Security+ Practice Exam Q Study
Of the items listed, which provides additional encryption strength by repeating the encryption process with additional keys?
3DES 3DES adds additional encryption strength by repeating the process. All other options do not repeat the encryption process.
Of the following, which describes a zero-day vulnerability?
A vulnerability that has been known for zero days is a classic example of a zero-day vulnerability.
Which encryption type offers easy key exchange and key management?
Asymmetric Asymmetric encryption is typically the one that provides easy key exchange and management. Asymmetric encryption is the system that protects keys from loss or misuse as well. Obfuscation is a process of making something difficult to read, Symmetric encryption uses the same key to encrypt/decrypt and Hashing ensures data integrity.
Which plan identifies critical systems and components to ensure assets are safe and protected?
BCP (Business Continuity Plan)
When a program has variables and does not check the boundary values before inputting the data, what type of attack is this program vulnerable to?
Buffer Overflow Buffer overflows happen when boundaries aren't checked and the attacker tries to instill more data than can be held by the target. XSS is a web page attack, XSRF is also a web page attack, and a logic bomb reacts when certain conditions are met.
What type of attack is based on sending more data to a target than the target can hold?
Buffer overflow
Using the image provided, select four security features that you should use with a smart phone provided through a COPE policy in your organization?
Cellular data, Remote wipe, Location tracking, MDM Cellular data, Remote wipe, Location tracking, and MDM are all appropriate security features to use with a company-provided laptop. By using cellular data, your users will be able to avoid connecting to WiFi networks for connectivity. Remote wipe enables the organization to remotely erase the contents of the device if it is lost or stolen. Location tracking uses the smart phone's GPS coordinates for certain apps, location-based authentication, and to track down a device if it is lost or stolen. A mobile device management (MDM) program enables the administrators to remotely push software updates, security policies, and other security features to the device from a centralized server.
As the security administrator, you're configuring data label options for your R&D file server. Standard users can label documents as contractor, public, or internal. Which label should be assigned to company trade secrets?
Company trade secrets should be assigned a label of proprietary because they're specific to the company and nothing else. All other options are industry terms, but they aren't specific to one place or thing.
Lisa is investigating a network breach and discovered a program that was able to execute code within the address space of another process by using a target process to load a specific library. What type of attack is this?
DLL injection is a malware that attempts to inject code into the process library (advanced attack). Logic bombs, session hijacking, and buffer overflows do not apply to this scenario.
Which of these should be used for remote access authentication for users who have smart cards?
EAP-TLS can be used for remote access and supports the use of smart cards. PEAP uses certificates and supports password-based authentication, CHAP uses PPP servers and supports password-based authentication, and MS-CHAPv2 also supports password-based authentication.
In mobile devices, which of the following algorithms is typically used??
ECC is the one used most often. The other options are not used in mobile devices because of the power need and ECC doesn't typically have a great external disruption.
Of the options below, choose the IPSec protocol that provides authentication, as well as encryption?
ESP stands for encapsulating security payload, which provides integrity and encryption. AH or authentication headers only provide integrity, IKE or Internet Key exchange is used during the setup of IPSec, and ISAKMP or Internet Security Association and Key Management Protocol provides a framework for authentication and key exchange.
Caleb is installing an HVAC system in his data center and would like to know what this HVAC system will have the most impact on. Please choose from the following:
HVAC system has the most impact on availability. If it gets too hot, the systems will fail to run. HVAC systems have no effect on confidentiality, fire suppression, and/or monitoring access to the datacenter.
You have been tasked with finding a standard for your company in order to implement consistent information security management systems. You're looking for a standard that is international. Which of the following is the best option?
ISO 27002 is the international standard used for maintaining security systems, so it would be the best option. ISO 27017 is specifically for cloud security. NIST 800-12 is a US standard as is NIST 800-14.
An accounting employee changes roles with other accounting employees every few months. What is this called?
Job rotation is where an employee swaps positions every few months so people can learn different tasks. This helps with one individual not being the only one who can do everything. Separation of duties is where you wait on several individuals to be able to complete a task, mandatory vacation prevents fraud, and onboarding happens when new employees come into a facility.
When issuing a ticket, which of the following does Kerberos use?
Kerberos uses a Key distribution center (KDC) to generate tickets. Authentication services authenticate users, certificate authority is what generates certificates, and the ticket-granting service is part of the KDC.
You are currently employed by a social media website. You're wanting to integrate users' accounts with other resources from the web. In order to do so, you need to allow authentication to be used across different domains and while doing so, you mustn't expose your users' passwords to these services. Of the listed principles, which would be the most effective to accomplish this goal?
OAuth can effectively accomplish this goal without exposing the users password. Kerberos is not used for cross domain/service authentication; SAML exchanges authentication and authorization and OpenID authenticates via third party.
Which of the following provides an example of stream cipher?
RC4 is a stream cipher that encrypts data. All other options are examples of block ciphers.
Which of the following types of attacks occurs when an attacker sends unsolicited messages over Facebook messenger?
Spim is a type of spam targeting users of instant messaging (IM) services, SMS, or private messages within websites and social media. If the unsolicited messages were sent by email, they would have instead been classified as Spam.
Marsha is currently setting up accounts for her company and would like to set up accounts for an Oracle Database server. Which would be the best type of account to assign for the database service?
The best assignment for a database service is a service account. Service accounts have least privileges without a dependency on human interaction. User accounts are not a good solution, guest accounts are NEVER a good idea, and administrative accounts have too many privileges.
Matt works for an insurance company that has a selection of Operating Systems, including Windows and Linux. In this environment, which system determines the network operating system?
The operating system of the domain controller is what determines the network operating system. If the NOS was Windows, then it would be a Microsoft Windows network. If the NOS of the DC was Unix, then it'd be a Unix network.
Steven works for a small company and they're concerned about authentication and would like to implement biometrics using facial recognition and fingerprint scanning. How is this authentication classified?
Type III authentication is something you are. Something you are is often based on biology. Type I is something you know (password, PIN), Type II is something you have (card, key), and Strong is two different types.
Josh, as an administrator for a health care company, is required to support an older, legacy application. He's concerned about the application having some vulnerabilities that would affect the remainder of the network. Of the following, which option is the most efficient way to mitigate this?
Use an application container
Caleb is worried his SIEM logs aren't being stored long enough or securely enough. He is aware that a breach may not be discovered until long after it occurs. This would require the company to analyze older logs, so it's important that he finds a SIEM log backup solution that can do the following: handle all aggregate logs of the SIEM, be maintained for a long period of time, and maintain the integrity of logs being stored. Which of the following solutions would ensure the integrity of the data isn't changed after storage?
WORM (write-once, read many) works with high-capacity storage where once the data is written, it cannot be edited. This provides secure storage because backups cannot be tampered with. All other options are incorrect. Backing up to large-capacity external drives - the drive will need to be secured in storage; backup tapes are older technology, and backup tapes can be easily damaged.
Which is the least secure hashing algorithm?
MD5 The least secure hashing algorithm is MD5 as it creates a 128bit hash regardless of the length of the text. RIPEMD creates a 128/160/256/320bit message, SHA1 creates a 160bit hash regardless of the length of text and AES is a secure encryption not considered a hashing algorithm.
As the security manager, you need to reduce the risk of employees working in collusion to embezzle funds. Which process would you implement?
Mandatory vacations The process that should be implemented is mandatory vacations. This process is used to detect fraud. Clean desk policy ensures all sensitive documents are removed from a desk and locked up, an NDA is a nondisclosure agreement that prevents sensitive data from being shared and continuing education does not apply here.
You are the security administrator for a large company where occasionally, a user needs to access certain resources that the user doesn't have permission to access. Which method would be the most beneficial?
Rule-based access control would be the most beneficial in this situation because it's based on rules that give a user access to a certain specific resource. All other options give explicit access.
You have been asked to help conduct a white box penetration test. As part of your preparations, you have been given the source code for the organization's custom web application. Which type of vulnerability might be able to exploit the code shown in this image?
The function DionCode may be subject to a buffer overflow as the user enters something over 20 characters as their input. In defining the char (character) type array, the programmer only allocated 20 characters worth of storage in memory. To solve this problem, the programmer should create proper input validation to ensure that the input is less than 20 characters prior to passing the user_input variable to the strcpy (string copy) function.
Tyson believes there's a problem accessing the DHCP server from a specific client and would like to check by getting a new dynamic IP address. What command can help him achieve this?
The ipconfig /renew option will allow your computer to release and renew your IP address, therefore, giving it a new DHCP address. There is no /request switch after ipconfig, and NETSTAT has nothing to do with release/renew of IP addresses or DHCP.
Josh is thinking of using voice recognition as part of his access control strategy. Choose one weakness with voice recognition.
The main weakness with voice recognition is your systems will require training for the voice recognition. People's voices don't change that much and minor voice changes will not prevent access. The high false positive/negative rate doesn't really apply here as voice recognition doesn't have a higher false positive/negative rate than other biometric systems.
Your company has purchased new laptops for your salespeople. Your IT department plans to dispose of the hard drives from the old computers as part of a sale. Which method would you use to properly dispose of the hard drives?
The method that would need to be used to properly dispose of hard drives is purging. Purging removes data from hard drives that cannot be rebuilt. Destruction won't help the company sell the hard drives, shredding won't help it sell either because it physically destroys the drive itself, and formatting leaves traces of data that can be rebuilt.
John works on database server security for his company. He is concerned about preventing unauthorized access to the databases. Which of the following is the most appropriate for him to implement?
The most appropriate implementation tool would be the database activity monitoring prevention (DAMP) system since it is an active device and prevents unauthorized access. ABAC can assist, but it's not designed for databases. TOTP would mean the user would need a brand new password every time they access the database, which doesn't make much sense, and the HIDS doesn't prevent, it just records.
You're currently looking for a network authentication method that uses digital certificates and doesn't require users to remember passwords. Which method is the most beneficial?
The most beneficial method here would be Tokens. Tokens are physical devices used for authentication and can store digital certificates on them as well. OAuth is token-based but you still have to remember a password, OpenID is a third party, which also requires the user to still have a password, and RBAC are access control models.
Matt manages database security for a university and he's concerned about ensuring that appropriate security measures are implemented. Which is the most important to database security?
The most important security measure that can be implemented is the access control policies. This is the most important issue for database security. Password policies are important, antivirus is important and encrypting files is important as well but all of these are not as important as access control in relation to this scenario.
Brady's concerned about the security of data on mobile devices, such as smartphones and tablets that his company issues to employees. Of the following, which would be the most effective in preventing data loss, in the event a device is stolen?
The most reliable way to wipe data from a phone is to remote wipe it. Geolocation allows you to locate the device. A strong PIN doesn't have anything to do with remotely wiping the phone, and Limited data storage only limits how much data can be stored on the phone.
Rhonda manages account security for her company. She's noticed a receptionist who has an account with a six-character password that hasn't been changed in two years and her password history isn't maintained. What is the most significant problem with this account?
The most significant problem with this account is the password length. The password is too short and these are the most insecure passwords. The lack of password history is a problem as well as the age of the password, but the length is the most significant issue.
You have been asked by the incident response team leader to perform a forensic examination on a workstation that is suspected to be infected with malware. You remember from your training that you must collect digital evidence in the proper order to protect it from being changed during your evidence collection efforts. Which of the following describes the correct sequence to collect the data from the workstation?
The order of volatility states that you should collect the most volatile (least persistent) data first, and the least volatile (most persistent) data last. The most volatile data resides in the CPU Cache, since this small memory cache is overwritten quickly during computer operations. Next, you should collect the data in the system memory (RAM) since it will be erased if the workstation is shutdown or the power is lost. Third, you should collect the Swap file, which is a form of temporary memory located on the hard disk. These files are also overwritten frequently during operations. Finally, you should collect the data from the hard disk, as it is the least volatile and remains on the hard disk until a command is given to delete it. Data on a hard disk remains even when power is removed from the workstation.
Steven is looking for a new firewall for his company. He's concerned about a DoS attack, more specifically, SYN flood. Which of the following is the best option to protect against a SYN flood event?
The correct answer is Stateful Packet Inspection (SPI). Packet filters examine packets in isolation, application gateways primary benefit to protect against is web attacks, and Bastion is another name for a border firewall.
Of the following, choose a common security issue that is hard to control in large environments when a user has more rights, permissions, and privileges than the job requires. What is described by this scenario?
The correct answer, according to industry terms, is excessive privileges. It's the opposite of the good security posture/practice of using Least Privilege. All other options are not industry terms.
Neil has been tasked with finding an authentication service handled by a third party that would allow users to access multiple websites, as long as the authentication service is supported by the website. What is the best choice?
The correct choice is OpenID. OpenID is an authentication service that can be and is often carried out by a third party to sign into any website that accepts OpenID. Kerberos is for domain use, NTLM is legacy, and Shibboleth is an SSO but works with federated systems instead of across multiple websites.
You've been asked to conduct a penetration test for a small company and for the test, you were only given a company name, the domain name of their website, and the IP address of their gateway router. What describes the type of test?
The correct choice is black-box test, which uses minimal information. White-box tests involve complete information. External tests are done from outside the network and the terminology doesn't match this scenario and the term threat test isn't an industry term used in penetration testing.
Millie is responsible for testing security and uses a tool that identifies vulnerabilities and provides mechanisms to test them by trying to exploit them. What best describes this tool?
The correct choice is exploit frameworks which are tools for finding vulnerabilities and attempting to exploit them. Vulnerability scanners identify, Metasploit is a popular exploit framework but the question doesn't ask for exact names and the Nessus is a well-known vulnerability scanner.
Nick works for a small company as a security administrator. He's attempting to improve security throughout the network. Which step should be taken first?
The first step and main foundational step in security is to harden the operating systems and one of the main easy processes is turning off unneeded services. If these servers are not turned off, they prevent an attack surface for people with/without malicious intent. All other options are good security measures and should be implemented but they are not as fundamental as the chosen approach.
Kevin, the helpdesk manager, calls stating that there has been an increase in calls from users who are stating that their computers are infected with malware. Which of the following steps should be taken first?
The first step should be identification. Once you identify the malware and the systems it's on, then you can move on to the next steps in the recovery process. Containment minimizes more damage and more impact from happening, eradication is the cleaning and removing and restoration processes from the malware impact, and lessons learned is the documentation of the problem and how the fix was performed.
Alissa is worried about peripheral devices being exploited by an attacker. Which of the following is the best option for the first step in mitigating this threat?
The first step would be to disable the WiFi on any system that doesn't require it to run. WiFi is a large attack surface, so disabling it would minimize the attack footprint, at least. Most devices don't have a BIOS, encryption on personal devices is great but that's difficult to manage, especially for ones that don't have it as an option, and antivirus on peripherals isn't an option because most peripherals don't have a place to install an antivirus application.
Of the following, which is the most fundamental BIOS integrity technique?
A BIOS password would be a fundamental integrity technique. BIOS password management is also the most effective technique because, without this, all other listed options prove less effective.
Your company's offices utilize an open concept floor plan. You are concerned that a visitor might attempt to steal an external hard drive and carry it out of the building. To mitigate this risk, your security department has recommended installing security cameras that are clearly visible to both employees and visitors. What type of security control do these camera represent?
A deterrent control is designed to discourage the violation of a security policy. Since the cameras are clearly visible, they are acting as a deterrent control. A corrective control is one that is used to fix or eliminate a vulnerability. A compensating control is used to minimize a vulnerability when it is deemed too difficult or impractical to fully correct the vulnerability. An administrative control is used to create a policy or procedures to minimize or elminate a vulnerability.
Ron is analyzing what he thinks is a malware outbreak on his network. Several users have reported that their machines are behaving strangely. The behavior seems to be occurring sporadically and there is no pattern. What is most likely the cause of the issue?
A sparse infector virus performs activity sporadically. APT isn't described here. A boot sector virus infects the hard drive, and a keylogger is a spyware program that records keystrokes.
Which should be required by a company to mitigate the impact of a custom piece of software being installed by a vendor in case the vendor later goes out of business?
A third-party source code escrow The correct answer would be a source code escrow. This would assist with granting you the source code in the event the vendor goes out of business, so you can maintain the source code yourself. Detailed investigations are a great idea but this won't help you with a failing vendor. Penalties for breach of contract are no longer effective when a vendor goes out of business and even if another vendor creates a standby by contract with you, they can't do what they need to without the source code.
You currently hold the position of Network Director and have been tasked with creating next year's budget. You have requested $250,000 in order to fund the cyber incident response team. Which of the following should not be submitted as part of your budget request?
ALE stands for annual loss expectancy. This is the product of ARO and SLE, and is determined based on historical data and future projects of how much an incident would cost and how many times it is expected to occur. ALE is used to help decide whether it is more efficient to accept the cost of an incident or purchase a preventative measure to mitigate against it. The training, man-hour, and asset value expenses should all be included as part of your cyber incident response team's budget since you will need to fund these things in order to have a team that is equipped, trained, and funded to perform their actions when needed.
Alissa manages the network for her company, a health club chain. She's working to find a communication technology option that uses low power and can spend long periods in sleep modes. What technology would be the best fit?
ANT technology is a proprietary technology that works with low-power mode devices. WiFi uses power constantly, cellular consumes a lot of power, and Bluetooth is too short.
Jakob is worried that someone will use a password cracker on the computers in his company. He's concerned that common passwords will be attempted in order to gain access to a system. Which would be the best option to mitigate the threat?
Account lockout policies
An analyst is reviewing the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC control system. The open wireless network must remain openly available so that visitors are able to access the internet. How can this type of attack be prevented from occurring in the future?
By utilizing NAC, each machine connected to the open wireless network could be checked for compliance and determine if it is a 'known' machine that should be given access to the entire network, or if it is an unknown machine that should be placed into an internet-only network (which would have no access to the HVAC control system). While a VLAN is useful to segment out network traffic to various parts of the network, if data is still being routed to/from the HVAC VLAN then this won't stop someone from the open wireless network from being able to attempt to login to the HVAC controls. An IDS would be a good solution to detect the attempted logins, but it won't be able to prevent them. Instead, an IPS would be required to prevent logins.
You are responsible for security for a defense contracting company and are concerned about users within your network exfiltrating data via sensitive documents to emails. What is the best solution to address this?
Content filtering can also be something that works on content that is set out, not just on web pages and websites and things you view (videos, etc). Email encryption makes it easier to exfiltrate data; USB blocking doesn't affect email filtration and NIPS cannot stop attachments.
Isaac is in need of an authentication protocol that would be effective when it comes to stopping a session hijacking. Which of the following would be the best choice?
CHAP
Josh is a security technician who's been tasked with implementing PKI on the company's network. When verifying the validity of the certificate, he needs to ensure bandwidth isn't being consumed. What can be implemented?
CRL
As the security administrator, you're concerned about a variety of attacks that could affect your company's web server. You've recently heard about an attack where an attacker sends more data to a target than the target is expecting. If done correctly, this can cause the target to crash. What type of action can best prevent this type of attack?
Checking buffer boundaries If you're concerned about buffer overflows then checking boundaries is the best defense. SPI firewall and active IDS/IPS are a good protection device, they don't address buffer overflow attacks. Checking user input helps but doesn't prevent buffer overflow attacks.
Jeremy is concerned about employees violating software licenses. What would be the first step to address this issue?
Clear security policies must be created because these policies explain software licensing and the process of software licensing. Without policies, countermeasures have no foundation. Software audits are a good idea but they take place after good policies are in place. Network scanning is a good idea, but once again, policies should be established first and blocking users the ability to install software may or may not be a step for the company to take, but then again, would need to be done after policies are established.
Amy manages mobile device security for her company, an insurance firm. The company currently uses BYOD. She's concerned about employees' personal device usage compromising company data on the mobile devices. What technology could best assist with this concern?
Containerization
Tim is managing the SIEM for his company. The SIEM aggregates logs from multiple servers. In the event a breach is discovered, which would be the most important concern?
Correlating events from servers would be the most important issue to address. Event duplication is an issue, but isn't as important as correlation. Time synchronization is also an issue but this should have been done when server was initially configured, and impact assessment is important but isn't as important as working through correlating events.
Wayne works for a large law firm and manages network security. It's common for guests who come to the law firm to need to connect to the WiFi. He wishes to ensure that he provides maximum security when these guests connect using their own devices, but also seeks to provide assurance to the guests that his company will have minimal impact on their devices. What is the best solution?
Dissolvable NAC agent Network Access Control systems can perform a health check on devices to make sure they meet minimum security standards prior to connecting. Permanent NAC would have an impact on visitor devices; agentless NAC has less impact and COPE devices aren't possible to give to guests.
George is a security officer for a bank. When an executive has a laptop decommissioned, he wants to be sure that all of the data is completely wiped and unrecoverable, even via forensic tools. How many times should the hard drive be wiped?
DoD standard 5220.22-M recommends 7 wipes to completely wipe data. All other answers are less than seven.
A web application has been discovered that can generate a memory leak. What type of attack would this leave the application vulnerable to?
DoS If an attacker can get a web application to create a memory leak, then eventually it will consume all memory and the web server itself will freeze up.
Which standard shown here uses a single 56-bit symmetric key?
DES is symmetric with 56-bit key usage. All other options are incorrect. AES uses 128/192/256its and WPS is a wireless security standard that works through WiFi protected setup.
Name a process of deleting data by sending an eraser to clear the instruction in an address of nonvolatile memory.
Data-at-rest Data-at-rest is the data that is currently inactive but stored in digital form in places such as nonvolatile memory. Data-in-transit is data that is moving, data-over-the-network is not considered digital data, and data-in-use is data that is active and stored in volatile memory.
Which of the following types of EAP use an operation that consists of three phases?
EAP-FAST exists in situations where password policy cannot be enforced. The three phases it consists of are provisioning, establishment of a tunnel, and authentication. All other options do not use three phases.
Which cryptography option uses points on a curve to define public and private key pairs?
ECC (elliptical curve cryptography) (hence the name) points a curve for key pairs. Obfuscation is the process of making something difficult to read, stream ciphers encrypt data one bit at a time, and block ciphers encrypt data one block or fixed block at a time.
Jose is responsible for incident response at his company. There has been a breach of the network, recently, which was widespread and affected many computers. As a part of his incident response process, he will be collecting logs from his SIEM, which aggregates logs from 20 servers. Which of the following should be done first?
Event de-duplication is very important because the servers send the data to SIEMs. Log forwarding was established before the incident, so it isn't the best option. Identifying the nature and source IP of the attack is something that needs to be done, but this doesn't necessarily need to be done on the front end.
Penny, a saleslady in your company, sent in a request for assistance with a computer that is behaving sluggishly. You've checked but don't see any obvious malware, but you did locate a temp folder with JPEGs which are screenshots of his desktop. Of the following, which is most likely the cause?
From the scenario, we see that there appears to be spyware on the computer because some spyware takes screen captures and hides them in a temp folder. There doesn't seem to be any corporate data so she isn't stealing from the company; nothing indicates a backdoor and updates do not affect this.
Using the image provided, select four security features that you should use with a workstation or laptop within your organization?
Host-based firewall, Network sniffer, a Cable lock, and CAT5e STP cables are all appropriate security features to use with a corporate workstation or laptop. By using a host-based firewall (such as Windows Firewall), you can configure the workstation or laptop to block incoming or outgoing data from the network connection of the device. If you install a network sniffer, you will be able to capture any network traffic that is being used on the network for later analysis. If you use a cable lock, it will lock the workstation or laptop to a desk and prevent theft of the device. If you use a CAT 5e STP cable for your network connection, you will minimize the risk of EMI and reduce data emanations.
Jason has created a new password cracking tool using some Python code. When he runs the program, the following output is displayed:
Hybrid Attack It is likely that the cracker attempted to use a dictionary word (like rover) and the attempted variations on it using brute force (such as adding 000, 001, 002, ...122, 123) to the end of the password until found. Combining the dictionary and brute force methods into a single tool is known as a hybrid password cracking approach.
Laura is the security administrator for a bank and is interested in detecting breaches and attempted breaches of the network, including internal breaches. She doesn't want false positives to disrupt productivity. Which of the following devices is the best choice?
IDS systems simply detect issues, they are not active devices and will not block the traffic. IPS systems stop suspected traffic and will shut down legitimate traffic. WAF protect web servers against external attacks and SIEMS typically store logs for analysis.
Jace manages security at the Ford Company. Lately, he's noticed there have been multiple new employee accounts created, with default privileges for the network. He's noticed eight of these have privileges that aren't required for their job task. Which security principle is the best way to avoid this problem in the future?
Implicit deny The best option here is implicit deny. Implicit deny defaults to deny all access, but specific privileges are explicitly applied. Least privilege is what every account should have but in this scenario, they were given default privileges. Separation of duties is used to prevent any one person from executing any action. It is true that your network is only as strong as your weakest link.
In an effort to increase the security of their passwords, Ted's company has added a salt and cryptographic hash to their passwords prior to storing them. To further increase security, they run this process many times before storing the passwords. What is this technique called?
In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key. The question describes one such key stretching technique.
Nicole is working to implement a virtual IP load-balancing option and thinks this might alleviate network slowdowns and mitigate some of the impacts from a DoS attack. What is the drawback of virtual IP load-balancing?
It is connection-based, not load-based Virtual IP load-balancing doesn't take a load of each interface and assumes all loads are similar. All other options are incorrect. Load balancing is not resource-intensive, most servers do support virtual IP load balancing, and Windows supports virtual IP load balancing.
Kenny is responsible for data backups from all the company servers. Two major concerns are the frequency of backup and the security of the backup data. Which feature, would be the most important?
It's important to remember that data encryption can only be decrypted by the person who encrypted the data or someone who has a "key" to decrypt the data. Remember, not all backup utilities encrypt the data. All other options are incorrect because digitally signing the data will not assist with what's needed nor will automate backup scheduling or hashing the backup data since those are what is being looked for.
Grady is seeking access control methods that enforce authorization rules by the OS. Users cannot override authentication or access control policies. Which of the following best suits these needs?
MAC (mandatory access control) best suits the requested needs by enforcing rules of the OS. DAC doesn't centralize account control, RBAC is role-based, and ABAC works off of environmental attributes.
evin manages the security for his company and is working to implement a kernel integrity subsystem for key servers. Of the following list, what is the primary benefit of this?
Kernel integrity system has a major benefit it provides in that it detects if files have been altered. It doesn't detect malware, that's the job of an antivirus software, and it doesn't detect if rogue programs have been installed or if changes were made to user accounts.
Scott is the CISO for a bank. In recent readings, he read about an attack where the attacker was able to enumerate all the network resources and was able to make some resources unavailable. All of this was done by exploiting a single protocol. Which protocol would need to be secured to mitigate this attack?
LDAP The best protocol to mitigate this attack would LDAP because it is considered a directory or a phonebook of your network and if you make LDAP unavailable then the footprint of your network is not as easily obtained. SNMP is a simple network management protocol which could help an attacker but not make the resources unavailable. HTTP is for web pages and DHCP assigns IP addresses, so neither of those fit the scenario.
Laura is worried about an attacker getting information in regard to her company's network resources. Which protocol should be implemented that would help mitigate this risk?
LDAPS (Lightweight Directory Access Protocol Secure) uses TLS alongside LDAP to mitigate the risk of an attacker gathering network resources information, so this would be the best option. LDAP has information about network resources, TLS secures data and has to be combined with the data that needs to be secured, and SNMP (simple network management protocol) has information but not as much as LDAP.
You have noticed your company lacks deterrent controls. As the new security administrator, which of the following would you install that satisfies your needs?
Lighting Deterrent controls are used to warn attackers. Lighting added will warn individuals. The other examples are examples of detective controls, where they detect but do not prevent.
Of the listed principles, which is not a part of password complexity?
Minimum password length is not part of password complexity. Password complexity consists of uppercase/lowercase letters, numbers, and special characters.
Lori is concerned about DHCP starvation attacks, especially since learning that anyone can download a software called a "gobbler" and use it to execute a DHCP starvation attack. What technology would help mitigate this risk?
Network Address Allocation Network address allocation allocates network addresses (hence the name). This can be done either by limiting the IP addresses to a certain number as well as a few other ways. Encrypting communications is a great idea but it doesn't mitigate the issue, FDE doesn't mitigate the issue either and IPSec can be a good answer, but the transmission is not the issue in this scenario.
You just received an email from Bob, your investment banker, stating that he completed the wire transfer of $10,000 to your bank account in Vietnam. The problem is, you don't have a bank account in Vietnam! You immediately call Bob to ask what is happening. Bob explains that he received an email from you requesting the transfer. You insist you never sent that email to Bob initiating the transfer. What aspect of PKI is used to BEST ensure that a sender actually sent a particular email message?
Non-repudiation occurs when a sender cannot claim they didn't send an email when they did. To achieve non-repudiation, a digital signature should be attached to each email sent. This digital signature is comprised of a digital hash of the email's contents, and then encrypting that digital hash using the sender's private key. The receiver can then unencrypt the digital hash using the sender's public key to verify the integrity of the message.
Stewart has instructed all administrators to disable nonessential ports on their local servers. Why are these protocols a security issue that matters?
Nonessential protocols are considered to be an attack surface. Nonessential protocols contain ports that provide avenues of attack and should always be disabled or turned off when not needed and not in use.
) Jamie is worried that some users on her network could be accessing some files they don't have a reason to view, such as files not required for their job. Which of the following would best determine if this is happening?
Of all options, the best choice is to do a usage audit and review which would document how users actually use their account permissions. Permission auditing and review is good, but it doesn't show how permissions are used. Usage Account maintenance is part of an audit but doesn't address the issue in question and Policy review has nothing to do with this.
Jamie is worried some users on her network could be accessing some files they don't have a reason to view, such as files not required for their job. Which of the following would best determine if this is happening?
Of all options, the best choice is to do a usage audit and review which would document how users actually use their account permissions. Permission auditing and review is good, but it doesn't show how permissions are used. Usage Account maintenance is part of an audit but doesn't address the issue in question and Policy review has nothing to do with this.
Which listed technique attempts to predict the likelihood of a threat occurrence and assigns monetary values in the event of a loss?
Of the listed techniques to predict a threat occurrence, the one that assigns the monetary value is the quantitative risk assessment because it assigns numerical values from impacts. Change management is managing configuration changes, vulnerability assessments work to identify vulnerabilities in a network and qualitative risk assessments determine and rank the quality such as a high/medium/low risk.
Which of the following works like stream ciphers?
One-time pad Stream ciphers work similar to one-time pads. They provide the same protection as OTP. RSA is an asymmetric algorithm, AES is a symmetrical block (not stream) cipher, and DES is a symmetric block cipher as well.
How would you appropriately categorize the authentication method being displayed here? (Note: the hardware token is being by itself used for authentication.)
One-time password authentication
One of your projects is to configure a WLAN that doesn't require your users to provide any credentials to connect. What type of authentication is this describing?
Open wireless networks do not require users to enter credentials for access, IV is used with a secret key for encryption, WEP is designed to provide security for a WLAN, and WPA is a security standard that improved WEP.
Matthew is working to select an authentication method for his company that will support REST as well as many web-based and mobile clients. Which of the following would be the best choice?
OpenID Connect OpenID works with OAuth and supports REST. Shibboleth uses SAML and works over the Internet, RADIUS is a remote access protocol, and OAuth allows a users information to be shared without exposing their password.
Your supervisor has asked you about protecting the privacy of personally identifiable information (PII) that is collected. As the security administrator, which is the best option to meet these requests?
PIA (privacy impact assessment)
You work for a company that is issuing portable devices to employees for both work and personal use. The company is doing this so they can control the security of the devices. As an employee, what issue is raised by using a company-owned device for your work-related data and personal use?
Personal information being exposed With company-owned devices, you can still use the device for personal use and save your personal information on this device, therefore, your personal and private data is being exposed to your company. By storing your personal data on a company-owned device, the employee is giving up some of their privacy. All other options are incorrect.
Trent noticed that a web application used by his company doesn't handle multithreading properly. This could allow an attacker to exploit this vulnerability and crash the server. What type of error was discovered?
Race conditions is when multiple threads in an application are using the same variable. Buffer overflow is putting more data through a buffer than it can hold, logic bombs act when conditions are met, and improper error handling is inappropriate methods to handle errors inside the software.
Lamar manages the account management for his company. He's worried about hacking tools that use rainbow tables. Which of the following is the most beneficial for mitigating this threat?
Rainbow tables are typically mitigated by longer passwords. Rainbow tables can easily crack passwords that are shorter than 14 characters. All other options are beneficial, but will not mitigate this threat.
You are working as part of a cyber incident response team. An ongoing attack has been identified on your web server. Your company wants to take legal action against the criminals who have hacked your server, so they have brought in a forensic analyst from the FBI to collect the evidence from the server. What order should the digital evidence be collected based on the order of volatility?
Processor Cache, Random Access Memory, Swap File , Hard Drive or USB Drive
Thomas is seeking options for controlling physical access to the server room. He would like a hands-free solution. Which of the following would be his best choice?
Proximity cards
Of the following RAID levels, which one is considered a "stripe of mirrors"?
RAID1+0 is considered a stripe of mirrors because it contains mirrored sets and striped sets. RAID6 is striping with dual parity, RAID0 is striping and RAID1 is just mirroring the data.
Lonnie has been assigned the task of choosing a backup communication method for his company in the case of a disaster that disrupts normal communication. Which option provides the most reliability?
Satellite communication would be the most reliable option. These are good where most disasters disrupt communications, line-of-sight like SATCOM keeps the communication lines open and functional. Cellular isn't as resilient, Wi-Fi can and does fail often and VoIP will not function pending a disruption to the network.
Hilda needs a cost-effective backup solution that would allow for the restoration of data within a 24 hour RPO. The disaster recovery plan requires that backups occur during a specific timeframe each week and then the backups should be transported to an offsite facility for storage. What strategy should Hilda choose to BEST meet these requirements?
Since the RPO must be within 24 hours, either daily or hourly backups must be conducted. Since the requirment is for backups to be conducted at a specific time each week, hourly snapshots would not meet this requirement and are not easily transported since they are being conducted as a disk-to-disk backup. Replication to a hot site environment also doesn't allow for transportation of the data to an offsite facility for storage, and replication would continuously occur throughout the day. Therefore, a daily incremental backup should be conducted, since it will require the least amount of time to conduct, the tapes could be easily transported for storage, and restored incrementally from tape since the last full backup was conducted.
As the security administrator, you advise the web development team to include a CAPTCHA on a webpage where users are able to register for an account. Which control is this referring to?
The control being referred to here is a deterrent control. Deterrent controls prevent bots from registering and assist with proving the person registering is real. Detective controls detect intrusions. Compensating controls satisfy security measures and Degaussing controls is not an industry term because degaussing is a method of removing data via a magnetic field.
You manage the account access control and authorization at your work, a large college. There are approximately 30,000 students and 1,200 faculty/staff that you manage accounts for. Which of the following is the best access control/account management approach?
The best access control/account management implementation option would be group-based account control where users are placed in groups and permissions are applied to groups. Location-based isn't bad, but what if everybody from that location belongs in a different group (department, etc)? MAC is secure but very granular and not a great option for a large network and DAC isn't secure enough.
Olivia manages wireless security in her company and wants completely different WiFi access (ie different SSID, different security levels, different authentication methods) in different parts of the company. What's the best choice for Olivia to select in WAPs?
The best choice is a Fat WAP. Fat WAP's have all the controls you need on the WAP itself, including forwarding traffic, etc. Nothing else is required as far as tools or resources, all can be managed from the interface of the WAP itself. Thin WAPs require additional devices for functionality; repeater resends the signal and Full is not a term relating to a WAP.
Jason manages password management for his company. Sometimes users cannot remember their passwords. What is the best option for Jason to address this?
The best option for Jason to address this would be to enable password recovery. If this is set for too short, the users have to change their password too often. Changing password history might help but it won't help them remember their passwords. Eliminating password complexity is completely insecure and lengthening password age would have a negative impact on security as well.
You're responsible for server room security. You're concerned about physical theft of computers. Of the following, which would best be able to detect theft or attempted theft?
The best option for server room security would be motion sensor activated cameras which record every entry into the server room. All other options are incorrect for the current scenario. They're good security measures but won't provide the results requested.
Caleb was tasked with setting up access control for a server. The requirements state that lower privileged users should not be able to see or access files or data that is meant for higher privileged users. What access control model is best suited to fit these requirements?
The best option for these requirements is MAC (mandatory access control) because it doesn't allow lower privileged users to see any data that higher privileged users have access to. DAC (discretionary) allows each respective data owner to configure their security, RBAC (role-based) can be configured to meet needs, and SAML (security assertions markup language) is not an access control model.
Sharon is responsible for the security on web applications. She's looking to see if all applications have input validation. What is the best way to implement validation?
The best option is client-side with server-side validation. Using these together would provide Sharon with the best validation solution. Server-side validation individually and client-side validation individually are both incorrect. Validate in trust is not a validation method.
Charlotte is a network administrator and needs to administer several servers. Her task is to make it easier to administer and secure these servers, as well as make the installation of new servers more streamlined. Which of the following best addresses this issue?
The best way for her to administer several servers at once is to virtualize the servers. Once virtualized, it will be easier to manage the servers from the virtual desktop infrastructure where all the servers can be easily accessed and managed.
Scott manages WiFi security for his company. His main worry is that there are many other offices in the building that could easily attempt to breach their WiFi from one of these locations. Of the options below, which technique works best to address these concerns?
The placement of WAPs is critical to provide the best coverage for the entire company without adding much overlap and without providing much access outside of the company. When placing WAPs for optimal coverage, one needs to consider signal strength as well. Thin/Fat speaks of the functionality on the device itself, geofencing limits where devices can be used, and securing the admin screen should be done anyways, but it doesn't assist with the issue of nearby tenants using the WAP.
As a network security analyst, you've been instructed to bring an affected system back into the company's environment and verify that it will not lead to another incident. You have tested, monitored, and validated that the system is not currently being compromised. Which process have you completed?
The process you've completed is the recovery process. The recovery process brings systems back to production with a changed environment so they aren't part of another incident in the very near future. Lessons learned is important in a phase of the documentation process where you document anything that can be useful for the future. Preparation prepares the team to be ready to handle an incident, and containment is containing the issue without it having an opportunity to spread itself throughout the network.
Of the following choices, which item best shows the state of a computer at the time it was collected by law enforcement?
The screenshot is what will show the state of the computer at the time law enforcement collected it. Identification just identifies the information, tabletop exercises work through training before an implementation, and hash values ensure integrity.
One of the following items automatically updates browsers with a list of root certificates from an online web source used to track which certificates can be trusted, which one is it?
The trust model is the listed item that automatically updates browsers with a list of certificates for applications. Key escrow is for key storage, PKI identifies a whole infrastructure of hardware, software, policies and people, and RA is registered authority which verifies requests for certificates and forwards the responses.
Nat noticed an attacker is trying to get network passwords by using software that attempts many passwords from a list of common passwords. What type of attack is this?
This is a textbook example of a dictionary attack, where the attacker uses a word list that likely to be passwords. Rainbow tables use hashes, brute force tries every possible random combination, and session hijacking occurs when an attacker takes over an authenticated session.
Of the following, what best describes an attack that attaches some malware to a legitimate program so when it's installed on a machine, the malware is inadvertently installed as well?
This is the textbook definition of a Trojan horse. All other options are incorrect because they do not relate to the scenario.
Corbett is managing the security at his company and one of his greatest concerns is that employees might exfiltrate sensitive data by walking out the front door with it. Of the following, which should be implemented first?
USB blocking is a very easy way to manage the security of sensitive data simply because it stops anybody from using a USB stick to take out any data. IPS can help stop exfiltration of data over the network but isn't effective to address Corbett's concerns, routine audits of user machines is a great practice but it won't correct the issue immediately, and VLANs do not help with this issue in any way.
You currently work for a large company and are concerned about ensuring all workstations have a common configuration, do not contain a rogue software installation, and all patches are kept up to date. Of the following, which would be most effective to accomplish this?
Use VDE The best option is to implement a VDE or a virtual desktop environment. This would give you the opportunity to manage patches, configurations and software installations/updates/maintenance in a single location. Policies are great but they do not accomplish the task at hand. An image for workstations is great for their original configurations, but it won't assist with keeping patches up to date or preventing software from being installed. Strong patch management is great, but it doesn't address all of the requests.
Janet has to deploy and support a legacy application where the configuration for this application and the OS are very specific and cannot be changed. Of the following options, which is the best approach to deploy this software?
Use an immutable server Immutable server is a server that has a configuration that cannot be changed. This would be the best option. VMs are fully configurable. Permissions for applications do not prevent the OS from being changed and applications on a separate VLAN doesn't address the aforementioned issues.
Neil is given the task of creating a wireless network for his company. The wireless network needs to implement a wireless protocol that provides the maximum level of security while providing support for older wireless devices, simultaneously. Which protocol should be used?
WPA is the protocol that should be used to help provide him with the maximum level of security while still being compatible with legacy devices on his network. WPA2 wouldn't work great with older cards, WEP isn't considered secure and IV is not related to the current scenario.
Steven is making an outline of plans to implement a wireless network. Which protocol was designed to provide security for a wireless network and is considered to be the most secure from the choices below?
WPA2
Of the following standards, which one support WPA2 but not WEP or WPA?
WPA2 is supported by 802.11i. All other standards are not concerned with security.
Which of the standards below was developed by the WiFi Alliance and is used to implement the requirements of IEEE 802.11i??
WPA2 was used to implement the requirements of IEEE 802.11i. a NIC is a network interface card. WPA is WiFi protected access. TKIP wraps around WEP encryption to make it stronger and is also used in WPA.
What type of attack is focused on targeting a specific individual like the CEO of a company?
Whaling
Which of the following types of attacks occurs when an attacker specifically targets the CEO, CFO, CIO, and other board members during their attack?
Whaling For C-level executives
The WiFi Alliance recommends a passphrase of how many characters in length for it to meet WPA2-Personal security requirements?
WiFi technology recommends a passphrase of at least 8 characters that include the password complexity recommendations. All other options are incorrect.
While working through a malware outbreak, you discover something very odd on your company network. There's a file that has the same name as a Windows system DLL file and has the same API interface but handles the input very differently. It also looks like applications have been attaching to this file rather than the real system DLL. What best describes this?
y definition, shimming is when an attacker places malware between an application and other files which intercepts the communication of the file. Trojan horses might be used to get into a system, but they don't apply here. Backdoor means the authorization was circumvented and direct access to the system was achieved and refactoring is a process of changing names of variables/functions in a program and doesn't apply here.
Ellen manages network security and has discovered behavior on a computer that appears as a virus. She identified a file she thinks may be a virus, but no antivirus program has detected the file. Which could most likely be occurring?
Zero-day exploits typically aren't in the virus definitions for antivirus programs because the attack happens when the infection is still new. All other options are forms of malware but should be easily picked up by at least one antivirus program.