the full three-way TCP handshake, but rather listens only for either SYN/ACK or RST/ACK packets?

TCP SYN scan

In which of the following denial of service (DoS) attacks does the victim's system rebuild invalid UPD packets causing the system to crash or reboot?

Teardrop

Encryption is which type of access control?

Technical

What is the primary purpose of penetration testing?

Test the effectiveness of your security perimeter

You have recently experienced a security incident with one of your servers. After some research, server. you determine that the hotfix # 568994 that has recently been released would have protected the Which of the following recommendations should you follow when applying the hotfix?

Test the hotfix and then apply it to all servers .

An SSL dient has determined that the Certificate Authority (CA) issuing a server's certificate its list of trusted CAs. What is the next step in verifying the server's identity?

The CA's public key must validate the CA's digital signature on the server certificate.

Which of the following is the main difference between a DOs attack and a DDoS attack?

The DDoS attack uses zombie computers

Which actions can a typical passive intrusion detection system (IDS) take when it detects an attack? (Select two.)

The IDS logs all pertinent data about the intrusion . An alert is generated and delivered via email, the console, or an SNMP trap.

Arrange the Group Policy ojects (GPOs) in the order in which they are applied.

The Local Group Policy on the computer. GPOs linked to the domain that contains the user or computer object. GPOs linked to the organizational unit that contains the object.

If a user's BYOD device, such as a tablet or phone, is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is use a network access control (NAC) system. How does an NAC protect your network from being infected by a BYOD device?

The NAC remediates devices before allowing them to connect to your network.

Software-defined networking (SDN) uses a controller to manage the devices. The controller is able to inventory hardware components in the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make wide-spread configuration changes on just one device. Which of the following best describes an SDN controller?

The SDN controller is software .

Which of the following is a snap-in that allows you to apply a template or compare a template to the existing security your computer?

The Security Configuration and Analysis snap-in

You have implemented account lockout with a dipping level of 4. What will be the effect of this setting?

The account will be locked after four incorrect attempts .

Which of the following best describes a side-channel attack?

The attack is based on information gained from the physical implementation of a cryptosystem.

Which action is taken when the private key associated with digital certificate becomes compromised?

The certificate is revoked and added to the Certificate Revocation List.

Certificate revocation should occur under all but which of the following conditions?

The certificate owner has held the certificate beyond the established lifetime timer

You have opted to use software-defined networking (SDN) to manage, control, and make changes to your network. You want to be able to use software to configure and intelligently control the network, rather relying on the individual static configuration files that are located each network device. SDN consists of three layers: Application layer Control layer Physical layer Which of the following describes what the SDN control layer does to networking devices that comprise the physical layer?

The control layer removes the control plane from networking devices and creates a single control plane.

When using SSL authentication, what does the client verify first when checking a server's identity?

The current date and time must fall within the server 's certificate validity period

Which statement best describes IPSec when used in tunnel mode?

The entire data packets, including headers, is encapsulated

The government and military use the following information classification system: Unclassified Sensitive but unclassified . Confidential . Secret Top secret Drag the classification on the left to the appropriate description on the right.

The lowest level of classified information used by the military. Release of this information could cause damage to military efforts. Confidential if this information is released, it poses grave consequences to national security. Top secret This information can be accessed by the public and poses no security threat. Unclassified If this information disclosed, it could cause some harm, but not a national disaster. Sensitive but unclassified If this information is disclosed, it could cause severe and permenant damage to military actions. Secret

Which of the following defines the crossover error rate for evaluating biometric systems?

The point where the number of false positives matches the number of false negatives in a biometric system.

The success of asymmetric encryption is dependent upon which of the following?

The secrecy of the key

Match the symmetric key distribution mechanism on the left with the appropriate description on the right. Each distribution mechanism may be used once, more than once, or not at all.

The sender's key is sent to a recipient using a Diffie Hellman key exchange. In-band distribution The sender's key is copied to a USB drive and handed to the recipient. Out-of-band distribution The sender's key is sent to the recipient using public key cryptography. In-band distribution The sender's key is burned to a CD and handed to the recipient. Out-of-band distribution

Which of the following describes the worst possible action by an IDS?

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts

You are the wireless network administrator for your organization. As the size of the organization has grown, you've decide to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. You've decided to use LEAP to authenticate wireless clients. To do this, you configured a Cisco RADIUS server and installed the necessary Cisco client software on each RADIUS client. Which of the following is true concerning this implementation?

The system is vulnerable because LEAP is susceptible to dictionary attacks .

You suspect that an Xmas tree attack is occuring on a system. Which of the following could result if you do no stop the attack?

The threat agent ill obtain information about open ports on the system The system will be unavailable to respond to legitiamte requests

Which of the following best describes an audit daemon?

The trusted utility that runs a background process whenever auditing is enabled.

Your organization uses an 802.11g wireless network. Recently, other tenants installed the following equipment in you rbuilding: Since the equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?

The wirless TV system

Which of the following is not true regarding cookies?

They operate within a security sandbox

Why are brute force attacks always successful?

They test every possible valid combination.

Drag the software-defined networking (SDN) layer on the left to the appropriate function on the right. (Each SDN layer may be used once, more than once, or not at all.)

This layer receives its requests from application layer. Control layer This layer is also known as the ionfrastructure layer- Physical This layer communicates with the control layrr through whats called the northbound interface-Application This layer provides the physical layer with configuration and instructions- control On this layer, individual netoworking devices use southbound API's to communicate with the control plane- physical

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identity to the target system?

Ticket

A user has just authenticated using Kerberos. which object is issued to the user immediate following login?

Ticket granting ticket

Which of the following are required when implementing Kerberos for authentication and authorization? (Select two.)

Time synchronization Ticket granting server

A honeypot is used for which purpose?

To delay intruders in order to gather auditing data

Which of the following is not a form of biometric?

Token device

A user named Bob Smith has been assigned a new desktop workstation to complete his day-to- day work When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. On first login, Bob is prompted to change his password, so he changes it to the name of his dog (Fido). What should you do to increase the security of Bob's account? (Select two.)

Train users not to use passwords that are easy to guess. Use Group Policy to require strong passwords on user accounts .

Purchasing insurance is what type of response to risk?

Transference An organization can transfer risk through the purchase of insurance. When calculating the cost of insurance and the deductible, balance the cost against the expected loss from the incident.

Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously?

Trojan horse

When configuring VLANs on a switch, what type of switch ports are members of all VLANS defined on the switch?

Trunk ports

Which option is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment while actively preventing re-entrance through the exit portal?

Turnstiles

How many keys are used with Public Key cryptography?

Two

How many keys are used with asymmetric (public key) cryptography?

Two

Which of the following is stronger than any biometric authentication factor?

Two-factor authentication

Recently, a Web site named www.vidshare.com has become extremely popular with users around world. An attacker registers the following domain names: www.videoshare.com www.vidshar.com www.vidsshare .com Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passtvords. What type of attack has occurred in this scenario?

Typosquatting

You want to use a vulnerability scanner to check a system for known security risks. What should you do first?

Update the scanner definition files

If your anti-virus software does not detect and remove a virus, what should you try first?

Update your virus detection software.

You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console You've configured the device with the user name admin01 and the password P@ssWOrd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?

Use SCP to back up the router configuration to a remote location

Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication?

Use SSL

In the VLAN configuration shown in the diag above, workstations in VLANI are not able to switch. communicate with workstations in VLAN2, even though they are connected to the same physical Which of the following can you use to allow workstations in VLAN1 to communicate with the workstations in VLAN2? (Select two. Each correct answer is a complete solution.)

Use a router to route packets between VLAN1 and VLAN2. Use a Layer 3 switch to route packets betiween VLANI and VLAN2

You've just deployed a new Cisco router that connects several network segments in your organization The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a password of password. What should you do to increase the security of this device?

Use a stronger administrative password .

Which of the following is a valid security measure to protect email from viruses?

Use blockes on email gateways

You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?

Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.

the system, and alter the log files to hide his actions. Which of the following actions would best You are concerned that an attacker can gain access to your Web server, make modifications to protect the log files?

Use syslog to send log entries to another server

The list specifies the level or type of access The list defines which subjects have access to certain objects The list is embedded directly in the object itself Which security mechanism uses a unique list that meets the following specifications: allowed to certain objects

User ACL

Which of the following information is typically not included in an access token?

User account password

Five salesman who work out of your office, They frequently leave their laptops laying on the desk in their cubical. You are concerned someone might walk by and take one of those laptops. Which of the following is the best way to address your concerned?

User cable locks to chain the laptops to the desks

Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can can be used as a pivot point to gain access to more sensitive systems compromise. You know that a workstation Which of the following is the most important aspect of maintaining network security against this type of attack?

User education and training

You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration?

Users cannot change the password for 10 days.

Match each bring your own device (BYOD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all. Users take pictures of proprietary processes and procedures.

Users take pictures of proprietary processes and procedures. -Specify where Devicea with a data plab can email stolen data- specify where and when mobile devices can be possesed Devices have no PIN or password configured. -Enroll devices in a mobile device management system. Anti-malware software is not installed. -Implement a network access control (NAC) solution. A device containing sensitive data may be lost.- enroll devices in a mobile device management system

Which of the following describes Privilege auditing?

Users' and groups' rights and privileges are checked to guard against creeping privileges.

Which of the following are characteristics of TACACS+? (Select two.)

Uses TCP Allows three different servers , one each for authentication , authorization , and accounting.

Which of the following is not a countermeasure against dictionary attacks?

Using short passwords

You run a small network for your business that has a single router connected to the Internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you stll need to access the network through the computer. What should you use for this situation?

VLAN

Your company small start-up company that has other businesses. All businesses share a common network infrastructure. A single switch leased office space in a building shared connects all devices in the building to the router that provides Internet access. You would like to make sure that your companies. Which feature should you request to have implemented?

VLAN

You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three R3-45 ports connected to the switch. You want visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement?

VLANs

Which of the following is the best countermeasure for someone attempting to view your network traffic?

VPN

A group of salesmen would like to access your private network through the internet while they are raveling. You want to control access tot he private network through a single server.

VPN concentrator

Which of the following items are contained in a digital certificate? (Select two.)

Validity period Public key

Which of the following CCTV camera types lets you adjust the distance that the camera can see?

Varifocal

Which of the following are true of a circuit proxy filter firewall? ( Select two)

Verifies sequencing of session packets Operates at the session layer

You have just received a generic looking email that is addressed as coming from the administrator of your company,. The email says that as part of a system upgrade, you need to enter your username and password at a new website so you can manage your email and spam using the new service. What should you do?

Verify that the email was sent by the admin and that this new service is legitimate

You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)

Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from device manufacturer

You've just received an e-mail message that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of the three files in \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. In response to this message, which action should you take first?

Verify the information on well-known malicious code threat management websites

Which of the following best describes blusnarfing?

Viewing calandar, emails, and emessages on a mobile device without authorization

You want to be able to identify the services running on a set of servers on your tool would best give you the information you need?

Vulnerability scanner

What is the main difference between vulnerability scanning and penetration testing?

Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter

You are concerned about sniffing attacks on your wireless network. Which of the following implementations offer the best countermeasure to sniffing?

WPA2 with ES

If your mission-critical services have a maximum tolerable downtime (MTD) (or a recovery time objective [RTO]) of 36 hours, what is the optimum form of recovery site?

Warm

Match the exploit on the right with the appropriate description on the left.

Watering hole attack An attacker compromises a Web site, hoping that a target individual will access the site and be exposed to the exploit. Arbitrary code execution exploit A vulnerability in a running process allows an attacker to inject malicious instructions and run them. LSO exploit A Flash cookie is used to collect information about the user's browsing habits without their permission. Zero-day attack An attacker exploits computer application vulnerabilities before they are known and patched by the application's developer.

You manage a website for your company. The website uses three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply. Considering the availability of your website, which component represents a single point of failure?

Website storage In this scenario, the shared storage is a single point of failure. A single point of failure means that failure in one component will cause the entire website to be unavailable. If the storage unit fails, then the website content will be unavailable.

Drag each penetration test characteristic on the left to the appropriate penetration test name on the right.

White box test The tester has detailed information about the target system prior to starting the test. Grey box test -The tester has the same amount of information that would be available to a typical insider in the organization. Black box test- the tester has no prior knowledge of thr target system Single blind test- Either the attacker has prior knowledge or the administrator knows the test is being performed Doubke Blind Test- the tester dows not have prior information and neither does the admin

You want to protect the authentication credentials you to connect to the LAB server in your network by copying them to USB drive. Click the option you use in Credential credentials

Windows Credentials ack up Credential ore Credentials LAB Modified: Today

Which of the following is an example of a decentralized privilege management solution?

Workgroup

You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?

Wreshark

Which of the following is an attack that injects malicious scripts into Web to redirect to fake websites or gather personal information?

XSS Cross-site scripting (XSS) is an attack that scripts run allowing the attacker to capture information or perform injects scripts into Web pages. When the user views the Web page, the malicious other actions.

The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN?

You can control security by isolating wireless guest devices within this VLAN.

Which of the following is not an administrative benefit of implementing VLANS?

You can simplify routing traffic between separate networks.

Your organization is formulating a bring your own device (BYOD) security policy for mobile devices. Which of the following statements should be considered as you formulate your policy?

You can't use domain-based group policies to enforce security settings on mobile devices.

In which of the following situations would you most likely implement a demilitarized zone (DMZ)?

You want to protect a public web server from attack.

In which of the following situations would you use port security?

You want to restrict the devices that could connect through a switch port .

You have just downloaded a file. You create a hash of the file and compare it to the hash pgcted on the website. The two hashes match. What do you know about the file?

Your copy is the same as the copy posted on the website.

Which of the following is NOT an advantage of using dloud storage?

Your organization can purchase additional storage capacity when needed

You have conducted a risk analysis ti protect a key company asset. You identified the following values: Asset value= 400 Exposure factor =75 Annualized Rate of Occurrence= .25

300 The SLE is the AV multiplied by the exposure factor, with the EF being a percentage of the asset value that is lost.

What is the average number of times that a specific risk is likely to be realized in a single year?

Annualized Rate of Occurrence

How often should change control management be implemented?

Any time a production system is altered.

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering?

Authroity

KWalletManger is a Linux based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials?(Two)

blowfish & GPG

You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherbo ave a TPM chip, so youve used an external USB flash drive to store the BitLocker startup key. Which system components are encrypted in this scenario? (Select two.)

c : \ volume Master boot record BitLocker uses full volume encryption, so the disk partition containing the C:\ volume is encrypted along with the master boot record. However, BitLocker does not encrypt the 100 MB system partition that contains the boot files, nor the system BIOS or RAM.

which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components?

carbon dioxide (CO2)

What chage command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires? (Tip: Enter the command as if at the command prompt.)

chage-M 60-W 10 jsmith

If a birthday attack is successful, meaning the attacker discovers a password that generates the same hash as that captured from a user's login credentials, which of the following is true? (Select two.)

collision was discovered The descovered password will allow the attacker to log in as the user even if the discovered password is not the same as the users

Match the recovery term on the right with the appropriate definition on the left.

component. Components should be replaced around the time that the MTBF is reached. Mean Time Between Failures (MTBF) identifies the average lifetime of a system or time to failure of a system or component. This metric assumes that the Mean Time To Failure (MTTF) measures the average system or component is not repaired at a ny point in its lifetime, which would extend its useful life. Maximum Tolerable Downtime (MTD) combines component or restore operations. also referred to as Mean Time to Restore. . Mea n Time To Repair (MTTR) identifies the average amount of time to repair a failed the RPO, RTO, MTBF, and MTTR to identify the length of time an organization can survive with a specified service, asset, or process down.

Which of the following are disadvantages to server virtualization?

compromised host system might affect multiple servers

During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates each installation for security vulnerabilities. Which assessment technique was used in this scenario?

configuration testing

The Brewer-Nash security model is designed primarily to prevent which activity?

conflicts of interest

You are responsible for maintaining Windows workstation operating systems in your organization. Recently, an update from Microsoft was automatically installed on your workstations that caused an application that was developed in-house to stop working. To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed production workstations. Currently, all of your testing virtual machines do not have a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates. What should you do? (Select two. Both responses are part of the complete solution.)

connect the virtual network interfaces in the virtual machines to the virtual switch . Create a new virtual switch configured for bridged (external) networking.

You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which action should you take?

create a GPO computer policy for the computers in the Development OU Network communication security settings are configured in the Computer Policies section of a GPO.

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. Which should you do?

create a granular password policy . Apply the policy to all users in the Directors ou

You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems versions and editions Currently, all of your testing virtual machines are connected to the production network through hypervisor's network interface. However, you are concerned that the latest application you are working could adversely impact other network hosts if errors exist in the code. To prevent issues, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select two. Both responses are part of the complete solution.)

create a new virtual switch configured for host - only ( internal ) networking . Connect the virtual network interfaces in the virtual machines to the virtual switch .

Which of the following is not an appropriate response to a risk discovered during a risk analysis?

denial

which of the following defines two man control?

Certain tasks should be dual-custody in nature to prevent security breach.

Match the employment process on the left with the appropriate task that should occur during that process on the right.

Conduct role-based training Employment Verify an individuals job history Pre-employment Show individuals how to protect sensitive information Employment disable a users account Termination Remind individuals of NDA agreements Termination Obtain an individuals credit history Pre-employment

You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?

Configure account expiration in the user accounts

A baseline

dictates the settings and security mechanisms that must be imposed on a system in order to comply with required security standards. Baselines are mandatory standards with which all systems must comply.

organization's security policies into the cloud storage infrastructure? Which of the following cloud storage access services acts as a gatekeeper, extending an

dloud access security broker Explanation doud access security broker (CASB) cloud storage infrastructure. A CASB user access, and data security through encryption and loss focuses on the visibility of the may act as a gatekeeper, extending an organization's security policies into the company data, regulation compliance,

Which of the following is the best protection against security violations

Defense in depth

To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?

Delphi method

Which of the following is not an element of the termination process?

Dissolution of the NDA

The best way to initiate solid administrative control over an organization's employee is to have what element in place?

Distinct job descriptions

Which of the following is a common social engineering attack?

Distributing hoax virus information emails

Your company is preparing to enter into a partnership relationship with another organization. It will be necessary for the information systems used by each organization to connect and integrate with each other.

Ensure the integration process maintains the security of each organizations network

Over the last several years, the use of mobile devices within your organization has increased dramatically. Unfortunately, many department heads circumvented your Information Systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result there is a proliferation of devices within your organization without accountability. You need to get things under control and begin tracking the devices that are owned by your organization. How should you do this?

Implement a mobile endpoint management (MEM) solution

What is another name for a backdoor that was accidentally left in a product by the manufacturer?

Maintenance hook

When recovering from a disaster, which services should you stabilize first?

Mission critical

Which of the following is a legal contract between the organization and the employee the specifies the employee is not to disclose the organizations confidential information?

Non-disclosure agreement

Which of the following is not an example of a physical barrier access control mechanism?

One time passwords

You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which camera type should you choose?

PTZ A Pan Tilt Zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas to monitor (cameras without PTZ capabilities are manually set looking a specific direction). Automatic PTZ mode automatically moves the camera between several preset locations; manual PTZ lets an operator remotely control the position of the camera.

Which of the following attacks tricks victims into provided confidential information ( such as identity information or login credentials) through emails that impersonate an online entity that the victim trusts?

Phishing

HIPPA us a set if federa l regulations that define security guidelines. What do HIPPA guidelines protect?

Privacy

In which phase of the system life cycle is security integrated into the product?

Project initiation

What is the most effective way to improve or enforce security in any environment?

Providing user-awareness training

Match each manageable network plan milestone on the left with the tasks that are associated with that milestone on the right.

Remove insecure protocols-Reach your network Implement the principle of least privilege- Control your network Segregate and isolate networks- Protect your network Establish an update management process- Manage Establish a baseline for all systems- Manage

Which of the following are solutions that address physical security? ( Select two)

Require identification and name badges for all employees Escort visitors at all times

Which of the following program writing development modes is a method that allows for optimal control over coherence, security, accuracy, and comprehensibility?

Structured programming

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan with two other database professionals. Which type of BCP test is this considered?

Tabletop exercise

Which of the following are typically associated with human resource security policies ( Select two)

Termination Background checks

Which of the following are disadvantages of server virtualization?

failure in one hardware component could affect multiple servers

You have installed anti-virus on computers at your business. Within a few days, however, you notice that one computer has a virus. What should do you add to your security measures to help prevent this from happening again?

User awareness training

Which of the following social engineering attacks use Voice over IP to gain sensitive information?

Vishing

A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind in production. Which type of an attack best describes the scenario?

Whaling

When would choosing to do nothing about an identified risk be acceptable?

When the cost of protecting the asset s greater than the potential loss.

A guidline

is a recommendations for use when a specific standard or procedure does not exist. Guidelines are considered non-compulsory and flexible

A procedure

is a step-by-step process that outlines how to implement a specific action.

You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use?

gpasswd Research Use gpasswd Research to be prompted to enter a new password for the Research group. Group names are case-sensitive, so gpasswd research won't change the password for the Research group. The groupmod command does not have a switch that can be used to change passwords. And newpasswd is not a valid Linux command.

Which of the following is an example of a strong password?

a8bT11$yi (a strong password should not contain dictionary words or any part of the login name. They should include upper-and lower-case letters, and symbols. In addition, longer passwords are stronger than shorter passwords.

What is the primary countermeasure to social engineering?

awareness

Which of the following is not a protection against collusion?

cross training

You are the administrator for a small company. You need to add a new group of users to the system. The group's name is sales. Which command will accomplish this?

groupadd sales Use the groupadd utility to add a group to the system. By default, the group will be added with an incrementing number above those reserved for system accounts. If you use the -r option, it will add the account as a system account (with a reserved group id number). Because this is a group that is created for users, the -r option should not be used.

You have a group named temp_sales on your system. The group is no longer needed, and you the Which of the following commands should you use?

groupdel temp_sales Use groupdel to delete a group from the Linux system. newgroup logs the user in to a group with the group password, but does not contain a -R option. groupmod modifies Be aware of the following options:

Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. following commands will accomplish this?

groupmod - n marketing sales Use the groupmod utility to modify existing groups. Use the-n parameter to change the name of a group to a new text value.

You want to see which primary and secondary groups the dredford user belongs to. Enter the command you would use to display group memberships for dredford.

groups dredford To display the primary and secondary group membership for a specified user account, use the groups command. In this case, you would enter

which of the following is a recommendation to use when a specific standard or procedure does not exist?

guideline

What is a PKI?

hierarchy of computers for issuing certificates

Smart devices are attractive targets for cyber criminals because they typically have minimal security and are not protected with anti-malware software. This makes it easier to exploit these types of devices and perpetrate attacks. Many smart devices can be utlized to conduct a single coordinated attack. What is this type of attack usually called?

highly distributed attack

obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where?

identifying data and a certification request to the registration authority ( RA )

Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?

implement an application - aware IPS in front of the web server

Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?

input validation

A Trusted Platform Module (TPM)

is a hardware cryptoprocessor that resides on the motherboard cryptographic keys. These keys are used for encryption and authentication, but the TPM does not perform the actual encryption. A smart card is a hardware device containing digital certificate. The smart card can be used for authentication. Special hardware processors perform bulk encryption in hardware, rather than software. These processors typically encrypt data using AES or encrypt network traffic using IPSec.

Which of the following are true of Triple DES (3DES)? (Select two.)

is used in IPsec Uses 64 bit blocks with 128 bit keys

Which of the following is an appropriate definition of a VLAN?

logical grouping of devices based on service need protocol or other criteria

Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands. The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen. Which of following should you implement?

mobile device management infrastructure

Which command should you use to display both listening and non-listening sockets on your Linux system? (Tip: Enter the command as if at the command prompt.)

netstat -a

You need to enumerate the devices on your network and display the configuration details of the network. Which of the following utilities should you use?

nmap

What is another term for the type of login credentials provided by a token device?

one - time password

You suspect that the gshant user account is locked. Enter the command you use at the command prompt to show the status of the user account.

passwd -S gshant

Which component is a single point of failure for the website?

single point of failure means that failure in one component will cause the entire website to be unavailable. In this scenario, the disk controller is a single point of failure. If the disk controller fails, content for the website will be unavailable.

Which of the following describes high amplification when applied to hashing algorithms?

small change in the message results in a big change in the hash value.

Which of the following is a hardware device that contains identification information and can be used to control building access or computer logon?

smart card

What type of attack is most likely to succeed with communications between instant messaging clients?

sniffing

Incorrect You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?

spanning tree

Which of the following solutions would you implement to eliminate switching loops?

spanning tree

You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available.

spanning tree

In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of common user names and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

strong password policy

What form of cryptography is best suited for bulk encryption because it is so fast?

symmetric key cryptography

Which of the following is the best example of remote access authentication?

user establishes a dial-up connection to a server to gain access to shared resources

A user with the account name larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage files in the system in the very future. he following commands will disable or remove the user account from the system apd remove his home directory?

userdel -r larry

An employee named Bob Smith, whose user name is bsmith, has left the company. You have been instructed delete his user account and home directory. Which of the following commands would produce the required outcome? (Choose all that apply)

userdel bsmith;rm -rf /home/bsmith userdel -r bsmith

independent solution.) represents an Which of the following utilities could you use to lock a user account? (Select two. Each answer

usermod passwd

You have performed audit and have found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account?

usermod - L joer

One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscottto kjones, but no other values change. Which of the following commands will accomplish this?

usermod -I kjones kscott

of the following statements about virtual networks is true? (Select two.)

virtual network is dependent on the configuration and physical hardware of the host operating system. Multiple virtual networks can be associated with a single physical network adapter.

Which of the following devices facilitates communication between different virtual machines by checking data packets before moving them to a destination?

virtual switch

Sensitive data is monitored by the data loss prevention (DLP) system in four different states. Which of the following is NOT one of the Sensitive data is monitored by the data loss prevention states monitored by P? transmitted

while a file with sensitive data is being created.

Based on the VLAN configuration shown in the diagram above, which of following true?

workstations in VLAN 1 are able to communicate with workstations in VLAN2 because they are connected to the same physical switch.

Which standard is most widely used for certificates?

x.509 Explanation elements that must exist within a certificate. This standard is used by PKI (Public Key The standard for certificates that is most widely used is X.509. This standard defines the key

You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages.

yum list installed

Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack?

zero - knowledge team

What is the goal of a ToP/IP hijacking attack?

→ O Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access.

To transfer files to your company's internal network from home, you use FTP. The administrator has recently implemented a firewall at the network perimeter and disabled as many ports as possible. Now you can no longer make the FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (Select two.)

■ 20 21

Which of the following is the strongest hashing algorithm?

○ SHA - 1 SHA-1 is the strongest hashing algorithm. SHA-1 generates a message digest of 160 bits MD - 5 is weaker than SHA - 1 , producing message digest of 128 bits . LANMAN and NTLM both hashes of data. LANMAN is less secure than NTLM, with either method being less secure than use hashing to protect authentication credentials, but these protocols are not used for creating MD-5 (NTLM uses either MD-4 or MD-5 to produce the hash),.

While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user's computer. game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario?

。Locally shared object ( LSO ) exploit


Kaugnay na mga set ng pag-aaral

Człowiek - mówienie - str. 290 - Obrazek - Uczeń B

View Set

Dosage Calculation Med Surg Practice Test

View Set

Prep-U Chapter 50: Assessment and management of patients with biliary disorders

View Set

EF3 Inter - 4A - can could, be able to

View Set

MTA Introduction to Programming Using Python Test 1 Training

View Set