Security+ #6
Which of the following encryption algorithms is used primarily to secure data at rest? A. AES B. SSL C. TLS D. RSA
A
A Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO? A. VPN B. PaaS C. IaaS D. VDI
A
A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could be accessed by third parties. Which of the following would BEST prevent this from happening? A. Initiate remote wiping on lost mobile devices B. Use FDE and require PINs on all mobile devices C. Use geolocation to track lost devices. D. Require biometric logins on all mobile devices
A
A customer calls a technician and needs to remotely connect to a web server to change some code manually. The technician needs to configure the user's machine with protocols to connect to the Unix web server, which is behind a firewall. Which of the following protocols does the technician MOST likely need to configure? A. SSH B. SFTP C. HTTPS D. SNMP
A
A security administrator has replaced the firewall and notices a number of dropped connections. After looking at the data the security administrator sees the following information that was flagged as a possible issue: "SELECT * FROM" and '1'='1' Which of the following can the security administrator determine from this? A. An SQL injection attack is being attempted B. Legitimate connections are being dropped C. A network scan is being done on the system D. An XSS attack is being attempted
A
A security analyst is implementing PKI-based functionality to a web application that has the following requirements: - File contains certificate information - Certificate chains - Root authority certificates - Private key All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements? A. .pfx certificate B. .cer certificate C. .der certificate D. .crt certificate
A
An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view. Which of the following BEST describes this type of message? A. Obfuscation B. Stenography C. Diffusion D. BCRYPT
A
Ann, a security analyst, wants to implement a secure exchange of email. Which of the following is the BEST option for Ann to implement? A. PGP B. HTTPS C. WPA D. TLS
A
During a recent audit, several undocumented and unpatched devices were discovered on the internal network. Which of the following can be done to prevent similar occurrences? A. Run weekly vulnerability scans and remediate any missing patches on all company devices B. Implement rogue system detection and configure automated alerts for new devices C. Install DLP controls and prevent the use of USB drives on devices D. Configure the WAPs to use NAC and refuse connections that do not pass the health check
A
Which of the following is a major difference between XSS attacks and remote code exploits? A. XSS attacks use machine language, while remote exploits use interpreted language B. XSS attacks target servers, while remote code exploits target clients C. Remote code exploits aim to escalate attackers' privileges, while XSS attacks aim to gain access only D. Remote code exploits allow writing code at the client side and executing it, while XSS attacks require no code to work
A
Which of the following is a technical preventive control? A. Two-factor authentication B. DVR-supported cameras C. Acceptable-use MOTD D. Syslog server
A
While investigating a virus infection, a security analyst discovered the following on an employee laptop: - Multiple folders containing a large number of newly released movies and music files - Proprietary company data - A large amount of PHI data - Unapproved FTP software - Documents that appear to belong to a competitor Which of the following should the analyst do FIRST? A. Contact the legal and compliance department for guidance B. Delete the files, remove the FTP software, and notify management C. Back up the files and return the device to the user D. Wipe and reimage the device
A
A systems administrator has been assigned to create accounts for summer interns. The interns are only authorized to be in the facility and operate computers under close supervision. They must also leave the facility at designated times each day. However, the interns can access intern file folders without supervision. Which of the following represents the BEST way to configure the accounts? (Select TWO.) A. Implement time-of-day restrictions. B. Modify archived data. C. Access executive shared portals. D. Create privileged accounts. E. Enforce least privilege.
A, D
After a security assessment was performed on the enterprise network, it was discovered that: 1. Configuration changes have been made by users without the consent of IT. 2. Network congestion has increased due to the use of social media. 3. Users are accessing file folders and network shares that are beyond the scope of their need to know. Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.) A. Poorly trained users B. Misconfigured WAP settings C. Undocumented assets D. Improperly configured accounts E. Vulnerable business processes
A, D
Which of the following are used to substantially increase the computation time required to crack a password? (Choose two.) A. BCRYPT B. Substitution cipher C. ECDHE D. PBKDF2 E. Diffie-Hellman
A, D
A security auditor is performing a vulnerability scan to find out if mobile applications used in the organization are secure. The auditor discovers that one application has been accessed remotely with no legitimate account credentials. After investigating, it seems the application has allowed some users to bypass authentication of that application. Which of the following types of malware allow such a compromise to take place? (Choose two.) A. RAT B. Ransomware C. Worm D. Trojan E. Backdoor
A, E
A company has purchased a new SaaS application and is in the process of configuring it to meet the company's needs. The director of security has requested that the SaaS application be integrated into the company's IAM processes. Which of the following configurations should the security administrator set up in order to complete this request? A. LDAP B. RADIUS C. SAML D. NTLM
B
A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities can be exploited. The company provided limited information pertaining to the infrastructure and database server. Which of the following forms of testing does this BEST describe? A. Black box B. Gray box C. White box D. Vulnerability scanning
B
A network administrator is brute forcing accounts through a web interface. Which of the following would provide the BEST defense from an account password being discovered? A. Password history B. Account lockout C. Account expiration D. Password complexity
B
A systems administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites? A. Extended domain validation B. TLS host certificate C. OCSP stapling D. Wildcard certificate
B
To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning? A. Log all users out of the system B. Patch the scanner C. Reboot the target host D. Update the web plugins
B
When considering IoT systems, which of the following represents the GREATEST ongoing risk after a vulnerability has been discovered? A. Difficult-to-update firmware B. Tight integration to existing systems C. IP address exhaustion D. Not using industry standards
B
As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the Internet in a secure manner. Which of the following protocols would BEST meet this objective? (Choose two.) A. LDAPS B. SFTP C. HTTPS D. DNSSEC E. SRTP
B, C
A company is deploying a file-sharing protocol access a network and needs to select a protocol for authenticating clients. Management requests that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would BEST accomplish this task? A. Store credentials in LDAP B. Use NTLM authentication C. Implement Kerberos D. Use MSCHAP authentication
C
A company needs to implement a system that only lets a visitor use the company's network infrastructure if the visitor acceps the AUP. Which of the following should the company use? A. WiFi-protected setup B. Password authentication protocol C. Captive portal D. RADIUS
C
A company wants to provide centralized authentication for its wireless system. The wireless authentication system must integrate with the directory back end. Which of the following is a AAA solution that will provide the required wireless authentication? A. TACACS+ B. MSCHAPv2 C. RADIUS D. LDAP
C
A security administrator needs to configure remote access to a file share so it can only be accessed between the hours of 9:00 a.m. and 5:00 p.m. Files in the share can only be accessed by members of the same department as the data owner. Users should only be able to create files with approved extensions, which may differ by department. Which of the following access controls would be the MOST appropriate for this situation? A. RBAC B. MAC C. ABAC D. DACF
C
A security engineer wants to add SSL to the public web server. Which of the following would be the FIRST step to implement the SSL certificate? A. Download the web certificate B. Install the intermediate certificate C. Generate a CSR D. Encrypt the private key
C
An organization electronically processes sensitive data within a controlled facility. The Chief Information Security Officer (CISO) wants to limit emissions from emanating from the facility. Which of the following mitigates this risk? A. Upgrading facility cabling to a higher standard of protected cabling to reduce the likelihood of emission spillage B. Hardening the facility through the use of secure cabinetry to block emissions C. Hardening the facility with a Faraday cage to contain emissions produced from data processing D. Employing security guards to ensure unauthorized personnel remain outside of the facility
C
An organization is providing employees on the shop floor with computers that will log their time based on when they sign on and off the network. Which of the following account types should the employees receive? A. Shared account B. Privileged account C. User account D. Service account
C
An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal? A. IDS/IPS B. IP tunneling C. Web application firewall D. Patch management
C
During a lessons learned meeting regarding a previous incident, the security team receives a follow-up action item with the following requirements: - Allow authentication from within the United States anytime - Allow authentication if the user is accessing email or a shared file system - Do not allow authentication if the AV program is two days out of date - Do not allow authentication if the location of the device is in two specific countries Given the requirements, which of the following mobile deployment authentication types is being utilized? A. Geofencing authentication B. Two-factor authentication C. Context-aware authentication D. Biometric authentication
C
Joe, a backup administrator, wants to implement a solution that will reduce the restoration time of physical servers. Which of the following is the BEST method for Joe to use? A. Differential B. Incremental C. Full D. Snapshots
C
Management wishes to add another authentication factor in addition to fingerprints and passwords in order to have three-factor authentication. Which of the following would BEST satisfy this request? A. Retinal scan B. Passphrase C. Token fob D. Security question
C
Which of the following describes the maximum amount of time a mission essential function can operate without the systems it depends on before significantly impacting the organization? A. MTBF B. MTTR C. RTO D. RPO
C
Which of the following development models entails several iterative and incremental software development methodologies such as Scrum? A. Spiral B. Waterfall C. Agile D. Rapid
C
An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Choose two.) A. Familiarity B. Scarcity C. Urgency D. Authority E. Consensus
C, D
A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Choose two.) A. Compare configurations against platform benchmarks B. Confirm adherence to the company's industry-specific regulations C. Review the company's current security baseline D. Verify alignment with policy related to regulatory compliance E. Run an exploitation framework to confirm vulnerabilities
C, E
Which of the following are considered among the BEST indicators that a received message is a hoax? (Choose two.) A. Minimal use of uppercase letters in the message B. Warnings of monetary loss to the receiver C. No valid digital signature from a known security organization D. Claims of possible damage to computer hardware E. Embedded URLs
C, E
A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunications company has decided to discontinue its dark fiber product and is offering an MPLS connection, which the law office feels is too expensive. Which of the following is the BEST solution for the law office? A. Remote access VPN B. VLAN C. VPN concentrator D. Site-to-site VPN
D
A network administrator is creating a new network for an office. For security purposes, each department should have its resources isolated from every other department but be able to communicate back to central servers. Which of the following architecture concepts would BEST accomplish this? A. Air gapped network B. Load balanced network C. Network address translation D. Network segmentation
D
A penetration testing team deploys a specifically crafted payload to a web server, which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack? A. Domain hijacking B. Injection C. Buffer overflow D. Privilege escalation
D
A security administrator is performing a risk assessment on a legacy WAP with a WEP-enabled wireless infrastructure. Which of the following should be implemented to harden the infrastructure without upgrading the WAP? A. Implement WPA and TKIP B. Implement WPS and an eight-digit pin C. Implement WEP and RC4 D. Implement WPA2 Enterprise
D
A security administrator wants to determine if a company's web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scans should be conducted? A. Non-credentialed B. Passive C. Port D. Credentialed E. Red team F. Active
D
A systems administrator is installing a new server in a large datacenter. Which of the following BEST describes the importance of properly positioning servers in the rack to maintain availability? A. To allow for visibility of the servers' status indicators B. To adhere to cable management standards C. To maximize the fire suppression system's efficiency D. To provide consistent air flow
D
An analyst is part of a team that is investigating a potential breach of sensitive data at a large financial services organization. The organization suspects a breach occurred when proprietary data was disclosed to the public. The team finds servers were accessed using shared credentials that have been in place for some time. In addition, the team discovers undocumented firewall rules, which provided unauthorized external access to a server. Suspecting the activities of a malicious insider threat, which of the following was MOST likely to have been utilized to exfiltrate the proprietary data? A. Keylogger B. Botnet C. Crypto-malware D. Backdoor E. Ransomware F. DLP
D
An incident response analyst at a large corporation is reviewing proxy data log. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take? A. Call the CEO directly to ensure awareness of the event B. Run a malware scan on the CEO's workstation C. Reimage the CEO's workstation D. Disconnect the CEO's workstation from the network
D
An organization has an account management policy that defines parameters around each type of account. The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identity proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy specify for service technicians from corporate partners? A. Guest account B. User account C. Shared account D. Privileged user account E. Default account F. Service account
D
An organization hosts a public-facing website that contains a login page for users who are registered and authorized to access a secure, non-public section of the site. That non-public site hosts information that requires multifactor authentication for access. Which of the following access management approaches would be the BEST practice for the organization? A. Username/password with TOTP B. Username/password with pattern matching C. Username/password with a PIN D. Username/password with a CAPTCHA
D
If two employees are encrypting traffic between them using a single encryption key, which of the following agorithms are they using? A. RSA B. 3DES C. DSA D. SHA-2
D
Joe recently assumed the role of data custodian for this organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled "unclassified" and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives? A. Burning B. Wiping C. Purging D. Pulverizing
D
Students at a residence hall are reporting Internet connectivity issues. The university's network administrator configured the residence hall's network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence hall's network is correctly configured and contacts the security administrator for help. Which of the following configurations should the security administrator suggest for implementation? A. Router ACLs B. BPDU guard C. Flood guard D. DHCP snooping
D
Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the Windows/CurrentVersion/Run registry key? A. Persistence B. Pivoting C. Active reconnaissance D. Escalation of privilege
D
