Sec+ 401 1200-1399
A network technician is configuring clients for VLAN access. The network address for the sales department is 192.168.0.64 with a broadcast address of 192.168.0.71. Which of the following IP address/subnet mask combinations could be used to correctly configure a client machine in the sales department? A. 192.168.0.64/29 B. 192.168.0.66/27 C. 192.168.0.67/29 D. 192.168.0.70/28
A. 192.168.0.64/29
Which of the following can be used for both encryption and digital signatures? A. 3DES B. AES C. RSA D. MD5
A. 3DES
In order to enter a high-security data center, users are required to speak the correct password into a voice recognition system. Ann, a member of the sales department, overhears the password and later speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center? A. An authentication factor B. Discretionary Access C. Time of Day Restrictions D. Least Privilege Restrictions
A. An authentication factor
A user attempts to install a new and relatively unknown software program recommended by a colleague. The user is unable to install the program, dispute having successfully installed other programs previously. Which of the following is MOST likely the cause for the user's inability to complete the installation? A. Application black listing B. Network Intrusion Prevention System C. Group Policy D. Application White Listing
A. Application black listing
A security technician has removed the sample configuration files from a database server. Which of the following application security controls has the technician attempted? A. Application hardening B. Application baselines C. Application patch management D. Application input validation
A. Application hardening E. Hashing
A security technician wants to improve the strength of a weak key by making it more secure against brute force attacks. Which of the following would achieve this? A. Blowfish B. Key stretching C. Key escrow D. Recovery agent
A. Blowfish
Which of the following is a software vulnerability that can be avoided by using input validation? A. Buffer overflow B. Application fuzzing C. Incorrect input D. Error handling
A. Buffer overflow
Ann the IT director wants to ensure that as hoc changes are not making their way to the production applications. Which of the following risk mitigation strategies should she implement in her department? A. Change management B. Permission reviews C. Incident management D. Perform routine audits
A. Change management
An administrator is having difficulty configuring WPA2 Enterprise using EAP-PEAP-MSCHAPv2. The administrator has configured the wireless access points properly, and has configured policies on the RADIUS server and configured settings on the client computers. Which of the following is missing? A. Client certificates are needed B. A third party LEAP client must be installed C. A RADIUS server certificate is needed D. The use of CCMP rather than TKIP
A. Client certificates are needed
Ann a member of the Sales Department has been issued a company-owned laptop for use when traveling to remote sites. Which of the following would be MOST appropriate when configuring security on her laptop? A. Configure the laptop with a BIOS password B. Configure a host-based firewall on the laptop C. Configure the laptop as a virtual server D. Configure a host based IDS on the laptop
A. Configure the laptop with a BIOS password
The network security manager has been notified by customer service that employees have been sending unencrypted confidential information via email. Which of the following should the manager select to BEST detect and provide notification of these occurrences? A. DLP B. SSL C. DEP D. UTM
A. DLP
Which of the following password attacks involves attempting all kinds of keystroke combinations on the keyboard with the intention to gain administrative access? A. Dictionary B. Hybrid C. Watering hole D. Brute Force
A. Dictionary
A security technician would like to use ciphers that generate ephemeral keys for secure communication. Which of the following algorithms support ephemeral modes? (Select TWO) A. Diffie-Hellman B. RC4 C. RIPEMO D. NTLMv2 E. PAP F. RSA
A. Diffie-Hellman F. RSA
A company's password and authentication policies prohibit the use of shared passwords and transitive trust. Which of the following if implemented would violate company policy? (Select TWO) A. Discretionary access control B. Federation C. Single sign-on D. TOTP E. Two-factor authentication
A. Discretionary access control C. Single sign-on
A user has an Android smartphone that supports full device encryption. However when the user plus into a computer all of the files are immediately accessible. Which of the following should the user do to enforce full device confidentiality should the phone be lost or stolen? A. Establish a PIN passphrase B. Agree to remote wipe terms C. Generate new media encryption keys D. Download the encryption control app from the store
A. Establish a PIN passphrase
Which of the following can be used to ensure that sensitive records stored on a backend server can only be accessed by a front end server with the appropriate record key? A. File encryption B. Storage encryption C. Database encryption D. Full disk encryption
A. File encryption
Which of the following automated or semi-automated software testing techniques relies on inputting large amounts of random data to detect coding errors or application loopholes? A. Fuzzing B. Black box C. Fault injection D. SQL injection
A. Fuzzing
The Quality Assurance team is testing a third party application. They are primarily testing for defects and have some understanding of how the application works. Which of the following is the team performing? A. Grey box testing B. White box testing C. Penetration testing D. Black box testing
A. Grey box testing
A security administrator is reviewing the web logs and notices multiple attempts by users to access: http://www.comptia.org/idapsearch?user-* Having identified the attack, which of the following will prevent this type of attack on the web server? A. Input validation on the web server B. Block port 389 on the firewall C. Segregate the web server by a VLAN D. Block port 3389 on the firewall
A. Input validation on the web server
Which of the following authentication services uses a default TCP port of 88? A. Kerberos B. TACACS+ C. SAML D. LDAP
A. Kerberos
A software company sends their offsite backup tapes to a third party storage facility. TO meet confidentiality the tapes should be: A. Labeled B. Hashed C. Encrypted D. Duplicated
A. Labeled
The help desk is experiencing a higher than normal amount of calls from users reporting slow response from the application server. After analyzing the data from a packet capturing tool, the head of the network engineering department determines that the issue is due, in part from the increase of personnel recently hired to perform application development. Which of the following would BEST assist in correcting this issue? A. Load balancer B. Spam filter C. VPN Concentrator D. NIDS
A. Load balancer
Which of the following is an attack designed to activate based on date? A. Logic bomb B. Backdoor C. Trojan D. Rootkit
A. Logic bomb
A Company has recently identified critical systems that support business operations. Which of the following will once defined, be the requirement for restoration of these systems within a certain period of time? A. Mean Time Between Failure B. Mean Time to Restore C. Recovery Point Objective D. Recovery Time Objective
A. Mean Time Between Failure
A web startup wants to implement single sign-on where its customers can log on to the site by suing their personal and existing corporate email credentials regardless of which company they work for. Is this directly supported by SAML? A. Mo not without extensive partnering and API integration with all required email providers B. Yes SAML is a web based single sign-on implementation exactly fir this purpose C. No a better approach would be to use required email providers LDAP or RADIUS repositories D. Yes SAML can use oauth2 to provide this functionality out of the box
A. Mo not without extensive partnering and API integration with all required email providers
A cyber security administrator receives a list of IPs that have been reported as attempting to access the network. To identify any possible successful attempts across the enterprise, which of the following should be implemented? A. Monitor authentication logs B. Disable unnecessary accounts C. Time of day restrictions D. Separation of duties
A. Monitor authentication logs
A company's BYOD policy requires the installation of a company provide mobile agent on their on their personally owned devices which would allow auditing when an employee wants to connect a device to the corporate email system. Which of the following concerns will MOST affect the decision to use a personal device to receive company email? A. Personal privacy B. Email support C. Data ownership D. Service availability
A. Personal privacy
A workstation is exhibiting symptoms of malware and the network security analyst has decided to remove the system from the network. This represents which of the following stages of the Incident Handling Response? A. Plan of action B. Mitigation C. Lesson Learned D. Recovery
A. Plan of action
A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors. The company decides that is wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client. Which of the following should the company implement? A. Port security B. WPA2 C. Mandatory Access Control D. Network Intrusion Prevention
A. Port security
A company uses port security based on an approved MAC list to secure its wired network and WPA2 to secure its wireless network. Which of the following prevents an attacker from learning authorized MAC addresses? A. Port security prevents access to any traffic that might provide an attacker with authorized MAC addresses B. Port security uses certificates to authenticate devices and is not part of a wireless protocol C. Port security relies in a MAC address length that is too short to be cryptographically secure over wireless networks D. Port security encrypts data on the network preventing an attacker form reading authorized MAC addresses
A. Port security prevents access to any traffic that might provide an attacker with authorized MAC addresses
Ann, a system analyst, discovered the following log. Which of the following or techniques does this indicate? {bp1@localmachine}$ Is-al Total 12 Drwxrwxr-x A. Protocol analyzer B. Port scanner C. Vulnerability D. Banner grabbing
A. Protocol analyzer
An administrator would like users to authenticate to the network using only UDP protocols. Which of the following would meet this goal? A. RADIUS B. TACACS+ C. Kerberos D. 802.1x
A. RADIUS
Which of the following authentication methods requires the user, service provider and an identity provider to take part in the authentication process? A. RADIUS B. SAML C. Secure LDAP D. Kerberos
A. RADIUS
An administrator would like to utilize encryption that has comparable speed and strength to the AES cipher without using AES itself. The cipher should be able to operate in the same modes as AES and utilize the same minimum bit strength. Which of the following algorithms should the administrator select? A. RC4 B. Rijndael C. SHA D. TwoFish E. 3DES
A. RC4
A security administrator has been tasked with assisting in the forensic investigation of an incident relating to employee misconduct. The employee's supervisor believes evidence of this misconduct can be found on the employee's assigned workstation. Which of the following choices BEST describes what should be done? (Select TWO) A. Record time as offset as required and conduct a timeline analysis B. Update antivirus definitions and conduct a full scan for infected files C. Analyze network traffic, system, and file logs D. Create an additional local admin account on that workstation to conduct work from E. Delete other user profiles on the system to help narrow down the search space F. Patch the system before reconnecting it to the network
A. Record time as offset as required and conduct a timeline analysis C. Analyze network traffic, system, and file logs
A company has a BYOD policy that includes tablets and smart phones. In the case of a legal investigation, which of the following poses the greatest security issues? A. Recovering sensitive documents from a device if the owner is unable or unwilling to cooperate B. Making a copy of all of the files on the device and hashing them after the owner has provided the PIN C. Using GPS services to locate the device owner suspected in the investigation D. Wiping the device from a remote location should it be identified as a risk in the investigation
A. Recovering sensitive documents from a device if the owner is unable or unwilling to cooperate
Which of the following is considered the MOST effective practice when securing printers or scanners in an enterprise environment? A. Routine vulnerability scanning of peripherals B. Install in a hardened network segment C. Turn off the power to the peripherals at night D. Enable print sharing only from workstations
A. Routine vulnerability scanning of peripherals
A security administrator is troubleshooting an authentication issues using a network sniffer. The security administrator reviews a packet capture of the authentication process and notices that authentication is performed using extensible markup over SOAP. Which of the following authentication services is the security administrator troubleshooting? A. SAML B. XTACACS C. Secure LDAP D. RADIUS
A. SAML
A security administrator implements a web server that utilizes an algorithm that requires other hashing standards to provide data integrity. Which of the following algorithms would meet the requirement? A. SHA B. MD5 C. RIPEMD D. HMAC
A. SHA
Joe, a company's network engineer, is concerned that protocols operating at the application layer of the OSI model are vulnerable to exploitation on the network. Which of the following protocols should he secure? A. SNMP B. SSL C. ICMP D. NetBIOS
A. SNMP
Ann, a technician, wants to implement a single protocol on a remote server which will enable her to encrypt and proxy all of her traffic though the remote server via SOCKS5. Which of the following should Ann enable to support both encryption and proxy services? A. SSH B. IPSEC C. TLS D. HTTPS
A. SSH
After several thefts a Chief Executive Officer (CEO) wants to ensure unauthorized do not have to corporate grounds or its employees. The CEO just approved new budget line items for fences, lighting, locks and CCTVs. Which of the following is the primary focus? A. Safety B. Confidentiality C. Availability D. Integrity
A. Safety
Mobile tablets are used by employees on the sales floor to access customer data. Ann a customer recently reported that another customer was able to access her personal information on the tablet after the employee left the area. Which of the following would BEST prevent these issues from reoccurring? A. Screen Locks B. Full-device encryption C. Application control D. Asset tracking
A. Screen Locks
Joe a user upon arriving to work on Monday morning noticed several files were deleted from the system. There were no records of any scheduled network outages or upgrades to the system. Joe notifies the security department of the anomaly found and removes the system from the network. Which of the following is the NEXT action that Joe should perform? A. Screenshots of systems B. Call the local police C. Perform a backup D. Capture system image
A. Screenshots of systems
Joe a technician initiated scans if the company's 10 routers and discovered that half if the routers were not changed from their default configuration prior installed on the network. Which of the following would address this? A. Secure router configuration B. Implementing 802.1x C. Enabling loop protection D. Configuring port security
A. Secure router configuration
During a review a company was cited for allowing requestors to approve and implement their own change request. Which of the following would resolve the issue? (Select TWO) A. Separation duties B. Mandatory access C. Mandatory vacations D. Audit logs E. Job Rotation F. Time of day restrictions
A. Separation duties E. Job Rotation
Joe processes several requisitions during the day and during the night shift they are approved by Ann. This is an example of which of the following? A. Separation of duties B. Discretionary access C. Mandatory access D. Time of day restrictions
A. Separation of duties
After making a bit-level copy of compromised server, the forensics analyst Joe wants to verify that he bid not accidentally make a change during his investigation. Which of the following should he perform? A. Take a hash of the image and compare it to the one being investigated B. Compare file sizes of all files prior to and after investigation C. Make a third image and compare it to the second image being investigated D. Compare the logs of the copy to the actual server
A. Take a hash of the image and compare it to the one being investigated
A network security administrator is trying to determine how an attacker gained access to the corporate wireless network. The network is configured with SSID broadcast disabled. The senior network administrator explains that this configuration setting would only have determined an unsophisticated attacker because of which of the following? A. The SSID can be obtained with a wireless packet analyzer B. The required information can be brute forced over time C. Disabling the SSID only hides the network from other WAPs D. The network name could be obtained through a social engineering campaign
A. The SSID can be obtained with a wireless packet analyzer
After a new RADIUS server is added to the network, an employee is unable to connect to the company's WPA2-Enterprise WIFI network, which is configured to prompt for the employee's network username and password. The employee reports receiving an error message after a brief connection attempt, but is never prompted for credentials. Which of the following issues could be causing the problem? A. The employee's account is locked out in the directory service B. The new RADIUS server is overloading the wireless access point C. The new RADIUS server's certificate is not trusted by the employee's PC D. The employee's account is disabled in the RADIUS server's local database
A. The employee's account is locked out in the directory service
The below report indicates that the system is MOST likely infected by which of the following? Protocol LOCAL IP FOREIGN IP STATE TCP 0.0.0:445 0.0.0.0:0 Listening TCP 0.0.0.0:3390 0.0.0.0:0 Listening A. Trojan B. Worm C. Logic bomb D. Spyware
A. Trojan
A security manager installed a standalone fingerprint reader at the data center. All employees that need to access the data center have been enrolled to the reader and local reader database is always kept updates. When an employee who has been enrolled uses the fingerprint reader the door to the data center opens. Which of the following does this demonstrate? (Select THREE) A. Two-factor authentication B. Single sign-on C. Something you have D. Identification E. Authentication F. Authorization
A. Two-factor authentication D. Identification E. Authentication
A security administrator would like to write an access rule to block the three IP addresses given below. Which of the following combinations should be used to include all of the given IP addresses? 192.168.12.255 192.168.12.227 192.168.12.229 A. 192.168.12.0/25 B. 192.168.12.128.28 C. 192.168.12.224/29 D. 192.168.12.225/30
B. 192.168.12.128.28
Which of the following ports is used for TELNET by default? A. 22 B. 23 C. 21 D. 20
B. 23
Which of the following wireless standards is backwards compatible with 802.11g? A. 802.11a B. 802.11b C. 802.11n D. 802.1q
B. 802.11b
Which of the following would be used to allow a subset of traffic from a wireless network to an internal network? A. Access control list B. 802.1X C. Port security D. Load balancers
B. 802.1X
In which of the following scenarios would it be preferable to implement file level encryption instead of whole disk encryption? A. A server environment where the primary security concern is integrity and not file recovery B. A cloud storage environment where multiple customers use the same hardware but possess different encryption keys C. A SQL environment where multiple customers access the same database D. A large datacenter environment where each customer users dedicated hardware resources
B. A cloud storage environment where multiple customers use the same hardware but possess different encryption keys
When implementing a Public Key Infrastructure, which of the following should the sender use to digitally sign a document? A. A CSR B. A private key C. A certificate authority D. A public key
B. A private key
After a few users report problems with the wireless network, a system administrator notices that a new wireless access point has been powered up in the cafeteria. The access point has the same SSID as the corporate network and is set to the same channel as nearby access points. However, the AP has not been connected to the Ethernet network. Which of the following is the MOST likely cause of the user's wireless problems? A. AP channel bonding B. An evil twin attack C. Wireless interference D. A rogue access point
B. An evil twin attack
A company has been attacked and their website has been altered to display false information. The security administrator disables the web server service before restoring the website from backup. An audit was performed on the server and no other data was altered. Which of the following should be performed after the server has been restored? A. Monitor all logs for the attacker's IP B. Block port 443 on the web server C. Install and configure SSL to be used on the web server D. Configure the web server to be in VLAN 0 across the network
B. Block port 443 on the web server
Ann, a security administrator, is strengthening the security controls of the company's campus. Her goal is to prevent people from accessing open locations that are not supervised, such as around the receiving dock. She is also concerned that employees are using these entry points as a way of bypassing the security guard at the main entrance. Which of the following should Ann recommend that would BEST address her concerns? A. Increase the lighting surrounding every building on campus B. Build fences around campus with gate entrances C. Install cameras to monitor the unsupervised areas D. Construct bollards to prevent vehicle entry in non-supervised areas
B. Build fences around campus with gate entrances
A company needs to provide web-based access to shared data sets to mobile users, while maintaining a standardized set of security controls. Which of the following technologies is the MOST appropriate storage? A. Encrypted external hard drives B. Cloud storage C. Encrypted mobile devices D. Storage Area Network
B. Cloud storage
A user authenticates to a local directory server. The user then opens a virtualization client to connect to a virtual server. Instead of supplying a username/password combination, the user simply checks a use directory credentials checkbox to authenticate to the virtual server. Which of the following authentication types has been utilized? A. Transitive trust B. Common access card C. Multifactor authentication D. Single sign-on
B. Common access card
Company policy requires employees to change their passwords every 60 days. The security manager has verified all systems are configured to expire passwords after 60 days. Despite the policy and technical configuration, weekly password audits suggest that some employees have had the same weak passwords in place longer than 60 days. Which of the following password parameters is MOST likely misconfigured? A. Minimum lifetime B. Complexity C. Length D. Maximum lifetime
B. Complexity
Joe wants to employ MD5 hashing on the company file server. Which of the following is Joe trying to achieve? A. Availability B. Confidentiality C. Non repudiation D. Integrity
B. Confidentiality
A major medical corporation is investigating deploying a web based portal for patients to access their medical records. The medical corporation has a long history of maintaining IT security but is considering having a third party vendor create the web portal. Which of the following areas is MOST important for the Chief Information Security Officer to focus on when reviewing proposal from vendors interested in creating the web portal? A. Contractor background check B. Confidentiality and availability C. Redundancy and privacy D. Integrity and confidentiality
B. Confidentiality and availability
While troubleshooting a new wireless 802.11 ac network an administrator discovers that several of the older systems cannot connect. Upon investigation the administrator discovers that the older devices only support 802.11 and RC4. The administrator does not want to affect the performance of the newer 802.11 ac devices on the network. Which of the following should the administrator do to accommodate all devices and provide the MOST security? A. Disable channel bonding to allow the legacy devices and configure WEP fallback B. Configure the AP in protected mode to utilize WPA2 with CCMP C. Create a second SSID on the AP which utilizes WPA and TKIP D. Configure the AP to utilize the 5Gh band only and enable WEP
B. Configure the AP in protected mode to utilize WPA2 with CCMP
Joe a system administrator receives reports that users attempting to reach the corporate website are arriving at an unfamiliar website instead. An investigation by a forensic analyst found that the name server log has several corporate IP addresses that were changed using Joe's credentials. Which of the following is this attack called? A. Xmas attack B. DNS poisoning C. Web server attack D. Spoofing attack
B. DNS poisoning
Establishing a method to erase or clear memory is an example of securing which of the following? A. Data in transit B. Data at rest C. Data in use D. Data in motion
B. Data at rest
A software developer places a copy of the source code for a sensitive internal application on a company laptop to work remotely. Which of the following policies is MOST likely being violated? A. Clean desk B. Data handling C. Chain of custody D. Social media
B. Data handling
Two organizations want to share sensitive data with one another from their IT systems to support a mutual customer base. Both organizations currently have secure network and security policies and procedures. Which of the following should be the PRIMARY security considerations by the security managers at each organization prior to sharing information? (Select THREE) A. Physical security controls B. Device encryption C. Outboarding/Offboarding D. Use of digital signatures E. SLA/ISA F. Data ownership G. Use of smartcards or common access cards H. Patch management
B. Device encryption E. SLA/ISA F. Data ownership
A recent audit had revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO). A. Deploy a honeypot B. Disable unnecessary services C. Change default password D. Implement an application firewall E. Penetration testing
B. Disable unnecessary services C. Change default password
A security administrator would like the corporate webserver to select perfect forward secrecy ciphers first. Which of the following cipher suites should the administrator select to accomplish this goal? A. DH-DSS-CAMELLA256-SHA B. ECDHE-RSA-AES1280SHA C. DH-RSA-AES128-SHA256 D. ADH-AES256-SHA
B. ECDHE-RSA-AES1280SHA
Ann a new small business owner decides to implement WiFi access for her customers. There are several other businesses nearby who also have WiFi hot spots. Ann is concerned about security of the wireless network and wants to ensure that only her customers have access. Which of the following choices BEST meets her intent of security and access? A. Enable port security B. Enable WPA C. Disable SSID broadcasting D. Enable WEP
B. Enable WPA
Anne an employee receives the following email: From: Human Resources To: Employee Subject: Updated employee code of conduct Please click on the following link: http//external.site.com/codeofconduct.exe to review the updated code of conduct at your earliest convenience. After clicking the email link, her computer is compromised. Which of the following principles of social engineering was used to lure Anne into clicking the phishing link in the above email? A. Authority B. Familiarity C. Intimidation D. Urgency
B. Familiarity
Ann a network administrator has been tasked with strengthening the authentication of users logging into systems in area containing sensitive information. Users log in with usernames and passwords, following by a retinal scan. Which of the following could she implement to add an additional factor of authorization? A. Requiring PII usage B. Fingerprint scanner C. Magnetic swipe cards D. Complex passphrases
B. Fingerprint scanner
The new Chief Information Officer (CIO) of company ABC, Joe has noticed that company XWY is always one step ahead with similar products. He tasked his Chief Security Officer to implement new security controls to ensure confidentiality of company ABC's proprietary data and complete accountability for all data transfers. Which of the following security controls did the Chief Security Officer implement to BEST meet these requirements? (Select Two) A. Redundancy B. Hashing C. DRP D. Digital Signatures E. Encryptions
B. Hashing E. Encryptions
Using a protocol analyzer, a security consultant was able to capture employee's credentials. Which of the following should the consultant recommend to the company, in order to mitigate the risk of employees credentials being captured in the same manner in the future? A. Wiping of remnant data B. Hashing and encryption of data in-use C. Encryption of data in-transit D. Hashing of data at-rest
B. Hashing and encryption of data in-use
Which of the following should a company deploy to prevent the execution of some types of malicious code? A. Least privilege accounts B. Host-based firewalls C. Intrusion Detection systems D. Application white listing
B. Host-based firewalls
A security engineer discovers that during certain times of day, the corporate wireless network is dropping enough packets to significantly degrade service. Which of the following should be the engineer's FIRST step in troubleshooting the issues? A. Configure stronger encryption B. Increase the power level C. Change to a higher gain antenna D. Perform a site survey
B. Increase the power level
In an environment where availability is critical such as Industrial control and SCADA networks, which of the following technologies in the MOST critical layer of defense for such systems? A. Log consolidation B. Intrusion Prevention system C. Automated patch deployment D. Antivirus software
B. Intrusion Prevention system
A security administrator wishes to protect session leys should a private key become discovered. Which of the following should be enabled in IPSec to allow this? A. Perfect forward secrecy B. Key escrow C. Digital signatures D. CRL
B. Key escrow
A penetration tester was able to obtain elevated privileges on a client workstation and multiple servers using the credentials of an employee. Which of the following controls would mitigate these issues? (Select TWO) A. Separation of duties B. Least privilege C. Time of day restrictions D. Account expiration E. Discretionary access control F. Password history Answer: B,D Explanation: CompTIA SY0-401 Exam "
B. Least privilege D. Account expiration
A fiber company has acquired permission to bury a fiber cable through a famer's land. Which of the following should be in the agreement with the farmer to protect the availability of the network? A. No farm animals will graze near the burial site of the cable B. No digging will occur near the burial site of the cable C. No buildings or structures will be placed on top of the cable D. No crops will be planted on top of the cable
B. No digging will occur near the burial site of the cable
Ann is traveling for business and is attempting to use the hotel's wireless network to check for new messages. She selects the hotel's wireless SSID from a list of networks and successfully connects. After opening her email client and waiting a few minutes, the connection times out. Which of the following should Ann do to retrieve her email messages? A. Change the authentication method for her laptop's wireless card from WEP to WPA2 B. Open a web browser and authenticate using the captive portal for the hotel's wireless network C. Contact the front desk and have the MAC address of her laptop added to the MAC filter on the hotel's wireless network D. Change the incoming email protocol from IMAP to POP3
B. Open a web browser and authenticate using the captive portal for the hotel's wireless network
A malicious user has collected the following list of information: 192.168.1.5 OpenSSH-Server_5.8 192.168.1.7 OpenSSH-Server_5.7 192.168.1.9 OpenSSH-Server_5.7 Which of the following techniques is MOST likely to gather this type of data? A. Banner grabbing B. Port scan C. Host scan D. Ping scan
B. Port scan
A technician has deployed a new VPN concentrator. The device needs to authenticate users based on a backend directory service. Which of the following services could be run on the VPN concentrator to perform this authentication? A. Kerberos B. RADIUS C. GRE D. IPSec
B. RADIUS
Which of the following is primarily used to provide fault tolerance at the application level? (Select TWO) A. Load balancing B. RAID array C. RAID 6 D. Server clustering E. JBOD array
B. RAID array D. Server clustering
Deploying compensating security controls is an example of: A. Risk avoidance B. Risk mitigation C. Risk transference D. Risk acceptance
B. Risk mitigation
A security engineer is tasked with encrypting corporate email. Which of the following technologies provide the MOST complete protection? (Select TWO) A. PGP/GPG B. S/MIME C. IPSEC D. Secure POP3 E. IMAP F. HMAC
B. S/MIME F. HMAC
A security administrator is reviewing the company's data backup plan. The plan implements nightly offsite data replication to a third party company. Which of the following documents specifies how much data can be stored offsite, and how quickly the data can be retrieved by the company from the third party? A. MTBF B. SLA C. RFQ D. ALE
B. SLA
The Chief Information Officer (CIO) has asked a security analyst to determine the estimated costs associated with each potential breach of their database that contains customer information. Which of the following is the risk calculation that the CIO is asking for? A. Impact B. SLE C. ARO D. ALE
B. SLE
A malicious individual used an unattended customer service kiosk in a busy store to change the prices of several products. The alteration was not noticed until several days later and resulted in the loss of several thousand dollars for the store. Which of the following would BEST prevent this from occurring again? A. Password expiration B. Screen locks C. Inventory control D. Asset tracking
B. Screen locks
A company has implemented full disk encryption. Clients must authenticate with a username and password at a pre-boot level to unlock the disk and again a username and password at the network login. Which of the following are being used? (Select TWO) A. Multifactor authentication B. Single factor authentication C. Something a user is D. Something a user has E. Single sign-on F. Something a user knows
B. Single factor authentication F. Something a user knows
A local hospital with a large four-acre campus wants to implement a wireless network so that doctors can use tablets to access patients' medical data. The hospital also wants to provide guest access to the internet for hospital patients and visitors in select areas. Which of the following areas should be addressed FIRST? A. MAC filters B. Site Survey C. Power level controls D. Antenna types
B. Site Survey
A user Ann has her assigned token but she forgotten her password. Which of the following appropriately categorizes the authentication factor that will fail in this scenario? A. Something you do B. Something you know C. Something you are D. Something you have
B. Something you know
Which of the following types of attacks is based on coordinating small slices of a task across multiple systems? A. DDos B. Spam C. Spoofing D. Dos
B. Spam
Which of the following exploits either a host file on a target machine or vulnerabilities on a DNS server in order to carry out URL redirection? A. Pharming B. Spoofing C. Vishing D. Phishing
B. Spoofing
A security technician would like an application to use random salts to generate short lived encryption leys during the secure communication handshake process to increase communication security. Which of the following concepts would BEST meet this goal? A. Ephemeral keys B. Symmetric Encryption Keys C. AES Encryption Keys D. Key Escrow
B. Symmetric Encryption Keys
An employee's mobile device associates with the company's guest WiFi SSID, but then is unable to retrieve email. The email settings appear to be correct. Which of the following is the MOST likely cause? A. The employee has set the network type to WPA instead of WPA2 B. The network uses a captive portal and requires a web authentication C. The administrator has blocked the use of the personal hot spot feature D. The mobile device has been placed in airplane mode
B. The network uses a captive portal and requires a web authentication
A worker dressed in a fire suppression company's uniform asks to be let into the server room to perform the annual check in the fire extinguishers. The system administrator allows the worker into the room, only to discover hours later that the worker was actually a penetration tester. Which of the following reasons allowed the penetration tester to access the server room? A. Testing the fire suppression system represented a critical urgency B. The pen tester assumed the authority of a reputable company C. The pen tester used an intimidation technique on the administrator D. The administrator trusted that the server room would remain safe
B. The pen tester assumed the authority of a reputable company
A company requires that all users enroll in the corporate PKI structure and digitally sign all emails. Which of the following are primary reasons to sign emails with digital certificates? (Select TWO) A. To establish non-repudiation B. To ensure integrity C. To prevent SPAM D. To establish data loss prevention E. To protect confidentiality F. To establish transport encryption
B. To ensure integrity E. To protect confidentiality
A user has reported inadvertently sending an encrypted email containing PII to an incorrect distribution group. Which of the following potential incident types is this? A. Data sharing B. Unauthorized viewing C. Data breach D. Unauthorized access
B. Unauthorized viewing
A security administrator is designing an access control system, with an unlimited budget, to allow authenticated users access to network resources. Given that a multifactor authentication solution is more secure, which of the following is the BEST combination of factors? A. Retina scanner, thumbprint scanner, and password B. Username and password combo, voice recognition scanner, and retina scanner C. Password, retina scanner, and proximity reader D. One-time password pad, palm-print scanner, and proximity photo badges
B. Username and password combo, voice recognition scanner, and retina scanner
While testing a new host based firewall configuration a security administrator inadvertently blocks access to localhost which causes problems with applications running on the host. Which of the following addresses refer to localhost? A. ::0 B. 127.0.0.0 C. 120.0.0.1 D. 127.0.0/8 E. 127::0.1
C. 120.0.0.1
A security technician has been tasked with opening ports on a firewall to allow users to browse the internet. Which of the following ports should be opened on the firewall? (Select Three) A. 22 B. 53 C. 80 D. 110 E. 443 F. 445 G. 8080
C. 80 E. 443 G. 8080
An administrator needs to allow both secure and regular web traffic into a network. Which of the following ports should be configured? (Select TWO) A. 25 B. 53 C. 80 D. 110 E. 143 F. 443
C. 80 F. 443
A defense contractor wants to use one of its classified systems to support programs from multiple intelligence agencies. Which of the following MUST be in place between the intelligence agencies to allow this? A. A DRP B. An SLA C. A MOU D. A BCP
C. A MOU
The security administration team at a company has been tasked with implementing a data-at-rest solution for its company storage. Due to the large amount of storage the Chief Information Officer (CISO) decides that a 128-bit cipher is needed but the CISO also does not want to degrade system performance any more than necessary. Which of the following encryptions needs BOTH of these needs? A. SHA1 B. DSA C. AES D. 3DES
C. AES
Which of the following metrics is important for measuring the extent of data required during backup and recovery? A. MOU B. ARO C. ALE D. RPO
C. ALE
Which of the following is BEST described by a scenario where management chooses not to implement a security control for a given risk? A. Mitigation B. Avoidance C. Acceptance D. Transference
C. Acceptance
The user of a news service accidently accesses another user's browsing history. From this the user can tell what competitors are reading, querying, and researching. The news service has failed to properly implement which of the following? A. Application white listing B. In-transit protection C. Access controls D. Full disk encryption
C. Access controls
Company XYZ has suffered leaks of internally distributed confidential documents. Ann the network security analyst has been tasked to track down the culprit. She has decided to embed a four letter string of characters in documents containing proprietary information. Which of the following initial steps should Ann implement before sending documents? A. Store one of the documents in a honey pot B. Start antivirus scan on all the suspected computers C. Add a signature to the NIDS containing the four letter string D. Ask employees to report suspicious behaviors
C. Add a signature to the NIDS containing the four letter string
A company has identified a watering hole attack. Which of the following Best describes this type of attack? A. Emails are being spoofed to look like they are internal emails B. A cloud storage site is attempting to harvest user IDS and passwords C. An online news site is hosting ads in iframes from another site D. A local restaurant chains online menu is hosting malicious code
C. An online news site is hosting ads in iframes from another site
Which of the following would provide the MOST objective results when performing penetration testing for an organization? A. An individual from outside the organization would be more familiar with the system B. AN inside support staff member would know more about how the system could be compromised C. An outside company would be less likely to skew the results in favor if the organization D. An outside support staff member would be more likely to report accurate results due to familiarity with the system
C. An outside company would be less likely to skew the results in favor if the organization
A system security analyst wants to capture data flowing in and out of the enterprise. Which of the following would MOST likely help in achieving this goal? A. Taking screenshots B. Analyzing Big Data metadata C. Analyzing network traffic and logs D. Capturing system image
C. Analyzing network traffic and logs
Which of the following types of malware is designed to provide access to a system when normal authentication fails? A. Rootkit B. Botnet C. Backdoor D. Adware
C. Backdoor
A security assurance officer is preparing a plan to measure the technical state of a customer's enterprise. The testers employed to perform the audit will be given access to the customer facility and network. The testers will not be given access to the details of custom developed software used by the customer. However the testers with have access to the source code for several open source applications and pieces of networking equipment used at the facility, but these items will not be within the scope of the audit. Which of the following BEST describes the appropriate method of testing or technique to use in this scenario? (Select TWO) A. Social engineering B. All source C. Black box D.Memory dumping E. Penetration
C. Black box E. Penetration
A Windows- based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner? A. Kill all system processes B. Enable the firewall C. Boot from CD/USB D. Disable the network connection
C. Boot from CD/USB
An employee attempts to go to a well-known bank site using the company-standard web browser by correctly typing in the address of the site into the web browser. The employee is directed to a website that looks like the bank's site but is not the actual bank site. The employee's user name and password are subsequently stolen. This is an example of which of the following? A. Watering hole attack B. Cross-site scripting C. DNS poisoning D. Man-in-the-middle attack
C. DNS poisoning
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site do not record any footage. Which of the following types of controls was being used? A. Detective B. Corrective C. Deterrent D. Preventive
C. Deterrent
A business has recently adopted a policy allowing employees to use personal cell phones and tablets to access company email accounts while out of the office. Joe an employee was using a personal cell phone for email access and was recently terminated. It is suspected that Joe saved confidential client emails on his personal cell phone. Joe claims that the data on the phone is completely personal and refuse to allow the company access to inspect the cell phone. Which of the following is the MOST likely cause of this dispute? A. Onboarding procedures B. Fair use policy C. Device ownership D. User acceptance
C. Device ownership
A security administrator wishes to implement a method of generating encryption keys from user passwords to enhance account security. Which of the following would accomplish this task? A. NTLMv2 B. Blowfish C. Diffie-Hellman D. PBKDF2
C. Diffie-Hellman
An SSL session is taking place. After the handshake phase has been established and the cipher has been selected, which of the following are being used to secure data in transport? (Select TWO) A. Symmetrical encryption B. Ephemeral Key generation C. Diffie-Hellman D. AES E. RSA F. Asymmetrical encryption
C. Diffie-Hellman E. RSA
Log file analysis on a router reveals several unsuccessful telnet attempts to the virtual terminal (VTY) lines. Which of the following represents the BEST configuration used in order to prevent unauthorized remote access while maintaining secure availability for legitimate users? A. Disable telnet access to the VTY lines, enable SHH access to the VTY lines with RSA encryption B. Disable both telnet and SSH access to the VTY lines, requiring users to log in using HTTP C. Disable telnet access to the VTY lines, enable SHH access to the VTY lines with PSK encryption D. Disable telnet access to the VTY lines, enable SSL access to the VTY lines with RSA encryption
C. Disable telnet access to the VTY lines, enable SHH access to the VTY lines with PSK encryption
By hijacking unencrypted cookies an application allows an attacker to take over existing web sessions that do not use SSL or end to end encryption. Which of the following choices BEST mitigates the security risk of public web surfing? (Select TWO) A. WPA2 B. WEP C. Disabling SSID broadcasting D. VPN E. Proximity to WIFI access point
C. Disabling SSID broadcasting D. VPN
Which of the following attacks is generally initiated from a botnet? A. Cross site scripting attack B. HTTP header injection C. Distributed denial of service D. A war driving attack
C. Distributed denial of service
Ann a security administrator wants a limit access to the wireless network. Which of the following can be used to do this without using certificates? A. Employ EPA-TLS B. Employ PEAP on all laptops C. Enable MAC filtering D. Disable SSID broadcasting
C. Enable MAC filtering
Data confidentiality must be enforces on a secure database. Which of the following controls meets this goal? (Select TWO) A. MAC B. Lock and key C. Encryption D. Non-repudiation E. Hashing
C. Encryption
A review of administrative access has discovered that too many accounts have been granted administrative rights. Which of the following will alert the security team when elevated access is applied? A. Establishing user access reviews B. Establishing user based privileges C. Establishing monitoring on accounts D. Establishing group based privileges
C. Establishing monitoring on accounts
When an authorized application is installed on a server, the application triggers an alert on the HIDS. This is known as a: A. Vulnerability B. False negative C. False positive D. Threat vector
C. False positive
A network technician at a company, Joe is working on a network device. He creates a rule to prevent users from connecting to a toy website during the holiday shopping season. This website is blacklisted and is known to have SQL injections and malware. Which of the following has been implemented? A. Mandatory access B. Network separation C. Firewall rules D. Implicit Deny
C. Firewall rules
While working on a new project a security administrator wants to verify the integrity of the data in the organizations archive library. Which of the following is the MOST secure combination to implement to meet this goal? (Select TWO) A. Hash with SHA B. Encrypt with Diffie-Hellman C. Hash with MD5 D. Hash with RIPEMD E. Encrypt with AES
C. Hash with MD5 D. Hash with RIPEMD
A security administrator suspects that an employee in the IT department is utilizing a reverse proxy to bypass the company's content filter and browse unapproved and non-work related sites while at work. Which of the following tools could BEST be used to determine how the employee is connecting to the reverse proxy? A. Port scanner B. Vulnerability scanner C. Honeypot D. Protocol analyzer
C. Honeypot
After installing a new Linux system the administrator runs a command that records the size, permissions, and MD5 sum of all the files on the system. Which of the following describes what the administrator is doing? A. Identifying vulnerabilities B. Design review C. Host software baselining D. Operating system hardening
C. Host software baselining
A network security analyst has confirmed that the public facing web server has been compromised. Which of the following stages if the Incident Handling Response does this describe? A. Analyzing B. Recovering C. Identification D. Mitigation
C. Identification
A breach at a credit card company resulted in customers credit card information being exposed . The company has conducted a full forensic investigation and identified the source of the breach. Which of the following should the company do NEXT? A. Move to the incident identification phase B. Implement the risk assessment plan C. Implement damage and loss control procedures D. Implement first responder processes
C. Implement damage and loss control procedures
A custom PKI application downloads a certificate revocation list (CRL) once per day. Management requests the list be checked more frequently. Which of the following is the BEST solution? A. Refresh the CA public key each time a user logs in B. Download the CRK every 60 seconds C. Implement the OCSP protocol D. Prompt the user to trust a certificate each time it is used
C. Implement the OCSP protocol
An administrator is investigating a system that may potentially be compromised and sees the following log entries on the router. *Jul 15 14:47:29.779: %Router1: list 101 permitted TCP 192.10.3.204(57222) (FastEthernet 0/3) - > 10.10.1.5 (6667), 3 packets. *Jul 15 14:47:38.779: %Router1: list 101 permitted TCP 192.10.3.204(57222) (FastEthernet 0/3) - > 10.10.1.5 (6667), 6 packets. *Jul 15 14:47:45.779: %Router1: list 101 permitted TCP 192.10.3.204(57222) (FastEthernet 0/3) - > 10.10.1.5 (6667), 8 packets. Which of the following BEST describes the compromised system? A. It is running a rogue web server B. It is being used in a man-in-the-middle attack C. It is participating in a botnet D. It is an ARP poisoning attack
C. It is participating in a botnet
A rogue programmer included a piece of code in an application to cause the program to halt at 2:00 PM on Monday afternoon when the application is most utilized. This is Which of the following types of malware? A. Trojan B. Virus C. Logic Bomb D. Botnets
C. Logic Bomb
Which of the following is used to inform users of the repercussions of releasing proprietary information? A. OLA B. SLA C. NDA D. MOU
C. NDA
Company A and Company B both supply contractual services to a fast paced and growing auto parts manufacturer with a small local Area Network (LAN) at its local site. Company A performs inhouse billing and invoices services for the local auto parts manufactacturer. Company B provides in-house parts and widgets services for the local auto parts manufacturers. Which of the following is the BEST method to mitigate security risk within the environment? A. Virtual Private Network B. Role-Based access C. Network segmentation D. Public Key Infrastructure
C. Network segmentation
The helpdesk is receiving numerous reports that a newly installed biometric reader at the entrance of the data center has a high of false negatives. Which of the following is the consequence of this reported problem? A. Unauthorized employees have access to sensitive systems B. All employees will have access to sensitive systems C. No employees will be able to access the datacenter D. Authorized employees cannot access sensitive systems
C. No employees will be able to access the datacenter
The access control list (ACL) for a file on a server is as follows: User: rwx User: Ann: r- - User: Joe: r- - Group: rwx Group: sales: r-x Other: r-x Joe and Ann are members of the Human Resources group. Will Ann and Joe be able to run the file? A. No since Ann and Joe are members of the Sales group owner of the file B. Yes since the regular permissions override the ACL for the file C. No since the ACL overrides the regular permissions for the file D. Yes since the regular permissions and the ACL combine to create the effective permissions on the file
C. No since the ACL overrides the regular permissions for the file
The security manager reports that the process of revoking certificates authority is too slow and should be automated. Which of the following should be used to automate this process? A. CRL B. GPG C. OCSP D. Key escrow
C. OCSP
A password audit has revealed that a significant percentage if end-users have passwords that are easily cracked. Which of the following is the BEST technical control that could be implemented to reduce the amount of easily "crackable" passwords in use? A. Credential management B. Password history C. Password complexity D. Security awareness training
C. Password complexity
Which of the following is the GREATEST security concern of allowing employees to bring in their personally owned tablets and connecting to the corporate network? A. Tablet network connections are stored and accessible from the corporate network B. The company's attack surface increases with the non-corporate devices C. Personally purchased media may be available on the network for others to stream D. Encrypted tablets are harder to access to determine if they are infected
C. Personally purchased media may be available on the network for others to stream
A webpage displays a potentially offensive advertisement on a computer. A customer walking by notices the displayed advertisement and files complaint. Which of the following can BEST reduce the likelihood of this incident occurring again? A. Clean-desk policies B. Screen-locks C. Pop-up blocker D. Antispyware software
C. Pop-up blocker
A video surveillance audit recently uncovered that an employee plugged in a personal laptop and used the corporate network to browse inappropriate and potentially malicious websites after office hours. Which of the following could BEST prevent a situation like this form occurring again? A. Intrusion detection B. Content filtering C. Port security D. Vulnerability scanning
C. Port security
A penetration tester is measuring a company's posture on social engineering. The penetration tester sends a phishing email claiming to be from IT asking employees to click a link to update their VPN software immediately. Which of the following reasons would explain why this attack could be successful? A. Principle of Scarcity B. Principle of Intimidation C. Principle of Urgency D. Principle of liking
C. Principle of Urgency
A security administrator is installing a single camera outside in order to detect unauthorized vehicles in the parking lot. Which of the following is the MOST important consideration when deploying a CCTV camera to meet the requirement? A. Training B. Expense C. Resolution D. Field of view
C. Resolution
An administrator uses a server with a trusted OS and is configuring an application to go into production tomorrow, In order to make a new application work properly, the administrator creates a new policy that labels the application and assigns it a security context within the trusted OS. Which of the following control methods is the administrator using by configuring this policy? A. Time based access control B. Mandatory access control C. Role based access control D. Rule based access control
C. Role based access control
A company wants to prevent unauthorized access to its secure data center. Which of the following security controls would be MOST appropriate? A. Alarm to local police B. Camera C. Security guard D. Motion detector
C. Security guard
An employee from the fire Marshall's office arrives to inspect the data center. The operator allows him to bypass the multi-factor authentication to enter the data center. Which of the following types of attacks may be underway? A. Impersonation B. Hoax C. Tailgating D. Spoofing
C. Tailgating
Joe uses his badge to enter the server room, Ann follows Joe entering without using her badge. It is later discovered that Ann used a USB drive to remove confidential data from a server. Which of the following principles is potentially being violated? (Select TWO) A. Clean desk policy B. Least privilege C. Tailgating D. Zero-day exploits E. Data handling
C. Tailgating E. Data handling
When employing PKI to send signed and encrypted data the individual sending the data must have: (Select TWO) A. The receiver's private key B. The root certificate C. The sender's private key D. The sender's public key E. The receiver's public key
C. The sender's private key E. The receiver's public key
Ann the security administrator has been reviewing logs and has found several overnight sales personnel are accessing the finance department's network shares. Which of the following security controls should be implemented to BEST remediate this? A. Mandatory access B. Separation of duties C. Time of day restrictions D. Role based access
C. Time of day restrictions
Which of the following would allow users from outside of an organization to have access to internal resources? A. NAC B. VLANS C. VPN D. NAT
C. VPN
Joe a technician is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing? A. OS hardening B. Application control C. Virtualization D. Sandboxing
C. Virtualization
Which of the following ports will be used for logging into secure websites? A. 80 B. 110 C. 142 D. 443
D. 443
During an office move a sever containing the employee information database will be shut down and transported to a new location. Which of the following would BEST ensure the availability of the employee database should happen to the server during the move? A. The contents of the database should be encrypted; the encryption key should be stored off-site B. A hash of the database should be taken and stored on an external drive prior to the move C. The database should be placed on a drive that consists of a RAID array prior to the move D. A backup of the database should be stored on an external hard drive prior to the move
D. A backup of the database should be stored on an external hard drive prior to the move
Four weeks ago a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff begins to spread, the IDS alerted the network administrator that access to sensitive client files had risen for above normal. Which of the following kind of IDS is in use? A. Protocol based B. Heuristic based C. Signature based D. Anomaly based
D. Anomaly based
A company is exploring the option of letting employees use their personal laptops on the internal network. Which of the following would be the MOST common security concern in this scenario? A. Credential management B. Support ownership C. Device access control D. Antivirus management
D. Antivirus management
Ann is concerned that the application her team is currently developing is vulnerable to unexpected user input that could lead to issues within the memory is affected in a detrimental manner leading to potential exploitation. Which of the following describes this application threat? A. Replay attack B. Zero-day exploit C. Distributed denial of service D. Buffer overflow
D. Buffer overflow
A security technician is implementing PKI on a Network. The technician wishes to reduce the amount of bandwidth used when verifying the validity of a certificate. Which of the following should the technician implement? A. CSR B. Key escrow C. OSCR D. CRL
D. CRL
A user tries to visit a web site with a revoked certificate. In the background a server from the certificate authority only sends the browser revocation information about the domain the user is visiting. Which of the following is being used by the certificate authority in this exchange? A. CSR B. Key escrow C. OCSP D. CRL
D. CRL
After connecting to the corporate network a user types the URL if a popular social media website in the browser but reports being redirected to a login page with the corporate logo. Which of the following is this an example of? A. LEAP B. MAC filtering C. WPA2-Enterprise D. Captive portal
D. Captive portal
An intrusion has occurred in an internet facing system. The security administrator would like to gather forensic evidence while the system is still in operation. Which of the following procedures should the administrator perform FIRST on the system? A. Make a drive image B. Take hashes of system data C. Collect information in RAM D. Capture network traffic
D. Capture network traffic
A security administrator is required to submit a detailed implementation plan and back out plan to get approval prior to updating the firewall and other security devices. Which of the following types of risk mitigation strategies is being followed? A. Change management B. Routine audit C. Rights and permissions review D. Configuration management
D. Configuration management
A company recently received accreditation for a secure network, In the accreditation letter, the auditor specifies that the company must keep its security plan current with changes in the network and evolve the systems to adapt to new threats. Which of the following security controls will BEST achieve this goal? A. Change management B. Group Policy C. Continuous monitoring D. Credential management
D. Credential management
The Chief Executive Officer (CEO) Joe notices an increase in the wireless signal in this office and thanks the IT director for the increase in network speed, Upon investigation the IT department finds an access point hidden in the dropped ceiling outside of joe's office. Which of the following types of attack is MOST likely occurring? A. Packet sniffing B. Bluesnarfing C. Man-in-the-middle D. Evil twin
D. Evil twin
A system requires administrators to be logged in as the "root" in order to make administrator changes. Which of the following controls BEST mitigates the risk associated with this scenario? A. Require that all administrators keep a log book of times and justification for accessing root B. Encrypt all users home directories using file-level encryption C. Implement a more restrictive password rotation policy for the shared root account D. Force administrator to log in with individual accounts and switch to root E. Add the administrator to the local group
D. Force administrator to log in with individual accounts and switch to root
Company XYZ's laptops was recently stolen from a user which led to the exposure if confidential information. Which of the following should the security team implement on laptops to prevent future compromise? A. Cipher locks B. Strong passwords C. Biometrics D. Full Disk Encryption
D. Full Disk Encryption
When confidentiality is the primary concern which of the following types of encryption should be chosen? A. Digital Signature B. Symmetric C. Asymmetri D. Hashing
D. Hashing
Searching for systems infected with malware is considered to be which of the following phases of incident response? A. Containment B. Preparation C. Mitigation D. Identification
D. Identification
A system administrator wants to configure a setting that will make offline password cracking more challenging. Currently the password policy allows upper and lower case characters a minimum length of 5 and a lockout after 10 invalid attempts. Which of the following has the GREATEST impact on the time it takes to crack the passwords? A. Increase the minimum password length to 8 while keeping the same character set B. Implement an additional password history and reuse policy C. Allow numbers and special characters in the password while keeping the minimum length at 5 D. Implement an account lockout policy after three unsuccessful logon attempts
D. Implement an account lockout policy after three unsuccessful logon attempts
Ann a security technician receives a report from a user that is unable to access an offsite SSN server. Ann checks the firewall and sees the following rules: Allow TCP 80 Allow TCP 443 Deny TCP 23 Deny TCP 20 Deny TCP 21 Which of the following is preventing the users from accessing the SSH server? A. Deny TCP 20 B. Deny TCP 21 C. Deny TCP 23 D. Implicit deny
D. Implicit deny
Which of the following authentication services uses a default TCP of 389? A. SAML B. TACACS+ C. Kerberos D. LDAP
D. LDAP
Which of the following steps in incident response procedures entails of the incident and identification of knowledge gained that can be applied to future handling of incidents? A. Recovery procedures B. Escalation and notification C. Reporting D. Lessons learned
D. Lessons learned
For high availability which of the following would be MOST appropriate for fault tolerance? A. RAID 0 B. Clustering C. JBOD D. Load Balancing
D. Load Balancing
A technician has been tasked with installing and configuring a wireless access point for the engineering department. After the AP has been installed, there have been reports the employees from other departments have been connecting to it without approval. Which of the following would BEST address these concerns? A. Change the SSID of the AP so that it reflects a different department, obscuring its ownership B. Implement WPA2 encryption in addition to WEP to protect the data-in-transit C. Configure the AP to allow only to devices with pre-approved hardware addresses D. Lower the antenna's power so that it only covers the engineering department's offices
D. Lower the antenna's power so that it only covers the engineering department's offices
Which of the following is the FIRST step in a forensics investigation when a breach of a client's workstation has been confirmed? A. Transport the workstation to a secure facility B. Analyze the contents of the hard drive C. Restore any deleted files and / or folders D. Make a bit-for-bit copy of the system
D. Make a bit-for-bit copy of the system
Given a class C network a technician has been tasked with creating a separate subnet for each of the eight departments in the company. Which of the following network masks would allow for each department to have a unique network space and what is the maximum number of hosts each department could have? A. Network 255.255.255.192, 62 hosts B. Network 255.255.255.224, 30 hosts C. Network 255.255.255.240, 16 hosts D. Network 255.255.255.248, 32 hosts
D. Network 255.255.255.248, 32 hosts
A university has a building that holds the power generators for the entire campus. A risk assessment was completed for the university and the generator building was labeled as a high risk. Fencing and lighting was installed to reduce risk. Which of the following security goals would this meet? A. Load balancing B. Non-repudiation C. Disaster recovery D. Physical security
D. Physical security
The Chief Information Security Officer (CISO) is concerned that users could bring their personal laptops to work and plug them directly into the network port under their desk. Which of the following should be configured on the network switch to prevent this from happening? A. Access control lists B. Loop protection C. Firewall rule D. Port security
D. Port security
A BYOD policy in which employees are able to access the wireless guest network is in effect in an organization. Some users however are using the Ethernet port in personal laptops to the wired network. Which of the following could an administrator use to ensure that unauthorized devices are not allowed to access the wired network? A. VLAN access rules configured to reject packets originating from unauthorized devices B. Router access lists configured to block the IP addresses of unauthorized devices C. Firewall rules configured to block the MAC addresses of unauthorized devices D. Port security configured shut down the port when unauthorized devices connect
D. Port security configured shut down the port when unauthorized devices connect
Which of the following authentication services combines authentication and authorization in a use profile and use UDP? A. LDAP B. Kerberos C. TACACS+ D. RADIUS
D. RADIUS
While an Internet café a malicious user is causing all surrounding wireless connected devices to have intermittent and unstable connections to the access point. Which of the following is MOST likely being used? A. Evil Twin B. Interference C. Packet sniffer D. Rogue AP
D. Rogue AP
A security analyst has a sample of malicious software and needs to know what the sample does. The analyst runs the sample in a carefully-controlled and monitored virtual machine to observe the software's behavior. The approach of malware analysis can BEST be described as: A. Static testing B. Security control testing C. White box testing D. Sandboxing
D. Sandboxing
The software developer is responsible for writing the code and promoting from the development network to the quality network. The network administrator is responsible for promoting code to the application servers. Which of the following practices are they following to ensure application integrity? A. Job rotation B. Implicit deny C. Least privilege D. Separation of duties
D. Separation of duties
Joe a web developer wants to make sure his application is not susceptible to cross-site request forgery attacks. Which of the following is one way to prevent this type of attack? A. The application should always check the HTTP referrer header B. The application should always check the HTTP Request header C. The application should always check the HTTP Host header D. The application should always use SSL encryption
D. The application should always use SSL encryption
A new employee has joined the accounting department and is unable to access the accounting server. The employee can access other network resources and the Internet. Other accounting employees are able to access the accounting server without any issues. Which of the following is the MOST likely issue? A. The server's IDS is blocking the new employee's connection B. The workstation is unable to join the domain C. The server's drive is not mapped on the new employee's workstation D. The new account is not in the proper role-based profile
D. The new account is not in the proper role-based profile
A software security concern when dealing with hardware and devices that have embedded software or operating systems is: A. Patching may not always be possible B. Configuration support may not be available C. These is no way to verify if a patch is authorized or not D. The vendor may not have a method for installation of patches
D. The vendor may not have a method for installation of patches
Joe a sales employee is connecting to a wireless network and has entered the network information correctly. His computer remains connected to the network but he cannot access any resources on the network. Which of the following is the MOST likely cause of this issue? A. The encryption is too strong B. The network SSID is disabled C. MAC filtering is enabled D. The wireless antenna power is set too low
D. The wireless antenna power is set too low
A wireless site survey has been performed at a company. One of the results of the report is that the wireless signal extends too far outside the building. Which of the following security issues could occur as a result of this finding? A. Excessive wireless access coverage B. Interference with nearby access points C. Exhaustion of DHCP address pool D. Unauthorized wireless access
D. Unauthorized wireless access
A military base wants to incorporate biometrics into its new security measures, but the head of security does not want them to be the sole method of authentication. For unmanned entry points, which of the following solutions would work BEST? A. Use voice print and a bollard B. Use a retina scanner and a thumbprint C. Use CCTV and a PIN D. Use a retina scan and a PIN code
D. Use a retina scan and a PIN code
A resent OS patch caused an extended outage. It took the IT department several hours to uncover the cause of the issue due to the system owner who installed the patch being out of the office. Which of the following could help reduce the likelihood of this situation occurring in the future? A. Separation of duties B. Change management procedures C. Incident management procedures D. User rights audits and reviews
D. User rights audits and reviews
The programmer confirms that there is potential for a buffer overflow on one of the data input fields in a corporate application. The security analyst classifies this as a (N). A. Threat B. Risk C. Attack D. Vulnerability
D. Vulnerability
A server administrator notes that a fully patched application often stops running due to a memory error. When reviewing the debugging logs they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describes? A. Malicious add-on B. SQL injection C. Cross site scripting D. Zero-day
D. Zero-day
The network manager has obtained a public IP address for use with a new system to be available via the internet. This system will be placed in the DMZ and will communicate with a database server on the LAN. Which of the following should be used to allow fir proper communication between internet users and the internal systems? A. VLAN B. DNS C. NAT D. HTTP E. SSL
E. SSL