INSY 4312 Final Review
At the end of the cryptographic process, output is generated. With one type of output, simple character changes in the plaintext will cause several characters to change in the cipher text. What type of output is this?
Diffusion
You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is used?
RBAC
Which of the following can be classified as a stream cipher?
RC4
Which version of the Rivest cipher is a block cipher that supports variable bit length keys and variable bit block sizes?
RC5
A router access control list uses information in a packet, such as the destination IP address and port number, to make allow or deny forwarding decisions. This is an example of which kind of access control model?
RSBAC
Sensitive data is monitored by the data loss prevention (DLP) system in four different states. Which of the following is NOT one of the states monitored by DLP?
While a file with sensitive data is being created.
Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived. On a Wednesday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data?
1
You want to close all ports associated with NetBIOS on your network firewalls to prevent attacks directed against NetBIOS. Which ports should you close?
135, 137-139
Your network uses the following backup strategy: • Full backups every Sunday night • Differential backups Monday through Saturday nights On Thursday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data?
2
To transfer files to your company's internal network from home, you use FTP. The administrator has recently implemented a firewall at the network perimeter and disabled as many ports as possible. Now you can no longer make the FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (Select two.)
20 21
Which of the following ports does FTP use to establish sessions and manage traffic?
20, 21
You have been asked to implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5?
3
Your network uses the following backup strategy: • Full backups every Sunday night • Incremental backups Monday night through Saturday night On a Thursday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data?
4
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
443
Which of the following ports are used with TACACS?
49
You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. Which port does this action use?
636
Which ports does LDAP use by default? (Select two.)
636 389
You want to increase the security of your network by allowing only authenticated users to access network devices through a switch. Which of the following should you implement?
802.1x
Which of the following are requirements to deploy Kerberos on a network? (Select two.)
A centralized database of users and passwords Time synchronization between devices
Which of the following best describes Active Directory?
A centralized database that contains user account and security information
You want email sent from users in your organization to be encrypted to make messages more secure. Which of the following is an option you can use to enhance the encryption of email messages?
A cryptographic service provider
What is a cookie?
A file saved on your hard drive that tracks website preferences and use.
What is a PKI?
A hierarchy of computers for issuing certificates.
Smart devices are attractive targets for cyber criminals because they typically have minimal security and are not protected with anti-malware software. This makes it easier to exploit these types of devices and perpetrate attacks. Many smart devices can be utilized to conduct a single coordinated attack. What is this type of attack usually called?
A highly distributed attack
Which of the following describes a configuration baseline?
A list of common security settings that a group or all devices share
Which of the following is an appropriate definition of a VLAN?
A logical grouping of devices based on service need, protocol, or other criteria.
Which of the following security solutions would prevent a user from reading a file that she did not create?
EFS
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
What is mutual authentication?
A process by which each party in an online communication verifies the identity of each other party.
What type of key or keys are used in symmetric cryptography?
A shared private key
Which of the following best describes high amplification when applied to hashing algorithms?
A small change in the message results in a big change in the hash value.
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of common user names and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?
A strong password policy
Which of the following is the best example of remote access authentication?
A user establishes a dial-up connection to a server to gain access to shared resources.
What is the main difference between a worm and a virus?
A worm can replicate itself, while a virus requires a host for distribution.
You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible?
AES
IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)
AH ESP
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
ARP spoofing/poisoning
Which of the following advantages can single sign-on (SSO) provide? (Select two.)
Access to all authorized resources with a single instance of authentication The elimination of multiple user accounts and passwords for each individual
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?
Access token
What is the most important aspect of a biometric device?
Accuracy
You have a shared folder named Reports. Members of the Managers group have been given write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do?
Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.
You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl. You want to make sure that these emails never reach your inbox, but you want to make sure that emails from other senders are not affected. What should you do?
Add kenyan.msn.plto the email blacklist
Which of the following strategies can protect against a rainbow table password attack?
Add random bits to the password before hashing takes place
You manage several Windows systems. Desktop users access an in-house application that is hosted on your intranet web server. When a user clicks a specific option in the application, they receive an error message that the pop-up was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?
Add the URL of the website to the Local intranet zone.
You manage several Windows systems. All computers are members of a domain. You use an internal website that uses Integrated Windows Authentication. You attempt to connect to the website and are prompted for authentication. You verify that your user account has permission to access the website. You need to ensure that you are automatically authenticated when you connect to the website. What should you do?
Add the internal website to the Local intranet zone.
You have a computer with three hard disks. • A RAID 0 volume uses space on Disk 1 and Disk 2. • A RAID 1 volume uses space on Disk 2 and Disk 3. Disk 2 fails. Which of the following is true?
Data on the RAID 1 volume is accessible. Data on the RAID 0 volume is not.
Which of the following defines an object as an entity in the context of access control?
Data, applications, systems, networks, and physical space.
What does the netstat -a command show?
All listening and non-listening sockets
You want to allow e-commerce websites that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?
Allow first party cookies, but block third-party cookies
Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is not a means by which file and printer sharing is hardened?
Allowing NetBIOS traffic outside of your secured network
Which of the following are subject to SQL injection attacks?
Database servers
Active Directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. Which of the following is not an advantage of Active Directory's hierarchical database structure?
Decentralization
Which actions can a typical passive intrusion detection system (IDS) take when it detects an attack? (Select two.)
An alert is generated and delivered via email, the console, or an SNMP trap. The IDS logs all pertinent data about the intrusion.
Which of the following is a mathematical attack that targets the complexity of a cryptosystem's algorithm?
Analytic attack
Which of the following statements about the use of anti-virus software is correct?
Anti-virus software should be configured to download updated virus definition files as soon as they become available.
Which of the following is not included in a system level audit event? (Select two.)
Any actions performed by the user. Names of accessed files.
You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive. Click the option you use in Credential Manager to protect your credentials.
Back up Credentials
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (Select two.)
Apply all patches and updates Change default account passwords
Which of the following is the best recommendation for applying hotfixes to your servers?
Apply only the hotfixes that affect to software running on your systems
A PKI is an implementation for managing which type of encryption?
Asymmetric
Which of the following are characteristics of ECC? (Select two.)
Asymmetric encryption Uses a finite set of values within an algebraic field
What is another name for a logic bomb?
Asynchronous attack
Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject?
Attribute-Based Access Control (ABAC)
Which of the following is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?
Audit trail
A recreation of historical events is made possible through?
Audit trails
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?
Auditing
RADIUS is primarily used for what purpose?
Authenticating remote clients before access to the network is granted
Which of the following is the term for the process of validating a subject's identity?
Authentication
A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?
Authentication and authorization
While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. What type of security weakness does this represent?
Backdoor
What does a differential backup do during the backup?
Backs up all files with the archive bit set and does not reset the archive bit.
What does an incremental backup do during the backup?
Backs up all files with the archive bit set and resets the archive bit.
Network-based intrusion detection is most suited to detect and prevent which types of attacks?
Bandwidth-based denial of service
If two different messages or files produce the same hashing digest, then a collision has occurred. Which form of cryptographic attack exploits this condition?
Birthday attack
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose?
BitLocker
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID for access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a user name of admin and a password of admin. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? (Select two.)
Change the default administrative user name and password. Use an SSH client to access the router configuration.
A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent?
Botnet
Which of the following attacks typically takes the longest amount of time to complete?
Brute Force Attack
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
Buffer overflow
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
Buffer overflow
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
Buffer overflow
You've just deployed a new Cisco router so you can connect a new segment to your organization's network. The router is physically located in a server room that can only be accessed with an ID card. You've backed up the the router configuration to a remote location in an encrypted file. You access the router configuration from your notebook computer by connecting it to the console port on the router. The web-based management interface uses the default user name of cusadmin and a password of highspeed. What should you do to increase the security of this device?
Change the user name and create a more complex password.
Which is a typical goal of MAC spoofing?
Bypassing 802.1x port-based security
You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. Which system components are encrypted in this scenario? (Select two.)
C:\ volume Master boot record
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?
CHAP
You are configuring a dial-up connection to a remote access server. Which protocols would you choose to establish the connection and authenticate, providing the most secure connection possible? (Select two.)
CHAP PPP
Click on the object in the TESTOUTDEMO.com Active Directory domain that is used to manage individual desktop workstation access.
CORPWS7
Which of the following is used in conjunction with a local security authority to generate the private and public key pair used in asymmetric cryptography?
CSP
Which of the following conditions does not result in a certificate being added to the certificate revocation list?
Certificate expiration
Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? (Select three.)
Check user accounts for weak passwords Check for open ports Check for missing patches
Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plaintext to see the resulting ciphertext. Which type of attack is this?
Chosen plaintext
To help prevent browser attacks, users of public computers should do which of the following?
Clear the browser cache
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
Client-side scripts
You decide to use syslog to send log entries from multiple servers to a central logging server. Which of the following are the most important considerations for your implementation? (Select two.)
Clock synchronization between all devices Disk space on the syslog server
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?
Code review
Which of the following is a password that relates to things that people know, such as a mother's maiden name or the name of a pet?
Cognitive
Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present?
Cold site
Which protocol should you disable on the user access ports of a switch?
DTP
When two different messages produce the same hash value, what has occurred?
Collision
You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal?
Confidentiality
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates each installation for security vulnerabilities. Which assessment technique was used in this scenario?
Configuration testing
You have a small network of devices connected using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do?
Configure port mirroring
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the Internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the Internet. What can you do?
Configure port security on the switch.
When you dispose of a computer or sell used hardware and it is crucial that none of the data on the hard disks can be recovered. Which of the following actions can you take to ensure that no data is recoverable?
Damage the hard disks so badly that all data remanence is gone.
You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test system? (Select two.)
Data is stored in the database in an unencrypted format. The database admin user has no password assigned.
Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?
Data loss prevention
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again?
Configure the software to automatically download the virus definition files as soon as they become available
Which of the following applications typically use 802.1x authentication? (Select two.)
Controlling access through a switch Controlling access through a wireless access point
Which of the following is a text file provided by a website to a client that is stored on a user's hard drive in order to track and record information about the user?
Cookie
Use of which of the following is a possible violation of privacy?
Cookies
Which of the following is considered an out-of-band distribution method for private key encryption?
Copying the key to a USB drive
Which access control type is used to implement short-term repairs to restore basic functionality following an attack?
Corrective
You notice that over the last few months more and more static systems, such as the office environment control system, the security system, and lighting controls, are connecting to your network. You know that these devices can be a security threat. Which of the following measures can you take to minimize the damage these devices can cause if they are compromised?
Create a VLAN to use as a low-trust network zone for these static systems to connect to.
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future?
Create a hash of each log.
Which of the following are security devices that perform stateful inspection of packet data and look for patterns that indicate malicious code? (Select two.)
IPS IDS
Hashing algorithms are used to perform what activity?
Create a message digest
What is the primary function of the IKE protocol used with IPsec?
Create a security association between communicating partners.
You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers. What should you do? (Select two.)
Create a security group for the administrators and add all user accounts to the group. Grant the group the necessary user rights
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this?
Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.
A manager has told you she is concerned about her employees writing their passwords for websites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could you use to prevent this behavior?
Credential Manager
A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario?
Credentialed scan
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
DAC
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
DAC
Which of the following encryption mechanisms offers the least security because of weak keys?
DES
Which of the following is the weakest symmetric encryption method?
DES
You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could be present on a system?
Definition
What is the purpose of audit trails?
Detect security-violating events
Audit trails produced by auditing activities are which type of security control?
Detective
When securing a newly deployed server, which of the following rules of thumb should be followed?
Determine unneeded services and their dependencies before altering the system
Which of the following functions can a port scanner provide? (Select two.)
Determining which ports are open on a firewall Discovering unadvertised servers
Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)
Devices are, typically, more difficult to monitor than traditional network devices Devices tend to employ much weaker security than traditional network devices.
Which of the following best describes the concept of a virtual LAN?
Devices on the same network logically grouped as if they were on separate networks
Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt or a local copy of a security accounts database?
Dictionary
Which backup strategy backs up only files that have the archive bit set, but does not mark them as having been backed up?
Differential
Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5, or any other symmetric cryptography solution?
Diffie-Hellman
Which of the following algorithms are used in asymmetric encryption? (Select two.)
Diffie-Hellman RSA
Which of the following protocols can TLS use for key exchange? (Select two.)
Diffie-Hellman RSA
You've been given an assignment to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. What should you do to harden this database before implementing it in a production environment? (Select two.)
Disable anonymous access Implement an application-layer protocol to encrypt data prior to saving it in the database
Which of the following actions should you take to reduce the attack surface of a server?
Disable unused services
You manage your company's website. The Web1 server hosts the website. This server has the following configuration: • Dual core processor • Dual power supplies • RAID 5 volume • One RAID controller • Two 1000 Mbps network adapters Which component is a single point of failure for the website?
Disk controller
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?
Drive-by download
Which of the following security measures encrypts the entire contents of a hard drive?
DriveLock
You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.)
Educate users about malware Schedule regular full system scans
Which form of asymmetric cryptography is based upon Diffie-Hellman?
El Gamal
What is the most common means of virus distribution?
You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do?
Enable the TPM in the BIOS
Which of the following is a characteristic of TACACS+?
Encrypts the entire packet, not just authentication packets
Which of the following DLP implementations can be used to monitor and control access to the physical devices on workstations or servers?
Endpoint DLP
Which of the following is an example of a statistical attack against a cryptosystem?
Exploiting a computer's inability to produce random numbers
Which of the following is a secure alternative to FTP that uses SSL for encryption?
FTPS
You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device?
False positive
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
IPS
DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within the file. Which of the following DLP implementations travels with sensitive data files when they are moved or copied?
File-level DLP
Which of the following is not an advantage when using an internal auditor to examine security systems and relevant documentation?
Findings in the audit and subsequent summations are viewed objectively.
You have heard about a Trojan horse program where the compromised system sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log would you monitor?
Firewall
You suspect that some of your computers have been hijacked and are being used to perform denial of service attacks directed against other computers on the Internet. Which log would you check to see if this is happening?
Firewall
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?
Flag
Which backup strategy backs up all files from a computer's file system regardless of whether the file's archive bit is set or not and marks them as having been backed up?
Full
Which of the following enters random data to the inputs of an application?
Fuzzing
KWalletManager is a Linux-based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials? (Select two.)
GPG Blowfish
Your organization uses the following tape rotation strategy for its backup tapes: 1. The first set of tapes is used for daily backups. 2. At the end of each week, the latest daily backup tape is promoted to the weekly backup tape. 3. At the end of each month, one of the weekly backup tapes is promoted to the monthly backup tape. What kind of backup tape rotation strategy is being used?
Grandfather
For users who are members of the sales team, you want to force computers to use a specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use?
Group Policy
Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers?
Group Policy
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply them to multiple computers. Which tool is your best choice for accomplishing this task?
Group Policy
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two.)
Group Policy WSUS
Which of the following government acts protects medical records and personal health information?
HIPAA
Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sublayer for security?
HTTPS
Which of the following protocols uses port 443?
HTTPS
By definition, what is the process of reducing security exposure and tightening security controls?
Hardening
Which of the following is used to verify that a downloaded file has not been altered?
Hash
A birthday attack focuses on what?
Hashing algorithms
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Have Marcus log off and log back in
What do host-based intrusion detection systems often rely upon to perform detection activities?
Host system auditing capabilities
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Host-based IDS
You have been asked to deploy a network solution that includes an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?
Hot site
Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)?
Hotfix
Which of the following password attacks adds appendages to known dictionary words?
Hybrid
Which of the following symmetric cryptography systems does not support a variable block size?
IDEA
Which of the following devices can monitor a network and detect potential security attacks?
IDS
Which of the following devices is capable of detecting and responding to security threats?
IPS
Which of the following network layer protocols provides authentication and encryption services for IP-based network traffic?
IPsec
To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where?
Identifying data and a certification request to the registration authority (RA)
You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents. Which of the following is true in this scenario? (Select two.)
If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, it will be saved in an unencrypted state. By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.
Which of the following can make passwords useless on a router?
Not controlling physical access to the router
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?
Implement BitLocker with a TPM.
Your organization's security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received an anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. You research BitTorrent and find that it uses TCP ports 6881-6889 by default. When you check your perimeter firewall configuration, only ports 80 and 443 are open. When you check your firewall logs, you find that no network traffic using ports 6881-6889 has been blocked. What should you do?
Implement an application control solution.
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?
Implement an application-aware IPS in front of the web server
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario?
Integer overflow
Which form of cryptanalysis focuses on weaknesses in software, the protocol, or the encryption algorithm?
Implementation attack
An attacker inserts SQL database commands into a data input field of an order form used by a Web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser. Which practice would have prevented this exploit?
Implementing client-side validation.
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit? (Select two.)
Implementing server-side validation. Implementing client-side validation.
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?
Input validation
Which of the following symmetric block ciphers does not use a variable block length?
International Data Encryption Algorithm (IDEA)
You notice a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices?
Internet of things
You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file?
It has been moved to a secure folder on your computer.
Which aspect of a certificate makes it a reliable and useful mechanism for proving the identity of a person, system, or service on the internet?
It is a trusted third-party.
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source.
You want to check a server for user accounts that have weak passwords. Which tool should you use?
John the Ripper
When should a hardware device be replaced in order to minimize downtime?
Just before it's MTBF is reached
Which of the following is an example of a single sign-on authentication solution?
Kerberos
Which of the following protocols uses port 88?
Kerberos
Which of the following are examples of single sign-on authentication solutions? (Select two.)
Kerberos SESAME
When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred?
Key clustering
In which type of attack does the attacker have access to both the plaintext and the resulting cipher text, but does not have the ability to encrypt the plain text?
Known plaintext
Which of the following authentication mechanisms is designed to protect a nine-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?
LANMAN
Which of the following describes a false positive when using an IPS device?
Legitimate traffic being flagged as malicious
Which of the following activities are considered passive in regards to the function of an intrusion detection system? (Choose two.)
Listening to network traffic Monitoring the audit trails on a server
You have a web server on your network that hosts the public website for your company. You want to make sure that the website will continue to be available even if a NIC, hard drive, or other problem prevents the server from responding. Which solution should you implement?
Load balancing
You manage a server that runs your company website. The web server has reached its capacity, and the number of client requests is greater than the server can handle. You would like to find a solution so that a second server can respond to requests for website content. Which solution should you implement?
Load balancing
While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario?
Locally shared object (LSO) exploit
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding
Which of the following is the weakest hashing algorithm?
MDS
You have two folders that contain documents used by various departments: • The Development group has been given the Write permission to the Design folder. • The Sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do?
Make Mark a member of the Sales group add Mark's user account directly to the ACL for the Design folder.
Which access control model is based on multilevel security where objects are assigned a security classification and subjects are granted a security clearance which allows them to access objects at or below that security classification?
Mandatory Access Control (MAC)
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature?
Mary's private key
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with the user name admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
Move the router to a secure server room.
Which of the following best describes one-factor authentication?
Multiple authentication credentials may be required, but they are all of the same type.
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?
Mutual Authentication
You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network and control access to files accessed through the network or a local logon. Which solution should you implement?
NTFS and share permissions
When is the best time to apply for a certificate renewal?
Near the end of the certificate's valid lifetime
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tools should you use? (Select two.)
Nessus Retina
DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property?
Network DLP
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities?
OVAL
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Network mapper
Your network devices are categorized into the following zone types: • No-trust zone • Low-trust zone • Medium-trust zone • High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network?
Network segmentation
Which command should you use to scan for open TCP ports on your Linux system? (Tip: Enter the command as if at the command prompt.)
Nmap-sT
A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should he use?
Non-credentialed scan
You have a network with three remote access servers, a RADIUS server used for authentication and authorization, and a second RADIUS server used for accounting. Where should you configure remote access policies?
On the RADIUS server used for authentication and authorization
How many keys are used with symmetric key cryptography?
One
What is another term for the type of login credentials provided by a token device?
One-time password
Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments?
Online Certificate Status Protocol
SHA-1 uses which of the following bit length hashing algorithms?
Only 160-bit
Which of the following are backed up during a differential backup?
Only files that have changed since the last full backup.
Which of the following are backed up during an incremental backup?
Only files that have changed since the last full or incremental backup.
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages. Which type of email attack is this server susceptible to?
Open SMTP relay
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access?
Open ports 20 and 21 for inbound and outbound connections
Which of the following authentication protocols transmits passwords in cleartext, and is, therefore, considered too insecure for modern networks?
PAP
Which of the following mechanisms can you use to add encryption to email? (Select two.)
PGP S/MIME
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?
Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?
Packet sniffer
What type of password is maryhadalittlelamb?
Pass phrase
You want to set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement?
RAS
Which of the following is the most common form of authentication?
Password
Which of the following is most vulnerable to a brute force attack?
Password Authentication
What common design feature among instant messaging clients make them less secure than other means of communicating over the internet?
Peer-to-peer networking
Your disaster recovery plan calls for tape backups stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies that you choose a method that uses the fewest tapes, but also allows you to quickly back up and restore files. Which backup strategy would best meet the disaster recovery plan for tape backups?
Perform a full backup once per week and a differential backup the other days of the week.
You suspect that your Web server has been the target of a denial of service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine?
Performance
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. Which step must be taken to ensure that the information is useful in maintaining a secure environment?
Periodic reviews must be conducted to detect malicious activity or policy violations.
CHAP performs which of the following security functions?
Periodically verifies the identity of a peer using a three-way handshake
If you lose your wallet or purse and it ends up in the wrong hands, several pieces of information could be used to do personal harm to you. These pieces of information include the following: • Name and address • Driver license number • Credit card numbers • Date of birth Which of the following classifications does this information fall into?
Personally identifiable information
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain. What kind of attack has occurred?
Phishing
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
Pop-up blocker
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?
Port authentication
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure on the switch?
Port mirroring
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?
Port scanner
To prevent server downtime, which of the following components should be installed redundantly in a server system?
Power supply
The auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored?
Preventative
Instant messaging does not provide which of the following?
Privacy
Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?
Private keys
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?
Privilege escalation
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device, which is connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation, not to other devices. Which feature should you configure?
Promiscuous mode
What does hashing of log files provide?
Proof that the files have not been altered
You want to identify traffic that is generated and sent through the network by a specific application running on a device. Which tool should you use?
Protocol Analyzer
You have recently reconfigured FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that all FTP passwords and data are encrypted. Which tool should you use?
Protocol analyzer
Which of the following data destruction techniques uses a punch press or hammer system to crush a hard disk?
Pulverizing
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)
RADIUS TACACS+
Which of the following are differences between RADIUS and TACACS+?
RADIUS combines authentication and authorization into a single function. TACACS+ allows these services to be split between different servers.
Which of the following disk configurations might sustain losing two disks? (Select two.)
RAID 1+0 RAID 0+1
What option is an advantage RAID 5 has over RAID 1?
RAID 5 improves performance over RAID 1.
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table
Which form of alternate site is the cheapest, but may not allow an organization to recover before reaching their maximum tolerable downtime?
Reciprocal agreement
You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?
Recovery agent
What is the primary security feature that can be designed into a network's infrastructure to protect and support availability?
Redundancy
Which of the following is an entity that accepts and validates information contained within a request for a certificate?
Registration authority
Even if you perform regular backups, what must be done to ensure that you are protected against data loss?
Regularly test restoration procedures
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files. You want the connection to be as secure as possible. Which type of connection will you need?
Remote access
Which of the following are characteristics of a rootkit? (Select two.)
Requires administrator-level privileges for installation Hides itself from detection
A system failure has occurred. Which of the following restoration processes would result in the fastest restoration of all data to its most current state?
Restore the full backup and the last differential backup
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?
Sender's public key
What form of access control is based on job descriptions?
Role-based access control (RBAC)
Which access control model manages rights and permissions based on job descriptions and responsibilities?
Role-based access control (RBAC)
Which of the following is the most frequently used symmetric key stream cipher?
Ron's Cipher v4 (RC4)
Which of the following is undetectable software that allows administrator-level access?
Rootkit
You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the following terms best describes this software?
Rootkit
Which of the following is an example of a Rule Based Access Control (RBAC)?
Router access control lists that allows or denies traffic based on the characteristics of an IP packet.
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?
Run the vulnerability assessment again
You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. Which method should you choose?
S/MIME
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?
SASL
Which of the following does not or cannot produce a hash value of 128 bits?
SHA-1
Which of the following is the strongest hashing algorithm?
SHA-1
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?
SQL injection
Telnet is inherently insecure because its communications is in plaintext and easily intercepted. Which of the following is an acceptable alternative to Telnet?
SSH
Which of the following network services or protocols uses TCP/IP port 22?
SSH
Which of the following tools allow for remote management of servers? (Select two.)
SSH Telnet
FTPS uses which mechanism to provide security for authentication and data transfer?
SSL
Which protocol does HTTPS use to offer greater security in web transactions?
SSL
You are purchasing a hard disk from an online retailer over the internet. What does your browser use to ensure that others cannot see your credit card number on the internet?
SSL
You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols would be most likely to be allowed through the widest number of firewalls?
SSL
Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt the message?
Sam's public key
What is the primary distinguishing characteristic between a worm and a logic bomb?
Self-replication
An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?
The CA's public key must validate the CA's digital signature on the server certificate.
SSL (Secure Sockets Layer) operates at which layer of the OSI model?
Session
Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages but she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is most likely preventing her from accessing this system?
She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.
Which of the following is a hardware device that contains identification information and can be used to control building access or computer logon?
Smart Card
What type of attack is most likely to succeed with communications between instant messaging clients?
Sniffing
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. What kind of attack has occurred in this scenario?
Spam
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?
Spam
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens?
Spamming
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?
Spamming
Which of the following solutions would you implement to eliminate switching loops?
Spanning tree
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support?
Spanning tree
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning tree
Which of the following is a snap-in that allows you to apply a template or compare a template to the existing security settings on your computer?
The Security Configuration and Analysis snap-in
Which type of virus conceals its presence by intercepting system requests and altering service outputs?
Stealth
A virtual LAN can be created using which of the following?
Switch
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?
Switch Port
If a message sender encrypts a message with a key and a message receiver decrypts it using the same key, which type of key exchange is taking place?
Symmetric
What form of cryptography is best suited for bulk encryption because it is so fast?
Symmetric key cryptography
Which of the following forms of cryptography is best implemented in hardware?
Symmetric stream
Which of the following is a standard for sending log messages to a central logging server?
Syslog
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred. Which log type should you check?
System
Which of the following protocols can be used to centralize remote access authentication?
TACACS
Which of the following is the type of port scan that does not complete the full three-way TCP handshake, but rather listens only for either SYN/ACK or RST/ACK packets?
TCP SYN scan
Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)
TLS SSL
Encryption is which type of access control?
Technical
You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix?
Test the hotfix and then apply it to all servers.
Which of the following best describes a side-channel attack?
The attack is based on information gained from the physical implementation of a cryptosystem.
Which action is taken when the private key associated with a digital certificate becomes compromised?
The certificate is revoked and added to the Certificate Revocation List
Certificate revocation should occur under all but which of the following conditions?
The certificate owner has held the certificate beyond the established lifetime timer
When using SSL authentication, what does the client verify first when checking a server's identity?
The current date and time must fall within the server's certificate validity period.
If a birthday attack is successful, meaning the attacker discovers a password that generates the same hash as that captured from a user's login credentials, which of the following is true? (Select two.)
The discovered password will allow the attacker to log in as the user, even if the discovered password is not the same as the user's password. A collision was discovered.
Which of the following defines the crossover error rate for evaluating biometric systems?
The point where the number of false positives matches the number of false negatives in a biometric system.
The success of asymmetric encryption is dependent upon which of the following?
The secrecy of the key
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
Which of the following best describes an audit daemon?
The trusted utility that runs a background process whenever auditing is enabled.
Which of the following is not true regarding cookies?
They operate within a security sandbox
Why are brute force attacks always successful?
They test every possible valid combination.
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identity to the target system?
Ticket
A user has just authenticated using Kerberos. Which object is issued to the user immediately following login?
Ticket Granting Ticket
Which of the following are required when implementing Kerberos for authentication and authorization? (Select two.)
Time Synchronization Ticket Granting Server
A honeypot is used for which purpose?
To delay intruders in order to gather auditing data
Which of the following is not a form of biometric?
Token device
In the VLAN configuration shown in the diagram above, workstations in VLAN1 are not able to communicate with workstations in VLAN2, even though they are connected to the same physical switch. Which of the following can you use to allow workstations in VLAN1 to communicate with the workstations in VLAN2? (Select two. Each correct answer is a complete solution.)
Use a Layer 3 switch to route packets between VLAN1 and VLAN2. Use a router to route packets between VLAN1 and VLAN2.
Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously?
Trojan horse
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?
Trunk ports
How many keys are used with Public Key cryptography?
Two
How many keys are used with asymmetric (public key) cryptography?
Two
Which of the following is stronger than any biometric authentication factor?
Two-factor authentication
Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names: • www.videoshare.com • www.vidshar.com • www.vidsshare.com Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passwords. What type of attack has occurred in this scenario?
Typosquatting
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a password of password. What should you do to increase the security of this device?
Use a stronger administrative password.
You want to use a vulnerability scanner to check a system for known security risks. What should you do first?
Update the scanner definition files
If your anti-virus software does not detect and remove a virus, what should you try first?
Update your virus detection software.
A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. On first login, Bob is prompted to change his password, so he changes it to the name of his dog (Fido). What should you do to increase the security of Bob's account? (Select two.)
Use Group Policy to require strong passwords on user accounts Train users not to use passwords that are easy to guess.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the user name admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
Use SCP to back up the router configuration to a remote location.
Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication?
Use SSL
Which of the following information is typically not included in an access token?
User account password
You are concerned that an attacker can gain access to your Web server, make modifications to the system, and alter the log files to hide his actions. Which of the following actions would best protect the log files?
Use syslog to send log entries to another server
Which security mechanism uses a unique list that meets the following specifications: • The list is embedded directly in the object itself • The list defines which subjects have access to certain objects • The list specifies the level or type of access allowed to certain objects
User ACL
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the most important aspect of maintaining network security against this type of attack?
User education and training
Which of the following describes Privilege auditing?
Users' and groups' rights and privileges are checked to guard against creeping privileges.
Which of the following are characteristics of TACACS+? (Select two.)
Uses TCP Allows three different servers, one each for authentication, authorization, and accounting
Which of the following are true of Triple DES (3DES)? (Select two.)
Uses a 168-bit key Is used in IPsec
Which of the following is not a countermeasure against dictionary attacks?
Using short passwords
You run a small network for your business that has a single router connected to the Internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?
VLAN
Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?
VLAN
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement?
VLANs
Which of the following items are contained in a digital certificate? (Select two.)
Validity period Public Key
You manage information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from the device manufacturer.
You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from the device manufacturer.
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need?
Vulnerability scanner
If your mission-critical services have a maximum tolerable downtime (MTD) (or a recovery time objective [RTO]) of 36 hours, what is the optimum form of recovery site?
Warm
You manage a website for your company. The website uses three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply. Considering the availability of your website, which component represents a single point of failure?
Website storage
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
Wireshark
Which of the following is an example of a decentralized privilege management solution?
Workgroup
Based on the VLAN configuration shown in the diagram above, which of the following is not true?
Workstations in VLAN1 are able to communicate with workstations in VLAN2 because they are connected to the same physical switch.
Which standard is most widely used for certificates?
X.509
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
XSS
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN?
You can control security by isolating wireless guest devices within this VLAN.
Which of the following is NOT an administrative benefit of implementing VLANs?
You can simplify routing traffic between separate networks.
In which of the following situations would you use port security?
You want to restrict the devices that could connect through a switch port.
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file?
Your copy is the same as the copy posted on the website.
You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages.
Yum list installed
Which command should you use to display both listening and non-listening sockets on your Linux system? (Tip: Enter the command as if at the command prompt.)
netstat-a
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?
nmap