CSA+ CH4 Security Architecture 2/2
Mike is analyzing network traffic using Wireshark and comes across the packet shown here. Which one of the following phrases best describes the purpose of this packet? Window shows Wi-Fi where table shows columns for number, time, source, destination, protocol, length, and section for Internet protocol version 4, user datagram protocol, et cetera. Requesting name resolution Responding to a name resolution request Requesting mail server access Responding to a mail server access request
A This packet uses the DNS protocol, as shown in the protocol column of the packet. This indicates that it is part of a name resolution request. The payload of the packet shows a query but not a response, so this packet is a request for name resolution.
Wanda's organization uses the Acunetix tool for software testing. Which one of the following issues is Acunetix most likely to detect? Cross-site scripting Lexical scoping errors Buffer overflows Insecure data storage
A. Acunetix is a web application vulnerability scanner. Of the flaws listed, only cross-site scripting is a web application vulnerability that the scanner would likely detect.
In a federated identity management system, what entity is responsible for creating an authentication token? Identity provider Service provider Federation coordinator Endpoint device
A. After a user authenticates to an identity provider, the identity provider creates a security token and provides it to the end user, who may then use it to authenticate to a service provider.
Maggie is reviewing the ssl_request_log file on a web server operated by her company and sees the messages shown here: Image shows programming codes which read 54.201.189.233 TLSv1.2, 157.55.39.18, et cetera. Based upon Maggie's review of the logs, which one of the following statements is correct? The server allows encrypted connections. The server does not allow unencrypted connections. The server does not allow access by web crawlers. The server contains network access restrictions.
A. All of the connections recorded in these log entries make use of TLS-encrypted connections. This does not, however, allow Maggie to reach the conclusion that the server prohibits unencrypted connections because Maggie is reviewing the ssl_requests_log file, which would not contain information about unencrypted connections. The server does appear to allow web crawlers, as shortly after the system from 157.55.39.18 requests the robots.txt file, another system from the same subnet requests the front page of the site. There is not enough information in this log file to draw conclusions about network access restrictions.
Cody recently detected unusual activity on a set of servers running in his organization's data center. He discovered that these servers were running at close to 100% capacity for extended periods of time. After performing a historical analysis, he determined that this was unusual, as the servers rarely reached full utilization during the previous year. He then reviewed the processes on those servers and found that they were running cryptocurrency mining software. Which one of the following sources of information would be most useful to Cody as he seeks to determine the identity of the individual responsible for the installation of this software? Server logs Netflow records Kerberos logs IPS logs
A. All of these information sources may provide clues to the identity of the individual who installed the software. However, the server logs are likely to contain records of software installation and associate them with a user ID. This is the source that is most likely able to provide the most direct answer to Cody's question in the shortest possible time period.
Alice and Bob are both employees at the same company. They currently participate in an asymmetric cryptosystem and would like to use that system to communicate with each other securely. When Bob receives the message, what key can he use to verify the digital signature? Alice's public key Alice's private key Bob's public key Bob's private key
A. Anyone who receives a digitally signed message may verify the digital signature by decrypting it with the signer's public key.
Maddox ran a traceroute command to determine the network path between his system and the Amazon.com web server. He received the partial results shown here: Image shows traceroute to d3ag4hukkh62yn.cloudfront.net with programming codes which reads 1 192.168.1.1, 8 52.95.62.111, et cetera. How can Maddox interpret the asterisk results that appear beginning with line 11 of the traceroute results? They are normal results of performing a traceroute. The network is down. Someone is intercepting his network traffic. The web server is down.
A. Asterisks appear in traceroute results when the remote intermediate system does not respond to the traceroute requests. This is common in traceroute results, and Maddox should not read any significance into it.
Thomas found himself in the middle of a dispute between two different units in his business that are arguing over whether one unit may analyze data collected by the other. What type of policy would most likely contain guidance on this issue? Data ownership policy Data classification policy Data retention policy Account management policy
A. Data ownership policies clearly state the ownership of information created or used by the organization. Data classification policies describe the classification structure used by the organization and the process used to properly assign classifications to data. Data retention policies outline what information the organization will maintain and the length of time different categories of information will be retained prior to destruction. Account management policies describe the account life cycle from provisioning through active use and decommissioning.
Which one of the following technologies is not typically used to implement network segmentation? Host firewall Network firewall VLAN tagging Routers and switches
A. Host firewalls operate at the individual system level and, therefore, cannot be used to implement network segmentation. Routers and switches may be used for this purpose by either physically separating networks or implementing VLAN tagging. Network firewalls may also be used to segment networks into different zones.
Randy's organization recently adopted a new testing methodology that they find is very compatible with their agile approach to software development. In this model, one developer writes code, while a second developer reviews their code as they write it. What approach are they using? Pair programming Over-the-shoulder review Pass-around code reviews Tool-assisted reviews
A. Pair programming is an agile software development technique that places two developers at one workstation. One developer writes code, while the other developer reviews their code as they write it. Over-the-shoulder code review also relies on a pair of developers but rather than requiring constant interaction and hand-offs, over-the-shoulder requires the developer who wrote the code to explain the code to the other developer. Pass-around code review, sometimes known as email pass-around code review, is a form of manual peer review done by sending completed code to reviewers who check the code for issues. Tool-assisted code reviews rely on formal or informal software-based tools to conduct code reviews.
Which one of the following is not an example of a physical security control? Network firewall Door lock Fire suppression system Biometric door controller
A. Physical security controls are those controls that impact the physical world. Door locks, biometric door controllers, and fire suppression systems all meet this criteria. Network firewalls prevent network-based attacks and are an example of a logical/technical control.
Haley is planning to deploy a security update to an application provided by a third-party vendor. She installed the patch in a test environment and would like to determine whether applying the patch creates other issues. What type of test can Haley run to best determine the impact of the change? Regression testing User acceptance testing Stress testing Vulnerability scanning
A. Regression testing focuses on evaluating whether a change made to an environment introduces other unintended consequences. Therefore, it would be the best way for Haley to evaluate the overall impact of applying the security patch to the application.
What type of malicious software might an attacker use in an attempt to maintain access to a system while hiding his or her presence on the system? Rootkit Worm Trojan horse Virus
A. Rootkits combine multiple malicious software tools to provide continued access to a system while hiding their own existence. Fighting rootkits requires a full suite of system security practices, ranging from proper patching and layered security design to antimalware techniques such as whitelisting, heuristic detection, and malicious software detection tools.
Jacob would like to standardize logging across his organization, which consists of a mixture of Windows and Linux systems as well as Cisco network devices. Which logging approach would work best for Jacob? Syslog Event Viewer SCCM Prime
A. Syslog provides a standardized logging facility that works across a wide variety of operating systems and devices. Event Viewer and SCCM are Microsoft-specific technologies, while Prime is a Cisco-specific technology.
Veronica was recently hired to develop a vulnerability management program for her organization. The organization currently does not have any tools for vulnerability scanning, and Veronica would like to build out the initial toolset. Veronica would like to supplement her network vulnerability scanner with a solution that can specifically identify flaws in Windows servers. Which tool would best meet her needs? MBSA Acunetix Nexpose Nikto
A. The Microsoft Baseline Security Analyzer (MBSA) is a Microsoft-provided tool used specifically to scan the security settings on Windows devices.
Which one of the following tools is the most widely used implementation of Transport Layer Security in use today? OpenSSL SecureSSL SecureTLS OpenTLS
A. The OpenSSL tool, despite its name, provides both SSL and TLS implementations. It is the most widely used implementation of both SSL and TLS in use today. OpenTLS, SecureSSL, and SecureTLS are nonexistent tools.
Maddox ran a traceroute command to determine the network path between his system and the Amazon.com web server. He received the partial results shown here: Image shows traceroute to d3ag4hukkh62yn.cloudfront.net with programming codes which reads 1 192.168.1.1, 8 52.95.62.111, et cetera. What is the IP address of Maddox's default gateway? 192.168.1.1 10.179.1.1 172.30.35.33 10.179.160.1
A. The address of the default gateway on Maddox's system will appear as the first hop in the traceroute results. In this case, it is 192.168.1.1.
In the ITIL service life cycle shown here, what core activity is represented by the X? Diagram shows circle with markings for X in outer circle and ITIL in center of the circle. Continual service improvement Service design Service operation Service transition
A. The continual service improvement (CSI) activity in ITIL is designed to increase the quality and effectiveness of IT services. It is the umbrella activity that surrounds all other ITIL activities.
Ty is troubleshooting a security issue with a website maintained by his organization. Users are seeing the error message shown here. What can Ty do to remediate this issue? Window shows tabs for general and details, and sections for issued to, issued by (organization (O)), period of validity (begins on, expires on), and fingerprints. Use a different CA Renew the certificate Upgrade the cipher strength Patch the operating system
A. The error indicates that the certificate authority that signed the certificate is not trusted. This is often the result when an organization self-signs a digital certificate. Ty can resolve this error by purchasing a certificate from a trusted third-party CA.
Terrence remotely connected to a Linux system and is attempting to determine the active network connections on that system. What command can he use to most easily discover this information? ifconfig tcpdump iptables ipconfig
A. The ifconfig command displays information about network interfaces on a Linux system. The ipconfig command displays similar information on Windows systems. tcpdump is a packet capture tool and iptables is a Linux firewall.
Max is the security administrator for an organization that implements a remote-access VPN. The VPN depends upon RADIUS authentication, and Max would like to assess the security of that service. Which of the following is the strongest cryptographic hash function supported by RADIUS? MD5 SHA-1 SHA-512 HMAC
A. Unfortunately, the RADIUS protocol supports only the weak MD5 hash function. This is one of the major criticisms of RADIUS.
Rose is considering deploying the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to secure systems in her organization. She would specifically like to use the tool to prevent buffer overflow attacks that rely upon knowledge of specific memory locations used by applications. Which EMET feature would best meet Rose's needs? DLP ASLR EMEA DEP
B. Address space layout randomization (ASLR) rearranges memory locations in a randomized fashion to prevent attacks that rely upon knowledge of specific memory location use. Data execution prevention (DEP) prevents the execution of malware loaded into the data space of memory. DLP and EMEA are not EMET features.
The Open Web Application Security Project (OWASP) maintains an application called Orizon. This application reviews Java classes and identifies potential security flaws. What type of tool is Orizon? Fuzzer Static code analyzer Web application assessor Fault injector
B. As stated in the question, Orizon performs a review of Java classes, indicating that it is performing a source code review. Techniques that perform source code review are grouped into the category of static code analyzers. The other testing techniques listed in this question are all examples of dynamic code analysis, where the testing application actually executes the code.
Jane is working in a PCI DSS-compliant environment and is attempting to secure a legacy payment application. The application does not allow for passwords longer than six characters, in violation of PCI DSS. Which one of the following would be a reasonable compensating control in this scenario? Lock users out after six incorrect login attempts. Limit logins to the physical console. Require multifactor authentication. Require the use of both alphabetic and numeric characters in passwords.
B. Compensating controls must be above and beyond other requirements. Jane is already required to lock users out after six incorrect login attempts, deploy multifactor authentication, and require the use of alphanumeric passwords by other provisions of PCI DSS. Limiting logins to the local console would restrict network access to the system and seems to be a reasonable compensating control.
Maureen is designing an authentication system upgrade for her organization. The organization currently uses only password-based authentication and has been suffering a series of phishing attacks. Maureen is tasked with upgrading the company's technology to better protect against this threat. Maureen would like to add technology that makes risk-based decisions about authentication complexity, requiring multifactor authentication in cases where the user's login seems unusual. What technology is Maureen seeking to add? Multifactor authentication Context-based authentication Dual authentication Biometric authentication
B. Context-based authentication allows authentication decisions to be made based on information about the user, the system the user is connecting from, or other information that is relevant to the system or organization performing the authentication. Maureen already added multifactor authentication to the network. Dual authentication is used to implement the dual control concept, which is not a stated objective here. There is no indication that Maureen intends to implement biometric authentication.
Miguel works for a company that has a network security standard requiring the collection and storage of NetFlow logs from all data center networks. Miguel is working to commission a new data center network but, because of technical constraints, will be unable to collect NetFlow logs for the first six months of operation. Which one of the following data sources is best suited to serve as a compensating control for the lack of NetFlow information? Router logs Firewall logs Switch logs IPS logs
B. Firewall logs typically contain similar information to that contained in NetFlow records. However, the firewall does not always have the same access to network traffic as the switches and routers that generate NetFlow information. While not a complete substitute, firewall logs do offer a good compensating control for the lack of NetFlow records. Routers and switches do not typically record traffic records in their standard logs. This is the function of NetFlow, which is unavailable on this network. Intrusion prevention systems (IPS) do not record routine traffic information.
Val receives reports that users cannot access the CompTIA website from her network. She runs the ping command against the site and sees the results shown here. What conclusion can Val reach? Image shows programming codes which read 64 bytes from 198.134.5.6: icmp_seq equals 0 ttl equals 50 time equals 17.161 ms, 64 bytes from 198.134.5.6: icmp_seq equals 1 ttl equals 50 time equals 17.550 ms, et cetera. The network is working properly, but the website is down. The network path between her system and the website is functioning properly. There is excessive network latency that may be causing the issue. There is excessive packet loss that may be causing the issue.
B. From this information, the only valid conclusion that Val can reach is that there is a properly functioning network path between her system and the remote web server. She can't draw any conclusions about the functioning of the web server from this information. The latency is around 17 milliseconds, which is not excessive, and the ping results do not show any packet loss.
Gina's organization recently retired their last site-to-site VPN connection because of lack of use. Gina consulted the policy repository and found that there is a standards document describing the requirements for site-to-site VPNs. How should Gina address this standard? Leave it in place in case the organization decides to implement a site-to-site VPN in the future. Retire the standard and archive it. Update the standard with a note that there are no current deployments. Place the standard on an annual review cycle.
B. If the standard is not being used, Gina should retire it so that it is not cluttering the policy repository and running the risk of becoming outdated. By archiving the standard, she can revisit it if needed in the future without investing the work of updating or reviewing the standard in the meantime.
During the design of an identity and access management authorization scheme, Katie took steps to ensure that members of the security team who can approve database access requests do not have access to the database themselves. What security principle is Katie most directly enforcing? Least privilege Separation of duties Dual control Security through obscurity
B. It is sometimes difficult to distinguish between cases of least privilege, separation of duties, and dual control. Least privilege means that an employee should only have the access rights necessary to perform their job. While this may be true in this scenario, you do not have enough information to make that determination because you do not know whether access to the database would help the security team perform their duties. Separation of duties occurs when the same employee does not have permission to perform two different actions that, when combined, could undermine security. That is the case here because a team member who had the ability to both approve access and access the database may be able to grant themselves access to the database. Dual control occurs when two employees must jointly authorize the same action. Security through obscurity occurs when the security of a control depends upon the secrecy of its mechanism.
Patrick is reviewing the contents of a compromised server and determines that an intruder installed a tool called John the Ripper. What is the purpose of this tool? Stealing copyrighted media content Cracking passwords Monitoring network traffic Launching DDoS attacks
B. John the Ripper is a password cracking tool used to retrieve plain-text passwords from hashed password stores.
Carla is designing a new data mining system that will analyze access control logs for signs of unusual login attempts. Any suspicious logins will be automatically locked out of the system. What type of control is Carla designing? Physical control Logical control Administrative control Compensating control
B. Logical controls are technical controls that enforce confidentiality, integrity, and availability in the digital space. This control meets that definition. Physical controls are security controls that impact the physical world. Administrative controls are procedural mechanisms that an organization follows to implement sound security management practices. There is no indication given that this control is designed to compensate for a control gap.
Don is considering the deployment of a self-service password reset mechanism to reduce the burden on his organization's help desk. The solution will provide password resets for the organization's SSO system. He is concerned that attackers might use this mechanism to compromise user accounts. Which one of the following authentication approaches would best meet the business need while addressing Don's security concerns? Two-factor authentication combining a password and token Passcode sent via SMS to a cell phone Email link to a password reset web page Security questions
B. Of the solutions presented, a passcode sent via SMS to a cell phone is the best option. The designer of the system should take care to ensure that the code is sent directly to a number controlled by a mobile carrier and not to a VoIP-enabled line to prevent man-in-the-middle attacks. Security questions are not considered strong authentication as they may often be answered by someone other than the individual. Emailing a link to a password reset web page would not work because if the user does not have access to his or her central authentication account, he or she would not likely be able to receive the email. Similarly, the two-factor authentication option presented would not work because the user has presumably forgotten his or her password.
Colin is looking for a solution that will help him aggregate the many different sources of security information created in his environment and correlate those records for relevant security issues. Which one of the following tools would assist Colin with this task? DLP SIEM IPS CRM
B. Security information and event management (SIEM) systems aggregate security logs, configuration data, vulnerability records, and other security information and then allow analysts to correlate those entries for important results. Data loss prevention (DLP) tools and intrusion prevention systems (IPS) are sources of security information but do not perform aggregation and correlation. Customer relationship management (CRM) systems are a business application used to assist in the sales process.
Ken would like to configure an alarm to alert him whenever an event is recorded to syslog that has a critical severity level. What value should he use for the severity in his alert that corresponds to critical messages? 0 2 5 7
B. Syslog severity ranges from 0 (emergency) down to 7 (debug), with lower numbers representing higher severities. The value of 2 corresponds to a critical severity error.
Maddox ran a traceroute command to determine the network path between his system and the Amazon.com web server. He received the partial results shown here: Image shows traceroute to d3ag4hukkh62yn.cloudfront.net with programming codes which reads 1 192.168.1.1, 8 52.95.62.111, et cetera. What is the IP address of the server hosting the Amazon.com website? 192.168.1.1 52.84.61.25 52.95.63.195 68.66.73.118
B. The destination of the traceroute appears in the first line of the results: traceroute to d3ag4hukkh62yn.cloudfront.net (52.84.61.25), 64 hops max, 52 byte packets.
Ian is reviewing the security architecture shown here. This architecture is designed to connect his local data center with an IaaS service provider that his company is using to provide overflow services. What component can be used at the points marked by ?s to provide a secure encrypted network connection? Diagram shows local data center (internal physical and virtual servers) on left and IaaS service provider (virtual servers, IaaS provider network) on right where they are connected to Internet with firewalls on either side. Firewall VPN IPS DLP
B. The diagram already shows a firewall in place on both sides of the network connection. Ian should place a VPN at the point marked by ?s to ensure that communications over the Internet are encrypted. IPS and DLP systems do provide added security controls, but they do not provide encrypted network connections.
The following diagram shows the high-level design of a federated identity management system. The name of the entity that participates in steps 1 and 4 has been blacked out. What is the proper name for this entity? Flow diagram shows consumer requests access leads to consumer is redirected to IDP, and their identity is validated, which leads to IDP provides token to consumer and accepts tokens and allows use of service. Federation manager Service provider Ticket granting server Domain controller
B. The entity that operates the service requested by the end user is known as the service provider (SP).
Bill is reviewing the authentication logs for a Linux system that he operates and encounters the following log entries: Image shows programing codes which reads Aug 30 09:48:06 ip-172-30-0-62 sudo: ec2-user : TTY equals pts/0, et cetera. What authentication technique did the user use to connect to the server? Password PKI Token Biometric
B. The first log entry indicates that the user made use of public key encryption to authenticate the connection. The user, therefore, possessed the private key that corresponded to a public key stored on the server and associated with the user.
Bill is reviewing the authentication logs for a Linux system that he operates and encounters the following log entries: Image shows programing codes which reads Aug 30 09:48:06 ip-172-30-0-62 sudo: ec2-user : TTY equals pts/0, et cetera. What account did the individual use to connect to the server? root ec2-user bash pam_unix
B. The identity of the user making the connection appears in the first log entry: accepted publickey for ec2-user. The third log entry that contains the string USER=root is recording the fact that the user issued the sudo command to create an interactive bash shell with administrative privileges. This is not the account used to create the server connection. The pam_unix entry indicates that the session was authenticated using the pluggable authentication module (PAM) facility.
In a kaizen approach to continuous improvement, who bears responsibility for the improvement effort? The manager most directly responsible for the process being improved The team responsible for the process The continuous improvement facilitator The most senior executive in the organization
B. The kaizen continuous improvement approach is often used in manufacturing and in lean programming. It places the responsibility for improvement in the hands of all employees rather than assigning it to an individual.
Alice and Bob are both employees at the same company. They currently participate in an asymmetric cryptosystem and would like to use that system to communicate with each other securely. Before sending the message, Alice would like to apply a digital signature to it. What key should she use to create the digital signature? Alice's public key Alice's private key Bob's public key Bob's private key
B. The party creating a digital signature uses his or her own private key to encrypt the message digest. In this case, Alice should create the signature using her own private key.
Javier ran the shasum command two consecutive times on a file named coal.r and saw the results shown here. What conclusion can Javier draw from this result? Image shows programming codes which read mchapple dollar, mchapple dollars shasum coal.r, et cetera. The file is intact. The file was modified. The file was removed.
B. The result shows a different hash value for the same file on two different runs. This means that the file was definitely modified between the two runs of shasum. If the file were intact, the two values would be identical. If the file were removed, Javier would receive an error on the second run.
Sam recently conducted a test of a web application using the tool shown here. What type of testing did Sam perform? Window shows OWASP ZAP 2.4.3 with options for server, date, content-type, connection, et cetera, and programming codes are displayed which reads <div class="mw-body-content">, et cetera. Static analysis Fuzzing Vulnerability scanning Peer review
B. The tool shown is ZAP, a popular application proxy tool. ZAP is an interception proxy that allows many types of application testing, such as the fuzz testing (or fuzzing) shown in the image. ZAP does not perform static analysis or vulnerability scanning, and there is no indication that Sam's test was performed as a component of peer review.
Cody recently detected unusual activity on a set of servers running in his organization's data center. He discovered that these servers were running at close to 100% capacity for extended periods of time. After performing a historical analysis, he determined that this was unusual, as the servers rarely reached full utilization during the previous year. He then reviewed the processes on those servers and found that they were running cryptocurrency mining software. If Cody determines that an individual installed this software for personal gain, which one of the following security policies was most likely violated? Information classification policy Acceptable use policy Bitcoin mining policy Identity management policy
B. The unauthorized use of computing resources is normally a violation of an organization's acceptable use policy. It is quite unlikely that the organization has a specific policy that addresses the mining of Bitcoin or other cryptocurrencies. Information classification and identity management policies generally do not address misuse of resources.
Greg recently logged into a web application used by his organization. After entering his password, he was required to input a code from the app shown here. What type of authentication factor is this app providing? Window shows authenticator where code 924233 is displayed with text below it which reads [email protected]. Something you know Something you have Something you are Somewhere you are
B. The use of a smartphone authenticator app demonstrates possession of the device and is an example of "something you have." When combined with a password ("something you know"), this approach provides multifactor authentication.
Maggie is reviewing the ssl_request_log file on a web server operated by her company and sees the messages shown here: Image shows programming codes which read 54.201.189.233 TLSv1.2, 157.55.39.18, et cetera. What type of user is most likely originating from the IP address 157.55.39.18? Malicious hacker Search engine crawler Normal web user API user
B. The user at this IP address is requesting the robots.txt file. This file is generally only requested by automated crawlers, such as those operated by search engines, seeking to determine whether they are permitted to browse the site.
Joan is working as a security consultant to a company that runs a critical web application. She discovered that the application has a serious SQL injection vulnerability, but the company cannot take the system offline during the two weeks required to revise the code. Which one of the following technologies would serve as the best compensating control? IPS WAF Vulnerability scanning Encryption
B. Vulnerability scanning would not serve as a compensating control because it would only detect, rather than correct, security flaws. There is no indication that encryption is not in place on this server or that it would address a SQL injection vulnerability. Both an intrusion prevention system (IPS) and a web application firewall (WAF) have the ability to serve as a compensating control and block malicious requests. Of the two, a web application firewall would be the best solution in this case because it is purpose-built for protecting against the exploitation of web application vulnerabilities.
Belinda is configuring an OpenLDAP server that will store passwords for her organization. Which one of the following password storage schemes will provide the highest level of security? CRYPT SSHA MD5 SASL
B. When using OpenLDAP, the SSHA password storage scheme uses a salted SHA hash for password storage. This is stronger than the CRYPT, MD5, SHA, and SASL schemes that OpenLDAP supports.
Sam recently installed a new security appliance on his network as part of a managed service deployment. The vendor controls the appliance, and Sam is not able to log into it or configure it. Sam is concerned about whether the appliance receives necessary security updates for the underlying operating system. Which one of the following would serve as the best control that Sam can implement to alleviate his concern? Configuration management Vulnerability scanning Intrusion prevention Automatic updates
B. While configuration management or automated patching would address this issue, these are not feasible approaches because Sam does not have the ability to log into the device. Intrusion prevention would add a layer of security, but it does not directly address the issue of operating system patching. Vulnerability scanning would allow Sam to detect missing patches and follow up with the vendor.
Bob remotely connected to a Windows server and would like to determine the server's function. He ran the TCPView tool from the Sysinternals suite on that server and saw the results shown here. What role best describes this server? Window shows TCPview where table shows columns for process, PID, protocol, local address (TCP, TCPV6, UDP), local port, remote address, remote port, and state (listening, established). Web server File server Database server Logging server
C. All of the services shown on the TCPView results are standard Windows services that would appear on any Windows server, with one exception. sqlservr.exe is a process associated with Microsoft SQL Server and would be found only on a database server.
Bobbi is deploying a single system that will be used to manage a sensitive industrial control process. This system will operate in a stand-alone fashion and not have any connection to other networks. What strategy is Bobbi deploying to protect this SCADA system? Network segmentation VLAN isolation Air gapping Logical isolation
C. Bobbi is adopting a physical, not logical, isolation strategy. In this approach, known as air gapping, the organization uses a stand-alone system for the sensitive function that is not connected to any other system or network, greatly reducing the risk of compromise. VLAN isolation and network segmentation involve a degree of interconnection that is not present in this scenario.
Veronica was recently hired to develop a vulnerability management program for her organization. The organization currently does not have any tools for vulnerability scanning, and Veronica would like to build out the initial toolset. As she continues her product selection, Veronica realizes that the organization does not have adequate network monitoring and log analysis tools. She would like to select a suite of open source tools that would provide her with comprehensive monitoring. Which one of the following tools would be the least appropriate to include in that set? Cacti MRTG Solarwinds Nagios
C. Cacti, Nagios, and MRTG are all open source network monitoring tools, while Solarwinds is a commercial alternative.
Ted is preparing an RFP for a vendor to supply network firewalls to his organization. Which one of the following vendors is least likely to meet his requirements? CheckPoint Palo Alto FireEye Juniper
C. CheckPoint, Palo Alto, and Juniper are all suppliers of network firewalls. FireEye provides endpoint protection and other advanced threat mitigation tools but does not provide network firewalls.
Kieran is evaluating forensic tools and would like to consider the use of an open source forensic suite. Which one of the following toolkits would best meet his needs? FTK EnCase SIFT Helix
C. FTK, EnCase, and Helix are all commercial forensic toolkits. The SANS Investigative Forensics Toolkit (SIFT) is an Ubuntu-based set of open source forensics tools.
Glenn would like to adopt a web application firewall for his company. Which one of the following products would NOT be suitable for his first round of evaluation? Imperva NAXSI Network General ModSecurity
C. Imperva, NAXSI, and ModSecurity are all web application firewall options that Glenn should consider. Network General is a former manufacturer of network analysis equipment that was acquired by NetScout in 2007. Bafflingly, Network General is still included on the CompTIA CySA+ objectives as required knowledge.
Which of the following parties directly communicates with the end user during a SAML transaction? Relying party SAML identity provider Both the relying party and the SAML identity provider Neither the relying party nor the SAML identity provider
C. In a SAML transaction, the user initiates a request to the relying party, who then redirects the user to the SSO provider. The user then authenticates to the SAML identity provider and receives a SAML response, which is sent to the relying party as proof of identity.
Ursula is a security administrator for an organization that provides web services that participate in federated identity management using the OAuth framework. Her organization's role is to operate the web service that users access once they have received authorization from their identity provider. Which type of OAuth component does Ursula's group manage? Clients Resource owners Resource servers Authorization servers
C. In the OAuth framework, the servers that provide services to end users are known as resource servers. The web service run by Ursula's organization would use resource servers to provide the service to end users.
Laura requests DNS information about the nytimes.com domain using the nslookup command and receives the results shown here. Which one of the following conclusions can Laura reach about the domain based upon these results? Image shows programming codes with options for server, address, origin, refresh, retry, expire, et cetera. The nytimes.com DNS server is located at 66.205.160.99. The nytimes.com web server has a single address. The nytimes.com email domain is hosted by Google. The nytimes.com website uses Google Analytics.
C. Laura can determine that the nytimes.com domain uses Google for email services, as there is a mail exchanger (MX) record pointing to a Google address and routing mail for the domain to Google. The server located at 66.205.160.99 is the server that answered this DNS query, which is not necessarily operated by the nytimes.com domain. The results appear to show that there are multiple web servers hosting the nytimes.com domain but there is no evidence that Google Analytics is used in these results.
Which of the following authentication factors did NIST recommend be deprecated in 2016? Retina scans Fingerprints SMS Application-generated tokens
C. NIST's Special Publication 800-63-3, "Digital Authentication Guideline," suggested that SMS authentication factors be deprecated in 2016 because of the number of ways in which attackers could gain access to SMS messages, including VoIP redirects, specific attacks on unencrypted SMS messages, and other means.
Veronica was recently hired to develop a vulnerability management program for her organization. The organization currently does not have any tools for vulnerability scanning, and Veronica would like to build out the initial toolset. After purchasing a commercial network vulnerability scanner, Veronica does not have any funds remaining to purchase a web application scanner, so she would like to use an open source solution dedicated to that purpose. Which one of the following products would best meet her needs? Acunetix OpenVAS Nikto Nexpose
C. Nikto is an open source web vulnerability scanner. Acunetix is also a web vulnerability scanner, but it is a commercial product. OpenVAS is an open source vulnerability scanner, but it is not dedicated to web application scanning. Nexpose is a commercial network vulnerability scanner.
Susan wants to provide authentication for APIs using an open standard. Which of the following protocols is best suited to her purposes if she intends to connect to existing cloud service provider partners? RADIUS SAML OAuth TACACS+
C. OAuth is commonly used to provide authentication for APIs and allows interoperation with many service providers who support it. RADIUS and TACACS+ are more commonly used to provide AAA services for network devices, while SAML is an XML-based standard that is often used to provide single sign-on to websites.
Maureen is designing an authentication system upgrade for her organization. The organization currently uses only password-based authentication and has been suffering a series of phishing attacks. Maureen is tasked with upgrading the company's technology to better protect against this threat. Maureen would like to achieve multifactor authentication. Which one of the following authentication techniques would be most appropriate? PIN Security questions Smartcard Password complexity
C. Passwords, which are already used by the organization are a "something you know" factor. Adding a PIN or security question simply adds another "something you know" factor, failing to achieve Maureen's goal of multifactor authentication. Increasing the complexity of passwords makes them stronger but does not add an additional factor. Using smartcards adds a "something you have" factor, achieving multifactor authentication.
Maureen is designing an authentication system upgrade for her organization. The organization currently uses only password-based authentication and has been suffering a series of phishing attacks. Maureen is tasked with upgrading the company's technology to better protect against this threat. Which one of the following technologies is not suitable for Maureen to use as a second factor because of security issues with its implementation? HOTP tokens TOTP tokens SMS messages Soft tokens
C. SMS is no longer considered secure and NIST's Special Publication 800-63-3, "Digital Authentication Guideline," recommends that SMS be deprecated. Not only have successful attacks against SMS-based one-time passwords increased, but there are a number of ways that it can be successfully targeted with relative ease. HOTP tokens, TOTP tokens, and soft tokens are all acceptable alternatives.
Greg is designing a defense-in-depth approach to securing his organization's information and would like to select cryptographic tools that are appropriate for different use cases and provide strong encryption. Which one of the following pairings is the best use of encryption tools? SSL for data in motion and AES for data at rest VPN for data in motion and SSL for data at rest TLS for data in motion and AES for data at rest SSL for data in motion and TLS for data at rest
C. Secure Sockets Layer (SSL), Transport Layer Security (TLS), and virtual private networks (VPNs) are all used to protect data in motion. AES cryptography may be used to protect data at rest. SSL is no longer considered secure, so it is not a good choice for Greg. The only answer choice that matches each tool with the appropriate type of information and does not use SSL is using TLS for data in motion and AES for data at rest.
The Open Web Application Security Project (OWASP) maintains a listing of the most important web application security controls. Which one of these items is least likely to appear on that list? Implement identity and authentication controls. Implement appropriate access controls. Obscure web interface locations. Leverage security frameworks and libraries.
C. Security through obscurity is not a good practice. You should not rely upon the secrecy of the control (e.g., the location of the web interface) as a security measure. Therefore, obscuring web interface locations is not included on the OWASP security controls list.
Which one of the following controls is useful to both facilitate the continuity of operations and serve as a deterrent to fraud? Succession planning Dual control Cross-training Separation of duties
C. Succession planning and cross-training both serve to facilitate continuity of operations by creating a pool of candidates for job vacancies. Of these, only cross-training encompasses actively involving other people in operational processes, which may also help detect fraud. Dual control and separation of duties are both controls that deter fraud, but they do not facilitate the continuity of operations.
Dave is a web application developer who is working in partnership with system engineers in a DevOps environment. He is concerned about the security of a web application he is deploying and would like a reference benchmark to help secure the web server that will be hosting his application. Which one of the following sources would best meet Dave's needs? OWASP SANS CIS NSA
C. The Center for Internet Security (CIS) publishes a widely respected set of configuration standards and benchmarks for operating systems and popular applications. The CIS benchmarks would be an excellent starting point for securing Dave's web server.
Which one of the following approaches is an example of a formal code review process? Pair programming Over-the-shoulder Fagan inspection Pass-around code review
C. The Fagan inspection is a highly formalized, rigorous code review process that involves six phases. Pair programming, over-the-shoulder reviews, and pass-around code reviews are all examples of lightweight, fairly informal code review processes.
Which software development methodology is shown here? Diagram shows labels for sprint 1, sprint 2, and sprint X where spring planning leads to development, which leads to testing and demonstration, and finally leads to sprint planning. Waterfall Spiral Agile RAD
C. The agile method divides work into short working sessions, called sprints, that can last from a few days to a few weeks.
Tom is concerned about the integrity of a file, so he runs the shasum utility on it. The following figure shows the results of running it on two separate days. What conclusion can Tom draw from these results? Windows show terminal with markings where one on top reads Wed Sep 27: shasum < ridership.txt and one on bottom reads Fri Sep 29: shasum < ridership.txt. The file experienced significant modification between Wednesday and Friday. The file experienced minor modification between Wednesday and Friday. The file verified on Friday is identical to the file from Wednesday. Tom does not have enough information to draw any of these conclusions.
C. The fact that the SHA hash value from Friday is identical to the value from Wednesday indicates that the file is identical. Maureen is designing an authentication system upgrade for her organization. The organization currently uses only password-based authentication and has been suffering a series of phishing attacks. Maureen is tasked with upgrading the company's technology to better protect against this threat.
Renee is investigating a cybersecurity breach that took place on one of her organization's Linux servers. As she analyzed the server log files, she determined that the attacker gained access to an account belonging to an administrative assistant. After interviewing the assistant, Renee determined that the account was compromised through a social engineering attack. The log files also show that the user entered a few unusual-looking commands and then began issuing administrative commands to the server. What type of attack most likely took place? Man-in-the-middle Buffer overflow Privilege escalation LDAP injection
C. The fact that the user connected with an account belonging to an administrative assistant and was then able to execute administrative commands indicates that a privilege escalation attack took place. While buffer overflows are a common method of engaging in privilege escalation attacks, there is no evidence in the scenario that this technique was used.
Bill is reviewing the authentication logs for a Linux system that he operates and encounters the following log entries: Image shows programing codes which reads Aug 30 09:48:06 ip-172-30-0-62 sudo: ec2-user : TTY equals pts/0, et cetera. What is the IP address of the system where the user was logged in when he or she initiated the connection? 172.30.0.62 62.0.30.172 10.174.238.88 9.48.6.0
C. The first entry in the log indicates that the user authenticated from the system 10.174.238.88.
Charles is assessing the security of his organization's RADIUS server. Which one of the following security controls could Charles use to best mitigate the security vulnerabilities inherent in the RADIUS authentication protocol? Hashing of stored passwords Encryption of stored passwords Encryption of network traffic Replacement of TCP with UDP
C. The greatest weakness inherent in RADIUS is that it uses the insecure MD5 hash function for the transmission of passwords over the network. Hashing or encryption of stored passwords does not address this risk, but tunneling RADIUS communications over an encrypted network connection does mitigate the issue.
Simon would like to use a cybersecurity analysis tool that facilitates searching through massive quantities of log information in a visual manner. He has a colleague who uses the tool shown here. What tool would best meet Simon's needs? Window shows new search with tabs for events (101,817), patterns, statistics, and visualization, and table shows columns for i, time, and event. Syslog Kiwi Splunk Sysinternals
C. The interface shown in the picture is Splunk, a SIEM that specializes in visual search and allows analysts to comb through massive quantities of information in an intuitive way. Kiwi and other Syslog tools allow the collection and analysis of this information but do not provide the visual interface used in Splunk. Sysinternals does not include a log analysis tool.
Maggie is reviewing the ssl_request_log file on a web server operated by her company and sees the messages shown here: Image shows programming codes which read 54.201.189.233 TLSv1.2, 157.55.39.18, et cetera. What type of user is most likely originating from the IP address 188.71.247.207? Malicious hacker Search engine crawler Normal web user API user
C. The requests from this IP address appear to be normal requests for a web page and two associated image files. There is no indication that this comes from any source other than a normal user.
Bill is reviewing the authentication logs for a Linux system that he operates and encounters the following log entries: Image shows programing codes which reads Aug 30 09:48:06 ip-172-30-0-62 sudo: ec2-user : TTY equals pts/0, et cetera. What service did the user use to connect to the server? HTTPS PTS SSH Telnet
C. The second log entry indicates that the sshd daemon handled the connection. This daemon supports the Secure Shell (SSH) protocol.
Alice and Bob are both employees at the same company. They currently participate in an asymmetric cryptosystem and would like to use that system to communicate with each other securely. Alice would like to send an encrypted message to Bob. What key should she use to encrypt the message? Alice's public key Alice's private key Bob's public key Bob's private key
C. The sender of a message should encrypt that message using the public key of the message recipient. In this case, Alice should encrypt the message using Bob's public key.
Tim is a web developer and would like to protect a new web application from man-in-the-middle attacks that steal session tokens stored in cookies. Which one of the following security controls would best prevent this type of attack? Forcing the use of TLS for the web application Forcing the use of SSL for the web application Setting the secure attribute on the cookie Hashing the cookie value
C. Tim should set the secure attribute on the cookie to ensure that it is always sent over an encrypted connection. Merely using SSL or TLS for the web application does not ensure that the cookie itself is always sent over an encrypted connection. Hashing the cookie value would not have any effect on the security of the application.
Which one of the following test types typically involves an evaluation of the application by end users? Stress testing Fuzz testing Acceptance testing Regression testing
C. User acceptance testing (UAT) is typically the last type of testing performed, and it is generally the only software testing that involves end users.
Which one of the following testing techniques is typically the final testing done before code is released to production? Unit testing Integration testing User acceptance testing Security testing
C. User acceptance testing (UAT) verifies that code meets user requirements and is typically the last phase of application testing before code is released to production.
Lynda is a security professional consulting with her organization's software development team on the inclusion of security best practices in their SDLC. She consults the Center for Internet Security's system design recommendations. Which one of the following control categories is most likely to contain information helpful to her consulting effort? Inventory of authorized and unauthorized devices Controlled use of administrative privileges Application software security Malware defenses
C. While all of these control documents may contain information helpful to Lynda, the application software security control is the one most likely to contain information relevant to incorporating security into the SDLC.
Xavier is reviewing the design for his organization's security program and he is concerned about the ability of the organization to conduct malware analysis that would detect zero-day attacks. Which one of the following cloud-based service models would allow Xavier to most easily meet this requirement? IaaS PaaS SECaaS IDaaS
C. Xavier could address this issue by hiring an external security-as-a-service (SECaaS) provider that specializes in malware analysis. Infrastructure (IaaS), platform (PaaS) and identity management (IDaaS) services would not provide malware analysis capabilities.
Which forensic imaging tool is already installed on most Linux operating systems? FTK OSFClone EnCase dd
D. All of the tools listed have forensic imaging capabilities, but dd is a disk duplicating tool that is built into most Linux systems.
Cody recently detected unusual activity on a set of servers running in his organization's data center. He discovered that these servers were running at close to 100% capacity for extended periods of time. After performing a historical analysis, he determined that this was unusual, as the servers rarely reached full utilization during the previous year. He then reviewed the processes on those servers and found that they were running cryptocurrency mining software. Based upon his analysis, what type of control might Cody consider implementing to more quickly identify similar issues in the future? Intrusion prevention Authentication anomaly detection Vulnerability scanning Configuration management
D. Configuration management tools are able to detect the installation of new software, helping analysts quickly identify cases of unauthorized software installation. Authentication anomaly detection and intrusion prevention controls are unlikely to detect this issue because the employee likely does have authorization to connect to the server and is simply misusing authorized access privileges. The installation of software that does not listen on a network port, such as cryptocurrency mining software, is unlikely to be detected with vulnerability scanning.
Robin is planning to deploy a context-based authentication system for her organization. Which one of the following factors is not normally used as part of the authentication context? Geolocation User behavior Time of day Password complexity
D. Context-based authentication systems commonly take location, time of day, and user behavior into account. They do not normally consider the complexity of the user's password.
Which one of the following elements is least likely to be found in a data retention policy? Minimum retention period for data Maximum retention period for data Description of information to retain Classification of information elements
D. Data retention policies describe what information the organization will maintain and the length of time different categories of information will be retained prior to destruction, including both minimum and maximum retention periods. Data classification would be covered by the data classification policy.
Which one of the following components is not normally part of an endpoint security suite? IPS Firewall Antimalware VPN
D. Endpoint security suites typically include host firewalls, host intrusion prevention systems (IPS), and antimalware software. Virtual private network (VPN) technology is normally a core component of the operating system or uses software provided by the VPN vendor.
Richard would like to deploy a web application firewall in front of a vulnerable web application. Which one of the following products is least likely to meet his needs? CloudFlare FortiWeb NAXSI FTK
D. FTK is a suite of forensic tools, not a web application firewall. CloudFlare, FortiWeb, and NAXSI are all web application firewall products.
Which one of the following tools is not typically used to gather evidence in a forensic investigation? FTK EnCase Helix Burp
D. FTK, EnCase, and Helix are all examples of forensic suites. Burp is an interception proxy used in penetration testing and web application testing.
Julie is refreshing her organization's cybersecurity program using the NIST Cybersecurity Framework. She would like to use a template that describes how a specific organization might approach cybersecurity matters. What element of the NIST Cybersecurity Framework would best meet Julie's needs? Framework Scenarios Framework Core Framework Implementation Tiers Framework Profiles
D. Framework Profiles describe how a specific organization might approach the security functions covered by the Framework Core. The Framework Core is a set of five security functions that apply across all industries and sectors: identify, protect, detect, respond, and recover. The Framework Implementation Tiers assess how an organization is positioned to meet cybersecurity objectives.
Maggie is reviewing the ssl_request_log file on a web server operated by her company and sees the messages shown here: Image shows programming codes which read 54.201.189.233 TLSv1.2, 157.55.39.18, et cetera. Which one of the following conclusions can Maggie reach about the web server based upon interpreting the logs? The web server is using an insecure version of TLS. The web server is using an insecure version of SSL. The web server is using outdated ciphers. None of the above
D. From the information presented, Maggie cannot identify any insecure or outdated components. There is no evidence in the logs that the server is running SSL, and the TLS version referenced in the logs (version 1.2) is indeed current. The fact that the file is named ssl_request_log does not mean that the server necessarily supports SSL, as TLS records are stored in that file as well. The cipher suite specified in the logs (ECDHE-RSA-AES256-SHA384 and ECDHE-RSA-AES256-GCM-SHA384) contain no insecure or outdated components.
Ashley is working with software developers to evaluate the security of an application they are upgrading. She is performing testing that slightly modifies the application code to help identify errors in code segments that might be infrequently used. What type of testing is Ashley performing? Stress testing Fuzz testing Fault injection Mutation testing
D. Fuzz testing involves sending invalid or random data to an application to test its ability to handle unexpected data. Fault injection directly inserts faults into error handling paths, particularly error handling mechanisms that are rarely used or might otherwise be missed during normal testing. Mutation testing is related to fuzzing and fault injection but rather than changing the inputs to the program or introducing faults to it, mutation testing makes small modifications to the program itself. Stress testing is a performance test that ensures applications and the systems that support them can stand up to the full production load.
Vincent is conducting fuzz testing using Peach Fuzzer, a common input fuzzing tool. Peach Fuzzer incorporates functionality formerly included in the Untidy fuzzer project. Which one of the following sources is Vincent LEAST likely to be able to fuzz with this product? Web application input XML TCP/IP Firewall rules
D. Fuzz testing works by dynamically manipulating input to an application in an effort to induce a flaw. This technique is useful in detecting places where a web application does not perform proper input validation. It can also be used against XML input, TCP/IP communications and other protocols. Fuzz testing is not commonly used against firewall rules. Note that this question mentions the Untidy fuzzer. This product was an XML fuzzer that no longer exists because it was folded into the Peach fuzzing tool. However, CompTIA included it as an exam objective for the CySA+ exam. Therefore, you should associate the name with XML fuzz testing if you see it on the exam.
What type of organizations are required to adopt the ISO 27001 standard for cybersecurity? Healthcare organizations Financial services firms Educational institutions None of the above
D. ISO 27001 is a voluntary standard, and there is no law or regulation requiring that healthcare organizations, financial services firms, or educational institutions adopt it.
Leo is investigating a security incident and turned to the logs from his identity and access management system to determine the last time that a specific user authenticated to any system in the organization. What identity and access management function is Leo using? Identification Authentication Authorization Accounting
D. Identities are used as part of the authentication, authorization, and accounting (AAA) framework that is used to control access to computers, networks, and services. AAA systems authenticate users by requiring credentials such as a username, a password, and possibly a biometric or token-based authenticator. Once individuals have proven who they are, they are then authorized to access or use resources or systems. Authorization applies policies based on the user's identity information and rules or settings, allowing the owner of the identity to perform actions or to gain access to systems. The accounting element of the AAA process is the logging and monitoring that goes with the authentication and authorization. Accounting monitors usage and provides information about how and what users are doing.
Wanda is responsible for account life-cycle management at her organization and would like to streamline the process, which she feels is ineffective and contains too many steps. Which one of the following approaches may assist with this task? Regression Waterfall Agile Lean Six Sigma
D. Lean Six Sigma is a process improvement approach that includes streamlining processes to make them more effective. Regression testing is a type of software/system testing used during the QA process. Waterfall and agile are software development methodologies.
Alice and Bob are both employees at the same company. They currently participate in an asymmetric cryptosystem and would like to use that system to communicate with each other securely. If Alice applies a digital signature to the message, what cryptographic goal is she attempting to achieve? Confidentiality Accountability Availability Nonrepudiation
D. Nonrepudiation is a cryptographic goal that prevents the signer of a message from later claiming that the signature is not authentic. Digital signatures provide nonrepudiation. They do not provide confidentiality. Accountability and availability are not cryptographic goals.
Carla is consulting with a website operator on an identity management solution. She would like to find an approach that leverages federated identity management and provides service authorization. Which one of the following technologies would be best suited for her needs? OpenID Active Directory Kerberos OAuth
D. OAuth is a federated identity service that focuses on providing authorization services and is designed for use on the web. OpenID is also a federated solution for the web, but it provides only authentication and not authorization. Kerberos and Active Directory are more suitable for enterprise use.
Which one of the following characters would not signal a potential security issue during the validation of user input to a web application? < ' > $
D. The $ character does not necessarily represent a security issue. The greater-than/less-than brackets (<>) are used to enclose HTML tags and require further inspection to determine whether they are part of a cross-site scripting attack. The single quotation mark (') could be used as part of a SQL injection attack.
Nick is designing an authentication infrastructure and wants to run an authentication protocol over an insecure network without the use of additional encryption services. Which one of the following protocols is most appropriate for this situation? RADIUS TACACS TACACS+ Kerberos
D. The Kerberos protocol is designed for use over insecure networks and uses strong encryption to protect authentication traffic. RADIUS, TACACS, and TACACS+ all contain vulnerabilities that require the use of additional encryption to protect their traffic.
Veronica was recently hired to develop a vulnerability management program for her organization. The organization currently does not have any tools for vulnerability scanning, and Veronica would like to build out the initial toolset. Veronica would like to select a network vulnerability scanner that is provided by a commercial vendor and widely used within the cybersecurity community. Which one of the following tools would best meet her needs? OpenVAS MBSA Acunetix Qualys
D. The Qualys vulnerability scanner is a widely used, commercial vulnerability scanning product. OpenVAS is also a network vulnerability scanner, but it is an open source project rather than a commercial product.
Helen is reviewing her organization's network design, shown here. Which component shown in the diagram is a single point of failure for the organization? Diagram shows two firewalls, two routers, and two core switches connected to each other, together they lead to distribution router and divides into two edge switches. Firewall Upstream router Core switch Distribution router
D. The diagram shows that there are two nonredundant components in this network: the distribution router and the edge switches. A failure of either of those devices would cause a network outage, as there is no redundant system ready to assume the workload.
Mike is troubleshooting an issue on his Mac and believes that he may have a defective network interface. He uses the ifconfig command to determine details about the interface and receives the results shown here. Which network interface appears to have an active connection to a network? Image shows programming codes which reads inet 127.0.0.1 netmask 0xff000000, i net ::1 prefixlen 128, et cetera. lo0 gif0 en0 en1
D. The en1 interface is the only interface that has an active, valid IP address (10.0.1.77) that may be used for network communication. The lo0 interface also has an IP address (127.0.0.1), but this is the loopback address, used to communicate with the local host, not on a network.
Maddox ran a traceroute command to determine the network path between his system and the Amazon.com web server. He received the partial results shown here: Image shows traceroute to d3ag4hukkh62yn.cloudfront.net with programming codes which reads 1 192.168.1.1, 8 52.95.62.111, et cetera. What is the first IP address on the public Internet that this traffic is passing through? 192.168.1.1 172.30.35.33 52.95.63.195 68.66.73.118
D. The first three IP addresses in the traceroute results are all private IP addresses, indicating that the systems are on Maddox's local network. The first public address that appears in the list is 68.66.73.118.
Consider the LDAP directory hierarchy shown here. Two of the component names have been blacked out. What is the appropriate abbreviation for the node types that have been blacked out? Flow diagram shows dc equals example, dc equals com leads to security (cn equals redteam, cn equals blueteam, cn equals ops) and hr (cn equals payroll, cn equals benefits). ad cn dc ou
D. The nodes in the diagram exist between domain component (dc) and common name (cn) nodes. This is the proper location for an organizational unit (ou) node. Active Directory (ad) is a type of LDAP server.
Which one of the following security architectural views would provide details about the flow of information in a complex system? Technical view Logical view Firewall view Operational view
D. The operational view describes how a function is performed or what it accomplishes. This view typically shows how information flows in a system. The technical view focuses on the technologies, settings, and configurations used in an architecture. The logical view describes how systems interconnect. The firewall view is not a standard architectural view.
Alice and Bob are both employees at the same company. They currently participate in an asymmetric cryptosystem and would like to use that system to communicate with each other securely. When Bob receives the message from Alice, what key should he use to decrypt it? Alice's public key Alice's private key Bob's public key Bob's private key
D. The recipient of a message should decrypt the message using his or her own private key. In this case, Bob should decrypt the message using his own private key.
Which software development methodology is illustrated here? Flow diagram shows gather requirements leads to design, which leads to implement, test/validate, deploy, and maintain. Spiral RAD Agile Waterfall
D. The waterfall model follows a series of sequential steps, as shown here. The agile software development methodology is characterized by multiple sprints, each producing a concrete result. The spiral model uses multiple passes through four phases, resulting in a spiral-like diagram. Rapid application development uses a five-phase approach in an iterative format.
Francine would like to assess the security of her organization's wireless networks. Which one of the following network security tools would be best suited for this task? Wireshark tcpdump nmap aircrack-ng
D. aircrack-ng is a suite of wireless security tools that would be perfectly suited for Francine's WiFi security assessment.