Pass4Sure
A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and drop the applicable controls to each asset types? Instructions: controls can be used multiple times and not all placeholders need to be filled. Controls -Screen Lock -Strong Password -Device Encryption -Remote Wipe -GPS Tracking -Cable Locks -Antivirus -Host Based Firewall -Proximity Reader -Sniffer -Mantrap Company Managed Smart Phone DataCenter Terminal
Answer:
An organization relies heavily on an application that has a high frequency of security updates. At present, the security team only updates the application on the first Monday of each month, even though the security updates are released as often as twice a week. Which of the following would be the BEST method of updating this application? A) Configure testing and automate patch management for the application. B) Configure security control testing for the application. C) Manually apply updates for the application when they are released. D) Configure a sandbox for testing patches before the scheduled monthly update.
Answer: A) Configure testing and automate patch management for the application.
A system administrator is reviewing the following information from a compromised server. Process DEP Local Address Remote Address LSASS YES 0.0.0.0. 10.210.100.62 APACHE NO 0.0.0.0 10.130.210.20 MySQL NO 127.0.0.1 127.0.0.1 TFTP YES 191.168.1.10 10.34.221.96 Given the above information, which of the following process was MOST likely exploited via remote buffer overflow attack? A) Apache B) LSASS C) MySQL D) TFTP
Answer: A) Apache
A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements: +All access must be correlated to a user account. +All user accounts must be assigned to a single individual. +User access to the PHI data must be recorded. +Anomalies in PHI data access must be reported. +Logs and records cannot be deleted or modified. Which of the following should the administrator implement to meet the above requirements? (Select three) A) Eliminate shared accounts B) Create a standard naming convention for accounts C) Implement usage auditing and review D) Enable account lockout thresholds E) Copy logs in real time to a secured WORM drive F) Implement time-of-day restrictions G) Perform regular permission audits and reviews
Answer: A) Eliminate shared accounts C) Implement usage auditing and review G) Perform regular permission audits and reviews
A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Select two.) A) Generate an X.509-compliant certificate that is signed by a trusted CA. B) Install and configure an SSH tunnel on the LDAP server. C) Ensure port 389 is open between the clients and the servers using the communication. D) Ensure port 636 is open between the clients and the servers using the communication. E) Remote the LDAP directory service role from the server.
Answer: A) Generate an X.509-compliant certificate that is signed by a trusted CA. D) Ensure port 636 is open between the clients and the servers using the communication.
Which of the following are MOST susceptible to birthday attacks? A) Hashed passwords B) Digital certificates C) Encryption passwords D) One time passwords
Answer: A) Hashed passwords
Which of the following technologies employ the use of SAML? (Select two.) A) Single sign-on (SSO) B) Federation C) LDAP D) Secure token E) RADIUS
Answer: A) Single sign-on B) Federation SAML Security Assertion Markup Language - An XML-based standard used to exchange authentication and authorization information between different parties. SAML provides SSO for web-based application. Single sign-on (SSO) - An authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication. Federation - Two or more member of a federated identify management system. Used for single sign-on.
A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Select TWO). A) The portal will function as a service provider and request an authentication assertion. B) The portal will function as an identity provider and issue an authentication assertion. C) The portal will request an authentication ticket from each network that is transitively trusted. D) The back-end networks will function as an identity provider and issue an authentication assertion. E) The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store. F) The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.
Answer: A) The portal will function as a service provider and request an authentication assertion. B) The portal will function as an identity provider and issue an authentication assertion.
A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to configure the new network segment? A) The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic. B) The segment should be placed in the existing internal VLAN to allow internal traffic only. C. The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic. D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.
Answer: A) The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic. VLAN (virtual local area network) A method of segmenting traffic. A VLAN logically groups several different computers together without regard to their physical location.
Anne, the Chief Executive Officer (CEO), has reported that she is getting multiple telephone calls from someone claiming to be from the helpdesk. The caller is asking to verify her network authentication credentials because her computer is broadcasting across the network. Which of the following types of attacks is this MOST likely? A) Vishing B) Impersonation C) Spim D) Scareware
Answer: A) Vishing
A network administrator at a small office wants to simplify the configuration of mobile clients to an encrypted wireless network. Which of the following should be implemented if the administrator does not want to provide the wireless password or certificate to the employees? A) WPS B) 802.1x C) WPA2-PSK D) TKIP
Answer: A) WPS WPS (Wi-Fi Protected Setup) - A method that allows user to easily configure a wireless network, often by using only a PIN. WPS brute force attacks can discover a PIN.
Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should Joe put in place to BEST reduce these incidents? A. Account lockout B. Group Based Privileges C. Least privilege D. Password complexity
Answer: A. Account lockout
A security analyst is hardening a web server, which should allow a secure certificate-based session using the organization's PKI infrastructure. The web server should also utilize the latest security techniques and standards. Given this set of requirements, which of the following techniques should the analyst implement to BEST meet these requirements? (Select two) A. Install an X-509-compliant certificate B. Implement a CRL using an authorized CA C. Enable and configure TLS on the server D. Install a certificate signed by a public CA E. Configure the web server to use a host header
Answer: A. Install an X-509-compliant certificate C. Enable and configure TLS on the server TLS( Transport Layer Security)- The replacement for SSL. TLS is used to encrypt data in transit. like SSL, it uses certificates issued by CAs.
A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts. Which of the following subnets would BEST meet the requirements? A) 192.168.0.16 255.25.255.248 B) 192.168.0.16/28 C) 192.168.1.50 255.255.25.240 D) 192.168.2.32/27
Answer: B) 192.168.0.16/28
When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configures when connecting to WPA2-PSK? A) DES B) AES C) MD5 D) WEP
Answer: B) AES AES- Advance Encryption Standard. A strong symmetric block cipher that encrypts data 128-bit blocks AES can use key sizes 128-bits, 192-bits, or 256-bits WPA2- Wi-FI Protected Access II. A wireless security protocol. It supports CCMP for encryption, which is based on AES. It can use Open mode, a pre-shared key, or Enterprise mode. PSK - Preshard key. A wireless mode that uses a pre-shared key (similar to a password or passphrase) for security. Compare with Enterprise and Open modes.
A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to log on to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility. Which of the following configuration commands should be implemented to enforce this requirement? A) LDAP server 10.55.199.3 B) CN=company, CN=com, OU=netadmin, DC=192.32.10.233 C) SYSLOG SERVER 172.16.23.50 D) TACAS server 192.168.1.100
Answer: B) CN=company, CN=com, OU=netadmin, DC=192.32.10.233 LDAP- Lightweight Directory Access Protocol. A protocol used to communicate with directions such as Microsoft Active Directory. It identifies objects with query strings using codes such as CN=User and DC=GetCertifiedGetAhead
A security administrator suspects that data on a server has been exhilarated as a result of unauthorized remote access. Which of the following would assist the administrator in con-firming the suspicions? (Select TWO) A) Networking access control B) DLP alerts C) Log analysis D) File integrity monitoring E) Host firewall rules
Answer: B) DLP alerts C) Log analysis DLP Data loss prevention - A group of technologies used to prevent data loss. They can block the use of USB devices, monitor outgoing email to detect and block unauthorized data transfer, and monitor data stored in the cloud.
Which of the following encryption methods does PKI typically use to securely project keys? A) Elliptic curve B) Digital Signatures C) Asymmetric D) Obfuscation
Answer: B) Digital Signatures PKI (Public Key Infrastructure) - A group of technologies used to request, create, manage, store distribute, and revoke certificates Digital Signatures - An encrypted hash or message of a message, encrypted with the sender's private key. it provides authentication, non-repudiation, and integrity
Which of the following would need the requirements for multifactor authentication? A) Username, PIN, and Employee ID number B) Fingerprint and password C) Smart card and hardware token D) Voice recognition and retina scan
Answer: B) Fingerprint and password Multifactor authentication - a type of authentication that uses methods from more than one factor authentication
The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST to ensure the objective? A) Authentication B) HVAC C) Full-disk encryption D) File integrity checking
Answer: B) HVAC HVAC - Heating, ventilation, and air conditioning. A physical security control that increases availability by regulating airflow within data centers and server rooms.
An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multi-factor authentication. Which of the following should be implemented? A) Use camera for facial recognition B) Have users sign their name naturally C) Require a palm geometry scan D) Implement iris recognition
Answer: B) Have users sign their name naturally
The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate servers at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window? A) Implement deduplication at the network level between the two locations B) Implement deduplication on the storage array to reduce the amount of drive space needed C) Implement deduplication on the server storage to reduce the data backed up D) Implement deduplication on both the local and remote servers
Answer: B) Implement deduplication on the storage array to reduce the amount of drive space needed
The firewall administrator is adding a new certificate for the company's remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected. Which of the following is required to complete the certificate chain? A) Certificate revocation list B) Intermediate authority C) Recovery agent D) Root of trust
Answer: B) Intermediate authority
A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two) A) Ping B) Ipconfig C) Tracert D) Netstat E) Dig F) Nslookup
Answer: B) Ipconfig C) Tracert Ipconfig - A command line tool used on Windows system to show the configuration settings on a NIC Tracert - A command line tool used to trace the route between two systems
A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the following is a feature that is UNIQUE to Kerberos? A) It provides authentication services B) It uses tickets to identify authenticated users C) It provides single sign-on capability D) It uses XML for cross-platform interoperability
Answer: B) It uses tickets to identify authenticated users Kerberos - A network authentication mechanism used with Windows Active Directory domains and some Unix environments known as realms. It uses a KDC to issue tickets.
A data center manager has been asked to prioritize critical system recovery priorities. Which of the following is MOST critical for immediate recovery? A) Communications software B) Operating system software C) Weekly summary reports to management D) Financial and product software
Answer: B) Operating system software
Which of the following types of keys is found in a key escrow? A) Public B) Private C) Shared D) Session
Answer: B) Private Key Escrow - The process of placing a copy of a private key in a safe environment
Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe demonstrated a free movie application that he installed from a third party on his corporate smartphone. Joe's colleagues were unable to find the application in the app stores. Which of the following allowed Joe to install the application? (Select two) A) Near-field communication. B) Rooting/Jailbreaking C) Ad-hoc connections D) Tethering E) Sideloading
Answer: B) Rooting/Jailbreaking E) Sideloading Jailbreaking - The process of modifying an Apple mobile device to remove software restrictions. It allows a user to install software from any thrid party source. Rooting- The process of modifying an Android device, giving the user root-level, or administrator, access. Sideloading - The process of copying an application package to a mobile device. It is useful for developers when testing apps, but can be risky if users sideload unauthorized apps to their device.
A security administrator is developing training for corporate users on basic security principles for person email accounts. Which of the following should be mentioned as the MOST secure way for password recovery? A) Utilizing a single Qfor password recovery B) Sending a PIN to a smartphone through text message C) Utilizing CAPTCHA to avoid brute force attacks D) Use a different e-mail address to recover password
Answer: B) Sending a PIN to a smartphone through text message
When preforming data acquisition on a workstation, which of the following should be captured based on memory volatility? (Select two) A) USB-attached hard disk B) Swap/pagefile C) Mounted network storage D) ROM E) RAM
Answer: B) Swap/pagefile E) RAM
A network operation manager has added a second row of server racks in the datacenter. These racks face the opposite direction of the first row of rack. Which of the following is the reason the manager installed the racks this way? A) To lower energy consumption by sharing power outlets B) To create environmental hot and cold isles C) To eliminate the potential for electromagnetic interference D) To maximize fire suppression capabilities
Answer: B) To create environmental hot and cold isles
As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened. Which of the following is the BEST way to do this? A) Use a vulnerability scanner. B) Use a configuration compliance scanner. C) Use a passive, in-line scanner. D) Use a protocol analyzer. SHOW ANSWERS
Answer: B) Use a configuration compliance scanner.
As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened. Which of the following is the best way to do this? A) Use a vulnerability scanner. B) Use a configuration compliance scanner. C) Use a passive, in-line scanner. D) Use a protocol analyzer.
Answer: B) Use a configuration compliance scanner. configuration compliance scanner - A type of vulnerability scanner that verifies system are configured correctly. It will often use a file that identifies the proper configuration for systems.
When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as: A) system sprawl B) end of life systems C) resource exhaustion D) a default configuration
Answer: B) end of life systems
Two users need to send each other emails over unsecured channels. The system should support the principle of non-repudiation. Which of the following should be used to sign the user's certificate? A. RA B. CA C. CRL D. CSR
Answer: B. CA CA (Certificate Authority) - An organization that manages, issues, and signs certificates. A CA is a main element of a PKI.
Ann, an employee of the payroll department, has contacted the help desk citing multiple issues with her device, including: -Slow performance -Word documents, PDFs, and images no longer opening -A pop-up Ann states the issues began after she opened an invoice that a vendor emailed her. Upon opening the invoice, she had to click several security warnings to view it in her word processor. With which of the following is the device MOST likely infected? A. Spyware B. Crypto-malware C. Rootkit D. Backdoor
Answer: B. Crypto-malware Crypto-malware - A type of ransomware that encrypts the user's data
A company's user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contacting the user, the help desk discovers the user is on vacation and does not have network access. Which of the following types of attacks are MOST likely occurring? (Select two) A) Replay B) Rainbow tables C) Brute force D) Pass the hash E) Dictionary
Answer: C) Brute force E) Dictionary Brute force - A password attack that attempts to guess a password. Online brute force attacks guess passwords of online system. Offline attacks guess passwords contained in a file or database. Dictionary- A password attacks that uses a file of words and character combinations. The attack tries every entry within the file when trying to guess a password.
A group of non-profit agencies want to implement a cloud service to share resources with each other and minimize costs. Which of the following cloud deployment models BEST describes this type of effort? A) Public B) Hybrid C) Community D) Private
Answer: C) Community
The chief security officer (CSO) has reported a rise in data loss but no break-ins have occurred. By doing which of the following would the CSO MOST likely to reduce the number of incidents? A) Implement protected distribution B) Employ additional firewalls C) Conduct security awareness training D) Install perimeter barricades
Answer: C) Conduct security awareness training
Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients with out completely eliminating access for internal users? A) NAC B) VLAN C) DMZ D) Subnet
Answer: C) DMZ DMZ- Demilitarized zone. A buffer zone between the internet and an internal network. Internet clients can access the service hosted on servers on servers in the DMZ, but the DMZ provides a layer of protection for the internal network
Which of the following would allow for the QUICKEST restoration of a server into a warm recovery site in a case in which server data mirroring is not enabled? A) Full backup B) Incremental backup C) Differential backup D) Snapshot
Answer: C) Differential backup Differential backup - A type of backup that backs up all the data that has changed or is different since the last full backup.
An attacker wearing a building maintenance uniform approached a company's receptionist asking for access to secure area. The receptionist asks for identification, a building access badge and checks the company's list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks? A) Tailgating B) Shoulder surfing C) Impersonation D) Hoax
Answer: C) Impersonation
A computer on a company network was infected with a zero-day exploit after an employee accidentally opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidentally opened it. Which of the following should be done to prevent this scenario from occurring again in the future? A) Install host based firewalls on all computers that have an email client installed B) Set the email program default to open messages in plain text C) Install end-point protection on all computers that access web email D) Create New email spam filters to delete all messages from that sender
Answer: C) Install end-point protection on all computers that access web email
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machines. Which of the following describes the type of attack the proxy has been legitimately programmed to perform? A) Transitive access B) Spoofing C) Man-in-the-middle D) Replay
Answer: C) Man-in-the-middle Man-in-the-middle(MITM) - An attack using active interception or eavesdropping. It can allow the attacker to capture browser session data, including keystrokes
A company's loss control department identifies theft as a recurring loss type over the past year. Based on the department report, the Chief Information Officer (CIO) wants to detect theft of data center equipment. Which of the following controls should be implemented? A) Biometrics B) Cameras C) Motion detectors D) Mantraps
Answer: C) Motion detectors
A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised? A) MAC filtering B) Virtualization C) OS hardening D) Application white-listing
Answer: C) OS hardening
When designing a web based client server application with single application server and database cluster backend, input validation should be performed: A)On the client B) Using database stored procedures C) On the application server D) Using HTTPS
Answer: C) On the application server
A security engineer is configured a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords which of the following authentication protocols MUST the security engineer select? A) EAP-FAST B) EAP-TLS C) PEAP D) EAP
Answer: C) PEAP PEAP- Protected Extensible Authentication Protocol. An extension of EAP sometimes used with 802.1x. PEAP requires a certificate on the 802.1x server
Despite having implemented password polices, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations? A) Password expiration B) Password length C) Password complexity D) Password history E) Password lockout
Answer: C) Password complexity D) Password history
A portable data storage device has been determined to have malicious firmware. Which of the following is the BEST course of action to ensure data confidentiality? A) Format the device B) Re-image the device C) Preform virus scan in the device D) Physically destroy the device
Answer: C) Preform virus scan in the device
An application developer is designing an application involving secure transport from one service to another that will pass over port 80 for a request. Which of the following secure protocols is the developer MOST likely to use? A) FTPS B) SFTP C) SSL D) LDAPS E) SSH
Answer: C) SSL SSL Secure Socket Layer - The predecessor to TLS. SSL is used to encrypt data-in-transit with the use of certificate.
Although a web enable application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement? A) Revision control system B) Client side exception handling C) Server side validation D) Server hardening
Answer: C) Server side validation
A security administrator needs an external vendor to correct an urgent issue with an organization's physical access control system (PACS). The PACS does not currently have internet access because it is running a legacy operation system. Which of the following methods should the security administrator select the best balances security and efficiency? A) Temporarily permit outbound internet access for the pacs so desktop sharing can be set up B) Have the external vendor come onsite and provide access to the PACS directly C) Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing D) Set up a web conference on the administrator's pc; then remotely connect to the pacs
Answer: C) Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing
The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones tablets, and the Internet via HTTP. The Corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data? A) Revoke exiting root certificates, reissue new customer certificates, and ensure all transaction are digitally signed to minimize fraud, implement encryption for data in-transit between data centers B) Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location C) Store customer data based on national borders, ensure end to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations D) Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end to end encryption between mobile applications and the cloud
Answer: C) Store customer data based on national borders, ensure end to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations
A system administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network? A) Open wireless network and SSL VPN B) WPA using preshared key C) WPA2 using RADIUS back-end for 802.1x authentication D) WEP with a 40-bit key
Answer: C) WPA2 using RADIUS back-end for 802.1x authentication WPA2- Wi-FI Protected Access II. A wireless security protocol. It supports CCMP for encryption, which is based on AES. It can use Open mode, a pre-shared key, or Enterprise mode. RADIUS - Remote Authentication Dail-In User Service/ An authentication service that provides central authentication for remote access clients.
As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed? A) Black box B) Regression C) White box D) Fuzzing
Answer: C) White box White box test - A type of penetration test. Testers have full knowledge of the environment prior to starting the test
After correctly configuring a new wireless enabled thermostat to control the temperature of the company's meeting room, Joe, a network administrator determines that the thermostat is not connecting to the internet-based control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet? A. The company implements a captive portal B. The thermostat is using the incorrect encryption algorithm C. the WPA2 shared likely is incorrect D. The company's DHCP server scope is full
Answer: C. the WPA2 shared likely is incorrect WPA2 WiFi Protected Access II - A wireless security protocol . It supports CCMP for encryption, which is based on AES. It can use Open mode, a pre-shared key or Enterprise mode.
An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the of the following security exposures would this lead to? A) A virus on the administrator desktop would be able to sniff the administrator's username and password B) Result in an attacker being able to phish the employee's username and password C) A social engineering attack could occur, resulting in the employee's password being extracted D) A man in the middle attack could occur, resulting the employee's username and password being captured
Answer: D) A man in the middle attack could occur, resulting the employee's username and password being captured
The computer resource center issued smartphones to all first-level and above managers. The managers have the ability to install mobile tools. Which of the following tools should be implemented to control the types of tools the managers install? A) Download manager B) Content manager C) Segmentation manager D) Application manager
Answer: D) Application manager
During an application design, the development team specifics a LDAP module for single sign-on communication with the company's access control database. This is an example of which of the following? A) Application control B) Data in-transit C) Identification D) Authentication
Answer: D) Authentication Authentication -The process that occurs when a user proves an identity such as a password.
A new mobile application is being developed in-house. Security reviews did not pick up any major flaws. However vulnerability scanning results show fundamental issues at the very end of the project cycle. Which of the following security activities should also have been preformed to discover vulnerabilities earlier in the lifecycle? A) Architecture review B) Risk assessment C) Protocol analysis D) Code review
Answer: D) Code review
An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After undergoing several audits, the owner determined that current levels of non-repudiation were insufficient. Which of the following capabilities would be MOST appropriate to consider implementing is response to the new requirement? A) Transitive trust B) Symmetric encryption C) Two-factor authentication D) Digital signatures E) One-time passwords
Answer: D) Digital signatures Digital signatures - An encryption has of a message, encrypted with the sender's private key. It provides authentication, non-repudiation, and integrity.
A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do next? A) Document and lock the workstation in a secure area to establish chain of custody. B) Notify the IT department that the workstations are to be re-imaged and the data restored for reuse C) Notify the IT department that the workstations may be reconnected to the network for the users to continue working D) Document findings and process in the after-action and lessons learned report
Answer: D) Document findings and process in the after-action and lessons learned report.
Which of the following can affect electrostatic discharge in a network operations center? A) Fire suppression B) Environmental monitoring C) Proximity card access D) Humidity controls
Answer: D) Humidity controls
A security analyst receives an alert from a WAF with the following payload: var data= "<test test test>"++<../../../../../../etc/passwd>" Which of the following types of attacks is this? A) Cross-site request forgery B) Buffer overflow C) SQL injection D) JavaScript data insertion E) Firewall evasion script
Answer: D) JavaScript data insertion WAF - web application firewall - a firewall specifically designed to protect a web application, such as a web server. A WAF inspects the content to traffic to a web server and can detect malicious content, such as code used in a cross-scripting attack, and block it.
Which of the following cryptography algorithms will produce a fixed-length, irreversible output? A) AES B) 3DES C) RSA D) MD5
Answer: D) MD5
A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials maybe be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring? A) Implement SRTP between the phones and the PBX B) Place the phones and PBX in their own VLAN. C) Restrict the phone connections to the PBX. D) Require SIPS on connections to the PBX
Answer: D) Require SIPS on connections to the PBX
A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls. Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Select 3) A) Password complexity polices B) Hardware tokens C) Biometric systems D) Role-based permissions E) One time passwords F) Separation of duties G) Multifactor authentication H) Single sign-on I) Lease privilege
Answer: D) Role-based permissions F) Separation of duties I) Least privilege Separation of duties - A security principle that prevents any single person or entity from controlling all the functions of a critical or sensitive process. It's designed to prevent fraud, theft, and errors. Least privilege - A security principle that specifies that individuals and processes are granted only the rights and permissions needed to preform assigned tasks or functions but no more
Joe, the security administrator, sees this in a vulnerability scan report: "The server 10.1.2.232 is running Apache 2.2.20 which may be vulnerable to a mod_cgi exploit." Joe verifies that the mod_cgi module is not enabled on 10.1.2.232. This message is an example of: A) a threat B) a risk C) a false negative D) a false positive
Answer: D) a false positive
During a data breach cleanup it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem BEST be revisited? A) Reporting B) Preparation C) Mitigation D. Lessons Learned
Answer: D. Lessons Learned
The help desk is receiving numerous password change alerts from users in the accounting department. These alerts occur multiple times on the same day for each of the affected users' accounts. Which of the following controls should be implemented to curtail this activity? A. Password Reuse B. Password complexity C. Password History D. Password Minimum age
Answer: D. Password Minimum age
Phishing emails frequently take advantage of high-profile catastrophes reported in the news. Which of the following principles BEST describes the weakness being exploited? A. Intimidation B. Scarcity C. Authority D. Social proof
Answer: D. Social proof
A website administrator has received an alert from an application designed to check the integrity of the company's website. The alert indicated that the hash value for a particular MPEG file has changed. Upon further investigation, the media appears to be the same as it was before the alert. A) Cryptography B) Time of check/time of use C) Man in the middle D) Convert timing E) Stenography
Answer: E) Stenography
A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the results of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following? A) Change management procedures B) Job rotation policies C) Incident response management D) Least privilege access controls
Answer: A) Change management procedures Change management- The process used to prevent unauthorized changes. Unauthorized changes often result in unintended outages
To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met? A) Create a daily encrypted backup of the relevant emails B) Configure the email server to delete the relevant emails C) Migrate the relevant emails into an "Archived" folder D) Implement automatic disk compression on email servers
Answer: A) Create a daily encrypted backup of the relevant emails
In a corporation where compute utilization spikes several times a year, the Chief information Officer (CIO) has requested a cost effective architecture to handle the variable capacity demand. Which of the following characteristics BEST describes what the CIO has requested? A) Elasticity B) Availability C) High availability D) Redundancy
Answer: A) Elasticity Elasticity - is defined as "the degree to which a system is able to adapt to workload changes by provisioning and de-provisioning resources in an autonomic manner, such that at each point in time the available resources match the current demand as closely as possible".
A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two) A) Geofencing B) Remote wipe C) Near-field communication D) Push notification services E) Containerization
Answer: A) Geofencing E) Containerization Geofencing - A virtual fence or geographic boundary. It uses GPS to create the boundary. Apps can then respond when a mobile device is within the virtual fence. Containerization - A method used to isolate applications in mobile devices. It isolates and protects the application, including data used by the application.
When identifying a company's most valuable assets as part of BIA, which of the following should be the FIRST priority? A) Life B) Intellectual property C) Sensitive data D) Public reputation
Answer: A) Life
An analyst wants to implement a more secure wireless authentication for the office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS? A) PEAP B) EAP C) WPA2 D) RADIUS
Answer: A) PEAP EAP by itself is only a authentication framework PEAP (Protected Extensible Authentication Protocol) fully encapsulates EAP and is designed to work within a TLS(Transport Layer Security) tunnel that may be encrypted but is authenticated. The primary motivation behind the creation of PEAP was to help correct the deficiencies discovered within EAP since that protocol assumes that the communications channel is protected. As a result, when EAP messages are able to be discovered in the "clear" they do not provide the protection that was assumed when the protocol was originally authored. PEAP, EAP-TTLS, and EAP-TLS "protect" inner EAP authentication within SSL/TLS sessions.
An auditor wants to test the security posture of an organization by running a tool that will display the following: JIMS <00> UNIQUE Registered WORKGROUP <00> GROUP Registered JIMS <00> UNIQUE Registered Which of the following commands should be used? A) nbtstat B) nc C) arp D) ipconfig
Answer: A) nbtstat The nbtstat -A < IP address > command performs the same function using a target IP address rather than a name. Nbtstat is a diagnostic tool for NetBIOS over TCP/IP. It is included in several versions of Microsoft Windows. Its primary design is to help troubleshoot NetBIOS name resolution problems.
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue? A. Botnet B. Ransomware C. Polymorphic malware D. Armored virus
Answer: A. Botnet Bots - Software robots that function automatically. A botnet is a group of computers that are joined together. Attackers often use malware to join computers to a botnet, and then use the botnet to launch attacks.
A database backup schedule consists of weekly full backups performed on Saturday at 12:00 am and daily differential backups also performed at 12:00 am. If the database is restored on Tuesday afternoon, which of the following is the number of individual backups that would need to be applied to complete the database recovery? A) 1 B) 2 C) 3 D) 4
Answer: B) 2
A security analyst is investigating a security breach. Upon inspection of the audit an access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username "gotcha" and user ID of 0. Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? (Choose two) A) Logic bomb B) Backdoor C) Keylogger D) Netstat E) Tracart F) Ping
Answer: B) Backdoor D) Netstat Backdoor - An alternate method of accessing a system. Malware often adds a backdoor into a system after it infects it. Netstat - A command-line tool used to show network statistics on a system
A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called "Purchasing", however, the purchasing group permissions all write access. Which of the following would be the best course of action? A) Modify all the shared files with read only permissions for the intern. B) Create a new group that has only read permissions for the files. C) Remove all permissions for the shared files. D) Add the intern to the "Purchasing" group.
Answer: B) Create a new group that has only read permissions for the files.
A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure? A) LDAP services B) Kerberos services C) NTLM services D) CHAP services
Answer: B) Kerberos services Only Kerberos that can do Mutual Auth and Delegation. Kerberos - A network authentication mechanism used with Windows Active Directory domains and some Unix environments known as realms. It uses a KDC to issue tickets.
An administrator discover the following log entry on a server: Nov 12 2013 00:23:45 httpd[2342]:GET /app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow Which of the following attacks is being attempted? A) Command injection B) Password attack C) Buffer overflow D) Cross-site scripting
Answer: B) Password attack
Which of the following delineates why it is important to preform egress filtering and monitoring on Internet connected security zones of interfaces on a firewall? A) Egress traffic is more important than ingress traffic for malware prevention B) To re-balance the amount of outbound traffic and inbound traffic C) Outbound traffic could be communicating to known botnet sources D) To prevent DDoS attacks originating from external network
Answer: B) To re-balance the amount of outbound traffic and inbound traffic
A security guard has informed the Chief Information Security Officer that a person with a tablet has been walking around the building. The guard also noticed strange white markings in different areas of the parking lot. Which of the following types of attacks is the person attempting? A) Jamming B) War chalking C) Packet sniffing D) Near field communication
Answer: B) War chalking
A security analyst captures forensic evidence from a potentially compromised system for further investigation. The evidence is documented and securely stored to FIRST: A) maintain the chain of custody B) preserve the data C) obtain a legal hold D) recover data at a later time
Answer: B) preserve the data
An information security specialist is reviewing the following output from a Linux Server. User@server:~$ crontab -1 5****/usr/local/bin/backup.sh #1/bin/bash if! grep - -quiet joeuser/etc/passwd then rm -rf/ fi Based on the above information, which of the following types of malware was installed on the server? A) Logic bomb B) Trojan C) Backdoor D) Ransomware E) Rootkit
Answer: C) Backdoor Backdoor - An alternate method of accessing a system. Malware often adds a backdoor into a system after it infects it.
A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the internet. Which of the following should be used in the code? (Select TWO) A) Escrowed keys B) SSL symmetric encryption key C) Software code private key D) Remote server public key E) OCSP
Answer: C) Software code private key E) OCSP OCSP Online Certificate Status Protocol. An alternative to using a CRL. It allows entities to query a CA with serial number of a certificate. The CA answer with good, revoked, or unknown.
A security analyst wishes to increase the security of an FTP server. Currently, all traffic to the FTP server is encrypted. Users connecting to the FTP server use a variety of modern FTP client software. The security analyst wants to keep the same port and protocol, while also still allowing encrypted connections. Which of the following would BEST accomplish these goals? A) Require the SFTP protocol to connect to the file server. B) use implicit TLS on the FTP server. C) Use explicit FTPS for connections. D) Use SSH tunneling to encrypt the FTP traffic.
Answer: C) Use explicit FTPS for connections. FTPS (File Transfer Protocol Secure) - An extension of FTPS that uses TLS to encrypt FTP traffic. Some implementation of FTPS use TCP ports 989 and 990.
Many employees are receiving email messages similar to the one shown below: From IT dpartment To employee Subject email quota exceeded Please click on the following link http:www.website.info/email.php?quota=1GB and provide your username and password to increase your email quota. Upon reviewing other similar emails, the security administrator realized that all the phishing URLs have the following common elements; they all use HTTP, they all come from .info domains, and they all contain the same URL. Which of the following should the security administrator configure on the corporate content filter to prevent users from accessing the phishing URL, while at the same time minimizing false positives? A) BLOCK http:www.*.info/" B) DROP Http://"website.info/email.php?* C) Redirect http://www*Info/email.php?quota=*TOhttp://company.com/corporate_polict.html D) DENY http://*.info/email.php?quota=1gb
Answer: D) DENY http://*.info/email.php?quota=1gb
During a data breach cleanup it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem BEST be revisited? A) Reporting B) Preparation C) Mitigation D) Lessons Learned
Answer: D) Lessons Learned
An employee receives an email, which appears to be from the Chief Executive Officer (CEO), asking for a report of security credentials for all users. Which of the following types of attack is MOST likely occurring? A) Policy violation B) Social engineering C) Whaling D) Spear phishing
Answer: D) Spear phishing Spear phishing - A targeted form of phishing. Spear phishing attacks attempt to target specific groups of users, such as those within a specific organization, or even a single user.
An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment of DNSSEC at the organization? A. LDAP B. TPM C. TLS D. SSL E. PKI
Answer: E. PKI DNSSEC (Domain Name System Security Extension) - A suite of extensions to DNS used to protect the integrity of DNS records and prevent some DNS attacks