100 Security Plus Questions (104-204)

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Q139: To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met? A. Create a daily encrypted backup of the relevant emails. B. Configure the email server to delete the relevant emails. C. Migrate the relevant emails into an "Archived" folder. D. Implement automatic disk compression on email servers.

A. Create a daily encrypted backup of the relevant emails.

Q129: A system's administrator has finished configuring firewall ACL to allow access to a new web server: (PIC) The security administrator confirms form the following packet capture that there is network traffic from the internet to the web server: (PIC) The company's internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned? A. Misconfigured firewall B. Clear text credentials C. Implicit deny D. Default configuration

B. Clear text credentials

Q192: While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy. Which of the following tool or technology would work BEST for obtaining more information on this traffic? A. Firewall logs B. IDS logs C. Increased spam filtering D. Protocol analyzer

B. IDS logs

Q121: After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take? A. Recovery B. Identification C. Preparation D. Documentation E. Escalation

B. Identification

Q138: A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic's -Initial IR engagement time frame -Length of time before an executive management notice went out -Average IR phase completion The director wants to use the data to shorten the response time. Which of the following would accomplish this? A. CSIRT B. Containment phase C. Escalation notifications D. Tabletop exercise

D. Tabletop exercise

Q144: A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred? A. The hacker used a race condition. B. The hacker used a pass-the-hash attack. C. The hacker-exploited improper key management. D. The hacker exploited weak switch configuration.

D. The hacker exploited weak switch configuration.

Q175: A technician is configuring a wireless guest network. After applying the most recent changes the technician finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network. Which of the following security measures did the technician MOST likely implement to cause this Scenario? A. Deactivation of SSID broadcast B. Reduction of WAP signal output power C. Activation of 802.1X with RADIUS D. Implementation of MAC filtering E. Beacon interval was decreased

A. Deactivation of SSID broadcast

Q185: Which of the following works by implanting software on systems but delays execution until a specific set of conditions is met? A. Logic bomb B. Trojan C. Scareware D. Ransomware

A. Logic bomb

Q131: An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of: A. Passive reconnaissance B. Persistence C. Escalation of privileges D. Exploiting the switch

A. Passive reconnaissance

Q104:A technician suspects that a system has been compromised. The technician reviews the following log entry: WARNING- hash mismatch: C:\Window\SysWOW64\user32.dll WARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll Based solely ono the above information, which of the following types of malware is MOST likely installed on the system? A. Rootkit B. Ransomware C. Trojan D. Backdoor

A. Rootkit

Q156: An organization's primary datacenter is experiencing a two-day outage due to an HVAC malfunction. The node located in the datacenter has lost power and is no longer operational, impacting the ability of all users to connect to the alternate datacenter. Which of the following BIA concepts BEST represents the risk described in this scenario? A. SPoF B. RTO C. MTBF D. MTTR

A. SPoF

Q110: A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern? A. Separation of duties B. Mandatory vacations C. Background checks D. Security awareness training

A. Separation of duties

Q147: An organization is comparing and contrasting migration from its standard desktop configuration to the newest version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging? A. Dynamic analysis B. Change management C. Baselining D. Waterfalling

B. Change management

Q165: Which of the following differentiates a collision attack from a rainbow table attack? A. A rainbow table attack performs a hash lookup B. A rainbow table attack uses the hash as a password C. In a collision attack, the hash and the input data are equivalent D. In a collision attack, the same input results in different hashes

A. A rainbow table attack performs a hash lookup

Q125: A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.) A. ALE B. AV C. ARO D. EF E. ROI

A. ALE C. ARO

Q113: A system administrator is reviewing the following information from a compromised server. (PIC) Given the above information, which of the following processes was MOST likely exploited via remote buffer overflow attack? A. Apache B. LSASS C. MySQL D. TFTP

A. Apache

Q126: Which of the following AES modes of operation provide authentication? (Select two.) A. CCM B. CBC C. GCM D. DSA E. CFB

A. CCM C. GCM

Q193: A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this? A. Enforce authentication for network devices B. Configure the phones on one VLAN, and computers on another C. Enable and configure port channels D. Make users sign an Acceptable use Agreement

A. Enforce authentication for network devices

Q163: A company is developing a new system that will unlock a computer automatically when an authorized user sits in front of it, and then lock the computer when the user leaves. The user does not have to perform any action for this process to occur. Which of the following technologies provides this capability? A. Facial recognition B. Fingerprint scanner C. Motion detector D. Smart cards

A. Facial recognition

Q124: A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.) A. Geofencing B. Remote wipe C. Near-field communication D. Push notification services E. Containerization

A. Geofencing E. Containerization

Q146: A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring? A. Implement SRTP between the phones and the PBX. B. Place the phones and PBX in their own VLAN. C. Restrict the phone connections to the PBX. D. Require SIPS on connections to the PBX.

A. Implement SRTP between the phones and the PBX.

Q120: Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time? A. Isolating the systems using VLANs B. Installing a software-based IPS on all devices C. Enabling full disk encryption D. Implementing a unique user PIN access functions

A. Isolating the systems using VLANs

Q118: Which of the following are methods to implement HA in a web application server environment? (Select two.) A. Load balancers B. Application layer firewalls C. Reverse proxies D. VPN concentrators E. Routers

A. Load balancers B. Application layer firewalls

Q123: During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach to this incident? A. The finding is a false positive and can be disregarded B. The Struts module needs to be hardened on the server C. The Apache software on the server needs to be patched and updated D. The server has been compromised by malware and needs to be quarantined.

A. The finding is a false positive and can be disregarded

Q105: A new firewall has been places into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue? A. The firewall should be configured to prevent user traffic form matching the implicit deny rule. B. The firewall should be configured with access lists to allow inbound and outbound traffic. C. The firewall should be configured with port security to allow traffic. D. The firewall should be configured to include an explicit deny rule.

A. The firewall should be configured to prevent user traffic form matching the implicit deny rule.

Q107: Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.) A. To prevent server availability issues B. To verify the appropriate patch is being installed C. To generate a new baseline hash after patching D. To allow users to test functionality E. To ensure users are trained on new functionality

A. To prevent server availability issues D. To allow users to test functionality

Q178: An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware, the attacker is provided with access to the infected machine. Which of the following is being described? A. Zero-day exploit B. Remote code execution C. Session hijacking D. Command injection

A. Zero-day exploit

Q106: A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Select two.)

Answers a pictures

Q150: An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented? A. Use a camera for facial recognition B. Have users sign their name naturally C. Require a palm geometry scan D. Implement iris recognition

B. Have users sign their name naturally

Q172: A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts. Which of the following subnets would BEST meet the requirements? A. 192.168.0.16 255.25.255.248 B. 192.168.0.16/28 C. 192.168.1.50 255.255.25.240 D. 192.168.2.32/27

B. 192.168.0.16/28

Q133: A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using? A. Waterfall B. Agile C. Rapid D. Extreme

B. Agile

Q194: An administrator has concerns regarding the traveling sales team who works primarily from smart phones. Given the sensitive nature of their work, which of the following would BEST prevent access to the data in case of loss or theft? A. Enable screensaver locks when the phones are not in use to prevent unauthorized access B. Configure the smart phones so that the stored data can be destroyed from a centralized location C. Configure the smart phones so that all data is saved to removable media and kept separate from the device D. Enable GPS tracking on all smart phones so that they can be quickly located and recovered

B. Configure the smart phones so that the stored data can be destroyed from a centralized location

Q179: A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine. Which of the following can be implemented to reduce the likelihood of this attack going undetected? A. Password complexity rules B. Continuous monitoring C. User access reviews D. Account lockout policies

B. Continuous monitoring

Q199: An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future? A. Use a honeypot B. Disable unnecessary services C.Implement transport layer security D. Increase application event logging

B. Disable unnecessary services

Q135: A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists form the vendor. Which of the following BEST describes the reason why the vulnerability exists? A.Default configuration B. End-of-life system C. Weak cipher suite D. Zero-day threats

B. End-of-life system

Q153: A security analyst has received the following alert snippet from the HIDS appliance: (PIC) Given the above logs, which of the following is the cause of the attack? A. The TCP ports on destination are all open B. FIN, URG, and PSH flags are set in the packet header C.TCP MSS is configured improperly D. There is improper Layer 2 segmentation

B. FIN, URG, and PSH flags are set in the packet header

Q109: Which of the following would meet the requirements for multifactor authentication? A. Username, PIN, and employee ID number B. Fingerprint and password C. Smart card and hardware token D. Voice recognition and retina scan

B. Fingerprint and password

Q115: The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST to ensure the objective? A. Authentication B. HVAC C. Full-disk encryption D. File integrity checking

B. HVAC

Technicians working with servers hosted at the company's datacenter are increasingly complaining of electric shocks when touching metal items which have been linked to hard drive failures. Which of the following should be implemented to correct this issue? A. Decrease the room temperature B. Increase humidity in the room C. Utilize better hot/cold aisle configurations D. Implement EMI shielding

B. Increase humidity in the room

Q148: A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.) A. Ping B. Ipconfig C. Tracert D. Netstat E. Dig F. Nslookup

B. Ipconfig C. Tracert

Q169: A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate? A. It can protect multiple domains B. It provides extended site validation C. It does not require a trusted certificate authority D. It protects unlimited subdomains

B. It provides extended site validation

Q182: Company policy requires the use if passphrases instead if passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases? A. Reuse B. Length C. History D. Complexity

B. Length

Q108: A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement? A. ISA B. NDA C. MOU D. SLA

B. NDA

Q200: A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another. Which of the following should the security administrator do to rectify this issue? A. Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability B. Recommend classifying each application into like security groups and segmenting the groups from one another C. Recommend segmenting each application, as it is the most secure approach D. Recommend that only applications with minimal security features should be segmented to protect them

B. Recommend classifying each application into like security groups and segmenting the groups from one another

Q162: A copy of a highly confidential salary report was recently found on a printer in the IT department. The human resources department does not have this specific printer mapped to its devices, and it is suspected that an employee in the IT department browsed to the share where the report was located and printed it without authorization. Which of the following technical controls would be the BEST choice to immediately prevent this from happening again? A. Implement a DLP solution and classify the report as confidential, restricting access only to human resources staff B. Restrict access to the share where the report resides to only human resources employees and enable auditing C. Have all members of the IT department review and sign the AUP and disciplinary policies D. Place the human resources computers on a restricted VLAN and configure the ACL to prevent access from the IT department

B. Restrict access to the share where the report resides to only human resources employees and enable auditing

Q142: Which of the following cryptographic algorithms is irreversible? A. RC4 B. SHA-256 C. DES D. AES

B. SHA-256

Q159: An information security analyst needs to work with an employee who can answer questions about how data for a specific system is used in the business. The analyst should seek out an employee who has the role of: A. steward B. owner C. privacy officer D. systems administrator

B. owner

Q145: Audit logs from a small company's vulnerability scanning software show the following findings: Destinations scanned: -Server001- Internal human resources payroll server -Server101-Internet-facing web server -Server201- SQL server for Server101 -Server301-Jumpbox used by systems administrators accessible from the internal network Validated vulnerabilities found: -Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server201-OS updates not fully current -Server301- Accessible from internal network without the use of jumpbox -Server301-Vulnerable to highly publicized exploit that can elevate user privileges Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST? A. Server001 B. Server101 C. Server201 D. Server301

B. Server101

Q114:Joe, a security administrator, needs to extend the organization's remote access functionality to be used by staff while travelling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services. Which of the following represents the BEST access technology for Joe to use? A. RADIUS B. TACACS+ C. Diameter D. Kerberos

B. TACACS+

Q166: A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired? A. The certificate was self signed, and the CA was not imported by employees or customers B. The root CA has revoked the certificate of the intermediate CA C. The valid period for the certificate has passed, and a new certificate has not been issued D. The key escrow server has blocked the certificate from being validated

B. The root CA has revoked the certificate of the intermediate CA

Q154: A security analyst reviews the following output: (PIC) The analyst loads the hash into the SIEM to discover if this hash is seen in other parts of the network. After inspecting a large number of files, the security analyst reports the following: (PIC) Which of the following is the MOST likely cause of the hash being found in other areas? A. Jan Smith is an insider threat B. There are MD5 hash collisions C. The file is encrypted D. Shadow copies are present

B. There are MD5 hash collisions

Q130: Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against? A. Passwords written on the bottom of a keyboard B. Unpatched exploitable Internet-facing services C. Unencrypted backup tapes D. Misplaced hardware token

B. Unpatched exploitable Internet-facing services

Q141: Which of the following types of attacks precedes the installation of a rootkit on a server? A. Pharming B. DDoS C. Privilege escalation D. DoS

C. Privilege escalation

Q189: A security administrator must implement a system to ensure that invalid certificates are not used by a custom developed application. The system must be able to check the validity of certificates even when internet access is unavailable. Which of the following MUST be implemented to support this requirement? A. CSR B. OCSP C. CRL D. SSH

C. CRL

Q160: A group of non-profit agencies wants to implement a cloud service to share resources with each other and minimize costs. Which of the following cloud deployment models BEST describes this type of effort? A. Public B. Hybrid C. Community D. Private

C. Community

Q190: A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company's clients. Which of the following is being used? A. Gray box vulnerability testing B. Passive scan C. Credentialed scan D. Bypassing security controls

C. Credentialed scan

Q186: A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks? A. SQL injection B. Header manipulation C. Cross-site scripting D. Flash cookie exploitation

C. Cross-site scripting

Q152: After a routine audit, a company discovers that engineering documents have been leaving the network on a particular port. The company must allow outbound traffic on this port, as it has a legitimate business use. Blocking the port would cause an outage. Which of the following technology controls should the company implement? A. NAC B. Web proxy C. DLP D. ACL

C. DLP

Q136: An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization's security policy, the employee's access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action? A. Approve the former employee's request, as a password reset would give the former employee access to only the human resources server. B. Deny the former employee's request, since the password reset request came from an external email address. C. Deny the former employee's request, as a password reset would give the employee access to all network resources. D. Approve the former employee's request, as there would not be a security issue with the former employee gaining access to network resources.

C. Deny the former employee's request, as a password reset would give the employee access to all network resources.

Q170: After a merger between two companies a security analyst has been asked to ensure that the organization's systems are secured against infiltration by any former employees that were terminated during the transition. Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO) A. Monitor VPN client access B. Reduce failed login out settings C. Develop and implement updated access control policies D. Review and address invalid login attempts E. Increase password complexity requirements F. Assess and eliminate inactive accounts

C. Develop and implement updated access control policies F. Assess and eliminate inactive accounts

Q181: A security administrator has been tasked with improving the overall security posture related to desktop machines on the network. An auditor has recently that several machines with confidential customer information displayed in the screens are left unattended during the course of the day. Which of the following could the security administrator implement to reduce the risk associated with the finding? A. Implement a clean desk policy B. Security training to prevent shoulder surfing C. Enable group policy based screensaver timeouts D. Install privacy screens on monitors

C. Enable group policy based screensaver timeouts

Q149: A user is presented with the following items during the new-hire onboarding process: -Laptop -Secure USB drive -Hardware OTP token -External high-capacity HDD -Password complexity policy -Acceptable use policy -HASP key -Cable lock Which of the following is one component of multifactor authentication? A. Secure USB drive B. Cable lock C. Hardware OTP token D. HASP key

C. Hardware OTP token

Q176: A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production. Which of the following would correct the deficiencies? A. Mandatory access controls B. Disable remote login C. Host hardening D. Disabling services

C. Host hardening

Q202: An attacker wearing a building maintenance uniform approached a company's receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge and checks the company's list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks? A. Tailgating B. Shoulder surfing C. Impersonation D. Hoax

C. Impersonation

Q174: The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN. Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data? A. Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted B. Create a user training program to identify the correct use of email and perform regular audits to ensure compliance C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files D. Classify all data according to its sensitivity and inform the users of data that is prohibited to share

C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files

Q167: A security analyst is investigating a suspected security breach and discovers the following in the logs of the potentially compromised server: (PIC) Which of the following would be the BEST method for preventing this type of suspected attack in the future? A. Implement password expirations B. Implement restrictions on shared credentials C. Implement account lockout settings D. Implement time-of-day restrictions on this server

C. Implement account lockout settings

Q164: A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the following should the security analyst use to prevent this vulnerability? A. Application fuzzing B. Error handling C. Input validation D. Pointer dereference

C. Input validation

Q204: A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform? A. Transitive access B.Spoofing C. Man-in-the-middle D. Replay

C. Man-in-the-middle

Q128: A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select? A. EAP-FAST B. EAP-TLS C. PEAP D. EAP

C. PEAP

Q155: A company's AUP requires: Passwords must meet complexity requirements. Passwords are changed at least once every six months. Passwords must be at least eight characters long. An auditor is reviewing the following report: (PIC) Which of the following controls should the auditor recommend to enforce the AUP? A. Account lockout thresholds B. Account recovery C. Password expiration D. Prohibit password reuse

C. Password expiration

Q188: A portable data storage device has been determined to have malicious firmware. Which of the following is the BEST course of action to ensure data confidentiality? A. Format the device B. Re-image the device C. Perform virus scan in the device D. Physically destroy the device

C. Perform virus scan in the device

Q180: A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening. In order to implement a true separation of duties approach the bank could: A. Require the use of two different passwords held by two different individuals to open an account B. Administer account creation on a role based access control approach C. Require all new accounts to be handled by someone else other than a teller since they have different duties D. Administer account creation on a rule based access control approach

C. Require all new accounts to be handled by someone else other than a teller since they have different duties

Q122:A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files? A. HTTPS B. LDAPS C. SCP D. SNMPv3

C. SCP

Q119: An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request. Which of the following secure protocols is the developer MOST likely to use? A. FTPS B. SFTP C. SSL D. LDAPS E. SSH

C. SSL

Q177: Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement? A. Revision control system B. Client side exception handling C. Server side validation D. Server hardening

C. Server side validation

Q191: The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data? A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud.

C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations

Q195: A user of the wireless network is unable to gain access to the network. The symptoms are: 1.) Unable to connect to both internal and Internet resources 2.) The wireless icon shows connectivity but has no network access The wireless network is WPA2 Enterprise and users must be a member of the wireless security group to authenticate. Which of the following is the MOST likely cause of the connectivity issues? A. The wireless signal is not strong enough B. A remote DDoS attack against the RADIUS server is taking place C. The user's laptop only supports WPA and WEP D. The DHCP scope is full E. The dynamic encryption key did not update while the user was offline

C. The user's laptop only supports WPA and WEP

Q132: A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements? A. The vulnerability scanner is performing an authenticated scan. B. The vulnerability scanner is performing local file integrity checks. C. The vulnerability scanner is performing in network sniffer mode. D. The vulnerability scanner is performing banner grabbing.

C. The vulnerability scanner is performing in network sniffer mode.

Q112:Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices? A. Cross-site scripting B. DNS poisoning C. Typo squatting D. URL hijacking

C. Typo squatting

Q116: As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed? A. Black box B. Regression C. White box D. Fuzzing

C. White box

Q197: A mobile device user is concerned about geographic positioning information being included in messages sent between users on a popular social network platform. The user turns off the functionality in the application, but wants to ensure the application cannot re-enable the setting without the knowledge of the user. Which of the following mobile device capabilities should the user disable to achieve the stated goal? A. Device access control B. Location based services C. Application control D. GEO-Tagging

D. GEO-Tagging

Q183: During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could best prevent this from occurring again? A. Credential management B. Group policy management C. Acceptable use policy D. Account expiration policy

D. Account expiration policy

Q184: Which of the following should identify critical systems and components? A. MOU B. BPA C. ITCP D. BCP

D. BCP

Q198: A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile date first. Which of the following is the correct order in which Joe should collect the data? A. CPU cache, paging/swap files, RAM, remote logging data B. RAM, CPU cache. Remote logging data, paging/swap files C. Paging/swap files, CPU cache, RAM, remote logging data D. CPU cache, RAM, paging/swap files, remote logging data

D. CPU cache, RAM, paging/swap files, remote logging data

Q151: A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company. Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network? A. Pre-shared key B. Enterprise C. Wi-Fi Protected setup D. Captive portal

D. Captive portal

Q171: A new mobile application is being developed in-house. Security reviews did not pick up any major flaws, however vulnerability scanning results show fundamental issues at the very end of the project cycle. Which of the following security activities should also have been performed to discover vulnerabilities earlier in the lifecycle? A. Architecture review B. Risk assessment C. Protocol analysis D. Code review

D. Code review

Q157: A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do NEXT? A. Document and lock the workstations in a secure area to establish chain of custody B. Notify the IT department that the workstations are to be reimaged and the data restored for reuse C. Notify the IT department that the workstations may be reconnected to the network for the users to continue working D. Document findings and processes in the after-action and lessons learned report

D. Document findings and processes in the after-action and lessons learned report

Q111: A penetration tester finds that a company's login credentials for the email client were being sent in clear text. Which of the following should be done to provide encrypted logins to the email server? A. Enable IPSec and configure SMTP. B. Enable SSH and LDAP credentials. C. Enable MIME services and POP3. D. Enable an SSL certificate for IMAP services.

D. Enable an SSL certificate for IMAP services.

Q137: Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping? A. Encrypt it with Joe's private key B. Encrypt it with Joe's public key C. Encrypt it with Ann's private key D. Encrypt it with Ann's public key

D. Encrypt it with Ann's public key

Q127: An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data: (CHART with ANN/JEFF/JOHN) Which of the following would be the BEST method to prevent similar audit findings in the future? A. Implement separation of duties for the payroll department. B. Implement a DLP solution on the payroll and human resources servers. C. Implement rule-based access controls on the human resources server. D. Implement regular permission auditing and reviews.

D. Implement regular permission auditing and reviews.

Q143: A security analyst receives an alert from a WAF with the following payload: var data= "<test test test>" ++ <../../../../../../etc/passwd>" Which of the following types of attacks is this? A. Cross-site request forgery B. Buffer overflow C. SQL injection D. JavaScript data insertion E. Firewall evasion script

D. JavaScript data insertion

Q201:A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report? A. Architecture evaluation B. Baseline reporting C. Whitebox testing D. Peer review

D. Peer review

Q134: A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential information after working hours when no one else is around. Which of the following actions can help to prevent this specific threat? A. Implement time-of-day restrictions. B. Audit file access times. C. Secretly install a hidden surveillance camera. D. Require swipe-card access to enter the lab.

D. Require swipe-card access to enter the lab.

Q196: A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls. Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Select Three) A. Password complexity policies B. Hardware tokens C. Biometric systems D. Role-based permissions E. One time passwords F. Separation of duties G. Multifactor authentication H. Single sign-on I. Lease privilege

D. Role-based permissions F. Separation of duties I. Lease privilege

Q161: An administrator is configuring access to information located on a network file server named "Bowman". The files are located in a folder named "BalkFiles". The files are only for use by the "Matthews" division and should be read-only. The security policy requires permissions for shares to be managed at the file system layer and also requires those permissions to be set according to a least privilege model. Security policy for this data type also dictates that administrator-level accounts on the system have full access to the files. The administrator configures the file share according to the following table:(PIC) Which of the following rows has been misconfigured? A. Row 1 B. Row 2 C.Row 3 D. Row 4 E. Row 5

D. Row 4

Q158: An employee receives an email, which appears to be from the Chief Executive Officer (CEO), asking for a report of security credentials for all users. Which of the following types of attack is MOST likely occurring? A. Policy violation B. Social engineering C. Whaling D. Spear phishing

D. Spear phishing

Q140: A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to configure the new network segment? A. The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic. B. The segment should be placed in the existing internal VLAN to allow internal traffic only. C. The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic. D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.

D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.

Q117: A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed? A. Removing the hard drive from its enclosure B. Using software to repeatedly rewrite over the disk space C. Using Blowfish encryption on the hard drives D. Using magnetic fields to erase the data

D. Using magnetic fields to erase the data

Q203: A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test. Which of the following has the administrator been tasked to perform? A. Risk transference B. Penetration test C. Threat assessment D. Vulnerability assessment

D. Vulnerability assessment

Q173: A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network. Which of the following should be implemented in order to meet the security policy requirements? A. Virtual desktop infrastructure (IDI) B. WS-security and geo-fencing C. A hardware security module (HSM) D. RFID tagging system E. MDM software F. Security Requirements Traceability Matrix (SRTM)

E. MDM software


Set pelajaran terkait

Study Unit 6- Adjustments and Deductions

View Set

международные организации

View Set

Ch12 Deficits and Debt LearnSmart

View Set

Child, Older Adult, & Intimate Partner Violence

View Set