CompTIA SY0-401 - Topic 4, Application, Data and Host Security

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

QUESTION NO: 860 DRAG DROP A security administrator is given the security and availability profiles for servers that are being deployed. Match each RAID type with the correct configuration and MINIMUM number of drives. Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions: All drive definitions can be dragged as many times as necessary Not all placeholders may be filled in the RAID configuration boxes If parity is required, please select the appropriate number of parity checkboxes Server profiles may be dragged only once Instructions: If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Answer: Explanation: RAID-0 is known as striping. It is not a fault tolerant solution but does improve disk performance for read/write operations. Striping requires a minimum of two disks and does not use parity. RAID- 0 can be used where performance is required over fault tolerance, such as a media streaming server. RAID-1 is known as mirroring because the same data is written to two disks so that the two disks have identical data. This is a fault tolerant solution that halves the storage space. A minimum of two disks are used in mirroring and does not use parity. RAID-1 can be used where fault tolerance is required over performance, such as on an authentication server. RAID-5 is a fault tolerant solution that uses parity and striping. A minimum of three disks are required for RAID-5 with one disk's worth of space being used for parity information. However, the parity information is distributed across all the disks. RAID-5 can recover from a sing disk failure. RAID-6 is a fault tolerant solution that uses dual parity and striping. A minimum of four disks are required for RAID-6. Dual parity allows RAID-6 to recover from the simultaneous failure of up to two disks. Critical data should be stored on a RAID-6 system. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 34-36, 234-235

QUESTION NO: 783 A network administrator noticed various chain messages have been received by the company. Which of the following security controls would need to be implemented to mitigate this issue? A. Anti-spam B. Antivirus C. Host-based firewalls D. Anti-spyware

Answer: A Explanation: A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM).

QUESTION NO: 765 A small company has recently purchased cell phones for managers to use while working outside if the office. The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the company's requirements? A. Screen-lock B. Disable removable storage C. Full device encryption D. Remote wiping

Answer: A Explanation: Explanation Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications.

QUESTION NO: 840 An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented? A. Cluster tip wiping B. Individual file encryption C. Full disk encryption D. Storage retention

Answer: A Explanation: A computer hard disk is divided into small segments called clusters. A file usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted.

QUESTION NO: 738 Which of the following is a best practice for error and exception handling? A. Log detailed exception but display generic error message B. Display detailed exception but log generic error message C. Log and display detailed error and exception messages D. Do not log or display error or exception messages

Answer: A Explanation: A detailed explanation of the error is not helpful for most end users but might provide information that is useful to a hacker. It is therefore better to display a simple but helpful message to the end user and log the detailed information to an access-restricted log file for the administrator and programmer who would need as much information as possible about the problem in order to rectify it.

QUESTION NO: 795 Joe, a network security engineer, has visibility to network traffic through network monitoring tools. However, he's concerned that a disgruntled employee may be targeting a server containing the company's financial records. Which of the following security mechanism would be MOST appropriate to confirm Joe's suspicion? A. HIDS B. HIPS C. NIPS D. NIDS

Answer: A Explanation: A host-based IDS (HIDS) is an intrusion detection system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application activity for signs of intrusion. It is useful for detecting attacks that originate outside the organization as well as attacks by internal users logged on to the system.

QUESTION NO: 792 Each server on a subnet is configured to only allow SSH access from the administrator's workstation. Which of the following BEST describes this implementation? A. Host-based firewalls B. Network firewalls C. Network proxy D. Host intrusion prevention

Answer: A Explanation: A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet. These firewalls manage network traffic using filters to block certain ports and protocols while allowing others to pass through the system.

QUESTION NO: 777 Which of the following would prevent a user from installing a program on a company-owned mobile device? A. White-listing B. Access control lists C. Geotagging D. Remote wipe

Answer: A Explanation: Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list.

QUESTION NO: 767 After a security incident involving a physical asset, which of the following should be done at the beginning? A. Record every person who was in possession of assets, continuing post-incident. B. Create working images of data in the following order: hard drive then RAM. C. Back up storage devices so work can be performed on the devices immediately. D. Write a report detailing the incident and mitigation suggestions.

Answer: A Explanation: Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user.

QUESTION NO: 735 Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent? A. Buffer overflow B. Pop-up blockers C. Cross-site scripting D. Fuzzing

Answer: A Explanation: Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits.

QUESTION NO: 742 In regards to secure coding practices, why is input validation important? A. It mitigates buffer overflow attacks. B. It makes the code more readable. C. It provides an application configuration baseline. D. It meets gray box testing standards.

Answer: A Explanation: Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits.

QUESTION NO: 813 A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data? A. Database field encryption B. File-level encryption C. Data loss prevention system D. Full disk encryption

Answer: A Explanation: Database encryption makes use of cryptography functions that are built into the database software to encrypt the data stored in the data base. This often offers granular encryption options which allows for the encryptions of the entire database, specific database tables, or specific database fields, such as a credit card number field.

QUESTION NO: 820 Which of the following types of encryption will help in protecting files on a PED? A. Mobile device encryption B. Transport layer encryption C. Encrypted hidden container D. Database encryption

Answer: A Explanation: Device encryption encrypts the data on a Personal Electronic Device (PED). This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

QUESTION NO: 762 A way to assure data at-rest is secure even in the event of loss or theft is to use: A. Full device encryption. B. Special permissions on the file system. C. Trusted Platform Module integration. D. Access Control Lists.

Answer: A Explanation: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

QUESTION NO: 821 Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft? A. Disk encryption B. Encryption policy C. Solid state drive D. Mobile device policy

Answer: A Explanation: Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

QUESTION NO: 837 Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration? A. Hard drive encryption B. Infrastructure as a service C. Software based encryption D. Data loss prevention

Answer: A Explanation: Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. It should be implemented using a hardware-based solution for greater speed.

QUESTION NO: 734 Which of the following is an application security coding problem? A. Error and exception handling B. Patch management C. Application hardening D. Application fuzzing

Answer: A Explanation: Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application.

QUESTION NO: 817 A team of firewall administrators have access to a `master password list' containing service account passwords. Which of the following BEST protects the master password list? A. File encryption B. Password hashing C. USB encryption D. Full disk encryption

Answer: A Explanation: File encryption can be used to protect the contents of individual files. It uses randomly generated symmetric encryption keys for the file and stores the key in an encrypted form using the user's public key on the encrypted file.

QUESTION NO: 812 To protect corporate data on removable media, a security policy should mandate that all removable devices use which of the following? A. Full disk encryption B. Application isolation C. Digital rights management D. Data execution prevention

Answer: A Explanation: Full-disk encryption encrypts the data on the hard drive of the device or on a removable drive. This feature ensures that the data on the device or removable drive cannot be accessed in a useable form should it be stolen.

QUESTION NO: 725 Which of the following application security testing techniques is implemented when an automated system generates random input data? A. Fuzzing B. XSRF C. Hardening D. Input validation

Answer: A Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 729 Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions? A. Unexpected input B. Invalid output C. Parameterized input D. Valid output

Answer: A Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 778 If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing? A. Transitive trust B. Public key trust C. Certificate authority trust D. Domain level trust

Answer: A Explanation: In transitive trusts, trust between a first party and a third party flows through a second party that is trusted by both the first party and the third party.

QUESTION NO: 744 Which of the following is a common coding error in which boundary checking is not performed? A. Input validation B. Fuzzing C. Secure coding D. Cross-site scripting

Answer: A Explanation: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

QUESTION NO: 743 Input validation is an important security defense because it: A. rejects bad or malformed data. B. enables verbose error reporting. C. protects mis-configured web servers. D. prevents denial of service attacks.

Answer: A Explanation: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

QUESTION NO: 747 Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system? A. Input validation B. Network intrusion detection system C. Anomaly-based HIDS D. Peer review

Answer: A Explanation: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

QUESTION NO: 790 A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate? A. Patch management B. Application hardening C. White box testing D. Black box testing

Answer: A Explanation: Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system before applying the updates on a production system, and scheduling updates.

QUESTION NO: 788 Which of the following encompasses application patch management? A. Configuration management B. Policy management C. Cross-site request forgery D. Fuzzing

Answer: A Explanation: Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have detrimental effects on the system and its configuration, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying the updates on a production system.

QUESTION NO: 759 Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended? A. Screen lock B. Voice encryption C. GPS tracking D. Device encryption

Answer: A Explanation: Screen-lock is a security feature that requires the user to enter a PIN or a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications.

QUESTION NO: 737 A program displays: ERROR: this program has caught an exception and will now terminate. Which of the following is MOST likely accomplished by the program's behavior? A. Operating system's integrity is maintained B. Program's availability is maintained C. Operating system's scalability is maintained D. User's confidentiality is maintained

Answer: A Explanation: The purpose of error handling is to maintain the security and integrity of the system. Integrity is compromised when unauthorized modification occurs.

QUESTION NO: 829 Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops? A. TPM B. HSM C. CPU D. FPU

Answer: A Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 833 The systems administrator wishes to implement a hardware-based encryption method that could also be used to sign code. They can achieve this by: A. Utilizing the already present TPM. B. Configuring secure application sandboxes. C. Enforcing whole disk encryption. D. Moving data and applications into the cloud.

Answer: A Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 772 The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the following? A. The risks associated with the large capacity of USB drives and their concealable nature B. The security costs associated with securing the USB drives over time C. The cost associated with distributing a large volume of the USB pens D. The security risks associated with combining USB drives and cell phones on a network

Answer: A Explanation: USB drive and other USB devices represent a security risk as they can be used to either bring malicious code into a secure system or to copy and remove sensitive data out of the system.

QUESTION NO: 750 Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks? A. Check the referrer field in the HTTP header B. Disable Flash content C. Use only cookies for authentication D. Use only HTTPS URLs

Answer: A Explanation: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application's trust of a user who known or is supposed to have been authenticated. This is accomplished by changing values in the HTTP header and even in the user's cookie to falsify access. It can be prevented by embedding additional authentication data into requests that allows the web application to detect requests from unauthorized locations. Examples are synchronizer token patterns, cookie-to-header tokens, and checking the HTTP Referrer header and the HTTP Origin header.

QUESTION NO: 761 Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing sensitive information? (Select TWO). A. Full device encryption B. Screen locks C. GPS D. Asset tracking E. Inventory control

Answer: A,B Explanation: A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. B: Screen locks are a security feature that requires the user to enter a PIN or a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications.

QUESTION NO: 773 Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO). A. Disable the USB root hub within the OS. B. Install anti-virus software on the USB drives. C. Disable USB within the workstations BIOS. D. Apply the concept of least privilege to USB devices. E. Run spyware detection against all workstations.

Answer: A,C Explanation: A: The USB root hub can be disabled from within the operating system. C: USB can also be configured and disabled in the system BIOS.

QUESTION NO: 768 The chief Risk officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from the device. Which of the following BEST meets the requirements? (Select TWO) A. Asset tracking B. Screen-locks C. GEO-Tracking D. Device encryption

Answer: A,D Explanation: A: Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user. D: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

QUESTION NO: 808 A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO). A. SSH B. TFTP C. NTLM D. TKIP E. SMTP F. PGP/GPG

Answer: A,F Explanation: We can use SSH to encrypt the transmission and PGP/GPG to encrypt the data at rest (on disk). A: Secure Shell (SSH) is a cryptographic protocol that can be used to secure network communication. It establishes a secure tunnel over an insecure network. F: Pretty Good Privacy (PGP) is a data encryption and decryption solution that can be used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

QUESTION NO: 771 Allowing unauthorized removable devices to connect to computers increases the risk of which of the following? A. Data leakage prevention B. Data exfiltration C. Data classification D. Data deduplication

Answer: B Explanation: Data exfiltration is the unauthorized copying, transfer or retrieval of data from a system.

QUESTION NO: 854 An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks? A. XSRF Attacks B. Fuzzing C. Input Validations D. SQL Injections

Answer: B Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 853 Establishing a method to erase or clear cluster tips is an example of securing which of the following? A. Data in transit B. Data at rest C. Data in use D. Data in motion

Answer: B Explanation: A computer hard disk is divided into small segments called clusters. A file stored on a hard disk usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted. Data stored on the hard drive is called data at rest.

QUESTION NO: 791 Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal? A. A host-based intrusion prevention system B. A host-based firewall C. Antivirus update system D. A network-based intrusion detection system

Answer: B Explanation: A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet.

QUESTION NO: 793 Which of the following is an important step in the initial stages of deploying a host-based firewall? A. Selecting identification versus authentication B. Determining the list of exceptions C. Choosing an encryption algorithm D. Setting time of day restrictions

Answer: B Explanation: A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet. These firewalls manage network traffic using filters to block certain ports and protocols while allowing others to pass through the system.

QUESTION NO: 838 A large corporation has data centers geographically distributed across multiple continents. The company needs to securely transfer large amounts of data between the data center. The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit. Which of the following represents the BEST cryptographic solution? A. Driving a van full of Micro SD cards from data center to data center to transfer data B. Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN C. Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN D. Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server

Answer: B Explanation: A virtual private network (VPN) is an encrypted communication tunnel that connects two systems over an untrusted network, such as the Internet. They provide security for both authentication and data transmission through a process called encapsulation. Secure Sockets Layer (SSL) can be used to exchange the VPN keys securely. SSL is used to establish secure TCP communication between two machines by encrypting the communication.

QUESTION NO: 857 It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue? A. Device encryption B. Application control C. Content filtering D. Screen-locks

Answer: B Explanation: Application control is the process of controlling what applications are installed on a device. This may reduce exposure to malicious software by limiting the user's ability to install applications that come from unknown sources or have no work-related features.

QUESTION NO: 796 Which of the following devices will help prevent a laptop from being removed from a certain location? A. Device encryption B. Cable locks C. GPS tracking D. Remote data wipes

Answer: B Explanation: Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal.

QUESTION NO: 809 Which of the following does full disk encryption prevent? A. Client side attacks B. Clear text access C. Database theft D. Network-based attacks

Answer: B Explanation: Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

QUESTION NO: 728 A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task? A. Secure coding B. Fuzzing C. Exception handling D. Input validation

Answer: B Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 732 Which of the following would Jane, an administrator, use to detect an unknown security vulnerability? A. Patch management B. Application fuzzing C. ID badge D. Application configuration baseline

Answer: B Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 846 When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability? A. Deploying identical application firewalls at the border B. Incorporating diversity into redundant design C. Enforcing application white lists on the support workstations D. Ensuring the systems' anti-virus definitions are up-to-date

Answer: B Explanation: If you know there is a vulnerability that is specific to one vendor, you can improve availability by implementing multiple systems that include at least one system from a different vendor and so is not affected by the vulnerability.

QUESTION NO: 740 Which of the following is the below pseudo-code an example of? IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT A. Buffer overflow prevention B. Input validation C. CSRF prevention D. Cross-site scripting prevention

Answer: B Explanation: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

QUESTION NO: 858 Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as which of the following? A. Output sanitization B. Input validation C. Application hardening D. Fuzzing

Answer: B Explanation: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

QUESTION NO: 741 After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen: `Please only use letters and numbers on these fields' Which of the following is this an example of? A. Proper error handling B. Proper input validation C. Improper input validation D. Improper error handling

Answer: B Explanation: Input validation is an aspect of secure coding and is intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

QUESTION NO: 859 Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment? A. NoSQL databases are not vulnerable to XSRF attacks from the application server. B. NoSQL databases are not vulnerable to SQL injection attacks. C. NoSQL databases encrypt sensitive information by default. D. NoSQL databases perform faster than SQL databases on the same hardware.

Answer: B Explanation: NoSQL is a nonrelational database and does not use SQL. It is therefore not vulnerable to SQL injection attacks but is vulnerable to similar injection-type attacks.

QUESTION NO: 848 A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices? A. Black listing applications B. Operating System hardening C. Mandatory Access Control D. Patch Management

Answer: B Explanation: Operating System hardening is the process of securing the operating system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

QUESTION NO: 758 Which of the following practices is used to mitigate a known security vulnerability? A. Application fuzzing B. Patch management C. Password cracking D. Auditing security logs

Answer: B Explanation: Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from new attacks and vulnerabilities that have recently become known.

QUESTION NO: 757 Which of the following is the term for a fix for a known software problem? A. Skiff B. Patch C. Slipstream D. Upgrade

Answer: B Explanation: Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities.

QUESTION NO: 786 A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening? A. Antivirus B. Pop-up blocker C. Spyware blocker D. Anti-spam

Answer: B Explanation: Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious code.

QUESTION NO: 764 A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen? A. Application control B. Remote wiping C. GPS D. Screen-locks

Answer: B Explanation: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.

QUESTION NO: 806 Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised? A. Least privilege B. Sandboxing C. Black box D. Application hardening

Answer: B Explanation: Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from being able to cause harm to production systems.

QUESTION NO: 794 Which of the following MOST interferes with network-based detection techniques? A. Mime-encoding B. SSL C. FTP D. Anonymous email accounts

Answer: B Explanation: Secure Sockets Layer (SSL) is used to establish secure TCP communication between two machines by encrypting the communication. Encrypted communications cannot easily be inspected for anomalies by network-based intrusion detection systems (NIDS).

QUESTION NO: 842 Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information Officer (CIO) is concerned about disclosure of confidential information. Which of the following is the MOST secure method to dispose of these hard drives? A. Degaussing B. Physical Destruction C. Lock up hard drives in a secure safe D. Wipe

Answer: B Explanation: The physical description of hard drives is the only secure means of disposing hard drives. This can include incineration, an acid bath, and crushing.

QUESTION NO: 851 Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)? A. Co-hosted application B. Transitive trust C. Mutually exclusive access D. Dual authentication

Answer: B Explanation: Transitive trust is a form of trust that flows from one entity to another so that if A trusts B and B trusts C, A automatically trusts C.

QUESTION NO: 830 Which of the following is built into the hardware of most laptops but is not setup for centralized management by default? A. Whole disk encryption B. TPM encryption C. USB encryption D. Individual file encryption

Answer: B Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 763 Which of the following should Matt, a security administrator, include when encrypting smartphones? (Select TWO). A. Steganography images B. Internal memory C. Master boot records D. Removable memory cards E. Public keys

Answer: B,D Explanation: All useable data on the device should be encrypted. This data can be located on the hard drive, or removable drives, such as USB devices and memory cards, and on internal memory.

QUESTION NO: 798 The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Select TWO). A. Device encryption B. Antivirus C. Privacy screen D. Cable locks E. Remote wipe

Answer: B,D Explanation: B: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources. Public systems are particularly prone to viruses. D: Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep devices from being easy to steal.

QUESTION NO: 774 A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here? A. Separation of duties B. Least privilege C. Same sign-on D. Single sign-on

Answer: C Explanation: Same sign-on requires the users to re-enter their credentials but it allows them to use the same credentials that they use to sign on locally.

QUESTION NO: 770 Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need? A. Implement voice encryption, pop-up blockers, and host-based firewalls. B. Implement firewalls, network access control, and strong passwords. C. Implement screen locks, device encryption, and remote wipe capabilities. D. Implement application patch management, antivirus, and locking cabinets.

Answer: C Explanation: Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications. Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.

QUESTION NO: 814 Which of the following types of data encryption would Matt, a security administrator, use to encrypt a specific table? A. Full disk B. Individual files C. Database D. Removable media

Answer: C Explanation: A table is stored in a database. Database encryption makes use of cryptography functions that are built into the database software to encrypt the data stored in the database. This often offers granular encryption options which allows for the encryptions of the entire database, specific database tables, or specific database fields, such as a credit card number field.

QUESTION NO: 733 Which of the following pseudocodes can be used to handle program exceptions? A. If program detects another instance of itself, then kill program instance. B. If user enters invalid input, then restart program. C. If program module crashes, then restart program module. D. If user's input exceeds buffer length, then truncate the input.

Answer: C Explanation: Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture all errors and exceptions that could cause the application or its modules to crash. Restarting the application or module would ensure that the application reverts back to a secure state.

QUESTION NO: 856 Which of the following would be MOST appropriate if an organization's requirements mandate complete control over the data and applications stored in the cloud? A. Hybrid cloud B. Community cloud C. Private cloud D. Public cloud

Answer: C Explanation: A private cloud is a cloud service for internal use only and is located within a corporate network rather than on the Internet. It is usually owned, managed, and operated by the company, which gives the company full control over the data and applications stored in the cloud.

QUESTION NO: 847 Which of the following devices would be the MOST efficient way to filter external websites for staff on an internal network? A. Protocol analyzer B. Switch C. Proxy D. Router

Answer: C Explanation: A proxy is a device that acts on behalf of other devices. All internal user communications with the Internet could be controlled through a proxy server, which can be configured to automatically filter out or block certain sites and content. It can also cache often-accessed sites to improve performance.

QUESTION NO: 789 A periodic update that corrects problems in one version of a product is called a A. Hotfix B. Overhaul C. Service pack D. Security update

Answer: C Explanation: A service pack is a collection of updates and hotfixes that address a number of software issues, as well as new software features. It is released periodically by the vendor.

QUESTION NO: 800 Identifying a list of all approved software on a system is a step in which of the following practices? A. Passively testing security controls B. Application hardening C. Host software baselining D. Client-side targeting

Answer: C Explanation: Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components, operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the required level of security is being maintained.

QUESTION NO: 797 Which of the following can be used as an equipment theft deterrent? A. Screen locks B. GPS tracking C. Cable locks D. Whole disk encryption

Answer: C Explanation: Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal.

QUESTION NO: 845 Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks? A. Intrusion Detection System B. Flood Guard Protection C. Web Application Firewall D. URL Content Filter

Answer: C Explanation: Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity.

QUESTION NO: 815 A database administrator would like to start encrypting database exports stored on the SAN, but the storage administrator warns that this may drastically increase the amount of disk space used by the exports. Which of the following explains the reason for the increase in disk space usage? A. Deduplication is not compatible with encryption B. The exports are being stored on smaller SAS drives C. Encrypted files are much larger than unencrypted files D. The SAN already uses encryption at rest

Answer: C Explanation: Encryption adds overhead to the data which results in and increase in file size. This overhead is attached to each file and could include the encryption/decryption key, data recovery files and data decryption field in file header. As a result, requires increased storage space.

QUESTION NO: 736 Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly? A. Fuzzing B. Patch management C. Error handling D. Strong passwords

Answer: C Explanation: Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application.

QUESTION NO: 811 Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate laptops where the file structures are unknown? A. Folder encryption B. File encryption C. Whole disk encryption D. Steganography

Answer: C Explanation: Full-disk encryption encrypts the data on the hard drive of the device or on a removable drive. This feature ensures that the data on the device or removable drive cannot be accessed in a useable form should it be stolen. Furthermore, full-disk encryption is not dependant on knowledge of the file structure.

QUESTION NO: 730 Which of the following application security principles involves inputting random data into a program? A. Brute force attack B. Sniffing C. Fuzzing D. Buffer overflow

Answer: C Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 731 An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses within the code? A. Vulnerability scanning B. Denial of service C. Fuzzing D. Port scanning

Answer: C Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 775 Prior to leaving for an extended vacation, Joe uses his mobile phone to take a picture of his family in the house living room. Joe posts the picture on a popular social media site together with the message: "Heading to our two weeks vacation to Italy." Upon returning home, Joe discovers that the house was burglarized. Which of the following is the MOST likely reason the house was burglarized if nobody knew Joe's home address? A. Joe has enabled the device access control feature on his mobile phone. B. Joe's home address can be easily found using the TRACEROUTE command. C. The picture uploaded to the social media site was geo-tagged by the mobile phone. D. The message posted on the social media site informs everyone the house will be empty.

Answer: C Explanation: Geo-tagging is the process of embedding the GPS coordinates in image files and images taken using a smartphone or a digital camera. The geotagged information accompanying the image allows anyone to discover the precise location where the image was taken.

QUESTION NO: 766 Pete, the system administrator, has concerns regarding users losing their company provided smartphones. Pete's focus is on equipment recovery. Which of the following BEST addresses his concerns? A. Enforce device passwords. B. Use remote sanitation. C. Enable GPS tracking. D. Encrypt stored data.

Answer: C Explanation: Global Positioning System (GPS) tracking can be used to identify its location of a stolen device and can allow authorities to recover the device. However, for GPS tracking to work, the device must have an Internet connection or a wireless phone service over which to send its location information.

QUESTION NO: 751 The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as: A. Stabilizing B. Reinforcing C. Hardening D. Toughening

Answer: C Explanation: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

QUESTION NO: 752 Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new software? A. Application white listing B. Network penetration testing C. Application hardening D. Input fuzzing testing

Answer: C Explanation: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services. Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure? A. Error and exception handling B. Application hardening C. Application patch management D. Cross-site script prevention UnicornAnswer: B Explanation: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

QUESTION NO: 822 An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be stored so that it is protected from theft? A. Implement full disk encryption B. Store on encrypted removable media C. Utilize a hardware security module D. Store on web proxy file system

Answer: C Explanation: Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates.

QUESTION NO: 746 Without validating user input, an application becomes vulnerable to all of the following EXCEPT: A. Buffer overflow. B. Command injection. C. Spear phishing. D. SQL injection.

Answer: C Explanation: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

QUESTION NO: 824 Which of the following would be used when a higher level of security is desired for encryption key storage? A. TACACS+ B. L2TP C. LDAP D. TPM

Answer: D Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 839 A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with? A. Data confidentiality B. High availability C. Data integrity D. Business continuity

Answer: C Explanation: Integrity is the process of ensuring that the information has not been altered during transmission. This can be accomplished by means of hashing.

QUESTION NO: 756 An administrator finds that non-production servers are being frequently compromised, production servers are rebooting at unplanned times and kernel versions are several releases behind the version with all current security fixes. Which of the following should the administrator implement? A. Snapshots B. Sandboxing C. Patch management D. Intrusion detection system

Answer: C Explanation: Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities.

QUESTION NO: 849 A security administrator wants to implement a solution which will allow some applications to run under the user's home directory and only have access to files stored within the same user's folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users? A. OS Virtualization B. Trusted OS C. Process sandboxing D. File permission

Answer: C Explanation: Sandboxing involves running applications in restricted memory areas. It limits the possibility of an application crash, allowing a user to access another application or the data associated with it.

QUESTION NO: 805 An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building? A. Cloud B. Trusted C. Sandbox D. Snapshot

Answer: C Explanation: Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from being able to cause harm to production systems.

QUESTION NO: 801 A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. Which of the following is the BEST approach for implementation of the new application on the virtual server? A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location. B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application. C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location. D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application.

Answer: C Explanation: Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications. However, the snapshot should be taken before the application or update is installed.

QUESTION NO: 754 A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. Which of the following processes could MOST effectively mitigate these risks? A. Application hardening B. Application change management C. Application patch management D. Application firewall review

Answer: C Explanation: The question states that operating system updates are applied but not other software updates. The 'other software' in this case would be applications. Software updates includes functionality updates and more importantly security updates. The process of applying software updates or 'patches' to applications is known as 'application patch management'. Application patch management is an effective way of mitigating security risks associated with software applications.

QUESTION NO: 831 A hospital IT department wanted to secure its doctor's tablets. The IT department wants operating system level security and the ability to secure the data from alteration. Which of the following methods would MOST likely work? A. Cloud storage B. Removal Media C. TPM D. Wiping

Answer: C Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 823 Which of the following has a storage root key? A. HSM B. EFS C. TPM D. TKIP

Answer: C Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates on non-volatile (NV) memory. Data stored on NV memory is retained unaltered when the device has no power. The storage root key is embedded in the TPM to protect TPM keys created by applications, so that these keys cannot be used without the TPM.

QUESTION NO: 825 Which of the following is a hardware based encryption device? A. EFS B. TrueCrypt C. TPM D. SLE

Answer: C Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 826 A company wants to ensure that all aspects if data are protected when sending to other sites within the enterprise. Which of the following would ensure some type of encryption is performed while data is in transit? A. SSH B. SHA1 C. TPM D. MD5

Answer: C Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 802 The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this? A. Log audits B. System hardening C. Use IPS/IDS D. Continuous security monitoring

Answer: D Explanation: A security baseline is the security setting of a system that is known to be secure. This is the initial security setting of a system. Once the baseline has been applied, it must be maintained or improved. Maintaining the security baseline requires continuous monitoring.

QUESTION NO: 852 Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing? A. OS hardening B. Application control C. Virtualization D. Sandboxing

Answer: C Explanation: Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same hardware, reducing costs. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation.

QUESTION NO: 816 Which of the following is an advantage of implementing individual file encryption on a hard drive which already deploys full disk encryption? A. Reduces processing overhead required to access the encrypted files B. Double encryption causes the individually encrypted files to partially lose their properties C. Individually encrypted files will remain encrypted when copied to external media D. File level access control only apply to individually encrypted files in a fully encrypted drive

Answer: C Explanation: With full disk encryption a file is encrypted as long as it remains on the disk. This is because the data on the disk is decrypted when the user logs on, thus the data is in a decrypted form when it is copied to another disk. Individually encrypted files on the other hand remain encrypted.

QUESTION NO: 749 After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window: <HTML> <body onload="document.getElementByID('badForm').submit()"> <form id="badForm" action="shoppingsite.company.com/purchase.php" method="post" > <input name="Perform Purchase" value="Perform Purchase"/> </form> </body> </HTML> Which of the following has MOST likely occurred? A. SQL injection B. Cookie stealing C. XSRF D. XSS

Answer: C Explanation: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application's trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user's knowledge.

QUESTION NO: 844 Which of the following are examples of network segmentation? (Select TWO). A. IDS B. IaaS C. DMZ D. Subnet E. IPS

Answer: C,D Explanation: C: A demilitarized zone (DMZ) is a part of the network that is separated of segmented from the rest of the network by means of firewalls and acts as a buffer between the untrusted public Internet and the trusted local area network (LAN). D. IP subnets can be used to separate or segment networks while allowing communication between the network segments via routers.

QUESTION NO: 748 The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO). A. Permit redirection to Internet-facing web URLs. B. Ensure all HTML tags are enclosed in angle brackets, e.g., "<" and ">". C. Validate and filter input on the server side and client side. D. Use a web proxy to pass website requests between the user and the application. E. Restrict and sanitize use of special characters in input and URLs.

Answer: C,E Explanation: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application's trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user's knowledge. XSRF can be prevented by adding a randomization string (called a nonce) to each URL request and session establishment and checking the client HTTP request header referrer for spoofing.

QUESTION NO: 760 Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO). A. Tethering B. Screen lock PIN C. Remote wipe D. Email password E. GPS tracking F. Device encryption

Answer: C,F Explanation: C: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people. F: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

QUESTION NO: 781 An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement? A. Implement IIS hardening by restricting service accounts. B. Implement database hardening by applying vendor guidelines. C. Implement perimeter firewall rules to restrict access. D. Implement OS hardening by applying GPOs.

Answer: D Explanation: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. This can be implemented using the native security features of an operating system, such as Group Policy Objects (GPOs).

QUESTION NO: 835 Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise: A. user accounts may be inadvertently locked out. B. data on the USB drive could be corrupted. C. data on the hard drive will be vulnerable to log analysis. D. the security controls on the USB drive can be bypassed.

Answer: D Explanation: A common access mechanism to data on encrypted USB hard drives is a password. If a weak password is used, someone could guess the password and bypass the security controls on the USB drive to access the data.

QUESTION NO: 855 Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services? A. NIPS B. Content filter C. NIDS D. Host-based firewalls

Answer: D Explanation: A host-based firewall is designed to protect the host from network based attack by using filters to limit the network traffic that is allowed to enter or leave the host. The action of a filter is to allow, deny, or log the network packet. Allow enables the packet to continue toward its destination. Deny blocks the packet from going any further and effectively discarding it. Log records information about the packet into a log file. Filters can be based on protocol and ports. By blocking protocols and ports that are not required, other potentially compromised application services would be prevented from being exploited across the network.

QUESTION NO: 807 Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults? A. VLAN B. Protocol security C. Port security D. VSAN

Answer: D Explanation: A storage area network (SAN) is a secondary network that offers storage isolation by consolidating storage devices such as hard drives, drive arrays, optical jukeboxes, and tape libraries. Virtualization can be used to further enhance the security of a SAN by using switches to create a VSAN. These switches act as routers controlling and filtering traffic into and out of the VSAN while allowing unrestricted traffic within the VSAN.

QUESTION NO: 843 During a recent investigation, an auditor discovered that an engineer's compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. Which of the following is MOST likely to protect the SCADA systems from misuse? A. Update anti-virus definitions on SCADA systems B. Audit accounts on the SCADA systems C. Install a firewall on the SCADA network D. Deploy NIPS at the edge of the SCADA network

Answer: D Explanation: A supervisory control and data acquisition (SCADA) system is an industrial control system (ICS) that is used to control infrastructure processes, facility-based processes, or industrial processes. A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting and responding to network-based attacks originating from outside the organization.

QUESTION NO: 799 A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system's services to the list of standard services on the company's system image. This review process depends on: A. MAC filtering. B. System hardening. C. Rogue machine detection. D. Baselining.

Answer: D Explanation: Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components, operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the required level of security is being maintained.

QUESTION NO: 776 The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. Which of the following would be MOST effective for preventing this behavior? A. Acceptable use policies B. Host-based firewalls C. Content inspection D. Application whitelisting

Answer: D Explanation: Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list.

QUESTION NO: 850 Which of the following should a company implement to BEST mitigate from zero-day malicious code executing on employees' computers? A. Least privilege accounts B. Host-based firewalls C. Intrusion Detection Systems D. Application white listing

Answer: D Explanation: Application whitelisting is a security stance that prohibits unauthorized software from being able to execute unless it is on the preapproved exception list: the whitelist. This prevents any and all software, including malware, from executing unless it is on the whitelist. This can help block zero- day attacks, which are new attacks that exploit flaws or vulnerabilities in targeted systems and applications that are unknown or undisclosed to the world in general.

QUESTION NO: 739 Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization? A. It should be enforced on the client side only. B. It must be protected by SSL encryption. C. It must rely on the user's knowledge of the application. D. It should be performed on the server side.

Answer: D Explanation: Client-side validation should only be used to improve user experience, never for security purposes. A client-side input validation check can improve application performance by catching malformed input on the client and, therefore, saving a roundtrip to the server. However, client side validation can be easily bypassed and should never be used for security purposes. Always use server-side validation to protect your application from malicious attacks.

QUESTION NO: 745 One of the most consistently reported software security vulnerabilities that leads to major exploits is: A. Lack of malware detection. B. Attack surface decrease. C. Inadequate network hardening. D. Poor input validation.

Answer: D Explanation: D: With coding there are standards that should be observed. Of these standards the most fundamental is input validation. Attacks such as SQL injection depend on unfiltered input being sent through a web application. This makes for a software vulnerability that can be exploited. There are two primary ways to do input validation: client-side validation and server-side validation. Thus with poor input validation you increase your risk with regard to exposure to major software exploits.

QUESTION NO: 841 The act of magnetically erasing all of the data on a disk is known as: A. Wiping B. Dissolution C. Scrubbing D. Degaussing

Answer: D Explanation: Degaussing is a form a data wiping that entails the use of magnets to alter the magnetic structure of the storage medium.

QUESTION NO: 780 Which of the following file systems is from Microsoft and was included with their earliest operating systems? A. NTFS B. UFS C. MTFS D. FAT

Answer: D Explanation: File Allocation Table (FAT) is a file system created by Microsoft and used for its earliest DOS operating systems.

QUESTION NO: 810 Full disk encryption is MOST effective against which of the following threats? A. Denial of service by data destruction B. Eavesdropping emanations C. Malicious code D. Theft of hardware

Answer: D Explanation: Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. However, it does not prevent the theft of hardware it only protects data should the device be stolen.

QUESTION NO: 724 Methods to test the responses of software and web applications to unusual or unexpected inputs are known as: A. Brute force. B. HTML encoding. C. Web crawling. D. Fuzzing.

Answer: D Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 726 Which of the following security concepts identifies input variables which are then used to perform boundary testing? A. Application baseline B. Application hardening C. Secure coding D. Fuzzing

Answer: D Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 727 Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash? A. Input validation B. Exception handling C. Application hardening D. Fuzzing

Answer: D Explanation: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

QUESTION NO: 834 Which of the following BEST explains the use of an HSM within the company servers? A. Thumb drives present a significant threat which is mitigated by HSM. B. Software encryption can perform multiple functions required by HSM. C. Data loss by removable media can be prevented with DLP. D. Hardware encryption is faster than software encryption.

Answer: D Explanation: Hardware Security Module (HSM) is a cryptoprocessor that can be used to enhance security. It provides a fast solution for the for large asymmetrical encryption calculations and is much faster than software-based cryptographic solutions.

QUESTION NO: 769 Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network? A. Application white listing B. Remote wiping C. Acceptable use policy D. Mobile device management

Answer: D Explanation: Mobile device management (MDM) is allows for managing the mobile devices that employees use to access company resources. MDM is intended to improve security, provide monitoring, enable remote management, and support troubleshooting. It can be used to push or remove applications, manage data, and enforce configuration settings on these devices.

QUESTION NO: 818 A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator's concerns? A. Install a mobile application that tracks read and write functions on the device. B. Create a company policy prohibiting the use of mobile devices for personal use. C. Enable GPS functionality to track the location of the mobile devices. D. Configure the devices so that removable media use is disabled.

Answer: D Explanation: Mobile devices can be plugged into computers where they appear as an additional disk in the same way as a USB drive. This is known as removable media. This would enable users to copy company data onto the mobile devices. By disabling removable media use, the users will not be able to copy data onto the mobile devices.

QUESTION NO: 819 Which of the following can be used to mitigate risk if a mobile device is lost? A. Cable lock B. Transport encryption C. Voice encryption D. Strong passwords

Answer: D Explanation: Passwords are the most likely mechanism that can be used to mitigate risk when a mobile device is lost. A strong password would be more difficult to crack.

QUESTION NO: 755 A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue. Which of the following could BEST prevent this issue from occurring again? A. Application configuration baselines B. Application hardening C. Application access controls D. Application patch management

Answer: D Explanation: Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to ensure that the updates do not have detrimental effects on the system, and, should the updates have no detrimental effects on the test systems, backing up the production systems before applying the updates on a production system.

QUESTION NO: 804 A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. Which of the following should the administrator use to test the patching process quickly and often? A. Create an incremental backup of an unpatched PC B. Create an image of a patched PC and replicate it to servers C. Create a full disk image to restore after each installation D. Create a virtualized sandbox and utilize snapshots

Answer: D Explanation: Sandboxing is the process of isolating a system before installing new applications or patches on it so as to restrict the software from being able to cause harm to production systems. Before the patch is installed, a snapshot of the system should be taken. Snapshots are backups that can be used to quickly recover from poor updates, and errors arising from newly installed applications.

QUESTION NO: 784 Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie? A. Network based firewall B. Anti-spam software C. Host based firewall D. Anti-spyware software

Answer: D Explanation: Spyware monitors a user's activity and uses network protocols to reports it to a third party without the user's knowledge. This is usually accomplished using a tracking cookie. A security administrator wants to deploy security controls to mitigate the threat of company employees' personal information being captured online. Which of the following would BEST serve this purpose? A. Anti-spyware B. Antivirus C. Host-based firewall D. Web content filter UnicornAnswer: A Explanation: Spyware monitors a user's activity and uses network protocols to reports it to a third party without the user's knowledge. This is usually accomplished using a tracking cookie.

QUESTION NO: 836 A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement? A. Internet networks can be accessed via personally-owned computers. B. Data can only be stored on local workstations. C. Wi-Fi networks should use WEP encryption by default. D. Only USB devices supporting encryption are to be used.

Answer: D Explanation: The concern for preventing data loss is the concern for maintaining data confidentiality. This can be accomplished through encryption, access controls, and steganography. USB encryption is usually provided by the vendor of the USB device. It is not included on all USB devices.

QUESTION NO: 827 Which of the following should be enabled in a laptop's BIOS prior to full disk encryption? A. USB B. HSM C. RAID D. TPM

Answer: D Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 828 Which of the following is a hardware-based security technology included in a computer? A. Symmetric key B. Asymmetric key C. Whole disk encryption D. Trusted platform module

Answer: D Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 832 Which of the following hardware based encryption devices is used as a part of multi-factor authentication to access a secured computing system? A. Database encryption B. USB encryption C. Whole disk encryption D. TPM

Answer: D Explanation: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

QUESTION NO: 779 Which of the following can be performed when an element of the company policy cannot be enforced by technical means? A. Develop a set of standards B. Separation of duties C. Develop a privacy policy D. User training

Answer: D Explanation: User training is an important aspect of maintaining safety and security. It helps improve users' security awareness in terms of prevention, enforcement, and threats. It is of critical importance when element of the company policy cannot be enforced by technical means.

QUESTION NO: 803 Which of the following solutions provides the most flexibility when testing new security controls prior to implementation? A. Trusted OS B. Host software baselining C. OS hardening D. Virtualization

Answer: D Explanation: Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same hardware. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation.


संबंधित स्टडी सेट्स

discovery chinese 我饿了 sentence structure

View Set

PET Writing Part 1: Sentence Transformations (MEGA-SUPER SET!)

View Set