sec plus pretest
A new web application has been created and you have been tasked with setting up a secure environment, which includes an application server, database server, web server, and security appliances. What does this scenario describe?
provisioning
You are a member of the IT team for an online service portal. A security analysis is going to be performed on your web applications and you want to make sure that there are no alerts due to things that can be changed without reconfiguring the web apps themselves. What action has the least risk of breaking any web services?
Closing unused open ports and services
Your organization is required to consolidate single-sign on and authorization by extending enterprise security policies to the cloud. What should be used?
Cloud access security brokers (CSAB)
As a security administrator managing the cryptography of your network, you are concerned about ensuring that data transmitted from a web site to a database server over the network is neither visible in clear text nor vulnerable to modification if intercepted. Which aspects of cryptography do you specifically need to support in this case?
Confidentiality , Integrity
You are a member of the security forensics team reviewing an attack on your organization. In the latest attack users attempted to logon to the corporate intranet but found they had to put in their credentials twice. It was discovered that the first entry was being registered at a different IP address and then the second successful logon was at the correct portal IP. What type of network attack has your organization most likely suffered?
DNS URL redirection
Which role is responsible for processing data backups?
Data custodian
You have added an important document to a file share on your organization's network. You have given individual users different permission levels to access this file. Which type of access control model have you implemented?
Discretionary Access Control
A malicious user disconnects an AP from the network. They proceed to configure their personal laptop with the same name as the AP. Which type of attack was launched?
Evil twin
As a security administrator managing the cryptography of your network, you are concerned about ensuring that the process of supporting advanced encryption techniques will reduce the response time of low-power sensor devices wirelessly sending their information to a control system. Which aspects of cryptography are you concerned with in this scenario?
Low latency , resource constraints
You work for a new private organization in the United States. You will be responsible for creating a security program that will allow your company to respond to cyber-attacks. Which framework is most appropriate for this particular need?
NIST CSF
Which of the following is a function of DHE?
Provides perfect forward secrecy
Which of these attacks attempt to discover a password by reversing the password's hash value?
Rainbow table attacks
You are on the security team for a large corporation. You are developing a security penetration testing exercise in order to discover weaknesses in your enterprise infrastructure. You have decided to create a team that will be challenging the plans, policies, and procedures of the company and performing penetration tests, ethical hacking, and social engineering. What type of security exercise team would best suit your needs?
Red-Team
You have configured a firewall to filter external traffic entering your company's network. Which type of access control does a firewall use?
Rule Based Access Control
Which access control mechanism uses time as a factor to limit the validity ?
TOTP
What technology is used to sandbox an OS?
Virtualization
Which of the following are used to target members of a specific group or organization?
Watering hole attacks
Various systems in your network environment use consistent settings. You want to be able to check the settings are accurate. What should you do?
Have automated configuration validation
Your organization works with local Governments to provide taxation accounting services. The organization doesn't house and PII, but it does hold data that would be considered sensitive for each local Government. Recently the organization has had an email breach that may have led to the disclose of some of this sensitive client information. Under the law of the jurisdiction you are in, you are required to notify any parties that are subject to a potential breach directly in the case that one has occurred. The disclosure should include the information that may have potentially been breached. The CEO has asked that you sweep this under the run. You have refused to do so under your professional code of ethics and have let the CEO know of his duties to disclose. The CEO is wied that customer might not want to do business with the organizat&n any longer. What kind of organizational consequence is the CEO concerned about?
Reputational damage
A small company has recently been awarded a Government contract to modernize their internal land registry system. The contract has several requirements around security that the organization will need to adhere to. The requirements are outlined in specific sections of NIST SP 800-53. The newly hired CIO within the small organization is looking for a method of transferring files between the Government and the company. These files will need to be encrypted in transit and at rest. The information being transferred will contain personally identifiable information and needs to be treated internally with the highest level of data security. What is the best file transfer method for the small organization to implement?
SFTP
Users authenticated in Domain A are automatically authenticated in Domain B and vice versa. Users authenticated in Domain B are automatically authenticated in Domain C and vice versa. Through this association, users in Domain A are automatically authenticated in Domain C and vice versa. Which term best describes this concept?
transitive trust
You need to implement biometric access controls to a high security location in your office. Which biometric factor would be considered the least accurate?
voice recognition
A system on your network was accessed during working hours and some sensitive information was viewed by an unintended user. Which actions will help prevent this issue from occurring in the future? (choose two) A. Perform permission auditing and review B. Perform usage auditing and review C. Implement onboarding/offboarding policies D. Set time-of-day restrictions
A. Perform permission auditing and review B. Perform usage auditing and review
Preventing password crackers from accessing your password database is a key part of system security. What are some safeguards you can implement to mitigate password crackers? (choose three) A. Salting passwords B. Ensuring that passwords are stored in clear text C. Setting a maximum number of login attempts D. Use a common phrase for your password E. Enforcing rules for creating strong passwords
A. Salting passwords C. Setting a maximum number of login attempts E. Enforcing rules for creating strong passwords
Your organization currently has strict change management procedures setup internally. The change review board meets once a week to review any non-emergency changes to review the possible impact they will make to the organization. During the most recent change review meeting, the discussion came up regarding a vulnerability to a frequently used piece of software. Several workarounds were discussed as a potential solution, but all required changes to infrastructure that would cause downtime in other areas of the business. One of the solutions put forward was to disallow the use of the software until a patch is released. The vendor has indicated that it will be several weeks before a patch is released. You have been asked to disallow the application, how might you achieve this?
Add the application to the block list in the endpoint security solution
A hotel chain has recently decided to offer free wi-fi to their gold elite status members. This new perk is being rolled out using a national ad campaign. The hotel chain is putting some capital investment behind this to ensure that the roll-out is smooth. You work for the company that received the contract to do the wireless installation across the northeast. You will be installing dedicated access points for every 4 rooms that will use WPA2 for security. The hotel chain wants to ensure that only gold elite status members can access the free wi-fi. Non gold elite status members will be forced to pay $4.99 for the privilege to use the network. What wireless configuration would best meet these requirements?
Configure a captive portal that gives the option to login or pay for the service
Recently a staff member was terminated from your organization. HR did their job under the IT security policy and let IT staff know within 15 minutes of the termination. All user accounts and access internally has been disabled for the user and a backup of their system has been taken. Their mobile device has been wiped of organizational data and the user's VPN access has been shut off. Over the course of the next month, several users within that staff members department have reported that there have been unwanted purchases being made using online services. A recent delivery of 2000 pounds of dogfood from Amazon highlighted that the shared account may have been breached. You suspect that the recently departed staff member has been using shared account to access third-party services and purchase unwanted items for the company. When you ask around no one knows exactly what shared accounts are out there or what might have been shared with the recently departed employee. What solution might you incorporate to ensure that shared passwords are tracked?
Configure a company password vault
A small development firm your company has acquired is running a git repository and managing it through a third-party communications platform. As part of the acquisition, you have been asked to update their development practices to ensure they are adhering to the OWASP Application Security Verification Standard. The development manager has integrated Agile development methods and the team practices continuous delivery and continuous deployments. During the morning standup meeting you have noticed that the team spends a good deal of time discussing bugs and issues that have made it through to their production environment. Several of these issues are re-occurring bugs that have come up previously but seem to be making it through the manual QA process. To ensure that the development team is adhering to security best practices and delivering fewer bugs to production, what might you want to consider implementing?
Continuous validation
In response to an incident you capture a system image of the affected system, plan a review of network traffic and logs, capture video of the incident, record time offset, take hashes and screenshots, and schedule witness interviews. These are all examples of what?
Data acquisition
A company is using biometric authentication. Which of the following would be used to gain access to a protected resource?
Fingerprint scanner, retinal scanner
Recently during a disastrous patch Tuesday, several key systems were taken offline for an extended period. The operating system patches had known compatibility issues with your antivirus software that caused your servers to no longer see the boot sector of the drive. This update requires you to restore all servers from backup. Operationally you have introduced a procedure for testing updates prior to implementation. This is not the first major issue that has happened in the environment lately. A recent configuration change to a firewall knocked a branch office offline for two days as they couldn't get the site-to-site VPN connection to reconnect. The CIO wants to implement a managerial control help ensure that these issues stop popping up. What managerial control would best be suited to help reduce these issues from happening?
Formalize a change control review process
Which of the following technologies will ensure that all Internet traffic is directed through the VPN connection?
Full tunnel VPN
You are conducting a security audit for a small construction company. The company has several servers running Linux that run internal web applications that are used for bid estimation. The network administrator is taking over for an employee that has retired. The retired individual was notorious for keeping information stored in his head, and not writing anything down. The new network admin wants to verify that the configuration of the webserver is secure. You have run a scan using sniper and have found a few patchable vulnerabilities. You have terminal access to the server, and you want to now verify that the retired administrator didn't store any user credentials on the local machine. What Linux tool might you use to do this?
Grep
You are in the process of upgrading the organization's email security, both within the corporate network and for users who need to access their corporate email remotely. Which protocols can you use to accomplish this?
HTTPS, S/MIME , Secure POP/IMAP
Which term describes an individual or a group of people who use exploits or hacking methods to express a particular ideology or political stance?
Hacktivist
You are brought in as a security consultant to ensure that systems between two companies that were merged are integrated in a secure and efficient manner. You have already reviewed both companies' internal documentation, server baselines, diagrams and network configurations. You have identified several security risks. The acquired company has offices located in regions well known for hacking activity, and their sensitive data is not encrypted at rest, and not hashed in any of their databases. They have also run a flat network across their sites with very limited segmentation. You are ready to start working on integrating the two networks. What should the highest priority be for you to resolve prior to connecting the two networks?
Hashing the sensitive that is stored in databases and encrypting the hard drives it is stored on
You arrived Monday morning to find that during the evening on Sunday a cyber event happened. Your core fileserver and several servers and desktops have been locked up with ransomware. The ransom has been set at 5 bitcoins to get your services back to operational. Your CIO has decided not to pay the ransom and has initiated the disaster recovery and business continuity plan. It is expected to take weeks to get all servers backup and operational. There is also the likelihood that it could happen again if the backdoor isn't closed. While you have been trying to find the root cause of the issue so that you can mitigate the risk of it happening again during the cleanup, you have been approached by several staff members and different area managers asking for updates. The frequent interruptions have made it difficult to manage the event, how could you best prevent this?
Have a communication plan for disaster/business continuity situations
You recently had issues with unauthorized access to your computer from the Internet. Which tool can be used to block these connections to your computer?
Host-based firewall
You have been tasked with implementing security measures to protect your databases from unauthorized access from web-based applications. Which measure would best address SQL injection attacks?
Implement stored procedures , run security automation tools
Which security practice should you use in an organization to ensure the system operators can only access the resources and tools that are required to perform their job?
Least privilege
You work for an oil and gas company as the IT security architect. You are reviewing the systems that are installed at one of your remote sites. The remote site is internet connected and many of the control systems are fed back to the head office for monitoring and control. One of the systems is a pump that is considered mission critical. The pump has been in use since the late 90's and has been out of manufacture support for several years. The pump costs around $5 million to replace. The replacement pump would take several weeks to install causing the company to lose millions more in revenue. The current pump control software runs on Windows NT. The operating system has several known exploits for it in the wild and it is considered a risk to the organizations network to run it. The CIO has asked that you bring any potential risks up for board approval. What type of risk would this be considered?
Legacy system risk
Your SIM dashboard has just thrown an alert indicating that a domain administrator account has accessed a server. Your security policy only allows this to happen under specific circumstances. When this happens, it is your job to investigate it and ensure that the domain administrator account is being used properly and not by a third party. You called the local systems administrator and asked if they are doing any work on the server and they have indicated that they are not. You review the security log in the event viewer on the remote machine and can see that the domain administrator has authenticated using rdp. The application log shows that the IS service on the machine was restarted. While you are investigating several other alerts start coming in from other servers on your network showing the same pattern of usage. What log should you review to determine the root source of the connections?
Network logs
E-mail has become the norm in many organizations but brings with it certain risks that administrators need to guard against. What can you do to secure mail gateways within the network infrastructure?
Server to server encryption, spam filter , data loss prevention
Due to the popularity of the Raspberry Pi, the company policy has been updated to state that employees are not allowed to bring them to work as a security precaution. Which type of system does Raspberry Pi represent?
SoC
You are a member of the security team for a federal government agency associated with elections. What type of threat actor should your team be especially aware of because of the nature of your organization?
State actor
Your company requires the strongest AAA support for remote users. What should you choose?
TACACS+
You are a member of the security team for a federal government agency. You would like to share cyber threat indicators and defensive measures with others using Automated Indicator Sharing (AIS). When configuring your software to participate in this sharing you receive an error indicated that you cannot perform predictive analysis because the exchange of information is not configured correctly. What is most likely the source of this error?
TAXII
A local college is rolling out a new wireless access system across the campus. The old system used WA2 authentication and had several challenges. After about the first week, student had connected several devices to the network that were unauthorized. These unauthorized devices slowed down the network to the point that it was unusable during examination time. In configuring the new network, the college has purchased high density access points to support more devices. The college has also installed 10gbe trunk lines that will connect to the access points. The college still wants to ensure that only authorized devices are on the network however, and that the WA2 key cannot be shared. What solution would you recommend?
Use EAP-TLS and issue certificates only to authorized devices
Your organization has recently had thousands of dollars stolen during a phishing campaign. The phishing campaign faked an email from the CFO looking for account information to process an emergency payment as a vendor was threatening to cut off services. The victim of the attack thought they were responding to an actual email from the CFO and provided the account details in full to the attacker. It took several days before the access to the account was noticed and during that time the attackers accessed the account multiple times to make transactions. The banking company and your insurance company are refusing to provide support for this incident as your organization knowingly gave away the account details to a third party. The CFO has asked you to help solve this problem going forward. What solution would best help solve this issue going forward?
Use computer-based end user training and run a phishing simulation
A processor in a datacenter server overheated and caught on fire, which triggered the sprinkler system causing the loss of the entire datacenter in your organization. The team was able to restore operations at a new datacenter within 3 weeks. In the future, the board of directors have indicated that they want as close to an immediate restoration as possible. They do not want to spend money to have a hot site available in the case of disaster, but instead have opted for a cloud-based disaster recovery service. This service is run by a smaller company within the area. One of the concerns you have is that customer data could be accessed by the cloud provider as they now house your entire organizations backups.
Use encrypted cloud-based storage and encrypt your backups
Which penetration testing method involves a person who already has complete knowledge of the infrastructure being tested before testing begins?
White box
In a recent re-organization, your company has let go of the district sales manager for the east coast of the US. In parting ways with each employee HR reviews the non-compete contract that each employee has signed along with any severance package they may be due. Since his departure your organization has lost a lot of the east coast business to the competition. The CEO heard rumors that the departed sales manager is now working for a close competitor in violation of the non-compete. Additionally, the CEO believes that the sales manager took the organizations customer data with him when he left. You have been asked to look at the user's laptop to determine if any data was exfiltrated. You first start a chain of custody record on the laptop and create an image of it using DD. What tool can you use to conduct the forensic analysis?
autopsy
Which of the following uses a brute force approach against a cryptographic hash function?
birthday
You have been brought into a company that recently experienced a data breach of their customer data. The company had been using an MSP but has decided to create their own internal IT department after the breach. The MSP blamed an email that came from a bad actor for the breach and had done a cleanup on the local machine prior to handing operations over to you. You have reviewed all equipment and systems within the organization and have created a patch management strategy to help keep systems up to date. In doing so you have found several older systems and noticed that much of your network infrastructure looks dated. You have contacted the vendor for support, but they have indicated that these items were purchased without a service contract. What information should you look for to determine if these systems are maintainable?
check the model end of service life
You have recently joined a new company in the role of a systems analyst. The company hosts several custom web facing applications for clients throughout the USA. You have been asked to take on a project to help harden the websites against possible intrusion. One of the websites runs a legacy application. This application is still in use by two customers. They access the website to place orders for new product. The website is hosted in the company DMZ, and the next-gen firewall traffic shows many SQL injection attempts against the website. You want to harden this server first. What option would best secure the website against attack?
configure an access control list and only allow connections from customer ip addresses
You are a member of the security team for a future online social media platform. You have decided to outsource many elements of the software as much as possible. Due to the nature of your software what third-party related security risk should be your top priority?
control and access to stored data
Which resiliency characteristic allows a cloud provider to dynamically start and shutdown servers based on the workload demands?
elasticity
You are performing a threat assessment for a planned new hot site. The site location has had flood problems in the past. Which threat assessment category would best cover this kind of threat?
environmental
Which technology allows users to use the same identification data to gain access to network resources across multiple different enterprises?
federation
When you work in network security, you need to be proficient in working with GUI based systems as well as working at the command line in both Windows and Linux. Which are the CLI commands that are used exclusively with Linux?
ifconfig , dig , tcpdump
You have arrived to work to find an alert email in your inbox from the previous night after hours. The alert indicates that a trojan was found and quarantined on a local user pc. The alert shows the time of the event, the website it was found on, and the variant of the trojan that was found. In reviewing the event you notice that the employee was searching for software that could be used to crack a piece of software that the user had installed on his machine. When discussing with the user, they have indicated that the were working on a project under a crunch and the license they had expired. The user said that they had no choice but to look for the crack and have been apologetic about the incident. You have educated the user about the situation, so it won't happen again. How might you have prevented the incident altogether?
implement a content filter
You have designed a company application that implements storage spaces for calculating the total number of items ordered by each employee daily. The application's storage spaces hold a maximum of four digits that are generated by completing an arithmetic operation. Which option can occur if the arithmetic operation attempts to place a value into the storage space that is larger than four digits?
integer overflow
Your company has setup an NIDS that receives a copy of all the traffic that is passing through your network. It logs any traffic that is suspicious. What is this an example of in this scenario?
passive , out-of-band
Which term is described as the ability to move around a network once an individual has been able to gain access?
pivoting
As the security administrator of your organization you have been asked to identify the specific PlI that is stored on the servers your company maintains and to spell out exactly how it is protected, shared, and maintained. Which of the following describes the type of document you are generating?
privacy impact assessment
You are planning to encrypt a file using a symmetric algorithm that encrypts data one bit at a time. What is this an example of?
stream cipher
Your organization has configured a security information and event management solution. The SIM solution uses a series of log collectors to manage incoming data. These log collectors are configured to be redundant and access to the storage has been limited. You currently have the SIM solution alerting anytime an admin account logs in locally to a machine. Additionally, alerts are generated for any critical system events, or anytime 3 or more failed login attempts are made to a user account. Your CISO would like to see alerts generated when users operate outside of an established baseline. What type of SIM analysis should be done to achieve this?
trend analysis