SY0-401 - EnSurePass Test Dump 13.06
Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?
$5,000
What are the Two BEST methods for a web developer to prevent website application code from being vulnerable to cross-site request forgery (XSRF)?
1) Validate and filter input on the server side and client side 2) Restrict and sanitize use of special characters in input and URLs
What is the default port for Secure Shell (SSH)?
22
A company determines a need for additional protection from rogue devices plugging into physical ports around the building. What provides the highest degree of protection from unauthorized wired network access?
802.1x - Is an IEEE Standard for port-based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
What control would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?
802.1x - Is an IEEE Standard for port-based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs: 10.10.3.16 10.10.3.23 212.178.24.26 217.24.94.83 These attempts are overloading the server to the point that it cannot respond to traffic. What attack is occurring?
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
In Kerberos, the Ticket Granting Ticket (TGT) is used for what?
Authentication
What risk concept requires an organization to determine the number of failures per year?
ALE (Annualized loss expectancy) - is equal to the SLE (single loss expectancy) ($50,000) times the ARO (annualize rate of occurrence) (50%). 50,000 x .5 = $25,000
What would BEST deter an attacker trying to brute force 4-digit PIN numbers to access an account at a bank teller machine?
Account lockout settings
After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. What is this an example of?
Advanced persistent threat
A security administrator needs to manage traffic on a layer 3 device to support File Transfer Protocol (FTP) from a new remote site. What would need to be implemented?
An Access Control List (ACL)
Joe, a user, wants to send an encrypted email to Ann. What two items will Ann need to use to verify that the email came from Joe and decrypt it?
Ann's private key and Joe's public key
A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. What process could MOST effectively mitigate these risks?
Application patch management
A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. What should be implemented during the authorization stage?
Biometrics
The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. What is the team performing?
Black box testing
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, what is likely to be an issue with this incident?
Chain of custody
Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. What does this illustrate?
Chain of custody
A security administrator has concerns regarding employees saving data on company provided mobile devices. What would BEST address the administrator's concerns?
Configure the devices so that removable media use is disabled
An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. What would BEST address this desire?
Configure the switch to allow only traffic from computers based upon their physical address
What is being tested when a company's payroll server is powered off for eight hours?
Continuity of operations plan (COOP) ensures that agencies are able to continue performance of essential functions under a broad range of circumstances.
The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. What security techniques is MOST appropriate to do this?
Continuous security monitoring
A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless Bring Your Own Device (BYOD) users and 2 web servers without wireless access. What two controls should the company configure to protect the servers from the user devices?
Create a server Virtual Local Area Network (VLAN) and an Access Control List (ACL) to access the server
The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. What phase of incident response is MOST appropriate as a FIRST response?
Identification
A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. What would be the BEST technology control to use in this scenario?
Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network
What is the primary security concern when deploying a mobile device on a network?
Data security
A merchant has the need to store credit card numbers in a transactional database in a high performance environment. What BEST protects the credit card data?
Database field encryption
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. What BEST describes this new network?
Demilitarized Zone (DMZ)
What is one startegy to reduce the certificate management burden?
Deploying a wildcard certificate
A company's employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. What control could they implement to BEST meet this goal?
Digital signatures
A security technician is attempting to improve the overall security posture of an internal mail server. What action would BEST accomplish this goal?
Disabling unnecessary services
What is a preventative control that would be appropriate for responding to a directive to reduce the attack surface of a specific host?
Disabling unnecessary services
During the analysis of a packet capture (PCAP) file, a security analyst noticed several communications with a remote server on port 53. What protocol type is observed in this traffic?
Domain Name System (DNS)
An employee would like to forward some Personal Identifiable Information to their HR department by email, but they are worried about the confidentiality of the information. What would accomplish this task securely?
Encryption
A security manager must remain aware of the security posture of each system. What supports this requirement?
Establishing baseline reporting
What can result in significant administrative overhead from incorrect reporting?
False positives - a result which incorrectly indicates that a particular condition or attribute is present.
A company is preparing to decommission an offline, non-networked root certificate server. Before sending the server's drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. What, if implemented, would BEST reassure the CSO?
Full disk encryption and disk wiping procedures
A network administrator is configuring access control for the sales department which has high employee turnover. What is BEST suited when assigning user rights to individuals in the sales department?
Group based privileges
A company is trying to implement physical deterrent controls to improve the overall security posture of their data center. What BEST meets their goal?
Hardware locks
What function provides an output which cannot be reversed and converts data into a string of characters?
Hashing
What should an administrator implement to research current attack methodologies?
Honeypot - A computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.
A network engineer is designing a secure tunneled VPN. What protocol would be the MOST secure?
IPsec - Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level.
When considering a vendor-specific vulnerability in critical industrial control systems what technique supports availability?
Incorporating diversity into redundant design
After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. What would be MOST effective in reducing data leaks in this situation?
Information Security Awareness
What is a step in deploying a WPA2-Enterprise wireless network?
Install a digital certificate on the authentication server.
A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. What should be implemented to secure the devices without risking availability?
Intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violation
What is true about input validation in a client-server architecture, when data integrity is critical to the organization?
It should be performed on the server side
A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. What practice is being implemented?
Job rotation
A security administrator, needs to implement a secure wireless authentication method that uses a Remote Authentication Dial-In User Service (RADIUS) server for authentication. What is an authentication method the security administrator should use?
LEAP (Lightweight Extensible Authentication Protocol) which uses dynamic Wired Equivalent Privacy (WEP) keys that are changed with more frequent authentications between a client and a RADIUS server. WEP keys are less likely to be cracked -- and less long-lived if cracked -- due to this frequency.
What is a security concern regarding users bringing personally-owned devices that they connect to the corporate network?
Lack of controls in place to ensure that the devices have the latest system patches and signature files
A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. What authentication services is being used?
Lightweight Directory Access Protocol (LDAP) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.
What was based on a previous X.500 specification and allows either unencrypted authentication or encrypted authentication through the use of Transport Layer Security (TLS)?
Lightweight Directory Access Protocol (LDAP) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.
During the information gathering stage of a deploying role-based access control model, what information is MOST likely required?
Matrix of job titles with required access privileges
What means of wireless authentication is easily vulnerable to spoofing?
Media Access Control (MAC) Filtering
A security team has established a security awareness program. What would BEST prove the success of the program?
Metrics
A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. What can the researcher do to determine if the file is malicious in nature?
OS Baseline comparison
What implementation steps would be appropriate for a public wireless hot-spot?
Open system authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. With OSA, a computer equipped with a wireless modem can access any WEP network and receive files that are not encrypted.
Three of the primary security control types that can be implemented are.
Operational, technical, and management
What cipher would be BEST used to encrypt streaming video?
Rivest Cipher 4 (RC4) also known as ARC4
A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. What would be an appropriate mitigation technique?
Rogue machine detection
Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO's office with various connected cables from the office. What describes the type of attack that was occurring?
Packet sniffing
A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. What two controls should be used together to prevent this from occurring?
Password age and password history
Users can authenticate to a company's web applications using their credentials from a popular social media site. What poses the greatest risk with this integration?
Password breaches to the social media site affect the company application as well
An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. What two controls would BEST prevent users from reusing their existing password?
Password history and minimum password age
After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. What solution would mitigate this issue?
Patch management system
Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. What will address this requirement?
Place a guard at the entrance to approve access
What network design element allows for many internal devices to share one public IP address?
Port Address Translation (PAT) attempts to use the original source port number of the internal host to form a unique, registered IP address and port number combination. Eg: 10.10.10.100 and 10.10.10.101
During what phase of the Incident Response process should a security administrator define and implement general defense against malware?
Preparation
What is BEST used to capture and analyze network traffic between hosts on the same network segment?
Protocol analyzer
What would a security administrator implement in order to identify a problem between two systems that are not communicating properly?
Protocol analyzer - a tool (hardware or software) used to capture and analyze signals and data traffic over a communication channel. Such a channel varies from a local computer bus to a satellite link, that provides a means of communication using a standard communication protocol (networked or point-to-point).
A datacenter requires that staff be able to identify whether or not items have been removed from the facility. What controls will allow the organization to provide automated notification of item removal?
Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects
A bank has recently deployed mobile tablets to all loan officers for use at customer sites. What would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen?
Remote wiping
Identifying residual risk is MOST important to what concept?
Risk acceptance
An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?
SSL - (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
What can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended?
Screen lock
What is used to verify data integrity?
Secure Hash Algorithm (SHA)
A company needs to receive data that contains Personally Identifiable Information (PII). The company requires both the transmission and data at rest to be encrypted. What two controls achieves this goal?
Secure Shell (SSH) and Pretty Good Privacy/GNU Privacy Guard (PGP/GPG)
The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. What method would BEST prevent such activities in the future?
Separation of duties
What protocol operates at the HIGHEST level of the OSI model?
Session control protocol (SCP) is a method of creating multiple light-duty connections from a single Transmission Control Protocol (TCP) connection.
By default, what uses TCP port 22?
Session control protocol (SCP), Hypertext Transfer Protocol (HTTPS), and Secure File Transfer Protocol (SFTP)
A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username password and a four-digit security pin that was mailed to him during account registration. This is an example of what?
Single factor authentication
A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on what?
Social networking
A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. What would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?
Vulnerability scan
A security administrator discovers an image file that has several plain text documents hidden in the file. What security goal is met by camouflaging data inside of other files?
Steganography
What encrypts data a single bit at a time?
Stream cipher
Joe, a user, wants to send an encrypted email to Ann. What two items will Ann need to use to verify the validity's of Joe's certificate?
The CA's public key and Joe's public key
On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with Protected Extensible Authentication Protocol (PEAP). A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. What MOST likely cause for this issue?
The Remote Authentication Dial-In User Service (RADIUS) server certificate has expired.
Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:
The security controls on the USB drive can be bypassed.
A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because:
The system was designed to fail open for life-safety
The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as what??
Transport encryption
A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single Data Encryption Standard (DES) but require an upgrade in order to be compliant with security standards. What is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?
Triple Data Encryption Algorithm (3DES), is a symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.
What has a storage root key?
Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices
A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Whatwould BEST describe this type of attack?
Typo squatting
What component of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?
URL filter
A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO's requirements?
USB token and PIN - Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as "multi factor authentication" that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand - such as a physical token.
What can be implemented in hardware or software to protect a web server from cross-site scripting attacks?
Web Application Firewall
What is BEST at blocking attacks and providing security at layer 7 of the OSI model?
Web Application Firewall (WAF)
What technical control is BEST used to define which applications a user can install and run on a company issued mobile device?
Whitelisting
A network administrator has been tasked with securing the wireless local area network (WLAN). What cryptographic product would be used to provide the MOST secure environment for the WLAN?
Wi-Fi Protected Access 2 (WPA2) and Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Due to hardware limitation, a technician must implement a wireless encryption algorithm that uses the Rivest Cipher 4 (RC4) protocol. What is a wireless encryption solution that the technician should implement while ensuring the STRONGEST level of security?
Wi-Fi Protected Access-Temporal Key Integrity Protocol (WPA-TKIP)
A security analyst, is reviewing an IRC channel, and notices that a malicious exploit has been created for a frequently used application. They notify the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability. What BEST describes this exploit?
Zero-day
