security plus test 1

Which technologies provide single sign-on authentication

Active Directory SESAME Kerberos

Management has notified you that the mean time to repair (MTTR) a critical hard drive is too high. You need to address this issue with the least amount of expense. What should you do?

Add another hard drive, and implement disk mirroring

You are incorporating a perimeter network into a network redesign and are adding several new devices to enhance security. Which of these would NOT be best placed in the new perimeter network?

Aggregation switches

You administer a small corporate network. On Friday evening, after close of business, you performed a full backup of the hard disk of one of the company's servers. On Monday evening, you performed a differential backup of the same server's hard disk, and on Tuesday, Wednesday, and Thursday evenings you performed incremental backups of the server's hard disk. Which are files recorded in the backup that you performed on Thursday?

All of the files on the hard disk that were changed or created since the incremental backup on Wednesday

You are the security administrator for your company. You identity a security risk. You decide to continue with the current security plan. However, you develop a contingency plan for if the security risk occurs. Which type of risk response strategy are you demonstrating?

acceptance

You collect evidence after an attack has occurred. You need to ensure that the evidence collected follows chain of custody procedures. Which stage is NOT a part of the life cycle of evidence?

accreditation

"Recently, an IT administrator contacted you regarding a file server. Currently, all users are granted access to all of the files on this server. You have been asked to change the configuration and designate which users can access the files. What should you use to do this?

an ACL

The company you work for has a large number of employees who are considered a mobile workforce. These employees need to access resources on the LAN from their home or while traveling. Which of the following tunneling/VPN solutions would be more appropriate in this situation?

remote access

which tool is used to perform a vulnerability test?

scanning tool

The new anti-virus application that your company purchased claims that it protects against multi-part viruses. Which statement correctly defines this type of virus?

A multipart virus can infect executable files and boot sectors of hard disk drives

Management has asked you to ensure that the certificates that have been validated in the corporates PKI are protected. What must be secured in the PKI?

A private key of the root CA

Which of the following is the best description of a zero-day exploit?

An attack that exploits a security vulnerability on the day the vulnerability becomes generally known

You need to implement a protocol for dial-up connections that uses a challenge/response mechanism. Which protocol should you use?

CHAP

You suspect that several users are using expired digital certificates and that other digital certificates are very close to expiration. You need to examine the list of serial numbers of digital certificates that have not expired, but should be considered invalid. Which PKI component should you examine?

CRL

You are considering cloud services, and you are concerned about the interaction of your security policies and those of the hosting provider. What can alleviate your concern?

Cloud access security brokers

The client's specifications dictate that you use a Base64 ASCII-encoded certificate. Which of the following certificate types would NOT be acceptable?

DER

You need to export your Window's server certificate file. What is the default file extension for the export file?

DER

An advanced user has recently had several new peripheral devices added to his desktop computer. You are concerned about peripheral devices becoming infected with malware. Which peripheral devices should you examine?

Digital camera WiFi enabled micro SD cards External storage devices (everything EXCEPT wireless mouse)

Your company issues mobile devices to certain personnel. You enable a screen lock on each of the devices that require users to enter a code. You need to ensure that the device cannot be used if the wrong code is entered five times in a row. What should you do?

Enable lockout

Your organization needs to implement a system that logs changes to files. What category of solution should you research?

File integrity checks

What type of documentation includes rules for ISO compliance, adhering to NIST guidelines, and conforming to PCI-DSS and other standards?

General purpose guides only

Which process allows you to deploy, configure, and manage data centers through scripts?

IaC

As part of your company's comprehensive vulnerability scanning policy, you decide to perform a passive vulnerability scan on one of your company's subnetworks. Which statement is true of this scan?

It impacts the hosts and networks less than other scan types

As part of the incident response team, you have been called in to help with an attack on your company's web server. You are currently working to identify the root cause of the attack. During which step of incident response does root cause analysis occur?

Lessons learned

As your organization's security administrator, you are reviewing the audit results to assess if your organization's security baselines are maintained. In which phase of the security management life cycle are you engaged?

Monitor and evaluate

You find general purpose guides and platform/vendor-specific guides for deploying the items below. Which of the following should you deploy using vendor-specific guides as a best practice?

Network infrastructure devices Operating systems Application servers Web Server (Choose all of them because all of them are correct)

You are designing a wireless network for commercial tenants in a shopping area. As a group, the tenants want to build a community network where their customers have internet access throughout the area, regardless of which retailer's network the customer is using. What technology would allow you to do that?

RADIUS federation

Which of these options are particularly dangerous because it processes data with little or no latency?

RTOs

Which of these is part of a scan to identify a common misconfiguration?

Router with a default password

After a recent security audit, several security issues were found. The auditor made suggestions on technologies that your organization should deploy. One of the suggestions made to deploy SKIP. Which statement is true about SKIP?

SKIP is a key distribution protocol

How can you keep the production network safe from vulnerabilities that may be caused by a failed test in the R&D department?

Sandboxing and air gap

You have a highly mobile workforce, and they often work in airplanes, airports, and other public places. Management is concerned that unauthorized users can obtain information when personnel are using the devices in public places. Which of these could be implemented to help mitigate risk?

Screen filters

You want to ensure that your systems are protected from boot sector viruses. Which security options would be the most effective?

Secure boot and attestation

A user accidentally installed a driver that had issues. You have been asked to return to its state prior to the driver installation. Which of these is most likely the quickest method of meeting this requirement?

Snapshots

The new security plan of your organization states that all data on your servers must be classified to ensure appropriate access controls are implemented. Which statements are true of information classification?

The two primary classes of data classification deal with military institutions and commercial organizations Data classifications refers to assigning security labels to information assets A data owner must determine the information classification of an asset

You have several independent security monitoring solutions, each with different logging mechanisms. You are concerned that they are not working together, and that the separate logs may not present all the necessary information. In addition, the costs of maintaining the separate products are rising. You need to provide a centralized solution that will include centralized logging. What could you replace them with>

UTM

You need to enforce several security settings for all of the computers on your Windows network in as efficient manner as possible. What should you do?

Use groups policies

Your organization has discovered the cost savings associated with virtual machines and is encouraging rapid adoption. Which concept should you implement before things get out of control?

VM sprawl avoidance

You are designing a network. In addition to placing devices in a peripheral network, you need to place security devices in several key departments. Which of the following security devices could NOT be placed wherever they are needed in the network?

VPN concentrators

Which of the following transmit data via Wifi or Bluetooth only to a host a device and are vulnerable to data interception and attacks?

Wearable technology

Smart devices and IoT are growing rapidly. Which of these include embedded systems that are security risks. (Choose all that apply)

Wearable technology Medical devices Home automation devices Printers (Choose all of them because all of them are right)

An IT technician has been assigned to install a new embedded firewall. What statement best describes this type of firewall?

a firewall that is integrated into a router

You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security while providing support for older wireless clients. Which protocol should you choose?

WiFi Protected Access (WPA)

During a forensic investigation, you are asked to make a copy of the contents of a hard drive. You need to ensure that this evidence can be used in court if needed. Which statement is true about disk imaging in this investigation?

a bit-level copy of the disk assists in the forensic investigation

you have been authorized by management to use a vulnerability scanner once every three months. What is this tool?

an application that identifies security issues on a network and gives suggestions on how to prevent the issue

Which policy defines the sensitivity of a company's data?

an information policy

During a meeting, you present management with a list of the access controls user on your network. You explain that these controls include preventative, detective, and corrective controls. Which control is an example of corrective control?

antivirus software

you suspect that several users are attempting to install unauthorized software. Upon researching, you discover that the attempts were unsuccessful. What tool did you implement that logged those attempts and identified the users?

application whitelisting

You are researching the different types of firewalls that you can install to protect your company's network and assets. Which type of firewall is most detrimental to network performance.

application-level proxy firewall

You need to ensure that your company's antivirus application protects against viruses that include protective code that prevents outside examination of critical elements. Which type of virus is this?

armored virus

You discover that a malicious program has been installed on several host computers on the network. This program's execution was remotely triggered. Of which malware is this an example of?

botnet

Your company recently discovered that an attacked carried out an exhaustive password attack. Which type of password attack is often referred to as this?

brute force attack

How does an unsigned Java applet enforce security in JDK 1.1?

by using sandboxes

Which principle stipulates that multiple changes to a computer system should NOT be made at the same time?

change management

What is typically part of an information policy?

classification of information

Which type of control is an example of a detective control?

close-circuit television (CCTV)

Which automation or scripting concept can reduce the risk that new equipment might not have all of the same settings, applications, and drivers as your existing equipment without changing vital user settings?

configuration validation

You have been hired as security consultant by a real estate agency. The company currently implements discretionary access control (DAC) on its network. Who is primarily responsible for determining access control using this access control model?

data owner

Which of the following concepts is illustrated by network segmentation, air gaps, multiple firewalls, and virtualization

defense-in-depth

Which element is created to ensure that your company is able to resume operation after unplanned downtime in a timely manner?

disaster recovery plan

Which of the following secure coding techniques ensures that improper data is not allowed into the executed program?

error handling

A hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred?

escalation of privileges

Your company has recently started adopting formal security policies to comply with several state regulations. One of the security policies states that certain hardware is vital to the organization. As part of this security policy, you must ensure that you that have the required number of components plus one extra to plug into any system in case of failure. Which strategy is this policy demonstrating?

fault tolerance

Management is concerned that mobile device location information can be revealed to attackers. Which mobile device should you investigate?

geotagging

Management has decided to purchase a new appliance firewall that will be installed between the public and private networks owned by your company. Which type of firewall is also referred to as an appliance firewall?

hardware

Which type of vulnerability is demonstrated by an SQL injection?

improper input handling

While developing an incident response plan for your client, you outline the roles and responsibilities of a cyber response team. You also describe the establishment and formation of that team. What time frame should you specify for the formation of a cyber-incident response team?

in advance of an incident occuring

Which operation must your undertake to avoid mishandling of tapes, CDS, and printed material?

labeling

Your organization has been rewarded a federal government contract. You have been instructed to set up a server with an operating systems that will enforce the access control rules required by the federal government. Which access control method will be implemented?

mandatory access control

You have recently been hired as a security administrator for your company. In the security documentation, it mentions that message authentication code (MAC) is implemented. What does this ensure?

message integrity

You have been asked to configure a new file server. Management has stipulated that you need to implement an authentication method that checks the identity of both ends of the connection. Which authentication method should you use?

mutual authentication

Which threat actor type would most likely have the most resources available

nation states

Your company has recently adopted a new security policy that states that all confidential e-mails must be signed using a digital signature. Which three elements are provided by implementation of this technology?

non-repudiation authentication integrity

You want to configure password policies that ensure password strength. Which password setting most affect a password's strength?

password complexity

You perform a secure scan and find that you have a high amount of Telnet traffic. You have installed several new peripheral devices on the server. Which newly installed peripheral device is most likely causing this problem?

printer

What is the goal when you passively test security controls?

probing for weaknesses

Your manager suspects that your network is under attack. You have been asked to provide information regarding traffic flow and statistical information for your network. Which tool should you use?

protocol analyzer

Which memory vulnerability is associated with multithreaded applications?

race condition

Which threat actor type can be characterized by having an unsophisticated skill level, using widely available tools, and being often motivated by the need that they can prove they can do it

script kiddies

Your company has recently decided to crate a custom application instead of purchasing a commercial alternative. As the security administrator, you have been asked to develop security policies and procedures on examining the written code to discover any security holes that may exist. Which assessment type will be performed as a result of this new policy?

secure code review

Your company's network consists of multiple subnetworks that each implements its own authentication system. Often users must log in separately to each subnetwork to which they want access. You have been asked to implement technology that allows users to freely access all systems to which their account has been granted access after the initial authentication. Which of the follow should you implement ?

single sign-on

A hacker has called a company employee and has learned the employee's username and password by posing as a member of corporate technical support. Which type of attack has this company suffered?

social engineering

You company has recently decided to implement a BYOD policy for the network. Management has asked you to write the initial BYOD security policy. Which of the following should be included as part of this policy?

support ownership data ownership application whitelisting and blacklisting patch management (Choose all of them because all of them are right)

A Windows 7 computer is located on a TCP/IP network that uses DHCP. You want the computer to release its lease on the TCP/IP configuration that it received from the DHCP server. Which command should you issue to release the configurations?

the ipconfig command

As the security administrator for your company, you are primarily concerned with protecting corporate assets. Currently you are working to ensure confidentiality for corporate data. Which activity is NOT covered under this objective

treason

What is often the weakest link in the security chain, and represents the largest vulnerability?

untrained users

Recently, several confidential messages from your company have been intercepted. You company has decided to implement PGP to encrypt files. Which type of model does this encryption use?

web