Security+ #5
Which of the following would be considered multifactor authentication? A. Hardware token and smart card B. Voice recognition and retina scan C. Strong password and fingerprint D. PIN and security questions
C
A Chief Information Officer (CIO) asks the company's security specialist if the company should spend any funds on malware protection for a specific server. Based on a risk assessment, the ARO value of a malware infection for a server is 5 and the annual cost for the malware protection is $2500. Which of the following SLE values warrants a recommendation against purchasing the malware protection? A. $500 B. $1000 C. $2000 D. $2500
A
A Chief Information Officer (CIO) recently saw on the news that a significant security flaws exists with a specific version of a technology the company uses to support many critical application. The CIO wants to know if this reported vulnerability exists in the organization and, if so, to what extent the company could be harmed. Which of the following would BEST provide the needed information? A. Penetration test B. Vulnerability scan C. Active reconnaissance D. Patching assessment report
A
A Chief Information Security Officer (CISO) has tasked a security analyst with assessing the security posture of an organization and which internal factors would contribute to a security compromise. The analyst performs a walk-through of the organization and discovers there are multiple instances of unlabeled optical media on office desks. Employees in the vicinity either do not claim ownership or disavow any knowledge concerning who owns the media. Which of the following is the MOST immediate action to be taken? A. Confiscate the media and dispose of it in a secure manner as per company policy. B. Confiscate the media, insert it into a computer, find out what is on the disc, and then label it and return it to where it was found. C. Confiscate the media and wait for the owner to claim it. If it is not claimed within one month, shred it. D. Confiscate the media, insert it into a computer, make a copy of the disc, and then return the original to where it was found.
A
A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount. On a seasonal basis, an organization employs temporary hires and contractor personnel to accomplish its mission objectives. The temporary and contract personnel require access to network resources only when on the clock. Which of the following account management practices are the BEST ways to manage these accounts? A. Employ time-of-day restrictions. B. Employ password complexity. C. Employ a random key generator strategy. D. Employ an account expiration strategy. E. Employ a password lockout policy
A
A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed? A. Mission-essential function B. Single point of failure C. backup and restoration plans D. Identification of critical systems
A
A company stores highly sensitive data files used by the accounting system on a server file share. The accounting system uses a service account named accounting-svc to access the file share. The data is protected will a full disk encryption, and the permissions are set as follows: File system permissions: Users = Read Only Share permission: accounting-svc = Read Only Given the listed protections are in place and unchanged, to which of the following risks is the data still subject? A. Exploitation of local console access and removal of data B. Theft of physical hard drives and a breach of confidentiality C. Remote exfiltration of data using domain credentials D. Disclosure of sensitive data to third parties due to excessive share permissions
A
A company wants to ensure confidential data from storage media is sanitized in such a way that the drive cannot be reused. Which of the following method should the technician use? A. Shredding B. Wiping C. Low-level formatting D. Repartitioning E. Overwriting
A
A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection. Which of the following is the NEXT step the team should take? A. Identify the source of the active connection B. Perform eradication of active connection and recover C. Performance containment procedure by disconnecting the server D. Format the server and restore its initial configuration
A
A network administrator needs to allocate a new network for the R&D group. The network must not be accessible from the Internet regardless of the network firewall or other external misconfigurations. Which of the following settings should the network administrator implement to accomplish this? A. Configure the OS default TTL to 1 B. Use NAT on the R&D network C. Implement a router ACL D. Enable protected ports on the switch
A
A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is looking for information about software versions on the network. Which of the following techniques is the intruder using? A. Banner grabbing B. Port scanning C. Packet sniffing D. Virus scanning
A
A security analyst is reviewing an assessment report that includes software versions, running services, supported encryption algorithms, and permission settings. Which of the following produced the report? A. Vulnerability scanner B. Protocol analyzer C. Network mapper D. Web inspector
A
A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure? A. Accounting B. Authorization C. Authentication D. Identification
A
A systems administrator found a suspicious file in the root of the file system. The file contains URLs, usernames, passwords, and text from other documents being edited on the system. Which of the following types of malware would generate such a file? A. Keylogger B. Rootkit C. Bot D. RAT
A
A systems administrator has isolated an infected system from the network and terminated the malicious process from executing. Which of the following should the administrator do NEXT according to the incident response process? A. Restore lost data from a backup. B. Wipe the system. C. Document the lessons learned. D. Determine the scope of impact.
A
A user receives an email from ISP indicating malicious traffic coming from the user's home network is detected. The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack. The only Linux device on the network is a home surveillance camera system. Which of the following BEST describes what is happening? A. The camera system is infected with a bot. B. The camera system is infected with a RAT. C. The camera system is infected with a Trojan. D. The camera system is infected with a backdoor.
A
A user typically works remotely over the holidays using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the case? A. The certificate has expired B. The browser does not support SSL C. The user's account is locked out D. The VPN software has reached the seat license maximum
A
An application was recently compromised after some malformed data came in via web form. Which of the following would MOST likely have prevented this? A. Input validation B. Proxy server C. Stress testing D. Encoding
A
An organization has implemented an IPSec VPN access for remote users. Which of the following IPSec modes would be the MOST secure for this organization to implement? A. Tunnel mode B. Transport mode C. AH-only mode D. ESP-only mode
A
An organization is expanding its network team. Currently, it has local accounts on all network devices, but with growth, it wants to move to centrally managed authentication. Which of the following are the BEST solutions for the organization? (Select TWO) A. TACACS+ B. CHAP C. LDAP D. RADIUS E. MSCHAPv2
A, D
Ann, a customer, is reporting that several important files are missing from her workstation. She recently received communication from an unknown party who is requesting funds to restore the files. Which of the following attacks has occurred? A. Ransomware B. Keylogger C. Buffer overflow D. Rootkit Show Answer
A
Joe, a salesman, was assigned to a new project that requires him to travel to a client site. While waiting for a flight, Joe, decides to connect to the airport wireless network without connecting to a VPN, and the sends confidential emails to fellow colleagues. A few days later, the company experiences a data breach. Upon investigation, the company learns Joe's emails were intercepted. Which of the following MOST likely caused the data breach? A. Policy violation B. Social engineering C. Insider threat D. Zero-day attack
A
An analyst is using a vulnerability scanner to look for common security misconfigurations on devices. Which of the following might be identified by the scanner? (Select TWO). A. The firewall is disabled on workstations. B. SSH is enabled on servers. C. Browser homepages have not been customized. D. Default administrator credentials exist on networking hardware. E. The OS is only set to check for updates once a day.
A, B
Two users must encrypt and transmit large amounts of data between them. Which of the following should they use to encrypt and transmit the data? A. Symmetric algorithm B. Hash function C. Digital signature D. Obfuscation
A
User from two organizations, each with its own PKI, need to begin working together on a joint project. Which of the following would allow the users of the separate PKIs to work together without connection errors? A. Trust model B. Stapling C. Intermediate CA D. Key escrow
A
When it comes to cloud computing, if one of the requirements for a project is to have the most control over the systems in the cloud, which of the following is a service model that would be BEST suited for this goal? A. Infrastructure B. Platform C. Software D. Virtualization
A
Which of the following is the proper order for logging a user into a system from the first step to the last step? A. Identification, authentication, authorization B. Identification, authorization, authentication C. Authentication, identification, authorization D. Authentication, identification, authorization E. Authorization, identification, authentication
A
Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application? A. Sandboxing B. Encryption C. Code signing D. Fuzzing
A
While working on an incident, Joe, a technician, finished restoring the OS and applications on a workstation from the original media. Joe is about to begin copying the user's files back onto the hard drive. Which of the following incident response steps is Joe working on now? A. Recovery B. Eradication C. Containment D. Identification
A
A company has two wireless networks utilizing captive portals. Some employees report getting a trust error in their browsers when connecting to one of the networks. Both captive portals are using the same server certificate for authentication, but the analyst notices the following differences between the two certificate details: Certificate 1 Certificate Path: Geotrust Global CA *company.com Certificate 2 Certificate Path: *company.com Which of the following would resolve the problem? A. Use a wildcard certificate. B. Use certificate chaining. C. Use a trust model. D. Use an extended validation certificate.
B
A company wants to implement an access management solution that allows employees to use the same usernames and passwords for multiple applications without having to keep multiple credentials synchronized. Which of the following solutions would BEST meet these requirements? A. Multifactor authentication B. SSO C. Biometrics D. PKI E. Federation
B
A security analyst is acquiring data from a potential network incident. Which of the following evidence is the analyst MOST likely to obtain to determine the incident? A. Volatile memory capture B. Traffic and logs C. Screenshots D. System image capture
B
A security analyst is attempting to identify vulnerabilities in a customer's web application without impacting the system or its data. Which of the following BEST describes the vulnerability scanning concept performed? A. Aggressive scan B. Passive scan C. Non-credentialed scan D. Compliance scan
B
A security analyst is mitigating a pass-the-hash vulnerability on a Windows infrastructure. Given the requirement, which of the following should the security analyst do to MINIMIZE the risk? A. Enable CHAP B. Disable NTLM C. Enable Kerebos D. Disable PAP Show Answer
B
A software developer is concerned about DLL hijacking in an application being written. Which of the following is the MOST viable mitigation measure of this type of attack? A. The DLL of each application should be set individually B. All calls to different DLLs should be hard-coded in the application C. Access to DLLs from the Windows registry should be disabled D. The affected DLLs should be renamed to avoid future hijacking
B
A systems administrator is configuring a system that uses data classification labels. Which of the following will the administrator need to implement to enforce access control? A. Discretionary access control B. Mandatory access control C. Role-based access control D. Rule-based access control
B
An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network can be seen sending packets to the wrong gateway. Which of the following network devices is misconfigured and which of the following should be done to remediate the issue? A. Firewall; implement an ACL on the interface B. Router; place the correct subnet on the interface C. Switch; modify the access port to trunk port D. Proxy; add the correct transparent interface
B
An external attacker can modify the ARP cache of an internal computer. Which of the following types of attacks is described? A. Replay B. Spoofing C. DNS poisoning D. Client-side attack
B
An organization wants to upgrade its enterprise-wide desktop computer solution. The organization currently has 500 PCs active on the network. the Chief Information Security Officer (CISO) suggests that the organization employ desktop imaging technology for such a large scale upgrade. Which of the following is a security benefit of implementing an imaging solution? A. it allows for faster deployment B. it provides a consistent baseline C. It reduces the number of vulnerabilities D. It decreases the boot time
B
An organization's employees currently use three different sets of credentials to access multiple internal resources. Management wants to make this process less complex. Which of the following would be the BEST option to meet this goal? A. Transitive trust B. Single sign-on C. Federation D. Secure token
B
Company A has acquired Company B. Company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. Company B, however, cannot be merged into Company A's domain infrastructure. Which of the following methods would allow the two companies to access one another's resources? A. Attestation B. Federation C. Single sign-on D. Kerberos
B
Due to regulatory requirements, server in a global organization must use time synchronization. Which of the following represents the MOST secure method of time synchronization? A. The server should connect to external Stratum 0 NTP servers for synchronization B. The server should connect to internal Stratum 0 NTP servers for synchronization C. The server should connect to external Stratum 1 NTP servers for synchronization D. The server should connect to external Stratum 1 NTP servers for synchronization
B
Every morning, a systems administrator monitors failed login attempts on the company's log management server. The administrator notices the DBAdmin account has five failed username and/or password alerts during a ten-minute window. The systems administrator determines the user account is a dummy account used to attract attackers. Which of the following techniques should the systems administrator implement? A. Role-based access control B. Honeypot C. Rule-based access control D. Password cracker
B
Joe, a user, has been trying to send Ann, a different user, an encrypted document via email. Ann has not received the attachment but is able to receive the header information. Which of the following is MOST likely preventing Ann from receiving the encrypted file? A. Unencrypted credentials B. Authentication issues C. Weak cipher suite D. Permission issues
B
Upon entering an incorrect password, the logon screen displays a message informing the user that the password does not match the username provided and is not the required length of 12 characters. Which of the following secure coding techniques should a security analyst address with the application developers to follow security best practices? A. Input validation B. Error handling C. Obfuscation D. Data exposure
B
Which of the following is a deployment concept that can be used to ensure only the required OS access is exposed to software applications? A. Staging environment B. Sandboxing C. Secure baseline D. Trusted OS
B
Which of the following refers to the term used to restore a system to its operational state? A. MTBF B. MTTR C. RTO D. RPO
B
Which of the following threats has sufficient knowledge to cause the MOST danger to an organization? A. Competitors B. Insiders C. Hacktivists D. Script kiddies
B
Which of the following types of penetration test will allow the tester to have access only to password hashes prior to the penetration test? A. Black box B. Gray box C. Credentialed D. White box
B
While troubleshooting a client application connecting to the network, the security administrator notices the following error: Certificate is not valid. Which of the following is the BEST way to check if the digital certificate is valid? A. PKI B. CRL C. CSR D. IPSec
B
When attempting to secure a mobile workstation, which of the following authentication technologies rely on the user's physical characteristics? (Select TWO) A. MAC address table B. Retina scan C. Fingerprint scan D. Two-factor authentication E. CAPTCHA F. Password string
B, C
Which of the following metrics are used to calculate the SLE? (Select TWO) A. ROI B. ARO C. ALE D. MTBF E. MTTF F. TCO
B, C
A security analyst conducts a manual scan on a known hardened host that identifies many non-compliant items. Which of the following BEST describe why this has occurred? (Select TWO) A. Privileged-user certificated were used to scan the host B. Non-applicable plugins were selected in the scan policy C. The incorrect audit file was used D. The output of the report contains false positives E. The target host has been compromised
B, D
A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The main culprit of CPU utilization is the antivirus program. Which of the following issue could occur if left unresolved? (Select TWO) A. MITM attack B. DoS attack C. DLL injection D. Buffer overflow E. Resource exhaustion
B, E
A bank uses a wireless network to transmit credit card purchases to a billing system. Which of the following would be MOST appropriate to protect credit card information from being accessed by unauthorized individuals outside of the premises? A. Air gap B. Infrared detection C. Faraday cage D. Protected distributions
C
A help desk technician receives a phone call from an individual claiming to be an employee of the organization and requesting assistance to access a locked account. The help desk technician asks the individual to provide proof of identity before access can be granted. Which of the following types of attack is the caller performing? A. Phishing B. Shoulder surfing C. Impersonation D. Dumpster diving
C
A procedure differs from a policy in that it: A. is a high-level statement regarding the company's position on a topic. B. sets a minimum expected baseline of behavior. C. provides step-by-step instructions for performing a task. D. describes adverse actions when violations occur.
C
A recent internal audit is forcing a company to review each internal business unit's VMs because the cluster they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exist? A. Buffer overflow B. End-of-life systems C. System sprawl D. Weak configuration
C
A security administrator installed a new network scanner that identifies new host systems on the network. Which of the following did the security administrator install? A. Vulnerability scanner B. Network-based IDS C. Rogue system detection D. Configuration compliance scanner
C
A security administrator is trying to eradicate a worm, which is spreading throughout the organization, using an old remote vulnerability in the SMB protocol. The worm uses Nmap to identify target hosts within the company. The administrator wants to implement a solution that will eradicate the current worm and any future attacks that may be using zero-day vulnerabilities. Which of the following would BEST meet the requirements when implemented? A. Host-based firewall B. Enterprise patch management system C. Network-based intrusion prevention system D. Application blacklisting E. File integrity checking
C
A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the following types of attacks would MOST likely gain access? A. Phishing B. Man-in-the-middle C. Tailgating D. Watering hole E. Shoulder surfing
C
An active/passive configuration has an impact on: A. confidentiality B. integrity C. availability D. non-repudiation
C
An audit reported has identifies a weakness that could allow unauthorized personnel access to the facility at its main entrance and from there gain access to the network. Which of the following would BEST resolve the vulnerability? A. Faraday cage B. Air gap C. Mantrap D. Bollards
C
Systems administrator and key support staff come together to simulate a hypothetical interruption of service. The team updates the disaster recovery processes and documentation after meeting. Which of the following describes the team's efforts? A. Business impact analysis B. Continuity of operation C. Tabletop exercise D. Order of restoration
C
The help desk received a call after hours from an employee who was attempting to log into the payroll server remotely. When the help desk returned the call the next morning, the employee was able to log into the server remotely without incident. However, the incident occurred again the next evening. Which of the following BEST describes the cause of the issue? A. The password expired on the account and needed to be reset B. The employee does not have the rights needed to access the database remotely C. Time-of-day restrictions prevented the account from logging in D. The employee's account was locked out and needed to be unlocked
C
When sending messages using symmetric encryption, which of the following must happen FIRST? A. Exchange encryption key B. Establish digital signatures C. Agree on an encryption method D. Install digital certificates
C
Which of the following authentication concepts is a gait analysis MOST closely associated? A. Somewhere you are B. Something you are C. Something you do D. Something you know
C
Which of the following is an asymmetric function that generates a new and separate key every time it runs? A. RSA B. DSA C. DHE D. HMAC E. PBKDF2
C
Which of the following is the BEST reason to run an untested application is a sandbox? A. To allow the application to take full advantage of the host system's resources and storage B. To utilize the host systems antivirus and firewall applications instead of running it own protection C. To prevent the application from acquiring escalated privileges and accessing its host system D. To increase application processing speed so the host system can perform real-time logging
C
Which of the following is used to validate the integrity of data? A. CBC B. Blowfish C. MD5 D. RSA
C
Which of the following scenarios BEST describes an implementation of non-repudiation? A. A user logs into a domain workstation and access network file shares for another department B. A user remotely logs into the mail server with another user's credentials C. A user sends a digitally signed email to the entire finance department about an upcoming meeting D. A user access the workstation registry to make unauthorized changes to enable functionality within an application
C
Which of the following uses precomputed hashes to guess passwords? A. Iptables B. NAT tables C. Rainbow tables D. ARP tables
C
Confidential emails from an organization were posted to a website without the organization's knowledge. Upon investigation, it was determined that the emails were obtained from an internal actor who sniffed the emails in plain text. Which of the following protocols, if properly implemented, would have MOST likely prevented the emails from being sniffed? (Select TWO) A. Secure IMAP B. DNSSEC C. S/MIME D. SMTPS E. HTTPS
C, D
A company has noticed multiple instances of proprietary information on public websites. It has also observed an increase in the number of email messages sent to random employees containing malicious links and PDFs. Which of the following changes should the company make to reduce the risks associated with phishing attacks? (Select TWO) A. Install an additional firewall B. Implement a redundant email server C. Block access to personal email on corporate systems D. Update the X.509 certificates on the corporate email server E. Update corporate policy to prohibit access to social media websites F. Review access violation on the file server
C, E
A security administrator has written a script that will automatically upload binary and text-based configuration files onto a remote server using a scheduled task. The configuration files contain sensitive information. Which of the following should the administrator use? (Select TWO) A. TOPT B. SCP C. FTP over a non-standard pot D. SRTP E. Certificate-based authentication F. SNMPv3
C, E
A Chief Information Officer (CIO) has decided it is not cost effective to implement safeguards against a known vulnerability. Which of the following risk responses does this BEST describe? A. Transference B. Avoidance C. Mitigation D. Acceptance
D
A bank is experiencing a DoS attack against an application designed to handle 500 IP-based sessions. in addition, the perimeter router can only handle 1Gbps of traffic. Which of the following should be implemented to prevent a DoS attacks in the future? A. Deploy multiple web servers and implement a load balancer B. Increase the capacity of the perimeter router to 10 Gbps C. Install a firewall at the network to prevent all attacks D. Use redundancy across all network devices and services
D
A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which of the following is the FIRST step the forensic expert needs to take the chain of custody? A. Make a forensic copy B. Create a hash of the hard rive C. Recover the hard drive data D. Update the evidence log
D
A home invasion occurred recently in which an intruder compromised a home network and accessed a WiFI- enabled baby monitor while the baby's parents were sleeping. Which of the following BEST describes how the intruder accessed the monitor? A. Outdated antivirus B. WiFi signal strength C. Social engineering D. Default configuration
D
A malicious system continuously sends an extremely large number of SYN packets to a server. Which of the following BEST describes the resulting effect? A. The server will be unable to server clients due to lack of bandwidth B. The server's firewall will be unable to effectively filter traffic due to the amount of data transmitted C. The server will crash when trying to reassemble all the fragmented packets D. The server will exhaust its memory maintaining half-open connections
D
A new Chief Information Officer (CIO) has been reviewing the badging and decides to write a policy that all employees must have their badges rekeyed at least annually. Which of the following controls BEST describes this policy? A. Physical B. Corrective C. Technical D. Administrative
D
A new security administrator ran a vulnerability scanner for the first time and caused a system outage. Which of the following types of scans MOST likely caused the outage? A. Non-intrusive credentialed scan B. Non-intrusive non-credentialed scan C. Intrusive credentialed scan D. Intrusive non-credentialed scan
D
A penetration tester has written an application that performs a bit-by-bit XOR 0xFF operation on binaries prior to transmission over untrusted media. Which of the following BEST describes the action performed by this type of application? A. Hashing B. Key exchange C. Encryption D. Obfusication
D
A security analyst is hardening a WiFi infrastructure. The primary requirements are the following: The infrastructure must allow staff to authenticate using the most secure method. The infrastructure must allow guests to use an "open" WiFi network that logs valid email addresses before granting access to the Internet. Given these requirements, which of the following statements BEST represents what the analyst should recommend and configure? A. Configure a captive portal for guests and WPS for staff. B. Configure a captive portal for staff and WPA for guests. C. Configure a captive portal for staff and WEP for guests. D. Configure a captive portal for guest and WPA2 Enterprise for staff
D
A security analyst is investigating a potential breach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the business impact? A. Launch an investigation to identify the attacking host B. Initiate the incident response plan C. Review lessons learned captured in the process D. Remove malware and restore the system to normal operation
D
A security analyst is reviewing patches on servers. One of the servers is reporting the following error message in the WSUS management console: The computer has not reported status in 30 days. Given this scenario, which of the following statements BEST represents the issue with the output above? A. The computer in question has not pulled the latest ACL policies for the firewall. B. The computer in question has not pulled the latest GPO policies from the management server. C. The computer in question has not pulled the latest antivirus definitions from the antivirus program. D. The computer in question has not pulled the latest application software updates.
D
A security engineer must install the same x.509 certificate on three different servers. The client application that connects to the server performs a check to ensure the certificate matches the host name. Which of the following should the security engineer use? A. Wildcard certificate B. Extended validation certificate C. Certificate chaining D. Certificate utilizing the SAN file
D
A security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan. The scan results illustrate that the disk space on several servers has reached capacity. The scan also indicates that incoming internet traffic to the servers has increased. Which of the following is the MOST likely cause of the decreased disk space? A. Misconfigured devices B. Logs and events anomalies C. Authentication issues D. Unauthorized software
D
A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is a hurricane-affected area and the disaster recovery site is 100 mi (161 km) away, the company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement? A. Hot site B. Warm site C. Cold site D. Cloud-based site
D
A systems administrator is deploying a new mission essential server into a virtual environment. Which of the following is BEST mitigated by the environment's rapid elasticity characteristic? A. Data confidentiality breaches B. VM escape attacks C. Lack of redundancy D. Denial of service
D
A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure? A. L2TP with MAC filtering B. EAP-TTLS C. WPA2-CCMP with PSK D. RADIUS federation
D
A technician is investigating a potentially compromised device with the following symptoms: Browser slowness Frequent browser crashes Hourglass stuck New search toolbar Increased memory consumption Which of the following types of malware has infected the system? A. Man-in-the-browser B. Spoofer C. Spyware D. Adware
D
An external auditor visits the human resources department and performs a physical security assessment. The auditor observed documents on printers that are unclaimed. A closer look at these documents reveals employee names, addresses, ages, and types of medical and dental coverage options each employee has selected. Which of the following is the MOST appropriate actions to take? A. Flip the documents face down so no one knows these documents are PII sensitive B. Shred the documents and let the owner print the new set C. Retrieve the documents, label them with a PII cover sheet, and return them to the printer D. Report to the human resources manager that their personnel are violating a privacy policy
D
An incident response manager has started to gather all the facts related to a SIEM alert showing multiple systems may have been compromised. The manager has gathered these facts: The breach is currently indicated on six user PCs One service account is potentially compromised Executive management has been notified In which of the following phases of the IRP is the manager currently working? A. Recovery B. Eradication C. Containment D. Identification
D
An office manager found a folder that included documents with various types of data relating to corporate clients. The office manager notified the data included dates of birth, addresses, and phone numbers for the clients. The office manager then reported this finding to the security compliance officer. Which of the following portions of the policy would the security officer need to consult to determine if a breach has occurred? A. Public B. Private C. PHI D. PII
D
Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which of the following is considered to be a corrective action to combat this vulnerability? A. Install an antivirus definition patch B. Educate the workstation users C. Leverage server isolation D. Install a vendor-supplied patch E. Install an intrusion detection system
D
To help prevent one job role from having sufficient access to create, modify, and approve payroll data, which of the following practices should be employed? A. Least privilege B. Job rotation C. Background checks D. Separation of duties
D
When attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said that they are: A. escalating privilege B. becoming persistent C. fingerprinting D. pivoting
D
Which of the following locations contain the MOST volatile data? A. SSD B. Paging file C. RAM D. Cache memory
D
Which of the following would provide additional security by adding another factor to a smart card? A. Token B. Proximity badge C. Physical key D. PIN
D
