cYBER3
After a significant amount of hiring, an organization would like to simplify the connection process to its wireless network for employees while ensuring maximum security. The Chief Information Officer (CIO) wants to get rid of any shared network passwords and require employees to use their company credentials when connecting. Which of the following should be implemented to BEST meet this requirement?
802.1X
Which of the following scenarios BEST describes an implementation of non-repudiation?
A user sends a digitally signed email to the entire finance department about an upcoming meeting
A security consultant is gathering information about the frequency of a security threat's impact to an organization. Which of the following should the consultant use to label the number of times an attack can be expected to impact the organization in a 365-day period?
ARO
A new system design will include local user tables and password files managed by the systems administrators, an external permissions tree managed by an access control team, and an external auditing infrastructure managed by a security team. Which of the following is managed by the security team?
Accounting
When sending messages using symmetric encryption, which of the following must happen FIRST?
Agree on an encryption method
Which of the following BEST describes the impact of an unremediated session timeout vulnerability? A. The credentials of a legitimate user could be intercepted and reused to log in when the legitimate user
An attacker could use an existing session that has been initiated by a legitimate user.
Which of the following encryption methods does PKI typically use to securely protect keys?
Asymmetric
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue
Botnet
An administrator is configuring a wireless network. Security policy states that deprecated cryptography should not be used when there is an alternative choice. Which of the following should the administrator use for the wireless network's cryptographic protocol?
CCMP
A network technician must update the company's wireless configuration settings to comply with new requirements, which means the use of AES encryption. Which of the following settings would BEST ensure the requirements are met?
Configure CCMP.
Which of the following is an asymmetric function that generates a new and separate key every time it runs?
DHE
A security engineer is configuring a wireless network with EAP-TLS. Which of the following activities is a requirement for this configuration?
Deploying certificates to endpoint devices
An employee has been writing a secure shell around software used to secure executable files. The employee has conducted the appropriate self-test and is ready to move the software into the next environment. Within which of the following environments is the employee currently working?
Development
Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users' email contacts are complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should be taken FIRST? (Select TWO
Disable the open relay on the email server Enable sender policy framework
A group of developers is collaborating to write software for a company. The developers need to work in subgroups and restrict access to their modules. Which of the following access control methods is considered user-centric?
Discretionary
A company has been experiencing many successful email phishing attacks, which have been resulting in the compromise of multiple employees' accounts when employees reply with their credentials. The security administrator has been notifying each user and resetting the account passwords when accounts become compromised. Regardless of this process, the same accounts continue to be compromised even when the users do not respond to the phishing attacks. Which of the following are MOST likely to prevent similar account compromises? (Select TWO).
Enable password complexity. Configure account lockout.
An auditor confirms the risk associated with a Windows-specific vulnerability, which was discovered by the company's security tool, does not apply due ot the server running a LInux OS. Which of the following does this BEST describe?
False positive
The Chief Information Security Officer (CISO) of an organization has tasked the security analysis team with researching and developing a multifactor authentication alternative to the existing single-factor version. The team decides that multifactor, for this organization, will mean three separate and distinct authentication methods. Which of the following options BEST meets this requirement?
Fingerprint, token, challenge question
Which of the following allows an auditor to test proprietary-software compiled code for security flaws?
Fuzzing
A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed?
Identification of critical systems
Which of the following BEST implements control diversity to reduce the risks associated with the authentication of employees into company resources?
Implementing LDAP authentication for some systems and RADIUS authentication for others
Which of the following are the primary differences between an incremental and differential backup? (Select TWO).
Incremental backups take less time to complete. Differential backups only back up files since the last full backup.
Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which of the following is considered to be a corrective action to combat this vulnerability?
Install a vendor-supplied patch
A security manager discovers the most recent vulnerability scan report illustrates low-level, non-critical findings. Which of the following scanning concepts would BEST report critical threats?
Intrusive scan
Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced slowness and input lag and found text files that appear to contain pieces of her emails or online conversations with coworkers. The technician runs a standard virus scan but detects nothing. Which of the following types of malware has infected the machine?
Keylogger
The Chief Information Security Officer (CISO) of a university is concerned about potential transmission of usernames and passwords in cleartext when authenticating to a directory server. Which of the following would BEST mitigate the CISO's concerns?
LDAPS
A security specialist must confirm file backups match the original copy. Which of the following should the security specialist use to accomplish the objective?
MD5
A security team has deployed a new UTM to connect different segments of the corporate network. In addition to the UTM, each host has its own firewall and HIPS. The new UTM implements many of the same protections as the host-based firewall and HIPS, but the security team plans to leave both of these protections in place. Which of the following BEST describes the reason for this redundancy?
Multiple forms of protection is preferred over single points of failure.
Finance department employees are reporting slow network connectivity and SSL/TLS certificate errors when they access secure websites. A security administrator suspects a computer in the finance VLAN may have been compromised and is impersonating the router's IP address using an MITM attack. Which of the following commands should the security administrator use to verify this finding?
NMAP
A department head at a university resigned on the first day of spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this form occurring?
Offboarding
An office manager found a folder that included documents with various types of data relating to corporate clients. The office manager notified the data included dates of birth, addresses, and phone numbers for the clients. The office manager then reported this finding to the security compliance officer. Which of the following portions of the policy would the security officer need to consult to determine if a breach has occurred?
PII
A security analyst is attempting to identify vulnerabilities in a customer's web application without impacting the system or its data. Which of the following BEST describes the vulnerability scanning concept performed?
Passive scan
Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations?
Password expiration Password history
A penetration tester uses an exploited network printer as a base of operations to expand access to various workstations. Which of the following BEST describes the tester's actions?
Persistence
A security engineer is making changes to a corporate network to facilitate the expansion of corporate connectivity to guest users. The security engineer is concerned with unauthorized users accessing sensitive systems that also require network connectivity. Given the engineer's requirements, which of the following is the BEST method of securing the sensitive systems?
Place an air gap around the sensitive systems.
Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? (Select TWO)
Public key Private key
A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure?
RADIUS federation
A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have a local server. Because there is sensitive data within the report and the size is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Select THREE)
SSH FTPS HTTPS
he POODLE attack is an MITM exploit that affects:
SSLv3.0 with CBC mode cipher
Joe, a senior systems administrator, must leave for a family emergency. While Joe is absent, another systems administrator discovers Joe stole confidential company information. Which of the following organizational procedures would have detected this breach sooner?
Separation of duties
A security analyst is conducting a web application vulnerability scan against the company website. Which of the following is considered an intrusive scan?
Service identification
A security analyst is securing a . One of the requirements is network isolation with no access to the Internet or networked computers. Given this scenario, which of the following should the analyst implement to BEST address this requirement?
Set up an air-gapped environment.
A company has developed a business critical system for its core automation process with a software vendor. Which of the following can provide access to the source code if the licensor declares bankruptcy?
Software escrow
Which of the following would be considered multifactor authentication?
Strong password and fingerprint
A security administrator wants to install an AAA server to centralize the management of network devices, such as routers and switches. The server must reauthorize each individual executed on a network device. Which of the following should be implemented?
TACACS+
A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the following types of attacks would MOST likely gain access?
Tailgating
A user received an email from an ISP indicating malicious traffic coming from the user's home network is detected. The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack. The only Linux device on the network is a home surveillance camera system. Which of the following BEST describes what is happening?
The camera system is infected with a bot.
A user receives an email from ISP indicating malicious traffic coming from the user's home network is detected. The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack. The only Linux device on the network is a home surveillance camera system. Which of the following BEST describes what is happening?
The camera system is infected with a bot.
Due to regulatory requirements, server in a global organization must use time synchronization. Which of the following represents the MOST secure method of time synchronization?
The server should connect to internal Stratum 0 NTP servers for synchronization
Which of the following s the BEST reason to run an untested application is a sandbox?
To prevent the application from acquiring escalated privileges and accessing its host system
Some of the legacy systems in an organization are running old versions of the Windows OS and others are running Linux OSs, while new systems are running the latest release of the Windows OS. The systems are not running any legacy custom applications. The organization's Chief Information Officer (CIO) wishes to unify all systems to reduce cost and enhance the security posture of the organization, without losing data or causing data leakage. Which of the following would be the BEST course of action to take?
Treat all legacy machines as end-of-life systems and replace them.
An organization has implemented an IPSec VPN access for remote users. Which of the following IPSec modes would be the MOST secure for this organization to implement?
Tunnel mode
Users report the following message appear when browsing to the company's secure site: This website cannot be trusted. Which of the following actions should a security analyst take to resolve these messages? (Select TWO)
Verify the certificate has not expired on the server Update the root certificate into the client computer certificate store
A company wishes to deploy a wireless network. Management insists that each individual user should have to authenticate with a unique username and password before being able to associate with the wireless access points. Which of the following wireless features would be the MOST appropriate to achieve this objective?
WPA Enterprise
When developing an application, executing a preconfigured set of instructions is known as:
infrastructure as code.
An organization wants to upgrade its enterprise-wide desktop computer solution. The organization currently has 500 PCs active on the network. the Chief Information Security Officer (CISO) suggests that the organization employ desktop imaging technology for such a large scale upgrade. Which of the following is a security benefit of implementing an imaging solution?
it provides a consistent baseline