QD
A company is looking for an all-in-one solution to provide identification, authentication, authorization, and accounting services. Which of the following technologies should the company use? A. Diameter B. SAML C. Kerberos D. CHAP
A. Diameter
A cybersecurity analyst needs to implement secure authentication to third-party websites without users' passwords. Which of the following would be the BEST way to achieve this objective? A. OAuth B. SSO C. SAML D. PAP
A. OAuth
Which of the following impacts are associated with vulnerabilities in embedded systems? (Choose two.) A. Repeated exploitation due to unpatchable firmware B. Denial of service due to an integrated legacy operating system. C. Loss of inventory accountability due to device deployment D. Key reuse and collision issues due to decentralized management. E. Exhaustion of network resources resulting from poor NIC management.
A. Repeated exploitation due to unpatchable firmware D. Key reuse and collision issues due to decentralized management.
A security analyst is reviewing an assessment report that includes software versions, running services, supported encryption algorithms, and permission settings. Which of the following produced the report? A. Vulnerability scanner B. Protocol analyzer C. Network mapper D. Web inspector
A. Vulnerability scanner
A user is unable to obtain an IP address from the corporate DHCP server. Which of the following is MOST likely the cause? A. Default configuration B. Resource exhaustion C. Memory overflow D. Improper input handling
B. Resource exhaustion
In an effort to reduce data storage requirements, some company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems.Which of the following algorithms is BEST suited for this purpose? A. MD5 B. SHA C. RIPEMD D. AES
B. SHA
An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented? A. The vulnerability scan output B. The security logs C. The baseline report D. The correlation of events
B. The security logs
A security engineer must install the same x.509 certificate on three different servers. The client application that connects to the server performs a check to ensure the certificate matches the host name. Which of the following should the security engineer use? A. Wildcard certificate B. Extended validation certificate C. Certificate chaining D. Certificate utilizing the SAN file
D. Certificate utilizing the SAN file
A group of developers is collaborating to write software for a company. The developers need to work in subgroups and control who has access to their modules. Which of the following access control methods is considered user-centric? A. Time-based B. Mandatory C. Rule-based D. Discretionary
D. Discretionary
A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company's executives. Which of the following intelligence sources should the security analyst review? A. Vulnerability feeds B. Trusted automated exchange of indicator information C. Structured threat information expression D. Industry information-sharing and collaboration groups
D. Industry information-sharing and collaboration groups
Which of the following is a risk that is specifically associated with hosting applications in the public cloud? A. Unsecured root accounts B. Zero-day C. Shared tenancy D. Insider threat
D. Insider threat
An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year? A. ALE B. ARO C. RPO D. SLE
D. SLE
Which of the following can be used to control specific commands that can be executed on a network infrastructure device? A. LDAP B. Kerberos C. SAML D. TACACS+
D. TACACS+
In determining when it may be necessary to perform a credentialed scan against a system instead of a non-credentialed scan, which of the following requirements is MOST likely to influence this decision? A. The scanner must be able to enumerate the host OS of devices scanned. B. The scanner must be able to footprint the network. C. The scanner must be able to check for open ports with listening services. D. The scanner must be able to audit file system permissions
D. The scanner must be able to audit file system permissions
A security analyst is checking log files and finds the following entries:C:\.nc -vv192.168.118.13080192.168.118.130 : inverse host lookup failed: h_errno 11004 : NO_DATA (UNKNOWN) [192.168.118.130] 80 (http) openHEAD / HTTP/1.0HTTP/1.1 408 Request Time-outDate: Thu, 29 Nov 2017 07:15:37 GMTServer: Apache/2.2.14 (Ubuntu)Vary: Accept-EncodingConnection: closeContent-Type: text/html; charset=iso-8859-1sent 16, rcvd 189: NOTSOCK C:\>Which of the following is MOST likely happening? A. A hacker attempted to pivot using the web server interface. B. A potential hacker could be banner grabbing to determine what architecture is being used. C. The DNS is misconfigured for the server's IP address. D. A server is experiencing a DoS, and the request is timing out.
A. A hacker attempted to pivot using the web server interface.
A security administrator is reviewing the following firewall configuration after receiving reports that users are unable to connect to remote websites: 10 PERMIT FROM:ANY TO:ANY PORT:80 20 PERMIT FROM:ANY TO:ANY PORT:443 30 DENY FROM:ANY TO:ANY PORT:ANY Which of the following is the MOST secure solution the security administrator can implement to fix this issue? A. Add the following rule to the firewall: 5 PERMIT FROM:ANY TO:ANY PORT:53 B. Replace rule number 10 with the following rule: 10 PERMIT FROM:ANY TO:ANY PORT:22 C. Insert the following rule in the firewall: 25 PERMIT FROM:ANY TO:ANY PORTS:ANY D. Remove the following rule from the firewall: 30 DENY FROM:ANY TO:ANY PORT:ANY
A. Add the following rule to the firewall: 5 PERMIT FROM:ANY TO:ANY PORT:53
A technician needs to document which application versions are listening on open ports. Which of the following is MOST likely to return the information the technician needs? A. Banner grabbing B. Steganography tools C. Protocol analyzer Wireless scanner
A. Banner grabbing
During a routine vulnerability assessment, the following command was successful:echo "vrfy 'perl -e 'print "hi" x 500 ' ' " | nc www.company.com 25Which of the following vulnerabilities is being exploited? A. Buffer overflow directed at a specific host MTA B. SQL injection directed at a web server C. Cross-site scripting directed at www.company.com D. Race condition in a UNIX shell script
A. Buffer overflow directed at a specific host MTA
An administrator discovers the following log entry on a server:Nov 12 2013 00:23:45 httpd[2342]: GET/app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadowWhich of the following attacks is being attempted? A. Command injection B. Password attack C. Buffer overflow D. Cross-site scripting
A. Command injection
After running an online password cracking tool, an attacker recovers the following password: gh ;j SKSTOi;618& Based on the above information, which of the following technical controls have been implemented? (Choose two.) A. Complexity B. Encryption C. Hashing D. Length E. Salting F. Stretching
A. Complexity D. Length
A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern? A. Create different accounts for each region, each configured with push MFA notifications. B. Create one global administrator account and enforce Kerberos authentication. C. Create different accounts for each region, limit their logon times, and alert on risky logins. D. Create a guest account for each region, remember the last ten passwords, and block password reuse.
A. Create different accounts for each region, each configured with push MFA notifications.
Which of the following attacks can be mitigated by proper data retention policies? A. Dumpster diving B. Man-in-the-browser C. Spear phishing D. Watering hole
A. Dumpster diving
A company stores highly sensitive data files used by the accounting system on a server file share.The accounting system uses a service account named accounting-svc to access the file share.The data is protected will a full disk encryption, and the permissions are set as follows:File system permissions: Users = Read OnlyShare permission: accounting-svc = Read OnlyGiven the listed protections are in place and unchanged, to which of the following risks is the data still subject? A. Exploitation of local console access and removal of data B. Theft of physical hard drives and a breach of confidentiality C. Remote exfiltration of data using domain credentials D. Disclosure of sensitive data to third parties due to excessive share permissions
A. Exploitation of local console access and removal of data
An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection.Which of the following AES modes of operation would meet this integrity-only requirement? A. HMAC B. PCBC C. CBC D. GCM E. CFB
A. HMAC
1A network technician needs to monitor and view the websites that are visited by an employee. The employee is connected to a network switch. Which of the following would allow the technician to monitor the employee's web traffic? A. Implement promiscuous mode on the NIC of the employee's computer. B. Install and configured a transparent proxy server. C. Run a vulnerability scanner to capture DNS packets on the router. D. Configure a VPN to forward packets to the technician's computer.
A. Implement promiscuous mode on the NIC of the employee's computer.
An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server.Which of the following should a security analyst do FIRST? A. Make a copy of everything in memory on the workstation. B. Turn off the workstation. C. Consult information security policy. D. Run a virus scan
A. Make a copy of everything in memory on the workstation.
A systems administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees.Which of the following would provide strong security and backward compatibility when accessing the wireless network? A. Open wireless network and SSL VPN B. WPA using a preshared key C. WPA2 using a RADIUS back-end for 802.1x authentication D. WEP with a 40-bit key
A. Open wireless network and SSL VPN
Which of the following should a security analyst perform FIRST to determine the vulnerabilities of a legacy system? A. Passive scan B. Aggressive scan C. Credentialed scan D. Intrusive scan
A. Passive scan
A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated.Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network? A. Put the VoIP network into a different VLAN than the existing data network. B. Upgrade the edge switches from 10/100/1000 to improve network speed C. Physically separate the VoIP phones from the data network D. Implement flood guards on the data network
A. Put the VoIP network into a different VLAN than the existing data network.
An email systems administrator is configuring the mail server to prevent spear phishing attacks through email messages. Which of the following refers to what the administrator is doing? A. Risk avoidance B. Risk mitigation C. Risk transference D. Risk acceptance
A. Risk avoidance
A customer calls a technician and needs to remotely connect to a web server to change some code manually. The technician needs to configure the user's machine with protocols to connect to the Unix web server, which is behind a firewall. Which of the following protocols does the technician MOST likely need to configure? A. SSH B. SFTP C. HTTPS D. SNMP
A. SSH
A security analyst is doing a vulnerability assessment on a database server. A scanning tool returns the following information: Database: CustomerAccess1 Column: Password Data type: MD5 Hash Salted?: No There have been several security breaches on the web server that accesses this database. The security team is instructed to mitigate the impact of any possible breaches. The security team is also instructed to improve the security on this database by making it less vulnerable to offline attacks. Which of the following would BEST accomplish these goals? (Choose two.) A. Start using salts to generate MD5 password hashes B. Generate password hashes using SHA-256 C. Force users to change passwords the next time they log on D. Limit users to five attempted logons before they are locked out E. Require the web server to only use TLS 1.2 encryption
A. Start using salts to generate MD5 password hashes C. Force users to change passwords the next time they log on
A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks.Which of the following should the CSO conduct FIRST? A. Survey threat feeds from services inside the same industry. B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic C. Conduct an internal audit against industry best practices to perform a qualitative analysis. D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
A. Survey threat feeds from services inside the same industry.
A company that processes sensitive information has implemented a BYOD policy and an MDM solution to secure sensitive data that is processed by corporate and personally owned mobile devices. Which of the following should the company implement to prevent sensitive data from being stored on mobile devices? A. VDI B. Storage segmentation C. Containerization D. USB OTG E. Geo-fencing
A. VDI
A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective? A. A reverse proxy B. A decryption certificate C. A split-tunnel VPN D. Load-balanced servers
B. A decryption certificate
Which of the following is the BEST choice for a security control that represents a preventive and corrective logical control at the same time? A. Security awareness training B. Antivirus C. Firewalls D. Intrusion detection system
B. Antivirus
Joe, a user, has been trying to send Ann, a different user, an encrypted document via email. Ann has not received the attachment but is able to receive the header information.Which of the following is MOST likely preventing Ann from receiving the encrypted file? A. Unencrypted credentials B. Authentication issues C. Weak cipher suite D. Permission issues
B. Authentication issues
An auditor has identified an access control system that can incorrectly accept an access attempt from an unauthorized user. Which of the following authentication systems has the auditor reviewed? A. Password-based B. Biometric-based C. Location-based D. Certificate-based
B. Biometric-based
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Select TWO). A. VPN B. Drive encryption C. Network firewall D. File-level encryption E. USB blocker F. MFA
B. Drive encryption E. USB blocker
The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a conference. The CEO will be taking a laptop.Which of the following should the security administrator implement to ensure confidentiality of the data if the laptop were to be stolen or lost during the trip? A. Remote wipe B. Full device encryption C. BIOS password D. GPS tracking
B. Full device encryption
While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy.Which of the following tool or technology would work BEST for obtaining more information on this traffic? A. Firewall logs B. IDS logs C. Increased spam filtering D. Protocol analyzer
B. IDS logs
A wireless network has the following design requirements: Authentication must not be dependent on enterprise directory service It must allow background reconnection for mobile users It must not depend on user certificates Which of the following should be used in the design to meet the requirements? (Choose two.) A. PEAP B. PSK C. Open systems authentication D. EAP-TLS E. Captive portals
B. PSK E. Captive portals
A security manager is creating an account management policy for a global organization with sales personnel who must access corporate network resources while traveling all over the world.Which of the following practices is the security manager MOST likely to enforce with the policy? (Choose two.) A. Time-of-day restrictions B. Password complexity C. Location-based authentication D. Group-based access control E. Standard naming convention
B. Password complexity D. Group-based access control
An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network can be seen sending packets to the wrong gateway.Which of the following network devices is misconfigured and which of the following should be done to remediate the issue? A. Firewall; implement an ACL on the interface B. Router; place the correct subnet on the interface C. Switch; modify the access port to trunk port D. Proxy; add the correct transparent interface
B. Router; place the correct subnet on the interface
A security analyst is performing a manual audit of captured data from a packet analyzer. The analyst looks for Base64 encoded strings and applies the filter http.authbasic. Which of the following BEST describes what the analyst is looking for? A. Unauthorized software B. Unencrypted credentials C. SSL certificate issues D. Authentication tokens
B. Unencrypted credentials
A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results.Which of the following is the best method for collecting this information? A. Set up the scanning system's firewall to permit and log all outbound connections B. Use a protocol analyzer to log all pertinent network traffic C. Configure network flow data logging on all scanning system D. Enable debug level logging on the scanning system and all scanning tools used.
B. Use a protocol analyzer to log all pertinent network traffic
A company has two wireless networks utilizing captive portals. Some employees report getting a trust error in their browsers when connecting to one of the networks.Both captive portals are using the same server certificate for authentication, but the analyst notices the following differences between the two certificate details: Certificate 1 Certificate Path: Geotrust Global CA *company.com Certificate 2 Certificate Path: *company.com Which of the following would resolve the problem? A. Use a wildcard certificate. B. Use certificate chaining. C. Use a trust model. D. Use an extended validation certificate.
B. Use certificate chaining.
A company has noticed multiple instances of proprietary information on public websites. It has also observed an increase in the number of email messages sent to random employees containing malicious links and PDFs. Which of the following changes should the company make to reduce the risks associated with phishing attacks? (Choose two.) A. Install an additional firewall B. Implement a redundant email server C. Block access to personal email on corporate systems D. Update the X.509 certificates on the corporate email server E. Update corporate policy to prohibit access to social media websites F. Review access violation on the file server
C. Block access to personal email on corporate systems E. Update corporate policy to prohibit access to social media websites
The IT department is deploying new computers. To ease the transition, users will be allowed to access their old and new systems.The help desk is receiving reports that users are experiencing the following error when attempting to log in to their previous system:Logon Failure: Access Denied Which of the following can cause this issue? A. Permission issues B. Access violations C. Certificate issues D. Misconfigured devices
C. Certificate issues
A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent this issue from reoccurring? A. CASB B. SWG C. Containerization D. Automated failover
C. Containerization
Which of the following controls allows a security guard to perform a post-incident review? A. Detective B. Preventive C. Corrective D. Deterrent
C. Corrective
A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company's clients.Which of the following is being used? A. Gray box vulnerability testing B. Passive scan C. Credentialed scan D. Bypassing security controls
C. Credentialed scan
When a malicious user is able to retrieve sensitive information from RAM, the programmer has failed to implement: A. Session keys. B. Encryption of data at rest C. Encryption of data in use. D. Ephemeral keys.
C. Encryption of data in use.
A security administrator has written a script that will automatically upload binary and text-based configuration files onto a remote server using a scheduled task. The configuration files contain sensitive information.Which of the following should the administrator use? (Choose two.) A. TOPT B. SCP C. FTP over a non-standard pot D. SRTP E. Certificate-based authentication F. SNMPv3
C. FTP over a non-standard port E. Certificate-based authentication
Joe, a backup administrator, wants to implement a solution that will reduce the restoration time of physical servers. Which of the following is the BEST method for Joe to use? A. Differential B. Incremental C. Full D. Snapshots
C. Full
An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity.Which of the following actions will help detect attacker attempts to further alter log files? A. Enable verbose system logging B. Change the permissions on the user's home directory C. Implement remote syslog D. Set the bash_history log file to "read only"
C. Implement remote syslog
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine.Which of the following describes the type of attack the proxy has been legitimately programmed to perform? A. Transitive access B. Spoofing C. Man-in-the-middle D. Replay
C. Man-in-the-middle
Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain.Which of the following tools would aid her to decipher the network traffic? A. Vulnerability Scanner B. NMAP C. NETSTAT D. Packet Analyzer
C. NETSTAT
The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process? A. Updating the playbooks with better decision points B. Dividing the network into trusted and untrusted zones C. Providing additional end-user training on acceptable use D. Implementing manual quarantining of infected hosts
C. Providing additional end-user training on acceptable use
Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations? A. Least privilege B. Awareness training C. Separation of duties D. Mandatory vacation
C. Separation of duties
A recent internal audit is forcing a company to review each internal business unit's VMs because the cluster they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exists? A. Buffer overflow B. End-of-life systems C. System sprawl D. Weak configuration
C. System sprawl
A help desk technician is trying to determine the reason why several high-level officials' account passwords need to be reset shortly after implementing a self-service password reset process. Which of the following would BEST explain the issue? A. The system asked for publicly available information B. The self-service system was compromised C. The account passwords expired D. A spear phishing attack occurred
C. The account passwords expired
An attacker exploited a vulnerability on a mail server using the code below. An attacker exploited a vulnerability on a mail server using the code Which of the following BEST explains what the attacker is doing? A. The attacker is replacing a cookie. B. The attacker is stealing a document. C. The attacker is replacing a document. D. The attacker is deleting a cookie.
C. The attacker is replacing a document.
A number of employees report that parts of an ERP application are not working. The systems administrator reviews the following information from one of the employee workstations:Execute permission denied: financemodule.dllExecute permission denied: generalledger.dllWhich of the following should the administrator implement to BEST resolve this issue while minimizing risk and attack exposure? A. Update the application blacklist B. Verify the DLL's file integrity C. Whitelist the affected libraries D. Place the affected employees in the local administrator's group
C. Whitelist the affected libraries
A network administrator was provided the following output from a vulnerability scan: The network administrator has been instructed to prioritize remediation efforts based on overall risk to the enterprise. Which of the following plugin IDs should be remediated FIRST? A. 10 B. 11 C. 12 D. 13 E. 14
D. 13
An employee uses RDP to connect back to the office network.If RDP is misconfigured, which of the following security exposures would this lead to? A. A virus on the administrator's desktop would be able to sniff the administrator's username and password. B. Result in an attacker being able to phish the employee's username and password. C. A social engineering attack could occur, resulting in the employee's password being extracted. D. A man in the middle attack could occur, resulting the employee's username and password being captured.
D. A man in the middle attack could occur, resulting the employee's username and password being captured.
Which of the following types of attack is being used when an attacker responds by sending the MAC address of the attacking machine to resolve the MAC to IP address of a valid server? A. Session hijacking B. IP spoofing C. Evil twin D. ARP poisoning
D. ARP poisoning
The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.Which of the following equipment MUST be deployed to guard against unknown threats? A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates B. Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs C. Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs D. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed
D. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed
The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administer has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled.Which of the following would further obscure the presence of the wireless network? A. Upgrade the encryption to WPA or WPA2 B. Create a non-zero length SSID for the wireless router C. Reroute wireless users to a honeypot D. Disable responses to a broadcast probe request
D. Disable responses to a broadcast probe request
A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources.Which of the following is the immediate NEXT step the technician should take? A. Determine the source of the virus that has infected the workstation. B. Sanitize the workstation's internal drive. C. Reimage the workstation for normal operation. D. Disable the network connections on the workstation.
D. Disable the network connections on the workstation.
An organization has implemented a two-step verification process to protect user access to data that is stored in the cloud. Each employee now uses an email address or mobile number to receive a code to access the data. Which of the following authentication methods did the organization implement? A. Token key B. Static code C. Push notification D. HOTP
D. HOTP
A technician is configuring a load balancer for the application team to accelerate the network performance of their applications. The applications are hosted on multiple servers and must be redundant.Given this scenario, which of the following would be the BEST method of configuring the load balancer? A. Round-robin B. Weighted C. Least connection D. Locality-based
D. Locality-based
A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the following rules should the technician add to the firewall to allow this connectivity for the client workstations? (Select TWO). A. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 22 B. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 80 C. Permit 10.10.10.0/24192.168.1.15/24 -p udp --dport 21 D. Permit 10.10.10.0/24 0.0.0.0-p tcp --dport 443 E. Permit 10.10.10.0/24 192.168.1.15/24 -p tcp --dport 53 F. Permit 10.10.10.0/24 192.168.1.15/24 -p udp --dport 53
D. Permit 10.10.10.0/24 0.0.0.0-p tcp --dport 443 F. Permit 10.10.10.0/24 192.168.1.15/24 -p udp --dport 53
A systems administrator wants to generate a self-signed certificate for an internal website.Which of the following steps should the systems administrator complete prior to installing the certificate on the server? A. Provide the private key to a public CA. B. Provide the public key to the internal CA. C. Provide the public key to a public CA. D. Provide the private key to the internal CA. E. Provide the public/private key pair to the internal CA F. Provide the public/private key pair to a public CA.
D. Provide the private key to the internal CA.
A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure? A. L2TP with MAC filtering B. EAP-TTLS C. WPA2-CCMP with PSK D. RADIUS federation
D. RADIUS federation
A security analyst is investigating a potential breach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the business impact? A. Launch an investigation to identify the attacking host B. Initiate the incident response plan C. Review lessons learned captured in the process D. Remove malware and restore the system to normal operation
D. Remove malware and restore the system to normal operation
1. The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns? A. SSO would simplify username and password management, making it easier for hackers to guess accounts. B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords. C. SSO would reduce the password complexity for frontline staff. D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.
D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.
A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols.Which of the following summarizes the BEST response to the programmer's proposal? A. The newly developed protocol will only be as secure as the underlying cryptographic algorithms used. B. New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries. C. A programmer should have specialized training in protocol development before attempting to design a new encryption protocol. D. The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.
D. The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.
Which of the following is the purpose of an industry-standard framework? A. To promulgate compliance requirements for sales of common IT systems B. To provide legal relief to participating organizations in the event of a security breach C. To promulgate security settings on a vendor-by-vendor basis D. To provide guidance across common system implementations
D. To provide guidance across common system implementations
A security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan. The scan results illustrate that the disk space on several servers has reached capacity. The scan also indicates that incoming internet traffic to the servers has increased.Which of the following is the MOST likely cause of the decreased disk space? A. Misconfigured devices B. Logs and events anomalies C. Authentication issues D. Unauthorized software
D. Unauthorized software
A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which of the following is the FIRST step the forensic expert needs to take the chain of custody? A. Make a forensic copy B. Create a hash of the hard drive C. Recover the hard drive data D. Update the evidence log
D. Update the evidence log
A bank is experiencing a DoS attack against an application designed to handle 500 IP-based sessions. in addition, the perimeter router can only handle 1Gbps of traffic.Which of the following should be implemented to prevent a DoS attacks in the future? A. Deploy multiple web servers and implement a load balancer B. Increase the capacity of the perimeter router to 10 Gbps C. Install a firewall at the network to prevent all attacks D. Use redundancy across all network devices and services
D. Use redundancy across all network devices and services
When attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said that they are: A. escalating privilege B. becoming persistent C. fingerprinting D. pivoting
D. pivoting
A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system administrator has been given the following log files from the VPN, corporate firewall and workstation host. The system administrator has been given the following log files from the VPN, corporate firewall and workstation host. Which of the following is preventing the remote user from being able to access the workstation? A. Network latency is causing remote desktop service request to time out B. User1 has been locked out due to too many failed passwords C. Lack of network time synchronization is causing authentication mismatches D. The workstation has been compromised and is accessing known malware sites E. The workstation host firewall is not allowing remote desktop connections
E. The workstation host firewall is not allowing remote desktop connections
