Topic 3, Threats and Vulnerabilities Part V
Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?
Protocol analyzers
Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?
802.1x
Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?
Protocol analyzer
After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?
Advanced persistent threat
Which of the following is an indication of an ongoing current problem?
Alarm
Which of the following is a notification that an unusual condition exists and should be investigated?
Alert
Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?
Anomaly based IDS
Which of the following security architecture elements also has sniffer functionality?
IPS and IDS
A new security analyst is given the task of determining whether any of the company's servers are vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers?
Banner grabbing
Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?
Baseline review
Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server?
Baselines
Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?
Protocol analyzer
Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?
Code review
An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?
Configure the switch to allow only traffic from computers based upon their physical address.
In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered?
Continuous security monitoring
A financial company requires a new private network link with a business partner to cater for realtime and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link?
Design review
Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?
Design reviews
A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing?
Detect security incidents and Implement monitoring controls
How must user accounts for exiting employees be handled?
Disabled, regardless of the circumstances
Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?
Enable MAC filtering
A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?
Establishing baseline reporting
Jane, a security administrator , has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?
HIPS
Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company?
Honeynet
A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?
Honeynets
Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server. However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server?
Honeypot
What is a system that is intended or designed to be broken into by an attacker?
Honeypot
Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?
Honeypot
Which of the following should an administrator implement to research current attack methodologies?
Honeypot
A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?
Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?
Implement a honeynet
Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected?
Initial baseline configuration
Joe, the security administrator, has determined that one of his web servers is under attack. Which of the following can help determine where the attack originated from?
Network sniffing
Which of the following implementation steps would be appropriate for a public wireless hotspot?
Open system authentication
Which of the following assessments would Pete, the security administrator, use to actively test that an application's security controls are in place?
Penetration test
Which of the following tools will allow a technician to detect security-related TCP connection anomalies?
Performance monitor
Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly?
Protocol analyzer
Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task?
Port scan and fingerprinting
During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?
Port scanner
Which of the following tools would a security administrator use in order to identify all running services throughout an organization?
Port scanner
Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?
Protocol analyzer
A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique?
Rogue machine detection
An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?
Run a last logon script to look for inactive accounts.
Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:
Set up a honeypot and place false project documentation on an unsecure share.
One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring?
Set up a performance baseline
Which device monitors network traffic in a passive manner?
Sniffer
A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability?
Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes
A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server?
The new virtual server's MAC address was not added to the ACL on the switch
An administrator is concerned that a company's web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?
Vulnerability scan
Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?
Vulnerability scan
Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?
Vulnerability scan