Security + Full Study Guide Qs (CompTIA )
An employee can authenticate to any client on the network and have shared files available for viewing. What function will provide this capability?
Directory services
An employee logs into the network with credentials, and then the network provides an access key. This key accesses network resources, such as shared files and printers, which the employee uses to complete tasks. What does the employee utilize based on this scenario?
Directory services
Which of the following illustrates the importance of roles and responsibilities during an incident?
Disaster recovery planning
Shielding helps prevent an unauthorized user from accessing network traffic. What does shielding protect a network from?
EMI
A system increases its environment due to a heavier workload. The system administrator adds a server to maintain the systems availability. What dynamic aspect of cloud computing occurs with this environment?
Elasticity
An organization is developing a risk management plan to avoid potential downtime in the event of an incident. One component of the plan includes the identification of critical systems. Considering critical aspects of business operations, identify the valid business process inventory items.
Employees, furniture, standard operating procedures
A local organization's operations have been severely impacted after a power transformer in the area failed and caught fire. Which classification best describes this type of threat actor?
Environmental.
A programmer ensures that when inaccuracies are found in executable code, the system provides user-friendly feedback. The system provides the user with a basic error message but logs a detailed description for back-end administrators instead of shutting the system down. This is an example of what secure coding practice?
Error handling
Which of the following attacks do security professionals expose themselves to if they turn the power output down on a wireless access point (AP)?
Evil twin attacks
A manager disabled a user's account and privileges, and ensured that any information assets created or managed by the employee, but owned by the company, were accessible. Which process is the manager executing in this scenario?
Exit interview.
A rock band would like to have a system in place to text fans when they arrive at the concert, welcoming them, and to provide them with a hashtag for participation. What should the software company recommend they use to achieve this?
Geofencing
A Windows 7 laptop computer has Microsoft's BitLocker enabled. Upon boot, the Windows operating system brings up the log in screen, ready for user credentials. Which of the following best describes how the system has BitLocker set up?
A TPM chip is on the motherboard.
A systems admin has deployed a messaging system in the office. Employees can message each other, but they were not certain if the message came from the correct person. Management also wants to ensure the message is not altered during transit. Which of the following will provide the most benefit to the messaging system? (Select 2)
HMAC. MD5
A company wants to ensure users can validate the website's certificate and establish a secure connection to mitigate Man-in-the-Middle (MITM) attacks on their public website. If a hacker compromises a certificate, which of the following will most likely circumvent the attack?
HPKP
Identify the removable device that when added to a system, provides cryptographic key generation, management, and storage.
HSM
An accountant opens a web browser and goes to a bank's website to pull the latest statement. Compare web protocols and determine the correct protocol to use for this type of web activity?
HTTPS (Hypertext Transfer Protocol Secure)
A company wants to maintain system availability for authorized users. Which environmental security control measure will the company implement? (3.5 Explain the security implications of embedded systems.)
HVAC
An environmental advocacy group uses cyber weapons to put companies at risk and promote their agenda. What type of attack does this demonstrate?
Hacktivists
A laptop arrives at the company technology lab with a private key embedded, providing full disk encryption. When matched with a public key, what does this system provide?
Hardware root of trust
Investigators gathered evidence from a breached system. An image of the system was acquired before leaving the scene. Which step should the investigators execute next in following best practices for obtaining evidence?
Hashing
If a user's device becomes infected with crypto-malware, which of the following is the best way to mitigate this compromise?
Have up-to-date backups of the encrypted files.
Which of the following authentication protocols were created by Cisco? (Select 2) (6.3 Given a scenario, install and configure wireless security settings.)
LEAP, EAP-Fast
A security engineer is using several virtual servers accessible from the company network to lure in potential attackers. What has the security engineer created? ~
Honeynet
A security administrator plans to create a boundary of the network where unauthorized personnel will have access to. This area of the network will have a working domain controller with a file server, web server, and email server. Which of the following summarizes the plans for the network boundary? (Select two)
Honeynet, & Honeypot
Initial exploitation cannot perform under which of the following circumstances?
Host scanning
Which of the following is NOT a way to accomplish initial exploitation?
Host scanning
A major incident recently occurred at an organization. As a result, systems were down for several weeks and business was lost. If an alternate site had been available for business continuity purposes, the organization would not have suffered. After analyzing the options, conclude which site type can be ready at a moment's notice?
Hot (Site)
Cooling costs in the data center increased dramatically in previous months, due to the addition of two mainframes. To lower the energy, cooling and management costs, while maintaining airflow, what can the technician employ?
Hot and cold aisles
A company has outsourced its equipment requirements and pays on a per use basis to save costs. Which cloud service is this?
IaaS
A company would like to implement a cloud concept that allows for outsourcing of equipment and support functions. The company would like to rent the services on an as-needed basis. Which cloud concept would best suit the company's needs?
IaaS
An account manager for a large organization is tasked with creating an active directory to assign users roles and user permissions to resources as separate functions. What rule should the account manager follow?
Accounts go into Global groups, which go into Domain Local groups, which get Permissions (AGDLP)
Along with running the latest operating system, security patches, and updates, which of the following tools or applications should any Windows 10 client build include for security threats?
Antivirus
To reduce the number of ports bused on a router, a network engineer combines two separate subnets to one. How did the engineer most likely accomplish this?
Applied an aggregation switch
A large organization hires a security consultant to advise on implementing an access control system. The organization needs to be able to assign permissions to users, based on user group memberships, departmental rules, and access location. What type of access control would the security consultant most likely recommend to best meet the organization's needs?
Attribute-Based Access Control (ABAC)
Select the term that describes a widely used radio standard for wireless connectivity?
Bluetooth
When enabling a feature for data execution prevention, which of the following attacks would it protect a Windows operating system from?
Buffer overflow
A computer needs a signed certificate to authenticate to the network. What must the computer initiate with a Certificate Authority (CA)?
CSR
A systems administrator copies a large .iso file to a remote server over a high-latency network. The copy took about 12 hours to complete. There is a possibility that file tampering occurred during transit. How may the administrator verify the file is safe to use and deploy?
Capture a hash
A network engineer analyzes an alert, taken by sets of data matched to known patterns in a system. What software component collected this information?
Correlation engine
The security team for a large company performed a risk assessment and identified three main entry points for biometric scanner installation. They install an iris scanner and are engaged in fine-tuning the system. Which metric is the security team currently adjusting?
Crossover Error Rate (CER)
What is the unauthorized copying or retrieval of data from a system referred to as?
Data exfiltration
What kind of access points provide a risk for Wi-Fi users? (Select 2)
Open access, & Rogue Access
Which of the following does NOT make a network more susceptible to undetected intrusions and catastrophic service failures?
Places In the Network (PIN)
Why are many smart devices vulnerable to standard web application and network attacks? (Select 3)
Poor documentation of security features, Inadequate vendor patch management, & Inadequate vendor security response processes
A small company is evaluating risk related to the possibility of system downtime. Which approach does the company need to implement to accurately calculate Single Loss Expectancy (SLE) and Annual Loss Expectancy (ALE)?
Quantitative risk assessment
A Public Key Infrastructure (PKI) can produce many type of certificates with private/public key pairs. In contrast to a self-signed certificate, how does a wildcard certificate benefit an organization?
Reduces management overhead
During a SYN (synchronize) flood attack, which of the following can occur that would pose a problem to the exploited device? (Select more than one)
Resource exhaustion, Denial of service (DoS), & Amplification
Which of the following conditions correlate with the process of a SYN (synchronize) flood attack? (Select 3)
Resource exhaustion, Denial of service (DoS), & Amplification.
A company requires a method of managing the network through a control layer separate from the data layer. The company would like to reconfigure the network by making changes from executable files, instead of physically reconfiguring. Which of the following should the company implement?
SDN
What device offloads tasks from servers, allowing network load distribution, while maintaining encryption techniques?
SSL accelerator
Signing certificates to verify authenticity and unauthorized modification of an executable script is a form of which of these?
Secure coding technique
Which type of service account has the most privileges?
System
Identify the hardware chip, located in the computer's motherboard, that maintains keys for encryption to support secure boot processes.
TPM
Which of the following allows an attacker to exploit a misconfigured device and obtain a bridged connection to the corporate network?
Tethering
Which of the following is most likely NOT a potential major threat for motor vehicle embedded systems?
The ability to remotely control the air conditioning inside the vehicle.
What makes the basic version of Lightweight Directory Access Protocol (LDAP) protocol vulnerable to Denial of Service (DoS) attacks?
The server does not require client authentication
When a system no longer aligns with the established baseline, what should a network administrator consider when troubleshooting? (Select3)
The system may drift over time, Check for malicious intent, & Check patches and other updates
malicious user compromised co's email server & bought domain similar 2 bank name. attacker monitored email & altered acct #s of legit pay-off notices from bank. used fake domain 2 send notices forged with attacker's bank acct #. Which attack did the attacker execute? ***
Typosquatting
Which of the following describes a social engineering technique an attacker can use if the attacker wanted the end-user to click on a link as soon as possible?
Urgency
2 virtual servers deployed DHCP. 1 server provide Internet Protocol addresses, while other standby. server back-end has active-passive clustering. Management wants services for session routing something other than Cisco. Which of following support management's needs? (Select 2)
VIP (virtual IP address), & CARP (Common Address Redundancy Protocol)
Identify the device that includes all of the necessary services to create a secure connection to a private network, from a public source.
VPN concentrator
What is the name of the development lifecycle model that lacks flexibility and makes changing requirements difficult?
Waterfall
Which of the following use symmetric algorithms? (Select 2)
3DES, AES
What software or hardware filters traffic passing into and out of a network?
Firewall
Which of the following represents a module used to manage and store encryption keys?
HSM
Analyze the following groups and conclude which is used in defining critical systems.
People, furniture, ideas
When considering Continuity of Operations (COOP) and Disaster Recovery Planning (DRP) processes, how are improvements handled after an incident has occurred?
After-action report
A device connects multiple subnets to reduce the number of active ports. The same device gathers information and reports applicable findings to a central console in an Intrusion Detection System (IDS). Which of the following devices is this?
Aggregation switch
2 virtual hosts run on stack & each host runs VM. Both use shared storage, & admin provide stateful fault tolerance. Enterprise services running on these work on both hosts, & continue working if 1 goes offline. What cluster set up would provide functionality organization requires? ***
An active/active configuration consisting of n nodes.
How can admin mitigate a race condition vulnerability?
By ensuring the lock of a memory object, when one thread manipulates it
Which of the following does NOT correlate with vulnerable business processes?
Bypassing a Mission Essential Function (MEF)
A company has been working to improve its overall security program. One such improvement is a new backup system. Which type of security control does this new system provide?
Compensating control
It is time to audit the network's security. Which of the following will help with the process of scanning for vulnerabilities? (Select two) (2.2 Given a scenario, use appropriate software tools to assess the security posture of an org.)
Check all computers for installed anti-virus software. & Perform passive reconnaissance activities.
Following military classification guidelines, select the lowest document classification type that is still restrictive.
Classified
A user invited a friend to the office for a tour. There were several moments when the visitor was left alone. During these times it was possible that confidential information was viewed. What type of policy can prevent such an activity from occuring?
Clean desk
Which of the following attacks consists of intercepting a key or password hash, to reuse it as a means to gain access to a resource?
A replay attack
A company's computer has a mobile device tethered to it, which creates a remote backdoor into the network. What does this device become?
A rogue access point (AP)
By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware?
A shim
A Windows firewall rule allows all programs, all protocols, and all ports within a (192.168.0.0/24) subnet to connect to the network. What type of Windows Firewall with Advanced Security is this?
Access Control List (ACL)
A pen tester discovered that a certain vulnerability did not get patched on an SQL server. The pen tester then exploited the vulnerability with code injection and owned the server. Which of the following best describes this technique? (1.4 Explain penetration testing concepts.)
Active reconnaissance
Mgmt requiring effective way finding vulnerabilities servers, hosted services, & other system configurations. security admin suggests process-intensive technique that may disrupt normal operations. What type scanning suggested? (Select 2) ***
Active scanning, & Credentialed scanning
A developer works on building a new device that will track the activity level of a user. Compare the technology utilized with mobile devices and determine what the developer will most likely employ.
Adaptive Network Topology (ANT)
User A sends an encrypted email to User B. That email is also signed by User A. The email includes a link to a file server to download the latest Windows image with a text file saved with the image's hash value. Which of the following are supported in this scenario? (Select 3)
Confidentiality, Non-repudiation, Integrity
A computer system at a local company was breached. Since the incident, internal IT support removed a USB flash drive that was found plugged into the machine. Security experts now question the validity of the chain of custody. Which statement justifies the analysis of the situation?
Evidence has been tampered with
A test manager uses automation to generate random input data for security testing. What method is the test manager demonstrating?
Fuzzing
A user attempts to access a resource and they receive a notification informing them they are not authorized to access that resource. Analyze various types of access control policies and determine which are most likely in place in this scenario. (Choose 2)
Implicit deny, Least privilege
The system administrator is installing a web server certificate, and receives an error indicating the server does not accept wildcard certificates. After examining the certificate, the system admin notices the problem. Analyze the error to determine the specific location where the admin found the problem.
In the SAN
Evaluate the following mobile device deployment models and determine which answer best describes the main difference between company-issued, personally-enabled (COPE) and choose your own device (CYOD).
In using CYOD, the employee can select the device from a list of approved mobile devices.
User A wants to establish a secure connection with a web server. Transport encryption is used to ensure data is encrypted as it is sent over the network. This works when both client and server agree on a secret key. How is this secret key exchanged?
In-band
Assets support each IT system. What type of assessment can determine the reliability of each asset?
Key Performance Indicators (KPI)
A recent incident is under review for future response planning. The current goal is to determine the incident's cause and whether it was avoidable. Consider the objectives included in the phases of the incident response lifecycle to conclude which phase is currently in progress.
Lessons learned
A company has experienced several break-in attempts at the server farm. The gated area requires common access cards for entry. What other physical security control can the company employ to deter unauthorized entry to the building?
Lighting
Investigators found the main door of a data storage facility opened and a system missing, which indicates an internal breach. A monitoring system is in place; however, the suspects are unidentifiable. Considering physical security controls, which type should the company implement to protect the facility?
Lighting
A risk assessment is scheduled at a local business. All data and related systems are to be included in the assessment. Which variables should be used to calculate the degree of risk? (Choose 2)
Likelihood, Impact
Which setting can be added to a 4-digit PIN entry mechanism, such as those used on many mobile devices, to make the login process more secure?
Limited number of attempts
A company uses one web server with multiple application servers to handle large processing requirements and provide high availability. Which of the following is the company using? ~
Load balancing
Analyze the following statements and determine which best fits the criteria for an environmental incident.
Local businesses are impacted after an aging utility pole has collapsed, bringing down communication lines
A network administrator sets up a wireless access point (WAP) in the office. Management wishes to allow access to only certain mobile devices owned by employees. What setting on the (WAP) would the network administrator configure?
MAC (media access control) filtering
A company changed the policy for mobile device use to Bring Your Own Device (BYOD). Management asks the IT administrator to ensure employees can access corporate application and data at anytime and anywhere. What does the IT administrator implement to safeguard corporate applications on BYOD's?
MDM (mobile device mgmt)
A person's account needs re-securing each time the credentials get stored or transmitted in cleartext. There are various protocols that can prevent this from happening. Choose the selection that does NOT prevent an account from being unsecure.
Make sure to store passwords in the spreadsheets or data base files.
An employee has authorized access to the company's system and intentionally misused the data from that system. What type of attack has occurred?
Malicious insider threat
Mutual authentication prevents a client from inadvertently submitting confidential information to a non-secure server. Mutual authentication also helps avoid which of the following? (Select 2)
Man-in-the-Middle (MiM) attacks, & Session hijacking attacks
A large geographic area was impacted by a major communications outage. Investigators found evidence of an accidental fire that burned down a central switching office. Such an incident is considered to have characteristics of which type of threat?
Man-made
Several small businesses suffered a power and communications outage. It was later determined a fire burned down a utility pole after a serious automobile accident. This scenario describes the characteristics of which type of threat?
Man-made
An attacker changed the physical address of the wireless adapter interface, to redirect traffic to the hacker's computer destined for the legitimate user. What type of attack does this describe?
Media Access Control (MAC) spoofing
Two technology firms are in preliminary discussions to work together on several projects. The goal of the joint venture entails providing support services to a wider customer base as an entity with shared resources. Each firm has its own customer base, custom branded products, and established processes. Evaluating the current situation, which type of agreement should be put in place between the two firms? (5.0 Risk Management: 5.1 Explain the importance of policies, plans and procedures related to organizational security.)
Memorandum of Understanding (MOU)
What protocol alters public IP addresses to private IP addresses and vice versa, in an attempt to protect internal computers from the Internet?
NAT
Distinguishing between Enterprise and Open authentication, determine the easier option for a user to connect to a wireless access point, and identify the reason supporting the selection. (Select 2)
Open No authentication
A system has been compromised at a local business. In response, a help desk technician began recovery by powering the system down. As a result, what has been compromised?
Order of volatility
An admin sets up an intrusion detection system (IDS), which will require a separate V-LAN (virtual local area network) connection for the management channel. What type of link did the admin set up?
Out-of-band
Which of the following is an example of improper input handling? (Select two)
Overflow, & Injection
A private key is being exported to transfer to another server. There is no .pfx option. What other certificate extension can support the transfer of this private key?
P12
Which certificate format allows the transfer of private keys and is password protected?
PFX
Which of the following will least likely cause performance problems? (Select two)
Passive scanning, & Port scanning
A small company is configuring their network and looking for an authentication protocol. Which authentication protocol should the company NOT use?
Password Authentication Protocol (PAP)
A company ensures a system's availability by addressing software and hardware bugs. As soon as an update is available, the system administrators test and deploy. This is a good example of what practice?
Patch management
A user connects to an airport's Wi-Fi network from a smart phone. A white splash page immediately opens up and quickly disappers. The user is unable to browse the Internet after opening a web browser, but there are no other prompts or pop-ups. Why is the user unable to connect to the Internet?
Payment for access is required
An organization has a network access control (NAC) system that assesses the health of workstations and laptops connected to the corporate network. A network admin must add mobile devices to the list of platforms. How will an admin provide health assessments for these new devices?
Perform an agentless health assessment.
Management going through excess equipment & recyclables. repurpose computer workstations & discard archived printed documents. no approved software to do work, small budget to purchase. Which of following make most sense to buy? (Select 2) ***
Powerful magnets. & Paper shredder
A company desires a basic protocol for email. The owner requested that a local system store and manage email for each user. Compare the various mail protocols and recommend the best solution for the company.
Secure Post Office Protocol v3 (POP3)
Employees log into their email and the messages download from the server, onto the client. The mail server does not store the messages. Compare the following email protocols and determine which protocol this represents.
Secure Post Office Protocol v3 (POP3)
An administrator needs to complete a Secure File Transfer (SFTP) between UNIX systems. Compare the methods for obtaining secure remote access and determine which method the admin will most likely utilize.
Secure Shell
A system administrator teaches a class to junior technicians on the principles of web server hardening. Recommend the principles to include in the training. (Select 3)
Secure a guest account, Use SSH for uploading files, & Use the configuration templates provided
Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new server. (Select 3)
Secure a guest account, Use SSH for uploading files, & Use the configuration templates provided
A process only allows signed drivers and operating systems to invoke through a specific set of steps, and blocks malware attempting to alter the process. Which of the following operations does this describe?
Secure boot
An organization is considering a new approach to security measures. The plan is to follow established industry standard security controls. Analyze the possible controls that may be implemented and determine which is the best example of a deterrent control.
Security guard
New security controls have been implemented in an organization. Analyze the possible controls and select the best example of a deterrent control.
Security guard
After a recent incident, investigators are performing forensics on a Windows server. While using various tools to examine damaged data, they discover the timestamps on an NT file system (NTFS) volume do not seem correct, and are a few hours different from local time. What determination should the experts conclude as the reason for the timestamp discrepancy?
Timestamps are in coordinated universal time
Why are many medical device embedded systems vulnerable to a wide range of attacks? (Select two)
Unsecure communication protocols, & Outdated operating systems
What vulnerability does User Account Control (UAC) protect against?
Using administrative accounts for mundane tasks
A company CIO wants to cut costs by removing three underutilized physical servers from the network. The remaining two systems will serve as a host to replace the servers, and continue to provide the same performance and capability. What is this an example of?
Virtualization
Which of the following is an example of why viruses are destructive? (Select 2)
Viruses can exploit zero days, & Viruses can spread via social engineering techniques.
An organization has many old systems in storage from a past downsizing. While the systems are older, components such as hard drives can be repurposed. The drives are healthy but contain data from previous users. In effort to protect confidential information, the drives are being formatted to erase data before reuse. Consider various media sanitization methods and select the initiative IT is practicing.
Purging
IT is repurposing one dozen hard drives from old systems. The drives are healthy, but contain data from previous users. In effort to protect confidential information, the drives are being wiped to erase data before reuse. Consider various media sanitization methods and select the initiative IT is practicing.
Purging
A report has been compiled from results of a user completed systems use survery. A risk assessment was developed based on findings in the report and presented to management. Which approach supports conducting a risk assessment in this fashion?
Qualitative
A risk assessment needs to be performed for the computer network at a small business. Rather than spend time on complex calculations, the assessment will focus on user needs and input. Which approach supports conducting a risk assessment in this fashion?
Qualitative
A company implements a data availability solution based on a striped disk array without redundancy. Which of the following best describes this implementation? (3.8 Explain how resiliency and automation strategies reduce risk.)
RAID-0
What is a secure version of file transfer protocol, which facilitates data access and data transfer over a secure shell data stream?
SFTP
A system administrator completes a file transfer, secured by encrypting the authentication and data between the client and server over TCP port 22. Evaluate the file transfer protocols and determine which protocol the administrator used.
SFTP (Secure Shell (SSH) FTP)
A system administrator moves a file from a server to a client using Secure Shell (SSH) over port 22. Compare the protocols for file transfers, to deduce the protocol utilized.
SFTP (Secure Shell (SSH) FTP)
The Federal Information Processing Standards (FIPS) was developed by the National Institute of Standards and Technology (NIST) for the U.S. government. The standards include a series of security technologies for use on government systems. Why is the Message Digest Algorithm (MDA) not a part of FIPS?
SHA became a replacement
A new IT support ogranization is preparing many agreement templates for business. These templates will be used for partnerships, vendors, support agreements, and more. When organizing these templates, which should be applied to support agreements?
SLA
A qualitative risk assessment is taking place at a business. The assessment focuses on company data. Risk values for each application handling data were determined using the percentage of the lost value. When evaluating this risk, which risk factor was calculated in this scenario?
SLE
A company maintained operations even though the workload had heavily increased using the existing software and hardware. What mechanism allowed this to occur?
Scalability
group of students receive phone call from someone claiming to be from debt consolidation. solicitor convinced students for limited time, rare offer will expire, could erase student loan debt if they provide their Social Security Number and other personally identifiable information. Which of the following tactics did the caller use?
Scarcity and urgency
A risk assessment resulted in the discovery that company-owned computers contained unauthorized software. To address the situation, IT implemented a new policy, along with which technique to enforce application control?
Blacklisting
A small company has set up the domain environment to prevent the installation of a list of prohibited software. Employees received this same list via email. What type of method prevents installation of specific software on workstations known as?
Blacklisting
To protect connections to Wireless Access Points (WAPs), an encrypted connection must be established between the WAP and client computer. WPA and WPA2 provide encrypted means stronger than Wired Equivalent Privacy (WEP). Differentiate between WPA and WPA2 and identify what makes WPA2 stronger than WPA. (Select 2)
AES, CCMP
An executive user is supposed to have permissions to a given resource, however, when the user tries to access the resource, access is denied and the user receives an error message. Analyze the situation to troubleshoot the problem and select which of the following scenarios provide a plausible explanation for the user's thwarted access. (Select 2)
Access Control Entries (ACEs) are out of order in the Access Control List (ACL). The user has not been granted permissions to the resource they are trying to access
An increase in malware detection, due to certain web browsing activity in the workplace, caused the information systems security office (ISSO) to deploy a unified threat manager on the network. How would this network appliance help reduce malware on client workstations? (Select more than one)
Block URLs, Scan web traffic, & Block malware
A mobile application communicates with a central web server and sends blocks of data of 128 bits. The software developer wants to use an optimal cypher algorithm that will support confidentiality in the fastest way possible. Which cipher and mode should be used in this sitation? (Select 2)
Block cipher, Electronic Code Book
A software developer wants to create an application that utilizes AES (Advanced Encryption Standard) for encrypting data, and send the data to a central server using TLS (Transport Layer Security). The developer wants the app to operate as fast as possible. Which cipher and mode should be used in this scenario? (Select 2)
Block cipher, Electronic Code Book
Which of the following is not a concept in a Secure DevOps project?
Attestation
Bcrypt is a software library used to hash and save passwords applying key stretching techniques. Which of the following aligns with this process? (Select 2)
Blowfish, Rounds of hashing
A company would like to implement a method of authentication that records who entered a controlled area and when. What is the best security control to implement?
Biometrics
Employees must provide a retina scan to pass through a steel door, as a means to gain entry to the server vault. This is an example of what type of physical security control?
Biometrics
Analyze the following scenarios to determine which best represent attacks that Nearfield Communications (NFC) are vulnerable to. (Select 3)
Certain antenna configurations may pick up the Radio Frequency (RF) signals. An attacker with a reader can skim information from the NFC device. & An attacker may be able to corrupt data being transferred.
A system administrator configures a proxy server to accumulate all internet traffic on a dedicated area of RAM to increase speed. What does the system administrator want to achieve?
Caching content for performance
Which password cracking tool comes with a password sniffing tool and is compatible with Windows computers?
Cain and Abel
network admin's computer desktop full network security tools useful 4 patching & hardening network. after audit, discovered Wireshark app, which alarmed mgmt. What makes mgmt apprehensive having on company computers? (Select 2) ***
Can eavesdrop on network communication, & Can scan a network for open ports
Several company servers have failed from overheating in the controlled room. A system administrator will deploy new servers as replacements. What should the system administrator do before deployment, to ensure a secure starting point?
Capture a master image
Analyze the scenarios and determine which attacks would likely cause Nearfiled Communications (NFC) vulnerabilities. (Select 3)
Certain antenna configuration may pick up the RF (Radio Frequency) signals. An attacker with a reader may be able to skim information from the NFC device. & An attacker may be able to corrupt data as it is being transferred.
A system administrator needs to make an update to the company application. Before making the modifications, the administrator must submit the update for review and approval. Identify this type of policy.
Change management
A company would like to deploy a software service to monitor traffic and enforce security policies in their cloud environment. What tool should the company consider using?
CASB
A large firm requires better control over mobile users' access to business applications in the cloud. This will require single-sign on and support for different device types. What solution should the company consider using?
CASB
What term describes an attacker who uses information about a victim by using social media tools?
Cyber stalking
A group of security professionals from several non-competing organizations address local security incidents by forming a Unified Cyber Incident Response Team (CIRT). The goal of the program is to share insights and knowledge, and assist in mitigating threats. Considering the team's desire for diversity among the team's membership, determine which user type should be included.
Decision maker
Android has released an updated version of an application that tracks calories burned after certain activities. The previous version is no longer useful to consumers. What must the developers do to use the new version of this application on the target device?
Deprovision the old version
A user in a company would like a new USB flash drive. Rather than request one through the proper channel, the user intends to obtain one from a company storage closet. Upon approaching the closet door, the user notices a warning sign indicating cameras are in use. It is a known fact there are no cameras located in the company building, so the user enters the closet unconcerned. What type of security control is being attempted in this situation?
Deterrent
An attacker can exploit a weakness in a password protocol, to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select 2)
Dictionary word, & Rainbow table
The administrators of a website need to execute the website as an HTTPS. What does the server require, prior to receiving HTTPS status?
Digital certificate signed by a trusted certificate authority
An up and coming entrepreneur wants to build an online business. During creation of the website, the owner sends an email to a third-party certificate service, and was able to setup a trusted and secure website in 24 hours. Which process supports the quick turnaround time for web server set up?
Domain validation
Which of the following will most likely cause a computer hard drive to be unrecoverable?
Drilling holes
A social engineer, impersonating a suppliant, rummaged through the garbage of a high-ranking loan officer, hoping to find discarded documents and removable media containing personally identifiable information (PII). Which of the following social engineering techniques did the attacker utilize?
Dumpster diving
A system engineer sets up a firewall to hide internal computers from the public internet. The engineer applies a multiple IP address approach for mapping each computer. Which of the following did the engineer create? ~
Dynamic NAT
A security assessor uses a technique to test for vulnerabilities and code quality during the development phase. Which of the following is most likely happening during this phase?
Dynamic analysis
D-H Ephemeral (DHE) mode combined with _______ provides a perfect forward secrecy mechanism for Transport Layer Security (TLS).
ECC
An end-user at a company logs in daily, to multiple web portals, each with its own separate password. The user has too many passwords to remember and therefore recycles them, which is against the company's password policy. Which of the following can help mitigate this unsecure behavior? (Select 3)
Educate the user about security risks. Monitor the user on the network. & Discipline the user if the user violates policy.
A software engineer needs to incorporate asymmetric encryption into a custom application, however, the code does not work well with large keys. Ideally, the engineer does not want to sacrifice the application's encryption and security. Which of the following would best fit the needs of the application?
Elliptical curve
An individual uses a medical device to transmit up-to-date heart health information to a hospital lab. In order to maintain the patient's privacy, how should the hospital lab handle the data?
Encrypt at rest and in transit
Evaluate the statements and select the appropriate procedures to follow when implementing a mobile device security. (Select 3)
Enforce policies to curtail or disable the use of certain mobile device activities. Monitor certain activities associated with mobile devices. & Implement security controls on mobile devices
When implementing mobile device security, what should admin consider? (Select 3)
Enforce policies to curtail or disable the use of certain mobile device activities. Monitor certain activities associated with mobile devices. & Implement security controls on mobile devices
The IT department receives a phone call from an employee who is having an issue signing into the network. What can the IT department do to troubleshoot this problem? (Select two)
Ensure that authentication servers connect to the network and can communicate with other resources. & Verify that synchronization of date/time settings occur on both servers and clients.
A network administrator enables WPA and WPA2 on a Cisco Wireless LAN (Local Area Network) Controller. 802.1x is also enabled. How will the network admin complete setup for Enterprise mode?
Enter secret key for RADIUS server
An organization is starting a threat assessment project, with both internal and external factors considered threats. How is accidental fire damage categorized?
Environmental
A serious malware infection recently occurred at an organization. The cause was found and eliminated. Systems are now being tested and brought back online. Considering incident response procedures, how is finding the cause categorized?
Eradication
A recent security audit necessitates the need to separate network resources on a departmental level. Admin will implement the separation across hardware and software devices. After analyzing a list of suggestions, which approach provides a complete solution to the problem?
Create VLANs
Two companies are planning to provide their users easier access to wireless access points at any of the company locations using personal company credentials. Extensible Authentication Protocol (EAP) will be used so users are not required to memorize more passwords. How would a network administrator set up such a wireless network for these users?
Create a RADIUS federation
An attacker sent a victim an email with a link to a malicious website. The victim then clicked the link, which opened a malicious payload in the browser, and changed the user's password to a legitimate website. What type of attack is the legitimate site vulnerable to?
Cross-site Request Forgery (XSRF)
A network administrator separates access to company resources based on job function. The administrator groups access allowed to specific information within the network. Which of the following is the best separation method to implement?
Create VLANs
An authorititative server for a zone creates a Resource Records Set (RRSet) signed with a zone signing key. Analyze Domain Name System (DNS) traits and functions and conclude what the scenario demonstrates.
DNS Security Extensions
Server B requests a secure record exchange from Server A. Server A returns a package along with a public key that verifies the signature. What does this scenario demonstrate?
DNS Security Extensions
What type of attack takes content from a local system, encrypts it and sends it to the attacker's server via HTTP over the port 80?
Data exfiltration
A federal agency is sending encrypted archives to its big data vault from a location in another state. Only authorized personnel can move and access these files. During the transmission, a system administrator fills out a simple text form at the destination to detail the purpose of these documents. Which state is this form most likely in at the vault? (6.0 Cryptography and PKI: 6.1 Compare and contrast basic concepts of cryptography)
Data in use
When security engineers consider attacks against information systems, they think about protecting the technological components of those systems. What non-technological components should security also consider? (Select two)
The system's users, & Social engineering
user received pop-up identifying virus. pop-up offered link to download program to fix problem. After clicking link, security operations center (SOC) received alert from computer that user downloaded Trojan. Which of the following is most likely true about the pop-up?
The tool claiming to fix the problem was actually a hoax attack.
A malicious actor discovered that a company's storing and processing of data were insecure. The attacker deciphered encrypted data without authorization and impersonated a person within the organization by appropriating their encryption keys. What type of critical vulnerability did the attacker exploit?
The use of weak cipher suites and implementations
An end-user installed an application and began receiving pop-up ads, frequent crashes, slow computer performance, and strange services running. Which of the following most likely describes what occurred to cause these problems?
The user installed Trojan horse malware.
IT staff used an admin account to download & install software. After launched .exe extension installer file, user received pop-ups, frequent crashes, slow performance, and strange services running. What most likely happened to cause these issues?
The user installed Trojan horse malware.
Analyze and conclude why the following passwords are classified as weak:12qwaszx!@QWASZX; 1qaz2wsx!QAZ@WSX; zaq1xsw2ZAQ!XSW@; xzsawq21XZSAWQ@!
They all adhere to an easily identifiable scheme
These passwords may appear to be strong, given their combination of letters and characters, but on further investigation, these passwords are classified as weak:12qwaszx!@QWASZX; 1qaz2wsx!QAZ@WSX; zaq1xsw2ZAQ!XSW@; xzsawq21XZSAWQ@!Analyze the passwords to determine the most logical explanation for their deficiencies.
They all adhere to an easily identifiable scheme
How can examining assessment objects to understand the security system and identifying logical weaknesses, help during a security assessment? (Select 2) (1.5 Explain vulnerability scanning concepts.)
They can identify a lack of security controls; & They can identify a common misconfiguration.
Device firmware for embedded systems that have dedicated firewalls have a problem with which of the following? (Select two)
They lack processing power. & They lack memory space.
Which of the following are reasons why many medical devices with embedded systems are vulnerable to malicious exploits? (Select two)
They use unsecure communication protocols. & Their control systems use outdated operating systems.
In the Kerberos authentication system, the ticket granting ticket (TGT) is a logical token. What information does this ticket convey?
Time stamp, name and IP address
What are most authentication and access control protocols dependent on?
Time synchronization
An IT security expert investigated a computer crime scene using computer forensic investigation best practices. After analyzing the following terms, which best fits the criteria of preservation of evidence?
Timeline
Analyze the following terms and consider computer forensic investigation best practices. Which best fits the criteria of preservation of evidence?
Timeline
Why is it recommended not to use the default administrator account for routine administration, even after it has been renamed?
The principle of least privilege suggests it may have inappropriate privileges for the task at hand
A user logs on to a company server through the company's Remote Authentication Dial-In User Service (RADIUS) client from a remote location. The user receives an Access-Challenge message and mistakenly believes it is an error message. Analyze the situation, and determine why the user is mistaken.
A RADIUS client can integrate with other Authentication, Authorization, and Accounting (AAA) servers, which requires additional user input for authentication
A series of binary data are used for biometric enrollment. What information does this binary data store?
A biometric template
An attacker gained remote access to a computer by sending a malicious backdoor payload to a program that was too large for an area of memory, which the program reserves for storing expected data. What type of exploit did the attacker perform?
A buffer overflow
An attacker gained remote access to a user's computer by exploiting a vulnerability in a piece of software on the device. The attacker sent data that was too large for an area of memory that the application reserved to store expected data. What type of vulnerability did the attacker exploit?
A buffer overflow
An information technology department has issues tracking updates implemented to a system. As outages occur, it forces them to roll the system back to the starting point, to troubleshoot which update may have caused the outage. What can the department implement to alleviate multiple rollbacks and better track system updates?
A change management process
A system administrator conducts an audit and notices several anomalous log entries. The audit seems to indicate an anonymous user making changes to host processes. Analyze the audit findings and determine the probable cause of these anomalous entries.
A local service account has gained escalated privileges
Mgmt hired 20 new people & network team set up network connections in office to accommodate. 3 dummy client switches, with 40 computers connected to network. client computers have IP address using DHCP (Dynamic Host Configuration Protocol). Connected to switches are local DHCP & file servers. When trying 2 access servers or Internet from computers, no network connectivity. Some clients have a DHCP IP address. What may be the cause? ***
A loop in the network
network with 2 normal-working switches, have several client computers connected for work/Internet access. After adding 2 switches & more computers; cannot access network. What is most likely cause and solution? (Select 2)
A loop in the network, & STP (Spanning Tree Protocol)
Which of the following is a sign of a malicious or corrupted process, and is particularly serious within service applications and in the operating system kernel?
A memory leak
only wireless access point (WAP) in office is 802.11ac device that has faster data rates & better performance, more than older WAP. device is on ceiling, in middle of office, with limited access to 100 feet. What may cause the shorter range? ***
A reduced power setting.
Which of the following scenarios depict improper implementation of multifactor authentication? (Select 2) (4.0 Identity and Access Management. 4.1 Compare and contrast identity and access management concepts.)
A user performs a retinal scan, followed by a fingerprint scan, A user enters a username, password, and a PIN
An organization's security manager has decided to implement a two-factor authentication policy. To test employees' ability to apply the policy, the security manager polled users for examples of two-step authentication. Analyze the following options and select the examples that meet the criteria for two-step authentication. (Select 2)
A user requests authentication to an application server by entering an email address. The user receives an email with a one-time password, which the user enters to access the application. A user unlocks their computer with a password, then signs on to a web-based email application with a username and password. They receive a text message with a code they must enter to access their email.
A company wants to extend the corporate network to their employees over the Internet, anywhere in the United States. Requirements include a small budget and a minimum change to infrastructure. Access is transparent to the user. Which of the following should the company consider? (Select two)
A remote access topology, & TLS VPN (used to encrypt all data packets traveling between an internet connected device and an SSL VPN server)
A hacker used a Man-in-the-Middle (MitM) attack to capture a user's authentication cookie. The attacker disrupted the legitimate user's session and then re-sent the valid cookie to impersonate the user and authenticate to the user's account. What type of attack is this?
A replay attack
Differentiate between two-step and two-factor authentication. Select the scenarios that properly employ two-step authentication. (Select 2)
A user requests authentication to an application server by entering an email address. The user receives an email with a one-time password, which the user enters to access the application. A user unlocks their computer with a password, then signs on to a web-based email application with a username and password. They receive a text message with a code they must enter to access their email.
Which of these do NOT demonstrate proper implementation of multifactor authentication? (Select 2)
A user terminal requires the user to present a USB token and a smart card, A secure entry requires users to perform an iris scan and a fingerprint scan
A company provides mobile phones for their employees for business use only. What type of deployment model must the company provide their employees with a mobile device?
COBO (company owned, business only)
Block ciphers like AES (Advanced Encryption Standard) and 3DES (Triple Data Encrypt Standard) can operate in different modes of operation, each giving a different result of all outputs. Which of the following solves the problem of slow, serial encryption, and improves performance?
CTM
What is the best security control to ensure laptops do not get removed from their workstations without prior approval?
Cable locks
While developing an online service application for a grocery store, a programmer implements an open source application programming interface. This implementation reduces the testing effort and speeds up the programming effort. What technique did the programmer execute?
Code reuse
Employees have the ability to download certain applications onto their workstations to complete work functions. The CIO installed a reliable method to ensure that no modifications to the application have occurred. What method of validation did the CIO implement?
Code signing
Which of these correctly orders attributes of following the X.500 distinguished naming convention standard?
Common Name (CN), Organizational Unit (OU), Organization (O), Country (C), Domain Component (DC)
When setting up a secure authentication line for supplicants and an authentication server, EAP-TTLS (EAP-Tunneled TLS) is not working well as an authentication protocol. When using PEAP (Protected Extensible Authentication Protocol), proper authentication occurs and network connection is established. Why is PEAP a better option in this case?
Compatibility with MSCHAPv2
A system recently lost data due to user error. A system backup was fortunately in place and was used to restore the lost data. Considering the available security control types, what was utilized to address the missing data?
Compensating
Malware infected a system and data was lost. Fortunately, several security controls were in place and the infection was contained and mitigated. A system backup is being used to restore the lost data. Applying knowledge of security control types, which is being used to address the missing data?
Compensating
Which of the following are examples of external malicious threat actor types? (Select two)
Competitor threat, & Organized crime threat
During the development effort of testing code, there is a syntax error. The coder provides a report to the developer, indicating the error's location, for debugging purposes. The syntax error is what type of coding concept?
Compiling
A master set of steps runs through a set of files linked to it, checking for errors that could cause application failure. What stage of software coding is this?
Compilings
What techniques should an IT administrator use to determine when employees use their unique knowledge of the organization to exploit it for personal gain? (Select two)
Conduct an exit interview and thoroughly offboard the terminated employee. & Regularly review and audit privileged users' activities.
A Windows 2012 server receives the latest operating system (OS) patches and updates, although with outdated Microsoft Office applications. The server is not part of the domain and it has Internet access. What can the system admin do to ensure this server receives the patches and updates for Microsoft Office from a central repository?
Configure the WSUS server
Frequency analysis can be used to find patterns in a ciphertext in order to reveal the cipher and key used for the encryption. The security of a cipher are exhibited by the properties of confusion and diffusion. How does confusion and diffusion make a cipher secure? (Select 2)
Confusion ensures the key is not derived from ciphertext. Diffusion transposes ciphertext if plain text changes.
A system administrator needs to run an isolated service in a virtual environment that uses the kernel as a host. Which virtualization concept could the administrator deploy using the fewest resources?
Container
What kind of virtualization isolates and protects applications from other parts of the system?
Container
Which of the following virtualization concepts allows services to run in an isolated environment and does not require a full operating system?
Container
What is the best solution that Enterprise Mobility Management seeks for enterprise workspaces?
Containerization
A malware outbreak has impacted several development computers at a data center. These particular systems are not networked. The investigation revealed a common USB flash drive was used between the systems. The USB drive has been located and is no longer being used. What incident response lifecycle step has been enacted? (5.4 Given a scenario, follow incident response procedures.)
Containment
Malicious activity has been detected on several computers in the marketing department at a local organization. In response, IT personnel has disconnected the marketing switch from the network. Identify which incident response lifecycle step has been enacted.
Containment
An organization rarely offers training to employees. As a result, the material learned is not implemented, and the training itself does not provide value. With recent restructuring, a new initiative is being recommended to routinely keep employees updated. Which training program approach would satisfy this initiative?
Continuing education
Employees of an organization have expressed they are unaware of recent regulatory changes. The lack of knowledge has a direct impact on data risk in the organization. With recent restructuring, a new initiative is being recommended to ensure employees maintain up-to-date knowledge. Which training program approach would satisfy this initiative?
Continuing education
What development practice requires developers to incorporate code into a collective repository, where they compile and test the code every time they check code into the environment?
Continuous integration
A network administrator installs a proxy to examine data and make rule-based decisions about whether to forward or refuse the request. The company adds cipher locks to the server room for security purposes. What is this an example of?
Control diversity
A startup company adds a firewall, an IDS, and a HIPS to its infrastructure. At the end of the week, they will install HVAC in the server room. The company has scheduled penetration testing every month. Which type of layered security does this represent?
Control diversity
What does the use of technical, physical, and administrative security implementation represent?
Control diversity
A security engineer is tasked to install a X.509 certificate to a computer system, but it is not accepted. The system requires a Base64 encoded format. What must the security engineer execute to properly install this certificate?
Convert to a .pem file
attacker modified HTML code of legitimate password-change webform, hosted .html file on attacker's server. emailed URL of hosted file to real user of webpage. Once user clicked link, changed user's password to value attacker set. what type of attack is the website vulnerable to?
Cross-site Request Forgery (XSRF)
attacker discovered input validation vulnerability on website, crafted URL that performed code injection against it, and emailed link to the victim. Once user clicked link, web site returned page containing malicious code. What type of attack does this describe?
Cross-site scripting (XSS)
attacker hosted exploit script on malicious website & injected into trusted website. attacker then sent link to victim & used open source information gathering (OSINT) & social engineering tactics, like spear phishing, to convince victim to click link, which compromised user browsing to site. Which of the following best describes this type of attack?
Cross-site scripting (XSS)
An attacker contacted someone through a dating app and said they had previously spoken and had plans to meet up that fell through. The attacker did not meet or talk to this person, but knew the location and descriptions of the person through the dating site. What is this an example of?
Cyber stalking
In order to reduce waste, a company is reusing old data tapes being donated for backup purposes. The tapes are first being electromagnetically erased for security purposes. Which media sanitization process is being used in this situation?
Degaussing
Several old computers are being given to employees. The company decided the hard disk drives do not need to be removed, but all data should be erased. Which media sanitization process effectively meets these requirements?
Degaussing
The basic Lightweight Directory Access Protocol (LDAP) protocol is susceptible to which of the following threats? (Choose 3)
Denial of Service (DoS) attacks, Man-in-the-middle attacks, Sniffing
An updated protocol replaces an application used to calculate retained earnings. Employees will no longer need access to the outdated application. What should the system administrator do to the older application to preserve resources?
Deprovision
Crypto-malware was found within an organization. An employee's USB flash drive was identified as the cause of the infection. Systems are now being restored from a backup, tested, and brought back online. Considering incident response procedures, how can finding the cause be categorized?
Eradication
A software developer created a new application and the software company pressured the developer to release it to the public. Which of the following helps ensure the application is secure before the release? (Select 3)
Error handling, Input validation, & Proper authentication and authorization
A senior engineer has decided to take on an unresolved help desk support case. The case involves the rebuild of a server system that has been compromised by malware. Accessing the data on the drive may not be possible. In terms of an incident response plan, what initial step has been executed?
Escalation
First responders found a highly critical incident. As a result, company executives concluded to halt operations for several days. The company is expected to recover from the impact during this time. In terms of an incident response plan, what initial step had been executed?
Escalation
A human resources representative following a checklist of tasks needed to disable a user's account and privileges. They need to ensure that any information assets created or managed by the employee, but owned by the company, are accessible. Which process is the human resources manager executing?
Exit interview
An attacker escalated privileges to a local administrator and used code refactoring to evade antivirus detection. The attacker then allowed one process to attach to another, and forced the operating system to load a malicious binary package. What did the attacker successfully perform?
Dynamic Link Library (DLL) injection
During the functional testing phase of application development, an application tests for vulnerabilities against the running code. What type of code testing is this?
Dynamic analysis
The 802.1x framework establishes several ways for devices and users to be securely authenticated before they are permitted access to LAN (Local Area Network) or WLAN (Wireless LAN). Identify the actual authentication mechanism established.
EAP
A company deployed a wireless access point, and wishes to enable the Enterprise mode for secure wireless connections. The servers have certificates, but the supplicants do not. Which of the following options would fit the company's needs? (Select 2)
EAP-FAST, PEAP
A company using WPA (Wi-Fi Protected Access) wireless security on their WAPs (Wireless Access Points) use LEAP (Lightweight EAP) to authenticate users to the network. LEAP is vulnerable to password cracking. What other options does the company have to mitigate this vulnerability? (Select 2)
EAP-FAST, PEAP
Differentiate between Protected Extensible Authentication Protocol (PEAP) and Extensive Authentication Protocol-Transport Layer Security (EAP-TLS).
EAP-TLS uses supplicant public certificate
A company installs a network using CAT5 cabling. What technique should the company consider to protect the network from potential data loss?
EMI shielding
If an end-user complains about the need to log into too many web portals, each with a different password, what can the IT security department do to prevent the user from violating the company's password policy? (Select 3)
Educate the user about security risks. Monitor the user on the network. & Discipline the user if the user violates policy.
A security engineer must maintain confidentiality on multiple platforms and data transmissions in the company. The engineer must ensure encryption of data, files, the operating system and software programs. What is the best security implementation?
FDE
A security engineer needs to ensure all files and folders on company workstations are secure and the data within them protected. Which of the following should the engineer implement?
FDE
A system administrator completes a file transfer by negotiating a tunnel before the exchange of any commands. Evaluate the file transfer protocols to conclude which protocol the admin utilized.
FTPS (Implicit Transport Layer Security)
Which phase of a penetration test uses a phishing email and payload, or obtains credentials via social engineering to gain success to the target's network?
Initial exploitation
When creating a cryptographic module for an application, the developers are concerned with key outputs being the same value, if two identical plaintexts are used as input. Which of the following will ensure all inputs are always different? (Select 2)
Initialization Vector (IV), Nonce
A developer writes code for a new application and wants to ensure protective countermeasures for SQL injection execute. What secure coding technique will provide this?
Input validation
Which of the following represents a secure coding practice that ensures data entered in a system, confirms and rejects invalid information?
Input validation
Which of the following provides two-factor authentication?
Inserting a Common Access Card (CAC) and entering a PIN
A security engineer finds the root cause of a damaged server to be Electromagnetic Pulse (EMP). What can the engineer implement to prevent future damage to systems?
Install surge protection
An IT security firm will be working with a government entity. Part of the working relationship requires integration of systems from both parties. After reviewing the technical specifics, an agreement must be established and put in place. Which agreement oversees this type of relationship?
Interconnection Security Agreement (ISA)
An application utilizes regulations to focus on trade standards and process improvement globally. What type of framework does this suggest is in place?
International
A large organization is looking for a quick, effective biometric scanning technique that will support heavy traffic at one of their main facilities. Consider the advantages and disadvantages of various biometric scanners to determine which would best meet the organization's needs.
Iris scanners
A large, metropolitan airport employs hundreds of workers daily. The facility managers have been tasked with increasing security checks for employees entering airport terminals, while maintaining a quick processing time of employee credentials. Analyze the scenario and determine which biometric scanning procedure best meets the airport's needs.
Iris scanners
A network administrator wants to stream encrypted data over the network. The data will be encrypted first and sent out either as is, or encrypted again prior to being sent. The cipher of choice is Blowfish. Why is Blowfish preferred in this case? (Select 2)
It encrypt 64-bits of data. It is a block cipher.
Analyze and select the items demonstrating advantages Terminal Access Controller Access-Control System Plus (TACACS+) has over Remote Authentication Dial-In User Service (RADIUS). (Select 2)
It is easier to detect when a server is down. It provides greater flexibility and reliability.
Evaluate the selections and differentiate between rooting and jailbreaking.
Jailbreaking refers to Apple iOS devices while rooting is refers to Android devices.
Separation of duties is a method of putting checks and balances in place to prevent the compromise of critical systems from insiders. Which of the following are examples of separation of duty policies? (Choose 2)
Job rotation, Mandatory vacation
A military branch requested an application that will provide deployment and exercise information. The system must be operational 24/7, with less than one percent downtime. An admin also implemented a system to reduce redundancy and system failure. What objective does the administrator need to achieve to keep the system operational?
High availability
An application built to provide deployment and exercise information for a military branch requires zero downtime to remain effective. The implementation of failover clusters ensure that redundancy and system failure is at a bare minimum. What type of application method is this?
High availability
Retinal scans are considered more accurate than iris scans. However, which of these applications would represent a situation where it makes more sense to deploy an iris scanner over a retinal scanner?
High volume traffic areas
Mgmt creates fake network with similar network security boundaries as operational network. fake host few servers & near DMZ. Which of following solutions allow admin 2 gather info about how attacker penetrates network of working servers/services, while attack happens? ***
Honeynet. (DMZ=Demilitariezed Zone)
A company has several remote sites. Plans to convert one site into a disaster-recovery site are being developed. In the event of a catastrophe at the main site, the new alternate site should be ready to use at a moment's notice. Planning for this new site follows guidelines for which implementation?
Hot (Site)
A data center with multiple rows of cabinets, has the back of one cabinet row facing the back of the adjacent row of cabinets. Air pumps through the floor tiles to the front facing cabinets. What physical control is this an example of?
Hot and cold aisles
Analyze the following alternate business practice topics and conclude which is included in a Continuity of Operations Plan (COOP).
Human capital
What is the name of the infrastructure that uses a mix of public and private resources on a single platform?
Hybrid
Which cloud concept provides the customer with the most amount of responsibility for maintenance, such as patching the operating system? (3.7 Summarize cloud and virtualization concepts.)
IaaS
Analyze the statements and select the best actions involved in ensuring compliance with license agreement. (Select 3) (2.3 Given a scenario, troubleshoot common security issues.)
Identify unlicensed and unauthorized software installed on clients, servers, and VMs. Identify per-seat or per-user compliance with licensed software. & Ensure compliance with the terms for open source licensing.
The CEO (Chief Executive Officer) noticed in a gmail account, a corporate email from the vice president containing PII (Personally Identifiable Information). The CEO immediately called the IT (Information Technology) manager to ask how to prevent this from happening again. What ideas did the IT manager suggest would be the most beneficial?
Implement DLP on the email gateway
During testing, an application demonstrates poor performance in the amount of time a function to the database retrieves results. What should developers ensure in the database, to improve performance?
Normalization
What method should an admin perform on a database to achieve good performance and reduce redundancy?
Normalization
After a six-month inquiry, a company closed the investigation of a data leakage incident. The new management team issued an updated computer use policy to include the prohibited use of removable media. Workstations no longer have CD drives. What may be the reasons for this? (Select two)
Vector for malware, & Exfiltrating data
A company purchases a new hardware-based firewall to install as part of a DMZ within its network. Which of the following will provide the best instruction for installation?
Vendor specific guide
A small office will install a new wireless access point. Options for configuration include manual mode and a step-by-step wizard. Which resource will provide guidance in setting up the new device in manual mode?
Vendor specific guide
A critical server hosting a line of business app has crashed. IT personnel are working to fix the problem. A previous risk assessment stated that the company cannot afford more than 8 hours of data loss, and it cannot go more than 72 hours without the server before resulting in a severe business impact. The last system backup was taken 12 hours ago. IT reports that the estimated repair time is 48 hours. After evaluating the situation, which metric calculated from the data is represented by 4 hours?
Recovery Point Objective (RPO)
IT personnel are working to fix the issuse with an online retail website crash. A previous risk assessment stated the site cannot go offline for more than 48 hours without causing a severe business impact. The last system backup was taken 12 hours ago. IT reports that the estimated repair time is 24 hours. After evaluating the situation, what value is represented by the 24 hour repair time?
Recovery Time Objective (RTO
A security administrator wants to reduce the wireless range of the (802.11ac) Wi-Fi router in the office. It currently conflicts with another (802.11ac) wireless access point, which also operates in the 5 GHz band. Which of the following tasks will shorten the range and stop the conflict? (Select 2)
Reduce the transmit power. & Change the channel.
A new sign-on system for employees requires a token for credential storage. Which sign-on system does NOT satisfy this requirement?
A Quick Response (QR) code
An IT security consultant is working with a firm across several initiatives. One component of their ongoing work is evaluating the firm's readiness in the face of an incident. A discussion of threats and risks is on the table. Considering the relationship between the two topics, a likelihood variable relates to which type of assessment?
Risk
A company is evaluating risk. There are currently several critical processes in place in need of revision, and the system's infastructure is aging. How would a scatterplot graph be best developed to illustrate the likelihood and impact of risk?
Risk register
An organization planned a week of security exercises. Each day of the week focused on different scenarios and goals. Consider the elements of disaster recovery exercises and select the option that accomplishes the organization's goal during the exercise.
Roles and responsibilities
Security experts are performing disaster recovery exercises with employees at a software development company. Which key element should be focused on as a goal of these activities?
Roles and responsibilities
A network administrator is importing a list of certificates from an online source so employees can trust and communicate securely with public websites. Another set of certificates were imported in order to trust and securely communicate with intranet sites and other internal resources. Which type of certificate is currently being imported?
Root
What are the components of a three-level Certificate Authority (CA) hierarchy? (Select 3)
Root, Intermediate, Issuing
An attacker installed malware that removed Explorer, Task Manager, and PowerShell from a user's Windows computer. What type of malware did the attacker install on the victim host?
Rootkit
The administrator in an exchange server needs to send digitally signed and encrypted messages. What should the administrator execute?
S/MIME (Secure/Multipurpose Internet Mail Extensions)
How does Security Association Markup Language (SAML) allow a Service Provider (SP) to trust an Identity Provider (IdP) in a federated network?
SAML tokens are signed with an eXtensible Markup Language (XML) digital signature
Several businesses operating on federated network allow access to each other's resources through enterprise connections. How are authorization tokens secured when this type of federated network employs Security Association Markup Language (SAML)?
SAML tokens are signed with an eXtensible Markup Language (XML) digital signature
How does Security Association Markup Language (SAML) allow Service Providers (SPs) to verify a user's identity? (Select 2)
SAML uses digital signatures, allowing the Service Provider (SP) to trust the Identity Provider (IdP). SAML authorizations are written in eXtensible Markup Language (XML), allowing the SP to trust the IdPsee more
The military needs to set up communications in extremely remote areas. What is the best solution for this?
SATCOM
What is the best solution for a client who needs to set up communications in extremely remote areas?
SATCOM
A company would like to steer away from the use of proprietary hardware to route traffic at the data plane level through virtualization. Which of the following is a good solution for the company?
SDN
An information technology company outsources antivirus protection, spam filtering and vulnerability updating, to achieve faster provisioning and cut costs. Which of the following cloud business models does the company use?
SECaaS
Outsourcing services, such as antivirus protection, spam filtering and vulnerability assessing, achieves faster provisioning and reduces costs. Which of these services represents a cloud model?
SECaaS
A new systems use policy dictates that employees assigned a specific computer, can no longer roam and use any computer in the building. Furthermore, upon logon, the encrypted drive will decrypt with a key stored on the system. The goal of this approach is to improve security and accountability. Which type of hardware security implementation did admin configure?
SED
The Federal Information Processing Standards (FIPS) was developed by the National Institute of Standards and Technology (NIST) for the U.S. government. The standards include a series of security technologies such as the secure hash algorithm (SHA) for use on government systems. Why is Secure Hash Algorithm (SHA) preferred to other hashing alternatives?
SHA replaced MDA or MD5
A malware security breach occurred at a small firm. An maintenance agreement put in place by the IT support company has not been honored since numerous security updates were missing on all computer systems. When reviewing company agreements, which type is used for support?
SLA
IT worked with management to perform a qualitative risk assessment. Individual systems and the infrastructure were included in the assessment. Risk values for the servers were determined by finding the percentage of the lost value. When evaluating this risk, which risk factor was calculated in this situation?
SLE
A network administrator sets up a protocol for management and monitoring. The administrator needs the protocol to support encryption and to have a strong user-based authentication. Recommend which protocol to utilize.
SNMPv3 (Simple Network Management Protocol (SNMP) v3)
A network uses a framework for management and monitoring that uses the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES), which encrypts the contents of traps and query responses. Analyze the types of protocols available for management and monitoring, then deduce the protocol utilized.
SNMPv3 (Simple Network Management Protocol (SNMP) v3)
type of proxy device, examines encrypted traffic, 2b addition to suite of network appliances inside corporate network. engineer suggests placing device at edge as transparent bridge. What is this device & why would placement important? (Select 2) ***
SSL (Secure Sockets Layer) interceptor, & To evade a hacker
Which of the following devices accepts and offloads encrypted connections, then sends the connection to the server in another location unencrypted?
SSL accelerator
Parts of a media network infrastructure require evaluation for threats and vulnerabilities with respect to video conferencing. The protocols designed to support real-time services cover what functions? (Select 2)
Session Control, & Session initiation
A new Wireless Access Point (WAP) is connected to the network. Basic security settings were automatically selected during the set-up wizard. After entering the pre-shared key, the wireless client device does not have access to the LAN (Local Area Network). Several settings were changed to try and remediate the issue. What can the network administrator do to rule out the WAP as the cause?
Set up an open configuration
admin deployed intrusion detection system (IDS) behind firewall of DMZ. recent audit reveals IDS generated correct event, the penetration tester retrieved alert notification. Without changing physical architecture, how will admin prevent easy detection of future alerts by intruders? ***
Set up an out-of-band link on a separate VLAN. (DMZ = demilitarized zone)
A systems administrator prepares to secure applications on several virtual machines against external attacks. An automated process is in place to update the operating system of these servers, as soon as an update or security patch is available. Which of the following activities is the most effective way to mitigate the risks of these attacks?
Setup application patch management
An IT specialist is advising a company's personnel department on the use of shared accounts. The IT specialist lists reasons the department should not utilize shared accounts. Which of the following is likely NOT on the list of why the department should not use shared accounts?
Shared accounts can be used for temporary staff
Which of these is NOT a reason the use of shared accounts is discouraged?
Shared accounts can be used for temporary staff
What recommendations should a company's password management policy caution against? (Select 2)
Sharing passwords for common accounts. Creating restrictive schemas for generating passwords
Compare features of Shibboleth and Security Association Markup Language (SAML) and determine what Shibboleth provides that SAML does not. (Select 2) (4.2 Given a scenario, install and configure identity and access services.)
Shibboleth allows the user to choose a preferred identity provider. Shibboleth is an identity provider and supports the authentication of users
Confidential data is ready to be destroyed. Pulping will be used and a requirements list is being created to carry out the task. Considering the various approaches to destroying media, how will pulping be implemented?
Shredding and mixing contents with a solution
A user calls to request assistance connecting to the company's free guest Wi-Fi access point. The user is selecting the correct "Guest WIFI" wireless name from a brand new Windows 10 laptop. How can the user gain proper access to the Internet?
Sign on to the web portal
The department's manager is requiring all employees to digitally sign their email for full accountability. The manager requests the IT department create certificates for each employee. How does a digital signature provide accountability, and how does this process work? (Select 2)
Signature is for non-repudiation, Sender's private key encrypts the digest
An administrator deploys a basic network intrusion detection (NID) device to block common patterns of attacks. What detection method does this device use?
Signature-based
The use of a certificate to validate and authenticate software code, by identifying the author and verifying the code did not get modified, is what type of secure coding technique?
Signing
A physical security control, posted to warn visitors of a restricted area, is most likely which of the following?
Signs
A company is considering the implementation of a secondary Internet connection, due to the fact that the primary connection has frequent issues. Which classification accurately describes the primary connection in this scenario?
Single point of failure
A company has two offices geographically separated. Employees can access both networks whenever they need to, using two virtual private network servers acting as gateways. Which of the following does this capability represent? (Choose 2)
Site-to-site, Always on
hacker scanned network for vulnerabilities & plans 2 inject malicious software into unprotected server. wants to use server as jump server, gain access to network & execute more code in future. However, hacker wants no trace behind, if caught. Which of following tools would hacker use? ***
Meterpreter (allows hackers to access the target's system by running an invisible shell.)
A hacker visited a company's network a week ago, and planted stagers on an unsuspecting Windows server. The hacker can connect to this server and execute more code that is affecting enterprise services at a well-known company. How is the hacker able to execute this?
Meterpreter issues the payload
Your organization has some Windows computers that are not part of the domain and therefore, cannot receive computer security policy updates. Which of the following tools can assess the local computer and make updates when necessary?
Microsoft Security Compliance Toolkit
system admin uses tool, compatible with Windows 10/Win Server 2016. compare domain GPOs against current local policies & provide MS-recommended GPO baselines, using domain-wide/standalone system. Which of following tools best fits description? ***
Microsoft Security Compliance Toolkit (MS SCT) (GPO=Group Policy Objects)
A company uses Microsoft's Security Compliance Toolkit (SCT) and Nessus to get a sense of the company's security posture. What is the difference between the two applications? (Select two)
Microsoft's Policy Analyzer uses a configuration template; & Nessus checks against CVEs (CVE=Common Vulnerabilities and Exposures)
Management has asked that a company-wide risk assessment be performed. An IT systems administrator needs to provide risk related metrics for server systems. After some thought, they decide to implement a quantitative approach. Applying this approach, how would a Single Loss Expectancy (SLE) be calculated?
Multiplying the value of the asset by an Exposure Factor (EF)
A network admin must filter content for users as they access web pages and FTP sites. What type and class of proxy server should the network admin deploy? (Select two)
Multipurpose, & Transparent
A user is connecting a printer to the home's wireless router using WPS (Wi-Fi Protected Setup). The printer setup is not completing. Pressing the WPS button on the wireless router and printer at the same time does nothing to assist with the issue. Why is the printer not connecting?
Must enter PIN
A user is setting up a new wireless router at home. The user wants to protect the home wireless network. After pressing the WPS (Wi-Fi Protected Setup) button behind the router, the user's mobile device still cannot connect. Analyze the problem to determine the likely cause of the connection issue.
Must enter PIN
A user at an office usually connects to the company's Wi-Fi, but it is currently out of service. The user connects to the building's free wireless access point and enters a personal password at the prompt, but is still unable to connect. Analyze the scenario and determine the reason the user is unable to connect.
Must use a PSK
Which of the following does NOT provide encryption and is therefore, vulnerable to eavesdropping and Man-in-the-Middle attacks?
NFC (Near-Field Communication)
What technology allows people to use their mobile device to pay for things by scanning?
NFC (near-field comm)
An attacker installed a fraudulent Radio Frequency ID (RFID) reader to steal credit card numbers any time someone used a card to make a purchase. What type of attack does this describe?
Skimming
An application crashed after a software engineer implemented RSA with a key size of 2048-bit key for strong encryption. When other encryption algorithms were utilized, elliptical curve worked well and the application worked faster than anticipated. Which solution will make elliptical curve cryptography work better?
Smaller key size
A computer system is mysteriously unable to boot. The decision has been made to restore the system from a backup, as one is performed every night. The last entire backup was five days ago, and subsequent backups have been performed every night. After restoring the system, it is discovered that files are missing. Considering backup solutions, which should be used to complete the task of restoring the data?
Snapshot
A small company has put a new backup scheme in place, protecting two critical servers. After a few weeks, the company discovers not all files are being backed up. Analyze and recommend which backup technique should be implemented to remedy this situation.
Snapshot
A backup plan on a new Windows server uses the Volume Shadow Copy Service (VSS). The plan is set to backup the entire system over the weekend, and only backup files with changes on a daily-basis. What purpose does the utilization of VSS have for implementing the plan?
Snapshots
On a Windows server, the volume copy shadow service has been enabled to use with a new backup scheme. This scheme is set to backup the entire server, including open files, once a week and only changed files during the week. When enabling this scheme, what purpose does the use of VSS provide?
Snapshots
Wearable technology, such as smartwatches and fitness trackers, contain embedded systems that integrate all components of a computer on a circuit. These systems pose a risk of data loss. Identify this system.
SoC
User A employs a secret key cipher such as AES when encrypting a message. That secret key is passed along to User B to decipher the message using a digital envelope. Why is a digital envelope used in this exchange? (Select 2)
Symmetric encryption is faster, To secure session key
A company is implementing the use of an alternate site in the event of a disaster. The plan is to replicate data between the main site and the alternate site on a continuous basis. The sites are a few hundred miles apart. Which statements are true regarding replication? (Choose 2)
Synchronous replication is particularly sensitive to distance. Asynchronous replication indicates data is mirrored from a primary site to a secondary site.
An administrator wants to use virtualization when deploying new systems. Which of the following can be the root of the administrator's security issues when using virtualization? (Select two)
System sprawl, & Undocumented assets
A system administrator remotely manages a server securely by encrypting the packets over port 49. Analyze remote access protocols and determine which protocol the system administrator employed.
TACACS+ (Terminal Access Controller Access-Control System Plus)
A network administrator is working to enable a secure wireless protocol for compatibility with older devices. The Wireless Access Point (WAP) will service mobile phones, laptops, and tablets. Which of the following will provide adequate service without sacrificing security? (Select 2)
TKIP WPA2
A new wireless access point has been installed in the office. Users are not able to connect to the Wireless Access Point (WAP). All users are using older model smart phones. Which of the following security settings should the network administrator setup to resolve this connection issue? (Select 2)
TKIP, WPA2
A company recently implemented a Secure Sockets Layer/Transport Layer Security (SSL/TLS) version that supports Secure Hashing Algorithm-256 (SHA-256) cipher. Compare and contrast the SSL/TLS versions and determine which version deployed.
TLS 1.2
A network administrator researched Secure Sockets Layer/Transport Layer Security (SSL/TLS) versions to determine the best solution for the network. Security is a top priority along with a strong cipher. Recommend the version to implement, which will meet the needs of the company.
TLS 1.2
What major advantage does Time-Based One-Time Password Algorithm (TOTP) have over HMAC-Based One-Time Password Algorithm (HOTP)? (4.3 Given a scenario, implement identity and access management controls.)
TOTP adds an expiration time to the token
A company implements an encryption key burned into the chip of the processor of employee laptops, which provides a hardware root of trust. What did the company employ?
TPM
A system engineer needs a dedicated hardware based cryptographic function that supports secure boot processes on an operating system. Which of the following will meet the engineer's needs? (3.3 Given a scenario, implement secure systems design.)
TPM
A security consulting firm will be working with the staff of a local business to perform a disaster recovery exercise. After discussing options for performing the exercise, the firm decides to apply a specific approach to best meet the organization's needs by "ghosting" the same procedures as they would occur in an actual disaster. Apply knowledge of the scenario to conclude which exercise method the firm uses.
Tabletop
A person stands outside a building impersonating a delivery driver. When an employee gains access to the building with security credentials, the attacker (carrying a package) asks the employee to hold the door open, which gives the impersonator access to the building. What type of social engineering is this?
Tailgating
A system administrator needs to apply a patch to a virtual machine. Before updating the system, the administrator needs to roll it back to a previous state. What should the administrator do before patching?
Take a snapshot
A system engineer has a new application that needs deployment on a production server that the company employees use. Which of the following is the BEST approach for implementation of the new application on the server?
Take a snapshot of the server and test the application before installing to production.
To provide new functionality in a company's business processes, requires a new Line of Business (LOB) application. The application awaits installation. Which of the following is the BEST approach for implementation of the new application on the server?
Take a snapshot of the server and test the application before installing to production.
A recent update of security software on desktops includes Intrusion Prevention System (IPS) technology. The addition of IPS greatly improves overall security controls within the organization. Evaluate the control types and determine how the IPS system can be classified.
Technical
A small business is replacing an older software based solution with a new hardware based firewall that features Intrusion Prevention System (IPS) technology. The replacement is part of an initiative to upgrade security controls. Evaluate the list of control types and determine how the IPS system is categorized.
Technical
A new user group has been created in a Windows Active Directory domain. This new group will be used as an Access Control List (ACL) for specific printer deployments and shared folder access. Which type of security control allows execution of this implementation?
Technical.
A company has two Certificate Authority (CA) hierarchies, one for operations and another in the lab. Both networks are completely isolated and the lab does not have Internet access. Subordinate CAs are being added to the lab hierarchy. Evaluate the scenario and determine how the subordinate CAs can be successfully deployed without access to the operations network.
The certificates are signed by the lab's root CA
An account administrator needs to ensure proper group configuration while allocating users group memberships and permissions. To aid in execution of the task, characterize the main difference between domain local and global accounts/groups.
The rights and memberships of domain local and global groups are essentially opposite in scope.
A company deployed an internal web portal for company-owned software and services. When user workstations go to the website from Internet Explorer, the site is not trusted. Evaluate the scenario to conclude the likely cause for this issue.
The root certificate is not imported
Investigators pulled a drive out of a Windows workstation. As the investigation begins on the drive, it is discovered that the timestamps between volumes on the drive do not match. A fat volume seems much different and correct by a few hours compared to a NT file system (NTFS) volume. While evaluating the evidence, what determination do the investigators conclude as the reasoning behind the odd timestamps on the NTFS volume?
Timestamps are in coordinated universal time.
A system administrator logs in to multiple servers and network devices to research the events of an incident. A security administrator suggests to management to use SolarWinds's SIEM (Security Information and Event Management) solution. Why should management consider using this type of solution? (Select two)
To aggregate logs, & To correlate events
A new employee logs in to a workstation with a PKI (public key infrastructure) card. The employee opens up the card reader application and finds a user certificate and a separate email certificate. What purpose does the email certificate serve?
To sign and encrypt email
In a Public Key Infrastructure (PKI), which option best describes how users and multiple Certificate Authorities (CAs) share information and exchange certificates?
Trust model
Unlike transport layer security (TLS), internet protocol security (IPSec) can use two modes. One mode encrypts only the payload of the IP packet, leaving the IP address unencrypted. The other mode encrypts the whole IP packet and adds a new IP header. What are these modes? (Select two)
Tunnel, & Transport
TLS VPN requires remote access server listening port 443 to encrypt traffic with client machine. IPSec VPN delivers traffic in 2modes. 1 encrypts payload of IP packet. 2 encrypts whole IP packet (header and payload). These 2modes describe which of following? (Select 2) ***
Tunnel, & Transport. (TLS=Transport Layer Security; VPN=Virtual Private Network: IPSec=Internet Protocol Security)
A company replaces outdated workstations to increase storage capacities and provide more enhanced security measures. One of the benefits implements secure booting from startup. Which firmware provides this feature?
UEFI
A firmware interface, used during the connection between the hardware and the operating system, includes provisions for secure booting. What type of firmware does this illustrate?
UEFI
A company finalizes the plans for their COOP (Continuity of Operation Planning) site. Security and compliance should be at the same level as the current site of operations. When looking at the order of restoring services at this warm site, which of the following is the most important to enable, test, and monitor?
UPS (Uninterruptible Power Supply)
After an in-depth security analysis of recent detections of malware, the security admin found the root cause to be website blogs and online podcasts, which contained several pop-up ads. The information systems security officer (ISSO) wants to deploy a solution that blocks these websites, scans users' web browsing traffic for malware, and blocks it from entering the Intranet. Which of the following will fulfil the security requirements?
UTM
Two employees use Instant Messaging (IM) in separate buildings at work. They change the communications over to a video call with one click. Compare the types of communication services and determine which service the employees used.
Unified Communications
Two project managers are on the phone, discussing plans for a new site. The call changes over to video, as a way for one site manager to show a schematic on a wall. Compare types of communication services and determine which service the project managers utilized.
Unified Communications
A system admin received a support ticket regarding a website error. Browsing to company.com in Internet Explorer, the site looks safe and trusted. However browsing to payment.company.com, the website is no longer trusted. Knowing a wildcard certificate was installed, how would the admin resolve this error?
Update the SAN
A Dell server is running an ESXi (Elastic Sky X Integrated) hypervisor and affected by Intel's foreshadow vulnerability that allows an attacker to read cached data on a core shared by another virtual machine. The server provides a lot of processing power for the virtual machines. What actions should admin do to patch this server and mitigate the vulnerability? (Select two)
Upgrade hypervisor, & Update the server firmware
An attacker sends a phishing email to bank employees, regarding their compromised bank accounts, and they need to click a link to change their passwords as soon as possible. Which of the following describes a social engineering technique the attacker used?
Urgency
An attacker performed a Denial of Service (DoS) attack against a server, crashing it. What could the attacker do to mask the origin of the attack and make it harder for the security team to find the source of the attack?
Use IP spoofing
An attacker remotely crashed a server with a Denial of Service (DoS) attack. After searching their Security Information and Event Management (SIEM) application, the IT security team could not discover the origin of the attack. Which of the following would aid the attacker in masking the origin in this way?
Use IP spoofing
Management wants to secure company laptops with BitLocker, in case they get stolen, or the hard drives removed. However, the user should not have to type in a password to decrypt the hard drive. What is an alternative, rather than inputting a password, to use a system with BitLocker enabled?
Use a hardware security module
An attacker used a phishing email to successfully install a keylogger Trojan onto a victim's computer, to steal confidential information when the user types information into the webform of a website. How can the user mitigate this threat?
Use a keyboard that encrypts keystrokes.
A company sets up a second location due to business growth. The new location will provide the same services as the original location. The network engineer deploys a system, and while reducing costs, ensures a secure starting point. What is the most efficient way to perform this operation?
Use a master image
The RADIUS server is down, and employees need immediate access to Wi-Fi routers in the office building. The WAPs (Wireless Access Points) service smart phones and tablets. After disabling Enterprise mode, how will users connect to the WAPs?
Use a pre-shared key
The security administrator drafted a report on some malicious activity. Initial peer review suggests providing proof of findings. Any information gathering must be non-intrusive and does not prevent normal operations of business. Which of the following activities will be the most beneficial?
Use a protocol analyzer to log traffic
An independent penetration company is invited to test the company's new banking application in development for Android phones. It uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. Penetrations tests reveal the connections with clients were vulnerable to a Man-in-the-Middle (MITM) attack. How can the company prevent this from happening in the public Internet?
Use certificate pinning
A company has two web servers using a load-balance configuration. Users report having periodic trust errors connecting to the website. Both servers are using server-only certificates. Which of the following actions would most likely resolve the issue?
Use correct certificate path
gov agency getting rid of older workstations. will donate, with other excess computer systems, 2 nearby schools. Mgmt reminds systems admins about data sanitization & disposal policy. What policy items applicable for IT systems, prior to donating ? (Select 2) ***
Use the DoD (5220.22-M) method, & Degauss media with a magnet
A workstation has a DLP (Data Loss Prevention) solution installed and USBs (Universal Bus Drives) prohibited from use and physical connections. How would a system admin setup the workstation to allow specific devices?
Use the device instance ID
Due to the use of personal USB (Universal Serial Bus) drives, company workstations have McAfee's Data Loss Prevention (DLP) Endpoint product installed. Management wants to allow the use of only approved USB drives. How would admin configure the workstations to allow only approved USB drives?
Use the device instance ID
User A sends an encrypted email to User B, and signs the email using RSA (Rivest, Shamir, Adleman) encryption. If User A uses a digital envelope, which key in this email process would most likely compromise confidentiality for both this, and future emails?
User B's private keys
A software application contains sensitive transmittal information, and an end-user is taking it out in the field on a laptop. The end-user must understand how to protect and dispose of the data. Which one of the following should prepare for this?
User training
Company data gets leaked out to the general public, prompting the CIO to send an email to inform all employees of a mandatory operations security briefing. What is this an example of? (3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.)
User training
A company has deployed public key infrastructure and will use a chip to issue employees company IDs. Employees will be able to use these cards on any company workstation and Outlook client with a compatible card reader. What type of certificates will most likely be loaded onto these cards? (Select 2)
User, Email
An office utilizes a non-persistent approach to employee workstations, as a way to save costs on computer storage. All workstations run off of one desktop hosted in the data center. What technology does this represent?
VDE
2 virtual machines have custom apps set up 4 active clustering. Each physical node has appropriate number network adapters 4 clustering, & service communication 2 clients. Cisco backs company's infrastructure & made recommendations. Which of following will support these customer services? (Select 2)
VIP (virtual IP address), & GLBP (Gateway Load Balancing Protocol)
A network administrator sets up a switched network and wants to group users by department. Which technology should the administrator implement?
VLAN
There is an attack of the host system through the virtual machine. The attacker took control of the host and all virtual machines connected to it. What most likely occurred?
VM escape
Users report to IT that they cannot access several servers. After an investigation, IT reports that a breach occurred in a virtual server and it hijacked the host machine. What type of incident most likely occurred?
VM escape
An organization's CEO requires connectivity to internal network resources while out of the office. Doing so necessitates a configuration change to the infrastructure. Analyze the devices and conclude which device should admin use to perform the new configuration.
VPN concentrator
A system administrator is installing a Windows firewall on the company network. Out of the box, the firewall configuration is set to default settings. What will guide the administrator in setting up the new device to secure the network? ~
Vendor specific guide
The following troubleshooting tasks are relevant for authentication issues, EXCEPT:
Verifying a user is who they say they are and have authorization to use the resource
Which of the following is NOT a common troubleshooting task performed for a user having authentication issues?
Verifying a user is who they say they are and have authorization to use the resource
A process that allows a company to track software, such as who accessed the software and the changes made since the last checkout, is an example of which of the following?
Version control
A large business' computer system was breached and the suspect is a high-level executive. Several employees have been called as witnesses, and investigators are evaluating a questioning approach. Considering how evidence may be collected and documented, which method is more reliable, but may make witnesses less willing to make a statement?
Video
A risk assessment at a medium sized firm identified aging Windows servers with a likelihood of failing in the next 6 months. As a result, the IT department initiated a consolidation project to address the issue. The plan is to combine all servers into one physical system. Which consolidation technique would fulfill the plan's requirements?
Virtualization
Symantec Endpoint Protection (SEP) is a favorite software tool amongst private industries and government industries. It provides not only malware protection, but also intrusion prevention security. Which of the following features make SEP so versatile? (Select 3) (2.4 Given a scenario, analyze and interpret output from security technologies)
Virus and spyware protection, Proactive threat protection, & Network and host exploit mitigation
A small company worked with an IT security firm to complete a risk assessment. They discussed developing a plan for an alternate business practice in the event of an incident. Which business practice will the company likely implement?
Pen and paper
Two servers are deployed in a lab. A systems administrator wants to test implementing a secure means of communication. There is an option to implement ECDHE (ECC with D-H ephemeral mode). Why would this be preferred to other options like RSA? (Select 2)
Perfect forward secrecy, Ephemeral key
A vulnerability scan indicates a change in the system's baseline configuration. The system automatically moves to a quarantined environment. What is the next step to resolve the vulnerability? (3.4 Explain the importance of secure staging deployment concepts.)
Perform remediation
An attacker remotely exploited a company printer, by allowing access to files stored in the internal memory. Which of the following steps should the security engineer take to secure the printer?
Perform vulnerability scanning and apply patches
A designer is working on a sensitive project that involves a new intellectual property for a client. During this collaboration, the designer only uses Microsoft Outlook and Adobe Photoshop. Internal and external threats to the project is of great concern. Which options should IT suggest, to help mitigate any security concerns? (Select 2)
Privacy screens, Mail gateway
A government entity requires strict control over a cloud-based application portal. Which cloud infrastructure type provides the desired structure?
Private
Digital signatures on an email rely on a Public Key Infrastructure (PKI). The certificate used for this purpose can be safely stored on a smart card. What is the purpose of a digital signature, and how is the sender's private key used? (Select 2)
Private key encrypts the digest, Signature is for non-repudiation
An attacker with system access can obtain keys from system memory or page files and scratch disks if the system is susceptible to what type of vulnerability?
Privilege escalation
If a system is vulnerable, to which of the following can an attacker (with system access) be able to obtain keys from system memory?
Privilege escalation
Which of the following is a system susceptible to, if a user with system access can obtain keys from the system memory or pagefiles and scratch disks?
Privilege escalation
A high ranking member of the Human Resources department has access to sensitive employee information. Which user type best fits the employee's access level?
Privileged user
A hardware manufacturer has created a new USB storage device. Before its release to market, a vulnerability was found. As a result, an internal change management process has been immediately put in place for quality assurance procedures. Based on the scenario, what approach is being implemented?
Proactive
A user reported that the office workstation is running extremely slow. Even after a reboot, the workstation still runs slow. These workstations have SSD (Solid State Drives) configuration on them for speed. As well, the antivirus scanner does not report any issues. Which of the following tools would an admin use and why? (Select two)
Process Explorer, & Look for unknown processes
A new systems administrator works on a new image for a workstation. When working in the lab, the workstation cannot boot from a USB (Universal Serial Bus) drive, which prevents an OS from booting. There is no OS on the system and the computer can not connect to the network. Other system admins are not available. Which of the following troubleshooting activities will help the system admin the most?
Reconfigure the BIOS settings
A workstation is not working properly and the system admin suspects it has a virus. However, the antivirus scanner does not work. The admin attempts to boot an antivirus app from the USB, but does not get recognized. Which of the following troubleshooting activities will help load the special antivirus software?
Reconfigure the BIOS settings
A malware outbreak recently occurred at a local organization. Systems were compromised, and business operations shut down during this time. All systems were brought to a secure state over the course of ten business days. Which incident response lifecycle stage took ten days to complete?
Recovery
An Internet service provider (ISP) enters an old neighborhood to make plans to provide high-speed Internet. The neighborhood does not have cable service. Mobile homes in the area have antennas visibly seen above their rooftops. What type of antennas do these residents most likely use?
Yagi
Explain what "Enterprise" refers to when configuring a wireless access point for WPA2-Enterprise.
802.1x
Which of the following allows multiple authentication methods to permit users access to the LAN (Local Area Network) or WLAN (Wireless LAN)?
802.1x
A complex control system for a utility company has been developed. It includes workstations, servers, sensors, control boxes, and some operating logic. It is designed to use cryptography so that a compromise of a small part of the system does not compromise the rest of the system. How does cryptography assist with this level of resiliency?
:Authentication and integrity of messages
PBKDF2 (Password-Based Key Derivation Function 2) is a software library used with key stretching techniques to hash and save passwords. PBKDF2 is also part of what other cryptographic standard?
PKCS#5
A business uses access logs, video surveillance, and security guards to monitor a controlled area. What do these security measures represent?
Physical
A secured building has video surveillance cameras installed to record and review the surrounding area. What type of security is this?
Physical
An alarm sounds when a disgruntled employee attempts to remove a server from its bay. The alarm activation triggers automated locks on the doors. What type of controls are these?
Physical
A company installs cameras in the server room and lab to deter theft and malicious activity. What type of control does this represent?
Physical control
A sign posted on the side of a building warns visitors of a protected access area. What type of control is this?
Physical security control
The client is having a problem with the newly-installed certificate. An IT admin notes that the configured certificate is correct. Examine the following troubleshooting procedures to determine which actions apply to this situation. (Select 3)
(1) Check that the client's configuration is with the appropriate chain of trust. (2) Install a root and intermediate CA certificate on the client. & (3) Check for synchronization of the time and date settings on both the server and the client.
An IT security team recovered data from a recent cybercrime incident. Due to practicing proper order of volatility steps, data was not lost. After investigating and evaluating sets of data, which options represent examples of data sets ranging from more to less volatile? (Choose two)
(1.) CPU registers, (2.) ARP cache, & (1.) Memory, (2.) Temporary file systems
Data needs to be recovered from a recent cybercrime incident. Practicing proper order of volatility is advised. After investigating and evaluating sets of data, which options represent examples of data sets ranging from more to less volatile? (Choose 2)
(1.) CPU registers, (2.) ARP cache, & (1.) Memory, (2.) Temporary file systems
All of the following describes an application firewall, except:
(EXCEPT:) It analyzes packets at layer 2 (Data link). (however it can inspect contents of packets at application layer (7). web application firewall analyze HTTP headers and the HTML code present in HTTP packets to try to identify code matches pattern in threat database.)
A penetration tester performed a vulnerability assessment. The tester had logon rights to different hosts with certain elevated permissions to check security setting misconfigurations. What type of scan did the pen tester perform?
A credentialed scan
What are the main issues with dedicated firewalls implemented on device firmware for embedded systems? (Select two)
A lack of processing power, & A lack of memory space
A remote office has both a file server and a web server. A network appliance is in front of these servers, to manage network traffic. A security administrator configures the access control list (ACL) to specify rules for specific subnet ranges. Which of the following best describes this device?
A layer 3 device
A network security admin needs to manage the traffic entering a device that supports a file server. The branch office has both the server and the device. The device's current setting is for "implicit deny." Which of the following most describes the device?
A layer 3 firewall
An attacker evaded antivirus detection in a Linux kernel, as multiple threads attempted to write an object at the same memory location. What type of vulnerability did the attacker use?
A race condition
Analyze remote access protocols and explain the characteristics of TACACS+ that distinguishes it from the others.
A reliable system that utilizes TCP communications and encrypts transmitted packets
Three companies, PearCo, PeachCo, and PineappleCo, each of which operate separate domains, commonly share resources across all three domains. What type of trust relationship do these companies most likely have?
A transitive trust between peers
Which of the following will identify common misconfigurations, the lack of necessary security controls, and other related vulnerabilities and is considered a passive technique?
A vulnerability assessment
In an effort to allocate permissions appropriately when assigning new user permissions, an information assurance manager draws an organizational chart representing each division's distribution of permissions. They use this to determine which allocations and permissions each role will have. What process is the information assurance manager executing in this scenario?
A workflow
A large organization supports multiple domains. Assigning users to roles and provisioning resources for each role are distinct functions. What rule can account managers follow in order to manage accounts in this system?
Accounts go into Global groups, which go into Domain Local groups, which get Permissions (AGDLP)
A new user logs in with a PKI (public key infrastructure) card using a pin and prepares to send an encrypted email to a colleague using a mail service via the web browser. The user does not see the option for encryption. Co-workers send encrypted email on a regular basis. What does the employee need?
An S/MIME plug-in (Secure/Multipurpose Internet Mail Extensions)
A system administrator needs to hide internal resource private IP addresses from the internet to protect from exploitation. What can the administrator apply to the network to complete this action?
Apply NAT to the Internet facing firewall
During the evidence gathering process, an image of a compromised system was obtained for safekeeping. Investigators analyzing the image found it to be unreadable. After reviewing the forensic tools used, how could the corruption have been avoided?
Applying hashing utilities
A stratum 1 time server obtains routine updated time to ensure accuracy. Evaluate the Network Time Protocol (NTP) and conclude which device provided the updates.
Atomic Clock
An organization needs to be able to assign user permissions based on a number of factors, including group memberships, departmental rules, and the location where the user accesses the resource. A contracted security consultant advises the company on which control system to implement. Analyze the required criteria and select the system the consultant would most likely recommend.
Attribute-Based Access Control (ABAC)
A system administrator identified an issue in the cloud infrastructure where storage continues to fill and system latency occurs. Which is the best solution to stop the drive space from reaching capacity and causing failure?
Automated scripting
A security administrator is looking for ways to reconfigure servers and network devices so that hackers cannot easily probe for system information by generating errors. The network currently has a honeynet and a NIDS (network intrusion detection software). What type of attack is the security administrator most likely trying to prevent?
Banner grabbing
A penetration tester was contracted to apply offline attack methods to test random user and administrator passwords. The penetration tester was able to use brute force attacks on password hashes, but some took longer than others. What may have caused the delay in applying this attack method? (Select 2)
Bcrypt PBKDF2
A security administrator is implementing a few settings to mitigate vulnerabilities in weak passwords. A complexity policy is in place, but the passwords should also be protected from offline attacks. Which of the following settings will cause hackers to spend a significant amount of time guessing passwords? (Select 2)
Bcrypt, PBKDF2
Analyze and select the statement that accurately distinguishes the similarities between Mean Time to Failure (MTTF) and Mean Time Between Failures (MTBF)?
Both MTTF and MTBF can determine the amount of asset redundancy a system should have.
A network administrator is configuring a secure network stream. The data will be encrypted at a rate of approximately 64 bits of data at a time, before sending it across. Which cipher will the network administrator use, and why? (Select 2)
Blowfish, Block cipher
A network administrator logs on to a computer and notices two ethernet ports connected to one another within the guest operating system, under Windows settings. What type of network is on this computer? (2.1 Install & configure network components, hardware- and software-based, to support org. security.)
Bridge
How does Kerberos protect against a man-in-the-middle attack?
By performing mutual authentication
Servers designated as a root, intermediate, and issuing server, are examples of which type of implementation?
Certificate Authority (CA)
Users go to a site that they log into often. They now have some certificate issues that they did not have previously. What should admin look for when an existing certificate has stopped working?
Check certificate expiration, revocation, or suspension status
Wire Equivalent Privacy (WEP) used by older wireless devices was flawed and was later replaced by Wi-Fi Protected Access (WPA). WPA was designed to resolve the 24-bit Initialization Vector (IV) problem. WPA2 improves wireless security further using AES. Which of the following also describes why WPA2 is more secure? (Select 2)
Cipher block chaining, Counter mode is used
A hard drive contains sensitive data that the owner has recently applied restricted access as internal/official use only. Considering the different data classification levels, what is the appropriate level of data classification in this scenario?
Classified
A server file share containing sensitive data is only available for access by top level management. IT has been asked to enact appropriate security controls, and use a restricted classification designation as internal/official use only. Differentiate between data classification levels and select the appropriate level of data classification in this situation.
Classified
Symantec Endpoint Protection (SEP) reported a threat with a pop-up notification on the Windows desktop. The threat (which is an executable) is a known trojan based on a signature database. In this incident, what did SEP do with the file? (Select more than one).
Cleaned, & Logged
Risk assessment experts performed an audit of database systems at a small business. Results identified that risk is high, due to validation methods that did not exist on any of the database's front-end input controls. Which input validation method should a risk assessment expert implement to mitigate this risk?
Client side
In an effort to shorten a development schedule, a senior programmer added a trusted Application Programming Interface (API) into a custom application. By doing so, the programmer achieves implementing a shorter project timeline and delivers a fully functional application. Which method did the senior programmer practice during development?
Code reuse
A company is considering using an alternate site of operations in the event of a disaster. The plan is to aquire equipment at the time of the incident in order to avoid using dated hardware and software. What type of alternate site would best meet the company's needs?
Cold site
During a recent risk assessment, a municipality has decided an alternate site of operations is needed. This site would be used in the event of a severe incident. When the need arises, they plan to utilize spare equipment currently being held in secure storage. What type of alternate site should be used?
Cold site
A concentrator, placed on a firewall or router, combines multiple sensors to gather data for processing by an intrusion detection system. Identify this device.
Collector
A network administrator needs to monitor traffic that passes through the firewall to analyze attacks on the network. Which of the following devices will combine multiple sensors to gather data for analysis?
Collector
A company has laptops utilizing Windows BitLocker technology. Employees use encrypted thumb drives to move data manually (e.g., drag and drop to a workstation) between offices. Virtual stacks use Hardware Security Modules (HSM) to host Virtual Machines (VMs) protected with data-at-rest encryption. Which of the following cases are these technologies most likely supporting?
Confidentiality
The CIO at a firm no longer allows employees to wear smartwatches in the briefing room. Most briefings contain sensitive information regarding clients. The employees must place their device in a bin before entering. What is the CIO most likely concerned with?
Confidentiality
A company has workstation drives encrypted with BitLocker. Employees use a Common Access Card (CAC) to log in to those computers. Public Key Infrastructure (PKI) is available on the network and digital signatures are a requirement on company emails. Which of the following cases do these technologies support? (Select 3)
Confidentiality, Authentication, Non-repudiation
What is the best solution for enterprise workspaces?
Containerization
Which cloud infrastructure provides computing services offered either over the Internet or within an internal network?
Private
A security team added iris scanners to two access control points in a secure facility. They are in the process of making adjustments to optimize the system. Which metric are they fine-tuning?
Crossover Error Rate (CER)
A hacker takes contents from a local system, encrypts it with a variation of Advanced Encryption Standard (AES) and sends it to the attacker's server via HTTP over the port 80. Once the PowerShell code executes, the HTTP POST request is sent to the attacker's server. Analyze the options to determine what this represents.
Data exfiltration
In an Active Directory (AD), which type of group allows permissions over devices such as printers and file shares?
Domain local groups
Which of the following describes the ability of a system to adapt to current demands by provisioning and deprovisioning resources as needed?
Elasticity
Steganography is a technique for hiding data within other data. Typically, information embeds in the least expected places. Which of the following are examples of steganography? (Select three)
Embed a watermark on bank notes, Encode message within TCP packet data, & Change a bit of pixels
Upon arrival to work, a user stated a system that is normally off was powered on and logged in. A junior technician responding to the issue moved the computer to the data center to investigate. Considering chain of custody, which statement correctly evaluates the situation?
Evidence has been tampered with.
A vendor requires access to company resources to fulfill business requirements with a company it services. The company provides a zone to keep proprietary information secure, but allows the vendor access to the resources. What type of zone does the vendor use?
Extranet
A zone separated from the local network, provides business partners access to company resources without disclosing internal information. This illustrates what type of zone?
Extranet
Select the vulnerabilities that can influence routing. (Select 3)
Fingerprinting, Route injection, & ARP poisoning
A company needs to filter traffic passing in and out of their network. What software or hardware should they install?
Firewall
A network administrator needs to divide the network into different zones using packet-filtering rules, while blocking questionable traffic. What device should the administrator use?
Firewall
A network administrator needs to segment the network into different zones. What appliance will the administrator use?
Firewall
IT personnel assessed settings on all devices as part of a security audit. An engineer updated one device with the following configuration to meet new policy requirements:1 PERMIT IP ANY ANY EQ 802 DENY IP ANY ANYAfter performing an analysis of the change, which device did the engineer modify?
Firewall
To implement defense in-depth of a system, a system admin employed an IDS, a HIDS and scheduled penetration testing on a regular basis. Within the week, the company will install HVAC. Which of the following should a system administrator apply to reach control diversity?
Firewall
Which appliance ensures only specific types of authorized traffic passes in and out of the host based on the rule in an Access Control List (ACL)? ~
Firewall
Which of these devices will MOST likely process the following? 1 PERMIT IP ANY ANY EQ 80. 2 DENY IP ANY ANY
Firewall
A cipher's security depends on its properties for confusion and diffusion. Confusion ensures a key cannot be derived from a ciphertext and diffusion transposes ciphertext if plain text changes. Analyze the situation to determine which of the following options are made most difficult as a result of these properties.
Frequency analysis
A system has been compromised and data has been deleted. A backup of the system is performed every night. The last entire backup was five days ago. To restore the system, only two sets of data need to be restored. Examine the available backup schemes and determine which will accomplish the complete restoration of data. (5.6 Explain disaster recovery and continuity of operations concepts.)
Full and differential
A user installed software on a system without permission. The system is now highly unstable, continuously crashes, and removal of the software has failed. It has been decided to restore the system from a backup. A backup of the system is performed every night. The last entire backup was five days ago. To restore the system, five sets of data need to be used. Considering the available backup schemes, which will accomplish the complete restoration of data?
Full and incremental
What identifies the physical location of a device?
Geolocation
Diffie-Hellman (D-H) is commonly used in IP Security (IPsec) as part of the Internet Key Exchange (IKE) protocol. It can also be used with Transport Layer Security (TLS) protocol to provide perfect forward secrecy. How does D-H use a symmetric encryption algorithm to provide a secure agreement on a key to encrypt messages, and what is it referred to when used with TLS? (Select 2)
Groups, DHE
Diffie-Hellman (D-H) uses 768-bit, 1024-bit and 2048-bit algorithms. What are these algorithms referred to in D-H, and what benefits do they provide when used with the Transport Layer Security (TLS) protocol? (Select 2)
Groups, Perfect forward secrecy
A new business is working with a consultant to establish business processes. While drafting plans, the business must make considerations for unknown variables. Which type of approach to creating documentation do unknown variables prompt?
Guidance
Admin performs a security controls assessment, along with a risk assessment at a small business. Results indicate that issues exist with many control types. To maintain systems availability without risk, requires remediation. When considering environmental security control solutions, which measure will the business implement?
HVAC
An organization is developing a Continuity of Operations Plan (COOP). This plan will include strategies to keep the business functional during and after a catastrophe. Analyze the following topics and conclude which is included in such a plan.
Human capital.
A dementia facility would like the ability to track their dementia patients inside the facility. In evaluating their need for a patient wandering system, what type of system would the IT administrator suggest?
IPS (indoor positioning systems)
An organization with an aging network decides to replace the functionality by outsourcing. Doing so will lower the total cost of ownership. Which cloud service will the organization implement?
IaaS
A company has several servers in place. It is possible that some of these servers can go offline without impacting daily operations. What criteria is used to justify this conclusion? (Choose 2)
Identification of critical systems, Mission-essential functions
Which of the following does NOT help prevent the misuse of a private key but can help prevent impersonation of a digital signature?
Identity and Access Management (IAM)
A CIO finds it difficult to maintain servers in the company environment. The CIO would like to move all of the software applications to an alternate environment to reduce the server footprint. What is the best solution for the company?
Implement an IaaS concept
Company policy states that employees must use the Internet responsibly and productively. Limited Internet access applies only to job-related activities, prohibiting personal use. When an employee violates this policy, what corrective action should take place?
Incident response procedures
A company would like to implement a private network accessible through a portal, to communicate and share resources. Authorized users can only access the network. Which of the following is the best choice for implementation? ~
Intranet
A private network where employees can communicate and share resources is available for authorized users only. A network perimeter provides boundary protection between it and the public internet. Which of the following is this representative of? ~
Intranet
Examine the following options and determine which expands approximately two to the power of the size of the key when the key size is longer.
Keyspace
Which term defines the range of key values available for use with a particular cipher, and is approximately two to the power of the size of the key?
Keyspace
Evaluate the importance of disabling LAN Manager (LM) compatability when using a system that combines new and aging equipment, even when such compatibility is not necessary for daily operations.
LM is more vulnerable to password cracking than NTLMs
A medium-sized consulting firm deals with government contracts and sensitive information. As a result, they need to implement tight controls on accesses to systems based on a hierarchy of "need to know" status. Analyze the scenario and determine which type of access control would best fit the needs of this organization.
Mandatory Access Control (MAC)
Military intelligence units communicate with each other over a secure network. In order to ensure only authorized users with a "need to know" access certain classified reports, which type of access control must this unit employ?
Mandatory Access Control (MAC)
Which of the following are organizational security policies put in place so more than one person has knowledge of business processes? (Choose 2)
Mandatory vacations Job rotationsee more
An organization internally implemented checks and balances as part of a separation of duties program. The goal is to deter the possibility of critical systems or procedures compromise by insider threats. Which policies are helpful when implementing such a program? (Choose 2)
Mandatory vacations, Job rotation
During an end-of-year audit, an accounts manager for a large security company discovers a security risk: many employees have not changed their passwords for over a year. The accounts manager must submit a findings report to senior staff to recommend changes to the password policy. Which recommendation should the report highlight?
Maximum password age rule
Confidential data is ready to be destroyed. As a result, the decision to use pulverizing has been made, and a requirements list is being created. Considering the various approaches to destroying media, how will pulverizing be implemented? (5.8 Given a scenario, carry out data security and privacy practices.)
Mechanically shredding
A new employee at the office is having difficulty sending an encrypted email. The user confirmed with the system administrator the S/MIME (Secure/Multipurpose Internet Mail Extensions) plug-in was installed on the email client. Analyze the scenario to determine the cause of the issue.
Need an email certificate
A company is using Microsoft's Security Compliance Toolkit (SCT) and Nessus to get a sense of the company's security posture. What of the following does NOT describe nor apply to either of these applications? (Select two)
Nessus compares with a system configuration template, & SCT patches non-compliant systems
A company deployed a website. The public cannot trust the site since a public key has not been generated. However, it is operational and users can browse its contents. Conclude which of the statements about the website is most true. (Select 2)
No private key, RSA not implemented
A company implements a framework using its own predefined standards and practices. Which of the following frameworks does this follow?
Non-regulatory
A computer system was breached at a medium-sized business. IT personnel began an investigation immediately. Some steps taken included a virus scan and a reboot. What has this breach compromised?
Order of volatility
Which cloud solution provides consumers a preconfigured computing platform for "as needed" use?
PaaS
A user connects to an airport's free Wi-Fi network. The user accepts the user policy on the airport's splash page and is connected to the network. The user's Internet access was stopped after 15 minutes of checking email. However, other people appear to be browsing the Internet. What is the most likely cause of the interruption?
Payment for access is required.
Critical systems need to be be defined by an organization. After analyzing the groups, which best represents a collection of critical systems?
People, furniture, ideas
A root CA (Certificate Authority) and intermediate CAs are fully deployed. The system administrator turns off the root CA server. Why is the root CA powered-down?
Prevent certificate compromise
Since the company's recent data leakage incident, management expedited the installation of a DLP (Data Loss Prevention) system. Workstations do not have CD drives. Which of the following is most likely the reason for these extreme and sudden measures?
Prohibit the use of personal devices
A free software application was found to corrupt any image file it opens and was reported as problematic. After conducting research, the application was found to be maliciously modified before becoming available at an untrusted third-party distribution website. Which of the following choices best applies best to this scenario regarding how users have been impacted by this application?
Property
An organization has just experienced a data breach. As part of the breach, thousands of records containing private information has been stolen. Which type of data is typically stolen for insurance fraud purposes?
Protected Health Information (PHI)
Security personnel are tasked with securing access to a building, while maintaining traffic flow to a fenced-off, secured facility. Which physical access control mechanism would best balance the need for traffic flow and secure access to the facility?
Proximity card reader at entry control point
The CEO of a medium sized organization would like a risk assessment to be performed. This assessment focuses on an aging network infrastructure, and should provide both Single Loss Expectancy (SLE) and Annual Loss Expectancy (ALE) data. Which approach should be implemented to meet the CEO's needs? (5.3 Explain risk management processes and concepts.)
Quantitative risk assessment
A connection cannot be established during a network connection test of a newly deployed WAP (Wireless Access Point) in WPA2 Enterprise (Wi-Fi Protected Access) mode. After checking the wireless controller, the 802.1x option was selected, but another configuration setting did not save. Apply knowledge of the network connection process to determine which of the following did not save.
RADIUS server settings
A company implements data availability based on a mirroring without redundancy solution. Which of the following best describes this implementation?
RAID-1
What are the differences between RC4 and 3DES ciphers? (Select 2)
RC4 is a stream cipher, 3DES block sizes are 64-bit
A software developer has released a new social media application. A severe vulnerability was found shortly after the software's release to market. As a result, an external change management process is being requested. Evaluate and select the process being implemented.
Reactive
A general practitioner has opened a new office in the area. As part of the Health Insurance Portability and Accountability Act (HIPAA), the office administrator will need to protect health and medical data based on current laws and regulations. Which framework will the administrator need to employ?
Regulatory
What trigger occurs with several incorrect passcode attempts?
Remote wipe
A company executive is concerned with risk. During a recent meeting, a report was handed to all stakeholders that contained a scatterplot graph. The graph illustrated a high-level of risk related to the current system's infrastructure. Considering the evaluation of risk, what method was used to communicate risk issues with stakeholders?
Risk register
What is another term used for a "session key" when being exchanged in a digital envelope?
Secret keys
Analyze threat mitigation techniques and select which techniques are most effective in countering vulnerabilities an organization is exposed to while creating new accounts. (Choose 2)
Secure transmission of credentials, Password reset
Which of the following is true about default configurations of devices from vendors?
Security on them is minimal.
An employee failed to follow company policy for secure communication. As a result, the employee's email was sent as-is after experiencing issues sending a confidential document to a manager. The employee has since requested an email certificate to load onto a CAC (Common Access Card) to prevent future similar issues. Analyze the situation and select the task the user failed to properly execute.
Send an encrypted email
A firewall contains a Network Intrusion Detection System (NIDS), which monitors activity on the network. Devices placed in front of the firewall and after the firewall, gather information and reports applicable findings to a central console in the NIDS. Identify these devices.
Sensor
When deploying satellite communications (SATCOM), what should a business assess?
Service providers
A targeted attack has a budget that can allocate resources and manpower to achieve its goals. What attribute does this type of attack contain? (1.3 Explain threat actor types and attributes.)
Sophistication
An administrator decides what traffic should go in the encryption tunnel versus what goes to the unsecured Internet. Which VPN protocol did the administrator employ? ~
Split tunnel
During a routine usage audit, the account manager identifies some anomalous log entries that show excessive bandwidth usage. This is consistent with recent help desk complaints of bandwidth issues. What might this extra network traffic indicate?
Spread of malware or exfiltration of data
A company provides smartphones to their employees. The IT administrators have the ability to deploy, secure and remove specific applications and data from the employees' smart phones. Analyze the selections and determine how IT can perform this type of control.
Storage segmentation
What is a push notification?
Store services that an app or website can use to display an alert on a mobile device.
A developer uses a group of SQL statements to accept input data for validation. What technique did the developer use to protect from SQL injection attacks?
Stored procedures
Which of the following represents a critical vulnerability in the use of weak cipher suites and implementations? (Select two) (1.6 Explain the impact associated with types of vulnerabilities.)
Storing and processing data may not be secure; & Attacker masquerades with private key of server.
A stratum 2 time server obtains routine updated time to ensure accuracy. Evaluate the Network Time Protocol (NTP) and conclude which device provided the updates.
Stratum 1
The use of a master image to install the same configuration on other systems, reducing costs and ensuring a secure starting point provides which of the following? (Choose 2)
Streamlined deployment, Secure deployment
A company is upgrading a data center. While doing so, all new security controls are being installed on various fronts. One such control is a new intrusion detection system. Management has requested that the control types installed be reported. After evaluating the list of control types that have been upgraded, how would the intrusion detection system be categorized?
Technical
What happens to credentials stored or transmitted in cleartext?
The account loses it secure status.
What is the function of an asset management database?
The asset management database takes inventory and tracks all of the organization's critical systems.
A company has an existing Public Key Infrastructure (PKI) with an established Certificate Authority (CA) hierarchy. Another CA hierarchy is being deployed in a development network with no Internet access. The subordinate CAs are powered on and their respective certificates are installed. After closer inspection, the certificates are not trusted by the root CA. Evaluate and identify the possible issue with these certificates.
The certificates are not signed by the root CA.
In what way does Challenge Handshake Authentication Protocol (CHAP) protect against replay attacks?
The handshake is repeated with different challenge messages periodically throughout the session connection
An account administrator is configuring an Access Control List (ACL) to determine group memberships and permissions. How can the administrator differentiate between domain local and global accounts?
The rights and memberships of domain local and global groups are essentially opposite in scope.
An online shopper purchases a pound of their favorite coffee through the coffee roaster's retail website. If the website utilizes the OpenID Connect standard, which of these are viable options for the shopper to provide credentials to the retailer's website? (Select 2)
The shopper can use the "sign on with" feature from a trusted Identity Provider (IdP). The shopper can create a user profile on the retail website
A user cannot receive email from a new vendor regarding paper samples, after only 24 hours of regular email correspondence the day before. Regular corporate email, as well as Google or Hotmail email has no issue getting to the user. What may have caused the email from reaching the user?
The spam filter checked and stopped the email.
Analyze the following applications and determine when it would be more advantageous for a network to utilize Remote Authentication Dial-In User Service (RADIUS) than Terminal Access Controller-Access Control System plus (TACACS+).
The system is used to provide remote users with network access
When upgrading app at regular intervals & before submitting newly-developed apps, why important for app vulnerability scanners test vulnerabilities & unsecure coding practices, & analyzing app uses developer may not expect could occur?
To ensure the application is not vulnerable to new threats
What is the purpose of a Certificate Signing Request (CSR)?
To obtain a certificate
Which of the following represents a non-intrusive scanning type of framework?
Vulnerability scanning
What is the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is passive and penetration testing is active.
A new company wants to provide free Wi-Fi access to its customers. The users must be able to easily find the wireless access point and enter a password to gain access. The wireless traffic must be encrypted with the highest setting possible. Which of the following would meet these requirements?
WPA
The owner of a coffee shop installs a brand new wireless router for customer use. The owner wants to ensure only the customers benefit from the free Internet access, and wants to employ the highest possible level of security out of the box. What should the owner configure on the wireless router?
WPA
A wireless router failed and has been replaced with a newer model. The previously connected devices did not adhere to the 802.11i WLAN (Wireless LAN) security standard. Which of the following settings would be preferred when configuring the new router?
WPA+TKIP
The wireless clients only support connections using RC4 and the devices were manufactured before the 802.11i security standard. If RC4 encryption is required, determine which wireless configuration will best support these clients.
WPA+TKIP
A government firm has been working on establishing an alternate operations site in the event of a disaster. Currently, the preparations have confirmed the readiness of an alternate site with a few minor configuration contingencies. These configurations should take no longer than 24 to 48 hours to implement. Evaluate characteristics of alternate sites to conclude which type the firm is currently working with.
Warm site
A company collects and refines requirements for a development effort. Once approved, the developer begins the design phase. Which development lifecycle model does this represent?
Waterfall
A recent systems crash at a local business severely impacted operations. Reconfiguring the system took place after a 6 hour restoration was performed. Now, the system must be tested to confirm integrated functionality with other systems. Which metric is assigned when calculating the time required for the functionality testing?
Work Recovery Time (WRT)
Network administrators plan to deploy wireless access points (WAPs) in the building. Admin must record SSIDs (service set identifiers) and channels so there is no conflicting wireless traffic. Which of the following tools will help architect the configuration of these WAPs?
inSSIDer (Wi-Fi network scanner application for Microsoft Windows/OS X)
After spoofing the IP address of a network host, an attacker connects to multiple servers and redirects SYN/ACK (Synchronize/Acknowledge) packets to a victim server to consume its bandwidth and crash it. What type of attack does this describe?
A DRDoS attack
An adversary spoofs a victim's IP address and attempts to open connections with multiple servers. If those servers direct their SYN/ACK (Synchronize/Acknowledge) responses to the victim server, and rapidly consume the victim's bandwidth, what has happened?
A Distributed Reflection Denial of Service (DRDoS) attack
A social engineer used a phishing attack to trick users into visiting a malicious website. Once users visit the site, a vulnerability exploit kit installs, which actively exploits vulnerabilities on the client. What type of attack did the users become a victim of?
A Man-in-the-Browser (MitB) attack
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
A Man-in-the-Middle attack
residential internet consumer wants to add wireless network to home. To automate & simplify setup process, user installed wireless access point capable of Wi-Fi Protected Setup (WPS) with 8-character Personal Identification Number (PIN). What type of attack is this installation vulnerable to?
A brute force attack
An attacker remotely compromised a closed-circuit television (CCTV) server and used it to steal a user's password. Which of the following can help prevent this type of shoulder surfing?
A privacy filter
Before installing a browser plug-in, a user accepted a 30-page license agreement which stated that their data would be monitored, and their activity would be sent to a third party. What type of software did the user install?
Adware
A user entered credentials into a web application login page. Unfortunately, the login form contained a malicious invisible iFrame, that allowed the attacker to intercept the user's input. What type of attack is this known as?
Clickjacking
bank manager fired security engineer. engineer changed companies and brought insider knowledge, breaking NDA with previous employer. security engineer used knowledge to damage previous company's reputation. What classification of threat actor is the engineer?
Competitor
An attacker used Open Source Intelligence (OSINT) to gather information about a target's Internet Protocol (IP) address registration records for the victim's servers. What type of technique did the attacker use?
DNS harvesting
Which of the following can perform a Denial of Service (DoS) attack against a wireless network? (Select 2)
Disassociation, & Deauthentication attacks
If a hacker compromised multiple computers with Trojan malware to create a botnet, what type of attack can the hacker launch?
Distributed Denial of Service (DDoS)
Through backdoor Trojan malware infections, an attacker compromised multiple computers to form zombie agent PCs with tools to create a botnet. Which of the following attacks can the hacker launch?
Distributed Denial of Service (DDoS)
A hacker placed a false name:IP address mapping in the HOSTS file on a user's workstation to redirect traffic to the attacker's computer. What type of attack did the hacker perform?
Domain Name System (DNS) client cache poisoning
A hacker corrupted the name:IP records held on the HOSTS file on a server to divert traffic for a legitimate domain to a malicious IP address. What type of attack did the hacker perform?
Domain Name System (DNS) server cache poisoning
By modifying query traffic, an attacker compromised a legitimate site's web server via a Denial of Service (DoS) attack and redirected traffic, intended for the legitimate domain to go instead to the attacker's malicious IP address. What type of attack did the hacker perform?
Domain Name System (DNS) server cache poisoning
An attacker stole a website name by gaining control of and altering its registration information. The attacker then changed the IP address associated with the site, to the IP of a web server the attacker owned. What is this exploit of the website registration process known as?
Domain hijacking
Which of the following is a way to protect against birthday attacks? (2)
Encryption algorithms, & demonstrating collision avoidance
An employee suspected of modifying company invoices, diverted funds from a company account to his or her own private bank account. What kind of malicious actor type does this describe?
Insider threat
Which of the following, if implemented, will NOT help mitigate the threat of tailgating?
Installing non-discretionary privilege management
An attacker used an illegal access point (AP) with a very strong signal, and gained close physical proximity to a corporate wireless network to disrupt its services. What type of attack does this describe? (Select 2)
Jamming attack, & Interference attack
An attacker compromised a series of computers with a botnet and installed Remote Access Trojans (RATs) on them. What else can the attacker now do with this type of malicious network? (Select 3)
Launch a Distributed Denial of Service (DDoS) attack, Launch a mass-mail spam attack, & Establish a connection with a Command and Control server.
Which of the following defeats a jamming attack and prevents disruption of a wireless network when a hacker uses an illegal access point (AP) with a very strong signal in close proximity? (Select 2)
Locate the offending radio source and disable it, & Boost the signal of the legitimate equipment.
Which of the following is NOT a critical profiling factor when assessing the risk that any one type of threat actor poses to an organization?
Non-repudiation
An attacker gained access to a target's cell phone information by social engineering a cellular provider to send the attacker a SIM card issued for the victim. What type of activity is this attack categorized by?
Organized crime
After a social engineer used Open Source Intelligence (OSINT) to gather information about the victim, the attacker then used this information to email the victim, personalizing the message and convincing the victim to click a malicious link. What type of social engineering attack does this describe?
Spear phishing
If an attacker purchases a fake domain that has a similar name of a real domain, and then uses the fake domain to send the legitimate company forged notices by email, which of the following attacks did the malicious user perform?
Typosquatting
In what way can an attacker NOT perform a Denial of Service (DoS) attack?
Use web application firewall processing rules to filter traffic.
Which of the following is a way that a Denial of Service (DoS) attack cannot be performed?
Use web application firewall processing rules to filter traffic.
What is the difference between a virus and a worm?
Viruses replicate by infecting applications; Worms are self-contained.
A social engineer impersonated an IT security staff member of a company, and called an employee to extract personally identifiable information (PII) from the employee. Which of the following attacks did the impersonator conduct?
Vishing
Using social engineering, an attacker called an employee to extract the name and contact information of the Chief Information Security Officer (CISO). What social engineering deception did the attacker utilize?
Vishing
If an attacker performs open source intelligence (OSINT) gathering and social engineering on the CEO and creates an email scam for the upper management department of a company, what type of attack occurs?
Whaling
During which type of penetration test does the tester skip the reconnaissance phase of the test?
White box
Which type of penetration test requires the tester to perform partial reconnaissance?
Gray box
A network admin troubleshoots a virtual host that currently restarted. The admin wants to know when the virtual host is reachable through the network. Which ping switch would provide the most useful information?
-t
A security engineer received a .cer file. After some troubleshooting, the engineer was able to install the certificate with Base64 encoding using a different extension. Which of the following extensions did the engineer most likely use?
.pem
A bank's payment machine has been completely replaced with better hardware and encryption protocols. The machine comes standard with AES (Advanced Encryption Standard), which provides faster and more secure transactions. What encryption standard may have been used in the previous payment machine model?
3DES
A computer terminal processes banking transactions using DES (Data Encryption Standard) and is due for an upgrade. The software engineer is looking for ways to improve the encryption method, while maintaining the validity of the code. Which of the following will most likely be used for the upgrade?
3DES
Which of the following are reversible and will output a set length of characters and numbers based on their pre-defined algorithms? (Select 2)
3DES, AES
An attacker facilitated a Man-in-the-Middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths. What type of attack does this describe?
A downgrade attack
At the Windows desktop screen, a user reports a small pop-up window that shows information about a blocked IP (Internet protocol) address before disappearing. The user fears that Internet access dropped. Describe the type of pop-up window the user reported.
A host-based firewall notification
A penetration tester performed a vulnerability assessment. Although the tester used default passwords for service accounts and device management interfaces, the tester did not have any privileged access to the network. What type of scan did the pen tester perform?
A non-credentialed scan
A web-based company, ThunderCorp trusts user credentials provided by LightningCorps' website. However, LightningCorp's website does not trust credentials provided by ThunderCorp. What type of trust relationship are these companies engaging in?
A one-way trust with LightningCorp as parent
Two companies are negotiating a contract concerning federated identity management. LightningCorp needs their clients to be able to access the other company, ThunderCorp's, domain, but ThunderCorp does not need their clients to have access to LightningCorps' domain. Determine which type of trust relationship they should establish.
A one-way trust with LightningCorp as parent
IronCorp and SteelCorp employees often work together on projects, and as a result, the companies share access to resources. Which type of relationship exists between the two domains if IronCorp's domain trusts SteelCorp's domain, but members of IronCorp cannot access SteelCorp's resources?
A one-way trust with SteelCorp as parent and IronCorp as child
An attacker wants to crash a process by setting the pointer to a null value through a malicious process. Which of the following did the attacker performed?
A pointer de-reference
RiseCorp is a client of ShineCorp, and as such, needs access to select resources on ShineCorp's domain. ShineCorp needs to be able to access RiseCorp's domain for quality control and distribution purposes. What type of trust would be most advantageous to both companies?
A two-way non-transitive trust
Evaluate the methods of obtaining privilege escalation on mobile devices and conclude which is an example of jailbreaking.
A user boots the device with a patched kernel while the device is attached to a computer.
An administrator navigates to the Windows Firewall with Advanced Security. The inbound rules show a custom rule, which assigned the action, "Allow the connection" to all programs, all protocols, and all ports with a scope (of 192.168.0.0/24). This is an example of what type of security setting?
ACL (access control list)
A user has a tracker that calculates the number of steps taken, number of minutes active per day, and how many miles the user walked. What type of technology does this device utilize?
Adaptive Network Topology (ANT)
The CEO of a large company calls the help desk and reports issues with access to an important folder. The CEO is supposed to have access to this folder based on his role. What can the helpdesk technician identify as possible causes of the problem? (Select 2)
Access Control Entries (ACEs) are out of order in the Access Control List (ACL). The user has not been granted permissions to the resource they are trying to access.
Which of the following implementations best employs the advantages of location-based authentication, while minimizing its disadvantages?
Activating location-based technology to operate a Virtual Private Network (VPN) gateway to restrict access to users from foreign countries
Analyze and apply the strengths and weaknesses of location-based authentication to conclude which is the most ideal deployment.
Activating location-based technology to operate a Virtual Private Network (VPN) gateway to restrict access to users from foreign countries.
Which of the following is true about active and passive scanning? (Select two)
Active scanning is more likely to cause performance problems than passive scanning; & Passive scanning results in more false positives.
A network engineer runs and analyzes vulnerability assessment scans on a weekly basis per company policy. Identify this type of security control.
Administrative
A security engineer conducts a penetration test against an application on the company network to assess security controls implemented on a system. What type of control diversity is this?
Administrative
An IT survey has been distributed throughout an organization with a goal to understand departmental systems security needs, requirements, and solicit suggestions. The survey results yielded suggestions to strengthen computer use policies. Apply knowledge of security controls to determine which guidelines are followed by implementing this type of security control.
Administrative
An employee attempts to hack the company's firewall without authorization. The employee is not a member of the IT department and is in violation of the company's use policy. Considering the security control types, the employee challenged which directive when defying the policy?
Administrative
Human resources is developing a new set of policies for the IT department. The policies note suggestions for employee computer use rules. Compare security control types to determine which guidelines are followed as a result of implementing this type of security.
Administrative
New security controls have been established at a medium sized business. As part of the new implementation, scheduled security scans and audits will take place. Which security control type governs this component of the implementation? (5.7 Compare and contrast various types of controls.)
Administrative
A company policy states that the IT department must conduct monthly risk assessments, to quantify and qualify risks within the organization, which include creating a plan of action and milestones. What is this an example of?
Administrative control
Human Resources has released an updated fair use policy regarding mobile devices. It is now prohibited to use the camera feature of a mobile device inside the office building. Classify the type of action that violates the updated fair use policy.
Adverse
Multiple events trigger an incident between servers, network devices, and edge appliances. Management has a hard time changing standard operating procedures (SOPs) to handle problems to know exactly what happened during an incident. How can a SIEM (Security Information and Event Management) system help? (Select two)
Aggregate event logs, & Correlate the data
An independent security penetration tester tried to access the company's wireless network. The first test is to determine if pre-shared keys are not dictionary words. Which of the following tools would help find weak passwords?
Aircrack-ng
An organization that uses PII has a sensitive network that needs physical isolation from the unsecured network. Which of the following practices would meet this requirement?
Airgap
Which of the following statements about DES (Data Encryption Standard), RC4 (Arcfour), Blowfish, or Twofish is false?
All are stream ciphers
A VPN connection allows employees to use both physically separated networks any time they need to. What type of capability does this represent?
Always on
To resist cryptanalysis, a cryptographic module must apply a value to the message to remove any possibility of the same plaintext outputting to the same encrypted value. How is this value added to a cryptographic algorithm?
An XOR operation
Simulate the hypertext transfer protocol secure (HTTPS) protocol in use.
An encrypted TCP connection protects sensitive banking information during online transmission
An administrator purchased an operating system with a policy that had five years of mainstream support and five years of extended support. Once the ten years of support are complete, what type of operating system is this?
An end of life
If an operating system reached its five years of mainstream support and five years of extended support, what type of system does this become?
An end of life
An attacker caused a software program to calculate a value that exceeded the fixed lower and upper bounds, and caused a positive number to become a negative number. What vulnerability did the attacker exploit?
An integer overflow
A system administrator creates a group policy to deny the addition of certain software to a host system, to prevent the introduction of malware to the network. What did the administrator use to secure the host?
Application blacklisting
IT security specialists were called in following an incident at a local business. An image of a compromised system was obtained for safekeeping during the evidence gathering process. It was later revealed that the image must not have copied properly and was found to be corrupt. As a result of reviewing available forensic tools, how could the corruption have been avoided?
Applying hashing utilities
A user who handles historical data must comply with laws concerning data retention. In doing so, IT has been been contacted to address the requirement regarding system backups. Considering possible backup options, how should the IT department handle data retention?
Archives
The systems administrator of a financial firm is required to document a new backup and restore methodology for senior management. Data retention is of great concern. In documenting the backup process, which area must the systems administrator focus their attention?
Archives
A qualitative risk assessment is taking place to determine the overall risk and likelihood of a systems breach. What value is multiplied by an Exposure Factor (EF) when evaluating what would be lost in the occurrence of a single risk factor?
Asset
What allows administrators to identify and troubleshoot serious logs and events anomalies promptly?
Automated alert or alarm
A user reported that the office workstation is performing very poorly. For example, opening a word document takes three minutes. An admin found a service running on the workstation that is using a large amount of processing power. The admin was unable to find direct articles about the unknown service. Which of the following tools should the admin use to help resolve the issue and why? (Select two)
Autoruns, & Identify service location
Which of the following results from improperly configured accounts? (Select two)
Increased risk of infection, & Data breach events
A retail company would like to have a coupon automatically sent to smartphones located within 500 feet of their store entrance. Recommend the technology that can achieve this function.
Geofencing
The security and software development team are working on a password storage application. It will store passwords as a secure hash. Which of the following will provide the best protection against brute force attacks? (Select 2)
BCRYPT, PBKDF2
What combination of hardware and software on a system can execute code to enable and disable functionality?
BIOS
A systems administrator incorporated a software tool on each workstation that can prevent the use of USB (universal serial bus) drives on workstations. Without physically changing the client workstations, what other hardware alternatives can the administrator implement to prevent the use of a removable device? (Select two)
BIOS settings, & Disable SATA ports
A company needs to onboard a new employee. A new process for preparing the employee for employment is being implemented. Which step should be performed first in order to eliminate wasted effort?
Background check
Biometric authentication requires sophisticated technology. While this will likely be more widely used in the future, what technical challenges must biometric technologies overcome to be more effective today? (Select 2)
Biometric template storage and security, Pattern matching from templates
High-level executives at a firm travel frequently. In the past, executives have lost these devices. As a result, a request for new mobile devices that allow the built-in camera to authenticate the user, is in process. Using this method implements which type of physical security control?
Biometrics
When implementing the security control that addresses "something you are," what is the most probable solution?
Biometrics
What type of brute force attack aims at exploiting collisions in hash functions?
Birthday attacks
During which type of penetration test does the tester specifically include the reconnaissance phase of the test?
Black box
A company directed a security administrator to prevent the use of certain applications on company assets. Which of the following should the security administrator implement?
Blacklisting
A user owns an iOS mobile device and would like the ability to sideload applications. Evaluate the methods of obtaining privilege escalation on mobile devices and recommend what action the user should take.
Boot the device with a patched kernel while attached to a computer.
The network team must choose the correct firewall to filter traffic between the trusted local network and untrusted external networks. Which firewall should they recommend?
Border firewalls
A new IT security firm is partnering with an IT support company, and is opening its doors for business soon. The firm would like to be a reseller of a popular firewall. Considering all the agreements in process, which would be used to become an authorized reseller?
Business Partners Agreement (BPA)
Which of the following structured processes prevents unauthorized revisions to software?
Change management
A system admin installed a new certificate onto a web server. Browsing to the website, the browser shows trust errors. After clicking on the certificate icon, the website's name and information look correct. How would the system administrator troubleshoot further to find a root cause?
Check certificate chain
Data for an upcoming project has been stolen from a company and leaked online. The investigation implies social engineering is the cause. Which policy can prevent such an incident from occuring?
Clean desk
Which input validation method in a client-server architecture can improve application performance by catching deformed input on the front-end and is not used as the only form of security?
Client side
company wants telecommuters 2 access resources from anywhere. Mgmt asked sec admins 2 find solution 2 provide secure user connection 2 SharePoint, with little changes 2 network architecture. Which supports requirements? (Select 2) ***
Client-based VPN over port 443 (HTTP/S), & TLS VPN
A new antivirus software package is being used to improve upon an organization's risk management plan. By strengthening security controls, the goal is to mitigate any threat as soon as possible. Analyze the scenario and determine which type of security control is likely being implemented.
Corrective
An organization is deploying a new antivirus software package. This initiative is a direct result of virus incidents recently infecting several laptops. The new antivirus software strengthens security controls to improve the organization's risk management plan. Analyze the scenario and determine which type of security control is likely being implemented.
Corrective
A Security Information and Event Manager (SIEM) collects, analyzes and manages information from multiple sources to provide a centralized method of security. Which of the following collects and analyzes event logs to detect potential security events?
Correlation engine
A network admin implements a security information and event manager (SIEM) on the company network. One of the components collects and analyzes event logs, which detects potential security events and alerts security engineers. What type of capability did the admin utilize?
Correlation engine
After a recent hurricane, the company realizes that it is not ready to resume services of their online products immediately after the weather event. IT (Information Technology) management must develop an architectural solution to this dilemma. Which of the following will provide the best solution? (Select two)
Create a failover process, & Stand up a hot site
Company A wants to share Wi-Fi access with a subsidiary, company B, located in the same building. Extensible Authentication Protocol (EAP) is implemented at both companies using RADIUS (Remote Authentication Dial-in User Service) servers. How can both networks be configured to allow users from either company to use their company credentials to gain access?
Create a federation
In Windows Active Directory, how do Organizational Units (OUs) help account managers designate permissions?
OUs divide a domain into different administrative realms
A system administrator is trying to decide what encryption algorithm to use for Kerberos in the active directory environment. Kerberos supports several algorithms like DES (56-bit), RC4 (128-bit), or AES (128-bit or better). Applying knowledge of the scenario, which of the following is FALSE?
DES (56-bit) key is stronger
What provides an automatic method for network address allocation? (2.6 Given a scenario, implement secure protocols)
DHCP
A system administrator implements a web server that both the internal employees and external vendors can access. What type of topology should the administrator implement?
DMZ
What facilitates a pharming attack?
DNS spoofing
What helps reduce spoofing and poisoning attacks by providing a verification process for domain name system responses?
DNSSEC (Domain Name System Security Extensions)
A U.S government agency is testing RSA (Rivest, Shamir, Adleman) encryption on a web-based application to test functionality and operations of signatures. The software developer found RSA is not supported on the application after the app crashed. Which of the following is a close alternative for use on a government network?
DSA
A custom U.S. government software is in development. The first phase used ECDSA (Elliptic Curve Digital Signature Algorithm) and was not successful. RSA (Rivest, Shamir, Adleman) encryption was also tested, but the developers are looking to test asymmetric encryption options. Which of the following tests is the best candidate?
DSA
A business has implemented a series of websites that collect customer information for marketing and sales purposes. The sites are mirrored in a number of countries. What needs to be considered when implementing data retention for archival purposes?
Data sovereignty
Which of the following secure coding techniques makes code more difficult to read for an attacker?
Obfuscation
An HR (Human Resource) representative reported that an email was sent out by accident, containing personal information of an employee to the representative's friend's gmail account. The user asked to retract the email, but the IT (Information Technology) department explained that it could not be done. In what way can the IT department prevent a mistake like this from happening again?
Data Loss Prevention
A federal agency is digitizing years of written documents. These archives will be encrypted and stored in a vault. There may be the occasional need for these documents that will require approval from authorized personnel. What is the state these archives will most likely be in for the remainder of their time in the vault?
Data at rest
A new job has become available at a firm that utilizes several important databases. The new job is ultimately responsible for enforcing access control and data encryption. Analyze the job titles and consider the responsibilities of each. Which job role has most likely become available?
Data custodian
An organization experienced a data security breach. Part of the established incident management plan is to consider factors in order to prioritize and allocate resources. After analyzing the plan and defined factors, which is considered the highest priority?
Data integrity
Analyze the following incident factors and consider the incident management process to conclude which of the factors should receive the highest priority.
Data integrity
A firm that deals with numerous databases has worked to standardize job responsibilities based on industry defined roles. As a result, a new job has become available. The new job is ultimately responsible for maintaining the confidentiality, integrity, and availability of information, and who should have access. Evaluate the job titles and consider the responsibilities of each. Which job role has most likely become available?
Data owner
A recent system breach resulted in sensitive data being leaked online. Many specifics were unknown until details of the investigation revealed the breach was caused by an insider. Of the security controls in place, which was most effective in solving the crime?
Detective
Which of the following is NOT a characteristic of a lessons learned report?
Determining if outside expertise is needed
A company has a data room it would like to protect. However, at the moment there are no funds in the budget to allocate to this task. As a result, they decide to place an alarm warning sticker on the door as temporary security measure. What type of security control is being used in this situation?
Deterrent
Bluetooth devices have a few known security issues. Consider the selections and choose the security issues associated with Bluetooth devices. (Select 3)
Device discovery, Malware, & Authentication and authorization
What security issues can occur when using a Bluetooth device? (3)
Device discovery, Malware, & Authentication and authorization
An employee wants to check their corporate email, so they call for support by connecting a Windows 10 laptop to the airport's free Wi-Fi. The wireless network adapter on the laptop seems connected, but email and other web services are not functioning nor updating. What reason supports the employee's inability to connect to the Internet properly?
Did not authenticate to the airport's web portal
What provides privilege management and authorization on an enterprise network?
Directory services
A Cisco server is running an ESXi (Elastic Sky X Integrated) hypervisor and affected by Intel's foreshadow vulnerability that takes advantage of hyperthreading, so a hacker may read data from another virtual machine. This affects multiple servers of the same model. Which of the following actions will NOT mitigate the vulnerability? (Select two)
Disable Hyperthreading, & Install a VIB
A system administrator installs a database server straight out of the box. While it operates as designed, the administrator needs to apply hardening techniques to ensure secure operations. Which of the following should the administrator perform to secure the system? (Select 3)
Disable unnecessary services, Remove default username/password, Disable root login Share user accounts
A new server with default settings is a mission critical system at a company. A growing concern, regarding the settings, prompts IT personnel to investigate steps to further harden the server. After considering the available options, which methods should IT implement? (Select 3)
Disable unnecessary services, Remove default username/password, Disable root login share user accounts.
After a recent data leak caused by an insider, the IT department created a fair use policy at a large firm. The policy states that employees can no longer use flash drives. IT enforces the policy with which mitigation technique?
Disabling USB ports in BIOS
Employees use flash drives on company workstations. This concerns the CIO, since employees can copy sensitive files onto their USB drive and leak information to the general public. Which mitigation technique would address this concern?
Disabling USB ports in BIOS
After obtaining local administrator privileges on a machine, a hacker evaded antivirus detection using code refactoring, and was then able to get the Windows machine to load a malicious binary package in memory. What type of attack is this?
Dynamic Link Library (DLL) injection
The content owner has given consent for the organization's domain administrator to assign access rights to edit a shared document. What type of access control is the domain administrator using?
Discretionary Access Control (DAC)
Which type of control allows the content creator to allocate permissions for accessing resources?
Discretionary Access Control (DAC)
What term accurately defines an entry in an X.500 directory, or X.500-like directory, comprised of attribute=value pairs, and separated by commas?
Distinguished name
Which type of entry in an X.500 directory is a unique identifier for a specific resource within the directory, and is comprised of attribute=value pairs?
Distinguished name.
A company network allows multiple computers to work together to solve compound transactions. A central processor divides the transactions and distributes it across nodes for action. If a node fails, the processor will no longer task it, but processing between the other nodes will continue. What does the company achieve with this setup?
Distributive allocation for high availability
Developers are testing an application in the lab where two servers are communicating in a very secure manner. Each session is encrypted using perfect forward secrecy. How is this secured communication possible? (Select 2)
Ephemeral key, ECDHE
A new business owner recently completed an extended validation process to set up a trusted, valid website for secure public communication. The owner complained about how a domain validation would have been an easier process. Analyze and explain how a domain validation represents an easier solution in this situation.
Email to a point of contact
One of the essential parts of detailing the process for recovering services at a cold site, include the order of restoration. The company has a backup solution that replicates data to a cloud service until needed. When restoring services, which of the following would take place first?
Enable and test UPS devices
An office deployed new client switches. A network administrator disables Telnet and allows SSH (Secure Shell) for secure management. A security administrator suggests disabling HTTP (Hypertext Transfer Protocol). What other best practices can restrict unauthorized connecting of other devices?
Enable port security
Which of the following is NOT a component of a user's account?
Encryption
Extremely warm temperatures have put extra stress on a local power grid. As a result, a severe power outage has caused downtime at several local businesses. This type of incident is considered a threat, as it causes disruption to business. Applying knowledge of threat assessment goals, classify the type of threat for this event.
Environmental
A client browser does not support secure connections to web server. A TLS (Transport Layer Security) connection is being established with DHE (Diffie-Hellman Ephemeral mode). Why does the browser not support DHE?
Ephemeral key
A client browser has difficulty securely connecting with a server via TLS. The browser does not appear to support the cipher suite used by the server. The cipher suite used is written as ECDHE-RSA-AES128-GCM-SHA256. Which of the following may be the reason the cipher suite is unsupported?
Ephemeral key
A system engineer would like to remove the single point of failure and improve performance by using multiple servers in a node configuration. Which of the following does the engineer want to achieve?
Failover cluster for high availability
When considering installing a biometric recognition system in a company facility, which of the following considerations is least relevant to managing traffic control?
False negative rate or false rejection rate (FRR)
A hacker infiltrated a commercial stock image company and found a file share full of free images that users could download via a web server. The hacker replaced each image with malicious code, hoping the free images will get downloaded onto unsuspecting users' computers. Which of the following can prevent this attack method?
File integrity monitoring
A hacker modified a company photo by embedding malicious code in the picture. The hacker emailed the picture to company employees and several employees opened the email. The hacker now has remote access to those employees' computers. Which of the following can prevent this method of attack?
File integrity monitoring
An organization deployed a new internal Line of Business (LOB) application that contains custom code. As part of a risk assessment, it requires testing the application for threat vulnerabilities. Considering the available testing approaches, which implementation would satisfy assessment requirements?
Fuzzing
Block ciphers like AES (Advanced Encryption Standard) can operate in different modes of operation, each giving a different result of all outputs. Which of the following provides a type of authentication?
GCM
When uploading a picture to a photo web site, it automatically loads the photo onto its interactive world map. How is it possible that the website can read the location of the uploaded picture? (Select 2)
GPS Tagging, & Geofencing
A security event popped up, alerting security of a suspicious user gaining access to and copying files from the %SystemRoot%\NTDS\ file path on a server. What is the user trying to do?
Gather employee login credentials.
How does general account prohibition add a layer of safety to an Operating System (OS)?
General account prohibition makes it harder to identify and compromise an administrative account
A company would like to provide internet capabilities in the lobby of the office for customers. The service must be separate from the internal network and limit what they can access. What is the best network architecture solution?
Guest
An organization incorporates multiple complex and varied critical business processes. Documentation is requested to capture the steps involved with processes for improvement. Anaylze and determine which type of approach to creating the documentation is prompted by complex and differing variables.
Guidance
A server has software that notifies the administrator when specific system files get modified. This notification informed the admin that modification occurred since the system last shut down. What type of software does this describe?
HIDS
A software on a server has blocked a connection when an unauthorized and unknown server attempted to use Telnet on port 23. This is an unsecure network protocol. What category does this software belong to on the server?
HIPS
Repeated attempts to access a remote server at a branch office from an unknown IP (Internet Protocol) address occurred. Logs from a network appliance show the same unknown traffic going to other areas of the internal network. Which of the following best provides an active and passive protection at the server level? (Select two)
HIPS, & HIDS
Management wants to implement a secure messaging system and will not be prioritizing confidentiality. Employees must know who the message is coming from and trust the message. The sender and receiver will share a session key. Which of the following options will meet the company's requirements? (Select 2)
HMAC MD5
Field employees at an organization require mobile devices that offer high-level security options. IT suggests using laptops that include trusted platform module (TPM) technology. When using this technology, what does the system provide?
Hardware root of trust
Forensic investigators gathered evidence from a breached system. During the process, an image of the system was acquired. Which is the next best step in following best practices for obtaining evidence?
Hashing
Investigators gathered evidence from a breached system. An image of the system was acquired before leaving the scene. Which step should the investigators execute next in following best practices for obtaining evidence? (5.5 Summarize basic concepts of forensics.)
Hashing
Which input validation method in a client-server architecture is more secure, yet takes longer? (3.6 Summarize secure application development and deployment concepts.)
Server side
If a social engineer dresses up as an internet technician, and then proceeds to enter a place of business once granted permission, what type of social engineering attack does this describe?
Impersonation
User A sends an encrypted email to User B and signs the email using RSA (Rivest, Shamir, Adleman) encryption. What is most likely to occur during the key exchanges if User A's private key is known by the hacker?
Impersonation
social engineer intercepted end-user's phone call to internet provider about outage. Pretending 2b caller, attacker tried to cancel service call, dressed up as internet tech, and entered end-user's home with permission. What type of social engineering attack did the provider and end-user fall victim to? ***
Impersonation
A high level executive for a popular firm has recently been receiving increasingly more spam email. IT personnel identified most of the spam as spear fishing attempts. After examing the computer for signs of a breach and interviewing the executive, what cause can the rise in spam email be most likely attributed to?
Increased social media activity
During work hours, an employee violated company policy by performing personal banking tasks on the Internet. Employees can only use the Internet for job-related activities. What should management do to correct the employee's actions?xxx
Incident response procedures
Which procedure would a government agency prefer to use, to completely destroy top secret documentation removed from basement file cabinets?
Incinerate
Which of the following is characteristic of a risk register?
Includes the date of identification, description,countermeasures, owner/route for escalation, and status
An accounts manager is sorting through a list of past and present employee accounts, to verify the individuals who have transferred departments, or who have left the company, no longer have active accounts. Conclude which process the accounts manager is currently engaged in.
Offboarding
An employee uses an approved USB wireless mouse connected to a workstation. The mouse poses a security risk of several types of attacks, to include mousejacking. What can the user do to ensure security on the wireless mouse?
Keep firmware updated
An organization allows users to use wireless peripherals, such as wireless mice and keyboards. Such devices do have vulnerabilities. After analyzing the following solutions, which option can best minimize any risk?
Keep firmware updated
LM or LAN Manager known for password hash vulnerabilities, resulting successful Man-in-the-Middle attacks. Microsoft improved authentication methods harder for password crackers calculate hashes & guess passwords. what ways modern versions of Windows systems part of domain, making harder for password cracker software? (Select 2) ***
Kerberos, & Biometrics
local environment includes modern servers with Win 2012 R2, with legacy systems using 2003. sec admin concerns about legacy servers & LAN Manager service vulnerabilities with password hashes. What best options prevent hackers cracking passwords? (Select 2) ***
Kerberos, & Fresh install of Windows Server 2008 R2. (LAN=local area network)
LAN Manager (LM) authentication is a challenge/response authentication protocol and only provides for client authentication. Which of the following authentication protocols provide mutual authentication for domain networks? (Select 2)
Kerberos. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2)
Clients and servers authenticate to each other using mutual authentication. Which authentication protocols perform mutual authentication? (Select 2)
Kerberos. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2)
Assets, such as servers, disk arrays and switches, support IT systems. What type of measurement can determine the reliability of each asset?
Key Performance Indicators (KPI)
A company with multiple types of archived encrypted data is looking to archive the keys needed to decrypt the data. However, the company wants to separate the two in order to heavily guard these keys. Analyze the scenario to determine the most likely key placement.=
Key escrow
Developers are working on a password vault application. The application will add salt to the password and create a hash of it in several rounds. This process is known as which of the following?
Key stretching
A user purchased a wireless router for their home. After pressing the WPS (Wi-Fi Protected Setup) button, the user was not able to connect a laptop to the wireless router. Which of the following is a reason the laptop was unable to connect, and what is an alternative method for establishing a connection? (Select 2)
Laptop is not WPS compatible. Enter PIN manually
A company implements a secure system design for a large accounting firm. The administrator deploys the system, using only services and protocols necessary to the company. What principle did the administrator execute?
Least functionality
An incident has recently occurred at a medium sized business. An employee is suspected of leaking information online. As a result of the investigation, the employee's computer has been secured as evidence by authorities. Identify the term that describes this type of action.
Legal hold
An organization needs to maintain a threat assessment. Analyze the following scenarios and select which best represents an environmental incident.
Local businesses are impacted after an aging utility pole has collapsed, bringing down communication lines.
A systems administrator is assigning accounts to roles in the Active Directory and must determine where to place accounts using group-based access control. Which of the following is NOT an Active Directory group scope the systems administrator should use for categorization?
Local groups
An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would prevent this type of network disruption? (Select 2)
Locate the offending radio source and disable it, & Boost the signal of the legitimate equipment.
A company uses a server farm for day-to-day business. To ensure the security of the server, the CIO needs them to remain secured and only removed when outdated. What is the best security implementation? (3.9 Explain the importance of physical security controls.)
Locking cabinets
A large part of accounting involves automatic logging actions. What purpose does logging serve? (Select 2)
Logging accounts for all actions performed by users. & The logs can detect intrusions or attempted intrusions.
An IT security expert is reviewing security settings for systems and devices. In order to gain insight on daily activities, which settings should be verified?
Logs
Security is one of the main concerns for any company's IT infrastructure. When a trigger happens, a system administrator receives an alert or alarm notification. What does this allow the administrator to evaluate, as a means to identify and troubleshoot the issue?
Logs and events anomalies
Developers are creating an encrypted service for a private company to secure video-conference meetings. As developers are creating the code, they are thinking about reducing the processing overhead from end to end. Why is this process important to consider?
Low latency uses
Which of the following algorithms are irreversible and will output a set length of characters and numbers? (Select 2)
MD5, SHA
Checks and balances are often used to assess critical systems or procedures at risk of compromise by insider threats. Which policies are helpful when implementing such a program? (Choose 2)
Mandatory vacations, Job rotation
An accounts manager performing an end-of-year audit discovers many users at a small security firm have not changed their passwords in over a year. After analyzing the company's password management policy, the accounts manager notes deficiencies and submits a report. Which of these deficiencies in policy should the report highlight?
Maximum password age rules
A critical server experienced a severe crash. In order to restore the system, a backup set is utilized. The last backup was 18 hours prior to the crash, which is 6 hours longer than the company can afford to lose data. IT estimates it will take approximately 4 hours to bring systems back online. When reporting the situation to managament, what value does the 4 hours represent?
Mean Time to Repair (MTTR)
A hard disk in a Redundant Array of Independent Disks (RAID) array has failed. This RAID array is installed in a critical server system. Currently the system is operational, however, another failed disk will cause system downtime. Manangement is requesting information regarding fully restoring the system. Which Key Performance Indicator (KPI) should be calculated to evaluate the data?
Mean Time to Repair (MTTR)
A lone server in an organization has crashed, and efforts to restore the system from a backup set is taking place. The last backup was 10 hours prior to the crash, which is 2 hours longer than the company can afford to lose data. The IT administrator estimates it will take approximately 3 hours to bring the server back online. When reporting the situation to the CEO, what value does the 3 hours represent?
Mean Time to Repair (MTTR)
A systems engineer is recovering a system from a catastrophe. A network server crashed and data has been corrupted. During troubleshooting, the engineer discovered a faulty memory module failed while a database was opened. A plan is developed to replace the memory module and restore from a backup. What metric can be implemented to best report downtime to management while replacing the server memory?
Mean Time to Repair (MTTR)
A systems engineer is recovering a system from a crash. Data on a network has been corrupted. It was determined during troubleshooting that a faulty hard drive was to blame. A spare hard drive will be used to replace the failed drive. Afterwards, a plan is developed to restore from a backup. What metric can be implemented to best represent downtime to management while replacing the server hard drive?CORRECT ANSWER:.
Mean Time to Repair (MTTR)
When a user no longer requires access to a given resource, or the user no longer works within the organization, which process should the accounts manager initiate in order to properly secure the system against the possible threat posed by the employee's departure?
Offboarding
A system has several security controls in place. As a result, users are reporting that systems impact and usability is being impacted. Which control configuration should be evaluated before configuration?
Network logs
Implementing security controls can help harden a system. When doing so, the control configuration needs to consider systems impact and usability. Determine which control configuration should be evaluated before beginning configuration.
Network logs
A systems administrator is developing the organization's standard naming conventions. When considering naming user accounts, why is it important for the administrator to avoid using nicknames or common words? (4.4 Given a scenario, differentiate common account management practices.)
Nicknames and common words anonymize users
A custom suite of in-house applications use a variety of encryption methods to process, send, audit, and archive data. Many use various symmetric and key pair encryptions to authenticate messages and ensure the integrity of those messages. Which of the following would be a benefit of using these encryption methods?
No single point of failure
A popular entertainment company is onboarding a new employee. Preliminary interview steps and due diligence has been completed. Internal security is of high importance, so all documentation for the formal employment process is being prepared. In implementing the process, which solution should be used to assist with internal security issues?
Non-Disclosure Agreement (NDA)
A company stages its computing power in a centralized environment. All workstations run off of one desktop hosted in the data center. When the admin makes changes at individual workstations, the changes only get saved locally, until a user signs off, and the system then reverts back to the previous state. What technology does this represent?
Non-persistent VDE
A risk assessment at a corporation revealed that internal processes did not follow published standards. However, the custom processes in place did follow industry best practices. Which of the following frameworks does the corporation practice?
Non-regulatory
Analyze and select the statements that accurately distinguish the differences between Mean Time to Failure (MTTF) and Mean Time Between Failures (MTBF)? (Select 2)
Non-repairable assets use an Mean Time to Failure (MTTF), while an Mean Time Between Failures (MTBF) would describe a server. & The Mean Time Between Failures (MTBF) and Mean Time to Failure (MTTF) calculations are different for the same tests.
Analyze the following statements and select the statement accurately describing the difference between OAuth and OpenID Connect (OIDC).
OAuth provides authorization services only, while OpenID Connect (OIDC) provides federated authentication
What is the primary difference between OAuth and OpenID Connect (OIDC)?
OAuth provides authorization services only, while OpenID Connect (OIDC) provides federated authentication
A security engineer performed a few auditing tasks and began checking the status of a couple web server certificates. One of the certificate statuses returned with an "unknown", and the other status with "good". Evaluate and determine what the engineer utilized in this case. (6.4 Given a scenario, implement public key infrastructure)
OCSP
A hacker obtained the 24-bit prefix of several network interface MAC (media access control) addresses. From this information, the hacker notated that the target company has Cisco and Dell devices. What type of attack technique did the hacker use?
OUI grabbing (capturing the information provided by banners)
A backup scheme at an organization was found to be faulty. After a system crashed, the backup sets of the system were corrupt. As a last chance effort to restore the system, a redundant backup was used. Evaluate the backup options and conclude which solution was executed.
Offsite
An organization implements a new backup scheme. The backup includes daily backups to ensure any changes are captured. The organization would like to implement redundancy into the scheme. Evaluate the backup options and select the best solution for implementation.
Offsite
IT (Information Technology) management considers raising the standards of network security. They would like to improve security at the end points. Zero day attacks are a concern, therefore, a solution that examines processes is the main focus. The solution should be transparent to the user. Which of the following would an ISSO (Information System Security Officer) suggest to meet management's vision? (Select two)
On-access virus scanner, & Intrusion prevention system
A company's data loss prevention (DLP) system's setup blocks the transferring of proprietary company information to all, but which of the following?
One Drive
A company has a two-level Certificate Authority (CA) hierarchy. One of the CA servers is offline, while the others are online. What is the difference and benefit to both power states? (Select 2)
Online root adds CA. Online CA publishes CRL.
Risks can occur when using Wi-Fi from users connecting to certain access points. Which of the following illustrate this? (Select 2)
Open access, & Rogue Access
A system breached earlier in the morning at an insurance firm has been investigated by local IT personnel. Documented steps taken included a virus scan followed by a reboot of the system. Consider proper forensic and investigative protocols to conclude what has been highly compromised.
Order of volatility
The company's current network utilizes EAP-TTLS (EAP-Tunneled TLS) for supplicant clients connecting to the network. Newer model devices and systems are deployed on the network and are not compatible with EAP-TTLS. These systems require MS-CHAPv2 for authentication. Which of the following options will support these new systems?
PEAP
A regular user created a private/public key pair. The public key is shared through a public key repository that the user's contacts can use to send and receive encrypted emails. Which of the following standards is most likely making this possible for the users?
PGP
Employees are asking a system administrator about an external solution for a group of users to use outside of the office in order to send encrypted emails to each other. The employees are also looking for something that supports non-repudiation. Which of the following standards would the administrator most likely suggest for use?
PGP
A game developer is creating a code requiring a random set of numbers. Which of the following will satisfy the required task?
PRNG
A company would like to implement a cloud model that provides a preconfigured service, availability and on-demand computing. The company plans to maintain security and configuration of the system. Which is the most appropriate solution for the company?
PaaS
A large firm requires additional cloud services during busy sales periods. These services include servers, storage, and databases to build a platform upon. Which service type is the most appropriate solution for the company?
PaaS
Which of the following will most likely cause false positives? (Select 2)
Passive & Port scanning
security admin at new company proposes use of vulnerability scanners 2 find common targets. admin suggests method less bandwidth on network & doesnt need direct/privileged access. What type scanning? (Select 2) ***
Passive scanning, & Non-credentialed scanning
An attacker sniffs network traffic to identify devices communicating on a network, their ports and vulnerabilities. What type of scanning technique did the attacker perform?
Passive test routines
Analyze the following authentication protocols and determine which provides the weakest form of authentication.
Password Authentication Protocol (PAP)
A large accounting firm borrowed a password policy from another company's website to use within their organization. The account manager recommended reworking all of the following policies EXCEPT?
Passwords cannot contain the username in any configuration
A large company recently reviewed their password management policy and published several updated policies. Upon review, all of these policies are problematic EXCEPT?
Passwords cannot contain the username in any configuration
An employee has an urgent deadline to meet, but does not have the appropriate software on the system for the task. The employee does not want to go through the process of getting the software approved, and downloads it onto the computer. The IT department finds the unauthorized software on the computer and begins an investigation on how the employee could install the software. Evaluate the statements and select the actions the IT department must perform to prevent future unauthorized software downloads. (Select 3)
Place the host system and software in a sandbox before analyzing its running state. Check event logs and browsing history. & Verify user privileges and access controls on the host system.
A security clearance firm is developing an incident response plan for an organization. All technical security controls have been outlined. Now, the firm needs to establish high-level guidelines for handling an incident. Evaluate and select the appropriate guideline items. (Choose 2)
Policies and procedures, Personnel and resources
A company is in the preparation phase of implementing an incident response plan. All technical security controls are in place. Now, the company needs to establish guidelines for handling an incident. Evaluate and select the appropriate guideline items. (Choose 2)
Policies and procedures, Personnel and resources.
Many potential threats face the security of smart devices, such as web application and network attacks. Which of the following explains why the devices can have these types of vulnerabilities? (Select 3)
Poor documentation of security features, Inadequate vendor patch management, & Inadequate vendor security response processes
A buffer overflow occurred in an application, exposing system resources and allowing an attacker to inject malicious code. The ability for this to happen is a direct result of which of the following secure coding principles?
Poor memory management
A system administrator configures a switch, sending a copy of all network traffic to an area where admin can analyze it. What should the administrator implement?
Port mirror
system admin updates multiple laptops, with Windows OS over Internet during opening hours. laptops plug into network ports on wall. After 4th laptop, port no longer works. admin plugs in another laptop & port still doesnt work. What may be the cause of this? ***
Port security
A company processes sensitive data for a credit card company. Employees use email to transmit communications regarding account information. The system administrator applies additional security measures to ensure confidentiality and data loss prevention. Which options will work in this scenario?
Privacy screens, Mail gateway
Historically, signatures have been used to prove the identity of a document's signer. In order to make forging attempts less successful, which added layer of security is provided by signature recognition technology?
Pressure and stroke sensitivity
Several web servers deploy at the company's DMZ (demilitarized zone). Customers can access their accounts, and other product and service information from these web servers. A system administrator suggests deploying a web application firewall in front of these web servers. What may be the reasons for this? (Select two)
Prevent DoS attacks, & Prevent SQL injections
A user reported the system being taken over for a few minutes (remotely) before deciding to power off the workstation. After reviewing the NIDS (Network Intrusion Detection System) during the time of the incident, there was no indication of unauthorized remote connections. What would be the benefits of installing a HIPS (Host Intrusion Prevention System) at the end points? (Select two)
Prevent malicious traffic between VMs, & Protection from zero day attacks
A human resources computer system was hacked. Investigators discovered that the breach began as an inside job with a stolen password. Analyze the situation and determine which security control type failed.
Preventive
A new locking cabinet has been installed in the computer room to hold extra flash drives and other supplies. Which type of security control has been configured?
Preventive
Server systems breached at a large business were protected by several security controls. Investigators discovered the breach began as an inside job where the employee broke and entered into the secure area. Analyze the situation and determine which security control type failed.
Preventive
Which of the following defines a detailed study to assess the risks associated with storing, processing, and disclosing Personally Identifiable Information (PII)?
Privacy Impact Assessment (PIA)
Which study aims to identify vulnerabilities that may lead to the data breach of personal information and to evaluate controls mitigating those risks?
Privacy Impact Assessment (PIA)
A system holding Personally Identifiable Information (PII) has been through an initial security audit. The results have determined the need to perform further analysis as the next step to assessing potential risks. Which type of audit has the system successfully completed?
Privacy Threshold Analysis (PTA
Organizations should perform audits regularly to assess whether any Personally Identifiable Information (PII) data is processed securely. If an organization is storing PII data, and controls need to be investigated, which audit type should be implemented first?
Privacy Threshold Analysis (PTA)
A large organization has just hired a new employee to oversee compliance of data with regulatory frameworks. One of the immediate tasks assigned to the new employee is to ensure data rention is in accorance with regulations. Which role accurately defines the new employee's responsibilities within the company?
Privacy officer
A hardware manufacturer is developing a new USB device for biometric authentication. Employees curious about the project have used the device early under a "use at your own risk" agreement. As a result, some employees have experienced a faulty USB port. Consider how employees have been impacted by the devices to determine which option applies best to this situation.
Property
A company is very protective of its intellectual material. As a result, a dedicated server is put into place, containing related highly sensitive data. The fear of a breach by a curious public or competitors is an ongoing concern. Apply knowledge of data types and labels and select which type the company is protecting.
Proprietary
In an effort to rebrand itself, a company developed a new logo, mascot, and other materials. A file share is in place, containing this highly sensitive data. The fear of a breach by a curious public or competitors is an ongoing concern. Apply knowledge of data types and labels and select which type the company is protecting.
Proprietary
An organization handles different sets of sensitive data. The data is gathered and categorized in three different ways; associated, anonymized, and de-identified. As a result, the organization is developing three different data management processes. Compare features of sensitive data and select which type is characterized by these categories.CORRECT ANSWER:Protected Health Information (PHI)see more
Protected Health Information (PHI)
An organization handles various sets of sensitive data used in a variety of ways. For example, data that is categorized as de-identified is evaluated without subject information. This data contains codes, allowing the subject information to be reconstructed by the data provider, if required. Compare the characteristics of sensitive data to determine which type is being evaluated in this situation.
Protected Health Information (PHI).
Management received a report from the ISSO (Information System Security Officer) about malicious network traffic going in and out of specific ports on the file server. Findings showed encrypted packets using SSL (Security Sockets Layer). Management asked about the IP addresses for the destinations and sources. Which of the following tools or applications would easily provide the information requested by management?
Protocol analyzer
Apple developed an application that allows users to pay for items as they would with their debit card. The application can only run on Apple devices, with an iOS of 10 or greater. What process is this?
Provisioning
A fence surrounds a restricted area on a company facility, limiting access to the facility. Authorized personnel must be able to access the building without creating a bottleneck in traffic flow at the entry control point, yet interlopers must not be able to enter the secure facility. Analyze the scenario and select the most ideal physical access control mechanism for implementation.
Proximity card reader at entry control point
A company wants to install a network appliance that improves performance and restricts user access to certain websites by filtering. What should the system administrator implement? ~
Proxy
An appliance caches web content to increase performance and acts on behalf of another service. It examines the data and makes rule-based decisions about whether the request should be forwarded or refused. Which type of device is this considered?
Proxy
Which Redundant Array of Inexpensive Disks (RAID) combines mirroring and striping and is the better option for mission critical applications?
RAID-10
Which of the following statements about DES (Data Encryption Standard), RC4 (Arcfour), Blowfish, or Twofish is true?
RC4 is a stream cipher.
The web server would create a Certificate Signing Request (CSR) to create a public and private key for a web server. The certificate will provide secure communication between client browsers and the web server using Secure Sockets Layer (SSL). Which of the following would be the preferred cipher to use and represent a key strength in this scenario? (Select 2)
RC4, 128-bit
A message application performs checks for message integrity. As the message reaches its destination, it requires implementation of an authentication mechanism. The current MD5 hashing algorithm is insufficient for this task. Which of the following would best fit this criteria? (Select 4)
RIPEMD, SHA-1, SHA-2, HMAC
A software developer created a simple application to verify message integrity. Due to the sensitivity of the message traffic, it requires an alternative method to verify both authenticity and message integrity. Which of the following would best fit this criteria? (Select 4)
RIPEMD, SHA-1, SHA-2, HMAC
Which of the following use asymmetric algorithms? (Select 2)
RSA, DSA
Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?
Rainbow table attacks
A user's device does not make a direct cabled connection to the network. Instead, the connection occurs over or through an intermediate network. Describe this type of connection.
Remote access
A stolen mobile phone contains sensitive information. The owner reports the theft to the security manager, who reset the phone to factory defaults. Compare the following mobile access control systems to conclude which action the security manager executed.
Remote wipe
An employee leaves a company mobile device at the airport, which contained sensitive data. As a precaution, backup of the device secured the sensitive data. What other procedure should the company do to ensure the data is inaccessible? (2.5 Given a scenario, deploy mobile devices securely)
Remote wipe
What type of attacks do Kerberos authentication protect against? (Select 2)
Replay attacks, Man-in-the-middle attacks
An employee has noticed private company information online while browsing social media. What measure should be implemented to address this observation?
Reporting requirements
There is suspicion of data theft from an internal sources within a company. What process will this possibility most likely trigger?
Reporting requirements
A hardware manufacturer has designed a smart-device for consumers to use at home. The device reponds to voice commands and has interactivity with a mobile application. It was discovered after several months on the market that the device collected personal data without consent. Sales of the device has since been negatively impacted. As a result of the privacy issue, lost sales, and bad product reviews, how has the manufacturer been impacted? (5.2 Summarize business impact analysis concepts.)
Reputation
Which of the following are components of a key stretching process? (Select 2)
Salt, Secure Hash Algorithm (SHA)
A security assessment team member found new vulnerabilities in a production application. The security assessment team needs to apply updates and test their effectiveness before pushing the patches to production. Which environment will best complete the application and testing of these patches?
Sandbox
In a secure deployment methodology, which environment most commonly uses code development and testing ?
Sandbox
An organization's security policy requires employees to authenticate to the network using a two-factor authentication and behavioral recognition. Evaluate which of the following methods utilizes both behavioral recognition and two-factor authentication.
Saying a passphrase and entering a passcode at a user terminal
A growing number of unauthorized incidents occurred in a company. Video surveillance revealed shoulder surfing as the root cause. What can the company implement for added security?
Screen filter
In analyzing the different ways of security control, which method requires the user to enter a code into the mobile device to gain access?
Screen lock
The company policy requires secured smartphones, to protect them from unauthorized access, in case they are lost or stolen. In order to prevent someone from accessing a smartphone, what type of security control should admin utilize?
Screen lock
Over the years, many well-known but deprecated cipher algorithms have been developed. For example, DES (Data Encryption Standard) is a block cipher developed in the 1970s and was improved (because of certain flaws) with the development of 3DES (Triple DES). Why are some cipher algorithms not improved upon, or developed further?
Secret algorithms
As a system starts up, files get checked against a list of stored signatures within a trusted platform module (TPM). This process ensures that no alterations occurred to the files. If it did occur, then the system will not continue to start, to protect the data on the drive. Identify this process.
Secure boot
When implementing security measures as a way to provide protection for computer systems and reduce the possibility of vulnerabilities and attacks, which of the following occurs?
Secure configuration of systems
A routine analysis of technical security controls at an organization prompts a need for change. One such change is the addition of Network Intrusion Detection System (NIDS) technology. A firewall that supports this function is on order. Considering how the organization will implement NIDS, what other technology completes the solution?
Sensors
Multiple users have called the help desk to report bandwidth issues. As a result, the technician performs a usage audit, and finds an anomalous log entry consistent with excessive bandwidth consumption. What should the technician look for to explain the extra network traffic?
Spread of malware or exfiltration of data
IT installed a new line of business system that will be used for daily operations by all departments. In cooperation with IT, Human Resources has scheduled systems training for all users. Key users will be given special training as part of a security and risk management plan that will focus on daily management of the system. Which area of training would most benefit these users?
Standard operating procedures
A system engineer sets up a firewall to hide internal computers from the public internet. The engineer applies a single IP address approach for mapping each computer. Which of the following did the engineer create? ~
Static NAT
A test manager would like to perform tests on the source code of an application without executing the code. What code testing method will the manager use?
Static code analyzer
Developers at a software company created an automated software application delivery workflow. Part of the workflow performs source code tests without the need to execute the application. Which part of the workflow implemented the code testing method?
Static code analyzer
Many potential threats face medical devices that have embedded systems installed within them. Which of the following is NOT one of these vulnerabilities?
Stealing data from a "black box" event data recorder.
Which of the following is NOT a potential threat or vulnerability for medical device embedded systems?
Stealing data from a "black box" event data recorder.
The company has a DLP or data loss prevention system integrated into several Enterprise services, including email. Security administrators identified some information leakage from insider threats, using a series of pictures attached to emails. Which of the following leaked the information?
Steganography
A major power incident has impacted a local transportation company and all systems have powered off. While the IT department is waiting for the power to be restored, they have been reviewing the situation and creating an order of restoration plan. Evaluate the following options and select the plan that would best follow standard guidelines.
Step 1, Enable and test power. Step 2, Enable and test infrastructure. Step 3, Enable and test critical network servers
An IT security team performed a mock training exercise. The exercise illustrated the need for proper recovery procedures after an incident, including the order of restoration. When evaluating the proper order, which sets of devices or services represent a correct approach? (Choose 2)
Step 1, Enable and test power. Step 2, Enable and test infrastructure. Step 3, Enable and test critical network servers
HMAC-Based One-time Password Algorithm (HOTP) and Time-Based One-time Password Algorithm (TOTP) both provide the user with a logical token for authentication. TOTP addresses one of the primary vulnerabilities of HOTP with timestamping, what other vulnerabilities do both methods still share? (Select 2)
Susceptibility to interception, Device synchronization errors
Severe weather recently caused a power outage at a small company. When the power was restored, a Jr. Level Systems administrator brought all systems back online. Users, however, immediately began reporting issues. The Jr. Systems Administrator admitted to not having an order of restoration plan, resulting in difficulties resetting the systems. Evaluate the following options and select a plan that the administrator should have followed to correctly complete the task.
Step 1, Enable and test power. Step 2, Enable and test infrastructure. Step 3, Enable and test critical network servers
The order of restoration prioritizes and identifies the order for bringing devices and services online after an incident. When evaluating the proper order, which sets of devices or services represent a correct approach? (Choose 2)
Step 1, Enable and test power. Step 2, Enable and test infrastructure. Step 3, Enable and test critical network servers
A performance engineer simulates 200 concurrent users performing an action on an application. The engineer has an objective of 250 concurrent users. What evaluation method does the engineer carry out?
Stress testing
IT personnel installed a new Line of Business (LOB) application at an organization. Stability analysis occurred before placing the system in a live environment. What evaluation method did IT carry out on the system?
Stress testing
Attribute-Based Access Control (ABAC) is the most fine-grained access control model, with the ability to make access decisions based on which of the following? (Select 4)
Subject attributes, Object attributes, Context-sensitive attributes, System-wide attributes
A functional analyst would like to implement a new requirement to a system. What standard best practice should the analyst complete first?
Submit the request through the change management process
The ciphertext "Uryyb Jbeyq" means "Hello World". What type of obfuscation technique does this represent, and what is the name of the type of cipher used? (Select 2) (6.2 Explain cryptography algorithms and their basic characteristics.)
Substitution cipher, ROT13
HMAC-Based One-time Password Algorithm (HOTP) and Time-Based One-time Password Algorithm (TOTP) allow users to authenticate using a logical token. Although both are considered secure, what vulnerabilities do these algorithms still possess? (Select 2)
Susceptibility to interception, Device synchronization errors
A network administrator establishes a Remote Authentication Dial-In User Service (RADIUS) authentication under the Server Manager tool menu on an organization's server to set up a remote access control point for a widely disbursed network of users. Users must be able to access the network securely. The server requires a shared secret for authentication to facilitate secure access. How is this secret (password) derived?
The administrator setting up the RADIUS client manually enters and confirms the password
A hacker plans to eavesdrop on a network from a remote location. Multiple rods make up the tool of choice. The tool will point to the target to gather traffic. Which of the following devices will the hacker most likely use?
Yagi
A hacker successfully used social engineering to get into the email accounts of a director of a secure government agency, which gave the hacker access to highly sensitive military documents and intelligence operations of a couple of foreign countries. The hacker called the director's mobile phone company and persuaded the customer service representative to reveal information about the director. The hacker then called the director's Internet service company, and was able to change security questions and numbers, to gain access to many other accounts. What is this type of social engineering called?
Vishing
Image acquisition is the process of obtaining a forensically clean copy of data from a device held as evidence. Which types of storage should be carefully imaged in an investigation? (Choose 2)
Volatile, Non-volatile
While assisting a customer over the phone to connect a laptop to a new wireless router, the user suddenly reports it is connected. Upon further inquiry into how the connection occurred, the user stated they pushed a circular button. Analyze the situation and determine which button was pressed, and how it functions. (Select 2)
WPS, 8-character PIN
company has backup schedules, running fullback up every Friday & incrementals on other days of week. Mgmt integrates plan 2 recover services, in event of disaster. Which of following types of recovery sites work with company's current configuration? ***
Warm site
Which life cycle model ensures a phase of development gets completed before another can proceed?
Waterfall
A company deploys a (Secure Sockets Layer) SSL decryptor at the edge of the network, to ensure the network traffic utilizes encryption appropriately. It will also integrate with other security appliances and services. What are the pros and/or cons of utilizing this device? (Select two)
Weak cipher suites are not allowed A single point of failure
Many breaches have taken place in recent years. Assess what kind of vulnerabilities may have caused these breaches.
Weak or misconfigured security configurations
A System on a Chip (SoC) is an embedded system that integrates all components of a computer on a circuit. These systems pose a risk of data loss on which of the following devices?
Wearable technology
A new web server and Structured Query Language (SQL) database deploys. An administrator performs random tests, such as Cross-Site Scripting (XSS) attacks and SQL injection. What is the administrator most likely testing against?
Web application firewall
Additional software installation on a client or server beyond its baseline, requires the use of execution control. What execution control applications prevent the use of unauthorized software? (Select two)
Whitelist, & Blacklist
A company set up controls to allow only a specific set of software and tools to install on workstations. A user navigates to a software library to make a selection. What type of method prevents installation of software that is not a part of a library known as?
Whitelisting
A system admin is tasked to create 20 new certificates to accommodate web and file servers in different subdomains. This will cause a decrease in management overhead in the future, especially with plans to expand services in different branch locations. Which of the following type of certificates is most effective in alleviating management overhead in this scenario?
Wildcard
What type of certificate is issued to *.google.com?
Wildcard
An administrator tries to remotely access a virtual Windows 2016 server, but the connection fails. The admin pings the server and there is no packet loss. Regular services, such as file shares, still work for users. Which of the following is most likely causing the connection failures?
Windows Firewall
Disposing of old storage media is the responsibility of IT personnel. There are currently several old hard disk drives ready to be discarded. After evaluating the available methods, which is the most cost effective solution that requires the least interaction?
Wiping
A new network infrastructure allows users to carry mobile devices freely in the workspace, with fast-roaming technology. What network architecture zone does this suggest?
Wireless
Employees are able to use their laptops freely throughout the building of a company without service interruption. What network architecture zone does this suggest?
Wireless
To provide accessibility to the company network in approved areas, an administrator moves an antenna to a central location of the building. This movement also ensures that outside use of the authorized area is not attainable. What topology is the company using? (3.2 Given a scenario, implement secure network architecture concepts.) ~
Wireless
A security administrator prepares to eavesdrop on the network and determine if there are any open ports. The admin will analyze the ports to determine if they are legitimate connections and if they should be open. Which tool will the admin most likely use?
Wireshark
admin noticed flood network packets coming in2 file server. After closing open port experiencing excess traffic, rebooted server. checked server & no longer sent flood packets 2 same port. Which of following tools did admin use 2 troubleshoot issue? ***
Wireshark
system admin responded to issue on server where Windows file replication dropped packets. Using app tools, packets reaching network adapter, but replication service drops. admin could ping server with no issues, & antivirus didnt reveal malicious software on server. Which of following tools would admin use next to resolve issue? ***
Wireshark
As a result of a failed RAID array, the system has crashed at a local business. The onsite IT professional is recovering data from a backup set and estimates a recovery to take 4 hours. Once the backup has been completed, the system will need some configuration that is not included in the backup. Which metric is assigned when calculating the time required for the configuration?
Work Recovery Time (WRT)
Management wants to see a graphical view of the company's network and endpoints. This information will help to determine any rogue devices on the network. Which of the following tools will be most effective in providing the right information?
Zenmap
Network administrators look for ways to map out their network to find rogue devices. The admins would prefer a solution with a UI or user interface to manage and view the map. Which of the following tools and features will provide a useful report of devices on the network? (Select more than one)
Zenmap, & --traceroute
Continuity of Operations (COOP) and Disaster Recovery Planning (DRP) are process that need to be reflected upon routinely. Doing so allows review and improvement of processes. Consider how processes are put in place and how they are executed and evaluate the best time to execute improvement.
after-action report
And admin wants to quickly asses the open ports of a Windows server. Which command will provide the admin with the right information?
netstat
An attacker performed a Distributed Denial of Service (DDoS) attack by compromising multiple zombie (agent) PCs with DoS tools. What is the control program that enables the attacker to exploit these computers to perform the DDoS attack?
A bot
To automate and simplify the setup process of adding a wireless network, a homeowner installed a wireless access point capable of Wi-Fi Protected Setup (WPS) with an eight-character Personal Identification Number (PIN). What type of attack can a hacker perform to exploit this vulnerability?
A brute force attack
A penetration tester cracked a company's Wired Equivalent Privacy (WEP) access point (AP) by making the AP generate a large amount of initialization vector (IV) packets, by replaying Address Resolution Protocol (ARP) packets at it. What type of attack did the pen tester use to crack the AP?
A replay attack
A security analyst's scans and network logs show that unauthorized devices are connecting to the network. After tracing this down, the analyst discovered a tethered smartphone creating a backdoor to gain access to the network. Which of the following describes this device?
A rogue access point (AP)
no specific target in mind & without reasonable goal, attacker launched unstructured phishing attack with attachment of replicating computer worm. If attacker didn't fully understand how malware worked, & just wanted attention, what classification of threat actor is this person?
A script kiddie
registry has code library added to it, includes files to system folder, can intercept and redirect calls to enable legacy mode functionality. way that malware, with local admin privileges, can run on reboot. Which of the following represents this code library?
A shim
An attacker exploited a vulnerability on a website frequently visited by a group of bank employees. Once the employees visit the site, the attacker's malware infects their computers. What type of attack did the employees fall for?
A watering hole attack
To crack a Wired Equivalent Privacy (WEP) access point (AP) by making the AP generate lots of initializaiton vector (IV) packets, which of the following type of packets does the attacker generate?
Address Resolution Protocol (ARP) packets
Which of the following attacks would allow an attacker to sniff all traffic on a switched network?
Address Resolution Protocol (ARP) poisoning
social engineer, after performing reconnaissance on victim, spoofed phone # of doctor's office. Posing as receptionist, attacker called victim, and requested victim's Social Security Number (SSN). What type of social engineering attack did the social engineer exercise?
Authority
An attacker came within close proximity of a victim and sent the mobile device user spam of an unsolicited text message. Once the user clicked the link in the message, the user's device was infected with Trojan malware. What type of attack did the hacker most likely infect the mobile user with?
Bluejacking
An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. Which of the following attacks is the mobile device vulnerable to?
Bluesnarfing (hacker must have special equipment to increase the range of the paired phone, so it can attack phones far away. w/o equip=30 ft away)
used vishing & polite behavior to persuade target to visit fake website with fake reviews. attacker then persuaded victim to enter personally identifiable information in web form. Which of the following did the attacker use to make the site appear more legitimate? (Select 2)
Consensus/social proof, & Familiarity/liking (1.2 Compare and contrast types of attacks.)
Which of the following social engineering techniques has less of a chance of arousing suspicion and getting caught? (Select 2)
Familiarity, & Liking
Which of the following penetration steps should a tester perform after obtaining a persistent foothold on the network and internal reconnaissance?
Obtain a pivot point
A security engineer implemented once-only tokens and timestamping sessions. What type of attacks can this type of security prevent? (Select 2)
Pass-the-hash, & Replay attacks
What type of pen test allows the tester to use default credentials to log into the system, after discovering a vulnerability on a server?
Passive reconnaissance
Which of the following penetration steps should a tester perform before internal reconnaissance?
Persistence
Through what method can malware evade antivirus software detection so that the software no longer identifies the malware by its signature?
Refactoring
A script kiddie installed a backdoor on a victim's computer that enabled the attacker to remotely access the PC, upload files, and install software on it. What kind of malware did the script kiddie install?
Remote Access Trojan (RAT)
attacker used social engineering to convince the victim to install a malicious program disguised as a driver update. The backdoor software allowed the attacker to remotely access the victim's PC, upload files, and install software on it. What type of malicious software does this describe? (1.0 Threats, Attacks and Vulnerabilities)
Remote Access Trojan (RAT)
cybersecurity received alerts about browser pop-ups. analysts discovered sites redirecting to malicious websites due to modified DNS (Domain Name System) queries. What did the computers most likely get infected with?
Spyware
An attacker gathered Open Source Intelligence (OSINT) about a company through the internet, then contacted employees of the company and used the information gathered to extract more personally identifiable information (PII). Which of the following describes this type of social engineering attack?
Trust
An attacker bought a domain similar to the domain name of a legitimate company. The attacker then used the fake domain to host malware and launch pharming attacks. Which of the following did the attacker use?
URL Hijacking