Security+ Practice Exam #2

Associate the port numbers with the correct protocol: A.Port 53/TFTP, Port 69/SMTP, Port 25/HTTP, port 80 DNS B. Port 80/TFTP, Port 53/SMTP, Port 69/HTTP, Port 53/DNS C.Port 69/TFTP, Port 25/SMTP, Port 80 HTTP, Port 53/DNS D.Port 25/TFTP, Port 80/SMTP, Port 53/HTTP, Port 69/DNS

.C.Port 69/TFTP, Port 25/SMTP, Port 80 HTTP, Port 53/DNS Explanation: For the exam, you need to know your ports and protocols. The Trivial File Transfer Protocol (TFTP) uses port 69. The Simple Mail Transfer Protocol (SMTP) uses port 25. The Hypertext Transfer Protocol (HTTP) uses port 80. The Domain Name Service (DNS) protocol uses port 53.

As the security director, you identify a security risk to a planned network migration. You decide to continue with the current migration plan anyway since you deem it to be low risk. What type of response technique has been demonstrated? A.Accept B.Transfer C.Avoid D.Mitigate

A. Accept Explanation In the aforementioned scenario, risk acceptance is what has been demonstrated. Risk transfer is transferring responsibility, risk avoidance is choosing to avoid the risk and mitigation is when you attempt to reduce the vulnerabilities.

Of the listed principles, which one is the most important in managing account permissions? A.Account recertification B.Usage Auditing C.Standard naming conventions D.Account recovery

A. Account recertification Explanation The most important principle in managing account permissions is the account recertification. Periodically, this process verifies that permissions still need to be granted. Auditing isn't as important, standard naming conventions will not help and account recovery doesn't help with managing permissions.

Of the following terms, which one refers to the process of establishing a standard for security? A. Baselining B.Security Evaluation C.Hardening D. Normalization

A. Baselining Explanation Baselining is the process of establishing a standard. Any change in the baseline creates what's known as the baseline deviation. Security evaluations do not establish standards. They can suggest a change to the baseline. Hardening is hardening the operating system or any system but doesn't provide establishment of standards and normalization is the process of removing duplicates.

Lonnie noticed that attackers have breached his WiFi network and have gained access via a wireless access point administrative panel and logged in with the credentials the WAP was shipped with. What best describes this issue? A.Default configuration B.Race conditions C.Failure to patch D.weak encryption

A. Default Configuration Explanation: The credentials the WAP was shipped with are default configuration. Race conditions are pointing to multithreaded applications that use shared variables. Patches do not change the default password, and encryption does not ever affect logging into the administrative screen.

Jack manages security devices in his network. He's implemented a robust NIDS in his network, however, on two occasions the NIDS has missed a breach. What condition does this describe? A.False negative B.Port blocking C.SPI D.False positive

A. False negative Explanation The IDS missing attacks makes it look like it's not correctly identifying these attacks, so the configuration would need to be changed. Port blocking is a firewall function, SPI is a type of firewall and false positives happen when an IDS improperly labels legitimate traffic which isn't the case of what's happening here.

Olivia manages wireless security in her company and wants completely different WiFi access (ie different SSID, different security levels, different authentication methods) in different parts of the company. What's the best choice for Olivia to select in WAPs? ​ A.Fat B.Thin ​C.Repeater ​D.Full

A. Fat Explanation The best choice is a Fat WAP. Fat WAP's have all the controls you need on the WAP itself, including forwarding traffic, etc. Nothing else is required as far as tools or resources, all can be managed from the interface of the WAP itself. Thin WAPs require additional devices for functionality; repeater resends the signal and Full is not a term relating to a WAP.

Rachel manages security for a small bank and has a firewall at the gateway as well as one at each network segment. Each firewall logs all accepted and rejected traffic. Rachel checks each of these logs regularly. What's the first step that should be taken to improve this firewall configuration? A.Integrate with SIEM B.Add a honeypot C.Intergrate with AD D.Add a honeynet

A. Integrate with SIEM Explanation The first step that should be taken is to integrate it with a SIEM that way all logs are centralized and backed up. Honeypot and honeynet aren't related to the scenario at all and integrating with AD is a great idea but it doesn't improve the firewall configuration.

Why might it not be advisable to conduct penetration tests on your corporate network? A.It can be disruptive for the business activities B.It is able to measure and authenticate the efficiency of a companys defensive mechanisms C.Its able to find known and unknown hardware or software weaknesses D.It permits the exploration of real risks and gives them a vivid picture of the company's IT infrastructure security posture at any given time

A. It can be disruptive for the business actives Explanation The main reason to avoid penetration tests is that they can disrupt business activities, including network operations. All other options are positive reasons why you should consider conducting a penetration test.

You have noticed your company lacks deterrent controls. As the new security administrator, which of the following would you install that satisfies your needs? A.Lighting B.Audit Logs C.Audible Alarm D.Antivirus Scanner

A. Lighting Explanation Deterrent controls are used to warn attackers. Lighting added will warn individuals. The other examples are examples of detective controls, where they detect but do not prevent.

You're responsible for server room security. You're concerned about physical theft of computers. Of the following, which would best be able to detect theft or attempted theft? ​ A.Motion-sensor activated cameras B.​Smart card access to the server rooms ​C.Strong deadbolt locks for server rooms ​D.Logging everyone who enters the server room

A. Motion-sensor activated camera Explanation The best option for server room security would be motion sensor activated cameras which record every entry into the server room. All other options are incorrect for the current scenario. They're good security measures but won't provide the results requested.

Of the following RAID levels, which one is considered a "stripe of mirrors"? A.RAID 1+0 B.RAID 6 C.RAID 0 D.RAID 1

A. RAID 0+1 Explanation RAID1+0 is considered a stripe of mirrors because it contains mirrored sets and striped sets. RAID6 is striping with dual parity, RAID0 is striping and RAID1 is just mirroring the data.

Tracie has been using a packet sniffer to observe traffic in the company network and has noticed that traffic between the web server and the database server is sent in clear text. She would like a solution that will encrypt traffic and also leverage the existing digital certificate infrastructure the company has. Which of the following is the best solution? A.TLS B.SSl C.IPSec D.WPA2

A. TLS Explanation Transport Layer Security (TLS) can be used to secure any network communications and works in conjunction with several technologies such as HTTP, LDAP, SMTP, etc, and uses digital certificates. SSL is a much older technology that's been replaced by TLS. IPSec is incorrect because it works with a VPN and WPA2 is security for WiFi.

One of the following items automatically updates browsers with a list of root certificates from an online web source used to track which certificates can be trusted, which one is it? A.Trust model B.Key escrow C.PKI D.RA

A. Trust model Explanation The trust model is the listed item that automatically updates browsers with a list of certificates for applications. Key escrow is for key storage, PKI identifies a whole infrastructure of hardware, software, policies and people, and RA is registered authority which verifies requests for certificates and forwards the responses.

You're responsible for an always-on VPN connection for your company and have been told that it must utilize the most secure mode for IPSec possible. Which of the following is best? A.Tunnelin B.AH C.IKE D.Transport

A. Tunneling Explanation Tunneling mode where IPSec encrypts packets (the entire contents). Authentication Headers provide authentication and integrity but no encryption so it isn't considered to be secure mode. IKE or Internet key exchange is used for security associations in IPSec and Transport mode only encrypts the data, not the header.

Choose the type of hypervisor known as "bare metal"? ​ A.Type I ​B.Type II ​C.Type III ​D.Type IV

A. Type I Explanation The hypervisor implementation known as "bare metal" is Type I hypervisor. Type II has a host operating system and Type III and Type IV are not legitimate hypervisor systems.

Paul is the web security administrator for a website that does online auctions. A few users are complaining that when they log in to the website, they get a message stating it's down to try again later. Paul checks and he can visit the site without any problem, even from outside of the network. He also checks the web server log but there is no entry of these users ever connecting. Of the following, which best explains this situation? A.Typosquatting B.SQL Injection C.Cross-site scripting D. Cross site request forgery

A. Typosquatting Explanation: These users look to be logging into a fake web server, which gives us an indication that typosquatting has occurred (a URL named very similar so when users mistype the site name, it goes to a fake site). All other options are methods of attacking a site and in this scenario, the actual website was not attacked.

Neil is given the task of creating a wireless network for his company. The wireless network needs to implement a wireless protocol that provides the maximum level of security while providing support for older wireless devices, simultaneously. Which protocol should be used? A.WPA B.WPA2 C.WEP D.IV

A. WPA Explanation WPA is the protocol that should be used to help provide him with the maximum level of security while still being compatible with legacy devices on his network. WPA2 wouldn't work great with older cards, WEP isn't considered secure and IV is not related to the current scenario.

You work for a company that hired a pen testing firm to test the network. For the test, you gave them details on operating systems you use, applications you run and network devices. What describes this type of test? A.White-box test B.External test C.Black-box test D.threat test

A. White-box test Explanation The correct answer is a white-box test. White-box tests can be internal or external and threat test isn't a term used in industry.

Buddy is the security manager for a bank and has recently been reading about malware that accesses system memory modules. He would like to find a solution that keeps programs from utilizing system memory. Which of the options would be the best solution? A.DEP B.FDE C.UTM D.IDS

A.DEP Explanation DEP is the best option (data execution prevention). This resource monitors programs that access system memory and prevent them from doing so. FDE is a good idea but doesn't prevent anything from accessing system memory; UTM is a great idea but it doesn't relate to the scenario and IDS systems monitor network traffic, not programs running on a system.

Josh manages security at a power plant. The facility is sensitive, and security is very important. He would like to incorporate two-factor authentications with physical security. Which of the options below is the best way to meet this requirement? A.Smart cards B. A mantrap with a smart card at one door and a pin keypad at the other door C.A mantrap with video surveillance D.A fence with smart card gate access

B. A mantrap with a smart card at one door and a pin keypad at the other door Explanation The best option would be 2FA with a mantrap. A smartcard requires a physical card and a PIN number attached requires something you know. Smartcards themselves are single-factor and video surveillance is passive and doesn't help with 2FA.

Laura manages the physical security for her company. She's especially concerned about an attacker driving a vehicle into the building. Which option below would protect against this threat? A.A gate B.Bollard C.A security guard on duty D.Security cameras

B. Bollard Explanation Of the options provided, the best object to protect against the threat of someone driving into the building is bollards. Bollards are large concrete objects designed to prevent a vehicle from passing the boundaries. Gates are good, but they can be breached. Security guards aren't able to stop vehicles and security cameras are passive because they show you what happened but don't prevent it from happening.

Michael is analyzing strange behavior by some of the computers on his network. He believes the machines contain some malware. The symptoms include strange behavior that continues even if they boot to a Linux Live CD. What is the most probable cause? A.Ransomware B.Boot sector virus C.Rootkit D.Keylogger

B. Boot sector virus Explanation The best option is a boot sector virus. Ransomware asks for a payment for you to be able to access your files again. While rootkits can affect the boot sector, that doesn't match the scenario for this particular question. Nothing in this question indicates anything dealing with a keylogger.

Of the following, which best describes a compromised collection of computers being controlled from one central point? A.Zombienet B.Botnet C.Nullnet D.Attacknet

B. Botnet Explanation Botnet is a compromised collection of computers that function from one central location. The other terms are not industry used terms.

Neil, a network administrator for a small firm, has discovered several machines on his network are infected with malware. The malware is sending a flood of packets to an external target. What describes this attack? A. SYN Flood B.DDos C.Botnet D.Backdoor

B. DDos Explanation While his machines may be part of a botnet, the attack being described by the flood of packets leaving the network is indicative of a distributed denial of service attack. We see nothing in here that is specific and describes a SYN flood attack (SYN was never mentioned in the question). Also, there is no indication of a backdoor based on the scenario provided. On the exam, be careful not to add information into the scenario that has not been given to you. In this question, a DDoS is the best option provided

Ashley is attempting to increase security at her company. She's currently creating an outline of all aspects of security that will need to be evaluated and acted on. Of the following terms, which one describes the process of improving security in a trusted OS? A. FDE B. Hardening C. SED D. Baselining

B. Hardening Explanation: Hardening is the process of increasing security. FDE is full disk encryption, SED is self-encrypted drives and baselining is establishing a standard. The best option is hardening to accomplish the task.

Scott is the CISO for a bank. In recent readings, he read about an attack where the attacker was able to enumerate all the network resources and was able to make some resources unavailable. All of this was done by exploiting a single protocol. Which protocol would need to be secured to mitigate this attack? A.SNMP B.LDAP C.HTTP D.DHCP

B. LDAP Explanation The best protocol to mitigate this attack would LDAP because it is considered a directory or a phonebook of your network and if you make LDAP unavailable then the footprint of your network is not as easily obtained. SNMP is a simple network management protocol which could help an attacker but not make the resources unavailable. HTTP is for web pages and DHCP assigns IP addresses, so neither of those fit the scenario.

Your company has implemented a clean desk policy and you were asked to secure physical documents every night. What is the best solution? A.Department door lock B.Locking cabinets and drawers C.Proximity card D.Onboarding

B. Locking cabinets and drawers Explanation The best solution for a clean desk policy would be locking cabinets and drawers because then the employee is the only one with a key. Department door lock is okay but multiple people will have a key to the department. A proximity card is okay for tracking but it doesn't prevent information sharing, and onboarding doesn't apply to this situation.

You work for an insurance company as their security administrator. You've noticed that there are a few accounts still active of employees who have been left the company for at least a year. You are worried that someone might attempt to access these accounts. What administrative control could be enabled to help prevent these accounts from remaining online and accessible after an employee leaves the company? A.Password complexity B.Offboarding procedures C.Onboarding procedures D.Password expiration

B. Offboarding procedures Explanation The best option to address this issue would be to setup an administrative control of using proper offboarding procedures. When an employee leaves a company (either by choice or by termination), their accounts should be disabled, their credentials revoked, their access badges returned, and their hardware tokens returned to security. While setting the password expiration dates on the accounts may help prevent someone from logging into a dormant account, this is a technical control and not an administrative one. Password complexity and onboarding procedures have nothing to do with the issue being raised in the question either.

Kaye works for a large insurance company and manages their cybersecurity. She's concerned about insiders and wants to be able to detect malicious activity but wants the detection process to be invisible to the attacker. What technology best fits these needs? ​ A.Hybrid NIDS ​B.Out-of-band NIDS ​C.NIPS ​D.NNIDS

B. Out of band NIDS Explanation Out-of-band NIDS could place the management system on a different network, so this seems to be the best option to meet the requested needs. Hybrid NIDS have network and host IDS. A network IPS is easy to detect and by blocking the offending traffic with a NNIDS (network node IDS), you're simply delegating IDS functions.

Cheyenne is doing a penetration test for a client's network and is currently gathering information from sources such as archive.org, netcraft.com, social media, and other information websites. What stage has just been described? A.Active reconnaissance B.Passive reconnaissance C.Initial Explotation D.Pivot

B. Passive Reconnaissance Explanation This is a prime example of passive reconnaissance because there is no engagement with the target. Active recon has target communication, initial exploitation is actually breaking into the target network and a pivot is when you have breached one system and use that to move to another system.

A local competitor is offering a new service that is predicted to sell strong. After much research, your company has decided not to launch a competing service due to the uncertainty of the market and the large investment required. Which best describes your company's decision? A.Risk transfer B.Risk avoidance C.Risk acceptance D.Risk mitigation

B. Risk avoidance Explanation The company's decision is best described as risk avoidance. The company has chosen to avoid the risk instead of dealing with it. Risk transfer would be something similar to an insurance policy, risk acceptance is accepting the risk and considering it unlikely and risk mitigation is when the company implements controls to reduce the vulnerabilities.

Rhonda manages account security for her company. She's noticed a receptionist who has an account with a six-character password that hasn't been changed in two years and her password history isn't maintained. What is the most significant problem with this account? A.Nothing, this is adequate for a low-security position B.The password length is the most significant problem C.The lack of password history is the most significant D.The age of the password is the most significant problem

B. The length of the password is the most significant problem Explanation The most significant problem with this account is the password length. The password is too short and these are the most insecure passwords. The lack of password history is a problem as well as the age of the password, but the length is the most significant issue.

Ashley is the network administrator for a company. She proceeds to delete the account for a user who left the company last week. The user's files were encrypted with a private key. How can Ashley view these files? A.They can be decrypted using the backup user account B.They can be decrypted using a recovery agent C.They must be re-created from the former users account D.They can be decrypted using a CRL

B. They can be decrypted using a recovery agent Explanation Ashley can view these files using a recovery agent that can assist with decrypting the files. If there is no recovery agent, then the files cannot be seen.

Grady is seeking access control methods that enforce authorization rules by the OS. Users cannot override authentication or access control policies. Which of the following best suits these needs? A.DAC B.MAC C.RBAC D.ABAC

B.MAC Explanation MAC (mandatory access control) best suits the requested needs by enforcing rules of the OS. DAC doesn't centralize account control, RBAC is role-based, and ABAC works off of environmental attributes.

The company you work for is considering moving its email server to a hosting company. This will help reduce the cost of hardware and server administration at your local site. Which document formally states the reliability and recourse if reliability isn't met? A.MOU B.SLA C.ISA D.BPA

B.SLA Explanation SLA (service level agreements) formally state the expectations of the service provider. MOU describe mutual agreements, ISAs specify technical and security requirements and BPAs define the legal agreements between partners.

You are a security analyst and you have just successfully removed malware from a virtual server. Which could you use to return the virtual server to its last known good state? A.A sandbox B.A hypervisor C.A snapshot D.Elasticity

C. A snapshot Explanation: Snapshots are images of the virtual machines at a certain point in time. A snapshot would be able to return the server to its last known good state. A sandbox is an isolated system, a hypervisor hosts virtual machines, and elasticity makes the system more scalable.

The web server administrator at your e-commerce company is concerned about someone using netcat to connect to the company web server to retrieve detailed information. What best describes this concern? A.Passive reconnaissance B.Active reconnaissance C.Banner grabbing D.Vulnerability scanning

C. Banner grabbing Explanation Banner grabbing is a process where someone connects to a web server and gathers information by "grabbing their banner" which can be done through netcat fairly easily. Banner grabbing is a form of active reconnaissance, but banner grabbing is a better term for it. This scenario doesn't relate to vulnerability scanning or passive reconnaissance.

You've been asked to conduct a penetration test for a small company and for the test, you were only given a company name, the domain name of their website, and the IP address of their gateway router. What describes the type of test? ​ A.White-box test ​B.External test ​C.Black-box test D.Threat test

C. Black-box test Explanation The correct choice is black-box test, which uses minimal information. White-box tests involve complete information. External tests are done from outside the network and the terminology doesn't match this scenario and the term threat test isn't an industry term used in penetration testing.

Laura manages DLP for a large company where some employees have COPE and some have BYOD. What DLP issue could these devices present? A.COPE devices can used as a USB OTG resource B.BYOD devices can be used as a USB OTG resource C.COPE and BYOD devices can used as a USB OTG resource D.Only jailbroken COPE or BYOD device can be used as a USB OTG resource

C. COPE and BYOD devices can be used as a USB OTG resource Explanation The correct answer is that COPE and BYOD devices can be used as USB on the go devices. This should be a big concern for data loss prevention (DLP) because of the ease of exfiltrating data. COPE and BYOD devices can both be used as a USB OTG resource and the phone doesn't need to be jailbroken to classify it as a USB OTG resource.

select four security features that you should use with a smart phone provided through a COPE policy in your organization? A.Network sniffer B.Cable Lock C. Cellular Data D. Host based firewall E. Location tracking F. Cat 5E STP G.MDM H.Remote Wipe

C. Cellular Data H.Remote Wipe E. Location tracking G.MDM explanation: Explanation Cellular data, Remote wipe, Location tracking, and MDM are all appropriate security features to use with a company-provided laptop. By using cellular data, your users will be able to avoid connecting to WiFi networks for connectivity. Remote wipe enables the organization to remotely erase the contents of the device if it is lost or stolen. Location tracking uses the smart phone's GPS coordinates for certain apps, location-based authentication, and to track down a device if it is lost or stolen. A mobile device management (MDM) program enables the administrators to remotely push software updates, security policies, and other security features to the device from a centralized server.

As the security administrator, you're concerned about a variety of attacks that could affect your company's web server. You've recently heard about an attack where an attacker sends more data to a target than the target is expecting. If done correctly, this can cause the target to crash. What type of action can best prevent this type of attack? A.An SPI firewall B.An active IDS/IPS C.Checking buffer boundaries D.Checkinig user input

C. Checking buffer boundaries Explanation If you're concerned about buffer overflows then checking boundaries is the best defense. SPI firewall and active IDS/IPS are a good protection device, they don't address buffer overflow attacks. Checking user input helps but doesn't prevent buffer overflow attacks

In mobile devices, which of the following algorithms is typically used?? A.3DES B.DES C.ECC D.AES

C. ECC Explanation: ECC is the one used most often. The other options are not used in mobile devices because of the power need and ECC doesn't typically have a great external disruption

Choose an example of PHI? A. Passport number B.Criminal record C.Fingerprints D. NAme of school attended

C. Fingerprints Explanation Of all listed options, the best option of PHI is fingerprints, according to HIPPA rules. All other options are PII (personally identifiable information) according to the NIST standards.

Derrick is a security administrator for a medium-sized mortgage company. He needs to verify that the network is using the most secure login/authentication scheme possible. Which of the following options is the best choice for that? ​ A.Iris scanning B.Fingerprint scanning ​C.Multifactor authentication ​D.Smart cards

C. Multifactor authentication Explanation The best choice for verification is multifactor authentication where at least two of three categories are mused. This would incorporate fingerprint/iris scanning and possibly smartcards because it would incorporate two or more of the types of authentication (something you know, something you have).

Natalie is responsible for the security of web servers and is configuring the WAF to allow only encrypted traffic to and from the web server, including from administrators using the command-line interface. What should she do? A.Open port 80 and 23, block port 443 B.Open port 443 and 23, block port 80 C.Open port 443 and 22, and block 80 and 23 D.Open port 443 and block all other ports

C. Open port 443 and 22 and block port 80 and 23 Explanation Port 443 is used for HTTPS. HTTP is encrypted via TLS and port 22 is used for SSH and port 23 for telnet. All other options are incorrect because they are not proper ports to block or to open.

Walter is working to implement Type II authentication. Which would be the best example of type II authentication? ​ A.Strong passwords B.Retinal scan ​C.Smart cards D.Timed one-time passwords

C. SmartCards Explanation Type II authentication is something you have, such as a smart card. A strong password is something you know, a retinal scan is something you are, and TOTP is something you know as well

Kevin is going over his company's recertification policy. Which is the best reason to recertify? A.TO audit usage B.To enhance onboarding C.To Audit permissions D.TO manage credentials

C. To audit permissions Explanation The best reason to recertify is to audit permissions. This involves conducting a periodic audit of permissions. Audit usage is great but doesn't completely relate. Onboarding doesn't contain recertification as part of its process and credential management doesn't fit in this scenario.

Which of the following types of attacks occurs when an attacker calls up people over the phone and attempts to trick them into providing their credit card information? A.Phishing B.Hoax C.Vishing D.Pharming E.Spear Phishing

C. Vishing Explanation Vishing is the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

Of the following, which item is a list of applications approved for use on your network? A.Blacklist B.Red list C.Whitelist D.Orange list

C. Whitelist Explanation Whitelists are lists of approved applications. Blacklists are lists of blocked applications. Red lists and Orange lists aren't industry terms.

Which of the standards below was developed by the WiFi Alliance and is used to implement the requirements of IEEE 802.11i?? A.NIC B.WPA C.WPA2 D.TKIP

C.WPA2 Explanation WPA2 was used to implement the requirements of IEEE 802.11i. a NIC is a network interface card. WPA is WiFi protected access. TKIP wraps around WEP encryption to make it stronger and is also used in WPA.

Kristi is setting up database servers on their own subnet. She has placed them on 10.10.3.3/29. How many nodes can be allocated in this subnet? A.32 B.16 C.8 D.6

D. 6 Explanation 32, 16, and 8 are wrong. See CIDR number calculations.

Shannon works for a security company that performs pen tests for clients. She's currently conducting a test of an e-commerce company and discovers that after compromising the web server, she can use the web server to launch a second attack into the company's internal network. What type of attack is this considered? A.Internal Attack B.White-box testing C.Black-box testing D.A pivot

D. A pivot Explanation Pivots occur when you successfully exploit one machine and use that to exploit another. Pivots can be internal or external and black-box/white-box testing are types of penetration tests (relating to how much information the person has when they make an attack on the system).

Matt manages database security for a university and he's concerned about ensuring that appropriate security measures are implemented. Which is the most important to database security? ​ A.Password policies ​B.Antivirus ​C.EFS ​D.Access control policies

D. Access control policies Explanation The most important security measure that can be implemented is the access control policies. This is the most important issue for database security. Password policies are important, antivirus is important and encrypting files is important as well but all of these are not as important as access control in relation to this scenario.

Steven is constantly receiving calls from wireless users who are being redirected to a login page when they connect to the network. The login page comes up whenever the users first connect to the network and attempt to access any website outside of the local area network from within their web browsers. Which of the following is causing this to happen? A.WEP B.Key streching C.MAC filtering D.Captive portal

D. Captive portal Explanation When users are redirected to a login page, typically it's from a Captive Portal. This is a page where users are required to agree to some terms before being granted access to their network. WEP doesn't apply to this question. Key stretching increases password strength and MAC filtering prohibits anybody who's not on the allowed list from accessing the network.

Dawn is a network administrator where the company network is segmented into zones of high security, medium security, low security, and the DMZ. She's concerned about external intruders and would like to install a honeypot. Which is the most important zone to put the honeypot in? A.high security B. medium security C. Low security D.DMZ

D. DMZ Explanation DMZ would be the best spot for a honeypot since the main concern given in the scenario is outsiders. The DMZ sits between the internal and external networks. All other options are incorrect because you can put a honeypot anywhere but the most important zone would be the DMZ.

Name a process of deleting data by sending an eraser to clear the instruction in an address of nonvolatile memory. A.Data-in-transit B.Data-over-the-network C.Data-in-use D.Data-at-rest

D. Data-at-rest

Courtney manages data security on BYOD and COPE devices. She's specifically concerned about the data being exposed should a device be lost or stolen. Which item would the best to alleviate this concern? A.Geofencing B.Screen lock C.GPS tagging D.Device encryption

D. Device encryption Explanation Device encryption is the best way to ensure the data on a device is secure in the event the device is stolen. Geofencing limits where your mobile device works, screen locks are great ideas but not related to the scenario and GPS tagging can be used to locate a device, but not to see if data is being copied from a device.

Jamie recently downloaded a program from an unknown website and now his client files have had their file extensions changed and he cannot open them. He received a popup window that informed him that his files were now encrypted and he must pay some bitcoins to get them decrypted. What has happened? A.His machine has a rootkit B.His machine is a logic bomb C.His machine has a boot sector virus D.His machine has a ransomware

D. His machine has a ransomware Explanation This is a perfect description of how ransomware works. Rootkits gain administrative access, logic bombs deploy when certain conditions are met and boot sector viruses infect the boot sector of the target computer.

Your security policy is set to include system testing and security awareness training guidelines. Which of the following types of control is this? A.Detective technical control B.Preventative technical control C.Detective administrative control D.Preventative administrative control

D. Preventative administrative control Explanation Testing and training are considered to be preventative administrative controls. These items are often followed by policies and how they should be executed. Detective controls uncover violations, preventative technical controls are similar to an IPS.

You have an email that you are sending to a friend. You want to ensure it retains its integrity during transit, so you decide to digitally sign the email. When using a PKI system, what is used to encrypt the hash digest of the email to create a digital signature? A.CER B.Public key C. Shared key D.Private Key

D. Private key Explanation A digital signature is comprised of a hash digest of the original email that is then encrypted using the sender's private key. To verify the digital signature upon receipt, the receiver's email client will decrypt the signature file, hash the email itself, and compare the unencrypted signature file to the newly calculated hash. If they match, then the signature is considered authentic and the email is considered to have good integrity (it hasn't been changed in transit).

Which listed technique attempts to predict the likelihood of a threat occurrence and assigns monetary values in the event of a loss? A.Change management B.Vulnerability management C.Qualitative risk assesment D.Quanatative assessment

D. Quantitative risk assessment Explanation Of the listed techniques to predict a threat occurrence, the one that assigns the monetary value is the quantitative risk assessment because it assigns numerical values from impacts. Change management is managing configuration changes, vulnerability assessments work to identify vulnerabilities in a network and qualitative risk assessments determine and rank the quality such as a high/medium/low risk.

David, a programmer, is using the waterfall method for application development. Using this method, at which phase of the SDLC can he stop implementing security measures? A.Requirement B.Design C.Implementation D.Retirement

D. Retirement Explanation Security is a process that should be addressed at each phase (all stages) of development. You should only stop implementing security measures once the system has reached retirement, has been uninstalled, and has been properly disposed of.

Kevin manages security for a large university and has just successfully performed a threat analysis for the network. Based on past incidents and studies from similar setups, he has determined that the most prevalent threat is low-skilled attackers who wish to breach the system, simply because they can, for some low-level crime, or even changing a grade. Which term describes this attacker? ​ A.Hacktivist B.Amateur ​C.Insider ​D.Script kiddie

D. Script Kiddie Explanation Script kiddie is a low-skilled, low-level hacker. Hacktivists often do things for ideological reasons and nothing in this scenario gives us that indication. Amateur may be a good description, but the technical term is script kiddie and nothing in this scenario tells us it's an insider threat.

As the manager for network operations at his company, Shane saw an accountant in the hall who thanks him for keeping the antivirus software up to date. When asked what he means, he mentions one of the IT staff members named Michael called him yesterday and remotely connected to his PC to update the antivirus...but there's no employee named Michael. What happened? A.IP Spoofing B.MAC Spoofing C.Man-in-the-Middle attack D.Social engineering

D. Social Engineering Explanation Social engineering works through weaknesses in people. Nothing in this scenario points to IP spoofing or MAC spoofing and a man-in-the-middle attack would require an attacker to be between the source and target to receive some communication.

Jeff is the network administrator and sometimes needs to run a packet sniffer so he can view the network traffic. He would like to find a well-known packet sniffer that works on Linux. Which of the following is the best choice? A.Ophcrack B.Nmap C.Nessus D.TcpDump

D. TcpDump Explanation Tcpdump is a packet sniffer made for Linux but has been/can be ported to Windows. This allows the user to view the current network traffic. Ophcrack is a Windows password-cracking tool, Nmap is a port scanner, and Nessus is a vulnerability scanner.

What type of attack is focused on targeting a specific individual like the CEO of a company? A. Speak phishing B.Target phishing C.Phishing D.Whaling

D. Whaling Explanation Whaling is targeting specific individuals, usually a high-level executive in a company. Spear phishing targets a small group, targeted phishing is not an industry term and phishing is a generic term.

Which is the best choice for naming the account of John Smith - domain admin? A. dm_jsmith B.jsmithAdmin C.AdministratorSmith D.jsmith

D. jsmith Explanation The best choice of naming an administrative domain account should never actually have an account name that shows the exact account roles. All other options clearly demonstrate the role of the account holder.

When using a single username and password, what type of authentication method is this? A.Biometric Authentication B. One-Time Password authetication C.Multi-factor authentication D.PAP Authentication

D.PAP Authentication Explanation For the exam, you need to know the different categories of authentication and what type of authentication methods belong to each category. A username and password is used as part of the Password Authentication Protocol (PAP) authentication system. A username and password is also considered a knowledge factor in an authentication system.