501 set A
Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE).
Proxies , Firewall , and URL filtering
A CRL is comprised of.
Public keys.
Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains? Server 1: 192.168.100.6 Server 2: 192.168.100.9 Server 3: 192.169.100.20
/29
Which of the following is true about asymmetric encryption?
A message encrypted with the public key can be decrypted with the private key.
A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used?
AES
Which of the following disaster recovery strategies has the highest cost and shortest recovery time?
Hot site
A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts?
Availability
Which of the following is best practice to put at the end of an ACL?
Implicit deny
Used in conjunction, which of the following are PII? (Select TWO).
Birthday and Full name
Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?
Blowfish
A malicious individual is attempting to write too much data to an application's memory. Which of the following describes this type of attack?
Buffer overflow
Emily, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?
Buffer overflow
While opening an email attachment, Peter, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?
Buffer overflow
When employees that use certificates leave the company they should be added to which of the following?
CRL
A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?
Change the encryption from TKIP-based to CCMP-based.
Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service?
Clustering
Digital certificates can be used to ensure which of the following? (Select TWO).
Confidentiality and Non-repudiation
An organization is required to log all user internet activity. Which of the following would accomplish this requirement?
Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server
A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack?
Configure flood guards on the switch
At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?
Configure port security
Which of the following would Peter, a security administrator, do to limit a wireless signal from penetrating the exterior walls?
Consider antenna placement
An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?
Continuous security monitoring processes
Establishing a method to erase or clear cluster tips is an example of securing which of the following?
Data at rest
It is MOST important to make sure that the firewall is configured to do which of the following?
Deny all traffic and only permit by exception
A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?
Digital signatures
After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data. Which of the following controls support this goal?
Encryption and stronger access control
An auditor's report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors' accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding?
Disable unnecessary contractor accounts and inform the auditor of the update
The use of social networking sites introduces the risk of
Disclosure of proprietary information
The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?
Discretionary access control
An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?
EAP-TLS
Which of the following types of cryptography should be used when minimal overhead is necessary for a mobile device?
Elliptical curve cryptography
Peter, the system administrator, has concerns regarding users losing their company-provided smartphones. Peter's focus is on equipment recovery. Which of the following BEST addresses his concerns?
Enable GPS tracking
Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).
Enable MAC filtering and Disable SSID broadcast
Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?
Encrypted TCP wrappers
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
Entrapment
A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this?
External vulnerability scan
Which of the following is MOST critical in protecting control systems that cannot be regularly patched?
Full disk encryption
Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?
HIPS
A new MPLS network link has been established between a company and its business partner.The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link?
IPSec VPN tunnels on top of the MPLS link.
A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?
IPv6
Peter, the systems administrator, is setting up a wireless network for his team's laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this
Implement MAC filtering on the access point.
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?
Implement an intrusion prevention system
A system administrator has concerns regarding their users accessing systems and secured areas using others' credentials. Which of the following can BEST address this concern?
Implement biometric readers on laptops and restricted areas.
Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing?
Implicit deny
Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data?
Information classification training
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?
Internal account audits
Which of the following would be a reason for developers to utilize an AES cipher in CCM mode (Counter with Chain Block Message Authentication Code)?
It allows a block cipher to function as a steam cipher
Peter, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).
Key escrow and Recovery agent
Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?
LDAP injection
A company is looking to improve its security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis?
Lack of antivirus software
The security manager must store a copy of a sensitive document and needs to verify at a later point that the document has not been altered. Which of the following will accomplish the security manager's objective?
MD5
Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described?
Mantrap
When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).
Methods and templates to respond to press requests, institutional and regulatory reporting requirements. and Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.
An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?
Mounting the drive in read-only mode
Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task?
NIPS
Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?
NoSQL databases are not vulnerable to SQL injection attacks.
The system administrator is reviewing the following logs from the company web server:12:34:56 GET /directory_listing.php?user=admin&pass=admin112:34:57 GET /directory_listing.php?user=admin&pass=admin212:34:58 GET /directory_listing.php?user=admin&pass=1admin12:34:59 GET /directory_listing.php?user=admin&pass=2adminWhich of the following is this an example of?
Online hybrid attack
Which of the following offers the LEAST secure encryption capabilities?
PAP
Which of the following network design elements allows for many internal devices to share one public IP address?
PAT
A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?
Patch management
One of the most consistently reported software security vulnerabilities that leads to major exploits is:
Poor input validation
A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?
Pop-up blocker
During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?
Port scanner
An organization has a need for a security control that identifies when an organizational system has been unplugged and a rouge system has been plugged in. The security control must also provide the ability to supply automated notifications. Which of the following would allow the organization to BEST meet this business requirement?
Port security
The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?
Preparation
Peter, the system administrator, has blocked users from accessing social media websites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?
Protection against malware introduced by banner ads
Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?
Protocol analyzer
Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?
RAID
Which of the following is a programming interface that allows a remote computer to run programs on a local machine?
RPC
A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?
Record time offset
A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique?
Rogue machine detection
The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?
Routine auditing
A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?
Rule based access control
A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO).
SSH and PGP/GPG
Emily, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Emily should immediately implement which of the following?
Security awareness training
Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future?
Security awareness training
On a train, an individual is watching a proprietary video on Peter's laptop without his knowledge. Which of the following does this describe?
Shoulder surfing
A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?
Single factor authentication
A company's business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?
Software as a Service
Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?
Subnetting
Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?
System hardening
Which of the following wireless security technologies continuously supplies new keys for WEP?
TKIP
Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?
Tailgating
To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?
Technical
Which of the following is a best practice when a mistake is made during a forensics examination?
The examiner should document the mistake and workaround the problem.
Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?
The intermediate CA certificates were not installed on the server.
A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server?
The new virtual server's MAC address was not added to the ACL on the switch
The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following?
Transport encryption
Which of the following is the MOST likely cause of users being unable to verify a single user's email signature and that user being unable to decrypt sent messages?
Unmatched key pairs
A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?
Virtualization
Which of the following is required to allow multiple servers to exist on one physical server?
Virtualization
A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?
Vulnerability scan
Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?
WEP
A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?
WPA cracking
The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented?
Warm site
After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window: "PERFORM PURCHASE " Which of the following has MOST likely occurred?
XSRF
A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident?
Zero-day
Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred?
Zero-day
Remote Procedure Call (RPC)
a programming interface that allows a remote computer to run programs on a local machine
EAP-TLS implementations requires
client-side X.509 certificates without giving the option to disable the requirement.
Which of the following ports is used to securely transfer files between remote UNIX systems?
port 22
A network administrator has recently updated their network devices to ensure redundancy is in place so that:
single points of failure are removed