347 Q
Which cryptographic attack attempts to produce the same hash value from a brute force attack using two inputs?
Collision
You have been asked to reduce the surface area of a Windows server that acts as a Web server. Which step is NOT included in reducing surface area attacks?
Disable auditing
It has been quite some time since you have updated the network documentation for your company's CAT7 network. You want to scan the network with a tool like Solar Winds or LanHelper. In addition to finding new equipment that may have been added but not documented, what are other areas in which you can focus using these tools? (Choose all that apply.)
- Network mapping - Rogue system detection
Your network contains four segments. Which network devices can you use to connect two or more of the LAN segments together without collisions? (Choose three.)
-Bridge -Router -Switch
You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack. What should you do? (Choose all that apply.)
-Change the default Service Set Identifier (SSID). -Configure the network to use WPA or WPA2. -Disable SSID broadcast. -Configure the network to use authenticated access only.
You work for a company that installs networks for small businesses. During a recent deployment, you configure a network to use the Internet Protocol Security (IPSec) protocol. The business owner asks you to explain why this protocol is being used. Which three are valid reasons for using this protocol? (Choose three.)
-IPSec uses ESP and AH as security protocols for encapsulation. -The IPSec framework is used in a VPN implementation to secure transmissions. -IPSec can work in either tunnel mode or transport mode.
When implementing a security solution for mobile devices, which two common use cases are of primary concern? (Choose two.)
-Lower power devices -Low latency
Management has asked you to implement MD5 to verify data integrity. However, you are concerned that MD5 is not strong enough. Which size checksum does this algorithm produce?
128-bit
Recently, your organization has experienced several password attacks. Management has asked you to provide additional security to ensure that this does not happen again. You decide to implement a key stretching function. Which of the following could you use? (Check all that apply.)
-PBKDF2 -Bcrypt
Your company has decided to implement a virtual private network (VPN), which will be used by remote employees to access internal network resources. Which two protocols could you use? (Choose two.)
-PPTP -L2TP
Which of these issues may result from poor programming processes? (Choose all that apply.)
-Pointer dereference -Buffer overflow -Integer overflow -Memory leak
Your organization is designing a database warehouse. Database administrators are trying to decide between implementing database-level, application-level, or warehouse-level security for the data warehouse. Which statements are TRUE? (Choose all that apply.)
-The security table will likely become the largest table within the warehouse. -Database-level security is best if there will be more than 100 users for the data warehouse. -Application-level security secures both the data and the functions of the application. -Database-level security is best if more than one application is being used to access the data warehouse.
To which attacks are passwords susceptible? (Choose all that apply.)
-brute force -sniffing -dictionary -social engineering
Which events should be considered as part of the business continuity plan? (Choose all that apply.)
-hardware failure -natural disaster
What are some disadvantages to using a cold site? (Choose all that apply.)
-recovery time -testing availability
You instruct a user to issues the ipconfig command with the /release and /renew options. In which two situations would it be appropriate to ask a user to do this? (Choose two.)
-when recent scope changes have been made on the DHCP server -when the result of running the ipconfig /all command indicates a 169.254.163.6 address
Your organization has decided to implement an encryption algorithm to protect data. One IT staff member suggests that the organization use IDEA. Which strength encryption key is used in this encryption algorithm?
128-bit
You have been asked to choose a hashing algorithm for your organization. You decide to implement SHA-1. Which size checksum is produced by this algorithm?
160-bit
A user complains that he is unable to communicate with a remote virtual private network (VPN) using L2TP. You discover that the port this protocol uses is blocked on the routers in your network. You need to open this port to ensure proper communication. Which port number should you open?
1701
A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall?
20
A Web server is located on a DMZ segment. The Web server only serves HTTP pages, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall?
80
Your company management has recently purchased a RADIUS server. This RADIUS server will be used by remote employees to connect to internal resources. You need to ensure that multiple client computers, including Windows Vista and Windows 7, are able to connect to the RADIUS server in a secure manner. What should you deploy?
802.1x
During a forensic investigation, you are asked to make a copy of the contents of a hard drive. You need to ensure that this evidence can be used in court if needed. Which statement is true of disk imaging in this investigation?
A bit-level copy of the disk assists in the forensic investigation.
The new anti-virus application that your company purchased claims that it protects against all types of viruses, including multipart viruses. Which statement correctly defines this type of virus?
A multipart virus can infect executable files and boot sectors of hard disk drives
In which situation does cross-site scripting (XSS) pose the most danger?
A user accesses a financial organization's site using his or her login credentials.
Recently, your organization implemented a new security policy which states that watermarks must be used for all copyrighted material. Which statement is true of a watermark?
A watermark can enable you to detect copyright violations.
You need to restrict access to resources on your company's Windows Active Directory domain. Which criteria can be used to restrict access to resources?
ANSWER IS ALL OF THESE CHOICES -location -groups -time of day -transaction type -roles
Your employees are allowed to use personal fitness monitors and other wearable devices inside your facility. You are concerned about proprietary communication with these devices. Which of these technologies is the wireless communication with which you should be concerned?
ANT
Your company implements Kerberos 5 to provide authentication services. Which entity in this deployment authenticates users?
AS
Management has notified you that the mean time to repair (MTTR) a critical hard drive is too high. You need to address this issue with the least amount of expense. What should you do?
Add another hard drive, and implement disk monitoring
Your organization purchases a set of offices adjacent to your current office. You need to broaden the area to which a wireless access point (AP) can transmit. What should you do?
Adjust the signal strength setting slightly higher.
You are incorporating a perimeter network into a network redesign and are adding several new devices to enhance security. Which of these would NOT be best placed in the new perimeter network?
Aggregation switches
As part of a new security initiative, your organization has decided that all employees must undergo security awareness training. What is the aim of this training?
All employees must understand their security responsibilities
Which of these are considerations when choosing a mail gateway?
All of these options (DLP, Encryption, Spam filter)
You need to install a network-based intrusion detection system (NIDS) for your company. Which statement is NOT a characteristic of this device?
An NIDS analyzes encrypted information.
You are researching the RSA encryption algorithm. You need to provide some basic facts about this algorithm to your organization's management team so they can decide if they want to implement it on the organization's network. Which statement is NOT true of this algorithm?
An RSA algorithm is an example of symmetric cryptography.
Your company has deployed an application that requires access to a user's Google account. What would OpenID Connect provide in this deployment?
Authentication of the user's Google account
You need to implement a protocol for dial-up connections that uses a challenge/response mechanism. Which protocol should you use?
CHAP
The company who just hired you provides a fixed amount to new employees so that the employee can purchase the laptop of their choice. After the purchase, the employee only needs to submit the receipt. What should you implement so that the company is able to better track the laptops?
Asset management
Your company has decided to deploy a new wireless network at a branch office. This branch office is located in a busy commercial district. Management has asked you to fully assess the external vulnerabilities of the wireless network before it is deployed. Which three conditions should you assess? (Choose three.)
Antenna placement Antenna type Access point power
Which of these requirements would indicate that you needed to install a router as opposed to an NIPS/NIDS?
Anti-spoofing
Which of these represents a decision made when installing a firewall?
Application-based vs. network-based
You have just installed a new FTP server, but you do not know what information the FTP server is transmitting when a user initially connects to it. Which tool could you use to discover that information, and consequently know what information an attacker could exploit?
Banner grabbing
You need to ensure that USB flash drives issued by your organization are protected by encryption. What should you implement?
BitLocker To Go
What type of documentation includes rules for ISO compliance, adhering to NIST guidelines, and conforming to PCIDSS and other standards?
Both general-purpose guides and platform/vendor-specific guides
You are working on a new security system for a U.S. military installation that is only accessed by military personnel. Which certificate-based authentication system should you integrate?
CAC
You are evaluating several biometric authentication systems. Which is the best metric to use to quantify the effectiveness of the subject system?
CER
You suspect that several users are using expired digital certificates and that other digital certificates are very close to expiration. You need to examine the list of serial numbers of digital certificates that have not expired, but should be considered invalid. Which PKI component should you examine?
CRL
You are building a public-access WiFi system for a new hotel. You want to require the users to accept a fair use policy before connecting to the Internet. Which of the following should you implement?
Captive portal
Your company is establishing new employment candidate screening processes. Which of the following should be included? (Choose all that apply.)
Check all references. Perform a background check. Verify all education. Review military records and experience.
You are trying to identify the source of a security issue. You notice that the device in question uses PAP for authentication, and you believe it to be the source of the issue. Which two security concepts would validate your theory? (Choose two.)
Clear text passwords Unencrypted credentials
Which application attack tricks a victim into believing they are selecting a button to direct them to a legitimate web site, but that button actually takes them to another site?
Clickjacking
You are considering cloud services, and you concerned about the interaction of your security policies and those of the hosting provider. What can alleviate your concern?
Cloud access security brokers
Your client provides application software that can be downloaded over the Internet. The client wants customers to trust that they are purchasing and downloading the application from a validated source. What type of certificate should you consider?
Code signing
Your client provides application software that can be downloaded over the internet. The client wants customers to trust that they are purchasing and downloading the applicaton from a validated source. What type of certificate should you consider?
Code signing
You have developed several incident response plans for different types of incidents. Now you need to gauge the effectiveness of the incident response plans. What should you do next?
Conduct exercises
You have set a password policy that requires default passwords to be changed upon system installation. However, you suspect that some default passwords have not been changed. Which software tool would you use to locate the password violations?
Configuration compliance scanner
Which automation or scripting concept can reduce the risk that new equipment might not have all the same settings, applications, and drivers as your existing equipment without changing vital user settings?
Configuration validation
When choosing a wireless access point (WAP) to install, what type would allow you to manage several WAPs from a single location?
Controller-based
You are comparing cryptographic solutions to implement at your organization. Which two items should you focus on when you are evaluating implementation versus algorithm selection? (Choose two.)
Crypto modules Crypto service providers
Management asks you to implement an encryption standard that uses a single 56-bit encryption key to encrypt 64-bit blocks of data. Which encryption standard should you implement?
DES
Your company deploys several LDAP servers, which is used to allow users to locate resources. What contains LDAP entries?
DIT
Which spyware technique inserts a dynamic link library into a running process's memory?
DLL injection
Your company implements several databases. You are concerned with the security of the data in the databases. Which statement is correct for database security?
Data control language (DCL) implements security through access control and granular restrictions.
Which statement best describes data normalization?
Data normalization ensures that attributes in a database table depend on the primary key
Which of these vulnerabilities could be created by a user who installs a SOHO router?
Default configuration
Which of the following concepts is illustrated by network segmentation, air-gaps, multiple firewalls, and virtualization?
Defense-in-depth
Which one of these is NOT characterized by identifying or exploiting a vulnerability when found?
Discovering a false positive
Your client is developing a new website. The web administrator has indicated that she would like to use a low-cost certificate to offer Transport Layer Security (TLS) to the new domain. What type of certificate should you recommend?
Domain validation
Your organization is trying to decide whether to use RSA or ECC to encrypt cellular communications. What is an advantage of ECC over the RSA algorithm?
ECC requires fewer resources
Management has asked you to implement an encryption algorithm that is based on the Diffie-Hellman key agreement. Which encryption algorithm should you implement?
ElGamal
Your company issues mobile devices to certain personnel. You enable a screen lock on each of the devices that requires users to enter a code. You need to ensure that the device cannot be used if a wrong code is entered five times in a row. What should you do?
Enable lockout.
Which of the following secure coding techniques ensures that improper data is not allowed into the executed program?
Error handling
E-commerce payment systems, like PayPal and Google Checkout, allow the user to use a single identity across multiple platforms. Of which identity and access service is that an example?
Federation
You are about to begin a forensic investigation. Which of the following is NOT part of the investigation?
Follow the incident response plan
You have been hired as a security consultant for a large corporation. During a meeting with the IT department, the IT manager indicates that one of their applications uses a private key encryption standard that was developed in Russia and uses 256-bit encryption keys. Which encryption standard does the application use?
GOST
You have been hired as a security consultant for a large corporation. During a meeting with the IT department, the IT manager indicates that one of their applicatons uses a private key encryption standard that was developed in Russia and uses 256-bit encryption keys. Which encryption standard does the application use?
GOST
What type of documentation includes rules for ISO compliance, adhering to NIST guidelines, and conforming to PCI-DSS and other standards?
General-purpose guides only
Your organization needs to implement a system that logs changes to files. What category of solution should you research?
HIDS/HIPS
You have been hired as the security administrator for a company. During your first weeks, you discover that most of the client and server computers are not protected from intrusions in any way. For the servers, management wants you to implement a solution that will prevent intrusions on a single server. Which system should you implement to satisfy management's request?
HIPS
Your users often forget their passwords and ask for assistance. You send a link to reset the password. You would like to incorporate a time limit for the user to respond to the link. Which would you incorporate?
HOTP
Which attack involves the use of multiple computers with the purpose of denying legitimate access to a critical server?
distributed denial-of-service (DDoS) attack
Your company decides to implement a RAID-5 array on several file servers. Which feature is provided by this deployment?
High availability
Your company has recently purchased several computers that have Trusted Platform Module (TPM) hardware. Which technology works with this hardware?
IPSec
Which of these options is NOT an aspect of personnel management that relates to general security policies or standard operating procedures?
ISA
Which process allows you to deploy, configure, and manage data centers through scripts?
IaC
Which option includes verifying appropriate access controls, authentication controls, input validation, and proper logging, among others?
Identifying a lack of security controls
You are aware that any system in the demilitarized zone (DMZ) can be compromised because the DMZ is accessible from the Internet. What should you do to mitigate this risk?
Implement every computer on the DMZ as a bastion host.
Which type of vulnerability is demonstrated by an SQL injection?
Improper input handling
Which type of vulnerability is demonstrated by and SQL injection?
Improper input handling
While developing an incident response plan for your client, you outline the roles and responsibilities of a cyberresponse team. You also describe the establishment and formation of that team. What time frame should you specify for the formation of a cyber-incident response team?
In advance of an incident occurring
Which part of the forensic process deals with collecting information to be used during legal proceedings, as well as locating information that may be used by the opposition against you?
Intelligence gathering
What does an incremental backup do?
It backs up all new files and any files that have changed since the last full or incremental backup, and resets the archive bit
What does incremental backup do?
It backs up all new files and any files that have changed since the last full or incremental backup, and resets the archive bit.
Management wants to install hardware and software firewalls where appropriate on your company's network. They have asked you to research the difference between hardware and software firewalls. Which of the following is a disadvantage of a hardware firewall compared to a software firewall?
It has a fixed number of available interfaces
Management wants to install hardware and software firewalls where appropriate on your company's network. They have asked you to research the difference between hardware and software firewalls. Which of the following is a disadvantage of hardware firewall compared to a software firewall?
It has a fixed number of available interfaces
As part of your company's comprehensive vulnerability scanning policy, you decide to perform a passive vulnerability scan on one of your company's subnetworks. Which statement is true of this scan?
It impacts the hosts and network less than other scan types.
Management has decided to install a network-based intrusion detection system (NIDS). What is the primary advantage of using this device?
It is low maintenance
Management at your company has requested that you implement DLP. What is the purpose of this technology?
It monitors data on computers to ensure the data is not deleted or removed.
You need to digitally sign packets that are transmitted on IPSec connections for your organization's VPN. Which of the following should you implement?
KHMAC
Your company has decided to implement IPSec on all VPN connections to provide better security. You need to ensure that packets are digitally signed on IPSec connections. What provides this in IPSec?
KHMAC
When you are hired as a security practitioner for your company, the administrator informs you that the company's authentication system grants TGTs. Which protocol is being used?
Kerberos
Which technologies provide single sign-on authentication? (Choose all that apply.)
Kerberos Active Directory SESAME
Your company has recently decided to implement a Kerberos environment for user authentication. What is the most important component in a Kerberos environment?
Key Distribution Center (KDC)
You are investigating the authentication protocols used on your network. You discover that several authentication protocols are being used on your network. Which authentication protocol is the oldest?
LANMan
Your company implements LDAP servers to share directory entries. Which option allows this feature?
LDIF
What preserves the exsitence and integrity of relevant electronic records (and paper records) when litigation is imminent?
Legal hold
As part of the incident response team, you have been called in to help with an attack on your company's web server. You are currently working to identify the root cause of the attack. During which step of incident response does root cause analysis occur?
Lessons Learned
Which SIEM feature would be best for long-term storage and security?
Logs/WORM
During maintenance, you often discover unauthorized devices connected to your wireless network. You need to ensure that only authorized corporate devices can connect to the network. What should you configure to increase the security of this wireless network?
MAC filtering
Which hacker attack can be perpetrated by hijacking a communications session between a Web browser and a Web server?
MITM
To justify the expenses of the forensic investigation, what is one thing that you should closely document?
Man-hours
Which attack is NOT directed only at virtual machines?
Man-in-the-middle
Which of these vulnerabilities is characterized by a user modifying a browser's security settins to make it more convenient to visit web sites?
Misconfiguration/ weak configuration
You need to install a network device or component that ensures the computers on the network meet an organization's security policies. Which device or component should you install?
NAC
You need to install a network device or component that ensures the computers on the network meet an organization's security policies. Whick device or component should you install?
NAC
You install a network device that acts as the interface between a local area network and the Internet using one IP address. Which device did you install?
NAT router
Which threat actor type would most likely have the most resources available?
Nation states
You need to ensure that backdoor applications are not installed on any devices in your network. Which tool is NOT a backdoor application?
Nessus
You need to install and configure a new router on your company's netowrk. At which layer of the OSI model will it operate?
Network
You need to install and configure a new router on your company's network. At which layer of the OSI model will it operate?
Network
Which of the following would be an example of a design weakness?
Not including a DMZ
You are designing an application that will allow a user to log in to the application with the user's existing Facebook or Twitter credentials. Which service would you incorporate in the application?
OAuth
You want to ensure that certificates that have expired, been replaced, or were revoked are no longer used. You discover that updates to the list of invalid certificates may take 24-48 hours to circulate, leaving a window of vulnerability in which invalid keys may be accepted. Which of these solutions is the BEST to use if you want to avoid accepting invalid keys?
OCSP
You need to examine some additional information about a key. Specifically, you want to validate the address information of the certificate owner. What could you examine to accomplish this?
OID
Your company must implement a subnetwork that is highly secure. Management asks you to implement an encryption method that is used only once for a single document. Which encryption method should you use?
OTP
You collect evidence after an attack has occurred. You need to ensure that the evidence collected follows chain of custody procedures. Which stage is NOT a part of the life cycle of evidence?
accreditation
As your organizations's security officer, you are currently completing audits to ensure that your security settings meet the established baselines. In which pahse of the security management life cycle are you engaged?
Operate and Maintain
You find general purpose guides and platform/vendor-specific guides for deploying the items below. Which of the following should you deploy using vendor-specific guides as a best practice? (Choose all that apply.)
Operating system Application server Network infrastructure devices Web server
Your client is migrating from an Apache-based server to a Windows server. Which X.509 certificate file extension is NOT going to be compatible with the new server?
PEM
Your client is migrating from a Windows-based server to an Apache server. You need to convert the current X.509 certificate so that it can be used on the new Apache server. What is the original file extension for the X.509 certificate?
PFX
You are working on a new security system for a federal courthouse. You must ensure that both employees and contractors are able to enter the building using certificate-based authentication. Which authentication system should you integrate?
PIV
Which encryption techniques are used by AES, DES, and Blowfish? (Choose two.)
PRNG Symmetrical algorithm
Which penetration-testing concept is used to detect vulnerabilities that are found by means other than testing the system directly
Passive reconnaissance
You have several independent security monitoring solutions, each with different logging mechanisms. You are concerned that they are not working well together, and that the separate logs may not present all the necessary information. In addition, the costs of maintaining the separate products are rising. You need to provide a centralized solution that will incude centralized logging. What could you replace with them?
Patch management tools
You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do?
Periodically complete a site survey
Management has requested that you ensure all firewalls are securely configured against attacks. You examine one of your company's packet-filtering firewalls. You have configured the following rules on the firewall: Permit all traffic to and from local hosts. Permit all inbound TCP connections. Permit all SSH traffic to linux1.kaplanit.com. Permit all SMTP traffic to smtp.kaplanit.com. Which rule will most likely result in a security breach?
Permit all inbound TCP connections.
You perform a server scan and find that you have a high amount of Telnet traffic. You have installed several new peripheral devices on the server. Which newly installed peripheral device is most likely causing this problem?
Printer
Smart devices and Internet of Things (IoT) are growing rapidly. Which of these include embedded systems that are security risks? (Choose all that apply.)
Printers Wearable technology Medical devices Home automation devices
Your organization has decided to outsource its e-mail service. The company chosen for this purpose has provided a document that details the e-mail functions that will be provided for a specified period, along with guaranteed performance metrics. What is this document called?
SLA
Which technique attempts to predict the likelihood a threat will occur and assigns monetary values in the event a loss occurs?
Quantitative risk analysis
You need to provide centralized remote user authentication, authorization, and accounting for your company's network. Which solution should you deploy?
RADIUS
You are designing a wireless network for commercial tenants in a shopping area. As a group, the tenants want to build a community network where their customers have internet access throughout the area, regardless of which retailer's network the customer is using. What technology would allow you to do that?
RADIUS federation
You are currently comparing stream ciphers and block ciphers. You have decided to use only block ciphers and hash algorithms on your organization's network. Which cryptographic algorithm is a stream cipher?
RC4
Which of these options is particularly dangerous because it processes data with little or no latency?
RTOs
Which memory vulnerability is associated with multithreaded applications?
Race condition
Your client's HR practices include promotion from within, and transferring people between offices on a regular basis. It seems like the most common question you hear when employees talk on the phone is "What office are you working at now and what are you doing?" What practice will ensure that a user's permissions are relevant and current?
Recertification
The company you work for has a large number of employees who are considered a mobile workforce. These employees need to access resources on the LAN from their home or while traveling. Which of the following tunneling/VPN solutions would be more appropriate in this situation?
Remote access
Your organization is a subcontractor for a major government defense contractor. While writing an incident response plan, you must determine the circumstances under which to bring in an outside contractor. Which portion of the incident response plan includes this information?
Reporting and escalation guidelines
You have decided to install a proxy server on your network. Which type of proxy is also called a surrogate proxy?
Reverse proxy
Your client is a small retailer that accepts orders via e-mail. The e-mail form submitted by a client's customer includes credit card information, and you demonstrate to the client how risky that is. As a result, the client adds secure credit card processing to their webiste, and no longer accepts e-mail orders. Which risk management concept does this represent?
Risk avoidance
Your client is a small retailer that accepts orders via e-mail. The e-mail form submitted by a client's customer includes credit card information, and you demonstrate to the client how risky that is. As a result, the client adds secure credit card processing to their website, and no longer accepts e-mail orders. Which risk management concept does this represent?
Risk avoidance
You have been asked to implement the e-mail security method that is defined in RFC 2632 and RFC 2634. Which e-mail security method should you implement?
S/MIME
You have been asked to implement the e-mail security method that is defined in RFC 2632 and RFC 2634. Which email security method should you implement?
S/MIME
You need to include some additional information in the certificate definition. Specifically, you would like to include the host name associated with the certificate. Which of the following would provide a solution?
SAN
Your company needs to protect message integrity. Management decides that you need to implement an algorithm that uses 160-bit checksums. Which algorithm should you implement?
SHA
You need to ensure that several confidential files are not changed. You decide to use an algorithm to create message digests for the confidential files. Which algorithm should you use?
SHA-1
When calculating risks by using the quantitative method, what is the result of multiplying the asset values by the exposure factor (EF)?
SLE
Your company implements an Ethernet network. During a recent analysis, you discover that network throughput capacity has been wasted as a result of the lack of loop protection. What should you deploy to prevent this problem?
STP
Which threat actor type can be characterized by having an unsophisticated skill level, using widely available tools, and being often motivated by the need that they can prove that they can do it?
Script kiddies
You need to incorporate SAML and SSO into a web application. Which of the following would you use?
Shibboleth
A user accidentally installed a driver that had issues. You have been asked to return the computer to its state prior to the driver installation. Which of these is most likely the quickest method of meeting this requirement?
Snapshots
You are planning a training session to deal with the personnel issue where an attacker tricks an employee into divulging login information. Which specific issue are you addressing?
Social engineering
You need to implement voice over IP (VoIP) and wireless services for your company. Which AAA implementation was created to deal with these?
TACACS+
Your company needs to be able to provide employees access to a suite of applications. However, you do not want the employees to install a local copy of the applications. Which method should you use to deploy the suite of applications?
Software as a Service
Keyboard cadence is an example of which type of multifactor authentication?
Something you do
You are signing up for a new account on a web site. After you enter a password, the website prompts you to provide the answers to security questions, such as the name of a childhood sweetheart, or the color of your first car. What type of multifactor authentication is this?
Something you know
Your client allows the users to choose their own logon names for their account. You have seen opsboss, vpgal, and domainadm used as logons. You are very concerned about these obvious administrative accounts. What security control should you implement?
Standard naming conventions
Your client allows the users to choose their own logon names for their account. You have seen opsboss, vpgal, and domainadm used as logons. You care very concerned about these obvious administrative accounts. What security control should you implement?
Standard naming conventions
Which of the following secure coding techniques protects against injection attacks?
Stored procedures
A huge customer data breach occurred at a retail store. It originated from the store's point-of sales system contractor, who did not have adequate malware protection. Which risk mitigation concept could the store have implemented to avoid the breach?
Supply chain assessment
A huge customer data breach occurred at a retail store. It originated from the store's point-of-sales system contractor, who did not have adequate malware protection. Which risk mitigation concept could the store have implemented to avoid the breach?
Supply chain assessment
You have been promoted to security administrator. Recently, management implemented a security policy that states that symmetric cryptography must be used. However, your research indicates the asymmetric cryptography is a better choice for your organization. Which statement is true of symmetric cryptography?
Symmetric cryptography is faster than asymmetric cryptography.
In role-based awareness training, which of the following user groups would need to learn about implementing, managing, and monitoring controls?
System administrators
Management wants you to provide full disk encryption for several of your organization's computers. You purchase specialized chips that will be plugged into the computers' motherboards to provide the encryption. Of what security practice is this an example?
TPM
You have been asked to implement hardware-based encryption on a Windows Server 2008 computer. What is required to do this?
TPM chip
Your company has a backup solution that performs a full backup each Saturday evening and a differential backup Monday through Friday evenings. A vital system crashes on Tuesday morning. How many backups will need to be restored?
TWO
Your company's network uses Kerberos for authentication. You have recently replaced the server that acts as the Key Distribution Center (KDC). Which of the following statements is true?
The KDC is used to store, distribute, and maintain cryptographic session keys
When users log in to the network locally, they must provide their username and password. When users log in to the network remotely, they must provide their username, password, and smart card. Which two statements are true regarding your organization's security? (Choose two.)
The remote network login uses two-factor authentication. - The local network login uses one-factor authentication.
You are setting up a complex PKI where clients might have to get a certificate from somewhere other than their own CA. What should you include in the implementation to define the relationships between the various CAs?
Trust model
Which type of attack relies on mistakes made by users when they input Web addresses?
URL hijacking
You have several independent security monitoring solutions, each with different logging mechanisms. You are concerned that they are not working well together, and that the separate logs may not present all the necessary information. In addition, the costs of maintaining the separate products are rising. You need to provide a centralized solution that will include centralized logging. What could you replace them with?
UTM
What is the best countermeasure for a buffer overflow attack on a commercial application?
Update the software with the latest patches, updates, and service packs.
You need to enforce several security settings for all of the computers on your Windows network in as efficient manner as possible. What should you do?
Use group policies
Your client operates a 24-hour call center. Several different employees may log in to the same workstation in the course of a week. Machine (computer) certificates are currently used, but they do not provide sufficient security safeguards because more than one employee logs in to each machine. You need to ensure that each employee has his or her own credential. What should you implement?
User certificate
Your organization has discovered the cost savings associated with virtual machines and is encouraging rapid adoption. Which concept should you implement before things get out of control?
VM sprawl avoidance
Bob manages the sales department. Most of his sales representatives travel among several client sites. He wants to enable these sales representatives to check the shipping status of their orders online. This information currently resides on the company intranet, but it is not accessible to anyone outside the company firewall. Bob has asked you to make the information available to traveling sales representatives. You decide to create an extranet to allow these employees to view their customers' order status and history. Which technique could you use to secure communications between network segments sending order-status data via the Internet?
VPN
While performing routine network monitoring for your company, you notice a lot of IPSec traffic. When you report your findings to management, management wants you to explain the high amount of IPSec traffic. What is a common implementation of this protocol that you should mention?
VPN
You are designing a network. In addition to placing devices in a peripheral network, you need to place security devices in several key departments. Which of the following security devices could NOT be placed wherever they are needed in the network?
VPN concentrators
Which technology will phreakers attack?
VoIP
Which of these vulnerabilities is characterized by bad policies, such as not qualifying vendors, failing to perform (or follow up on) background checks, and allowing unlicensed software to be installed inside the network perimeter?
Vulnerable business processes
Which two suppression methods are recommended when paper, laminates, and wooden furniture are the elements of a fire in the facility? (Choose two.)
Water Soda acid
Management wants to protect all traffic on the complany's HTTP/HTTPS server. You have been asked to recommend a solution. Which device is the BEST solution?
Web application firewall
You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security while providing support for older wireless clients. Which protocol should you choose?
Wi-Fi Protected Access (WPA)
Your company has a website based on their domain name. In addition to the website, they also operate mail and FTP servers using the same domain name. Which of the following options would simplify certificate management?
Wildcard certificates
Which of the following uses a binary key and is often combined with or incorporated into a symmetric algorithm because it is not secure when used by itself?
XOR
You are responsible for managing your company's virtualization environment. Which feature should NOT be allowed on a virtualization host?
browsing the internet
You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. Which type of network should you deploy?
a VLAN
You are the security administrator for your company. You identify a security risk. You decide to continue with the current security plan. However, you develop a contingency plan for if the security risk occurs. Which type of risk response strategy are you demonstrating?
acceptance
After a recent vulnerability assessment, your company has decided to implement several new security devices and mechanisms, including anomaly-based monitoring. You are researching several different anomaly-based monitoring products. What must be in place for this type of monitoring to be effective?
a baseline
You have recently been notified by an application vendor that the application includes a rootkit. The manufacturer has released a patch that will remove the vulnerability from the application. What is a rootkit?
a collection of programs that grants a hacker administrative access to a computer or network
To which type of attack are password files stored on a server vulnerable?
a dictionary attack
What is a physical barrier that acts as the first line of defense against an intruder?
a fence
You have recently been hired as the security administrator for company who recently won a government contract. As part of this contract, the company must implement mandatory access control (MAC) for all governmental data. Under this access control type, which entities would exist as an object? (Choose all that apply.)
a file a computer a printer
An IT technician has been assigned to install a new embedded firewall. What statement best describes this type of firewall?
a firewall that is integrated into a router
Which condition might indicate that a hacker is attacking a network?
a major increase in ICMP traffic
Which intrusion detection system (IDS) uses a magnetic field to detect intrusions?
a proximity detector
You need to implement an authentication system that verifies the identity of the users. Which type of authentication should you implement?
a retinal scan
Your company's network has multiple networks that are connected via different devices. Which device is designed to provide the most efficient transmission of traffic that is NOT specifically denied between networks?
a router
You receive the following message in your e-mail message inbox: From: [email protected] To: [email protected] Subject: Virus Alert! Microsoft, Symantec and McAfee have issued an urgent virus warning. All Windows 8.1 Basic Edition users should delete the following file from their computers: C:\Windows\explorer.exe This action should be taken as soon as possible to ensure that your computer does not become infected with the StealthExplorer virus. PLEASE FORWARD THIS MESSAGE TO EVERYONE IN YOUR ADDRESS BOOK ASAP! Which type of attack does the e-mail message represent?
a social engineering attack
You receive the following message in your e-mail message inbox: From: [email protected] To: [email protected] Subject: Virus Alert! Microsoft, Symantec and McAfee have issued an urgent virus warning. All Windows 8.1 Basic Edition users should delete the following file from their computers: C:\Windows\explorer.exe This action should be taken as soon as possible to ensure that your computer does not become infected with the StealthExplorer virus. PLEASE FORWARD THIS MESSAGE TO EVERYONE IN YOUR ADDRESS BOOK ASAP!
a social engineering attack
What is vishing?
a special type of phishing that uses Voice over IP (VoIP)
What type of load balancing configuration would you install if you needed a secondary server to remain on standby until the load on the primary server reached a critical point?
active-passive
Often the sales people for your company need to connect some wireless devices together without having an access point available. You need to set up their laptops to ensure that this communication is possible. Which communicatons mode should you use?
ad hoc
A user notifies you that a software application displays advertisements while the application is executing. Of which security threat is this an example?
adware
As a security administrator, you are responsible for ensuring that your organization's IT staff understands the security mechanisms employed on the network. You are currently documenting the security mechanisms as part of the IT training. During the documentation, you realize that many of the IT staff does not understand the basic terms used in IT security. You need to document the terms and definitions that you will use. What is a mathematical formula that is used in cryptography to encrypt data?
algorithm
You administer a small corporate network. On Friday evening, after close of business, you performed a full backup of the hard disk of one of the company's servers. On Monday evening, you performed a differential backup of the same server's hard disk, and on Tuesday, Wednesday, and Thursday evenings you performed incremental backups of the server's hard disk. Which files are recorded in the backup that you performed on Thursday?
all of the files on the hard disk
Which concept involves contracting with a third party who will provide a location and equipment to be used in the event of an emergency?
alternate processing sites
Recently, an IT administrator contacted you regarding a file server. Currently, all users are granted access to all of the files on this server. You have been asked to change the configuration and designate which users can access the files. What should you use to do this?
an ACL
What is the best description of an evil twin?
an access point with the same SSID as the legitimate access point
You have been authorized by management to use a vulnerability scanner once every three months. What is this tool?
an application that identifies security issues on a network and gives suggestions on how to prevent the issues
You need to ensure that your company's security awareness training includes examples of social engineering attacks. Which of the following is an example of a social engineering attack?
an e-mail hoax
Which policy defines the sensitivity of a company's data?
an information policy
Your company recently implemented an internal public key infrastructure (PKI). You need to ensure that all of the PKI components are secure and are currently researching the vulnerabilities on the entity that signs the certificates. Which entity are you examining?
an issuer
Your company has decided to install multiple types of monitoring devices on your network. Which type of monitoring is most likely to produce a false alert?
anomaly based
During a meeting, you present management with a list of the access controls used on your network. You explain that these controls include preventative, detective, and corrective controls. Which control is an example of a corrective control?
antivirus software
Your company has recently decided to implement a BYOD policy for the network. Management has asked you to write the initial BYOD security policy. Which of the following should be included as part of this policy? (Choose all that apply.)
application white-listing and black-listing support ownership patch management data ownership
You are researching the different types of firewalls that you can install to protect your company's network and assets. Which type of firewall is most detrimental to network performance?
application-level proxy firewall
Your organization has recently adopted a new security policy. As part of this policy, you must implement the appropriate technologies to provide confidentiality. Which technology provides this?
asymmetric encryption
You have been asked to research the encryption algorithms available and make recommendations to management about which to implement. One of the encryption algorithms that you are researching is RSA. Which type of encryption algorithm does this algorithm represent?
asymmetric with authentication
Which principle behind a social engineering attack relies on the victim's belief that the attacker is someone who can be trusted, based on the attacker's supposed job title or position?
authority
The business continuity team is interviewing users to gather information about business units and their functions. Which part of the business continuity plan includes this analysis?
business impact analysis (BIA)
How does an unsigned Java applet enforce security in JDK 1.1?
by using sandboxes
You need to provide security training for a group of managers at your company. As part of this training, you need to explain the purpose of baselines, guidelines, standards, and procedures. Which of these defines the minimum level of security?
baselines
You are creating an IDS solution for your company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of IDS are you using?
behavior-based
Which attack sends unsolicited messages over a Bluetooth connection?
blue jacking
You discover that a malicious program has been installed on several host computers on your network. This program's execution was remotely triggered. Of which malware is this an example?
botnet
What is the best protection against XSS?
disable the running of scripts
You discover that an investigator made some mistakes during a recent forensic investigation. You need to ensure that the investigator follows the appropriate process for the collection, analysis, and preservation of evidence. Which term should you use for this process?
chain of custody
Which principle stipulates that multiple changes to a computer system should NOT be made at the same time?
change management
Your organization protects its data center using a smart lock. Each user has a unique code to enter in the smart lock to access the data center. The code is configured to only allow access during certain times and days. Which type of lock is implemented?
cipher lock
What is typically part of an information policy?
classification of information
Which type of control is an example of a detective control?
closed-circuit television (CCTV)
You have been hired as a security consultant. One of your recommendations is that the organization should implement encryption for all data, including data at rest, data in use, and data in transit. Which security service does this provide?
confidentiality
Which attack involves changing a text file in which a Web server stores persistent settings?
cookie poisoning
Which element is created to ensure that your company is able to resume operation after unplanned downtime in a timely manner?
disaster recovery plan
You need to ensure that a set of users can access information regarding departmental expenses. However, each user should only be able to view the expenses for the department in which they work. Senior managers should be able to view the expenses for all departments. Which database security feature provides this granular access control?
database view
You have just discovered that an application that your company purchased is intentionally embedded with software code that allows a developer to bypass the regular access and authentication mechanisms. Which software code is being described?
debugging hooks
Your company develops an incident response plan. When the Web server undergoes a DoS attack, the incident response team follows the incident response plan and returns the Web server to normal operation. What should be the final outcome of this incident?
documented incident
Your company has a Windows Active Directory domain that uses group policies to manage security settings. Which entities can group policies be used to manage? (Choose all that apply.)
domain controllers server computers users client computers
As a security professional, you have been asked to advise an organization on which access control model to use. You decide that role-based access control (RBAC) is the best option for the organization. What are two advantages of implementing this access control model? (Choose two.)
easier to implement low security cost
A hacker has used a design flaw in an application to obtain unauthorized access to the application. Which type of attack has occurred?
escalation of privileges
Your company has recently started adopting formal security policies to comply with several state regulations. One of the security policies states that certain hardware is vital to the organization. As part of this security policy, you must ensure that you have the required number of components plus one extra to plug into any system in case of failure. Which strategy is this policy demonstrating?
fault tolerance
What is tailgating?
following someone through a door he just unlocked
Management is concerned that mobile device location information can be revealed to attackers. Which mobile device feature should you investigate?
geotagging
Management has decided to purchase a new appliance firewall that will be installed between the public and private networks owned by your company. Which type of firewall is also referred to as an appliance firewall?
hardware
You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: The VPN gateway should require the use of Internet Protocol Security (IPSec). All remote users must use IPSec to connect to the VPN gateway. No internal hosts should use IPSec. Which IPSec mode should you use?
host-to-gateway
You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: ~ The VPN gateway should require the use of Internet Protocol Security (IPSec) ~ All remote users must use IPSec to connect to the VPN gateway ~No internal hosts should use IPSec Which IPSec mode should you use?
host-to-gateway
You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: The VPN gateway should require the use of Internet Protocol Security (IPSec). All remote users must use IPSec to connect to the VPN gateway. No internal hosts should use IPSec. Which IPSec mode should you use?
host-to-gateway
What is defined in an acceptable use policy?
how users are allowed to employ company hardware
Which type of attack redirects you to a fake Web site?
hyperlink spoofing
You are designing an access control system for a new company. The company has asked that you ensure that users are authenticated with a central server. In addition, users should only have access to the files they need to perform their jobs. When implementing access control, what is the appropriate order?
identification, authentication, authorization
You have been hired by a small company to ensure that their internal network is protected against attacks. You must implement a secure network. As part of this implementation, what should be the default permission position?
implicit deny
You need to ensure that wireless clients can only communicate with the wireless access point and not with other wireless clients. What should you implement?
isolation mode
Which access control principle ensures that a particular role has more than one person trained to perform its duties?
job rotation
You are a security consultant. An organization hires you to implement a biometric system. This system should work in conjunction with a password to provide increased security. Which method should you implement?
keystroke dynamics
Which operation must you undertake to avoid mishandling of tapes, CDs, DVDs, and printed material?
labeling
What is another term for technical controls?
logical controls
Your organization has been awarded a federal government contract. You have been instructed to set up a server with an operating system that will enforce the access control rules required by the federal government. Which access control method will be implemented?
mandatory access control
Your company has just adopted a remote wipe policy. IT technicians have now been tasked with documenting the remote wipe process. On which devices are you most likely to use this process?
mobile devices
As your organization's security administrator, you are reviewing the audit results to assess if your organization's security baselines are maintained. In which phase of the security management life cycle are you engaged?
monitor and evaluate
During the recent development of a new application, the customer requested a change. You must implement this change according to the change control process. What is the first step you should implement?
nalyze the change request.
You need to display the current protocol statistics and port connections for Windows and UNIX/Linux computers. Which command should you use?
netstat
Which component of a computer use policy should state that the data stored on a company computer is not guaranteed to remain confidential?
no expectation of privacy
Which factor does NOT minimize the security breach incidents committed by internal employees?
nondisclosure agreements signed by employees
Last year, a new anti-virus application was purchased for your company. The application was installed on all servers and client computers. Recently, you discovered that the anti-virus application was not installed in your company's virtualization environment. You have been asked to install the antivirus application in your virtualization environment. Where should you install the antivirus application?
on both the host computer and all virtual computers
As your organization's security officer, you are currently completing audits to ensure that your security settings meet the established baselines. In which phase of the security management life cycle are you engaged?
operate and maintain
You have been asked to install a new firewall that only examines the packet header information. Which type of firewall are you installing?
packet-filtering firewall
You want to configure password policies that ensure password strength. Which password setting most affects a password's strength?
password complexity
Your company has hired a security firm to test your network's security. Which tool would need to be used outside your network?
penetration test
Gaining unauthorized access to the data center by using another user's credentials is an example of which option?
piggybacking
Which penetration-testing concept compromises one system so that it can be used to attack another system?
pivot
Your organization has asked the security team to add terrorist attacks to the organization's business continuity plan. Which type of threat does this represent?
politically motivated threat
You are providing end-user security awareness training. As part of this training, you explain why the organization uses asymmetric encryption and how it works. What is used to decrypt a file in this type of encryption?
private key
Your manager suspects that your network is under attack. You have been asked to provide information regarding traffic flow and statistical information for your network. Which tool should you use?
protocol analyzer
Management wants to install an Internet gateway, firewall, and Internet caching server on a new private network. You would prefer that a single device be installed to provide these services. Which network device should you install?
proxy server
You need to allow remote access users to log on to a network through a shared authentication database. Which of the following should you deploy?
radius
You have decided to attach a digital timestamp to a document that is shared on the network. Which attack does this prevent?
replay attack
Your CIO has decided that the organization needs to implement password policies for better security. Which password policy will NOT strengthen password security?
requiring users to use only alphabetic words as passwords
You have been hired as a security administrator by your company. You have recommended that the organization implement a biometric system to control access to the server room. You recommend implementing a system that identifies an employee by the pattern of blood vessels at the back of the employee's eyes. Which biometric system are you recommending?
retina scan
Which type of analysis involves comparing the cost of implementing a safeguard to the impact of a possible threat?
risk analysis
Your manager has asked you to improve network security by confining sensitive internal data traffic to computers on a specific subnet using access control lists (ACLs). On which device(s) should the ACLs be deployed?
routers
Which tool is used to perform a vulnerability test?
scanning tool
Your company has recently decided to create a custom application instead of purchasing a commercial alternative. As the security administrator, you have been asked to develop security policies and procedures on examining the written code to discover any security holes that may exist. Which assessment type will be performed as a result of this new policy?
secure code review
You have been hired as a security consultant by a real estate agency. The company currently implements discretionary access control (DAC) on its network. Who is primarily responsible for determining access control using this access control model?
security administrator
What is another name for a cross-site request forgery (XSRF)?
session riding
You have been asked to implement a biometric method that analyzes both the physical motions that are performed when a signature is signed and the specific features of a person's signature. Which biometric system should you implement?
signature dynamics
You install a type of monitoring that requires updates to be regularly obtained to ensure effectiveness. Which type of monitoring did you install?
signature-based
Your company's network consists of multiple subnetworks that each implements its own authentication system. Often users must log in separately to each subnetwork to which they want access. You have been asked to implement technology that allows users to freely access all systems to which their account has been granted access after the initial authentication. Which of the following should you implement?
single sign-on
Which hacker attack is a combination of IP spoofing and the saturation of a network with ICMP messages?
smurf
Which of the following would take the least amount of time to restore?
snapshots
A hacker has called a company employee and learned the employee's user name and password by posing as a member of corporate technical support. Which type of attack has the company suffered?
social engineering
Which attack involves impersonating the identity of another host to gain access to privileged resources that are typically restricted?
spoofing
You are responsible for code quality and testing. What should you incorporate to ensure that memory allocations have corresponding deallocations?
static code analyzers
Your organization has a security policy in place that states that all precautions should be taken to prevent physical theft of mobile devices. Which precaution would prevent this?
store mobile devices in a locked cabinet
Which of the following common use cases would address the issue of data leakage from a side-channel attack?
supporting high resiliency
You have been asked to segment traffic so that traffic within one department is isolated from the traffic for other departments. You decide to implement a virtual LAN. Which equipment should you use to do this?
switch
What is meant by MTBF?
the average amount of time from one failure to the next
After researching different security mechanisms, your company decides to implement PGP instead of a formal PKI and formal trust certificates. Which of the following is a characteristic of PGP?
the establishment of a web of trust between the users
A Windows 7 computer is located on a TCP/IP network that uses DHCP. You want the computer to release its lease on the TCP/IP configuration that it received from the DHCP server. Which command should you issue to release the configurations?
the ipconfig command
Management has asked you to ensure that the certificates that have been validated in the corporate PKI are protected. What must be secured in the PKI?
the private key of the root CA
You have recently implemented a new public key infrastructure (PKI) for your organization. You need to back up the entity that is responsible for certifying the public key pair of the root CA. Which entity must you back up?
the root CA
What is the purpose of hot and cold aisles?
to control airflow in the data center
You have recently been hired as a network administrator. The CIO informs you that their wireless networks are protected using firewalls. He has asked that you implement MAC filtering on all access points. What is the purpose of using this technology?
to restrict the clients that can access a wireless network
Your company has recently implemented a content inspection application on a perimeter firewall. What is the purpose of content inspection?
to search for malicious code or behavior
You identify a security risk that you do not have in-house skills to address. You decide to procure contract resources. This contractor will be responsible for handling and managing this security risk. Which type of risk response strategy are you demonstrating?
transference
As the security administrator for your company, you are primarily concerned with protecting corporate assets. Currently, you are working to ensure confidentiality for corporate data. Which activity is NOT covered under this objective?
treason
Your company has a backup solution that performs a full backup each Saturday evening and an incremental backup all other evenings. A vital system crashes on Monday morning. How many backups will need to be restored?
two
You are training several IT professionals on security and access control. You need to explain to the professionals the most common form of identification and authentication. What identification and authentication mechanism should you explain?
two-factor authentication
You have implemented the three databases that your organization uses to ensure that an entire transaction must be executed to ensure data integrity. If a portion of a transaction cannot complete, the entire transaction is not performed. Which database security mechanism are you using?
two-phase commit
What is often the weakest link in the security chain, and represents the largest vulnerability?
untrained users
You are responsible for designing your company's identification, authentication, and authorization system to ensure that the company's network is protected from unauthorized access. What is the purpose of authentication on this network?
verifying the identity of users
Which types of computers are targeted by RedPill and Scooby Doo attacks?
virtual machines
Your company has decided to implement a biometric system to ensure that only authorized personnel is able to access several secure areas at a facility. However, management is concerned that users will have privacy concerns when the biometric system is implemented. You have been asked to recommend that least intrusive biometric system of the listed options. Which option is considered the least intrusive?
voice print
Your company has decided to implement a biometric system to ensure that only authorized personnel is able to access several secure areas at the facility. However, management is concerned that users will have privacy concerns when the biometric system is implemented. You have been asked to recommend the least intrusive biometric system of the listed options. Which option is considered the least intrusive?
voice print
Which two suppression methods are recommended when paper, laminates, and wooden furniture are the elements of a fire in the facility? Choose 2
water soda acid
Recently, several confidential messages from your company have been intercepted. Your company has decided to implement PGP to encrypt files. Which type of model does this encryption use?
web
Management wants to protect all traffic on the company's HTTP/HTTPS server. You have been asked to recommend a solution. Which device is the BEST solution?
web application firewall
You are performing user account reviews. You need to determine whether user accounts are active. Which property should you verify?
when the last login occurred
What is cross-site request forgery (XSRF)?
when unauthorized commands are executed on a Web server by a trusted user
Match the attacks on the left with the descriptions given on the right.
~ Advanced persistent threat - a group of organized individuals from an enemy country is responsible for various attempts to breach the company network XXX sophisticated and targeted attacks. ~ Malicious insider threat - an employee downloads intellectual property from a server to a USB drive to sell to a competitor. ~ Spear phishing - an email spoofing attack appears to come from a figure of authority seeking access to confidential data. ~ Privilege escalation - an attacker exploits an application design flaw to gain elevated access to protected resources.
You have set up an auditing system for the servers on your network. Which three statements regarding an audit trail are NOT true? Choose 3
~ An audit trail is a preventive control. ~ An audit trail is reviewed only when an intrusion is detected. ~ An audit trail does not record successful login attempts.
Recently, your organization has experienced several password attacks. Management has asked you to provide additional security to ensure that this does not happen again. You decide to implement a key stretching function. Which of the following could you use? Check all that apply
~ Bcrypt ~ PBKDF2
You are explaining to a new employee the proper process of evidence collection. As part of this explanation, you need to ensure that the new employee understands the evidence life cycle. Move the steps in the evidence life cycle from the left column to the right column, and place them in the correct order, starting with the first step at the top.
~ Collect ~ Analyze ~ Store ~ Present ~ Return
You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack. What should you do? (Choose all that apply.)
~ Configure the network to use authenticated access only ~ Disable SSID broadcast. ~ Change the default Service Set Identifier (SSID) ~ Configure the network to use WPA or WPA2
Management has recently expressed concern over port security. You have been asked to ensure that all network ports are as secure as possible. Which of the following methods of port security should you implement? Choose all that apply
~ Ensure that the MAC addresses of connected devices are monitored. ~ Ensure that wiring closets are locked. ~ Ensure that TCP and UDP ports are managed properly.
Management has recently expressed concern over port security. You have been asked to ensure that all network ports are as secure as possible. Which of the following methods of port security should you implement? (Choose all that apply.)
~ Ensure that wiring closets are locked ~ Ensure that TCP and UDP ports are managed properly ~ Ensure that the MAC addresses of connected devices are monitored
An advanced user has recently had several new peripheral devices added to his desktop computer. You are concerned about peripheral devices becoming infected with malware. Which peripheral devices should you examine? Choose all that apply
~ External storage devices ~ WiFi enabled micro SD cards ~ Digital camera
Match the controls on the left with the object given on the right. Each control will go with only one object. Use the controls where they are the most effective.
~ Host-based firewall - Web server ~ GPS tracking - Mobile device ~ Biometrics - Data center ~ Sandboxing - Applications
Match the attacks on the left with the mode of attack given on the right.
~ Pharming - Web browser ~ Phishing - E-mail ~ Spimming - Social networks ~ Vishing - Telephone
Match the password control on the left with the descriptons given on the right.
~ Salting - adds text to each password before the password is hashed to prevent stored passwords from being XXXX ~ Lockout - allows you to configure the number of invalid logon attempts that can occur before an account is XXX ~ History - allows you to configure how many new passwords must be created before an old one can be reused. ~ Age - allows you to configure the minimum or maximum number of days that must pass before a user is required XXX
Match the descriptions on the right with the social engineering attacks on the left.
~ Shoulder surfing - watching someone when they enter sensitive data ~ Tailgating - following someone through a door he just unlocked ~ Vishing - a special type of phishing that uses VoIP ~ Whaling - a special type of phishing that targets a single power user
Match the tests on the left with the descriptions given on the right.
~ Vulnerability scan - a test carried out by internal staff that discovers weaknesses in systems to improve or repair them before a breach occurs. ~ Penetraton test - a form of vulnerability scan performed usin an automated tool by a trained white hat security team rather than by internal security staff. ~ Black box test - a test conducted with the assessor havin no knowledge about the systems being tested. ~ White box test - a test conducted with the assessor having all of the knowledge about he systems being tested. ~ Gray box test - a test conducted with the assessor having a little of the knowledge about the systems being tested.
Your company decides to implement a wireless network. You have been asked to assess which wireless encryption protocol to implement on the wireless network. Match the descriptions on the left with the Wireless Encryption Protocols on the right
~ WEP - Uses a 40-bit or 104-bit key ~ WPA/WPA2 Personal - Uses a 256-bit pre-shared key ~ WPA/WPA Enterprise - Requires a RADIUS server
Your company has recently adopted a new security policy that states that all confidential e-mails must be signed using a digital signature. Which three elements are provided by implementaion of this technology? Choose 3
~ authentication ~ integrity ~ non-repudiation
Your company has a Windows Active Directory domain that uses group policies to manage security settings. Which entities can group policies be used to manage?
~ client computers ~ server computers ~ domain controllers ~ users
As a security professional, you have been asked to advise an organization on which access control model to use. You decide that role-based access control (RBAC) is the best option for the organization. What are two advantages of implementing this access control model? Choose 2
~ easier to implement ~ low security cost