Chapter 6: Mitigating Security Threats
D. Verify how accounts are used and then disable unnecessary accounts. A, B, and C are incorrect. Deleting all unlinked accounts is not advised, because accounts are sometimes used for network devices and services. Accounts not in current use may be needed later.
A RADIUS server is used to authenticate your wireless network users. While creating a new user account, you notice there are many more user accounts than actual users. What should be done? A. Delete all accounts not linked to a user. B. Disable all accounts not linked to a user. C. Verify how accounts are used and then delete unnecessary accounts. D. Verify how accounts are used and then disable unnecessary accounts.
A. Alarm B, C, and D are incorrect. Alerts notify of changes in state that may not always warrant a response, such as the fact that a workstation has come online. Remediation actively corrects a problem; notifying the IT group of a situation in itself does not correct a problem. Input validation verifies the integrity of submitted data; this would not be triggered if some activity met a preconfigured threshold.
A network administrator places a network appliance on the DMZ network and configures it with various security thresholds, each of which will notify the IT group via e-mail. The IT group will then adhere to the incident response policy and take action. What will be triggered when any of these thresholds is violated? A. Alarm B. Alert C. Remediation D. Input validation
B. Device hardening A, C, and D are incorrect. Patching may correct security flaws, but it will not normally change default configurations. There is no input being applied to the wireless routers. Input validation is best suited to areas where users can supply data that is sent to a server. Granting users only the rights they need is inapplicable to wireless routers but is applicable to network resources.
A network security audit exposes three insecure wireless routers using default configurations. Which security principle has been ignored? A. Application patch management B. Device hardening C. Input validation D. Principle of least privilege
A. Configure the settings in the local security policies.
A new network administrator in the office has been reading about the company requirement that all systems have the initial security baseline applied. She is looking at a listing of 50 different policy settings that need to be applied and are wondering if there is an easy way to deploy the settings. What should she do? A. Configure the settings in the local security policies. B. Import a registry file. C. Use a security template. D. Build a macro.
D. Misconfigured firewall A, B, and C are incorrect. An insider threat relates to a malicious threat from an employee or contractor within the company. Unauthorized software is software that has not been explicitly allowed to run on the company's computer systems. Unified Threat Management (UTM) is a collection of security controls that packages the functionality of multiple security functions together.
A service on a local server cannot communicate with its database server running on another machine. The database server is functioning correctly and all network connections are working properly. What is the issue? A. Insider threat B. Unauthorized software C. Unified Threat Management (UTM) D. Misconfigured firewall
C. Ensure the virus scanner is up to date. B. Apply all operating system patches. A. Join the Active Directory domain. D. Log in to the Active Directory domain to receive Group Policy security settings. E. Install the additional financial software. C, B, A, D, and E. The virus scanner must first be updated either manually or automatically to protect against malicious code while the system is updating. Applying operating system patches is the second thing to do to ensure that any software and security flaws are addressed. Next you would join the computer to the domain, but only after patching and ensuring that there are no viruses. Once the computer is joined to the domain, you would log in to ensure Group Policy security settings are applied. Finally, the financial software required by Accounting department employees should be installed and tested.
A shipment of new Windows computers has arrived for Accounting department employees. The computers have the operating system preinstalled but will require additional financial software. In which order should you perform all of the following? A. Join the Active Directory domain. B. Apply all operating system patches. C. Ensure the virus scanner is up to date. D. Log in to the Active Directory domain to receive Group Policy security settings. E. Install the additional financial software.
A. Patch
A software vendor has found out about a critical within their software product that causes a server security risk to the system. The software vendor will ship which type of remedy that should be applied to systems immediately? A. Patch B. Service pack C. Hot-fix D. Update
B. Trend A, C, and D are incorrect. Forensic analysis seeks legal evidence of wrongdoing that can be used in a court of law, but this scenario does not imply collection of evidence for legal proceedings. Network statistic gathering is proactive, but in this case you are reacting to previously gathered data. A vulnerability analysis is proactive and tests for weaknesses; in this case, you are reacting to an anomaly.
A user reports repeated instances of Windows 10 slowing down to the point where she can no longer be productive. You view the Windows Event Viewer logs for the past month and notice an exorbitant amount of SMTP traffic leaving the local machine each morning between 10 a.m. and 11 a.m. What type of analysis was performed to learn of this anomaly? A. Forensic B. Trend C. Network statistical D. Vulnerability
C. Penetration testing A, B, and D are incorrect. Performance baselines determine what type of performance can be expected under normal conditions, but they do not directly relate to how secure a system is. Security templates are used to apply settings to harden a system, but not to test that security. Although password cracking does test computer security, many more aspects of computer security would be covered in a penetration test.
After patching and hardening your computers, how would you determine whether your computers are secure? A. Performance baseline B. Security templates C. Penetration testing D. Password cracking
B. He forgot to patch the application software. A, C, and D are incorrect. Sysprep applies only to Windows computers, not Linux. Most anti-malware software enables real-time monitoring by default. Encrypting the hard disk is an enhanced security measure but, generally speaking, is not as important as patching application software.
Aidan is creating a Linux operating system image that will be used to deploy Linux virtual machines from a template. After patching the operating system, he installs the required application software, installs and updates the anti-malware software, creates the image, and stores it on the imaging server. What did Aidan forget to do? A. He forgot to Sysprep the installation before capturing the image. B. He forgot to patch the application software. C. He forgot to turn on anti-malware real-time monitoring. D. He forgot to encrypt the hard drive.
A. Access violations B, C, and D are incorrect. A certificate issue involves a certificate being untrusted or expired, and there is no certificate present in this scenario. A misconfigured content filter would block or allow unwanted content, but it would not affect an application's ability to stay in its own memory space. A policy violation occurs, for example, when an employee performs an action against the policies of the company.
An application accesses memory outside of its allocated space. What is the issue? A. Access violations B. Certificate issues C. Misconfigured content filter D. Policy violation
B. Social engineering A, C, and D are incorrect. Data exfiltration involves an unauthorized user taking information from a company. Host-based intrusion detection systems (HIDS) and hostbased intrusion prevention systems (HIPS) are programs/services implemented on a computer system to detect and prevent attackers from attacking a host. Permission issues are not involved here, because the attacker inherits the permissions of the account he has credentials for.
An attacker has contacted one of your employees and has convinced her to give up her username and password, giving the attacker access to your network. What sort of attack is this? A. Data exfiltration B. Social engineering C. HIDS/HIPS D. Permission issues
A. Initial baseline configuration B, C, and D are incorrect. The principle of least privilege ensures that users have only the rights they require to do their jobs. Sysprepping a disk image ensures the installation is unique when it is deployed, but it does not specifically refer to security. Local security policy would not be the best way to implement standardized security to more than one computer.
As the IT director of a high school using Group Policy and Active Directory, you plan the appropriate standard security settings for newly deployed Windows 10 workstations. Some teachers require modifications to these settings because of the specialized software they use. Which term refers to the standardized security parameters? A. Initial baseline configuration B. Principle of least privilege C. Sysprepped image D. Local security policy
A. Deploy an IEEE 802.1x configuration. B, C, and D are incorrect. Strong passwords might prevent the compromising of user accounts, but they will not prevent rogue machines from connecting to the network. IPv6 does not prevent rogue machine network connections. IEEE 802.11 defines the Wi-Fi standard; this does not prevent rogue machine network connections.
How can you prevent rogue machines from connecting to your network? A. Deploy an IEEE 802.1x configuration. B. Use strong passwords for user accounts. C. Use IPv6. D. Deploy an IEEE 802.11 configuration.
A. Validate input.
How should developers of programming languages such as .NET and Java deal with runtime errors occurring in an application? A. Validate input. B. Ignore them. C. Use exception handling. D. Verify the syntax.
D. Cross-site request forgery A, B, and C are incorrect. Denial-of-service (DoS) attacks render a network service unusable, which is not the case here. Dictionary attacks are applied to user accounts to guess passwords. Privilege escalation raises the rights a user would normally have. In this example, the violated user has the same rights he would normally have during a legitimate transaction.
IT security personnel respond to the repeated misuse of an authenticated user's session cookie on an e-commerce web site. The affected user reports that he occasionally uses the site but not for the transactions in question. The security personnel decide to reduce the amount of time an authentication cookie is valid. What type of attack have they responded to? A. DoS B. Dictionary C. Privilege escalation D. Cross-site request forgery
C. Social media A, B, and D are incorrect. A file integrity check verifies that the file is intact and hasn't been changed. A host-based firewall is a service that runs on a host and helps protect it from attackers by limiting and filtering network communications. Data loss prevention (DLP) software detects and prevents data theft on a network and can be configured to prevent data leakage. The question states the network has not been breached by an attacker.
Important data about the internal network of your company has been leaked online. There has been no breach of your network by an attacker. What type of issue is this? A. File integrity check B. Host-based firewall C. Social media D. Data Loss Prevention (DLP) failure for a malicious user
C. Asset management A, B, and D are incorrect. A file integrity check verifies that the file is intact and hasn't been changed. A web application firewall applies a set of rules to an HTTP session. A license compliance violation is when the software on the computer systems don't all have the proper licenses attached to them.
New company laptops have arrived, and before being deployed in the field, software is installed on them to allow them to be centrally tracked and managed. Which term best describes this scenario? A. File integrity checks B. Web application firewall C. Asset management D. A license compliance violation
C. Error handling A, B, and D are incorrect. The lack of packet encryption would not cause an application to fail; it would simply be insecure. Digital signatures verify the identity of the sender of a transmission. There is no mention of transmitting data in this case. Hardening would minimize security risks in Roman's application, but it would not increase its stability.
Roman is developing an application that controls the lighting system in a large industrial complex. A piece of code calls a function that controls a custom-built circuit board. While running his application, Roman's application fails repeatedly because of unforeseen circumstances. Which secure coding guideline did Roman not adhere to? A. Packet encryption B. Digital signatures C. Error handling D. Hardening
C. MAC address A, B, and D are incorrect. Subscriber Identity Module (SIM) cards are used in cell phones and not for 802.11n networks. NetBIOS computer names apply to OSI layers 4 and 5 (Transport layer and Session layer, respectively). IP addresses are OSI layer 3 (Network layer) addresses.
The 802.11n wireless network in your department must be layer 2 secured. You would like to control which specific wireless devices are allowed to connect. How can you do this? A. SIM card B. NetBIOS computer name C. MAC address D. IP address
B. National C. Nonregulatory A and D are incorrect. It is not regulatory, and as such is not required to be implemented. It is also not international, as it was created by a U.S. organization.
The National Institute Science & Technology (NIST) Cybersecurity Framework is an example of what kind of industry standard framework? (Choose two.) A. Regulatory B. National C. Nonregulatory D. International
A. Static code analysis. B, C, and D are incorrect. Dynamic analysis runs the code and analyzes it as it runs. Sandboxing runs the code in its own test environment that does not affect anything outside of the test environment. Running code as runtime code instead of compiled code would still run the program. The difference between them is what kind of errors can appear when the program is run.
The development team you are working with wants to analyze some code without executing it. How can this be achieved? A. Static code analysis. B. Dynamic analysis. C. Sandboxing. D. Use it as runtime code instead of compiled code.
C. Continuous security monitoring A, B, and D are incorrect. Remediation implies taking action to correct flaws. Hardening eliminates security risks but has nothing to do with security assessments. Trend analysis refers to collecting data and noticing patterns.
The periodic assessment of security policy compliance is referred to as what? A. Remediation B. Hardening C. Continuous security monitoring D. Trend analysis
C. Hardening A, B, and D are incorrect. Patches fix problems with software. Fuzzing refers to testing your own software for vulnerabilities. Debugging is the methodical testing of software to identify the cause of a flaw.
The process of disabling unneeded network services on a computer is referred to as what? A. Patching B. Fuzzing C. Hardening D. Debugging
B. Input validation
The software testing team is responsible for testing the applications by inputting invalid data into the fields of the applications. What is this called? A. Fuzzing B. Input validation C. Exception handling D. Error handling
B. Fuzzing A, C, and D are incorrect. Cross-site scripts do not ensure that applications are secure; they are a type of attack. Patching would occur after flaws were discovered. Debugging implies software flaws are already known.
The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing, they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. What term describes their actions? A. Cross-site scripting B. Fuzzing C. Patching D. Debugging
B. Disable unnecessary services. C. Patch the operating system. D. Configure Encrypted File Systems (EFS). A and E are incorrect. System restore points take snapshots of the Windows configuration periodically for the purpose of reverting to those snapshots. This could be used to revert a compromised or infected system to a stable point in time, so it should not be disabled when hardening. Group Policy contains many security settings that can be distributed centrally to many computers to harden them.
What can be done to harden the Windows operating system? (Choose three.) A. Disable system restore points. B. Disable unnecessary services. C. Patch the operating system. D. Configure Encrypted File Systems (EFS). E. Disable Group Policy.
D. Use HTTPS with public key infrastructure (PKI). A, B, and C are incorrect. IPv6 with HTTPS is no more secure than IPv4 with HTTPS. PKI means the connection will use HTTPS, not HTTP.
What can be done to secure the network traffic that is generated when administering your wireless router? A. Use HTTPS with IPv6. B. Use HTTP with public key infrastructure (PKI). C. Use HTTP with IPv6. D. Use HTTPS with public key infrastructure (PKI).
C. Stored procedure A, B, and D are incorrect. Data exposure is when an application does not adequately protect its sensitive information. Normalization is the process of organizing tables and attributes to reduce data redundancy. Obfuscation and camouflage relate to creating code that is hard for humans to understand to prevent reverse-engineering or tampering.
What can be used to validate SQL statements repetitively? A. Data exposure B. Normalization C. Stored procedure D. Obfuscation/camouflage
A. Security automation B. Continuous integration C. Immutable systems D. Infrastructure as Code A, B, C, and D are correct. Security automation involves testing your code with automated security tools—for example, to ensure when it's fed unexpected data, the app doesn't crash or reveal sensitive information. Continuous integration allows the merging of all working copies of code into a single unified mainline, which facilitates code
What does Secure DevOps entail? (Choose all that apply.) A. Security automation B. Continuous integration C. Immutable systems D. Infrastructure as Code
B. MAC filtering
What feature of a network switch allows you to control which system can be physically connected to a specific network port by its MAC address. A. 802.1X B. MAC filtering C. Firewall D. Port security
D. It defines network access control for wired and wireless networks. A, B, and C are incorrect. IEEE 802.11 defines a group of wireless standards. IEEE 802.3 is the Ethernet standard. 802.1x is a security authentication standard; it is not exclusive to wireless networks.
What is the best definition of the IEEE 802.1x standard? A. It defines a group of wireless standards. B. It defines the Ethernet standard. C. It defines network access control only for wireless networks. D. It defines network access control for wired and wireless networks.
D. Cross-site scripting
What type of application attack involves the hacker inputting into a web site data that contains script code that will execute when the page is viewed by others. A. ActiveX B. Java applets C. Macro virus D. Cross-site scripting
A. Alert
What type of reporting mechanism should a system or application use to notify the administrator of an event that requires immediate attention? A. Alert B. Trend C. Log D. Alarm
D. Account lockout A, B, and C are incorrect. Minimum password age ensures that users do not reset their current password to an old, easy-to-remember one. This setting would still allow incessant password attempts. Password hints simply help the user remember a complex password; they do not restrict repeated password attempts. Password history prevents users from reusing the same passwords, but it does not restrict the number of times hackers can attempt to compromise user accounts.
What will prevent frequent repeated malicious attacks against user account passwords? A. Minimum password age B. Password hints C. Password history D. Account lockout
A. Mainframes B. Thin clients C and D are incorrect. Public cloud providers are responsible for patching their computing environment; it is not your responsibility. IP addresses cannot have patches applied to them.
Which enterprise-class items within your organization should be patched regularly? (Choose all that apply.) A. Mainframes B. Thin clients C. Public cloud virtualization hosts D. IP addresses
B. Security templates distributed through Group Policy A, C, and D are incorrect. Although an image could already be configured with standard security settings, it is tied to the image and is therefore not as flexible as security templates and Group Policy. There are many more security items to consider than password settings. Local security policy applies to a single machine only; in this case, you must deploy settings to many computers.
Which item would best apply a standard security baseline to many computers? A. A disk image of the operating system B. Security templates distributed through Group Policy C. Password settings distributed through Group Policy D. Security templates distributed through a local security policy
B. Disabling unnecessary services
Which of the following actions is performed during system hardening? A. MAC filtering B. Disabling unnecessary services C. Enabling port security D. Configuring 802.1X authentication
C. E-mail spoofing
Which of the following identifies a security concern with SMTP servers? A. Relaying of messages B. Zone transfers C. E-mail spoofing D. Invalid address assignment
E. System on a Chip A, B, C, and D are incorrect. Watches, lightbulbs, and Unmanned Aerial Vehicle (UAV) or drones, Internet-connected cameras, network-aware insulin pumps—these could all potentially be smart devices (also called IoT devices) that connect to the Internet for remote statistics and management.
Which of the following is not an example of a smart (or IoT) device? A. A watch B. A lightbulb C. A UAV/drone D. Internet camera E. System on a Chip
A. Use 802.1x security. D. Configure the use of digital signatures for all network traffic. E. Disable unused switch ports. B and C are incorrect. Disabling ARP is not an option; ARP is required in TCP/IP networks to resolve IP addresses to MAC addresses. There are no patches addressing this issue because ARP, by design, is stateless and is required for TCP/IP to function.
Which of the following items can help prevent ARP cache poisoning? (Choose three.) A. Use 802.1x security. B. Disable ARP. C. Patch the operating system. D. Configure the use of digital signatures for all network traffic. E. Disable unused switch ports.
A. Password complexity requirements B, C, and D are incorrect. Account lockout thresholds best mitigate brute-force password attacks. Password hints aid the user in remembering her password. Although an important password security consideration, password history alone will not minimize dictionary attack risks.
Which of the following lessens the success of dictionary password attacks? A. Password complexity requirements B. Account lockout threshold C. Password hints D. Enforce password history
B. 802.1X
Which of the following security technologies involves controlling access to a wired or wireless network using a central authentication server such as RADIUS? A. Port security B. 802.1X C. MAC filtering D. Firewall
C. IEEE 802.1x A, B, and D are incorrect. Routers and hubs are network devices, not standards. IEEE 802.11n is a wireless networking standard with theoretical rates of up to 600 Mbps, but the 802.11n standard does not authenticate computers prior to allowing network access.
Which of the following standards must authenticate computing devices before allowing network access? A. Router B. Hub C. IEEE 802.1x D. IEEE 802.11n
D. Double-click the service and view the Dependencies tab. A, B, and C are incorrect. There is no /dep switch for net start, nor is there a dependency chain option when viewing services. Checking logs after a few days is too time consuming.
While hardening a Windows server, you decide to disable a number of services. How can you ensure that the services you are disabling will not adversely affect other services? A. Run the net start 'service name' / dep command. B. Disable the services, let the system run for a few days, and then check the Event Viewer logs. C. Right-click the service and choose Show Dependency Chain. D. Double-click the service and view the Dependencies tab.
A. Smart TV, gaming console, printer, HVAC, wireless router. B, C, and D are incorrect. Android and iOS devices, hardware, and software should always be kept up to date, but most refrigerators, electrical outlets, and fire extinguishers do not contain firmware.
While hardening your home office network, you decide to check that the firmware in all your network devices is updated. To which of the following devices would this apply? A. Smart TV, gaming console, printer, HVAC, wireless router B. Refrigerator, printer, wireless router, electrical outlets, printer C. HVAC, fire extinguisher, gaming console, printer, wireless router D. Gaming console, Android devices, Apple iOS devices, printers, fire extinguisher
D. Personal e-mail A, B, and C are incorrect. Advanced malware tools would most likely have no need to communicate with a server outside of the network using IMAP. Whitelisted applications are applications that can run on the company's computer systems. Data Execution Prevention (DEP) refers to regions of memory that are marked as non-executable. Exceptions are raised if something attempts to execute code in the memory region.
While monitoring network traffic, you notice a lot of Internet Message Access Protocol (IMAP) communications between your network and an IP address that does not belong to the company e-mail server. What is the cause of this traffic? A. Advanced malware tools B. Whitelisted applications C. Data Execution Prevention (DEP) D. Personal e-mail
A. It takes less effort to maintain. B. It reduces costs. D. It improves the user experience. C is incorrect. It takes less effort to maintain, not more.
Why might you want to keep the diversity of end-user technologies in use to a minimum? (Choose all that apply.) A. It takes less effort to maintain. B. It reduces costs. C. It takes more effort to maintain. D. It improves the user experience.
B. Remediation A, C, and D are incorrect. The servers on the restricted subnet do not isolate, validate, or authenticate the clients on the restricted subnet; the NPS server does this.
You are a Windows Server 2016 administrator. You install and configure the Network Policy Server (NPS) role and configure health policies that require all connecting clients to have firewall and spyware software enabled. Clients violating these health policies will receive an IP address placing them on a restricted subnet containing servers with client firewall and spyware software to install. What term accurately refers to the role the servers on this restricted subnet play? A. Isolation B. Remediation C. Validation D. Authentication
A. Agile B, C, and D are incorrect. The Waterfall method is a more traditional method where the customer sees the product only after it has been partially or fully developed. Supervisory Control and Data Acquisition (SCADA) is a system of running an industrial operation using a mixture of computer and embedded devices. A Software Development Kit (SDK) is a set of software that enables development in that software tool or programming language.
You are approached by a company that wants your team to develop an application for them. They would like to be highly involved and would like a basic version of the software working as soon as possible. What development model is best suited for this? A. Agile B. Waterfall C. Supervisory Control and Data Acquisition (SCADA) D. Software Development Kit (SDK)
D. Stress testing A, B, and C are incorrect. Model verification checks whether the code meets design requirements. Baselining is the process of observing what normal conditions are for the system or code in order to identify anomalies easily. Encryption is a way to convert information into a form that only authorized parties can read.
You are asked to test the ability of a program to function correctly under heavy load conditions. What type of test should you run? A. Model verification B. Baselining C. Encryption D. Stress testing
B. Require USB device encryption. C. Enable and configure the Windows firewall. D. Install and configure antivirus software. A and E are incorrect. Some users will need USB ports enabled for their USB mice. Power management options serve to conserve power, not secure laptops.
You are configuring a fleet of Windows laptops for traveling employees, some of whom prefer using USB mice. It is critical that the machines are as secure as possible. What should you configure? (Choose three.) A. Disable USB ports. B. Require USB device encryption. C. Enable and configure the Windows firewall. D. Install and configure antivirus software. E. Enable a power management scheme.
C. Configure USB device restrictions. D. Disable unused services. A and B are incorrect. Class C IP addresses are no more secure than Class A or B addresses. Log archiving keeps copies of older log files. This is useful for auditing and troubleshooting, but it is not considered hardening.
You are developing your Windows 8.1 enterprise rollout strategy. IT security policies have been updated to reflect the company's stricter security standards. Which of the following will harden Windows 8.1? (Choose two.) A. Use a Class C IP address. B. Configure log archiving. C. Configure USB device restrictions. D. Disable unused services.
C. SSH should have been used instead of Telnet. A, B, and D are incorrect. Telnet does not support public key authentication. Strong passwords should be used at all times, not only if you must use Telnet. Changing the Telnet port does not constitute a configuration error.
You are hardening a Linux computer and have disabled SSH in favor of Telnet. You ensure that passwords are required for Telnet access. Identify your error. A. Secure Telnet should have public key authentication enabled. B. Only strong passwords should be used with Telnet. C. SSH should have been used instead of Telnet. D. The Telnet port should have been changed from 23 to 8080.
B. Version control A, C, and D are incorrect. Git does not imply the use of a Software Development Kit (SDK). Memory management is implemented in code and can enable better memory usage and prevent exploits. Dead code is code that runs but whose results are never used.
You are joining a team of developers who use Git for their products. What primary benefit does Git provide? A. Software Development Kit (SDK) B. Version control C. Memory management D. Dead code
A. Cross-site scripting B, C, and D are incorrect. Fuzzing is essentially in-house software penetration testing. Hardening and patching serve to protect computing equipment and are not considered problems.
You are on a conference call with your developers, Serena and Thomas, discussing the security of your new travel site. You express concern over a recent article describing how user submissions to web sites may contain malicious code that runs locally when others simply read the post. Serena suggests validating user input before allowing the user submissions. Which problem might validation solve? A. Cross-site scripting B. Fuzzing C. Hardening D. Patching
A. Ensure the phone is password protected
You are planning a security assessment strategy for all systems and mobile devices used within the organization. When assessing mobile devices such as phones, what should you look for? A. Ensure the phone is password protected B. Ensure no texting software is installed C. Ensure the phone is not running a mobile OS. D. Ensure the phone is not configured for e-mail.
A. Change the admin password. C. Configure WPA2
You are reviewing the security configuration of a wireless access point. Which of the following settings should be configured on the access point to help keep wireless secure? (Choose two.) A. Change the admin password. B. Configure WEP C. Configure WPA2 D. Disable MAC filtering E. Configure DLP.
B. Non Structured Query Language (NoSQL) A, C, and D are incorrect. SQL databases are relational databases that do not scale well when processing enormous amounts of data. The SATA standard relates to data storage and not directly to data mining.
You are the founder of Acme Data Mining. The business focuses on retrieving relevant consumer habits from various sources, and that data is then sold to retailers. Because of the amount of data that must be processed, you must implement the fastest possible solution. Which type of technology should you implement? A. Structured Query Language (SQL) B. Non Structured Query Language (NoSQL) C. Serial Advanced Technology Attachment (SATA) D. Non Serial Advanced Technology Attachment (NoSATA)
C. DNS poisoning A, B, and D are incorrect. Address Resolution Protocol (ARP) poisoning links IP addresses to incorrect MAC addresses, the result of which is to redirect traffic to a malicious device. The question involves port 53 and zone transfers, which are DNS attributes, not ARP attributes. Cross-site scripting injects malicious scripts in normally trustworthy web sites. Web sites use ports 80 and 443, so clearly the question relates to DNS, not Hypertext Transfer Protocol (HTTP). MAC flooding does not relate in any way to port 53 or zone transfers; MAC flooding attempts to overwhelm a network switch to the point where the switch forwards all traffic to all switch ports.
You capture and examine network traffic weekly to ensure that the network is being used properly. In doing so, you notice traffic to TCP port 53 on your server from an unknown IP address. After reviewing your server logs, you notice repeated failed attempts to execute a zone transfer to your server. What type of attack was attempted? A. ARP poisoning B. Cross-site scripting C. DNS poisoning D. MAC flooding
D. Use JavaScript for client-side data validation. A, B, and C are incorrect. JavaScript is not used for server-side validation. PKI certificates are already in use; this is implied by HTTPS. VPNs are not feasible for the potentially large number of customers.
You have been asked to develop a secure web application for a home brewing retailer. The app will read and write to a back-end database for customer transactions. The database has rules in place to check that data is valid. The web site uses HTTPS. What else should be done to secure the web app further? A. Use JavaScript for server-side data validation. B. Use public key infrastructure (PKI). C. Use a Virtual Private Network (VPN). D. Use JavaScript for client-side data validation.
A. Disable zone transfers. B. Modify the scope to include only one address for each host on the network.
You manager would like to implement additional security measures on the DHCP server. What actions would you recommend. (Choose two). A. Disable zone transfers. B. Modify the scope to include only one address for each host on the network. C. Deactivate the scope. D. Configure an address reservation for each of the addresses in the DHCP scope. E. Disable DHCP.
B. Limit zone transfers to the IP addresses of the secondary servers.
Your company has a primary DNS server at its head office and a secondary DNS server at two other offices around the world. What should you do to secure the DNS data? A. Allow zone transfers only to the head office DNS server. B. Limit zone transfers to the IP addresses of the secondary servers. C. Block TCP port 53 on the firewall in the head office. D. Block UDP port 53 on the firewall in the head office.
C. Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones. A, B, and D are incorrect. Supervisory Control and Data Acquisition (SCADA) is a special system used in industrial environments to monitor operations and to provide alarms if any systems are tampered with. The question asks about securing data on the smart phone, not through the network with a VPN. HTTPS will not protect data on the phone; only data in transit between the web browser and the secured web site is protected.
Your company has issued Android-based smart phones to select employees. Your manager asks you to ensure that data on the smart phones is protected. How do you address your manager's concerns? A. Implement Supervisory control and data acquisition (SCADA), screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones. B. Implement Public Key Infrastructure (PKI) Virtual Private Network (VPN) authentication certificates, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones. C. Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones. D. Implement HTTPS, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones.
C. Use Group Policy to enforce the described application configuration baseline. A, B, and D are incorrect. Configuring each computer is not necessary. Creating a PKI certificate for signing macros is required, but this is not configured on all stations. The macros themselves do not need to be distributed, only the fact that macros are to be trusted.
Your company is upgrading to a new office suite. The spreadsheet application must trust only macros digitally signed by the company certificate authority. You have servers installed in a single Windows Active Directory domain. What should you configure to ensure that macro security on all stations is configured properly? A. Configure the spreadsheet application on each computer to trust company macros. B. Create an Encrypting File System (EFS) public key infrastructure (PKI) certificate for signing the macros. C. Use Group Policy to enforce the described application configuration baseline. D. Use Group Policy to distribute macros to all stations.
C. Configure each web site to use its own application pool. A, B, and D are incorrect. The question clearly states all sites share the same application pool. Each site should have its own application pool for security and stability reasons.
Your company uses Microsoft IIS to host multiple intranet web sites on a twonode cluster. All sites store their configuration and content on drive C: and log files are stored on the D: drive. All sites share a common application pool. The IT director has asked that you ensure that a single hacked web site will not adversely affect other running web sites. What should you do? A. Move each web site configuration to a separate hard disk. B. Move each web site's content to a separate hard disk. C. Configure each web site to use its own application pool. D. Add a third node to the two-node cluster.
B. Ensure the logon credentials are encrypted.
Your computer is implementing a new web application that is designed to help track inventory of company assets. When reviewing the configuration of the application, you note that it requires users to log on to access the inventory site. What else should you look for? A. Ensure the firewall only has port 21 open. B. Ensure the logon credentials are encrypted. C. Ensure the app is using the sa account to connect to the database. D. Ensure the certificate is untrusted.
B. Input validation A, C, and D are incorrect. SQL injection prevention is not a secure coding guideline. The lack of indexes may make searching slower, but it will not prevent the flaw in this example, and it is not considered a secure coding guideline. User authentication is not correct because the question clearly states that users are logging in.
Your intranet provides employees with the ability to search through an SQL database for their past travel expenses once they have logged in. One employee from the IT department discovers that if she enters an SQL string such as SELECT * FROM EXPENSES WHERE EMPID = 'x'='x';, it returns all employee travel expense records. What secure coding guideline was ignored? A. SQL injection prevention B. Input validation C. Disabling of SQL indexes D. User authentication
D. Reduce the attack surface
Your manager has read about the need to uninstall unnecessary software and disable unnecessary services from a system. What is the purpose of performing these hardening techniques? A. Close ports on the system B. Assess vulnerabilities C. Fuzzing D. Reduce the attack surface
B. Validate all data inputted.
Your manager is worried about the security of the applications created by the in-house developers. From a security point of view, what recommendation should you make to the manager as the No. 1 rule for developers to follow? A. Create user-friendly applications. B. Validate all data inputted. C. Ensure the focus is on usability. D. Create nice input screens.
