IT271 - Security+ Cert Midterm
Which of the following represents ports used by secure TCP applications?(Choose all that apply)
22 443
Which ICMP type is used to identify echo request messages?
8
Which of the following security technologies involves controlling access to a wired or wireless network using a central authentication server such as RADIUS?
802.1X
Which of the following best describes a Trojan virus?
A virus that disguises itself as a legitimate program but actually opens a port on the system
Which TCP/IP protocol is used to convert the IP address to a MAC address?
ARP
Your manager has been reading about hackers capturing network traffic in a switched network environment and has asked you to explain how it is possible that hackers can do this. Which techniques will you describe in your explanation?
ARP Poisoning MAC Flooding
One of the network administrators in the office has been monitoring the proxy server logs and notices that Bob has visited some inappropriate web sites. What policy is this in violation of?
AUP
Your manager has been reading a lot about popular password attacks such as dictionary attacks and brute-force attacks. Your manager is worried that your company is susceptible to such attacks. Which of the following controls will help protect against a brute-force attack?
Account lockout
What type of reporting mechanism should a system or application use to notify the administrator of an event that requires immediate attention?
Alarm
Before an individual is authorized to access resources on the network, they are first ______ with the network.
Authenticated
You have configured the permissions on the accounting folder so that the accounting group can create, modify, and delete content in the folder; the Managers group can read the contents of the folder; and all other users are denied access. This is an example of which of the following?
Authorization
As requested by your manager, you purchase two servers to participate in a server cluster so that if one server fails, the other server will take over the workload. Which of the following goals of security has been met?
Availability
Your manager has read that it is possible on older Bluethooth-enabled phones for a hacker to retrieve all the data from the phone. What type of attack is this?
Bluesnarfing
A user calls you to check out her system because it is performing slowly. You notice not only that the system is performing slowly, but that the virus scan software does not respond when you try to perform a virus scan. Which of the following represents the best action to take next in order to run a virus scan?
Boot from a DVD/USB
What is the term for a collection of systems that a hacker compromises and then uses to perform additional attacks?
Botnet
1. What type of attack involves the hacker sending too much data to an application that typically results in the hacker gaining remote access to the system with administrative permissions?
Buffer overflow
Which of the following identifies the benefit of stateful packet inspection firewall?
Can filter traffic based on the context of the conversation.
You are reviewing the security configuration of a wireless access point. Which of the following settings should be configured on the access point to help keep wireless secure? (Choose two.)
Change the admin password Configure WPA2
You are talking to management about ways to limit security threats such as tailgating within the company. Management has said there is no money to spend on controls such as mantraps. What can you do to reduce the risk of tailgating?
Conduct training and awareness.
You have protected the contents of a highly sensitive file by encrypting the data. Which of the following goals of security has been satisfied?
Confidentiality
1. A hacker tries to compromise your system by submitting script code into a field in a web page that is then submitted and stored as data in the web site database. The hacker is anticipating when you navigate to the site and display the data, that your browser will parse the script and execute it. What type of attack is this?
Cross-site scripting
What type of application attack involves the hacker inputting data into a website that contains script code that will execute when the page is viewed by another visitor?
Cross-site scripting
The entity that is responsible for implementing the appropriate security control to protect an asset is which of the following?
Custodian
What type of attack is a smurf attack?
DDoS
What type of attack results in the victim's system not being able to perform its job function?
Denial of service
When you enable a host-based firewall, what is typically the default rule applied?
Deny all traffic
Your manager approaches you and says that she has been reading about the concept of live CDs and how hackers are using them to bypass system security. What would you do to help protect your systems from this type of threat?
Disable booting from CD/DVD
A manager has just notified you that John, a longtime employee of the company, has been stealing money from the company and that the representatives of management and HR are headed into a meeting with John to let him know he is being terminated. What should you do while hey are in the meeting?
Disable the employee's user accounts and access cards.
You are a network administrator for a small company, and you wish to follow the best security practices that relate to the switch. Which of the following should you do? (Choose all that apply)
Disable unused ports. Configure port security Enable console password.
Which of the following actions is performed during system hardening?
Disabling unnecessary services
Which of the following are considered PII that must be secured at all times? (Choose two.)
Driver's license SSN
You have taken the time to create and implement security policies within your organization. This is an example of which of the following?
Due care
After creating and implementing the company security policy, you verify that policies are being followed on a regular basis by performing regular audits. This is an example of which of the following?
Due diligence
Sue comes to you asking if it is okay if she downloads movies to her company laptop with a P2P program so that she can watch the movies while she is away on business. Which of the following is the best response?
Educate Sue on the fact that P2P programs are popular ways to spread viruses, so no, the company does not allow P2P on its systems.
Your company is implementing a new web application that is designed to help track inventory of company assets. When reviewing the configuration of the application, you note that it requires users to log on to access the inventory site. What else should you look for?
Ensure the logon credentials are encrypted
You are planning a security assessment strategy for all systems and mobile devices used within the organization. When assessing mobile devices such as phones, what should you look for?
Ensure the phone is password protected
Which of the following are considered bio-metrics? (choose two)
Fingerprint Retina Scan
The technical team is putting together the firewall solution and needs to know what type of traffic is permitted to pass through the firewall. What policy can the technical team use to find out what traffic is permitted to pass through the firewall?
Firewall policy
When looking at the web server log files, you notice that a lot of the requiests that have hit the web site are naivigating to the /scripts/..%c0%af../winnt/system32 folder. What type of attack is occuring?
Folder traversal
The software testing team is responsible for testing the applications by inputting invalid data into the field of the applications. What is this called?
Fuzzing
Mark is part of the sales team within your organization and spends a lot of time in hotels while on the road. What would you recommend to the administator with regard to the security of Mark's laptop?
Host-Based firewall
What file can the hacker modify after compromising your system that could lead you to the wrong website?
Hosts
A software vendor has found out about a critical vulnerability within their software product that causes a severe security risk to the system. The software vendor will ship which type of remedy that should be applied to systems immediately?
Hot-fix
You have configured your network so that each person on the network must provide a username and password to gain access. Presenting a username is an example of ___.
Identification
Which of the following is considered a valid security issue with network attached storage (NAS) devices?
If the NAS device is not configured properly, a security compromise could compromise all the data on the device.
Which of the following vulnerability types directly relate to the programmer of the software? (Choose all that apply.)
Improper input handling Improper error handling Race condition
Data classification labels are applied to ____, while clearance levels are applied to _______.
Information, employees
Your company has a web application that seems to be running slowly. What can be done to improve the performance of the application?
Install a load balancer
You have managed the file permissions on a file so that unauthorized persons cannot make modifications to the file. What goal of security has been met?
Integrity
Management is concerned that an employee may be able to hide fraudulent activity for a long duration while working for the company. What would you recommend to help detect an improper activity performed by employees?
Job rotation
What type of rootkit replaces an operating system driver file in hopes of hiding itself?
Kernel-level
While performing a security assessment, you notice that one of the systems has a small device connected between the keyboard and the computer. What is this device?
Keylogger
All accountants need to be able to modify the accounting data except for Bob. Due to Bob's job requirements, you have ensured that Bob received only the read permission to the accounting data. This is an example of which of the following?
Least privilege
Bob requires the capabilities to change the system time on the computers, but instead of adding Bob to the Administrators group (who can change the time on the computer), you grant Bob the Change System Time right. This is an example of following which security principle?
Least privilege
Your company has a primary DNS server at its head office and a secondary DNS server at two other offices around the world. What should you do to secure the DNS data?
Limit zone transfers to the IP addresses of the secondary servers.
Which of the following should be done to help secure mobile devices used by users on the network? (Choose two.)
Lock the screen based on short inactivity periods. Encrypt the data.
How does the HIDS determine the potentially suspicious activity has occured?
Log files
Bob installed an application on ten computers in the office over sic months ago, and the application worked as expected. On Fed 12 of this year, the application deleted a number of critical files from the system. What type of virus is this?
Logic Bomb
The hacker has managed to poison everyone's ARP cache so that all traffic to the Internet is being sent to the hacker's system before being routed out to the internet. What type of attack is this?
MITM
Your manager has read reports of tailgating being a problem with security in many organizations and wants to know what can be done to prevent tailgating. which of the following controls will help protect against tailgating?
Mantrap
Your manager would like to implement additional security measues on the DHCP server. What actions would you recommend? (Choose two.)
Modify the scope to include only one address for each host on the network. Configure an address reservation for each of the addresses in the DHCP scope
What is the first step in creating a security policy?
Obtain management approval and support.
The entity that is responsible for deciding the level of protection that is placed on data and that is ultimately responsible for the security of that data is which of the following?
Owner
Which of the following is a popular method to protect against dictionary attacks?
Password complexity
The network administrator is configuring the network and wants to put restrictions on user passwords such as the length of the password, password complexity, and password history. Where can the administrator find out what the values of those settings should be set to?
Password policy
Which feature of a network switch allows the network administrator to capture network traffic when monitoring or troubleshooting the network?
Port Mirroring
What feature of a network switch allows you to control which system can be physically connected to a specific network port by its MAC address?
Port security
Your manager is thinking about using cloud computing to host e-mail servers for your organization. What is one of the security issues surrounding this scenario?
Privacy
You are the data owner of a set of data that is considered sensitive to the organization. If this information is leaked to the public, it could cause damage to the organization. Which of the following classification labels would you assign to the data?
Private
A user logs on with a regular user account and then exploits a vulnerability in the OS to gain admin access to the system. What type of attack is this?
Privilege escelation
Which of the following devices could be used to limit which web sites users on the network can visit?
Proxy server
You are the network administrator and have configured shared folder permissions and NTFS permissions on the accounting folder. You have given the accountants the NTFS permissions of read, but share the permission of change. What is the effective permissions when the accounts connect to the share from across the network?
Read
With a dictionary attack, how does the password-cracking software attempt to figure out the passwords of the different user accounts?
Reads the passwords from a word list file
You manager has read about the need to uninstall unnecessary software and disable unnecessary services from a system. What is the purpose of performing these hardening techniques?
Reduce the attack surface
Which of the following identifies a security concern with SMTP servers?
Relaying of messages
Your sales manager has contacted you to report that she recently misplaced her mobile device that may contain sensitive information. What should you instruct her to do first?
Remotely wipe the device
You are monitoring network traffic and you notice a packet with pass' or 1=1—in the content of the packet. What type of attack has occurred?
SQL Injection
Which of the following identifies the stages of the three-way handshake?
SYN, SYN/ACK, ACK
Jeff is the network administrator for a law firm and has just purchased 20 new systems for the employees. Jess has collected all of the cold computers from the employees and has searched through the hard drives and deleted any doc and XLS files before handing the computers over to the local school. What policy may Jeff be in violation of?
Secure disposal of equipment policy
Within most organizations, the person who writes the check is not the person who signs the check. This is an example of which of the following?
Separation of duties
You are planning your training and awareness seminars. What should you tell employees to do with sensitive documents that are no longer needed?
Shred them
Your manager has downloaded some trial software from a vendor by supplying her email address to the vendor's website. what might the risk of such an action be?
Spam
John has been studying techniques used by hackers and decides to send a packet to your system, but ensures that he alters the source IP address of the packet so it looks like it comes from someone else. What type of attack is this?
Spoofing
Which type of policy is not optional and must be adhered to?
Standard
What feature in Linux allows you to configure a list of clients that can access a specific service?
TCP wrappers
What is the term used for when someone slips through an open door behind you after you have unlocked the door?
Tailgating
Your company has a strict policy when it comes to USB thumb drive usage in the office. An employee asks you why he is not allowed to use a thumb drive to carry files form his home computer to his office computer. Which of the following is the best answer?
The drive could carry a virus from home to the office
Which of the following is a good reason to ensure all employees take vacation time each year?
To hold employees accountable for any suspicious activity
Which of the following represents the reasoning for implementing rotation of duties in your environment?
To limit fraudulent activities withing the organization
You have installed antivirus software on all systems across the network. What else should you do with regard to maintaing the antivirus software?
Update virus definitions.
Your manager is worried about employee laptops being stolen in the middle of the day when an employee leaves their desk to get coffee or go to the washroom. What can you do to reduce the likelihood that a passerby will take a laptop left on a desk?
Use a lockdown cable.
A new network administrator in the office has been reading about the company requirement that all systems have the initial security baseline applied. She is looking at a listing of 50 different policy settings that need to be applied and is wondering if there is an easy way to deploy the settings. What should she do?
Use a security template
How should developers of programming languages such as .NET and Java deal with runtime errors occurring in the application?
Use exception handling
Your manager has called you into the office and has expressed concerns about a number of news reports on social engineering attacks. Your manager would like to know what can be done to protect the company against social engineering attacks. What is your response?
User awareness and training
What popular feature of a switch allows you to create communication boundaries between systems connected to the switch?
VLANs
Your manager is worried about the security of the applications created by the in-house developers. From a security point of view, what recommendation would you make to the manager as the No. 1 rule for developers to follow?
Validate all data inputted.
Your manager wishes to ensure that a lot of time is not wasted manually patching each system on the network. What would you recommend?
WSUS
What is the term used for a phishing attack that is targeted toward a specific person such as the executive of a company?
Whaling
What type of hacker learns hacking techniques so they can better defend against a malicious hacker?
White-hat
Which of the following identifies one of the security benefits of using virtualization technology?
You have less hardware to secure.
