Assessment Quiz
A security administrator has been tasked to only allow traffic from HTTPS and SSH on a segregated network that contains sensitive information. Which of the following MUST be completed on the firewall? Allow 22, 143 Allow 443, 80 Allow 443, 22 and Deny All Allow 80, 21 and Deny All
Allow 443, 22 and Deny All
Which of the following types of attacks are MOST likely to be successful when using fuzzing against an executable program? (Select TWO). Session hijacking Integer overflow Buffer overflow Header manipulation SQL injection
Buffer overflow SQL injection
Which of the following types of attacks are MOST likely to be successful when using fuzzing against an executable program? (Select TWO). Header manipulation Buffer overflow SQL injection Integer overflow Session hijacking
Buffer overflow SQL injection
A system administrator decided to perform maintenance on a production server servicing retail store operations. The system rebooted in the middle of the day due to the installation of monthly operating system patches. The downtime results in lost revenue due to the system being unavailable. Which of the following would reduce the likelihood of this issue occurring again? Routine system auditing Change management controls Business continuity planning Data loss prevention implementation
Change management controls
An organization's security policy requires that data be available in case of a natural disaster. Which of the following would BEST meet this goal? Cloud backups Encrypted storage RAID array Load balancing
Cloud backups
Which of the following network design components would assist in separating network traffic based on the logical location of users? IPSec VLAN DMZ NAC
DMZ
Analysis of a recent security breach at an organization revealed that the attack leveraged a telnet server that had not been used in some time. Below are partial results of an audit that occurred a week before the breach was detected. OPEN PORTS—TCP 23, TCP 80, TCP 443 OS PATCH LEVEL—CURRENT PASSWORD AUDIT—PASS, STRONG FILE INTEGRITY—PASS Which of the following could have mitigated or deterred this breach? Disabling unnecessary services Greater frequency of auditing the server logs Password protection on the telnet server Routine patch management on the server
Disabling unnecessary services
An outside testing company performing black box testing against a new application determines that it is possible to enter any characters into the application's web-based form. Which of the following controls should the application developers use to prevent this from occurring? Sandboxing Input validation CSRF prevention Fuzzing
Input validation
A company has a proprietary device that requires access to the network be disabled. Only authorized users should have access to the device. To further protect the device from unauthorized access, which of the following would also need to be implemented? Block port 80 and 443 on the firewall. Install a cable lock to prevent theft of the device. Install software to encrypt access to the hard drive. Install NIPS within the company to protect all assets.
Install a cable lock to prevent theft of the device.
A security administrator wants to implement a system that will allow the organization to quickly and securely recover from a computer breach. The security administrator notices that the majority of malware infections are caused by zero-day armored viruses and rootkits. Which of the following solutions should the system administrator implement? Install an antivirus solution that provides HIPS capabilities. Enable the host-based firewall and remove users' administrative rights. Implement a thick-client model with local snapshots. Deploy an enterprise patch management system.
Install an antivirus solution that provides HIPS capabilities.
A company has classified the following database records: OBJECT CONFIDENTIALITY INTEGRITY AVAILABILITY First Name LOW MEDIUM LOW Last Name LOW MEDIUM LOW • Address MEDIUM HIGH LOW Bank Account Number HIGH HIGH MEDIUM Credit Card Number HIGH HIGH MEDIUM Which of the following is a management control the company can implement to increase the security of the above information with respect to confidentiality? Use privacy screen on all computers handling and displaying sensitive information. Encrypt the records which have a classification of HIGH in the confidentiality column. Implement a client based software filter to prevent some employees from viewing confidential information. Disseminate the data classification table to all employees and provide training on data disclosure.
Disseminate the data classification table to all employees and provide training on data disclosure.
Ann, a network security engineer, is trying to harden her wireless network. Currently, users are able to connect any device to the wireless network as long as they authenticate with their network username and password. She is concerned that devices that are not company-issued may gain unauthorized access. Which of the following techniques would be BEST suited to remediate this vulnerability? (Select TWO). Utilize a single service account, only known by IT, to authenticate all devices Install an IPS to protect the network from rogue devices Install separate access points for personal devices. server to authenticate via computer end user Filter the MAC addresses of all unknown devices on the wireless controller
Filter the MAC addresses of all unknown devices on the wireless controller server to authenticate via computer end user
A forensics expert needs to be able to prove that digital evidence, originally taken into custody, has not been tampered with. Which of the following are useful in this scenario? Steganography Hashing Encryption Non-repudiation Perfect forward secrecy
Hashing
A forensics investigator needs to be able to prove that digital evidence was not tampered with after being taken into custody. Which of the following is useful in this scenario? Encryption Non-repudiation Hashing Perfect forward secrecy Steganography
Hashing
Usage of which of the following technologies is MOST effective for any removable storage device, such as hard drives and flash drives, in an organization to help prevent data loss or theft? Restrictive file system permissions Full disk encryption Password protection device access Password protected file access
Full disk encryption
A security administrator has deployed five additional copies of the same virtualized Linux server to distribute the load of web traffic on the original server. Which of the following should the administrator do to help security harden these new systems? (Select TWO). Generate new SSH keys Deploy unique public keys to each virtual server Add virtual machine software extensions Disable HTTP protocols Configure for dual factor authentication Team/Bond network adapters
Generate new SSH keys Deploy unique public keys to each virtual server
A company is providing mobile devices to all its employees. The system administrator has been tasked with providing input for the company's new mobile device policy. Which of the following are valid security concepts that the system administrator should include when offering feedback to management? (Select TWO) HSM Key management Asset tracking Transitive trust Remote wiping
Key management Remote wiping
A company is providing mobile devices to all employees. The system administrator has been tasked with providing input for the company's new mobile device policy. Which of the following are valid security concepts that the system administrator should include when offering feedback to management? (Select TWO) Transitive trust Asset tracking Key management Remote wiping HSM
Key management Remote wiping
An organization received a subpoena requesting access to data that resides on an employee's computer. The organization uses PKI. Which of the following is the BEST way to comply with the request? Registration authority Public key Key recovery agent Key escrow Certificate authority
Key recovery agent
The first responder to an incident has been asked to provide an after action report. This supports which of the following Incident Response procedures? Escalation/Notification Mitigation Incident identification Lessons learned
Lessons learned
Due to the commonality of Content Management System (CMS) platforms, a website administrator is concerned about security for the organization's new CMS application. Which of the following practices should the administrator implement FIRST to mitigate risks associated with CMS platform implementations? Configure DNS blacklisting Deploy CAPTCHA features Modify default accounts' password Configure password complexity requirements Implement two-factor authentication
Modify default accounts' password
A network technician needs to pass traffic from the company's external IP address to a front-end mail server in the DMZ without exposing the IP address of the mail server to the external network. Which of the following should the network technician use? SMTP SSH NAT TLS NAC
NAT
An administrator wants to configure the security setting in the AD domain to force users to use a unique new password at least ten times before a password can be reused. Which of the following security controls is the administrator enforcing? Password complexity Password expiration password age Password history
Password history
A security administrator has been tasked hardening operating system security on tablets that will be deployed for use by floor salespeople at retail outlets. Which of the following could the administrator implement to reduce the likelihood that unauthorized users will be able to access information on the tablets? GPS device tracking Remote wiping Cable locks Password protection
Password protection
Ann, a security administrator, needs to implement a transport encryption solution that will enable her to detect attempts to sniff packets. Which of the following could be implemented? Eliptical curve algorithms Ephemeral keys Quantum cryptography Steganography
Quantum cryptography
Which of the following authentication services utilizes UDP for communication between client and server? Kerberos TACACS+ RADIUS LDAP
RADIUS
A recent policy change at an organization requires that all remote access connections to and from file servers at remote locations must be encrypted. Which of the following protocols would accomplish this new objective? (Select TWO). FTP RDP TFTP SSH HTTP
RDP SSH
An administrator is tasked with reducing the malware infection rate of PC applications. To accomplish this, the administrator restricts the locations from which programs can be launched. After this is complete, the administrator notices that malware continues to run from locations on the disk and infect the hosts. Which of the following did the administrator forget to do? Configure browser sandboxing Install the host-based intrusion detection system Restrict write access to the allowed executable paths Disable unnecessary services
Restrict write access to the allowed executable paths
An organization's security policy requires secure file transfers to and from internal hosts. An employee is attempting to upload a file using an unsecure method to a Linux-based dedicated file server and fails. Which of the following should the employee use to transfer the file? FTP HTTPS SSL SCP TLS
SCP
Which of the following should be used to implement voice encryption? VoIP SSLv3 SRTP VDSL
SRTP
A finance manager is responsible for approving wire transfers and processing the transfers using the software provided by the company's bank. A number of discrepancies have been found related to the wires in a recent financial audit and the wires appeared to be fraudulent. Which of the following controls should be implemented to reduce the likelihood of fraud related to the use of wire transfers? Separation of duties Qualitative auditing Least privilege Acceptable use policy
Separation of duties
During a recent audit, it was discovered that the employee who deploys patches also approves the patches. The audit found there is no documentation supporting the patch management process, and there is no formal vetting of installed patches. Which of the following controls should be implemented to mitigate this risk? (Select TWO). IT contingency planning Change management policy Mandatory job rotation Dual control Separation of duties Least privilege
Separation of duties Change management policy
In order to establish a connection to a server using secure LDAP, which of the following must be installed on the client? Server public key Subject alternative names certificate CA anchor of trust Certificate signing request
Server public key
A company needs to ensure that employees that are on vacation or leave cannot access network resources, while still retaining the ability to receive emails in their inboxes. Which of the following will allow the company to achieve this goal? Remove user privileges Set up an email alias Install an SMTP proxy server Reset user passwords
Set up an email alias
Attackers use techniques when sending tailored emails to engage their targets and make them feel personally involved. Which of the following social engineering techniques BEST describes this type of attack? Pharming SMiShing Whaling Spear phishing
Spear phishing
A security administrator is seeking a secure way to send emails to a subcontractor without requiring user action. Which of the following would BEST provide security between email gateways? SSL PGP HTTPS S/MIME TLS SSH
TLS
An administrator must change the IP address of the corporate web server. Since this is a critical web server, downtime must be kept to a minimum. To minimize downtime as much as possible, which of the following DNS properties should be changed well before the actual IP change? PTR TTL SRV A
TTL
A systems administrator is part of the organization's contingency and business continuity planning process. The systems administrator and relevant team participant in the analysis of a contingency situation intended to elicit constructive discussion. Which of the following types of activity is MOST accurately described in this scenario? Tabletop exercise Lessons learned Parallel simulation Full-Interruption exercise Business impact analysis
Tabletop exercise
Members of the accounting group save all of their work in a directory on a Linux server. The directory has the default permissions of rwxrwxr-x. The accounting users suspect that a user in the Human Resources group is aware of the existence of a confidential file. What is the reason for the accounting users suspicions? The default permissions, other users can add files to the directory The default permissions, other users have no access to the directory The default permissions, other users can view contents of the directory The default permissions, other users can remove files from the directory
The default permissions, other users can view contents of the directory
A security administrator receives an IDS alert that a single internal IP address is connecting to several known malicious command and control domains. The administrator connects to the switch and adds a MAC filter to Port 18 to block the system from the network. BEFORE AFTER MAC Address VLAN Port MAC Address VLAN Port 67A7.353B.5064 101 4 67A7.353B.5064 101 4 7055.4961.1F33 100 9 7055.4961.1F33 100 9 0046.6416.5809 101 21 0046.6416.5809 101 21 7027.0108.31B5 100 16 7027.0108.31B5 100 16 5243.6353.7720 101 6 5243.6353.7720 101 6 1484.A471.6542 100 2 1484.A471.6542 100 2 80C7.8669.5845 101 7 80C7.8669.5845 101 7 7513.77B9.4130 101 18 0046.6419.5809 101 18 5A77.1816.3859 101 19 5A77.1816.3859 101 19 8294.7E31.3270 100 8 8294.7E31.3270 100 8 A few minutes later, the same malicious traffic starts again from a different IP. Which of the following is the MOST likely reason that the system was able to bypass the administrator's MAC filter? The system is now spoofing a MAC address. The system is now VLAN hopping to bypass the switch port MAC filter. The system is now ARP spoofing a device on the switch. The system is now connecting to the switch.
The system is now spoofing a MAC address.
A company has noticed a recent increase in machines that have been exploited using vulnerabilities via third party software. Which of the following would BEST help the company reduce the likelihood of vulnerabilities within the software creating future problems? Patch management Host-based firewalls Antivirus software White-listing applications
White-listing applications
A security administrator has detected the following pattern in a TCP packer: URG=1, ACK=1, PSH=1, RST=1, SYN=1, FIN=1. Which of the following attacks is this an example of? DDoS Spoofing Xmas Replay
Xmas
An organization experienced a fire at its datacenter and was unable to operate at that location. The company moved to a location where HVAC and power are available, but must supply and configure its own computing resources in order to provide services. The company has relocated to a: hot site co-location site warm site cold site
cold site
Based on a review of the existing access policies the network administrator determines that that changes are needed to meet current regulatory requirements of the organization's access control process. To initiate changes in the process, the network administrator should FIRST: update the affected policies and inform the user community of the changes distribute a memo stating that all new accounts must follow current regulatory requirements inform senior management that changes are needed to existing policies notify the user community that non-compliant account will be required to use the new process
inform senior management that changes are needed to existing policies
A company has recently won a classified government contract involving both confidential and restricted information. To ensure proper authorization for authenticated users and restrict unauthorized users from accessing information above their clearance, the company should establish: discretionary access control rule-based access control mandatory access control role-based access control
mandatory access control
A security administrator, believing it to be a security risk, disables IGMP snooping on a switch. This breaks a video application. The application is MOST likely using: VoIP. anycast. multicast. RTP.
multicast.
A security manager needs to implement a backup solution as part of the disaster recovery plan. The system owners have indicated that the business cannot afford to lose more than a day of transactions following an event where data would have been restored. The security manager should set a value of 24 hours for the: recovery time objective service level agreement recovery point objective system backup window disaster recovery plan
recovery point objective
A system administrator wants to ensure that only authorized devices can connect to the wired and wireless corporate system. Unauthorized devices should be automatically placed on a guest network. Which of the following MUST be implemented to support these requirements? (Select TWO). NAT VLAN Proxy 802.1X Port Security
802.1X VLAN
After a private key has been compromised, an administrator realized that downloading a CRL once per day was not effective. The administrator wants to immediately revoke certificates. Which of the following should the administrator investigate? CSR PKI IdP OCSP
OCSP
A security administrator creates separate VLANs for employee devices and HVAC equipment that is network attached. Which of the following are security reasons for this design? (Select THREE). Broadcasts from HVAC equipment will be confined to their own network segment. HVAC equipment can be isolated from compromised employee workstations. VLANs are providing loop protection for the HVAC devices. IDS often requires network segmentation of HVAC endpoints for better reporting. Employee devices often interfere with proper functioning of HVAC devices. Access to and from the HVAC equipment can be more easily controlled.
Access to and from the HVAC equipment can be more easily controlled. Broadcasts from HVAC equipment will be confined to their own network segment. HVAC equipment can be isolated from compromised employee workstations.
A network administrator discovers that telnet was enabled on the company's Human Resources (HR) payroll server and that someone outside the HR subnet has been attempting to log into the server. The network administrator has disabled telnet on the payroll server. Which of the following is a method of tracking attempts to log onto telnet without exposing important telnet data. Banner grabbing Active port monitors Honeypot Passive IPS
Active port monitors
A healthcare organization is in the process of building and deploying a new web server in the DMZ that will enable public Internet users the ability to securely send and receive messages from their primary care physicians. Which of the following should the security administrator consider? A symmetric algorithm for key exchange and an asymmetric algorithm for the session An out-of-band method for key exchange and an in-band method for the session An in-band method for key exchange and an out-of-band method for the session An asymmetric algorithm for key exchange and a symmetric algorithm for the session
An asymmetric algorithm for key exchange and a symmetric algorithm for the session
The content of a document that is routinely used by several employees and contains confidential information has been changed. While investigating the issue, it is discovered that payment information for all the company's clients has been removed from the document. Which of the following could be used to determine who changed the information? Audit logs Server baseline Document hashing Change management
Audit logs
Ann, a recently terminated programmer, can access the program she wrote without using any login credentials. Which of the following attack types is this? Backdoor Logic bomb Spyware Trojan
Backdoor
A penetration tester is attempting to determine the operating system of a remote host. Which of the following will provide this information? Honeypot Fuzzer Banner grabbing Protocol analyzer
Banner grabbing
An attacker is attempting to determine the patch level version that a web server is running on its open ports. Which of the following is an active technique that will MOST efficiently determine the information the attacker is seeking? Port scanning Protocol analysis Vulnerability scanning Banner grabbing
Banner grabbing
The network engineer for an organization intends to use certificate-based 802.1X authentication on a network. The engineer's organization has an existing PKI that is used to issue server and user certificates. The PKI is currently not configured to support the issuance of 802.1X certificates. Which of the following represents an item the engineer MUST configure? OCSP responder Web enrollment portal Symmetric cryptography Certificate extension
Certificate extension
Joe, a user, wants to configure his workstation to make certain that the certificate he receives when connecting to websites is still valid. Which of the following should Joe enable on his workstation to achieve this? Digital signatures Certificate revocation Key escrow Registration authority
Certificate revocation
A CA is attempting to publicize the acceptable parameters for certificate signing requests. Which of the following should a server administrator use to fulfill the requirements of the CA? Interconnection security agreement Certificate templates Client-side certificates Software token
Certificate templates
Multi-function devices are being deployed in various departments. All departments will be able to copy, print and scan to file. Some departments will be authorized to use their devices to fax and email, while other departments will not be authorized to use those functions on their devices. Which of the following is the MOST important mitigation technique to avoid an incident? Disable unnecessary accounts. Password protection. Monitor access logs. Disable unnecessary services.
Disable unnecessary services.
A company is hosting both sensitive and public information at a cloud provider. Prior to the company going out of business, the administrator will decommission all virtual servers hosted in the cloud. When wiping the virtual hard drive, which of the following should be removed? Hardware specifications Encrypted files Data remnants Encrypted keys
Data remnants
A security specialist has implemented antivirus software and whitelisting controls to prevent malware and unauthorized application installation on the company systems. The combination of these two technologies is an example of which of the following? Defense in depth Application hardening Vulnerability scanning Anti-malware
Defense in depth
A server administrator is investigating a breach and determines that an attacker modified the application log to obfuscate the attack vector. During the lessons learned activity, the facilitator asks for a mitigation response to protect the integrity of the logs should a similar attack occur. Which of the following mitigations would be MOST appropriate to fulfill the requirement? Host-based IDS Real-time event correlation Automated log analysis Enterprise SIEM
Enterprise SIEM
A datacenter has suffered repeated burglaries that lead to equipment theft and arson. In the past, the thieves have demonstrated a determination to bypass any installed safeguards. After mantraps had been installed to prevent tailgating, the thieves crashed through the wall of the datacenter with a vehicle after normal business hours. Which of the following options could further improve the physical safety and security of the datacenter? (select TWO). Cipher locks CCTV Escape routes K-rated fencing FM200 fire suppression
Escape routes K-rated fencing
A security administrator conducts a vulnerability scan on multiple web servers. Some of findings are not found on the web server. Which of the following BEST explains this situation? False positive results Host-based IPS dropped packets Improper network segmentation Web application firewall interference
False positive results
A company has begun construction on a new building. The construction crews have noticed that valuable materials have been stolen from the site. Which of the following preventative controls should be used by the Chief Security Officer (CSO) to prevent future theft? Fencing Motion sensors Lighting CCTV
Fencing
An administrator sees the following entry in a system log: 02:23:41 AM Mar 09 2015 www: WARNING: MD5 checksum on file /etc/sudoers has changed. Please update db if this change is expected. Which of the following describes the type of application that generated this log entry? SELinux audit utility File integrity management Security patch management Change management
File integrity management
A security administrator is troubleshooting a network connectivity issue. The administrator believes that a router's ACL may be blocking network traffic to a remote network. Which of the following, if enabled, would confirm the administrator's theory by providing helpful feedback? DNS NAT NetBIOS ICMP
ICMP
A security administrator wants to implement a multi-factor, location-based authentication system. The authentication system must incorporate something unique about each user. Which of the following are user authentication factors that can be used by the system? (Select THREE). P address Employee ID Username Unique identification number Keyboard timing Password
IP address Keyboard timing Password
The firewall administrator is installing a VPN application and must allow GRE through the firewall. Which of the following MUST the administrator allow through the firewall? IP protocol 50 IP protocol 47 IP protocol 51 IPSec
IP protocol 47
A security administrator determined that the time required to brute force 90% of the company's password hashes is below the acceptable threshold. Which of the following, if implemented, has the GREATEST impact in bringing this time above the acceptable threshold? Change the algorithm used to salt all passwords Use a shadow password file Increase the number of PBKDF2 iterations Use a stronger hashing algorithm for password storage
Increase the number of PBKDF2 iterations
A security administrator wishes to ensure that one file in a confidential location is not altered. With very limited technology or restrictions to the file or folder, which of the following controls could the security administrator use to determine if the file has been altered? File-based encryption MD5 checksum Rule-based access Role-based access
MD5 checksum
Which of the following attack types is MOST likely to cause damage or data loss for an organization and be difficult to investigate? Spoofing Man-in-the-middle Malicious insider DDoS
Malicious insider
A malicious insider is using an ARP spoofing tool to impersonate the gateway router. Which of the following attack types is the malicious insider implementing? Man-in-the-middle attack IP spoofing attack DNS poisoning and redirect attack Replay attack
Man-in-the-middle attack
An administrator is reviewing the logs for a content management system that supports the organization's public-facing website. The administrator is concerned about the number of attempted login failures from other countries for administrator accounts. Which of the following capabilities is BEST to implement if the administrator wants the system to dynamically react to such attacks? Disable generic administrative accounts Automated log analysis Netflow-based rate limiting Intrusion prevention system
Netflow-based rate limiting
A software development manager needs to create several different environments for application development, testing, and quality control. Controls are being put in place to manage how software is moved into the production environment. Which of the following should the software development manager request be put in place to implement the three new environments? Application firewalls Network segmentation Trusted computing Network address translation
Network segmentation
A large retail vendor provides access to a heating, ventilation, and air conditioning vendor for the purpose of issuing billing statements and receiving payments. A security administrator wants to prevent attackers from using compromised credentials to access the billing system, moving laterally to the point-of-sale (POS) system, and installing malware to skim credit card data. Which of the following is the MOST important security architecture consideration the retail vendor should impose? Application firewalls Data encryption Network segregation Virtual private networking
Network segregation
A data breach is suspected on a currently unidentified server in a datacenter. Which of the following is the BEST method of determining which server was breached? Asset inventory review System image capture RAM analysis Network traffic logs
Network traffic logs
An assessment team is conducting a vulnerability scan of an organization's database servers. During the configuration of the vulnerability scanner, the lead assessor only configures the parameter of the database servers' IP range, and then runs the vulnerability scanner. Which of the following scan types is being run on the database servers? Non-credentialed Intrusive Offline Ping sweep
Non-credentialed
A company uses digital signatures to sign contracts. The company requires external entities to create an account with a third-party digital signature provider and sign an agreement stating they will protect the account from unauthorized access. Which of the following security goals is the company trying to address in the given scenario? Availability Authentication Non-repudiation Confidentiality Due diligence
Non-repudiation
Which of the following network configurations provides security analysts with the MOST information regarding threats, while minimizing the risk to internal corporate assets? Configuring the wireless access point to be unencrypted Placing a NIDS between the corporate firewall and ISP Increasing the logging level of internal corporate devices Allowing inbound traffic to a honeypot on the corporate LAN
Placing a NIDS between the corporate firewall and ISP
On a campus network, users frequently remove the network cable from desktop NICs and plug personal laptops into the school network. Which of the following could be used to reduce the likelihood of unauthorized laptops on the campus network? Port security VLANs Loop protection Flood guards
Port security
An application service provider has notified customers of a breach resulting from improper configuration changes. In the incident, a server intended for internal access only was made accessible to external parties. Which of the following configurations were likely to have been improperly modified, resulting in the breach? IDS CRL NAT VPN
VPN
Which of the following actions would help prevent SQL injection on a web application? Blocking direct access to the SQL server's management port Validating client input inside the application's source code Regularly applying patches to the database management system Using exception handling to detect buffer overflows
Validating client input inside the application's source code
A company is planning to encrypt the files in several sensitive directories of a file server with an asymmetric key. Which of the following could be used? RSA ECC 3DES AES MD5
RSA
A company must implement management controls to deter system administrators from making unauthorized changes to sensitive systems. Which of the following should the company implement? System and data file hashing Remote syslog server inaccessible by system administrators Host based intrusion detection system Periodic reviews of system activity
Remote syslog server inaccessible by system administrators
A security manager is required to protect the disclosure of sensitive data stored on laptops and mobile devices while users are traveling. Users are required to connect via VPN to the company's network and are also issued cable locks. Which of the following should the security manager implement to further secure the data? (Select TWO). Full-disk encryption Screen locks. Remote wipe One-time tokens BIOS password
Remote wipe Full-disk encryption
When implementing a new system, a systems administrator works with the information system owner to identify and document the responsibilities of various positions within the organization. Once responsibilities are identified, groups are created within the system to accommodate the various responsibilities of each position type, with users being placed in these groups. Which of the following principles of authorization is being developed? Rule-based access control Least privilege Separation of duties Access control lists Role-based access control
Role-based access control
A company has implemented a public-facing authentication system that uses PKI and extended attributes to allow third-party, web-based application integration. Which of the following is this an example of? (Select THREE). Federation Two-factor authentication Transitive trust Trusted OS Single sign-on TOTP MAC
Single sign-on Transitive trust Federation
A network administrator is in the process of developing a new network security infrastructure. One of the requirements for the new system is the ability to perform advanced authentication, authorization, and accounting. Which of the following technologies BEST meets the stated requirement? Kerberos SAML LDAPS TACACS+
TACACS+
Which of the following remote authentication methods uses a reliable transport layer protocol for communication? TACACS+ SAML RADIUS LDAP
TACACS+
A security administrator recently implemented IPSec for remote users. Which of the following ports must be allowed through the firewall in order for remote access to be successful if the tunneling protocol is PPTP? TCP 4500 UDP 1723 UDP 500 TCP 1723
TCP 1723
During a trial for possession of illegal content, a defense attorney argues that several of the files on the forensic image may have been tampered with. How can a technician BEST disprove this argument? Access the system logs on the forensic image, and see if any logins occurred after the suspect's arrest Take hashes from the suspect source drive, and compare them to hashes on the forensic image Trace the chain-of-custody from the time of arrest until the time of trial Have the investigator undergo a polygraph examination
Take hashes from the suspect source drive, and compare them to hashes on the forensic image
A server technician is about to perform a major upgrade to the operating system of a critical system. This system is currently in a virtualization environment. Which of the following actions would result in the LEAST amount of downtime if the upgrade were to fail? Clustering the storage for the server to add redundancy. Performing a full backup of the virtual machine. Enabling live migration in the VM settings on the virtual server. Taking an initial snapshot of the system.
Taking an initial snapshot of the system.
After Ann arrives at the company's co-location facility, she determines that she is unable to access the cage that holds the company's equipment after a co-worker updated the key card server the night before. This is an example of failure of which of the following? Access signatures Fault tolerance Non-repudiation Testing controls
Testing controls
An administrator needs to deploy a new SSL wildcard certificate to three different web servers. Which of the following MUST be taken into consideration? (Select TWO). Intermediate CA(s) that may need to be added The fingerprint on the certificate File format needed by the target platform The CRL URL of the certificate The CSR that was used to request the certificate The OU field on the certificate
The OU field on the certificate Intermediate CA(s) that may need to be added
An employee is conducting a presentation at an out-of-town conference center using a laptop. The wireless access point at the employee's office has an SSID of OFFICE. The laptop was set to remember wireless access points. Upon arriving at the conference, the employee powered on the laptop and noticed that it was connected to the OFFICE access point. Which of the following MOST likely occurred? The laptop connected as a result of an IV attack. The laptop connected to an evil twin WAP. The laptop connected to a legitimate WAP. The laptop connected as a result of near field communication.
The laptop connected to an evil twin WAP.
A network administrator would like to implement a wireless solution that uses a very high performance stream cipher encryption protocol. Which of the following solutions should the administrator implement to meet this goal? EAP-TLS CCMP WEP WPA2 Enterprise
WEP
An organization that uses a cloud infrastructure to present a payment portal is using: software as a service infrastructure as a service monitoring as a service platform as a service
software as a service
