Question Bank 2

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

A decryption certificate

A security analyst is performing a BIA. The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan?

A maximum RPO of 60 minutes, A maximum MTTR of 30 minutes

Which of the following is an example of resource exhaustion?

A penetration tester requests every available IP address from a DHCP server.

What is the best algorithm for password hashes?

AES

Which of the following is used to encrypt web application data?

AES

Which of the following enables sniffing attacks against a switched network?

ARP Poisoning

A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached from the Internet?

Air Gap

Domain hijacking

An attack that changes the registration of a domain name without permission from the owner.

Which of the following BEST describes the purpose of authorization?

Authorization provides permissions to a resource and comes after authentication.

Which of the following is a passive method to test whether transport encryption is implemented?

Banner Grabbing

Given the following requirements: - Help to ensure non-repudiation - Capture motion in various formats Which of the following physical controls BEST matches the above descriptions?

Camera

select four security features that you should use with a smart phone provided through a COPE policy in your organization?

Cellular data, Remote wipe, Location tracking, MDM

A cryptographer has developed a new proprietary hash function for a company and solicited employees to test the function before recommending its implementation. An employee takes the plaintext version of a document and hashes it, then changes the original plaintext document slightly and hashes it, and continues repeating this process until two identical hash values are produced from two different documents. Which of the following BEST describes this cryptographic attack?

Collision

A security administrator is creating a risk assessment with regard to how to harden internal communications in transit between servers. Which of the following should the administrator recommend in the report?

Configure server-based PKI certificates

A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The company has decided that end users who wish to utilize their personal devices for corporate use must opt in to the MDM solution. End users are voicing concerns about the company having access to their personal devices via the MDM solution. Which of the following should the company implement to ease these concerns?

Containerization

Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

Containment

A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the following should the analyst do FIRST?

Create a hash of the hard drive.

To further secure a company's email system, an administrator is adding public keys to DNS records in the company's domain. Which of the following is being used?

DNSSEC

An incident response analyst at a large corporation is reviewing proxy log data. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take?

Disconnect the CEO's workstation from the network.

What is a cost-effective architecture to handle variable capacity demand?

Elasiticty

When a malicious user is able to retrieve sensitive information from RAM, the programmer has failed to implement:

Encryption of data in use.

A company is planning to build an internal website that allows for access to outside contracts and partners. A majority of the content will only be to internal employees with the option to share. Which of the following concepts is MOST appropriate?

Extranet

How can you ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients?

Generate X.509 Cert that is singed by a CA and ensure port 636 is open

A hospital has received reports from multiple patients that their PHI was stolen after completing forms on the hospital's website. Upon investigation, the hospital finds a packet analyzer was used to steal data. Which of the following protocols would prevent this attack from reoccurring?

HTTPS

A company wishes to move all of its services and applications to a cloud provider but wants to maintain full control of the deployment, access, and provisions of its services to its users.Which of the following BEST represents the required cloud deployment model?

IaaS, Hybrid

A Chief Information Security Officer (CISO) has instructed the information assurance staff to act upon a fast-spreading virus. Which of the following steps in the incident response process should be taken NEXT?

Identification

A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company's revenue, referrals, and reputation. Which of the following an element of the BIA that this action is addressing?

Identification of critical systems

A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

Fuzzing is used to reveal which of the following vulnerabilities in web applications?

Improper input handling

Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

Insider threat

Which of the following is unique to a stream cipher?

It performs bit-level encryption

A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor.Which of the following BEST describes this forensic concept?

Legal Hold

A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text. Which of the following algorithms should the analyst use to validate the integrity of the file?

MD5

What does a rainbow table bypass that a brute force attack cant?

Maximum failed login restrictions

After patching computers with the latest application security patches/updates, users are unable to open certain applications. Which of the following will correct the issue?

Modifying the security policy for DLP

What is needed in a rainbow table attack?

Must have precomputed hashes

What is provided by PEAP, EAP-TLS, and EAP-TTLS

Mutual Authentication

A security analyst is specifying requirements for a wireless network. The analyst must explain the security features provided by various architecture choices.Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?

Mutual authentication

After a systems administrator installed and configured Kerberos services, several users experienced authentication issues. Which of the following should be installed to resolve these issues?

NTP server

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data?

Network Firewall, Drive encryption

A security specialist is notified about a certificate warning that users receive when using a new internal website. After being given the URL from one of the users and seeing the warning, the security specialist inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach the site.

OSCP

What is base64 encoded format from a certificate?

PEM

What do you use if you find cleartext usersname followed by a hash?

Password cracker

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:

Phishing

Which of the following should the developer implement to prevent SSL MITM attacks?

Pinning

An office recently completed digitizing all its paper records. Joe, the data custodian, has been tasked with the disposal of the paper files, which include: Intellectual property Payroll records Financial information Drug screening results Which of the following is the BEST way to dispose of these items?

Pulping

During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With which of the following is the auditor MOST likely concerned?

RTO/RPO

The help desk received a call from a user who was trying to access a set of files from the day before but received the following error message: File format not recognized. Which of the following types of malware MOST likely caused this to occur?

Ransomware

What is an important security advantage yielded by implementing vendor diversity?

Resiliency

A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:

Rootkit

A technician suspects that a system has been compromised. The technician reviews the following log entry: WARNING- hash mismatch: C:\Window\SysWOW64\user32.dllWARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll

Rootkit

A security consultant is setting up a new electronic messaging platform and wants to ensure the platform supports message integrity validation. Which of the following protocols should the consultant recommend?

S/MIME

A security administrator is implementing a secure method that allows developers to place files or objects onto a Linux server. Developers are required to log in using a username, password, and asymmetric key.

SFTP

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

SLE

Which of the following identity access methods creates a cookie on the first login to a central authority to allow logins to subsequent applications without re-entering credentials?

SSO (Single Sign-on)

A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server?

Shared Secret

A systems administrator is auditing the company's Active Directory environment. It is quickly noted that the username "company\bsmith" is interactively logged into several desktops across the organization. Which of the following has the systems administrator MOST likely come across?

Shared credentials

An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view. Which of the following BEST describes this type of message?

Stenography

What can a security specialist determine whilst looking at a server cert?

The OID (Object Identifiers)

an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason?

The attacker is picking off unencrypted credentials and using those to log in to the secure server.

When accessing a popular website, a user receives a warming that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other users.

The system date on the user's device is out of sync.

What is explicit FTPS?

The traffic is not encrypted however port 21 (FTP) creates a SSL session making it secure

During a penetration test, the tester performs a preliminary scan for any responsive hosts. Which of the following BEST explains why the tester is doing this?

To identify servers for subsequent scans and further investigation.

During a risk assessment, results show that a fire in one of the company's datacenters could cost up to $20 million in equipment damages and lost revenue. As a result, the company insures the datacenter for up to $20 million damages for the cost of $30,000 a year. Which of the following risk response techniques has the company chosen?

Transference

A company has just experienced a malware attack affecting a large number of desktop users. The antivirus solution was not able to block the malware, but the HIDS alerted to C2 calls as 'Troj.Generic'. Once the security team found a solution to remove the malware, they were able to remove the malware files successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started alerting on the same desktops, and the security team discovered the files were back. Which of the following BEST describes the type of malware infecting this company's network?

Trojan

A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines: - The VPN must support encryption of header and payload. - The VPN must route all traffic through the company's gateway. Which of the following should be configured on the VPN concentrator?

Tunnel mode

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

Updating the playbooks with better decision points

How can you increase the security of a FTP server when its traffic is not encrypted?

Use explicit FTPS for connections

A company that processes sensitive information has implemented a BYOD policy and an MDM solution to secure sensitive data that is processed by corporate and personally owned mobile devices. Which of the following should the company implement to prevent sensitive data from being stored on mobile devices?

VDI

A systems administrator wants to configure an enterprise wireless solution that supports authentication over HTTPS and wireless encryption using AES. Which of the following should the administrator configure to support these requirements?

WPA2, 802.1x

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Watering Hole attack

An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal?

Web application firewall

Advanced Encryption Standard (AES)

adopted as a replacement for 3DES by NIST in 2001. It is faster and more secure than 3DES.

Cybersquatting

attack where an adversary acquires a domain for a company's trading name or trademark, or perhaps some spelling variation thereof.

Clickjacking

is a technique that tricks users into clicking on a malicious link by adding the link to a transparent layer over what appears to be a legitimate web page.

URL hijacking

misspelled domains

(3DES)

plaintext is encrypted three times using different subkeys. In 2-key 3DES, there is one round with key1 then a round with key2, then a final round with key1 again, making the key size 112-bit.

A small organization has implemented a rogue system detection solution. Which of the following BEST explains the organization's intent?

to identify assets that are not authorized for use on the network

Is MD5 a legacy algorithm?

yes