Examtopics Dump Sec+ Ptests

Which of the following security controls does an iris scanner provide? A. Logical B. Administrative C. Corrective D. Physical E. Detective F. Deterrent

D

Which of the following differentiates a collision attack from a rainbow table attack? A. A rainbow table attack performs a hash lookup B. A rainbow table attack uses the hash as a password C. In a collision attack, the hash and the input data are equivalent D. In a collision attack, the same input results in different hashes

A

A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Which of the following types of controls does this BEST describe? A. Deterrent B. Preventive C. Detective D. Compensating

A

A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees? A. WPS B. 802.1x C. WPA2-PSK D. TKIP

A

A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer.Which of the following is the BEST way to accomplish this? A. Enforce authentication for network devices B. Configure the phones on one VLAN, and computers on another C. Enable and configure port channels D. Make users sign an Acceptable use Agreement Hide Solution

A

An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS? A. PEAP B. EAP C. WPA2 D. RADIUS

A

An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal? A. Certificate pinning B. Certificate stapling C. Certificate chaining D. Certificate with extended validation

A

An organization relies heavily on an application that has a high frequency of security updates. At present, the security team only updates the application on the firstMonday of each month, even though the security updates are released as often as twice a week.Which of the following would be the BEST method of updating this application? A. Configure testing and automate patch management for the application. B. Configure security control testing for the application. C. Manually apply updates for the application when they are released. D. Configure a sandbox for testing patches before the scheduled monthly update.

A

To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months.Which of the following is the BEST way to ensure this goal is met? A. Create a daily encrypted backup of the relevant emails. B. Configure the email server to delete the relevant emails. C. Migrate the relevant emails into an "Archived" folder. D. Implement automatic disk compression on email servers.

A

Which of the following can be provided to an AAA system for the identification phase? A. Username B. Permissions C. One-time token D. Private certificate

A

Which of the following is the GREATEST risk to a company by allowing employees to physically bring their personal smartphones to work? A. Taking pictures of proprietary information and equipment in restricted areas. B. Installing soft token software to connect to the company's wireless network. C. Company cannot automate patch management on personally-owned devices. D. Increases the attack surface by having more target devices on the company's campus

A

Which of the following occurs when the security of a web application relies on JavaScript for input validation? A. The integrity of the data is at risk. B. The security of the application relies on antivirus. C. A host-based firewall is required. D. The application is vulnerable to race conditions.

A

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS? A. Privilege escalation B. Pivoting C. Process affinity D. Buffer overflow

A

35. Malicious traffic from an internal network has been detected on an unauthorized port on an application server.Which of the following network-based security controls should the engineer consider implementing? A. ACLs B. HIPS C. NAT D. MAC filtering

A "It is not B since the traffic is on the network and the HIPS protects only the application server."

120. Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time? A. Isolating the systems using VLANs B. Installing a software-based IPS on all devices C. Enabling full disk encryption D. Implementing a unique user PIN access functions

A (many people disagree)

Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility.Which of the following terms BEST describes the security control being employed? A. Administrative B. Corrective C. Deterrent D. Compensating

A (there is some debate about this)

A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Select two.) A. Generate an X.509-compliant certificate that is signed by a trusted CA. B. Install and configure an SSH tunnel on the LDAP server. C. Ensure port 389 is open between the clients and the servers using the communication. D. Ensure port 636 is open between the clients and the servers using the communication. E. Remote the LDAP directory service role from the server.

AD.

124. A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.) A. Geofencing B. Remote wipe C. Near-field communication D. Push notification services E. Containerization

AE

Which of the following technologies employ the use of SAML? (Select two.) A. Single sign-on B. Federation C. LDAP D. Secure token E. RADIUS

AB

A security analyst is hardening a web server, which should allow a secure certificate-based session using the organization's PKI infrastructure. The web server should also utilize the latest security techniques and standards. Given this set of requirements, which of the following techniques should the analyst implement toBEST meet these requirements? (Select two.) A. Install an X- 509-compliant certificate. B. Implement a CRL using an authorized CA. C. Enable and configure TLS on the server. D. Install a certificate signed by a public CA. E. Configure the web server to use a host header.

AC

Users report the following message appears when browsing to the company's secure site: This website cannot be trusted. Which of the following actions should a security analyst take to resolve these messages? (Select two.) A. Verify the certificate has not expired on the server. B. Ensure the certificate has a .pfx extension on the server. C. Update the root certificate into the client computer certificate store. D. Install the updated private key on the web server. E. Have users clear their browsing history and relaunch the session.

AC

Which of the following AES modes of operation provide authentication? (Select two.) A. CCM B. CBC C. GCM D. DSA E. CFB

AC

25. A company is currently using the following configuration: ✑ IAS server with certificate-based EAP-PEAP and MSCHAP ✑ Unencrypted authentication via PAPA security administrator needs to configure a new wireless setup with the following configurations: ✑ PAP authentication method ✑ PEAP and EAP provide two-factor authenticationWhich of the following forms of authentication are being used? (Select two.) A. PAP B. PEAP C. MSCHAP D. PEAP- MSCHAP E. EAP F. EAP-PEAP

AC. (very complicated explanatino and i have no idea what it means)

192. While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy.Which of the following tool or technology would work BEST for obtaining more information on this traffic? A. Firewall logs B. IDS logs C. Increased spam filtering D. Protocol analyzer

B

46. (noone has clue) A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk in this situation? A. An attacker can access and change the printer configuration. B. SNMP data leaving the printer will not be properly encrypted. C. An MITM attack can reveal sensitive information. D. An attacker can easily inject malicious code into the printer firmware. E. Attackers can use the PCL protocol to bypass the firewall of client computers.

B

A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment? A. A perimeter firewall and IDS B. An air gapped computer network C. A honeypot residing in a DMZ D. An ad hoc network with NAT E. A bastion host

B

An organization is comparing and contrasting migration from its standard desktop configuration to the newest version of the platform. Before this can happen, theChief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging? A. Dynamic analysis B. Change management C. Baselining D. Waterfalling

B

A copy of a highly confidential salary report was recently found on a printer in the IT department. The human resources department does not have this specific printer mapped to its devices, and it is suspected that an employee in the IT department browsed to the share where the report was located and printed it without authorization. Which of the following technical controls would be the BEST choice to immediately prevent this from happening again? A. Implement a DLP solution and classify the report as confidential, restricting access only to human resources staff B. Restrict access to the share where the report resides to only human resources employees and enable auditing C. Have all members of the IT department review and sign the AUP and disciplinary policies D. Place the human resources computers on a restricted VLAN and configure the ACL to prevent access from the IT department

B

A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using? A. Waterfall B. Agile C. Rapid D. Extreme

B

A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts.Which of the following subnets would BEST meet the requirements? A. 192.168.0.16 255.25.255.248 B. 192.168.0.16/28 C. 192.168.1.50 255.255.25.240 D. 192.168.2.32/27

B

A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine.Which of the following can be implemented to reduce the likelihood of this attack going undetected? A. Password complexity rules B. Continuous monitoring C. User access reviews D. Account lockout policies

B

A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another.Which of the following should the security administrator do to rectify this issue? A. Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability B. Recommend classifying each application into like security groups and segmenting the groups from one another C. Recommend segmenting each application, as it is the most secure approach D. Recommend that only applications with minimal security features should be segmented to protect them

B

A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols.Which of the following summarizes the BEST response to the programmer's proposal? A. The newly developed protocol will only be as secure as the underlying cryptographic algorithms used. B. New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries. C. A programmer should have specialized training in protocol development before attempting to design a new encryption protocol. D. The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.

B

An information security analyst needs to work with an employee who can answer questions about how data for a specific system is used in the business. The analyst should seek out an employee who has the role of: A. steward B. owner C. privacy officer D. systems administrator

B

As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened.Which of the following is the BEST way to do this? A. Use a vulnerability scanner. B. Use a configuration compliance scanner. C. Use a passive, in-line scanner. D. Use a protocol analyzer.

B "A compliance check scans the target and returns results based on if the target is compliant based on the standards selected for the scan. This offers an administrator to see how their systems are configured and if they are compliant with their company's standards. On the other hand, a vulnerability scan offers information pertaining to if the target has known vulnerabilities. https://community.tenable.com/s/article/How-is-a-compliance-check-different-than-a-vulnerability-scan"

A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection? A. tracert B. netstat C. ping D. nslookup

B.

A security engineer is configuring a system that requires the X.509 certificate information to be pasted into a form field in Base64 encoded format to import it into the system. Which of the following certificate formats should the engineer use to obtain the information in the required format? A. PFX B. PEM C. DER D. CER

B.

Multiple organizations operating in the same vertical want to provide seamless wireless access for their employees as they visit the other organizations. Which of the following should be implemented if all the organizations use the native 802.1x client on their mobile devices? A. Shibboleth B. RADIUS federation C. SAML D. OAuth E. OpenID connect

B.

Joe, a security administrator, needs to extend the organization's remote access functionality to be used by staff while travelling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services. Which of the following represents the BEST access technology for Joe to use? A. RADIUS B. TACACS+ C. Diameter D. Kerberos

B. "Authentication and Authorization is separate in TACACS+. It also supports two methods to control the authorization of router commands on a per-user or per-group basis. In Radius Authentication and Authorization is combined and Radius also doesn't support Access to Router CLI Commands."

Audit logs from a small company's vulnerability scanning software show the following findings:Destinations scanned:-Server001- Internal human resources payroll server-Server101-Internet-facing web server-Server201- SQL server for Server101-Server301-Jumpbox used by systems administrators accessible from the internal networkValidated vulnerabilities found:-Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software-Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software-Server201-OS updates not fully current-Server301- Accessible from internal network without the use of jumpbox-Server301-Vulnerable to highly publicized exploit that can elevate user privilegesAssuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST? A. Server001 B. Server101 C. Server201 D. Server301

B. "Even though D has the escalation possibility, it is internal only. They specify external threats. The only one that has a big external threat is 101, it is exploitable via the web. All other are internal.""The question states: "external attackers" Server 001 is an internal server, not connected to the Internet. Server 101 IS connected to the internet and would provide a means for the "external attackers" to gain access."

After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take? A. Recovery B. Identification C. Preparation D. Documentation E. Escalation

B. (some people disagree about the answer rationale)

Which of the following is an important step to take BEFORE moving any installation packages from a test environment to production? A. Roll back changes in the test environment B. Verify the hashes of files C. Archive and compress the files D. Update the secure baseline

B. (some people think D)

A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have a local server. Because there is sensitive data within the report and the size of the report is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Select three.) A. S/MIME B. SSH C. SNMPv3 D. FTPS E. SRTP F. HTTPS G. LDAPS

BDF

When performing data acquisition on a workstation, which of the following should be captured based on memory volatility? (Select two.) A. USB-attached hard disk B. Swap/pagefile C. Mounted network storage D. ROM E. RAM

BE

A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.) A. Ping B. Ipconfig C. Tracert D. Netstat E. Dig F. Nslookup

BC "It should be B and C. you type ipconfig to find the default gateway IP, then you type tracert to see how many hops It takes to get to it. It really is mainly tracert but ipconfig will show you the gateway Ip/name."

When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Select two.) A. Use of performance analytics B. Adherence to regulatory compliance C. Data retention policies D. Size of the corporation E. Breadth of applications support

BC.

128. A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select? A. EAP-FAST B. EAP-TLS C. PEAP D. EAP

C

136. An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization's security policy, the employee's access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action? A. Approve the former employee's request, as a password reset would give the former employee access to only the human resources server. B. Deny the former employee's request, since the password reset request came from an external email address. C. Deny the former employee's request, as a password reset would give the employee access to all network resources. D. Approve the former employee's request, as there would not be a security issue with the former employee gaining access to network resources.

C

41. A department head at a university resigned on the first day of the spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this from occurring? (complicated and noone knows) A. Time-of-day restrictions B. Permission auditing and review C. Offboarding D. Account expiration

C

61. A company is terminating an employee for misbehavior. Which of the following steps is MOST important in the process of disengagement from this employee? A. Obtain a list of passwords used by the employee. B. Generate a report on outstanding projects the employee handled. C. Have the employee surrender company identification. D. Have the employee sign an NDA before departing.

C

A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements? A. The vulnerability scanner is performing an authenticated scan. B. The vulnerability scanner is performing local file integrity checks. C. The vulnerability scanner is performing in network sniffer mode. D. The vulnerability scanner is performing banner grabbing.

C

A company has a data classification system with definitions for "Private" and "Public". The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary".Which of the following is the MOST likely reason the company added this data type? A. Reduced cost B. More searchable data C. Better data classification D. Expanded authority of the privacy officer

C

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine.Which of the following describes the type of attack the proxy has been legitimately programmed to perform? A. Transitive access B. Spoofing C. Man-in-the-middle D. Replay

C

Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser? A. Buffer overflow B. MITM C. XSS D. SQLi

C

A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production.Which of the following would correct the deficiencies? A. Mandatory access controls B. Disable remote login C. Host hardening D. Disabling services

C

A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company's clients.Which of the following is being used? A. Gray box vulnerability testing B. Passive scan C. Credentialed scan D. Bypassing security controls

C

Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field.Which of the following has the application programmer failed to implement? A. Revision control system B. Client side exception handling C. Server side validation D. Server hardening

C

An application team is performing a load-balancing test for a critical application during off-hours and has requested access to the load balancer to review which servers are up without having the administrator on call. The security analyst is hesitant to give the application team full access due to other critical applications running on the load balancer. Which of the following is the BEST solution for security analyst to process the request? A. Give the application team administrator access during off-hours. B. Disable other critical applications before granting the team access. C. Give the application team read-only access. D. Share the account with the application team.

C

An organization finds that most help desk calls are regarding account lockout due to a variety of applications running on different systems. Management is looking for a solution to reduce the number of account lockouts while improving security. Which of the following is the BEST solution for this organization? A. Create multiple application accounts for each user. B. Provide secure tokens. C. Implement SSO. D. Utilize role-based access control.

C

An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability? A. False negative B. True negative C. False positive D. True positive

C

Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices? A. Cross-site scripting B. DNS poisoning C. Typo squatting D. URL hijacking

C

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws.Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data? A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end- to-end encryption between mobile applications and the cloud.

C

The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN.Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data? A. Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted B. Create a user training program to identify the correct use of email and perform regular audits to ensure compliance C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files D. Classify all data according to its sensitivity and inform the users of data that is prohibited to share

C

Which of the following best describes routine in which semicolons, dashes, quotes, and commas are removed from a string? A. Error handling to protect against program exploitation B. Exception handling to protect against XSRF attacks. C. Input validation to protect against SQL injection. D. Padding to protect against string buffer overflows.

C

Which of the following types of attacks precedes the installation of a rootkit on a server? A. Pharming B. DDoS C. Privilege escalation D. DoS

C

A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening.In order to implement a true separation of duties approach the bank could: A. Require the use of two different passwords held by two different individuals to open an account B. Administer account creation on a role based access control approach C. Require all new accounts to be handled by someone else other than a teller since they have different duties D. Administer account creation on a rule based access control approach

C (many also think it is A)

186. A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account.This is an example of which of the following attacks? A. SQL injection B. Header manipulation C. Cross-site scripting D. Flash cookie exploitation

C (some disagree)

31. When trying to log onto a company's new ticketing system, some employees receive the following message: Access denied: too many concurrent. The ticketing system was recently installed on a small VM with only the recommended hardware specifications. Which of the following is the MOST sessions likely cause for this error message? A. Network resources have been exceeded. B. The software is out of licenses. C. The VM does not have enough processing power. D. The firewall is misconfigured.

C.

A botnet has hit a popular website with a massive number of GRE-encapsulated packets to perform a DDoS attack. News outlets discover a certain type of refrigerator was exploited and used to send outbound packets to the website that crashed. To which of the following categories does the refrigerator belong? A. SoC B. ICS C. IoT D. MFD

C.

Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened.The network and security teams perform the following actions:✑ Shut down all network shares.✑ Run an email search identifying all employees who received the malicious message.✑ Reimage all devices belonging to users who opened the attachment.Next, the teams want to re-enable the network shares. Which of the following BEST describes this phase of the incident response process? A. Eradication B. Containment C. Recovery D. Lessons learned

C.

Which of the following encryption methods does PKI typically use to securely protect keys? A. Elliptic curve B. Digital signatures C. Asymmetric D. Obfuscation

C.

57. When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects? A. Owner B. System C. Administrator D. User

C. "C The question asks "which of the following specifies the subjects that can access specific data object" - the keyword is "specifies". The "System" enforces the permissions initially specified by the Administrator."

16. A security analyst wishes to increase the security of an FTP server. Currently, all traffic to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modern FTP client software.The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections. Which of the following would BEST accomplish these goals? A. Require the SFTP protocol to connect to the file server. B. Use implicit TLS on the FTP server. C. Use explicit FTPS for connections. D. Use SSH tunneling to encrypt the FTP traffic.

C. "The Answer is C. Explicit FTPS uses port 21 while implicit FTPS uses port 990." "The real key is "The security analyst wants to keep the same port and protocol." TLS/SSL Explicit mode usually uses the same port as Plain (unsecure) mode. TLS/SSL Implicit mode requires dedicated port. TLS/SSL Implicit mode cannot be run on the same port as TLS/SSL Explicit mode. ... The TLS/SSL protocol is the same in both Explicit and Implicit mode."

An administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.11i standard. Which of the following configuration options should the administrator select for the new wireless router? A. WPA+CCMP B. WPA2+CCMP C. WPA+TKIP D. WPA2+TKIP

C. "The answer is C. Normally we would use the new WPA2 however in the question it states: "The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.11i standard". Due to possible compatability issues we have to use WPA for those older devices connected to the network."

An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request.Which of the following secure protocols is the developer MOST likely to use? A. FTPS B. SFTP C. SSL D. LDAPS E. SSH

C. (many disagree and think this question is wack)

A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement?(very complicated and does not make sense to anybody ) A. DMZ B. NAT C. VPN D. PAT

C. (very complicated and does not make sense to anybody )

A security analyst receives an alert from a WAF with the following payload: var data= "<test test test>" ++ <../../../../../../etc/passwd>"Which of the following types of attacks is this? A. Cross-site request forgery B. Buffer overflow C. SQL injection D. JavaScript data insertion E. Firewall evasion script

D

23. Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations? (Select two.) A. Password expiration B. Password length C. Password complexity D. Password history E. Password lockout

CD

A company's user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contacting the user, the help desk discovers the user is on vacation and does not have network access. Which of the following types of attacks are MOST likely occurring? (Select two.) A. Replay B. Rainbow tables C. Brute force D. Pass the hash E. Dictionary

CE

146. A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring? A. Implement SRTP between the phones and the PBX. B. Place the phones and PBX in their own VLAN. C. Restrict the phone connections to the PBX. D. Require SIPS on connections to the PBX.

D

203. A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test.Which of the following has the administrator been tasked to perform? A. Risk transference B. Penetration test C. Threat assessment D. Vulnerability assessment

D

86. A system administrator wants to provide for and enforce wireless access accountability during events where external speakers are invited to make presentations to a mixed audience of employees and non-employees. Which of the following should the administrator implement? A. Shared accounts B. Preshared passwords C. Least privilege D. Sponsored guest

D

A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic's-Initial IR engagement time frame-Length of time before an executive management notice went out-Average IR phase completionThe director wants to use the data to shorten the response time. Which of the following would accomplish this? A. CSIRT B. Containment phase C. Escalation notifications D. Tabletop exercise

D

A new mobile application is being developed in-house. Security reviews did not pick up any major flaws, however vulnerability scanning results show fundamental issues at the very end of the project cycle.Which of the following security activities should also have been performed to discover vulnerabilities earlier in the lifecycle? A. Architecture review B. Risk assessment C. Protocol analysis D. Code review

D

A penetration tester finds that a company's login credentials for the email client were being sent in clear text. Which of the following should be done to provide encrypted logins to the email server? A. Enable IPSec and configure SMTP. B. Enable SSH and LDAP credentials. C. Enable MIME services and POP3. D. Enable an SSL certificate for IMAP services.

D

A security technician would like to obscure sensitive data within a file so that it can be transferred without causing suspicion.Which of the following technologies would BEST be suited to accomplish this? A. Transport Encryption B. Stream Encryption C. Digital Signature D. Steganography

D

A wireless network uses a RADIUS server that is connected to an authenticator, which in turn connects to a supplicant. Which of the following represents the authentication architecture in use? A. Open systems authentication B. Captive portal C. RADIUS federation D. 802.1x

D

An employee uses RDP to connect back to the office network.If RDP is misconfigured, which of the following security exposures would this lead to? A. A virus on the administrator's desktop would be able to sniff the administrator's username and password. B. Result in an attacker being able to phish the employee's username and password. C. A social engineering attack could occur, resulting in the employee's password being extracted. D. A man in the middle attack could occur, resulting the employee's username and password being captured.

D

During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users.Which of the following could best prevent this from occurring again? A. Credential management B. Group policy management C. Acceptable use policy D. Account expiration policy

D

Which of the following would a security specialist be able to determine upon examination of a server's certificate? A. CA public key B. Server private key C. CSR D. OID

D ("optional identifiers." "Certificates use object identifiers (OIDs) to identify specific objects within the certificates and some CAs require OIDs within the CSR for certain items. The OID is a string of numbers separated by dots. OIDs can be used to name almost every object type in certificates.")

A mobile device user is concerned about geographic positioning information being included in messages sent between users on a popular social network platform.The user turns off the functionality in the application, but wants to ensure the application cannot re-enable the setting without the knowledge of the user.Which of the following mobile device capabilities should the user disable to achieve the stated goal? A. Device access control B. Location based services C. Application control D. GEO-Tagging Hide Solution

D (almost all people think it is B)

A systems administrator is attempting to recover from a catastrophic failure in the datacenter. To recover the domain controller, the systems administrator needs to provide the domain administrator credentials. Which of the following account types is the systems administrator using? A. Shared account B. Guest account C. Service account D. User account

D (but EVERYONE disagrees and says it is C)

A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do NEXT? A. Document and lock the workstations in a secure area to establish chain of custody B. Notify the IT department that the workstations are to be reimaged and the data restored for reuse C. Notify the IT department that the workstations may be reconnected to the network for the users to continue working D. Document findings and processes in the after-action and lessons learned report

D (but many think B)

Ann. An employee in the payroll department, has contacted the help desk citing multiple issues with her device, including:✑ Slow performance✑ Word documents, PDFs, and images no longer opening✑ A pop-upAnn states the issues began after she opened an invoice that a vendor emailed to her. Upon opening the invoice, she had to click several security warnings to view it in her word processor. With which of the following is the device MOST likely infected? (noone is really sure) A. Spyware B. Crypto-malware C. Rootkit D. Backdoor Hide Solution

D. (But EVERYONE disagrees and says it is C)

28. A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following: ✑ There is no standardization .✑ Employees ask for reimbursement for their devices .✑ Employees do not replace their devices often enough to keep them running efficiently .✑ The company does not have enough control over the devices.Which of the following is a deployment model that would help the company overcome these problems? A. BYOD B. VDI C. COPE D. CYOD

D. (nobody is sure and some think it is supposed to be C)

A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed? A. Removing the hard drive from its enclosure B. Using software to repeatedly rewrite over the disk space C. Using Blowfish encryption on the hard drives D. Using magnetic fields to erase the data

D. (some/many people think B)

A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred? A. The hacker used a race condition. B. The hacker used a pass-the-hash attack. C. The hacker-exploited improper key management. D. The hacker exploited weak switch configuration.

D? (some/many disagree)

A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls.Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Select Three) A. Password complexity policies B. Hardware tokens C. Biometric systems D. Role-based permissions E. One time passwords F. Separation of duties G. Multifactor authentication H. Single sign-on I. Lease privilege

DFI

A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network.Which of the following should be implemented in order to meet the security policy requirements? A. Virtual desktop infrastructure (IDI) B. WS-security and geo-fencing C. A hardware security module (HSM) D. RFID tagging system E. MDM software F. Security Requirements Traceability Matrix (SRTM)

E

A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Select two.) (noone knows for sure. worth researching) A. The portal will function as a service provider and request an authentication assertion. B. The portal will function as an identity provider and issue an authentication assertion. C. The portal will request an authentication ticket from each network that is transitively trusted. D. The back-end networks will function as an identity provider and issue an authentication assertion. E. The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store. F. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.

Thing says CD, some people saying AD, some people saying other. noone knows. reserach it