IST 292 Test 3
Tony configures his network to provide false DNS responses for known malware domains. What technique is he using?
Sinkholing
Kathleen wants to build a public API for a modern service-oriented architecture. What model is likely her best choice?
REST
Mike installs a firewall in front of a previously open network to prevent the systems behind the firewall from being targeted by external systems. What did Mike do?
Reduced the organizations attack surface
Angela wants to review the syslog on a Linux system. What directory should she check to find it on most Linux distributions?
/var/log
Elaine wants to check for user logins on a Linux system. What log location should she check first?
/var/log/auth.log
Alaina wants to deploy a tool that can monitor the behavior of users while correlating that behavior centrally to determine if a security incident has occurred. What type of tool should she acquire?
A UEBA tool
Megan has recently discovered that the Linux server she is responsible for maintaining is affected by a zero-day exploit for a vulnerability in the web application software that is needed by her organization. Which of the following compensating controls should she implement to best protect the server?
A WAF
Ben wants to reverse-engineer a malware sample. Which of the following tools will allow him to view assembly code for the program if he only has a binary executable?
A disassembler
During an incident response process, Michele discovers that the administrative credentials for her organization's Kerberos server have been compromised and that attackers have issued themselves a TGT without an expiration date. What is this type of ticket called?
A golden ticket
Ben sets up a system that acts like a vulnerable host in order to observe attacker behavior. What type of system has he set up?
A honeypot
Gabby connects to a Linux web server and executes an attack that gives her access to the account that the Apache web server runs as. If her next attack is aimed at a script that runs with root privileges, what type of attack has she attempted?
A privilege escalation attack
Port security refers to what type of security control?
Allowing only specific MAC addresses to access a network port
Angela is concerned about attackers enumerating her organization's LDAP directory. What LDAP control should she recommend to help limit the impact of this type of data gathering?
ACLs
Which of the following technologies is NTLM associated with?
Active Directory
Ric is reviewing his organization's network design and is concerned that a known flaw in the border router could let an attacker disable their Internet connectivity. Which of the following is an appropriate compensatory control?
An alternate Internet connectivity method using a different router type
Susan wants to manage access based on the job titles of members of her organization's staff. What kind of access control is best suited to this requirement?
Attribute-based access control
What type of attack is typically associated with the strcpy function?
Buffer overflow
Which of the following controls is best suited to prevent vulnerabilities related to software updates?
Centralized patch management software
Authentication that uses the IP address, geographic location, and time of day to help validate the user is known as what type of authentication?
Context-based
Which of the following is not a common attack against Kerberos?
Open redirect-based attacks
After a breach that resulted in attackers successfully exfiltrating a sensitive database, Jason has been asked to deploy a technology that will prevent similar issues in the future. What technology is best suited to this requirement?
DLP (Data loss prevention)
Susan wants to use an email security protocol to determine the authenticity of an email. Which of the following options will ensure that her organization's email server can determine if it should accept email from a sender?
DMARC (domain based msg auth)
Ben's organization uses data loss prevention software that relies on metadata tagging to ensure that sensitive files do not leave the organization. What compensating control is best suited to ensuring that data that does leave is not exposed?
Encryption of all files sent outside the organization
What type of testing focuses on inserting problems into the error handling processes and paths in an application?
Fault injection
Angela needs to implement a control to ensure that she is notified of changes to important configuration files on her server. What type of tool should she use for this control?
File integrity checking
Which of the following layered security controls is commonly used at the WAN, LAN, and host layer in a security design?
Firewalls
Which party in a federated identity service model makes assertions about identities to service providers?
IDPs
What type of attack occurs when an attacker takes advantage of OAuth open redirects to take on the identity of a legitimate user?
Insecure password reset questions
Susan needs to explain what a jump box is to a member of her team. What should she tell them?
It is a system used to access and manage systems or devices in another security zone
Which of the following technologies is not a shard authentication technology?
LDAP
A member of Susan's team recently fell for a phishing scam and provided his password and personal information to a scammer. What layered security approach is not an appropriate layer for Susan to implement to protect her organization from future issues?
Multitiered firewalls
Chris is reviewing NetFlow logs while monitoring for systems that are participating in a botnet. Which of the following types of data will he not be able to see in his NetFlow records?
Packet payload
Precompiled SQL statements that only require variables to be input are an example of what type of application security control?
Parameterized queries
The 2013 Yahoo breach resulted in almost 1 billion MD5 hashed passwords being exposed. What user behavior creates the most danger when this type of breach occurs?
Password reuse
Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns?
Performing user input validation
Michelle has a security token that her company issued to her. What type of authentication factor does she have?
Possession
Jim was originally hired into the helpdesk at his current employer but has since moved into finance. During a rights audit, it is discovered that he still has the ability to change passwords for other staff members. What is this issue called?
Privilege creep
Jason has user rights on his Linux workstation, but he wants to read his department's financial reports, which he knows are stored in a directory that only administrators can access. He executes a local exploit, which gives him the ability to act as root. What type of attack is this?
Privilege escalation
Using TLS to protect application traffic helps satisfy which of the OWASP 2016 best practices?
Protect data
Chris is in charge of his organization's Windows security standard, including their Windows XP security standard, and has recently decommissioned the organization's last Windows XP system. What is the next step in his security standard's life cycle?
Retiring the Windows 7 standard
Which of the following methods is not an effective method for prevention brute-force password guessing attacks via login portals?
Returning an HTTP error
During a Fagan code inspection, which process can redirect to the planning stage?
Rework
What security design is best suited to protect authentication and authorization for a network that uses TACACS+?
Route management traffic over a dedicated network
Which of the following is not a reason to avoid using SMS as a second factor for authentication?
SMS cannot send unique tokens
Example Corporation has split their network into network zones that include sales, HR, research and development, and guest networks, each separated from others using network security devices. What concept is Example Corporation using for their network security?
Segmentation
During a penetration test of Anna's company, the penetration testers were able to compromise the company's web servers and deleted their log files, preventing analysis of their attacks. What compensating control is best suited to prevent this issue in the future?
Sending logs to a syslog server
Ben's successful attack on an authenticated user required him to duplicate the cookies that the web application put in place to identify the legitimate user. What type of attack did Ben conduct?
Session hijacking
Adam is conducting software testing by reviewing the source code of the application. What type of cost testing is Adam conducting?
Static code analysis
What term describes a chip that is built into a computer that stores encryption keys specific to the system that is used for hardware authentication?
TPM (Trusted Platform Module)
Cameron builds a malware signature using a hash of the binary that he found on an infected system. What problem is he likely to encounter with modern malware when he tries to match hashes with other infected systems?
The malware may be polymorphic
James is concerned that network traffic from his datacenter has increased and that it may be caused by a compromise that his security tools have not identified. What SIEM analysis capability could he use to look at the traffic over time sent by his datacenter systems?
Trend analysis
Gabby is designing a multifactor authentication system for her company. She has decided to use a passphrase, a time-based code generator, and a PIN to provide additional security. How many distinct factors will she have implemented when she is done?
Two
What process checks to ensure that functionality meets customer needs?
UAT (user accept test)
Fred wants to ensure that only software that has been preapproved runs on workstations he manages. What solution will best fit this need?
Whitelisting