Seucirty+ Practice Exam 5
What is a smurf attack?
A Smurf attack occurs when an attacker sends a ping to a subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing power. This image is a graphical depiction of this type of attack.
Of the following, which describes a zero-day vulnerability? A.A vulnerability that has been known to the vendor for zero days B.A vulnerability that has not yet been breached C.A vulnerability that can be quickly exploited D.A vulnerability that will give an attacker brief access
A. A vulnerability that has been known to the vendor for zero days Explanation A vulnerability that has been known for zero days is a classic example of a zero-day vulnerability.
Josh noticed that an attacker is trying to get network passwords by using a software that attempts a number of passwords from a list of common passwords. What type of attack is this called? A.Dictionary B.Rainbow table C.Brute force D.Session hijacking
A. Dictionary Explanation Dictionary attacks use a word list of common words and goes through all of them. Rainbow tables are precomputed hash tables, brute force tries everything possible, and session hijacking doesn't fit the scenario.
You're looking to begin accepting electronic orders from a vendor and you want to ensure that people who aren't authorized cannot send orders. Your manager wants a solution that allows the opportunity to provide nonrepudiation. Which of the following would meet the specified requirements? A.Digital signatures B.Hashes C.Steganopgrahy D.Perfect forward secreccy
A. Digital signatures Explanation Digital signatures would meet the specified requirements. These have a private key that the user/computer cannot deny. Hashing is one-way encryption, so it isn't appropriate, steganography can hide data in images/documents/videos/audio files, and perfect forward secrecy basically ensures that session keys are safe from abuse by attackers.
You've noticed someone has been rummaging through your company's trash bins for documents, diagrams, and other sensitive information that has been thrown out. What is this known as? A.Dumpster diving B.Trash diving C.Social engineering D.Trash engineering
A. Dumpster diving Explanation When someone is literally rummaging through the trash, that's considered dumpster diving. Trash diving and trash engineering are not industry-used terms and nothing in this scenario describes social engineering.
Josh works for a company that has branch offices that connect back to the main office via a VPN. Josh recently noticed the key used on the VPN has been compromised. What should be done to ensure it isn't compromised in the future? A.Enable perfect forward secrecy at the main office and branch office ends of the VPN B.Enable perfect forward secrecy at the main office end of the VPN C.Enable perfect forward secrecy the branch office end of the VPN D.Disable perfect forward secrecy at the main office and branch office ends of the VPN
A. Enable perfect forward secrecy at the main office branch office ends of the VPN Explanation PFS (perfect forward secrecy) on the VPN is a way to ensure the safety of session keys from threat actors. All other options are incorrect.
What type of attack uses a second WAP with the same SSID as a legitimate AP in an attempt to get user information via connecting to the hackers WAP? A.Evil twin B.IP spoofing C.Trojan horse D.MAC Spoofing
A. Evil twin Explanation Evil Twin typically refers to fake access points that appear to have legitimate SSIDs. All other options are incorrect.
Steven is a network administrator for an insurance company. His company employs quite a few traveling salespeople. Steven is concerned about confidential data on their laptops. Which method is the best way to address this? A.FDE B.TPM C.SDN D.DMZ
A. FDE Explanation FDE (full disk encryption) fully encrypts a hard drive and ensures data security on a computer system. This is the best way to address the confidential data on the salespeople's laptops. TPM or trusted platform modules, software-defined networking, and DMZs do not affect this issue or relate to this scenario.
Margo works for a medium-sized company and is responsible for its cyber security. The company has a large number of salespeople who are required to travel for work. The company has been using ABAC for access control and recent there have been a number of logins being rejected incorrectly. What might be causing this issue? A.Geographic locations B.Wrong password C.Remote access isnt allowed by ABAC D.Firewalls usually block ABAC
A. Geographic locations Explanation ABAC looks at attributes, which for this, would be geographic locations out of the provided list. Wrong passwords will prevent a login but they'll do that with any system, ABAC doesn't prevent remote access, and firewalls can be configured to block/allow any traffic you set up in the firewall itself.
Lance is the network administrator for a small college that has recently implemented a simple NIDS. However, the NIDS seems to catch only well-known attacks. What technology seems to be missing? A.Heuristic scanning B.Signature scanning C.Passive scanning D.Active scanning
A. Heurisitc scanning Explanation Heuristic scanning looks for anomalous behavior that may indicate an attack even if there's no signature for the attack itself. Signature scanning only detects known signatures, and passive/active scanning don't refer to NIDS.
Of the following examples, which is an example of a custodian security role? A.Human resources employee B.Sales executive C.CEO D.Database backup operator
A. Human resources employee Explanation A human resource employee would be an example of a security role. These individuals maintain access to data as well as integrity. All other options are incorrect.
You have been tasked with finding a standard for your company in order to implement consistent information security management systems. You're looking for a standard that is international. Which of the following is the best option? A.ISO 27002 B.ISO 27017 C.NIST 800-12 D.NIST 800-14
A. ISO 27002 Explanation ISO 27002 is the international standard used for maintaining security systems, so it would be the best option. ISO 27017 is specifically for cloud security. NIST 800-12 is a US standard as is NIST 800-14.
Derrick is implementing virtualized systems in his network. He's currently using a Type I hypervisor. What operating system should be on the machines in order for him to install the hypervisor? A.None B.Windows C.Any opertating system D.Windows or Linux
A. None Explanation The Type I hypervisor is what we typically call a "bare metal hypervisor" which installs directly onto the hardware itself and doesn't require a host operating system. All other options require a host operating system to be installed.
Jacob is in charge of network security for an e-commerce company. He wants to ensure that best practices are being used for the website that his company hosts. Which of the following is the best option to consider? A.OWASP B.NERC C.NIST D.ISA/IEC
A. OWASP Explanation The OWASP (Open web application security project) is the standard for web application security, so considering the scenario, this is the correct option. NERC (national American electric reliability corporation) works with electrical security, and NIST (national institute of standards) and ISA/IEC are standards for automation and control systems. None of the last three standards mentioned will apply for network security for a web company.
Which of the following types of attacks occurs when an attacker attempts to obtain personal or private information through domain spoofing or by poisoning a DNS server? A.Pharming B.Hoax C.Vishing D.Spamming E. Spear phishing
A. Pharming Explanation Pharming is the fraudulent practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one in order to obtain personal information such as user passwords, account numbers, and other confidential data.
During a penetration test, you were given a login name with minimal access and attempted to gain administrative access with this account. What is this called? A.Privilege escalation B.Session hijacking C.Root grabbing D.Climbing
A. Privilege escalation Explanation The correct term for trying to gain access to something above what your privileges are is called privilege escalation. Climbing or root grabbing aren't industry terms.
You've been tasked with identifying which risks to mitigate based on cost. What is this an example of? A.Quanatative risk assessment B.Qualatative risk assesment C.Business impact analysis D.Threat assessment
A. Quantitative risk assessment Explanation Quantitative risk assessment is a process of assigning numerical values, therefore, bringing cost into the picture. Qualitative risk assessments rank which risks pose the most danger, BIA evaluates the effect of a loss or accident, and Threat assessment determines/identifies potential impacts of threats.
Mark is working to set up remote access for the salespeople in his company. Which protocol is most suited for this? A.RADIUS B.Kerberos C.CHAP D.OpenID
A. RADIUS Explanation RADIUS is a remote network access protocol, whereas the other options cannot work solely to allow remote network access. Kerberos, CHAP, and OpenID can be used to authenticate, but none of the three can be used to remotely access a network.
Of the following, which best describes software that provides an attacker with remote access to a victim machine, but it's wrapped with a legitimate program in an attempt to trick the victim into installing the application? A.RAT B.Backdoor C.Trojan horse D.Macro virus
A. RAT Explanation The best choice is a remote access trojan (RAT). This is malware that gives the attacker remote access to the machine. While backdoors provide access, it's usually something put by programmers, not malware. RAT is a specific type of Trojan horse. Macro viruses are embedded into documents.
Matt just became the new security officer for a university. He's concerned that student workers who work late could try to log in with faculty credentials. Which of the following is the most beneficial for preventing these actions? A.Time of day restricitions B.Usage auditing C.password length D.Credential management
A. Time of day restrictions Explanation The time of day restrictions would be the most beneficial method for preventing these actions since with TOD restriction, you can set it so it's only usable when the person is on campus and cannot be used after hours, regardless of credentials being correct or not. Usage auditing will detect misuse, longer passwords will be a little more effective, and credential management doesn't even address the issue.
In your network, there are over 150 computers. You need to determine which ones are secure and which ones are not secure. Which of the following tools would best meet your needs for the assessment? A.Vulnerability scanner B.Protocol analyzer C.Port scanner D.Password cracker
A. Vulnerability scanner Explanation Vulnerability scanners document weaknesses in a system. Protocol analyzers can capture all network traffic, port scanners identify all open ports, and password crackers can be used to easily crack passwords that are especially legitimate words, etc.
Of the following, which would allow a user permission to install only certain programs on a company-owned mobile device? A.Whitelisting B.Blacklisting C.ACL D.HIDS
A. Whitelisting Explanation Lists of approved software are considered whitelists. If the software appears on the whitelist, it can be installed, however, software on a blacklist is not allowed. ACLs do not protect company-owned mobile devices nor do HIDS.
East Central uses its own internal certificate server for all internal encryption, however, their CA only publishes a CRL once a week. Does this pose a danger? If so, what danger does it pose? A.Yes, this means a revoked certificate can be used for up to seven days B.No, this is a standard for all certificate authorities C.Yes, this means it would be easy to fake a certificate D.No, since this is being used only internally
A. Yes this means a revoked certificate can be used for up to seven days. Explanation If a certificate is revoked, it can still be used until the new certificate revocation list is published. All other options are not described in the scenario given.
Peter is trying to block unauthorized access to desktop computers inside the company network. He's configured the OS to lock after 5 minutes of inactivity. What type of security control has been implemented? A.Preventative B.Corrective C.Deterrent D.Detective
A. preventative Explanation Preventative security controls have been implemented. These controls help stop an action from happening, which in this scenario is the unauthorized access. Corrective takes place after a breach, deterrent keeps things from happening, and detective is what happens after an employee has been dinged for wrongdoing.
Randi is concerned about unauthorized users connecting to company routers and she wants to prevent spoofing. What is the most essential antispoofing technique for routers? A.ACL B.Logon C.NIPS D.NIDS
A.ACL Explanation Access control lists is the main recommendation by Cisco in order to prevent spoofing on routers. ACLs limit access to the router itself. Logins are not practical because access may be needed if a user is not present to log in. NIPS/NIDS are great ideas but do not PREVENT spoofing.
Josh is designing a new network infrastructure that will allow unauthenticated users to connect from the Internet and access certain areas. The goal is to protect everything internal while still providing outside access. Josh decided to put the web server on a separate subnet that's open to public contact. What is this subnet called? A.Guest network B.DMZ C.Intranet D.VLAN
B. DMZ Explanation DMZs are the best option for where the web server should sit. A DMZ sits between the internal and external networks. Guest networks do not contain servers. Intranet is all internal, and VLANs are network segmentation resources.
Jason is worried about an email he received from a coworker. He's concerned about the validity of the email because the coworker denies sending it. How can he prove the origin of the email? A.Symmetric alogorithm B.Digital signature C.CRL D.Asymmetric algorithm
B. Digital signature Explanation Digital signatures are created by a user/computer via private key and are ONLY accessible on that computer. This contains nonrepudiation which is something that cannot be denied. Symmetric algorithms use the same key to encrypt/decrypt. A CRL is a list of revoked certificates, and Asymmetric algorithm uses public and private keys to encrypt/decrypt data.
You are a network security administrator for a bank and you have noticed that an attacker has exploited a flaw in OpenSSL and forced connections to move to a weak cipher which the attacker can breach. What type of attack is this? A.Disassociaition attack B.Downgrade attack C.Session hijack D.brute force
B. Downgrade attack Explanation This is a classic example of a downgrade attack. Disassociation doesn't fit this scenario, and session hijacking and brute force do not either.
As a security officer, you are concerned about data loss prevention (DLP). You have limited the use of USBs as well as all other portable media, you use an IDS to look for large volumes of outbound data, and a guard search all bags and people before they leave the building. What is a key step in the DLP that you have missed? A.Portable devices B.Email C.Bluetooth D.Optical media
B. Email Explanation Insiders can send out data as an email attachment. All other options are incorrect. Portable devices typically connect via USB, which, in this scenario is blocked. The Bluetooth range is only 10 meters (30 feet), and Optical media refers to a type of portable media (CDs, DVDs).
When using a NIDS or NIPS in your organization, what are your two biggest concerns? A.Cost and false positives B.False positives and false negatives C.Power consumption and cost D.Management interface and cost
B. False positives and false negatives Explanation The number of erroneous reports (false negatives/false positives) is the greatest concern because an ineffective system will give many additional reports. All other options are incorrect. Cost is an issue, as is management interface, but neither is as great of an issue as effectiveness
Cierra is the CISO for her company. She's working to mitigate the danger of computer viruses in her network. Which administrative control can be implemented to assist with this goal? A.Implement host-based antimalware B.Implement policies regarding email attachments and file downloads C.Implement network-based antimalware D.Block portable storage devices from being able to connect to the computers
B. Implement policies regarding email attachments and file downloads Explanation The first administrative control that should be implemented is policies regarding email attachments and file downloads. If you create policies regarding email attachments and downloading of files, then it will help in keeping the host-based malware, the network-based malware, and portable storage device risk at bay. It will not cure the issue and also won't guarantee nothing will be compromised, but it does help as a first resort.
Paula is responsible for setting up a kiosk computer that will stay in the lobby of her company. It should be accessible for visitors to locate employee offices, obtain the guest WiFi password, and collect general public information from the company. What is the most important thing to consider before configuring this system? A.Using a strong administrator password B.Limiting functionality to only whats needed C.Using a good antivirus protection D.Implementing a host-based firewall
B. Limiting functionality to only whats needed Explanation Kiosk computers often have one or two purposes, therefore, they should be limited to only what's needed. Oftentimes, Kiosks are in a public area and extra precaution should be used to make sure the system cannot be compromised. The best option would be to limit it to only what's needed. Antivirus, host-based firewalls, and strong administrator passwords are good, but the fundamental step is to only allow it to be used as what it's intended to be used for.
Which of the following best describes what mobile content management (MCM) on a mobile device is used for? A.Limiting how much content can be stored on a device B.Limiting the type of content that can be accessed on C.Disabling the wireless network on the mobile device D.Digital signing of the authorized content
B. Limiting the type of content that can be accessed on the device Explanation Mobile content management systems for mobile devices are focused on file storage and sharing capabilities. This is usually a middleware solution that is used as part of a DLP solution or one that is used to control what type of data end users may access on the device.
Which of the following is describing malware that will be executed and begin some malicious activity when a particular condition is met? A.Boot sector virus B.Logic bomb C.Buffer overflow D.Sparse infector virus
B. Logic bomb Explanation This scenario is the textbook example of a logic bomb
Of the following, which is the correct term that is used to describe a virus that can infect both the program files and the boot sectors? A.Polymorphic B.Multipartite C.Stealth D.Multiple encrypting
B. Multipartite Explanation Multipartite viruses combine infections with boot sector viruses. Polymorphic change and stealth use multiple techniques to make them harder to be detected, and multiple encrypting is not an industry term.
Of the listed principles, which could be found in a DRP? A.Single point of failure B.Prioritized list of critical systems C.Exposure factor D.Asset Value
B. Prioritized list of critical systems Explanation DRPs are disaster recovery policies and in them, you'll find a list of critical systems and their priority to justify the disaster recovery process. Exposure factor and asset value apply to risk assessments ,and SPF is not something you'd find in a DRP.
Which of the following types of firewalls will examine the context of each packet it encounters? A.Packet filtering firewall B.Stateful packet filtering firewall C.Application layer firewall D.Gateway firewall
B. Stateful packet filtering firewall Explanation Stateful inspection firewalls are firewalls that examine each packet for the context in them - this is the same as a stateful packet filtering firewall. Application layer firewalls examine just what's at the application level (content), gateway firewalls work at the gateway, and packet filtering firewalls examine the packets but not the context.
Josh is thinking of using voice recognition as part of his access control strategy. Choose one weakness with voice recognition. A.Peoples voices change B.System requires training C.high false negative rate D.High false positive rate
B. System requires training Explanation The main weakness with voice recognition is your systems will require training for the voice recognition. People's voices don't change that much and minor voice changes will not prevent access. The high false positive/negative rate doesn't really apply here as voice recognition doesn't have a higher false positive/negative rate than other biometric systems.
What is the purpose of screen locks on mobile devices? A.To encrypt the device B.To limit access to the device C.To load a specific users apps D.To connect to WiFI
B. To limit access to the device Explanation Screen locks are intended to lock the device to everyone minus the users who know the password to get past the screen lock. Device encryption encrypts data on the device, and mobile devices aren't designed to be used by multiple users. Screen locks have nothing to do with WiFi.
You're currently looking for a network authentication method that uses digital certificates and doesn't require users to remember passwords. Which method is the most beneficial? A.OAuth B.Tokens C.OpenID D.RBAC
B.Tokens Explanation The most beneficial method here would be Tokens. Tokens are physical devices used for authentication and can store digital certificates on them as well. OAuth is token-based but you still have to remember a password, OpenID is a third party, which also requires the user to still have a password, and RBAC are access control models.
Dion Training has recently opened an Internet café for students to use during their lunch break. Unfortunately, Dion Training doesn't have any wireless networks in their building, so they have placed three laptops in the Internet café. What protection should be installed to best prevent the laptops from being stolen? A.Proximity badge B.Safe C.Cable locks D.CCTV
C. Cable locks Explanation The best option is to use a cable lock for each laptop to ensure that they won't get stolen from the Internet café. CCTV is useful as a detective control and could be used to find out who stole the laptops after they were taken, but a cable lock is a preventative control that would stop the theft from occurring in the first place. Proximity badges are a poor choice because students would likely not have a proximity badge, and the Internet café is an area with open access for students and instructors. Similarly, a safe may be useful to lock up the laptops at night, but during the day, the laptops would need to be available at the Internet café so the cable locks are still a better choice.
Of the listed encryption algorithms, which one is the weakest? A.Blowfish B.AES C.DES D.SHA
C. DES Explanation The weakest is DES. It's a 56bit key. Blowfish 64-448 bits, AES is a new stronger encryption of 128/192/256bit encryption, and SHA is a hashing algorithm.
Ashley was asked to implement a secure protocol to use during file transfers that use digital certificates. What protocol would be the best option? A.FTP B.SFTP C.FTPS D.SCP
C. FTPS Explanation FTPS adds SSL/TLS to secure file transfers via FTP. FTP is not secure (unless something is added to secure it), SFTP is secure via SSH, and Secure Copy is secure with SSH added to it. The best option is FTPS.
Nicholas is looking for an authentication method that supports one-time passwords and works with the Initiative for Open Authentication. For this, the user will need unlimited time to use their password. Which of the following is the most beneficial? A.CHAP B.TOTP C.HOTP D.ABAC
C. HOTP Explanation The most beneficial authentication method that would be what Nicholas is wanting would be a HOTP (HMAC One-time password) which can be used once for OAuth. CHAP is not a one-time password, TOTP is a one-time password but has a certain time limit, and ABAC is access control.
An accounting employee changes roles with other accounting employees every few months. What is this called? A.Seperation of duties B.Mandatory vacation C.Job rotation D.Onboarding
C. Job rotation Explanation Job rotation is where an employee swaps positions every few months so people can learn different tasks. This helps with one individual not being the only one who can do everything. Separation of duties is where you wait on several individuals to be able to complete a task, mandatory vacation prevents fraud, and onboarding happens when new employees come into a facility.
Which of the following would not be able to detect a security breach or malicious action that was committed by an internal employee? A.Job rotation B.Separation of duties C.Nondisclosure agreements (signed by the employees) D.Mandatory vacations
C. Nondisclousre agreements (signed by the employees) Explanation Nondisclosure agreements do not minimize security breaches that are committed by internal employees. Even with an NDA in place, an employee can commit a security breach. Job rotation, separation of duties, and mandatory vacation policies can be used to help identify an internal employee who has committed a security breach since another employee will be performing their work role and may uncover the malicious actions.
Of the listed principles, which one is typically included in a BPA? A.Clear statements that detail customers and service provider's expectation B.An agreement that specific functions/services will be delivered at an agreed upon level of performance C.Profit sharing/losses and the addition/subtraction of a partner D.Security requirements associated with interconnecting IT systems
C. Profit sharing/losses and the addition/subtraction of a partner Explanation Profit sharing is typically included in a business partnership agreement because it is broken down and responsibilities are listed for each partner.
Trent noticed that a web application used by his company doesn't handle multithreading properly. This could allow an attacker to exploit this vulnerability and crash the server. What type of error was discovered? A.Buffer overflow B.Logic bomb C.Race conditions D.Improper error handling
C. Race conditions Explanation Race conditions is when multiple threads in an application are using the same variable. Buffer overflow is putting more data through a buffer than it can hold, logic bombs act when conditions are met, and improper error handling is inappropriate methods to handle errors inside the software.
Lonnie has been assigned the task of choosing a backup communication method for his company in the case of a disaster that disrupts normal communication. Which option provides the most reliability? A.Cellular B.WiFI C.SATCOM D.VoIP
C. SATCOM Explanation Satellite communication would be the most reliable option. These are good where most disasters disrupt communications, line-of-sight like SATCOM keeps the communication lines open and functional. Cellular isn't as resilient, Wi-Fi can and does fail often and VoIP will not function pending a disruption to the network.
Ron is analyzing what he thinks is a malware outbreak on his network. Several users have reported that their machines are behaving strangely. The behavior seems to be occurring sporadically and there is no pattern. What is most likely the cause of the issue? A.APT B.Boot sector virus .C.Sparse infector virus D.Keylogger
C. Sparse infector virus Explanation A sparse infector virus performs activity sporadically. APT isn't described here. A boot sector virus infects the hard drive, and a keylogger is a spyware program that records keystrokes.
Of the following, which is commonly used in a DDoS attack? A.Phishing B.Adware C.Botnet D.Trojan
C.Botnet Explanation Botnets are typically used to launch DDoS attacks. Phishing is an attempt to get information from a user. Adware has pop-ups, and Trojans attach malware to legitimate programs.
Alissa manages the network for her company, a health club chain. She's working to find a communication technology option that uses low power and can spend long periods in sleep modes. What technology would be the best fit? A.WiFi B.Cellular C.Bluetooth D.ANT
D. ANT Explanation ANT technology is a proprietary technology that works with low-power mode devices. WiFi uses power constantly, cellular consumes a lot of power, and Bluetooth is too short.
Liz is responsible for incident response at her company. One of her jobs is to attempt to attribute attacks to a specific type of attacker. Which of the following is not an attribute that would be considered in attributing the attack? A.Level of sophistication B.Resources/funding C.Intent/motivation D.Amount of data stolen
D. Amount of data stolen Explanation The amount of data stolen is the correct answer. It doesn't matter if it's a cybercriminal or a script kiddie as the amount of data stolen can be either. The other choices are all incorrect because they are attributes of an attack you evaluate to determine the most likely attacker.
What type of attack exists when an attacker tries to find an input value that will produce the same hash as a password? A. Rainbow table B. Brute force C.Session hijacking D.Collision attack
D. Collision attack Explanation A collision attack happens when two different inputs produce the same hash. Rainbow tables, brute force, and session hijacking do not fit this scenario.
John works on database server security for his company. He is concerned about preventing unauthorized access to the databases. Which of the following is the most appropriate for him to implement? A.ABAC B.TOTP C.HIDS D.DAMP
D. DAMP Explanation The most appropriate implementation tool would be the database activity monitoring prevention system since it is an active device and prevents unauthorized access. ABAC can assist, but it's not designed for databases. TOTP would mean the user would need a brand new password every time they access the database, which doesn't make much sense, and the HIDS doesn't prevent, it just records.
You have been presented with the task of implementing a solution that ensures data stored on a removable USB drive hasn't been tampered with or changed. Which should be implemented? A.key escrow B.File backup C.File encryption D.File hashing
D. File hashing Explanation The best option for implementation is file hashing. File hashing is one-way encryption and it ensures the integrity of the data. Key escrow is key storage, file backups allow the data to be safe should they become corrupted, and File encryption protects information from unauthorized users.
You have configured a nonproduction network to try to observe hacker techniques. This network is to be used as a target, so it can monitor network attacks. What type of network is this called? A.Active detection B.False subnet C.IDS D.Honeynet
D. Honeynet Explanation This network is called a honeypot. Honeypots exist to attract attackers/hackers by looking like security holes. Honeynets are networks of honeypots. Most of the time, these exist for observation to see what the hacker is actually trying to do. Active detection and false subnet are not industry terms, and IDS systems can be used to detect activity, but not specifically used as a target.
Kevin, the helpdesk manager, calls stating that there has been an increase in calls from users who are stating that their computers are infected with malware. Which of the following steps should be taken first? A.Containment B.Eradication C.Lessons learned D.Identification
D. Identifications Explanation The first step should be identification. Once you identify the malware and the systems it's on, then you can move on to the next steps in the recovery process. Containment minimizes more damage and more impact from happening, eradication is the cleaning and removing and restoration processes from the malware impact, and lessons learned is the documentation of the problem and how the fix was performed.
Frank is concerned about an attacker enumerating his entire network. What protocol could help mitigate this issue? A.HTTPS B.TLS C.IPSec D.LDAPS
D. LDAPS Explanation LDAPS mitigates the risk by securing the network directory. HTTPS secures web pages, TLS adds security if it's applied to a directory protocol, and VPNs would not solve this issue.
Which method below was used as a native default for older versions of Microsoft Windows? A.PAP B.CHAP C.OAuth D.NTLM
D. NTLM Explanation Legacy Windows versions used NT Lan Manager (NTLM), which soon became NTLM v2 and is now Kerberos. PAP is an old protocol that sent usernames/passwords in plain text, CHAP reauthenticates, and OAuth allows the users information to be used by third parties.
Marsha is supposed to be receiving a document from Laura and wants to be able to identify that the document came from her. What should Laura use to make a digital signature on the document? A.TKIP B.Intermediate CA C.Public key D.Private key
D. Private key Explanation Digital signatures use a user/computer's private key so this would be the ideal resource for a signature on the document. TKIP is a wrapper for WEP encryption, Intermedia CA works with the certificate authority, and public keys are available for anyone to use.
Which one uses two mathematically-related keys to secure the data during transmission? A.Twofish B.3DES C.RC4 D.RSA
D. RSA Explanation RSA, sometimes called public key cryptography, uses a public/private key to encrypt/decrypt data during transmissions. All other options are symmetric algorithms.
You are the security administrator for a large company where occasionally, a user needs to access certain resources that the user doesn't have permission to access. Which method would be the most beneficial? A.Mandatory Access control B.Discretionary access control C.Role-based access control D.Rule-based Access control
D. Rule-based Access control Explanation Rule-based access control would be the most beneficial in this situation because it's based on rules that give a user access to a certain specific resource. All other options give explicit access.
Of the following email security measures, which item would have the greatest impact on phishing emails? A.Email encryption B.Hardening the email server C.Digitally signing the email D.Spam filter
D. Spam filter Explanation Phishing emails typically go to many people and a good spam filter should block these types of emails, at least some of them. Although email encryption is a good idea, it doesn't stop phishing, and hardening servers have no impact on phishing emails. Emails with digital signatures is a good idea, but it also has very little impact on phishing emails.
Laura is responsible for security on the new e-commerce server. She would like to verify that online transactions are secure. What technology should she use? A.L2TP B.IPSec C.SSl D.TLS
D. TLS Explanation Transport Layer Security (TLS) is the best option as it encrypts and secures web traffic. L2TP and IPSec are both used with VPNs to add security to those, and SSL has been outdated for a while.
Scott manages WiFi security for his company. His main worry is that there are many other offices in the building that could easily attempt to breach their WiFi from one of these locations. Of the options below, which technique works best to address these concerns? A.Using thin WAP's B.Geofencing C.Securing the Admin screen D.WAP placement
D. WAP placement Explanation The placement of WAPs is critical to provide the best coverage for the entire company without adding much overlap and without providing much access outside of the company. When placing WAPs for optimal coverage, one needs to consider signal strength as well. Thin/Fat speaks of the functionality on the device itself, geofencing limits where devices can be used, and securing the admin screen should be done anyways, but it doesn't assist with the issue of nearby tenants using the WAP.
You work for Macy's. The web server certificate has been revoked and you have some customers receiving errors when they connect to the website. What is the corrective action you must take? A.Renew the certificate B.Create and use a self-signed certificate C.Request a certificate from the key escrow D.Generate a new key pair and a new certificate
D. generate a new key paid and a new certificate Explanation Revoked certificates are no longer valid and when this happens, a new key pair and certificate will need to be generated. The certificate cannot be renewed, self-signed certificates generate errors, and key escrow is just a key storage.
Lamar manages the account management for his company. He's worried about hacking tools that use rainbow tables. Which of the following is the most beneficial for mitigating this threat? A.Password complexity B.Password age C.Password expiration D.Password length
D. password length Explanation Rainbow tables are typically mitigated by longer passwords. Rainbow tables can easily crack passwords that are shorter than 14 characters. All other options are beneficial, but will not mitigate this threat.
