Security Plus Common Misses
After a significant amount of hiring, an organization would like to simplify the connection process to its wireless network for employees while ensuring maximum security. The Chief Information officer (CIO) wants to get rid of any shared network passwords and require employees to use their company credentials when connecting. Which of the following should be implemented to best meet this requirement.
802.1X
Which of the following differentiates a collision attack from a rainbow table attack?
A rainbow table attack performs a hash lookup.
An Organization is deploying a new system to the production environment. A security analyst discovers the system is not properly hardened or patched. Which of the following best describes the scenario?
A secure baseline was not established early on.
Which of the following should a security analyst perform FIRST to determine the vulnerabilities of a legacy system?
PASSIVE SCAN
When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured when connecting to WPA2-PSK?
AES
A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment?
Air Gapped compiler network
A software developer is concerned about DLL hijacking in an application being written. Which of the following is the most viable mitigation measure of this type of attack?
All calls to different DLLs should be hard-coded in the application.
A security consultant discovers that an organizations using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the most likely risk in this situation?
An attacker can access and change the printer configuration.
A security analyst observes the following events in the logs of an employee workstation 1/23 Access to C:\Users\use r\temp\oasdfkh.hta\ has been restriced by your administrator by the default restriction policy level Given the information provided which of the following most likely occurred on the workstation?
Application white listing controls blocked an exploit payload from executing
A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services. The scan report includes the following critical rated vulnerability. Title: Remote command execution vulnerability in web server Rating: CVSS 10.0 Threat actor: any remote user of the web server Confidence: Certain Recommendation: Apply vendor patches: Which of the following actions should the security analyst perform first?
Apply organizational context to the risk rating
Which of the following access management concepts is associated with file permission?
Authorization
A company is using a mobile device model in which employees use their personal devices for work at their discretion. Some of the problems the company is encountering include the following. There is no Standardization Employees ask for reimbursement for their devices Employees do not replace their devices often enough to keep them running efficiently. The company does not have enough control over the devices. Which of the following is a deployment model that would help the company overcome these problems?
COPE
A security administrator receives an alert from a third party vendor that indicated a certificate that was installed in the browser has been hijacked at the root of a small public CA. The security administrator knows their are at lease four different browsers in use on more than a thousand computers in the domain worldwide. Which of the following solutions would be BEST for the security administrator to implement to most efficiently assist with this issue.
CRL (Certificate Revocation List)
The IT department is deploying new computers. to ease the transition, users will be allowed to access their old and new systems. The help desk is recieveing reports that users are experiencing the following error when attempting to log in to their previous system: LOGON Failure : Access Denied Which of the following can cause this issue?
Certificate issues
Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources?
Community
An organization has several production critical SCADA systems that cannot follow the normal 30 day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?
Configure a firewall with deep packet inspection that restricts traffic to the systems.
A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment?
Confirm adherence to the company's industry specific regulations / Review the company's current security baseline
A security analyst wants to limit the use of USB an external drives to protect against malware, as well as protect files leaving a users computer. Which of the following is the best method to use?
Data Loss Prevention (DLP)
A security engineer is configuring a wireless network with EAP-TLS. Which of the following activities is a requirement for this configuration?
Deploying certificates to endpoint devices
An employee has been writing a secure shell around software used to secure executable files. The employee has conducted the appropriate self-test and is ready to move the software into the next environment. Within which of the following environments is the employee currently working.
Development
A forensics analyst suspects that a breach has occurred. Security logs show the company's OS patch system may be compromised, and it is serving patches that contain zero day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server. Which of the following should the analyst use to confirm this suspicion?
Digital signature.
A security analyst is migrating a pass the hash vulnerability on a windows infrastructure. Given the requirement, which of the following should the security analyst do to MINIMISE the risk?
Disable NTLM
Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users email contacts are complaining of an increase in spam and social networking requests Due to the large number of affected accounts, remediation must be accomplished quickly. which of the following actions should be taken FIRST? (select two)
Disable the open relay on the email server / Enable sender policy framework
A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. THe main culprit of the CPU utilization is the antivirus program. Which of the following issue could occur if left unresolved? (Select Two)
DoS Attack / Resource Exaustion
A system administrator wants to implement a secure wireless network requiring wireless clients to pre-register with the company and install a PKI client certificate prior to being able to connect to the wireless network. Which of the following should the systems administrator configure?
EAP-TLS
A DFIR analyst is collecting log data from multiple global locations. Which of the following must the DFIR analyst do to properly utilize the logs for forensic analysis?
Filling out the chain of custody
As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the internet in a secure manner. Which of the following protocols would BEST meet this objective? (Select TWO)
HTTPS / DNSSEC
Ann, a user reports she is unable to access and application form her desktop. A security analyst verifies Ann's request and checks the SIEM for any errors. The security analyst reviews that log file from Ann's system and notices the following output: 2017--08-21 10:48:12 DROP TCP 172.20.89 ----- Receive 2017--08-21 10:48:12 Drop UDP Which of the following is most likely preventing Ann from accessing the application from the desktop?
Host Based Firewall
A security engineer is working with the CSIRT to investigate a recent breach of client data due to the improper use of cloud based tools. The engineer finds that an employee was able to access cloud based storages platform from the office and upload data for the purposes of doing work from home after hours. Such activity is prohibited by policy but no preventive control is in place to block such activities. Which of the following controls would have prevented this breach?
Host based DLP
A company is developing a file sharing protocol across a network and needs to select a protocol for authenticating clients. Management request that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would best accomplish the task?
Implement Kerberos
A security administrator learns that PII, which was gathered by the organization, has been found in an open forum. As a result, several C level executives found their identities were compromised, and they were victims of a recent whaling attack. which of the following would prevent these problems in the future?
Implement an Email DLP / Implement a Spam Filter
Which of the following are the primary differences between an incremental and differential backup? (Select Two)
Incremental Backups take less time to complete/Differential backups only backup files since the last full backup
A security manager discovers the most recent vulnerability scan report illustrates low level, non critical findings. Which of the following scanning concepts would BEST report critical threats.
Intrusive Scan
Port 636 ?
LDAPS
The CISO of a university is concerned about potential transmission of usernames and passwords in cleartext when authenticating to a directory server. Which of the following would best mitigate the CISOs concerns?
LDAPS (Light Weight Directory Access Protocol) (PORT 389)
A security administrator is reviewing the following PowerShell script referenced in the task scheduler on a database server" $members = GetADGroupMember -Identity "Domain Admins" -Recursive | Select - ExpandProperty name if ($members -notcontains "JohnDoe"){ Remove -Item -path C:\Database -recurse - force} Which of the following did the security administrator discover?
Logic Bomb
An auditor wants to test the security posture of an organization by running a tool that will display the following: JIMS <00> UNIQUE Registered WORKGROUP <00> GROUP Registered JIMS <00> UNIQUE Registered Which of the following commands should be used?
NBSTAT (NET BIOS NAME)
A security analyst is checking the bash command history on a linux host that was involved in a data breach. The data breach stemmed from the Linux host running a series of commands against a web server on the internal network, which exploited a vulnerability in an unpatched, outdated, Apache module. Given this scenario, which of the following commands might the analyst find in the bash command history for banner grabbing?
NMAP / telnet
A security administrator is trying to eradicate a worm, which is spreading throughout the organization, using an old remote vulnerability in the SMB protocol. The worm uses NMAP to identify target hosts within the company. The administrator wants to implement a solution that will eradicate the current worm and any future attacks that may be using zero-day vulnerabilities. Which of the following would best meet the requirements when implemented?
Network-Based Intrusion Prevention System
Ann is the IS manager for several new systems in which the classifications of the systems' data are being decided. She is trying to determine the sensitivity level of the data being processed. Which of the following people should she consult to determine the data classification? A. Steward B. Custodian C. User D. Owner
OWNER
An organization wants to utilize a common, internet based third party provider for authorization and authentication. The provider uses a technology based on OAuth 2.0 to provide required services. TO which of the following technologies is the provider reffering?
Open ID connect
An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS?
PEAP (Protected Extensible Authentication Protocol) Creates a TLS tunnel
An organization wants to ensure network access is granted only after a user or device has been authenticated. Which of the following should be used to achieve this objective for both wired and wireless networks?
PKCS#12
The CEO asked a junior tech to create a folder in which the CEO can place sensitive files. The tech later finds that the information in these files is the topic of conversation around the company. When this information gets back to the CEO, the tech is called in to explain. Which of the following most likely occurred?
Permission Issues
Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the Windows /Current VERSION/Run Registry Key?
Persistence
When attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said that they are: A. escalating privilege B. becoming persistent C. fingerprinting D. pivoting
Pivoting
A security administrator is choosing an algorithm to generate password hashes. Which of the following would offer the BEST protection against offline brute force attacks?
RIPEMD (RIPE Message Digest)
Which of the following BEST describes a network-based attack that can allow an attacker to take full control of a vulnerable host?
Remote Exploit
Which of the following is a compensating control that will BEST reduce the risk of weak passwords?
Requiring the use of one-time tokens
A company is deploying smartphones for its mobile sales force. These devices are for personal and business use but are owned by the company. Sales personnel will save new customer data via a custom application developed for the company. This application will integrate with the contact information stored in the smartphones and will populate new customer records onto it. The customer applications data is encrypted at rest and the application connection to the back office system is considered secure. The CISO has concerns that customer contact information maybe accidentally leaked due to the limited security capabilities of the devices and the planned controls. Which of the following will be the most efficient security control to implement to lower this risk?
Restrict contact information storage data flow so it is only shared with the customer application.
A web developer improves client access to the company's REST API. Authentication needs to be tokenized but not expose the clients password. Which of the following methods would BEST meet the developers requirements.
SAML (Security Assertion Markup Language)
A security administrator has written a script that will automatically upload binary and text -based configuration files onto remote servers using a scheduled task. the configuration files contain sensitive information. Which of the following should the administrator use? (Choose two)
SCP (Secure Copy Protocol) / Certificate Based Authentication
A security engineer want to implement a site to site VPN that will require SSL certificates for mutual authentication. Which of the following should the engineer implement if the design requires MAC addresses to be visible across the tunnel?
SSL VPN
Compared to a non-credentialed scan, which of the following is a unique result of a credentialed scan?
Self-signed certificate host
Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity's of Joe's certificate? (Select TWO). A. The CA's public key B. Joe's private key C. Ann's public key D. The CA's private key E. Joe's public key F. Ann's private key
Sign the Document with Joes Private Key / Encrypt the Document with Ann's public key
A penetration test is being scoped for a set of web services with API end points. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users. Which of the following tools or activities would the penetration tester most likely use or do during the engagement?
Static code analyzer / Reconnaissance Gathering
An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment DNSSEC at the organization?
TLS (Transport Layer Security)
An organizations Chief Information Officer (CIO) recently received an email from human resources that contained sensitive information. The CIO noticed that email was sent via unsecure means. A policy has since been put into place stating all emails must be transmitted using secure technologies. Which of the following should be implemented to address the new policy?
TLS (Transport Layer Security)
During a review of the proxy server logs, an event indicated that a user was repeatedly violating content standards. If the user was complying with the AUP, which of the following is the most likely cause?
The users computer was infected with adware
A systems administrator is attempting to recover from a catastrophic failure in the data center. To recover the domain controller, the systems administrator needs to provide the domain administrator credentials. Which of the following account types is the systems administrator using?
USER
An employee in the finance department receives an email, which appears to come from the CFO, instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used?
Urgency / Authority
A security analyst wishes to increase the security of an FTP server, currently all trials to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modem FTP client software. The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections. Which of the following would best accomplish these goals?
Use explicit FTPS for connections
A security analyst wishes to increase the security of an FTP server. Currently , all trails to the FTP server are unencrypted. Users connecting to the FTP use a variety of modem FTP client software. The security analyst wants to keep the same port and protocol while still allowing unencrypted connections. Which of the following would best accomplish these goals?
Use explicit FTPS for the connections
A systems administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites?
Wildcard certificate
A company is implementing an internal PKI. The design will include CA and subordinate CA. Which of the following CA design choices should be considered prior to implementation?
Wildcard vs Standard Certificate
A company stores highly sensitive data files used by the accounting system on a server file share. The accounting system uses a service account named accouting-svc to access the file share. The data is protected with a full disk encryption, and the permissions are set as follows. File system permissions: USERS = Read Only Share Permission: accounting-svc = Read Only Given the listed protections are in place and unchanged, to which of the following risks is the data still subject?
exploitation of local console access and removal of data.