week 15
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? A) Dumpster diving B) Password guessing C) Social engineering D) Shoulder surfing
A) Dumpster diving
You are in the process of implementing a Network Access Protection (NAP) infrastructure to increase your network's security. You are currently configuring the remediation network that non-compliant clients will connect to in order to become compliant. The remediation network needs to be isolated from the secure network. Which technology should you implement to accomplish this task? A) Port security B) Data encryption using PKI C) Virtual private network (VPN) D) Network segmentation
D) Network segmentation
You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need? A) Network mapper B) Port scanner C) Protocol analyzer D) Vulnerability scanner
D) Vulnerability scanner
What is the main difference between vulnerability scanning and penetration testing? A) Vulnerability scanning uses approved methods and tools; penetration testing uses hacking tools. B) The goal of vulnerability scanning is to identify potential weaknesses; the goal of penetration testing is to attack a system. C) Vulnerability scanning is performed with a detailed knowledge of the system; penetration testing starts with no knowledge of the system. D) Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter.
D) Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter.
Match each social engineering description on the left with the appropriate attack type on the right. 1. Phishing 2. Whaling 3. Spear phishing 4. Dumpster diving 5. Piggybacking 6. Vishing
1. An attacker sends an email pretending to be from a trusted organization, asking users to access a website to verify personal information. 2. An attacker gathers personal information about the target individual, who is a CEO. 3. An attacker gathers personal information about the target individual in an organization. 4. An attacker searches through an organization's trash for sensitive information. 5. An attacker enters a secure building by following an authorized employee through a secure door without providing identification. 6. An attacker uses a telephone to convince target individuals to reveal their credit card information.
Match the Network Access Protection (NAP) component on the left with its description on the right. 1. Generates a Statement of Health (SoH) that reports the client configuration for health requirements. 2. Runs the System Health Validator (SHV) program. 3. Is clients' connection point to the network. 4. Contains resources accessible to non-compliant computers on a limited-access network.
1. NAP client 2. NAP server 3. Enforcement server (ES) 4. Remediation server
Match each physical security control on the left with an appropriate example of that control on the right. Each security control may be used once, more than once, or not at all. 1. Hardened carrier 2. Biometric authentication 3. Barricades 4. Emergency escape plans 5. Alarmed carrier 6. Anti-passback system 7. Emergency lighting 8. Exterior floodlights
1. Protected cable distribution 2. Door locks 3. Perimeter barrier 4. Safety 5. Protected cable distribution 6. Physical access control 7. Safety 8. Perimeter barrier
Match the port security MAC address type on the left with its description on the right. 1. A MAC address that is manually identified as an allowed address. 2. A MAC address that has been learned and allowed by the switch. 3. A MAC address that is manually configured or dynamically learned and is saved in the config file.
1. SecureConfigured 2. SecureDynamic 3. SecureSticky
Drag each penetration test characteristic on the left to the appropriate penetration test name on the right. 1. Known test 2. Partially known test 3. Unknown test 4. Single-blind test 5. Double-blind test
1. The tester has detailed information about the target system prior to starting the test. 2. The tester has the same amount of information that would be available to a typical insider in the organization. 3. The tester has no prior knowledge of the target system. 4. Either the attacker has prior knowledge about the target system or the administrator knows that the test is being performed. 5. The tester does not have prior information about the system, and the administrator has no knowledge that the test is being performed.
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network? A) ARP poisoning B) Port mirroring C) MAC spoofing D) MAC flooding
A) ARP poisoning
Which of the following attacks can also be used to perform denial of service (DoS) attacks? A) ARP spoofing B) MAC flooding C) Null session D) Hijacking
A) ARP spoofing
You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. You notice that a router/firewall-content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two.) A) Control access to the work area with locking doors and card readers. B) Use separate dedicated network perimeter security devices instead of an all-in-one device. C) Replace the key lock on the server closet with a card reader. D) Replace the USB hard disks used for server backups with a tape drive. E) Relocate the switch to the locked server closet.
A) Control access to the work area with locking doors and card readers. E) Relocate the switch to the locked server closet.
Which of the following attack types consists of capturing packets as they travel from one host to another with the intent of altering the contents? A) On-path B) Spamming C) Passive logging D) Spoofing
A) On-path
A network utilizes a network access control (NAC) solution to defend against malware. When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. What is this process called? A) Posture assessment B) Quarantine C) Port security D) Remediation
A) Posture assessment
You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan? A) Security guards B) Sufficient lighting C) Low LUX or infrared camera D) PTZ camera
A) Security guards
Which type of activity changes or falsifies information in order to mislead or re-direct traffic? A) Spoofing B) Spamming C) Sniffing D) Snooping
A) Spoofing
You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access except to a special server that holds the patches the computers need to download. Which of the following components should be part of your solution? (Select two.) A) Honeypot B) 802.1x authentication C) Screened subnet D) Remediation servers E) Extranet
B) 802.1x authentication D) Remediation servers
A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses Nmap to probe various network hosts to see which operating system they are running. Which process did the administrator use for the penetration test in this scenario? A) Passive fingerprinting B) Active fingerprinting C) Network enumeration D) Firewalking
B) Active fingerprinting
While browsing the internet, you notice that the browser displays ads linked to recent keyword searches you performed. Which attack type is this an example of? A) Worm B) Adware C) Logic bomb D) Zombie
B) Adware
What is the primary countermeasure to social engineering? A) A written security policy B) Awareness C) Heavy management oversight D) Traffic filters
B) Awareness
Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system? A) Data handling B) Collectors C) SIEM alerts D) Security automation
B) Collectors
Which of the following is a text file that a website stores on a client's hard drive to track and record information about the user? A) Mobile code B) Cookie C) Certificate D) Digital signature
B) Cookie
A network switch detects a DHCP frame on the LAN that appears to have come from a DHCP server that is not located on the local network. In fact, it appears to have originated from outside the organization's firewall. As a result, the switch drops the DHCP message from that server. Which security feature was enabled on the switch to accomplish this? A) Port security B) DHCP snooping C) Dynamic ARP inspection D) IGMP snooping
B) DHCP snooping
Which of the following can you use to stop piggybacking from occurring at a front entrance where employees swipe smart cards to gain entry? A) Use key locks rather than electronic locks. B) Deploy a mantrap. C) Install security cameras. D) Use weight scales.
B) Deploy a mantrap.
Which of the following are examples of social engineering attacks? (Select two.) A) Impersonation B) Dumpster diving C) Shoulder surfing D) Port scanning E) War dialing
B) Dumpster diving C) Shoulder surfing
What is the primary benefit of CCTV? A) Increases security protection throughout an environment. B) Expands the area visible to security guards. C) Provides a corrective control. D) Reduces the need for locks and sensors on doors.
B) Expands the area visible to security guards.
Which of the following is the MOST effective protection against IP packet spoofing on a private network? A) Antivirus scanners B) Ingress and egress filters C) Host-based IDS D) Digital signatures
B) Ingress and egress filters
Which of the following controls is an example of a physical access control method? A) Access control lists with permissions B) Locks on doors C) Passwords D) Smart cards E) New hire background checks
B) Locks on doors
When analyzing assets, which analysis method assigns financial values to assets? A) Transfer B) Quantitative C) Qualitative D) Acceptance
B) Quantitative
What should you try first if your antivirus software does not detect and remove a virus? A) Search for and delete the file you believe to be infected. B) Update your virus detection software. C) Set the read-only attribute of the file you believe to be infected. D) Scan the computer using another virus detection program.
B) Update your virus detection software.
Five salespeople work out of your office. They frequently leave their laptops on the desks in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST way to address your concerns? A) Require strong passwords in the Local Security Policy. B) Use cable locks to chain the laptops to the desks. C) Implement screensaver passwords. D) Encrypt all company data on the hard drives.
B) Use cable locks to chain the laptops to the desks.
A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of attack BEST describes the scenario? A) Masquerading B) Whaling C) Passive D) MAC spoofing
B) Whaling
What is the main difference between a worm and a virus? A) A worm requires an execution mechanism to start, while a virus can start itself. B) A worm tries to gather information, while a virus tries to destroy data. C) A worm can replicate itself, while a virus requires a host for distribution. D) A worm is restricted to one system, while a virus can spread from system to system.
C) A worm can replicate itself, while a virus requires a host for distribution.
Which of the following BEST describes the key difference between DoS and DDoS? A) Results in the server being inaccessible to users. B) Sends a large number of legitimate-looking requests. C) Attackers use numerous computers and connections. D) The target server cannot manage the capacity.
C) Attackers use numerous computers and connections.
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using? A) Password sniffing B) Pass-the-hash attack C) Brute force attack D) Keylogger
C) Brute force attack
What is spoofing? A) Capturing network packets in order to examine the contents. B) Sending a victim unwanted and unrequested email messages. C) Changing or falsifying information in order to mislead or re-direct traffic. D) Spying on private information or communications.
C) Changing or falsifying information in order to mislead or re-direct traffic.
A security administrator logs on to a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Which type of scan did she conduct in this scenario? A) Non-intrusive scan B) Non-credentialed scan C) Credentialed scan D) Intrusive scan
C) Credentialed scan
Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps hostnames to IP addresses? A) ARP poisoning B) Spam C) DNS poisoning D) SYN flood
C) DNS poisoning
Which of the following is an attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring? A) Brute force attack B) Privilege escalation C) Denial-of-service attack D) On-path attack
C) Denial-of-service attack
Which of the following are best practices for hardening a server? (Select three.) A) Set the account lockout threshold. B) Establish time-of-day restrictions. C) Ensure that a host-based firewall is running. D) Disable or uninstall unnecessary software. E) Require multiple authentication factors. F) Disable inactive accounts. G) Apply the latest patches and service packs.
C) Ensure that a host-based firewall is running. D) Disable or uninstall unnecessary software. G) Apply the latest patches and service packs.
Which of the following is a common social engineering attack? A) Using a sniffer to capture network traffic. B) Logging on with stolen credentials. C) Hoax virus information emails. D) Distributing false information about your organization's financial status.
C) Hoax virus information emails.
Which of the following CCTV types would you use in areas with little or no light? A) C-mount B) A camera with a high LUX rating C) Infrared D) PTZ
C) Infrared
You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services. Which tool should you use? A) System logs B) IDS C) Port scanner D) Packet sniffer E) IPS
C) Port scanner
Which type of security uses MAC addresses to identity devices that are allowed or denied a connection to a switch? A) MAC spoofing B) Secure Sockets Layer C) Port security D) Traffic shaping
C) Port security
A router on the border of your network detects a packet with a source address from an internal client, but the packet was received on the internet-facing interface. Which attack form is this an example of? A) Spamming B) Snooping C) Spoofing D) Sniffing
C) Spoofing
You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you need enter your username and password in a new website so you can manage your email and spam using the new service. What should you do? A) Open a web browser, type in the URL included in the email, and follow the directions to enter your login credentials. B) Click on the link in the email and follow the directions to enter your login information. C) Verify that the email was sent by the administrator and that this new service is legitimate. D) Delete the email. E) Click on the link in the email and look for company graphics or information before you enter the login information.
C) Verify that the email was sent by the administrator and that this new service is legitimate.
Which of the following describes an on-path attack? A) A person plants malicious code on a system, where the code waits for a triggering event before activating. B) A person convinces an employee to reveal their login credentials over the phone. C) A system constructs an IP packet that is larger than the valid size. D) A false server intercepts communications from a client by impersonating the intended server.
D) A false server intercepts communications from a client by impersonating the intended server.
An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. Which type of social engineering is this individual engaging in? A) Persuasive B) Social validation C) Commitment D) Authority
D) Authority
On your way into the back entrance of your work building one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do? A) Let him in and help him find the restroom. Then let him work. B) Tell him no and quickly close the door. C) Let him in. D) Direct him to the front entrance and instruct him to check in with the receptionist.
D) Direct him to the front entrance and instruct him to check in with the receptionist.
Which of the following is a best practice for router security? A) Apply the latest patches and service packs. B) Install only the required software on the system. C) Ensure that a host-based firewall is running. D) Disable unused protocols, services, and ports.
D) Disable unused protocols, services, and ports.
A network switch is configured to perform the following validation checks on its ports: All ARP requests and responses are intercepted. Each intercepted request is verified to ensure that it has a valid IP-to-MAC address binding. If the packet has a valid binding, the switch forwards the packet to the appropriate destination. If the packet has an invalid binding, the switch drops the ARP packet. Which security feature was enabled on the switch to accomplish this task? A) Port security B) IGMP snooping C) DHCP snooping D) Dynamic ARP inspection
D) Dynamic ARP inspection
Dumpster diving is a low-tech way of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? A) Create a strong password policy. B) Secure all terminals with screensaver passwords. C) Mandate the use of Integrated Windows Authentication. D) Establish and enforce a document destruction policy.
D) Establish and enforce a document destruction policy.
As you are helping a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. You check your company's Password Policy and find that the following settings are currently required: Minimum password length = 10 Minimum password age = 4 Maximum password age = 30 Password history = 6 Account lockout clipping level = 3 Require complex passwords that include numbers and symbols Which of the following is the best action to take to make remembering passwords easier so that the user no longer has to write their password down? A) Increase the account lockout clipping level. B) Decrease the minimum password length. C) Increase the maximum password age. D) Implement end user training. E) Remove the complex password requirement.
D) Implement end user training.
Which of the following best describes spyware? A) It is a program that attempts to damage a computer system and replicate itself to other computer systems. B) It monitors user actions that denote personal preferences and then sends pop-ups and ads to the user that match their tastes. C) It is a malicious program that is disguised as legitimate software. D) It monitors the actions you take on your machine and sends the information back to its originating source.
D) It monitors the actions you take on your machine and sends the information back to its originating source.
Which of the following is the MOST important way to prevent console access to a network switch? A) Set the console and enable secret passwords. B) Disconnect the console cable when not in use. C) Implement an access list to prevent console connections. D) Keep the switch in a room that is locked by a keypad.
D) Keep the switch in a room that is locked by a keypad.
Which of the following Security Orchestration, Automation, and Response (SOAR) system components helps to document the processes and procedures that are to be used by a human during a manual intervention? A) Orchestration B) Runbook C) Response D) Playbook
D) Playbook
You manage a network that uses switches. In the lobby of your building are three RJ45 ports connected to a switch. You want to make sure that visitors cannot plug their computers in to the free network jacks and connect to the network, but you want employees who plug in to those same jacks to be able to connect to the network. Which feature should you configure? A) Bonding B) VLANs C) Mirroring D) Port authentication E) Spanning Tree
D) Port authentication
Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against? A) Hijacking B) Filtering C) Spoofing D) Sniffing
D) Sniffing
What is the definition of any attack involving human interaction of some kind? A) Attacker manipulation B) An opportunistic attack C) An authorized hacker D) Social engineering
D) Social engineering
Which of the following is a secure doorway that can be used with a mantrap to allow an easy exit but actively prevents re-entrance through the exit portal? A) Electronic access control doors B) Egress mantraps C) Locked doors with interior unlock push bars D) Turnstiles
D) Turnstiles
Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the BEST countermeasure for securing the captured network traffic? A) Implement acceptable use policies. B) Use intrusion detection countermeasures. C) Eliminate unnecessary system applications. D) Use encryption for all sensitive traffic.
D) Use encryption for all sensitive traffic.