Quiz G Newest
A security analyst is hardening a large-scale wireless network. the primary requirements are the following: ~Must use authentication through EAP-TLS certificates ~Must use an AAA server ~Must use the most secure protocol Given these requirements, which of the following should the analyst implement and recommend?
A. 802.1X E. CCMP
Which of the following encryption algorithms is used primarily to secure data at rest?
A. AES Explanation/Reference: SSL, TLS, and RSA are all transmission protocols, whereas, AES. Advanced Encryption Standard (AES) is one of the most popular symmetric encryption algorithms. NIST selected it as a standard replacement for DES in 2001. AES is based on the Rijndael cipher and has been implemented into many other algorithms and protocols. For example, Microsoft's BitLocker and the Microsoft Encrypting File System (EFS) use AES. In addition, most CPU manufacturers include hardware AES support and the U.S. government has approved its use to protect classified data. AES supports key sizes of 128 bits, 192 bits and 256 bits.
A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure?
A. Accounting
A security administrator has replaced the firewall and notices a number of dropped connections, After looking at the data the security administrator sees the following information that was flagged as a possible issue: "SELECT * FROM" and '1equals'1" Which of the following can the security administrator determine from his?
A. An SQL injection attack is being attempted.
An organization wants to separate permissions for individuals who perform system changes from individuals who perform auditing of those system changes. Which of the following access control approaches is BEST suited for this?
A. Assign administrators and auditors to different groups and restrict permissions on system log files to readonly for the auditor group.
Which of the following are used to substantially increase the computation time required to crack a password? (Select TWO)
A. BCRYPT D. PBKDF2 Explanation/Reference: bcrypt is a password hashing function. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 2) are key derivation functions with a sliding computational cost, aimed to reduce the vulnerability of encrypted keys to brute force attacks.
A security administrator is creating a risk assessment with regard to how to harden internal communications in transit between servers. Which of the following should the administrator recommend in the report?
A. Configure IPSec in transport mode.
A recent penetration test revealed several issues with a public-facing website used by customers. The testers were able to: • Enter long lines of code and special characters • Crash the system • Gain unauthorized access to the internal application server • Map the internal network The development team has stated they will need to rewrite a significant portion of the code used, and it will take more than a year to deliver the finished product. Which of the following would be the BEST solution to introduce in the interim?
A. Content filtering
A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the following should the analyst do first?
A. Create a hash of the hard drive.
considering loT systems, which of the following represents the GREATEST ongoing risk after a vulnerability has been discovered?
A. Difficult-to-update firmware
A security analyst is reviewing the password policy for a service account that is used for a critical network service. The password policy for this account is as follows: Enforce password history. Three passwords remembered Maximum password age: 30 days Minimum password age: Zero days Complexity requirements: At least one special character, one uppercase Minimum password length: Seven characters Lockout duration: One day Lockout threshold: Five failed attempts in 15 minutes Which of the following adjustments would be the MOST appropriate for the service account?
A. Disable account lockouts
The Chief Information Security Officer (CISO) in a company is working to maximize protection efforts of sensitive corporate data. The CISO implements a "100% shred" policy within the organization, with the intent to destroy any documentation that is not actively in use in a way that it cannot be recovered or reassembled. Which of the following attacks is this deterrent MOST likely to mitigate?
A. Dumpster diving
A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount. On a seasonal basis, an organization employs temporary hires and contractor personnel to accomplish its mission objectives. The temporary and contract personnel require access to network resources only when on the clock. Which of the following account management practices are the BEST ways to manage these accounts? (Select TWO).
A. Employ time-of-day restrictions. D. Employ an account expiration strategy
A security analyst is emailing Pll in a spreadsheet file to an audit validator for after-actions related to a security assessment. The analyst must make sure the Pll data is protected with the following minimum requirements: • Ensure confidentiality at rest. • Ensure the integrity of the original email message. Which of the following controls would ensure these data security requirements are carried out?
A. Encrypt and sign the email using S/MIME. Explanation/Reference: S/MIME provides the following cryptographic security services for electronic messaging applications: Authentication Message integrity Non-repudiation of origin (using digital signatures) Privacy Data security (using encryption)
Which of the following can occur when a scanning tool cannot authenticate to a server and has banners?
A. False positive
After a series of breaches, a network administrator identified that staff recorded complex passwords in writing. The network administrator is adding multifactor authentication to the system. Which of the following should the administrator implement?
A. Hardware tokens
A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, was discovered that email is being exfiltrated through an active connection. Which of the following is the NEXT step the team should take?
A. Identify the source of the active connection.
A systems administrator has been assigned to create accounts for summer interns. The interns are only authorized to be in the facility and operate computers under close supervision. They must also leave the facility at designated times each day. However, the interns can access intern file folders without supervision. Which of the following represents the BEST way to configure the accounts? (Select TWO).
A. Implement time-of-day restrictions. E. Enforce least privilege.
Which of the following BEST explains how to use the configuration templates reduces organization risk?
A. It ensures consistency of configuration for initial system implementation.
Corporations choose to exceed regulatory framework standards because of which of the following incentives?
A. It improves the legal defensibility of the company.
A security technician has been given the task of preserving mails that are potentially involved in a dispute between a company and a contractor. Which of the following BEST describes this forensic concept?
A. Legal hold Explanation/Reference: A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. The legal hold is initiated by a notice or communication from legal counsel to an organization that suspends the normal disposition or processing of records, such as backup tape recycling, archived media and other storage and management of documents and information. A legal hold will be issued as a result of current or anticipated litigation, audit, government investigation or other such matter to avoid evidence spoliation. Legal holds can encompass business procedures affecting active data, including backup tape recycling.
In a lessons learned report, It is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility.. Which of the following describes the type of actors that may have been implicated?
A. Nation state
An audit found that an organization needs to implement job rotation to be compliant with regulatory requirements. To prevent unauthorized access to systems after an individual changes roles or departments, which of the following should the organization implement?
A. Permission auditing and review
After discovering the /etc/shadow file had been rewritten, a security administrator noticed an application insecurely creating files in /trap. Which of the following vulnerabilities has MOST likely been exploited?
A. Privilege escalation
An organization employee resigns without giving adequate notice. The following day, it is determined that the employee is still in possession of several company-owned mobile devices. Which of the following could have reduced the risk of this occurring? (Select TWO).
A. Proper offboarding procedures D. Exit interviews
A security consultant is setting up a new electronic messaging platform and wants to ensure the platform supports message integrity validation. Which of the following protocols should the consultant recommend?
A. S/MIME Explanation/Reference: S/MIME provides the following cryptographic security services for electronic messaging applications: Authentication Message integrity Non-repudiation of origin (using digital signatures) Privacy Data security (using encryption)
A security analyst is doing a vulnerability assessment on a database server. A scanning tool returns the following information: Database: CustomerAccess1 Column: Password Data type: MD5 Hash Salted?: No There have been several security breaches on the web server that accesses this database. The security team is instructed to mitigate the impact of any possible breaches The security team is also instructed to improve the security on this database by making it less vulnerable to offline attacks. Which of the following would BEST accomplish these goals? (Select TWO)
A. Start using salts to generate MD5 password hashes. C. Force users to change passwords the next time they log on.
An organization is expanding its network team. Currently, it has local accounts on all network devices, but with growth, it wants to move to centrally managed authentication. Which of the following are the BEST solutions for the organization? (Select TWO).
A. TACACS+ D. RADIUS
A security administrator is investigating many recent incidents of credential theft for users accessing the company's website, despite the hosting web server requiring HTTPS for access. The server's logs show the website leverages the HTTP POST method for carrying user authentication details. Which of the following is the MOST likely reason for compromise?
A. The HTTP POST method is not protected by HTTPS.
A company's IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST time-efficient method to achieve this goal?
A. Use a degausser to sanitize the drives.
A Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO?
A. VPN
Which of the following BEST explains why a development environment should have the same database server secure baseline that exists in production even if there is no Pll in the database?
A. Without the same configuration in both development and production, there are no assurances that changes made in development will have the same effect in production
A security administrator wants to implement a logon script that will prevent MITM attacks on the local LAN. Which of the following commands should the security administrator implement within the script to accomplish this task?
A. arp -s 192.168.1.1 00-3a-dl-fa-b1-06 Explanation/Reference: The simplest form of certification is the use of static, read-only entries for critical services in the ARP cache of a host.
Which of the following control types would a backup of server data provide in case of a system issue?
A. corrective
A buffer overflow can result in:
A. loss of data caused by unauthorized command execution.
If two employees are encrypting traffic between them using a single encryption key, which of the following algorithms are they using?
B. 3DES
A network administrator is brute forcing accounts through a web interface, Which of the following would provide the BEST defense from an account password being discovered?
B. Account lockout
A member of the human resources department is searching for candidate resumes and encounters the following error message when attempting to access popular job search websites: Site Cannot Be Displayed: Unauthorized Access Policy Violation: Job Search User Group: Retail_Employee_Access Client Address: 10.13.78.145 DNS Server: 10.1.1.9 Proxy IP Address: 10.1.1.29 Contact your systems administrator for assistance. Which of the following would resolve this issue without compromising the company's security policies?
B. Add the, employee to a less restrictive group on the content filter
Which of the following access management concepts is MOST closely associated with the use of a password or PIN?
B. Authentication
Management wants to ensure any sensitive data on company-provided cell phones is isolated in a single location that can be remotely wiped if the phone is lost. Which of the following technologies BEST meets this need?
B. Containerization
An organization is developing its mobile device management policies and procedures and is concerned about vulnerabilities associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN. As part of discussions on the topic, several solutions are proposed. Which of the following controls, when required together, will address the protection of data-at-rest as well as strong authentication? (Select TWO).
B. FDE E. MFA
A manager makes an unannounced visit to the marketing department and performs a walk-through of the office. The manager observes unclaimed documents on printers. A closer look at these documents reveals employee names, addresses, ages, birth dates, marital/dependent statuses, and favorite ice cream flavors. The manager brings this to the attention of the marketing department head. The manager believes this information to be PII, but the marketing head does not agree. Having reached a stalemate, which of the following is the MOST appropriate action to take NEXT?
B. Find the privacy officer in the organization and let the officer act as the arbiter.
Which of the following are considered to be "something you do"? (Select TWO)
B. Handwriting D. Gait
A security analyst identified an SQL injection attack Which of the following is the FIRST step in remediating the vulnerability?
B. Implement input validations.
During a recent audit, several undocumented and unpatched devices were discovered on the internal network. Which of the following can be done to prevent similar occurrences?
B. Implement rogue system detection and configure automated alerts for new devices.
An analyst is currently looking at the following output: Software Name Status Licensed Used Software 1 Approved 100 91 Software 2 Approved 50 52 Software 3 Approved 100 87 Software 4 Approved 50 46 Software 5 Denied 0 0 Which of the following security issues has been discovered based on the output?
B. License compliance violation
4 security analyst is specifying requirements for a wireless network. The analyst must explain the security features provided by various architecture :hoices. Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?
B. Mutual authentication Explanation/Reference: The document RFD 4017 from the IETF explains this at https://tools.ietf.org/html/rfc4017
Using a ROT 13 cipher to protect confidential information for unauthorized access is known as:
B. Obfuscation
Upon learning about a user who has reused the same password for the past several years, a security specialist reviews the logs. The following is an extraction of the report after the most recent password change requirement: Date/time Action Result User 07/14/17 09:00:00 password change success Joe 07/14/17 09:00:11 password change success Joe 07/14/17 09:00:15 password change fail Joe 07/14/17 09:00:32 password change success Joe 07/14/17 09:00:56 password change success Joe 07/14/17 09:01:13 password change success Joe 07/14/17 09:01:16 password change fail Joe 07/14/17 09:01:40 password change success Joe 07/14/17 09:02:02 password change success Joe Which of the following security controls is the user's behavior targeting'?
B. Password history
A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality? (Select TWO)
B. Password reuse restrictions C. Password complexity requirements
A security administrator is analyzing a user report in which the computer exhibits odd network-related outages. The administrator, however, does not see any suspicious processes running. A prior technician's notes indicate the machine has been remediated twice, but the system still exhibits odd behavior. Files were deleted from the system recently. Which of the following is the MOST likely cause of this behavior?
B. Rootkit Explanation/Reference: Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem. When dealing with firmware rootkits, removal may require hardware replacement, or specialized equipment.
Which of the following methods minimizes the system interaction when gathering information to conduct a vulnerability assessment of a router?
B. Run a credentialed scan
As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the Internet in a secure manner. Which of the following protocols would BEST meet this objective? (Select TWO).
B. SFTP E. SRTP Explanation/Reference: SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities. The Secure Real-time Transport Protocol (SRTP) is a Real-time Transport Protocol (RTP) profile, intended to provide encryption, message authentication and integrity, and replay attack protection to the RTP data in both unicast and multicast applications.
An organization uses application whitelisting to help prevent zero-day attacks. Malware was recently identified on one client, which was able to run despite the organization's application whitelisting approach. The forensics team has identified the malicious file, conducted a post-incident analysis, and compared this with the original system baseline. The team sees the following output: filename hash (SHA-1) original: winSCP.exe 2d cta bl 4a 98 fc fl 98 06 bi e5 26 b2 df e5 5b 3e cb 83 el latest: winSCP.exe a3 4a c2 4b 85 fa f2 dd Ob ba f4 16 b2 cif f2 4b 3f ac 4a el Which of the following identifies the flaw in the team's application whitelisting approach?
B. SHA-1 has known collision vulnerabilities and should not be used
The Chief Executive Officer (CEO) received an email from the Chief Financial Officer (CFO), asking the CEO to send financial details. The CEO thought it was strange that the CFO would ask for the financial details via email. The email address was correct in the "From" section of the email. The CEO clicked the form and sent the financial information as requested. Which of the following caused the incident?
B. SPF not enabled Explanation/Reference: Sender Policy Framework (SPF) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam. SPF allows the receiver to check that an email claiming to come from a specific domain comes from an IP address authorized by that domain's administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain.
A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configure to provide authentication between the switch and the TACACS+ server?
B. SSH
Which o the following is a random value appended to a credential that makes the credential less susceptible to compromise when hashed?
B. Salt Explanation/Reference: In cryptography, a salt is random data that is used as an additional input to a one-way function that "hashes" data, a password or passphrase. Salts are used to safeguard passwords in storage. A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated and processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt in a database. Hashing allows for later authentication without keeping and therefore risking the plaintext password in the event that the authentication data store is compromised.
An organization's employees currently use three different sets of credentials to access multiple internal resources. Management wants to make this process less complex. Which of the following would be the BEST option to meet this goal?
B. Single sign-on Explanation/Reference: Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems. It is often accomplished by using the Lightweight Directory Access Protocol (LDAP) and stored LDAP databases on (directory) servers.[1] A simple version of single sign-on can be achieved over IP networks using cookies but only if the sites share a common DNS parent domain.[2]
When accessing a popular website, a user receives a warning that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other users. Which of the following is the MOST likely cause for this?
B. The certificate was deleted from the local cache.
A security analyst is performing a manual audit of captured data from a,packet analyzer. The analyst looks for base64 encoded strings and applies the filter http.authbasic. Which of the following describes what the analyst is looking for?
B. Unencrypted credentials
An organization has an account management policy that defines parameters around each type of account. The policy specifies different security attributes, such as longevity, usage auditing, password complexity„ and identity proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy specify for service technicians from corporate partners?
B. User account
Confidential corporate data was recently stolen by an attacker who exploited data transport protections. Which of the following vulnerabilities is the MOST likely cause of this data breach?
B. Weak SSL cipher strength
A systems administrator has isolated an infected system from the network and terminated the malicious process from executing. Which of the following should the administrator do NEXT according to the incident response process?
B. Wipe the system
An organization is looking to build its second head office in another city, which has a history of flooding with an average of two floods every 100 years. The estimated building cost is $1 million, and the estimated damage due to flooding is half of the building's cost. Given this information, which of the following is the SLE?
C. $500,000
An organization's Chief Executive Officer (CEO) directs a newly hired computer technician to install an OS on the CEO's personal laptop. The technician performs the installation, and a software audit later in the month indicates a violation of the EULA occurred as a result. Which of the following would address this violation going forward?
C. AUP Explanation/Reference: Only the Acceptable Use Policy addresses this issue.
An application developer has neglected to include input validation checks in the design of the company's new web application. An employee discovers that repeatedly submitting large amounts of data, including custom code, to an application will allow the execution of the custom code at the administrator level. Which of the following BEST identifies this application attack?
C. Buffer overflow
During a lessons learned meeting regarding a previous incident, the security team receives a follow-up action item with the following requirements: ~Allow authentication from within the United States anytime. ~Allow authentication if the user is accessing email or a shared file system. ~Do not allow authentication if the AV program is two days out of date, ~Do not allow authentication if the location of the device is in two specific countries. Given the requirements, which of the following mobile deployment authentication types is being utilized?
C. Context-aware authentication Explanation/Reference: Context-aware security requires knowledge of who the user is, what the user is requesting, how the user is connected, when the user is requesting information and where the user is located. The goal is to prevent unauthorized end users or insecure computing devices from being able to access corporate data. Such an approach might allow an end user to browse the network from inside the office, for example, but deny access if the end user is trying to connect with public Wi-Fi.
A company is implementing a tool to mask all Pll when moving data from a production server to a testing server. Which of the following security techniques is the company applying?
C. Data obfuscation
Joe, a backup administrator, wants to implement a solution, that will reduce the restoration time of physical servers. Which of the following is the BEST method for Joe to use?
C. Full
An organization electronically processes sensitive data within a controlled facility. The Chief Information Security Officer (CISO) wants to limit emissions from emanating from the facility. Which of the following mitigates this risk?
C. Hardening the facility with a Faraday cage to contain emissions produced from data processing.
An organization wants to ensure network access is granted only after a user or device has been authenticated. Which of the following should be used to achieve this objective for both wired and wireless networks?
C. IEEE 802.1X Explanation/Reference: IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
A company is deploying a file-sharing protocol across a network and needs to select a protocol for authenticating clients. Management requests that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would BEST accomplish this task?
C. Implement Kerberos
A security administrator is developing a methodology for tracking staff access to patient data. Which of the following would be the BEST method for creating audit trails for usage reports?
C. Implement a database activity monitoring system.
A systems administrator has created network file shares for each department with associated security groups for each role within the organization. Which of the following security concepts is the systems administrator implementing?
C. Least privilege
Which of the following is used to validate the integrity of data?
C. MD5 Explanation/Reference: The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood of an incident, while the horizontal axis indicates the impact. High Yellow Red Pink Medium Green Yellow Red Low Green Green Yellow Low Medium High Which of the following is this table an example of?
C. Qualitative risk assessment
A company wants to provide centralized authentication for its wireless system. The wireless authentication system must integrate with the directory back end. Which of the following is a AAA solution that will provide the required wireless authentication?
C. RADIUS
A network administrator is trying to provide the most resilient hard drive configuration in a server. With five hard drives, which of the following he MOST fault -tolerant configuration?
C. RAID 6
Which of the following describes the maximum amount of time a mission essential function can operate without the systems it depends on before impacting the organization?
C. RTO Explanation/Reference: The recovery time objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity.
During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With which of the following is the auditor MOST likely concerned?
C. RTO/RPO
A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Select TWO)
C. Review the company's current security baseline. D. Verify alignment with policy related to regulatory compliance.
A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are reporting they are unable to access company resources when connected to the company SSID. Which of the following should the security administrator use to assess connectivity?
C. Routing tables
A company is considering hiring a third party to handle the healthcare benefits for its employees. The company has issued the following requirements for the interface between the company and the provider: ~it must be easy or employees to use ~Employees must not be asked to enter their credentials if they are already authenticated to the company network ~Traffic between the company and third-party provider must be secure ~The provider's website must be protected with SSL or TLS. Which of the following identity and access services can be implemented to BEST meet these requirements? (Select TWO)
C. SAML D. Shibboleth Explanation/Reference: Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations. The Shibboleth Internet2 middleware initiative created an architecture and open-source implementation for identity management and federated identity-based authentication and authorization (or access control) infrastructure based on Security Assertion Markup Language (SAML). Federated identity allows the sharing of information about users from one security domain to the other organizations in a federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain user names and passwords. Identity providers (IdPs) supply user information, while service providers (SPs) consume this information and give access to secure content. Trust between domains is implemented using public key cryptography (often simply TLS server certificates) and metadata that describes providers. The use of information passed is controlled through agreements. Federations are often used to simplify these relationships by aggregating large numbers of providers that agree to use common rules and contracts.
A water utility company has seen a dramatic increase in the number of water pumps burning out. A malicious actor was attacking the company and is responsible for the increase. Which of the following systems has the attacker compromised?
C. SCADA
Which of the following implements a stream cipher? 0 A 0 B. 0 D.
C. SFTP data transfer
Which of the following implements a stream cipher?
C. SFTP data transfer Explanation/Reference: SFTP can use arcfour256 ArcFour (RC4) stream cipher (with discard step) with 256-bit key Disabled by default. arcfour128 ArcFour (RC4) stream cipher (with discard step) with 128-bit key Disabled by default. arcfour ArcFour (RC4) stream cipher with 128-bit key Disabled by default. These are disabled by default because of vulnerabilities associated with these.
Which of the following attackers generally possesses minimal technical knowledge to perform advanced attacks and uses widely available tools as well as publicly available information?
C. Script kiddie
A company is planning to utilize its legacy desktop systems by converting them into dummy terminals and moving all heavy applications and storage to a centralized server that hosts all of the company's required desktop applications. Which of the following describes the BEST deployment method to meet these requirements?
C. VDI
Which of the following types of security testing is the MOST cost-effective approach used to analyze existing code and identify areas that require patching?
C. White box
Which of the following methods is used by internal security teams to assess the security of internally developed applications?
C. White box testing
When backing up a database server to LTO tape drives, the following backup schedule is used. Backups take one hour to complete. Sunday (7PM) : Full backup Monday (7PM) : Incremental Tuesday (7PM) : Incremental Wednesday (7PM) : Differential Thursday (7PM) : Incremental Friday (7PM) : Incremental Saturday (7PM) : Incremental On Friday at 9:00 p.m., there is a RAID failure on the database server. The data must be restored from backup_ Which of the following is the number of backup tapes that will be needed to complete this operation?
D. 4
A security analyst is performing a BIA. The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan?
D. A maximum RPO of 60 minutes
A technician is investigating a potentially compromised device with the following symptoms: ~Browser slowness ~Frequent browser crashes ~Hourglass stuck ~New search toolbar ~Increased memory consumption 'Which of the following malware has infected the system?
D. Adware Explanation/Reference: Spyware is software that aims to gather information about a person or organization, sometimes without their knowledge, that may send such information to another entity without the consumer's consent, that asserts control over a device without the consumer's knowledge, or it may send such information to another entity with the consumer's consent, through cookies . When a computer becomes affected by Spyware, the following may result: Slow internet connection. Change of your web browser's home page. Loss of internet connectivity. Failure to open some programs, including security software. Unable to visit specific websites, which may include redirecting you to another one.
Which of the following outcomes is a result of proper error-handling procedures in secure mode?
D. All fault conditions are logged and do not result in a program crash.
Students at a residence hall are reporting Internet connectivity issues The university's network administrator configured the residence hall's network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices The network administrator verifies the residence hall's network is correctly configured and contacts the security administrator for help Which of the following configurations should the security administrator suggest for implementation?
D. DHCP snooping Explanation/Reference: DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients. Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes. However, the most common DoS scenario is that of an end-user plugging in a consumer-grade router at their desk, ignorant that the device they plugged in is a DHCP server by default.
A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources. Which of the following is the immediate NEXT step the technician should take?
D. Disable the network connections on the workstation.
Which of the following strategies helps reduce risk if a rollback is needed when upgrading a critical system platform?
D. Fault tolerance
Joe, a contractor, is hired by a firm to perform a penetration test against the firm's infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing?
D. Gray box
A security administrator has completed a monthly review of DNS server query logs. The administrator notices continuous name resolution attempts from a large number of internal hosts to a single Internet addressable domain name. The security administrator then correlated those logs with the establishment of persistent TCP connections out to this domain. The connections seem to be carrying on the order of kilobytes of data per week. Which of the following is the MOST likely explanation for this anomaly?
D. Internal hosts have become members of a botnet.
Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment?
D. It restricts access of the software to a contained logical space and limits possible damage.
A company wants to implement a wireless network with the following requirements: ~All wireless users will have a unique credential. ~User certificates will not be required for authentication. ~the company's AAA infrastructure must be utilized. ~Local hosts should not store authentication tokens. Which of the following should be used in the design to meet the requirements?
D. PEAP Explanation/Reference: The Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server.
An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal?
D. Patch management
A company recently experienced data exfiltration via the corporate network. In response to the breach, a security analyst recommends deploying an out-of-band IDS solution, The analyst says the solution can be implemented without purchasing any additional network hardware. Which of the following solutions will be used to deploy the IDS?
D. Port mirroring Explanation/Reference: Port Mirroring, also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed. Port Mirroring function is supported by almost all enterprise-class switches (managed switches).
Joe recently assumed the role of data custodian for his organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled "unclassified" and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives?
D. Pulverizing
A security administrator is reviewing the following firewall configuration after receiving reports that users are unable to connect to remote websites: 10 PERMIT FROM:ANY TO:ANY PORT:80 20 PERMIT FROM:ANY TO:ANY PORT:443 30 DENY FROM:ANY TO:ANY PORT:ANY Which of the following is the MOST secure solution the security administrator can implement to fix this issue?
D. Remove the following rule from the firewall: 30 DENY FROM : ANY TO : ANY PORT : ANY
A security administrator is choosing an algorithm to generate password hashes. Which of the following would offer the BEST protection against offline brute force attacks?
D. SHA-1 Explanation/Reference: 3DEs and AES are block ciphers for encrypting data, where MD5 and SHA-1 are hashing functions. MD5 and SHA-1 aren't considered secure anymore, but SHA-1 is the stronger of the two.
An organization wants to deliver streaming audio and video from its home office to remote locations all over the world. It wants the stream to be delivered securely and protected from intercept and replay attacks. Which of the following protocols is BEST suited for this purpose?
D. SRTP Explanation/Reference: The Secure Real-time Transport Protocol (SRTP) is a Real-time Transport Protocol (RTP) profile, intended to provide encryption, message authentication and integrity, and replay attack protection to the RTP data in both unicast and multicast applications.
A developer is building a new web portal for internal use. The web portal will only be accessed by internal users and will store operational documents. Which of the following certificate types should the developer install if the company is MOST interested in minimizing costs?
D. Self-signed Explanation/Reference: In cryptography and computer security, a self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. Self-signed certificates can be created for free using a wide variety of tools including OpenSSL, Java's keytool, Adobe Reader, and Apple's Keychain. Certificates bought from major CAs often cost around a hundred dollars per year.
A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunications company has decided to discontinue its dark fiber product and is offering an MPLS connection, which the law office feels is too expensive. Which of the following is the BEST solution for the law office?
D. Site-to-site VPN
A company's IT department began receiving calls from users reporting that critical customer files were missing from the file server. As more calls came in, technicians realized the files and folders were being deleted. The administrator isolated the file server from the network and noticed files were still being deleted. As the IT department began investigating and remediating, a technician discovered the files were being deleted by a script put in place by an employee who was recently terminated. Which of the following is the MOST likely cause of the incident?
D. The employee placed a logic bomb on the file server to delete the files
After reports of slow internet connectivity, a technician reviews the following logs from a server's host-based firewall: 10:30:21.39312 IP 172.40.21.40:2020 192.168.1.10:443 SYN 10:30:21.39313 IP 172.40.21.40:2021 192.168.1.10:443 SYN 10:30:21.39314 IP 172.40.21.40:2020 192.168.1.10:443 SYN 10:30:21.39315 IP 172.40.21.40:2020 192.168.1.10:443 SYN 10:30:21.39316 IP 172.40.21.40:2020 192.168.1.10:443 SYN 10:30:22.49433 IP 192.168.1.10:443 172.40.21.40:2020 SYN/ACK 10:30:21.49434 IP 192.168.1.10:443 172.40.21.40:2021 SYN/ACK 10:30:21.49435 IP 192.168.1.10:443 172.40.21.40:2022 SYN/ACK 10:30:21.49436 IP 192.168.1.10:443 172.40.21.40:2023 SYN/ACK 10:30:21.49437 IP 192.168.1.10:443 172.40.21.40:2024 SYN/ACK Which of the following can the technician conclude after reviewing the above logs?
D. The server is unable to complete the TCP three-way handshake and send the last ACK
A systems administrator is installing a new server in a large datacenter. Which of the following BEST describes the importance of properly positioning servers in the rack to maintain availability?
D. To provide consistent air flow
To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning?
D. Update the web plugins.