Pre-Assessment Exam
Your organization is hosting a wireless network with an 802.1x server using PEAP. On Thursday, users report they can no longer access the wireless network, but they could access it on the previous day. Administrators verified the network configuration matches the baseline, there aren't any hardware outages, and the wired network is operational. Which of the following is the MOST likely cause for this problem? A. The RADIUS server certificate expired B. DNS is providing incorrect host names C. DHCP is issuing duplicate IP addresses D. MAC filtering is enabled
A. The most likely cause is that the Remote Authentication Dial-In-User Service (RADIUS) server certificate expired. An 802.1x server is implemented as a RADIUS server and Protected Extensible Authentication Protocol (PEAP) requires a certificate, which is a key clue in this question.
Bart is adding a DMZ into his organization's network. Which of the following is the BEST description of why he would do so? A. To increase security for servers accessed from public networks B. To provide a secure physical location for networking equipment C. To lure attackers to a fake server or fake network D. To cache data retreived from a web server
A. A demilitarized zone (DMZ) is a logical buffer zone for servers accessed from the public networks such as the Internet, and it provides a layer of security for servers in the DMZ.
You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring? A. DDoS attack B. DoS attack C. Amplification attack D. Salting attack
A. A distributed denial-of-service (DDoS) attack includes attacks from multiple systems with the goal of depleting the target's resources and this scenario indicates multiple connection attempts from different IP addresses. A DoS attack comes from a single system, and a SYN flood is an example of a DoS attack. While the DDoS attack may be an amplification attack (an attack that significantly increases the amount of traffic sent to the victim), the scenario doesn't give enough details to identify this as an amplification attack. Salting is a method used to prevent brute force attacks to discover passwords
Management suspects that employees have been sending proprietary data out of the network via email. They want to implement a solution that will detect and block similar incidents in the future. Which of the following is the BEST choice to meet this need? A. Mail gateway B. UTM appliance C. Forward proxy D. Reverse proxy
A. A mail gateway is placed between an email server and the Internet and mail gateways typically include data loss prevention (DLP) capabilities. They can inspect the contents of outgoing traffic looking for key words and block any traffic containing proprietary data.
An organization has decided to increase the amount of customer data it maintains and use it for targeted sales. The privacy officer has determined that this data is PII. Which type of assessment should be completed to ensure the organization is complying with applicable laws and regulations related to this data? A. Privacy impact assessment B. Privacy threshold assessment C. Threat assessment D. Supply chain and HMAC
A. A privacy impact assessment attempts to identify potential risks related to Personally Identifiable Information (PII) and ensure the organization is complying with application laws and regulations.
Ziffcorp is developing a new technology that they expect to become a huge success when it's released. The CIO is concerned about someone stealing their company secrets related to this technology. Which of the following will help the CIO identify potential dangers related to the loss of this technology? A. Threat assessment B. Vulnerability assessment C. Privacy threshold assessment D. Privacy impact assessment
A. A threat assessment evaluates potential dangers that can compromise the confidentiality, integrity, and/or availability of data or a system. It evaluates threats and attempts to identify the potential impact from threats.
The First Bank of Springfield has been experiencing widespread fraud recently. Attackers are transferring funds out of customer accounts to other banks. The bank began requiring customers to obtain credentials in person at the bank. However, this hasn't reduced the number of fraudulent transactions. After reviewing available logs, investigators determined that these fraudulent transactions are conducted with the customer's actual credentials. Which of the following security controls should be strengthened to reduce these incidents? A. Authentication B. Identification C. Accounting D. Authorization
A. Authentication should be increased, such as by forcing users to use stronger passwords. The scenario indicates that attackers are somehow obtaining customer credentials and using them to conduct the fraudulent transactions.
While reviewing logs for a web application, a developer notices that it has crashed several times reporting a memory error. Shortly after after it crashes, the logs show malicious code that isn't part of a known application. Which of the following is MOST likely occurring? A. Buffer overflow B. ARP poisoning C. Privilege escalation D. Replay
A. Buffer overflow attacks often cause an application to crash and expose system memory. Attackers then write malicious code into the exposed memory and use different techniques to get the system to run this code. None of the other attacks insert malicious code into memory.
You are tasked with improving the overall security for a database server. Which of the following is a preventative control that will assist with this goal? A. Disabling unnecessary services B. Identifying the initial baseline configuration C. Monitoring logs for trends D. Implementing a backup and restoration plan
A. Disabling unnecessary services is on of several steps you can take to harden a server. It is a preventative control because it helps prevent an incident.
The Retirement Castle uses groups for ease of administration and management. They recently hired Jasper as their new accountant. Jasper needs access to all the file and folders used by the Accounting department. Which of the following should the administrator do to give Jasper appropriate access? A. Create an account for Jasper and add the account to the Accounting group. B. Give Jasper the password for the Guest account. C. Create an account for Jasper and use rule-based access control for accounting. D. Create an account for Jasper and add the account to the Administrators group.
A. The administrator should create an account for Jasper and add it to the Accounting group. Because the organization uses groups, it makes sense that they have an Accounting group.
Lisa has created an application on her development computer. She wants to test it on a Linux-based computer she commonly uses for testing. However, she wants to ensure it is isolated when she tests it. Which of the following is the BEST solution to meet her needs? A. User chroot B. Sideload the application C. Use FDE D. Use chmod
A. The best answer of the available choices is to use the chroot command to isolate the application within a sandbox.
You are performing a risk assessment and you need to calculate the average expected loss of an incident. Which of the following value combinations would you MOST likely use? A. ALE and ARO B. ALE and SLE C. SLE and ARO D. ARO and ROI
A. The expected loss is the single loss expectancy (SLE) and you can calculate it with the annual loss expectancy (ALE) and annual rate of occurrence (ARO), as ALE / ARO. The SLE is what you are trying to determine, so you don't have that value.
You're asked to identify who is accessing a spreadsheet containing employee salary data. Detailed logging is configured correctly on this file. However, you are unable to identify a specific person who is accessing the file. Which of the following is the MOST likely reason? A. Shared accounts are not prohibited B. Guest accounts are disabled C. Permissions for the file were assigned to a group D. Account lockout has been enabled
A. The most likely reason of those given is that shared accounts are not prohibited, allowing multiple users to access the same file. For example, if the Guest account is enabled and used as a shared account by all users, the logs will indicate the Guest account accessed the file, but it won't identify specific individuals.
A recent antivirus scan on a server detected a Trojan. A technician removed the Trojan, but a security administrator expressed concern that unauthorized personnel might be able to access data on the server. The security administrator decided to check the server further. Of the following choices, what is the administrator MOST likely looking for on this server? A. Backdoor B. Logic bomb C. Rootkit D. Botnet
A. The security administrator is most likely looking for a backdoor because Trojans commonly create backdoors, and a backdoor allows unauthorized personnel to access data on the system.
When you log on to your online bank account, you are also able to access a partner's credit card site, check-ordering services, and a mortgage site without entering your credentials again. Which of the following does this describe? A. SSO B. Same sign-on C. SAML D. Kerberos
A. This is an example of single sign-on (SSO) capabilities because you can log on once and access all the resources without entering your credentials again.
B. Integrity provides assurances that data has not modified and integrity is commonly enforced with hashing.
Management has implemented a policy stating that messages sent between upper-level executives must arrive without any changes. The IT department is tasked with implementing technical controls to meet this need. Which security goal this policy address? A. Confidentiality B. Integrity C. Availability D. Authentication
Your local library is planning to purchase new computers that patrons can use for Internet research. Which of the following are the BEST choices to protect these computers? (Select TWO) A. Mantrap B. Anti-malware software C. Cable locks D. Disk encryption
B, C. Anti-malware software and cable locks are the best choices to protect these computers. Anti-malware software protects the system from viruses and other malware. The cable locks deter theft of the computers.
An attacker has launched several successful XSS attacks on a web application within your DMZ. Which of the following are the BEST choices to protect the web server and prevent this attack? (Select TWO) A. Dynamic code analysis B. Input validation C. Code obfuscation D. WAF E. Normalization
B, D. Input validation and a web application firewall (WAF) are the best choices of the available answers. Both provide protection against cross-site scripting (XSS) attacks. Input validation validates data before using it to help prevent XSS attacks. A WAF acts as an additional firewall that monitors, filters, and/or blocks HTTP traffic to a web server. None of the other answers will directly prevent XSS attacks.
Your organization recently purchased some laptops that include a TPM. Which of the following BEST identifies what the TPM provides? A. Detection of unauthorized data transfers B. A hardware root of trust C. Sandboxing D. An external security device used to store cryptographic
B. A Trusted Platform Module (TPM) includes an encryption key burned into the chip, and this key provides a hardware root of trust. Data loss prevention (DLP) systems detect unauthorized data transfers.
Users within an organization frequently access public web servers using HTTPS. Management wants to ensure that users can verify that certificates are valid even if the public CAs are temporarily unavailable. Which of the following should be implemented to meet this need? A. OCSP B. CRL C. Private CA D. CSR
B. A certificate revocation list (CRL) can meet this need because CRLS are cached. If the public Certificate Authority (CA) is not reachable due to any type of connection outage or CA outage, the cache CRL can be used as long as the cache time has not expired.
Security personnel confiscated a user's workstation after a security incident. Administrators removed the hard drive for forensic analysis, but left it unattended for several hours before capturing an image. Which of the following could prevent the company from taking the employee to court this incident? A. Witnesses were not identified B. A chain of custody was not maintained C. An order of volatility was not maintained D. A hard drive analysis was not complete
B. A chain of custody was not maintained because the hard drive was left unattended for several hours before capturing an image. Witnesses were not mentioned, but are not needed if the chain of custody was maintained.
An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack? A. Buffer overflow B. Zero-day attack C. Man-in-the-browser D. Session hijacking
B. A zero-day attack takes advantage of an undocumented exploit or an exploit that is unknown to the public.
You work as a help-desk professional in a large organization. You have begun to receive an extraordinary number of calls from employees related to malware. Using common incident response procedures, which of the following should be your FIRST response? A. Preparation B. Identification C. Eradication D. Recovery
B. At this stage, the first response is identification. The preparation phase is performed before an incident, and includes steps to prevent incidents. After identifying this as a valid incident (malware infection), the next steps are containment, eradication, recovery, and lessons lessons learned.
An organization wants to provide protection against malware attacks. Administrators have installed antivirus software on all computers. Additionally, they implemented a firewall and an IDS on the network. Which of the following BEST identifies this principle? A. Implicit deny B. Layered security C. Least privilege D. Flood guard
B. Layered security (or defense in depth) implements multiple controls to provide several layers of protection. In this case, the antivirus software provides one layer of protection while the firewall and the intrusion detection system (IDS) provide additional layers.
Lisa has been hired as a penetration tester by your organization to test the security of a web server. She wants to identify the operating system and get some information on services and applications used by the server. Which of the following tools will BEST meet this need? A. SIEM B. Netcat C. Tcpdump D. Gray box test
B. Netcat can easily be used for banner grabbing and banner grabbing will provide her information on the operating system and get some information on services and applications used by the server.
Marge, a security administrator, is tasked with ensuring that all devices have updated virus definition files before they can access network resources. Which of the following technologies would help her accomplish this goal? A. NIDS B. NAC C. DLP D. DMZ
B. Network access control (NAC) inspects clients for health, including having up-to-date virus definition files and can restrict network access to unhealthy clients to a remediation network.
After Marge turned on her computer, she saw a message indicating that unless she made a payment, her hard would be formatted. What does this indicate? A. Keylogger B. Ransomware C. Backdoor D. Trojan
B. Ransomware attempts to take control of user's system or data and then demands ransom to return control.
Your organization hosts an e-commerce business that has become quite successful recently. It includes a web farm and a database server within the DMZ. It management is concerned that there isn't enough staff working around the clock to protect these servers. Which of the following would provide the BEST automated protection for these servers? A. NIDS and HIDS B. NIPS and HIPS C. SIEM and NIPS D. SIEM and NIDS
B. The best automated solution of the available choices is a network-based intrusion protection system (NIPS) protecting the demilitarized zone (DMZ), and host-based intrusion detection systems (HIPS) on the database server and web servers. An intrusion detection system (IDS) detects intrusions and reports them, but it does not provide automated responses to protect the systems.
An outside security auditor recently completed an in-depth security audit on your network. One of the issues the reported was related to passwords. Specifically, he found the following passwords used on the network: Pa$$, 1@W2, and G7bT3. Which of the following should be changed to avoid the problem shown with these passwords? A. Password complexity B. Password length C. Password history D. Password reuse
B. The password policy should be changed to increase the minimum password length of passwords. These passwords are only four and five characters long, which is too short to provide adequate security.
Users in your organization have reported receiving a similar email from the same sender. The email included a link, but after recent training on emerging threats, all the users chose not to click the link. Security investigators determined the link was malicious and was designed to download ransomware. Which of the following BEST describes the email? A. Phishing B. Spear phishing C. Spam D. Vishing
B. This email is a form of spear phishing because it is targeting users in the same organization. While it is a form of phishing, spear phishing is a better answer because the email targeted users in the same organization.
A tech company recently discovered an attack on its organization, resulting in a significant data breach of customer data. After investigating the attack, they realized it was very sophisticated and likely originated from a foreign country. Which of the following identifies the MOST likely threat actor in this attack? A. Hacktivist B. APT C. Competitors D. Insiders
B. This was most likely an advance persistent threat (APT) because it was a sophisticated attack and originated from a foreign country.
Security analyst recently discovered that users in your organization are inadvertently installing malware on their systems after visiting the comptia.org web site. Users have a legitimate requirement to visit the comptia.org web site. Which of the following is the MOST likely explanation for this activity? A. Smurf B. Typo squatting C. Fuzzing D. Replay
B. Typo squatting (or URL hijacking) uses a similar domain name to redirect traffic. In this scenario, the last two letters in comptia are swapped in the malicious domain name, and that site is attempting to download malware onto the user systems.
An IT department recently had its hardware budget reduced, but the organization still expects them to maintain availability of services. Which of the following choices would BEST help them maintain availability with a reduced budget? A. Failover clusters B. Virtualization C. Bollards D. Hashing
B. Virtualization provides increased availability because it is much easier to rebuild a virtual server than a physical server a failure. Virtualization supports a reduced budget because virtual servers require less hardware, less space in a data center, less power, and less heating and air conditioning.
You suspect that traffic in your network is being rerouted to an unauthorized router within your network. Which of the following command-line tools would help you narrow down the problem? A. ping B. tracert C. ipconfig D. netstat
B. You can use tracert to track packet flow through a network and if an extra router has been added to your network, tracert will identify it.
You are reviewing security controls and their usefulness. You notice that account lockout policies are in place. Which of the following attacks will these policies thwart? (Select TWO) A. DNS poisoning B. Replay C. Brute force D. Buffer overflow E. Dictionary
C,E. Brute force and dictionary attacks attempt to guess passwords, but an account lockout control locks an account after the wrong password is guessed too many times. The attacks are not password attacks, so they aren't mitigated using account lockout controls.
Your organization wants to prevent employees from accessing file sharing web sites. Which of the following choices will meet this need? A. Content inspection B. Malware inspection C. URL filter D. Web application firewall
C. A URL filter blocks access to specific web sites based on their URLs. Proxy servers and unified threat management (UTM) devices include URL filters.
A network administrator needs to identify the type of traffic and packet flags used in traffic sent from a specific IP address. Which of the following is the BEST tool to meet this need? A. SIEM B. Netcat C. Protocol analyzer D. Vulnerability scan
C. A protocol analyzer (or sniffer) can capture traffic sent over a network and identify the type of traffic, the source of the traffic, and protocol flags used within individual packets.
Which of the following is the LOWEST cost solution for fault tolerance? A. Load balancing B. Round-robin scheduling C. RAID D. Warm site
C. A redundant array of inexpensive disks (RAID) subsystem is a relatively low-cost solution for fault tolerance for disks. RAID also increases data availability.
Lisa needs to identify if a risk exists within a web application and identify potential misconfigurations on the server. However, she should passively test the security controls. Which of the following is the BEST choice to meet her needs? A. Perform a penetration test B. Perform a port scan C. Perform a vulnerability scan D. Perform traffic analysis with a sniffer
C. A vulnerability scan identifies vulnerabilities that attackers can potentially exploit, and vulnerability scanners perform passive testing.
Your organization hosts several web servers in a web farm. They have recently been attacked, resulting in unacceptable downtime. Management wants to implement a solution that will provide protection for the web farm and include load balancing to improve the overall performance of the web farm. Which of the following will BEST meet this need? A. Stateless firewall B. Statefull firewall C. Web application firewall D. Host-based firewall
C. A web application firewall (WAF) is the best choice. You can place it in the demilitarized zone (DMZ) and the web farm servers in the internal network. In addition to protecting the web servers, the WAF also provides load balancing. None of the other solutions provides load balancing.
Management is concerned about malicious activity and wants to implement a security control that will detect unusual traffic on the network. Which of the following is the BEST choice to meet this goal? A. Network-based firewall B. Signature-based firewall C. Anomaly-based firewall D. Honeynet
C. An anomaly-based (also called heuristic-based or behavior-based) intrusion detection system (IDS) compares current activity with a previously created baseline to detect any anomalies or unusual traffic on a network.
Employees access a secure area by entering a cipher code, but this code does not identify individuals. After a recent security incident, management has decided to implement a key card system that will identify individuals who enter and exit this secure area. However, the installation might take six months or longer. Which of the following choices can the organization install immediately to identify individuals who enter or exit the secure area? A. Mantrap B. Access list C. CCTV D. Bollards
C. Closed-circuit television (CCTV) or a similar video surveillance system can monitor the entrance and record who enters and exists the area.
Management within your organization a use case to support confidentiality of PII stored in a database. Which of the following solutions will BEST meet this need? A. Hashing B. Digital signature C. Encryption D. Smart card
C. Encryption is the best choice to provide confidentiality of any type of information, including Personally Identifiable Information (PII) stored in a database.
Management wants to ensure that employees do not print any documents that include customer or employee PII. Which of the following solutions would meet this goal? A. HSM B. TPM C. VLAN D. DLP
D. A data loss prevention (DLP) solution can detect documents sent to a printer that contain Personally Identifiable Information (PII) and prevent them from printing.
Of the following choices, what can you use to divert malicious attacks on your network away from valuable data to worthless, fabricated data? A. IPS B. Proxy Server C. Web application firewall D. Honeypot
D. A honeypot can divert malicious attacks to a harmless area of your network, such as away from production servers holding valid data. An intrusion prevention system (IPS) can block attacks, but it doesn't divert them.
A security professional needs to identify a physical security control that will identify and authenticate individuals before allowing them to pass, and restrict passage to only a single person at a time. Which of the following should the professional recommend? A. Tailgating B. Smart cards C. Biometrics D. Mantrap
D. A mantrap controls access to a secure area and only allows a single person to pass at a time. The scenario describes the social engineering tactic of tailgating, not the control to prevent it.
You want to identify all the services running on a sever in your network. Which of the following tools is the BEST choice to meet this goal? A. Penetration test B. Protocol analyzer C. Sniffer D. Port scanner
D. A port scanner identifies open ports on a system and is commonly used to determine what services are running on the system.
You are tasked with configuring a switch so that it separates VoIP and data traffic. Which of the following provides the BEST solution? A. NAC B. DMZ C. SRTP D. VLAN
D. A virtual local area network (VLAN) provides for traffic and can be configured to separate Voice over IP (VoIP) traffic and data traffic.
Your organization frequently has guests visiting in various conference rooms, throughout the building. These guests needs access to the Internet via the wireless network, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. Which of the following would BEST meet this need? A. NAT B. DMZ C. VPN D. 802.1x
D. An 802.1x server provides port-based authentication and can authenticate clients. Clients that cannot authenticate (the guests in this scenario) can be redirected to the guest network, which grants them Internet access but not access to the internal network. None of the other solutions provides port security or adequate network separation.
Your organization is considering storage of sensitive data with a cloud provider. Your organization wants to ensure the data is encrypted while at rest and while in transit. Which type of interoperability agreement can your organization use to ensure the data is encrypted while in transit? A. SLA B. BPA C. MOU D. ISA
D. An interconnection security agreement (ISA) specifics technical and security requirements for secure connections and ensure data is encrypted while in transit. None of the other agreements address the connection.
An application requires users to log on with passwords. The application developers want to store the passwords in such a way that it will thwart rainbow table attacks. Which of the following is the BEST solution? A. SHA B. Blowfish C. ECC D. Bcrypt
D. Bcrypt is a key stretching technique designed to protect against brute force and rainbow table attacks and is the best choice of the given answers. Another alternative is Password Based Key Derivation Function 2 (PBKDF2). Both salt the password with additional bits.
Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. Which protocol is the BEST choice? A. TLS B. SMTP C. HTTP D. SSH
A. Transport Layer Security (TLS) is a good choice to create a secure connection between two systems over the Internet. Although the mail servers will likely exchange mail using Simple Mail Transfer Protocol (SMTP), SMTP by itself will not create a secure link.
You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you've verified the servers have these patches installed. Which of the following BEST describes this? A. False negative B. Misconfiguration on servers C. False positive D. Non-credentialed scan
C. In this scenario, the vulnerability scanner reported a false positive indicating that the servers had a vulnerability, but in reality the servers did not have the vulnerability.
Your organization has recently rented access to computing resources via a cloud. Administrators within your organization apply patches to the operating system. Which of the following choices BEST describes this cloud deployment model? A. Community B. Software as a Service C. Infrastructure as a Service D. Hybrid
C. Infrastructure as a Service (IaaS) is a cloud computing option where the vendor provides access to a computer, but customers must manage the system, including keeping it up but the scenario doesn't indicate the resources are shared.
An organization hosts several web servers in a web farm used for e-commerce. Due to recent attacks, management is concerned that attacks might try to redirect web site traffic, allowing the attackers to impersonate their e-commerce site. Which of the following methods will address this issue? A. Stapling B. Perfect forward secrecy C. Pinning D. Key stretching
C. Public key pinning provides clients with list of public key hashes that clients can use to detect web site impersonation attempts.
You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task? A. FTP B. SNMPv3 C. SFTP D. SRTP
C. Secure File Transfer Protocol (SFTP) is the best choice. File Transfer Protocol (FTP) is the best choice to send large files if they don't contain sensitive data. These files contain proprietary data so they should be encrypted and SFTP encrypts the files using Secure Shell (SSH).
Management at your organization is planning to hire a development firm to create a sophisticated web application. One of their primary goals is to ensure that personnel involved with the project frequently collaborate with each other throughout the project. Which of the following is an appropriate model for this project? A. Waterfall B. SDLC C. Agile D. Secure DevOps
C. The agile software development model is flexible, ensures that personnel interact with each other throughout a project, and is the best of the available choices.
Your organization includes a software development division within the IT department. One developer writes and maintains applications for the Sales and Marketing departments. A second developer writes and maintains applications for the Payroll department. Once a year, they have to switch roles for at least a month. What is the purpose of this practice? A. To enforce a separation of duties policy B. To enforce a mandatory vacation policy C. To enforce a job rotation policy D. To enforce an acceptable use policy
C. This practice enforces a job rotation policy where employees rotate into different jobs, and is designed to reduce potential incidents.
A security auditor discovered that several employees in the Accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to print and sign checks. Which security policy does this describe? A. Discretionary access control B. Rule-based access control C. Separation of duties D. Job rotation
C. This recommendation is enforcing a separation of duties principle, which prevents any single person from performing multiple job functions that might allow the person to commit fraud.
Interns from a local college frequently work at your company. Some interns work with the database developers, some interns work with the web application developers, and some interns work with both developers. Interns working with the database developers require specific privileges, and interns working with the web applications developers require different privileges. Which of the following is the simplest method to meet these requirements? A. Use generic accounts B. Create user-based privileges C. Use group-based privileges D. Grant the interns access to the Guest account
C. Using group-based privileges is the best choice to meet the needs of this scenario. For example, you can create a DB_Group and Web_Group, assign appropriate privileges to the groups, and add intern accounts to the groups based on their assignments.
You want to test new security controls before deploying them. Which of the following technologies provides the MOST flexibility to meet this goal? A. Baselines B. Hardening techniques C. Virtualization techniques D. Patch management programs
C. Virtualization provides a high degree of flexibility when testing security controls because testers can easily rebuild virtual systems or revert them using a snapshot.
Management asks you if you can modify the wireless network to prevent users from easily discovering it. Which of the following would you modify to meet this goal? A. CCMP B. WPA2 Enterprise C. SSID broadcast D. MAC address filter
C. You can disable service set identifier (SSID) broadcasting to prevent users from easily discovering the wireless networks. None of the other methods hide the network.
An organization's security requires employees to place all discarded paper documents in containers for temporary storage. These papers are later burned in an incinerator. Which of the following attacks are these actions MOST likely trying to prevent? A. Shoulder surfing B. Tailgating C. Vishing D. Dumpster diving
D. Dumpster diving is the practice of looking for documents in the trash dumpsters, but shredding or incinerating documents ensures dumpster drivers cannot retrieve any paper documents.
Your organization is preparing to deploy a web-based application, which will accept user input. Which of the following will BEST test the reliability of this application to maintain availability and data integrity? A. Model verification B. Input validation C. Error handling D. Dynamic analysis
D. Dynamic analysis techniques (such as fuzzing) can test the application's ability to maintain availability and data integrity for some scenarios. Fuzzing sends random data to an application to verify the random data doesn't crash the application or expose the system to a data breach.
Your organization is investigating possible methods of sharing encryption keys over a public network. Which of the following is the BEST choice? A. CRL B. PBKDF2 C.Hashing D. ECDHE
D. Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) allows entities to negotiate encryption keys securely over a public network and is the best choice of the available answers.
Your organization recently implemented two servers that act as failover devices for each other. Which security goal is your organization pursuing? A. Obfuscation B. Integrity C. Confidentiality D. Avaliablity
D. Failover devices increase availability. A failover cluster uses redundant servers to ensure a service will continue to operate even if one of the servers fails.
An application developer is working on the cryptographic elements of an application. She needs to implement an encryption algorithm that provides both confidentiality and data authenticity. Which of the following cipher modes supports these goals? A. CTM B. CBC C. ECB D. GCM
D. Galois/Counter Mode (GCM) combines the Counter (CTM) mode with hashing techniques to provide both confidentiality and data authenticity. None of the other modes listed to provide data authenticity.
A security technician runs an automated script every night designed to detect changes in files. Of the following choices, what are the MOST LIKELY protocols used in this script? A. PGP and SHA B. ECC and HMAC C. AES and Twofish D. SHA and HMAC
D. Hashing algorithms such as Secure Hash Algorithm (SHA) and Hash-based Message Authentication Code (HMAC) can detect changes in files (or verify the files have not lost integrity).
Which of the following cryptography concepts indicates that ciphertext is significantly different than plaintext after it has been encrypted? A. Diffusion B. Obfuscation C. Collision D. Confusion
D. In the context of encryption, confusion means that the ciphertext is significantly different than the plaintext. In cryptography, diffusion ensures that small changes in the plaintext result in large changes in the ciphertext.
You are helping your organization create a security policy for incident response. Which of the following choices is the BEST choice to include when an incident requires confiscation of a physical asset? A. Ensure hashes are taken first B. Ensure witnesses sign an AUP C. Maintain the order of volatility D. Keep a record of everyone who took possession of the physical asset
D. It's important to keep a chain of custody for any confiscated physical items and the chain of custody is a record of everyone who took possession of the asset after it was first confiscated.
Your network uses an authentication service based on the X.500 specification. When encrypted, it uses TLS. Which authentication service is your network using? A. SAML B. Diameter C. Kerberos D. LDAP
D. Lightweight Directory Access Protocol (LDAP) uses X.500-based phrases to identify components and Secure LDAP can be encrypted with Transport Layer Security (TLS).
Your company's web site experiences a large number of client requests during certain times of the year. Which of the following could your company add to ensure the web site's availability during these times? A. Fail-open cluster B. Certificates C. Web application firewall D. Load balancing
D. Load balancing shifts the load among multiple systems and can increase the site's availability, but there is no such thing as a fail-open cluster.
Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed, causing these generators to start at timed intervals. Further, they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future? A. Create an internal CA B. Implement WPA2 Enterprise C. Implement patch management process D. Configure the SCADA within a VLAN
D. The generators are likely controlled within a supervisory control and data acquisition (SCADA) system and isolating them within a virtual local area network (VLAN) will protect them from unauthorized access.
You are configuring a file server used to share files and folders among employees within your organization. However, employees should not be able to access all folders on this server. Which of the following choices is the BEST method to manage security for these folders? A. Assign permissions to each user as needed B. Wait for users to request permission and then assign the appropriate permissions C. Delegate authority to assign these permissions D. Use security groups with appropriate permissions
D. You can create security groups, place users into these groups, and grant access to the folders by assigning appropriate permissions to the security groups. For example, the security groups might be Sales, Marketing, and HR, and you place users into the appropriate group based on their job. This is an example of using group-based privileges.
An incident response team is following typical incident response procedures. Which of the following phases is the BEST choice for analyzing an incident with a goal of identifying steps to prevent a reoccurrence of the incident? A. Preparation B. Identification C. Eradication D. Lessons learned
D. You should analyze an incident during the lessons learned phase of incident response with goal of identifying steps to prevent reoccurrence. Preparation is a planning step done before an incident, with the goal of preventing incidents and identifying methods to respond to incidents.
