CS 4073 - Final Exam
Lisa is implementing WPA Enterprise Mode for her company. What three pieces of information does she need? (4)
"RADIUS Server,
James loves the look of Windows XP and has refused to update his computer to the latest windows version. Windows has decided to stop supporting and implementing patches for Windows XP. What security vulnerability does this leave James susceptible to? Choose two. (5)
"lack of vendor support,
"Pascal manages permissions for a Linux-based system. A file owner has requested that the owner have read, write, and execute access, the group have read and execute access, and anyone else to have no access. Which of the following numbers would represent these desired permissions? (5)"
750
What are ways that IT can protect company cell phones? Select all that apply (5)
777
Which IEEE standards can be used for a frequency band of 2.4 GHz? Choose all that apply. (4)
802.11b, 802.11g, 802.11n
What security measure involves port-based authentication? (4)
802.1x
"Frank's restaurant allows customers to use his Wi-Fi. In order to access the internet, the guest must agree to terms and conditions set by Frank. This is an example of? (4)"
A captive portal
"The overall goal of ______ is to ensure that only authorized personnel can access data based on their permissions. Also, _____ has predetermined requirements to follow and uses MAC. (5)"
A trusted opearting system
"Management within your company wants to implement a method that will authorize employees based on several elements, including the employee s identity, location, time of day, and type of device used by the employee. Which of the following will meet this need?(5)"
Context-aware authentication
Tyson has an IDS to monitor his network and send alerts when suspicious events are detected on the network. Tyson's IDS uses a database of known vulnerabilities or known attack patterns to detect intrusions. What type of IDS does Tyson use? (4)
Definition-based detection
"Management within your company wants to restrict access to the Bizz app from mobile devices. If users are within the company s property, they should be granted access. If they are not within the company s property, their access should be blocked. Which of the following answers provides the BEST solution to meet this goal?(5)"
Geofencing
Hannah wants to add software to her server that provides protection to the individual host and can detect potential attacks and protect critical operating system files. What type of detection system should Hannah install? (4)
HIDS
Sophie has installed additional software on the computer systems for her company to provide protection to the individual host from potential attacks. This is an example of what type of IDS? (4)
HIDS
"Akhilesh would like to add a removable security device to his system to manage, generate and securely store cryptographic keys. What device would you recommend Akhilesh?"
HSM
"Mark is using an external device that can generate, store, and manage RSA keys used in asymmetric encryption. What kind of device is Mark using? (5)"
HSM
Your system creates a performance baseline under normal operating conditions. What type of detection are you using? (4)
Heuristic/behavioral-based
Your company wants to start using a VPN but would like to configure specifically what traffic is encrypted. Select the best option for what would they use. (4)
Split Tunnel
The IT administrator at your organization knows that one way to keep your Windows systems secure is to be sure all software is up to date. They want an easy way to be sure all the latest patches are deployed. What management tool are they likely to use? (5)
SCCM
Jim notices that a bunch of attacks coming into his network using encryption. What could Jim use to help investigate and possibly eliminate the attacks? (4)
SSL decryptor
All students at TU have an assigned email address that is tied to a Gmail account. Gmail can best be described as: (5)
SaaS
The Springfield Nuclear Power Plant has created an online application teaching nuclear physics. Only students and teachers in the Springfield Elementary school can access this application via the cloud. What type of cloud service model is this?(5)
SaaS
"Company A is looking to save money by going to the cloud. Because they don't know much about it, they want to start with cloud models that basically run themselves and don't need that much involvement from their side. Which two cloud models would best meet this requirement? (5)"
SaaS, PaaS
"A software vendor recently developed a patch for one of its applications. Before releasing the patch to customers, the vendor needs to test it in different environments. Which of the following solutions provides the BEST method to test the patch in different environments?(5)"
Sandbox
What is the method of using an isolated area on a system to do testing that would not affect anything outside of the area? (5)
Sandboxing.
"A new mobile device security policy has authorized the use of employee-owned devices, but mandates additional security controls to protect them if they are lost or stolen. Which of the following meets this goal?(5)"
Screen locks and device encryption
Which of the following is NOT an environment in the secure staging environment? (5)
application
"Jim wants to ensure that a particular program does NOT run on any OS images, what should he implement? (5)"
application blacklist
"Company B has been having issues with their employees sketchy software. In order to prevent any further instances, which would be the best solution for the company? (5)"
application whitelist
Network Access Control is used to ensure the overall health of a device connecting through a VPN. Which of the following methods is not used by the NAC when scanning devices? (4)
automatically install all necessary updates
You are preparing to deploy a heuristic-based detection system to monitor network activity. Which of the following would you create first?(4)
baseline
"Company A's network just went down. After looking into it, they realize it was because someone had changed something they weren't supposed to. This could have been prevented by applying which of the following methods? (5)"
change management
Which linux command (rarely ever useful) gives full permissions to all users? (5)
chmod 777
Stephanie discovers a rouge AP on her network. Which of the following is the best way to quickly stop the rouge AP? (4)
determine the physical location and unplug the Ethernet cord
"Instead of paying for Wi-Fi at the hotel he's staying at, Carlos has decided to just use the personal hotspot on his phone. However, he keeps getting disconnected. What is most likely happening? (4)"
disassociation attack
"Your wireless network name is myoffice. You disabled the SSID broadcast several days ago. Today, you notice that a wireless network named myoffice is available to wireless users. You verified that SSID broadcast is still disabled. Which of the following is the MOST likely reason for this behavior?(4)"
evil twin attack
Paul's app for his work only works when he is within a certain distance of his company. What is this an example of? (5)
geofencing
You want to implement the STRONGEST level of security on a wireless network. Which of the following supports this goal?(4)
implementing WPA2 with CCMP
"Network administrators have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of applications from the master image, you verify this application is very likely the problem. What allowed you to make this determination?(5)"
integrity measurements
"Lisa has been having issues with her computer disconnecting from the internet while she's working at her desk. After a short inventory of her office, she realizes what it is and has to move the microwave next to her desk. Why would she do that? (5)"
it was causing EMI
Carlos wants to be able to download all the apps that he wants on his iPhone and not be restricted by what's on the App Store. Which method should he use to bypass Apple's restrictions?
jailbreaking
"_______ is a methodology that proposes that systems should be deployed with the least amount of applications, services, and protocols. (5)"
least functionality
"Bob wants to deploy new systems and wants the same operating system throughout the company, what should he use to ensure this? (5)"
master image
You need to provide connectivity between two buildings without running any cables. You decide to use two 802.11ac APs to provide wireless connectivity between the buildings. Which of the following is the BEST choice to support this need?(4)
use directional antennas on both APs
"Your organization hosts a web site with a back-end database. The database stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?(5)"
whole disk encryption
(5)Security experts want to reduce risks associated with updating critical operating systems. Which of the following will BEST meet this goal?
Implement a change management policy.
Which of the following is a Windows permission but not a Linux permission?
Modify
Management within your organization wants to prevent users from copying documents to USB flash drives. Which of the following can be used to meet this goal?(5)
DLP
"Your company has run into an issue of malware being installed in several devices in different departments. After an investigation, you discover that several employees wanted to download music for their workday, and had downloaded Limewire. These machines were the ones infected. What will you be adding Limewire to in order to avoid this issue in the future? (5)"
Application blacklist
"As the friendly neighborhood systems admin for April Corp, I try to be friendly to everyone and answer help desk tickets in the order which I received them. Sal is unhappy that I took too long to respond to and fix his problem, therefore he walked over to my cubical and started yelling at me till my ears bled. In an attempt for non-confrontational revenge, I checked his pc logs to see which unauthorized but allowed application he ran daily for social indulgence, uninstalled it, and added it to _____________________ so that he could never install it again. (5)"
Application blacklist.
Your organization wants to ensure that employees do not install any unauthorized software on their computers. Which of the following is the BEST choice to prevent this?(5)
Application whitelisting
Company A wants its employees to have company-monitored phones. Which two deployment models would best meet this need? (5)
BYOD CYOD
"What is the name of the system that provides a computer with basic instructions on how to start, runs basic checks, and locates the operating system? (5)"
Basic Input/Output System (BIOS)
Your Fitbit keeps getting random messages throughout the day. After checking your phone you know its not coming from your device. What type of attack is this? (4)
Bluejacking
Which is not a characteristic of a mobile device as defined by NIST? (5)
Bluetooth
Mike Corporation provides its employees with mobile devices but allows them to use it as their own device. What deployment model does Mike Corporation use?
COPE
Which deployment model is used when employees are given corporate devices but are allowed to use them for personal use as well? (5)
COPE
Which is true of the COPE deployment method? Select all that apply. (5)
Devices owned by the company
Attackers recently attacked a web server hosted by your organization. Management has tasked administrators with configuring the servers following the principle of least functionality. Which of the following will meet this goal? (5)
Disabling unnecessary services
"Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following agents would the NAC MOST likely have?(4)"
Dissolvable
"What kind of interference comes from sources such as motors, power lines, and fluorescent lights? (5)"
EMI
"Because leadership is stupid, America and Russia are duking it out in WW3. One of the nuclear warheads Russia launched diverted off course and exploded miles in the air above Canada. None of the people were hurt however all their electronic equipment became damaged and no longer worked. What is this called? (5)"
Electromagnetic Pulse (EMP)
"Abby would like to use an AP that includes features such as routing components, NAT and DHCP. What kind of AP should Abby use? (4)"
Fat AP
Which type of cloud computing provides customers with access to hardware and is often referred to as a self-managed solution? (5)
IaaS
"John has decided to outsource all of his company's equipment requirements His service provider owns the equipment, houses the data in its data center and performs all the required hardware maintenance. What is this an example of? (5)"
Infrastructure as a service
"Wyatt forgot that his phone was in his pocket and jumped in a pool. When he took it into the Apple Store to get it replaced via his warranty, the genius informed him that because of the third party software that was installed on the device, his warranty was no longer valid. How was Wyatt able to download this software? (5)"
Jailbreaking
Which of the following is a core principle for a secure system design?
Least functionality
"Sally is a network administrator for a corporation. Many employees connect to the company private network remotely from their own devices using access to a VPN. Sally has been tasked with reducing the degree to which the system is vulnerable to malware attacks. In light of employees connecting from non-company owned devices, which of the following would be the best tool to use to reduce the overall risk of the corporate network? (4)"
NAC
Mastercard paypass or Visa Paywave allows users to pay for their services without swiping their cards. Which of the following best describes this technology?(5)
NFC
"You have taken pictures recently that you want to share with a friend. You open AirDrop to send them the files. Unbeknownst to you, a third party is eavesdropping and intercepting the data. What type of attack is this? (4)"
NFC Attack
An organization has a critical SCADA network it is using to manage a water treatment plant for a large city. Availability of this system is important. Which of the following security controls would be MOST relevant to protect this system?(5)
NIPS
"Of the following remote access authentication mechanisms, which should be used as a last resort due to its use of cleartext? (4)"
PAP
Joel would like to use a method to increase security during authentication on a IEEE 802.1x server but would like to add an extra level of protection for EAP. What method (preferred by Microsoft) would you recommend Joel? (4)
PEAP
Your corporation has many employees connecting to the network remotely. _____________ is installed on company-owned clients and used when that client attempts to log on. (4)
Permanent Agent
Amazon EC2 and Microsoft Azure are examples of which type of cloud deployment model? (5)
Public
"Andrew is an administrator at a large corporation with offices spread around the United States. Andrew manages remote access for his company's network. Employees frequently travel from city to city and often work in multiple offices during a given wee, each requiring access to a different VPN server. Each employee should be able to use the same set of credentials to log on, regardless of physical location, and if a user changes their password while connected to one VPN server, it should be updated for access on any of the other servers. Which of the following should Andrew use for VPN authentication on the company network? (4)"
RADIUS
You are tasked with configuring authentication services setting on computers in your network. You are entering shared secrets on different servers. Which of the following services are you MOST likely configuring? Select two.(4)
RADIUS, LDAP
"Managers within your organization want to implement a secure boot process for some key computers. During the boot process, each computer should send data to a remote system to check the computer s configuration. Which of the following will meet this goal?(5)"
Remote Attestation
"Which of the following is true of the Linux permission, read? (5)"
Represented by number 4
Jin's company just found an AP that was placed in their network without authorization. What is this called(4)
Rogue AP
"Company A has implement a VPN. However, they want to make sure only authorized users can access it. Which two authentication mechanisms provide the best assurance? (4)"
TACACS+, Diameter
Which of these Access Services provide a centralized method of authentication for multiple remote access servers? (4)
TACACS+.
"After I rooted my Nexus 15 android phone, I was no longer able to use it on our company network. Why is that? (5)"
The MDM blocked the rooted phone because it is a security risk.
"Lisa does not have access to the project.doc file, but she needs access to this file for her job. Homer is the system administrator and he has identified the following permissions for the file: rwx rw- --. What should Homer use to grant Lisa read access to the file?(5)"
The chmod command
What two goals does change management provide? (5)
To ensure changes to IT systmes do not result in unintended outages, to provide an accounting structure or method to document all changes
Which of the following choices provides full disk encryption and supports a secure boot process and remote attestation? (5)
Trusted Platform Module
What is the name of the hardware chip on the computers motherboard that stores cryptographic keys used for encryption? (5)
Trusted Platform Module (TPM)
Company A wants to minimize the quantity of unauthorized users on their wireless network. What would be the best option for them to implement? (4)
WPA2 enterprise Mode
A security administrator is testing the security of an AP. The AP is using WPA2. She ran an automated program for several hours and discovered the AP's passphrase. Which of the following methods was she MOST likely using?(4)
WPS attack
What are the four categories of cloud deployment models? (5)
public, private, community, hybrid
Company B wants to limit the number of wireless users connecting to certain AP. What could they do to best meet this need? (4)
reduce the AP's Power
What would a user employ if they wanted to do a secure boot but NOT use the TPM system? (5)
remote attestation
"Despite knowing the risks and vulnerabilities that it opens his phone up to, Dwight decides to modify his android to get full administrator access to his devices. What is this called? (5)"
rooting
"You recently released an application. However, you soon realize it has a vulnerability and quickly create a patch to fix it. However, before you release the patch, you want to test it out to make sure it works. Which of the following would be the best method to use? (5)"
sandbox
Bizzfad is planning to implement a CYOD deployment model. You re asked to provide input for the new policy. Which of the following concepts are appropriate for this policy?(5)
storage segmentation
"Carlos wants to access a NSFW site with his laptop, but the proxy server blocks his access. What is an option he might consider so that he can bypass it? (5)"
tethering
The wireless networks at TU have a single SSID with multiple AP's extending the range of the networks. What type of access points is TU using? (4)
thin AP.