Security + practice test A part 2
A CRL is comprised of
Public keys
Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains?Server 1: 192.168.100.6Server 2: 192.168.100.9Server 3: 192.169.100.20
/29
A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used?
AES Cipher Block Chaining Message Authentication Code Protocol (CCMP) makes use of 128-bit AES encryption with a 48-bit initialization vector.
A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts?
Availability
Used in conjunction, which of the following are PII? (Select TWO)
Birthday Full name
Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?
Blowfish
Emily, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?
Buffer overflow
While opening an email attachment, Peter, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?
Buffer overflow
When employees that use certificates leave the company they should be added to which of the following?
CRL
Digital certificates can be used to ensure which of the following? (Select TWO).
Confidentiality Non-repudiation
An organization is required to log all user internet activity. Which of the following would accomplish this requirement?
Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server
A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack?
Configure flood guards on the switch.
Which of the following would Peter, a security administrator, do to limit a wireless signal from penetrating the exterior walls?
Consider antenna placement
An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?
Continuous security monitoring processes
It is MOST important to make sure that the firewall is configured to do which of the following?
Deny all traffic and only permit by exception
A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?
Digital signatures
The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?
Discretionary access control
An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?
EAP-TLS
Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?
Encrypted TCP wrappers
A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this?
External vulnerability scan
A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?
IPv6 Internet Protocol Version 6 (IPv6) network
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?
Implement an intrusion prevention system
Which of the following is best practice to put at the end of an ACL?
Implicit Deny
Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing?
Implicit deny
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?
Internal account audits
Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?
LDAP injection Lightweight Directory Access Protocol
Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task?
NIPS
Which of the following offers the LEAST secure encryption capabilities?
PAP
During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?
Port scanner
The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?
Preparation
Peter, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?
Protection against malware introduced by banner ads
Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?
Protocol analyzer
Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?
RAID
Which of the following is a programming interface that allows a remote computer to run programs on a local machine?
RPC Remote Procedure Call (RPC)
A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?
Record time offset
Peter, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).
Recovery agent Key escrow
The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?
Routine auditing
A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?
Rule based access control
Emily, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Emily should immediately implement which of the following?
Security awareness training
Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future?
Security awareness training
Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?
System Hardening
Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?
The intermediate CA certificates were not installed on the server
A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server?
The new virtual server's MAC address was not added to the ACL on the switch
The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following?
Transport encryption
Which of the following is required to allow multiple servers to exist on one physical server?
Virtualization
A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?
Vulnerability scan
Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?
WEP
A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?
WPA cracking
The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented?
Warm site
A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident?
Zero-day
Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw.Which of the following attacks has MOST likely occurred?
Zero-day
A network administrator has recently updated their network devices to ensure redundancy is in place so that:
single points of failure are removed