Part 6
Which of the following concepts ensure ACL rules on a directory are functioning as expected? (Choose two.) --FLAGGED A. Accounting B. Authentication C. Auditing D. Authorization E. Non-repudiation
A, C
A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select? A. EAP-FAST B. EAP-TLS C. PEAP D. EAP
C
A user is presented with the following items during the new-hire onboarding process: *-Laptop -Secure USB drive -Hardware OTP token -External high-capacity HDD -Password complexity policy -Acceptable use policy -HASP key -Cable lock* Which of the following is one component of multifactor authentication? A. Secure USB drive B. Cable lock C. Hardware OTP token D. HASP key
C
After a routine audit, a company discovers that engineering documents have been leaving the network on a particular port. The company must allow outbound traffic on this port, as it has a legitimate business use. Blocking the port would cause an outage. Which of the following technology controls should the company implement? A. NAC B. Web proxy C. DLP D. ACL
C
An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request. Which of the following secure protocols is the developer MOST likely to use? A. FTPS B. SFTP C. SSL D. LDAPS E. SSH
C
An attacker wearing a building maintenance uniform approached a company's receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge and checks the company's list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks? A. Tailgating B. Shoulder surfing C. Impersonation D. Hoax
C
A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have a local server. Because there is sensitive data within the report and the size of the report is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Select three.) A. S/MIME B. SSH C. SNMPv3 D. FTPS E. SRTP F. HTTPS G. LDAPS
B, D, F
Which of the following use the SSH protocol? (Select two --NOT INDICATED) A. Stelnet B. SCP C. SNMP D. FTPS E. SSL F. SFTP
B, F
A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm? A. Vulnerability scanning B. Penetration testing C. Application fuzzing D. User permission auditing
A
A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Which of the following types of controls does this BEST describe? A. Deterrent B. Preventive C. Detective D. Compensating
A
A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees? A. WPS B. 802.1x C. WPA2-PSK D. TKIP
A
A security administrator is adding a NAC requirement for all VPN users to ensure the connecting devices are compliant with company policy. Which of the following items provides the HIGHEST assurance to meet this requirement? --FLAGGED A. Implement a permanent agent. B. Install antivirus software. C. Use an agentless implementation. D. Implement PKI.
A
A security analyst observes the following events in the logs of an employee workstation: -1/23 1:07:16 865 Access to C:\Users\user\temp\oasdfkh.hta has been restricted by your administrator by the default restriction policy level. -1/23 1:07:09 1034 The scan complete. No detections were found. The security analyst reviews the file system and observes the following: *-C:\>dir -C:\User\user\temp -1/23 1:07:02 oasdfkh.hta -1/23 1:07:02 update.bat -1/23 1:07:02 msg.txt* Given the information provided, which of the following MOST likely occurred on the workstation? A. Application whitelisting controls blocked an exploit payload from executing. B. Antivirus software found and quarantined three malware files. C. Automatic updates were initiated but failed because they had not been approved. D. The SIEM log agent was not tuned properly and reported a false positive.
A
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue? A. Botnet B. Ransomware C. Polymorphic malware D. Armored virus
A
A systems administrator wants to replace the process of using a CRL to verify certificate validity. Which of the following would BEST suit the administrator's needs? A. OCSP B. CSR C. Key escrow D. CA
A
A technician is configuring a wireless guest network. After applying the most recent changes the technician finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network. Which of the following security measures did the technician MOST likely implement to cause this Scenario? A. Deactivation of SSID broadcast B. Reduction of WAP signal output power C. Activation of 802.1X with RADIUS D. Implementation of MAC filtering E. Beacon interval was decreased
A
A technician must configure a firewall to block external DNS traffic from entering a network. Which of the following ports should they block on the firewall? A. 53 B. 110 C. 143 D. 443
A
A technician suspects that a system has been compromised. The technician reviews the following log entry: *WARNING- hash mismatch: C:\Window\SysWOW64\user32.dll WARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll* Based solely ono the above information, which of the following types of malware is MOST likely installed on the system? A. Rootkit B. Ransomware C. Trojan D. Backdoor
A
A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a: A. Credentialed scan. B. Non-intrusive scan. C. Privilege escalation test. D. Passive scan.
A
Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility. Which of the following terms BEST describes the security control being employed? --FLAGGED A. Administrative B. Corrective C. Deterrent D. Compensating
A
An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS? A. PEAP B. EAP C. WPA2 D. RADIUS
A
An auditor wants to test the security posture of an organization by running a tool that will display the following: *-JIMS <00> UNIQUE Registered -WORKGROUP <00> GROUP Registered -JIMS <00> UNIQUE Registered* Which of the following commands should be used? A. nbtstat B. nc C. arp D. ipconfig
A
An organization wants to separate permissions for individuals who perform system changes from individuals who perform auditing of those system changes. Which of the following access control approaches is BEST suited for this? A. Assign administrators and auditors to different groups and restrict permissions on system log files to read-only for the auditor group. B. Assign administrators and auditors to the same group, but ensure they have different permissions based on the function they perform. C. Create two groups and ensure each group has representation from both the auditors and the administrators so they can verify any changes that were made. D. Assign file and folder permissions on an individual user basis and avoid group assignment altogether.
A
Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing? A. ACLs B. HIPS C. NAT D. MAC filtering
A
The concept of connecting a user account across the systems of multiple enterprises is BEST known as: A. federation. B. a remote access policy. C. multifactor authentication. D. single sign-on.
A
When identifying a company's most valuable assets as part of a BIA, which of the following should be the FIRST priority? A. Life B. Intellectual property C. Sensitive data D. Public reputation
A
Which of the following can be provided to an AAA system for the identification phase? A. Username B. Permissions C. One-time token D. Private certificate
A
Which of the following differentiates a collision attack from a rainbow table attack? A. A rainbow table attack performs a hash lookup B. A rainbow table attack uses the hash as a password C. In a collision attack, the hash and the input data are equivalent D. In a collision attack, the same input results in different hashes
A
Which of the following is the GREATEST risk to a company by allowing employees to physically bring their personal smartphones to work? A. Taking pictures of proprietary information and equipment in restricted areas. B. Installing soft token software to connect to the company's wireless network. C. Company cannot automate patch management on personally-owned devices. D. Increases the attack surface by having more target devices on the company's campus
A
Which of the following must be intact for evidence to be admissible in court? A. Chain of custody B. Order of volatility C. Legal hold D. Preservation
A
Which of the following occurs when the security of a web application relies on JavaScript for input validation? A. The integrity of the data is at risk. B. The security of the application relies on antivirus. C. A host-based firewall is required. D. The application is vulnerable to race conditions.
A
Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS? A. Privilege escalation B. Pivoting C. Process affinity D. Buffer overflow
A
Which of the following technologies employ the use of SAML? (Select two.) A. Single sign-on B. Federation C. LDAP D. Secure token E. RADIUS
A, B
A company is currently using the following configuration: *-IAS server with certificate-based EAP-PEAP and MSCHAP -Unencrypted authentication via PAP* A security administrator needs to configure a new wireless setup with the following configurations: *-PAP authentication method -PEAP and EAP provide two-factor authentication.* Which of the following forms of authentication are being used? (Select two.) A. PAP B. PEAP C. MSCHAP D. PEAP- MSCHAP E. EAP F. EAP-PEAP
A, C
Which of the following are methods to implement HA in a web application server environment? (Select two.) A. Load balancers B. Application layer firewalls C. Reverse proxies D. VPN concentrators E. Routers
A, B
A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Select two.) A. Generate an X.509-compliant certificate that is signed by a trusted CA. B. Install and configure an SSH tunnel on the LDAP server. C. Ensure port 389 is open between the clients and the servers using the communication. D. Ensure port 636 is open between the clients and the servers using the communication. E. Remote the LDAP directory service role from the server.
A, D
A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.) A. Geofencing B. Remote wipe C. Near-field communication D. Push notification services E. Containerization
A, E
A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement? A. ISA B. NDA C. MOU D. SLA
B
A copy of a highly confidential salary report was recently found on a printer in the IT department. The human resources department does not have this specific printer mapped to its devices, and it is suspected that an employee in the IT department browsed to the share where the report was located and printed it without authorization. Which of the following technical controls would be the BEST choice to immediately prevent this from happening again? A. Implement a DLP solution and classify the report as confidential, restricting access only to human resources staff B. Restrict access to the share where the report resides to only human resources employees and enable auditing C. Have all members of the IT department review and sign the AUP and disciplinary policies D. Place the human resources computers on a restricted VLAN and configure the ACL to prevent access from the IT department
B
A database backup schedule consists of weekly full backups performed on Saturday at 12:00 a.m. and daily differential backups also performed at 12:00 a.m. If the database is restored on Tuesday afternoon, which of the following is the number of individual backups that would need to be applied to complete the database recovery? A. 1 B. 2 C. 3 D. 4
B
A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired? --FLAGGED A. The certificate was self signed, and the CA was not imported by employees or customers B. The root CA has revoked the certificate of the intermediate CA C. The valid period for the certificate has passed, and a new certificate has not been issued D. The key escrow server has blocked the certificate from being validated
B
A junior systems administrator noticed that one of two hard drives in a server room had a red error notification. The administrator removed the hard drive to replace it but was unaware that the server was configured in an array. Which of the following configurations would ensure no data is lost? A. RAID 0 B. RAID 1 C. RAID 2 D. RAID 3
B
A network technician needs to monitor and view the websites that are visited by an employee. The employee is connected to a network switch. Which of the following would allow the technician to monitor the employee's web traffic? A. Implement promiscuous mode on the NIC of the employee's computer. B. Install and configured a transparent proxy server. C. Run a vulnerability scanner to capture DNS packets on the router. D. Configure a VPN to forward packets to the technician's computer.
B
A security administrator has found a hash in the environment known to belong to malware. The administrator then finds this file to be in in the preupdate area of the OS, which indicates it was pushed from the central patch system. *File: winx86_adobe_flash_upgrade.exe Hash: 99ac28bede43ab869b853ba62c4ea243* The administrator pulls a report from the patch management system with the following output: InstallDate PackageName TargetDevicesHash *-10/10/2017 java_11.2_x64.exe HQ PC's 01ab28bbde63aa879b35bba62cdes283 -10/10/2017 winx86_adobe_flash_upgrade.exe HQ PC's 99ac28bede43ab869b853ba62c4ea243* Given the above outputs, which of the following MOST likely happened? A. The file was corrupted after it left the patch system. B. The file was infected when the patch manager downloaded it. C. The file was not approved in the application whitelist system. D. The file was embedded with a logic bomb to evade detection.
B
A security analyst has received the following alert snippet from the HIDS appliance: *PROTOCOL SIG SRC.PORT DST.PORT TCP XMAS SCAN 192:168:1.1:1091 192.168.1.2:8891 TCP XMAS SCAN 192:168:1.1:649 192.168.1.2:9001 TCP XMAS SCAN 192:168:1.1:2264 192.168.1.26455: TCP XMAS SCAN 192:168:1.1:3464 192.168.1.2:8744* Given the above logs, which of the following is the cause of the attack? A. The TCP ports on destination are all open B. FIN, URG, and PSH flags are set in the packet header C. TCP MSS is configured improperly D. There is improper Layer 2 segmentation
B
A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection? A. tracert B. netstat C. ping D. nslookup
B
A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk in this situation? A. An attacker can access and change the printer configuration. B. SNMP data leaving the printer will not be properly encrypted. C. An MITM attack can reveal sensitive information. D. An attacker can easily inject malicious code into the printer firmware. E. Attackers can use the PCL protocol to bypass the firewall of client computers.
B
A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another. Which of the following should the security administrator do to rectify this issue? A. Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability B. Recommend classifying each application into like security groups and segmenting the groups from one another C. Recommend segmenting each application, as it is the most secure approach D. Recommend that only applications with minimal security features should be segmented to protect them
B
A system administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network? --FLAGGED A. Open wireless network and SSL VPN B. WPA using a preshared key C. WPA2 using a RADIUS back-end for 802.1x authentication D. WEP with a 40-bit key
B
A system's administrator has finished configuring firewall ACL to allow access to a new web server. *-PERMIT TCP from: ANY to: 192.168.1.10:80 -PERMIT TCP from: ANY to: 192.168.1.10:443 DENY TCP from: ANY to: ANY* The security administrator confirms form the following packet capture that there is network traffic from the internet to the web server: *-TCP 10.23.243.2:2000->192.168.1.10:80 POST/default's -TCP 172.16.4.100:1934->192.168.1.10:80 GET/session.aspx?user1_sessionid=a12ad8741d8f7e7ac723847cBaa8231a* The company's internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned? A. Misconfigured firewall B. Clear text credentials C. Implicit deny D. Default configuration
B
An administrator has concerns regarding the traveling sales team who works primarily from smart phones. Given the sensitive nature of their work, which of the following would BEST prevent access to the data in case of loss or theft? A. Enable screensaver locks when the phones are not in use to prevent unauthorized access B. Configure the smart phones so that the stored data can be destroyed from a centralized location C. Configure the smart phones so that all data is saved to removable media and kept separate from the device D. Enable GPS tracking on all smart phones so that they can be quickly located and recovered
B
An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future? A. Use a honeypot B. Disable unnecessary services C. Implement transport layer security D. Increase application event logging
B
An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend? A. Web application firewall B. SIEM C. IPS D. UTM E. File integrity monitor
B
An organization needs to implement a large PKI. Network engineers are concerned that repeated transmission of the OCSP will impact network performance. Which of the following should the security analyst recommend is lieu of an OCSP? A. CSR B. CRL C. CA D. OID
B
An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented? A. Use a camera for facial recognition B. Have users sign their name naturally C. Require a palm geometry scan D. Implement iris recognition
B
Company policy requires the use if passphrases instead if passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases? A. Reuse B. Length C. History D. Complexity
B
Joe, a security administrator, needs to extend the organization's remote access functionality to be used by staff while travelling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services. Which of the following represents the BEST access technology for Joe to use? A. RADIUS B. TACACS+ C. Diameter D. Kerberos
B
Joe, a user at a company, clicked an email link that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware? A. Install a definition-based antivirus. B. Implement an IDS/IPS. C. Implement a heuristic behavior-detection solution. D. Implement CASB to protect the network shares.
B
To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met? A. Create a daily encrypted backup of the relevant emails. B. Configure the email server to delete the relevant emails. C. Migrate the relevant emails into an "Archived" folder. D. Implement automatic disk compression on email servers.
B
Which of the following cryptographic algorithms is irreversible? A. RC4 B. SHA-256 C. DES D. AES
B
Which of the following is the summary of loss for a given year? A. MTBF B. ALE C. SLA D. ARO
B
Which of the following network vulnerability scan indicators BEST validates a successful, active scan? A. The scan job is scheduled to run during off-peak hours. B. The scan output lists SQL injection attack vectors. C. The scan data identifies the use of privileged-user credentials. D. The scan results identify the hostname and IP address.
B
Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against? A. Passwords written on the bottom of a keyboard B. Unpatched exploitable Internet-facing services C. Unencrypted backup tapes D. Misplaced hardware token
B
A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening. In order to implement a true separation of duties approach the bank could: A. Require the use of two different passwords held by two different individuals to open an account B. Administer account creation on a role based access control approach C. Require all new accounts to be handled by someone else other than a teller since they have different duties D. Administer account creation on a rule based access control approach
C
A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements? A. The vulnerability scanner is performing an authenticated scan. B. The vulnerability scanner is performing local file integrity checks. C. The vulnerability scanner is performing in network sniffer mode. D. The vulnerability scanner is performing banner grabbing.
C
A botnet has hit a popular website with a massive number of GRE-encapsulated packets to perform a DDoS attack. News outlets discover a certain type of refrigerator was exploited and used to send outbound packets to the website that crashed. To which of the following categories does the refrigerator belong? A. SoC B. ICS C. IoT D. MFD
C
A company has a data classification system with definitions for "Private" and "Public". The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary". Which of the following is the MOST likely reason the company added this data type? A. Reduced cost B. More searchable data C. Better data classification D. Expanded authority of the privacy officer
C
A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files? A. HTTPS B. LDAPS C. SCP D. SNMPv3
C
A company's AUP requires: *-Passwords must meet complexity requirements. -Passwords are changed at least once every six months. -Passwords must be at least eight characters long.* An auditor is reviewing the following report: *Username LastLogin LastChanged Carol 2 hours 90 days David 2 hours 30 days Ann 1 hour 247 days Joe 0.5 hours 7 days* Which of the following controls should the auditor recommend to enforce the AUP? A. Account lockout thresholds B. Account recovery C. Password expiration D. Prohibit password reuse
C
A group of non-profit agencies wants to implement a cloud service to share resources with each other and minimize costs. Which of the following cloud deployment models BEST describes this type of effort? A. Public B. Hybrid C. Community D. Private
C
A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement? A. DMZ B. NAT C. VPN D. PAT
C
A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production. Which of the following would correct the deficiencies? A. Mandatory access controls B. Disable remote login C. Host hardening D. Disabling services
C
A security administrator has been tasked with improving the overall security posture related to desktop machines on the network. An auditor has recently that several machines with confidential customer information displayed in the screens are left unattended during the course of the day. Which of the following could the security administrator implement to reduce the risk associated with the finding? A. Implement a clean desk policy B. Security training to prevent shoulder surfing C. Enable group policy based screensaver timeouts D. Install privacy screens on monitors
C
A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the following should the security analyst use to prevent this vulnerability? A. Application fuzzing B. Error handling C. Input validation D. Pointer dereference
C
An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization's security policy, the employee's access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action? A. Approve the former employee's request, as a password reset would give the former employee access to only the human resources server. B. Deny the former employee's request, since the password reset request came from an external email address. C. Deny the former employee's request, as a password reset would give the employee access to all network resources. D. Approve the former employee's request, as there would not be a security issue with the former employee gaining access to network resources
C
An organization's file server has been virtualized to reduce costs. Which of the following types of backups would be MOST appropriate for the particular file server? A. Snapshot B. Full C. Incremental D. Differential
C
Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices? A. Cross-site scripting B. DNS poisoning C. Typo squatting D. URL hijacking
C
Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions: *-Shut down all network shares. -Run an email search identifying all employees who received the malicious message. -Reimage all devices belonging to users who opened the attachment. Next, the teams want to re-enable the network shares.* Which of the following BEST describes this phase of the incident response process? A. Eradication B. Containment C. Recovery D. Lessons learned
C
The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data? A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end- to-end encryption between mobile applications and the cloud.
C
Which of the following best describes routine in which semicolons, dashes, quotes, and commas are removed from a string? A. Error handling to protect against program exploitation B. Exception handling to protect against XSRF attacks. C. Input validation to protect against SQL injection. D. Padding to protect against string buffer overflows.
C
A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Select two.) A. The portal will function as a service provider and request an authentication assertion. B. The portal will function as an identity provider and issue an authentication assertion. C. The portal will request an authentication ticket from each network that is transitively trusted. D. The back-end networks will function as an identity provider and issue an authentication assertion. E. The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store. F. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.
C, D
After a merger between two companies a security analyst has been asked to ensure that the organization's systems are secured against infiltration by any former employees that were terminated during the transition. Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO) A. Monitor VPN client access B. Reduce failed login out settings C. Develop and implement updated access control policies D. Review and address invalid login attempts E. Increase password complexity requirements F. Assess and eliminate inactive accounts
C, F
A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test. Which of the following has the administrator been tasked to perform? A. Risk transference B. Penetration test C. Threat assessment D. Vulnerability assessment
D
A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report? A. Architecture evaluation B. Baseline reporting C. Whitebox testing D. Peer review
D
A security analyst receives an alert from a WAF with the following payload: var data= "<test test test>" ++ <../../../../../../etc/passwd>" Which of the following types of attacks is this? A. Cross-site request forgery B. Buffer overflow C. SQL injection D. JavaScript data insertion E. Firewall evasion script
D
A system administrator wants to provide for and enforce wireless access accountability during events where external speakers are invited to make presentations to a mixed audience of employees and non-employees. Which of the following should the administrator implement? A. Shared accounts B. Preshared passwords C. Least privilege D. Sponsored guest
D
A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following: *-There is no standardization. -Employees ask for reimbursement for their devices. -Employees do not replace their devices often enough to keep them running efficiently. -The company does not have enough control over the devices.* Which of the following is a deployment model that would help the company overcome these problems? A. BYOD B. VDI C. COPE D. CYOD
D
A datacenter engineer wants to ensure an organization's servers have high speed and high redundancy and can sustain the loss of two physical disks in an array. Which of the following RAID configurations should the engineer implement to deliver this functionality? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10 E. RAID 50
D
A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed? A. Removing the hard drive from its enclosure B. Using software to repeatedly rewrite over the disk space C. Using Blowfish encryption on the hard drives D. Using magnetic fields to erase the data
D
A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile date first. Which of the following is the correct order in which Joe should collect the data? A. CPU cache, paging/swap files, RAM, remote logging data B. RAM, CPU cache. Remote logging data, paging/swap files C. Paging/swap files, CPU cache, RAM, remote logging data D. CPU cache, RAM, paging/swap files, remote logging data
D
A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company. Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network? A. Pre-shared key B. Enterprise C. Wi-Fi Protected setup D. Captive portal
D
An administrator is configuring access to information located on a network file server named "Bowman". The files are located in a folder named "BalkFiles". The files are only for use by the "Matthews" division and should be read-only. The security policy requires permissions for shares to be managed at the file system layer and also requires those permissions to be set according to a least privilege model. Security policy for this data type also dictates that administrator-level accounts on the system have full access to the files. The administrator configures the file share according to the following table: Share permissions 1 Everyone Full Control File system permissions 2 Bowman\Users Modify Inhertited 3 Domain\Matthews Read NotInherited 4 Bowman\System FullControl Inherited 5 Bowman\Administrators FullControl NotInherited Which of the following rows has been misconfigured? A. Row 1 B. Row 2 C. Row 3 D. Row 4 E. Row 5
D
An employee receives an email, which appears to be from the Chief Executive Officer (CEO), asking for a report of security credentials for all users. Which of the following types of attack is MOST likely occurring? A. Policy violation B. Social engineering C. Whaling D. Spear phishing
D
Ann. An employee in the payroll department, has contacted the help desk citing multiple issues with her device, including: *-Slow performance -Word documents, PDFs, and images no longer opening -A pop-up* Ann states the issues began after she opened an invoice that a vendor emailed to her. Upon opening the invoice, she had to click several security warnings to view it in her word processor. With which of the following is the device MOST likely infected? A. Spyware B. Crypto-malware C. Rootkit D. Backdoor
D
Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping? A. Encrypt it with Joe's private key B. Encrypt it with Joe's public key C. Encrypt it with Ann's private key D. Encrypt it with Ann's public key
D
Which of the following cryptography algorithms will produce a fixed-length, irreversible output? A. AES B. 3DES C. RSA D. MD5
D
Which of the following security controls does an iris scanner provide? A. Logical B. Administrative C. Corrective D. Physical E. Detective F. Deterrent
D
Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources? A. Private B. Hybrid C. Public D. Community
D
Which of the following would a security specialist be able to determine upon examination of a server's certificate? A. CA public key B. Server private key C. CSR D. OID
D
A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network. Which of the following should be implemented in order to meet the security policy requirements? A. Virtual desktop infrastructure (IDI) B. WS-security and geo-fencing C. A hardware security module (HSM) D. RFID tagging system E. MDM software F. Security Requirements Traceability Matrix (SRTM)
E
