Security+ Practice Exam 3
Your company is looking for a secure backup tool for key storage in a PKI. Which one would you recommend? A.CSR B.Key escrow C.CRL D.CA
B. Key escrow Explanation Key escrow is a secure key storage tool. CSR is a certificate signing request, CRL is a certificate revocation list, and CA is a certificate authority, so these three do not apply.
As the network administrator, you are tasked with adding new employees to the identity and access management system. Which of the following best describes this process? A.Onboarding B.Offboarding C.Adverse action D.Job rotation
A. Onboarding Explanation Onboarding is the process of adding new employees to the identity and access management system. Offboarding is removal, adverse action are administrative actions following a negative satiation, and job rotation is unrelated to this given scenario.
You have an asset valued at $16,000. The exposure factor of a risk affecting that asset is 35%. The annualized rate of occurrence is 75%. What is the SLE? A.$5,600 B.$5,000 C.$4,200 D.$3,000
A. $5,600 Explanation The SLE is the product of the value (16k) and the EF (.35) or 5600. All other options do not apply because they do not represent single loss expectancy.
Of the following, which is a symmetric encryption algorithm that works with 128/192/256bit key versions? A.AES B.DES C.RSA D.TKIP
A. AES Explanation AES works with 128/192 and 256 bits. All other options are incorrect
A retina scanner is what kind of authentication method? A.Biometric authentication B.One-time password authentication C.Multi factor authentication D.PAP Authentication
A. Biometric authentication Explanation For the exam, you need to know the different categories of authentication and what type of authentication methods belong to each category. A retina scan is categorized as biometric authentication. Biometric authentications include any authentication system that relies on one or more physical characteristics of a person for authentication.
Nicole noticed when she's in a crowded area, she gets a stream of unwanted texts. They end when she leaves the area. What is the attack just described? A.Bluejacking B.Bluesnarfing C.Evil twin D.Rogue access point
A. Bluejacking Explanation Bluejacking is when someone sends messages to a Bluetooth device when they are in range. Bluesnarfing is pulling data FROM Bluetooth devices and evil twin and rouge access points do not flow with this scenario.
Sheila is the security administrator for a company where most employees use handheld devices such as smartphones and tablets. The employees would like to use the devices for work and home as well. Which of the following is the most secure solution? A.COPE B.CTOD C.Geotagging D.BYOD
A. COPE Explanation The most secure solution to provide would be COPE (corporate owned, personally enabled). The company owns this equipment and provides it to the employees for them to use, so they retain full control over security, such as unlocking carriers, disabling microphones, preventing ad-hoc networks, etc. CYOD would have employees choose their own device from a list of devices, but it is still an employee-owned and employee-controlled device. Geotagging is unrelated, and BYOD allows you to bring whatever you have to your corporate network which creates a major security risk to your company, even including possible data exfiltration.
Of the following choices, which item best shows the state of a computer at the time it was collected by law enforcement? A. Screeshots B. Identifications C.Tabletop exercise D. Generating hash values
A. Screenshot Explanation The screenshot is what will show the state of the computer at the time law enforcement collected it. Identification just identifies the information, tabletop exercises work through training before an implementation, and hash values ensure integrity.
You currently use a PKI (public key infrastructure) in your company to issue digital certificates to users. Recently, you've had temporary contractors for a project that is now complete, and management has asked that all digital certificates be revoked. Which PKI component should be consulted for the request? A.CA B. CRL C. RA D.CSR
A. CRL Explanation A CRL (certificate revocation list) would be the best resource consulted to see about the status of certain revoked digital certificates. A CRL is issued by a CRL issuer, which is typically the CA which also issued the corresponding certificates but could alternatively be some other trusted authority. The CA (certificate authority) issues the digital certificates, the RA (registered authority) forwards the responses to CA, and the CSR is a certified signing request.
Shelton is the manager at one of your local branch banks. He wants to ensure all customer information isn't compromised when the employees step away from their desks for a day. What would be used to mitigate this concern? A. Clean desk B.Background checks C.Continuing education D.Job rotation
A. Clean desk Explanation Clean desk policy would be used to mitigate this concern because it ensures all confidential documents should be removed from the workstation and locked up when not in use. Background checks do not apply, continuing education does not apply, and job rotation policy also does not apply to this current scenario.
Choose the type of attack that is based on entering fake information into a target network domain name server? A.DNS poisoning B.ARP poisoning C.Bluesnarfing D.Bluejacking
A. DNS Poisoning Explanation This is a prime example of DNS poisoning also known as domain hijacking. ARP poisoning involves altering IP tables and bluejacking and bluesnarfing are Bluetooth attacks.
As the security administrator, you advise the web development team to include a CAPTCHA on a webpage where users are able to register for an account. Which control is this referring to? A.Deterrent B.Detective C.Compensating D.Degaussing
A. Deterrent Explanation The control being referred to here is a deterrent control. Deterrent controls prevent bots from registering and assist with proving the person registering is real. Detective controls detect intrusions. Compensating controls satisfy security measures and Degaussing controls is not an industry term because degaussing is a method of removing data via a magnetic field.
You've noticed that someone has been rummaging through the company's trash bins looking for documents, diagrams, and other sensitive information that's been thrown out. What is this called? A. Dumpster diving B.Trash diving C.Social engineering D.Trash engineering
A. Dumpster diving Explanation Dumpster diving is the technical term for rummaging through trash. Nothing in this scenario describes social engineering and Trash diving and Trash engineering are not appropriate industry terms.
You manage the account access control and authorization at your work, a large college. There are approximately 30,000 students and 1,200 faculty/staff that you manage accounts for. Which of the following is the best access control/account management approach? A.Group-based B.Location-based C.MAC D.DAC
A. Group-based Explanation The best access control/account management implementation option would be group-based account control where users are placed in groups and permissions are applied to groups. Location-based isn't bad, but what if everybody from that location belongs in a different group (department, etc)? MAC is secure but very granular and not a great option for a large network and DAC isn't secure enough.
Jody is worried about disgruntled employees stealing company documents and exfiltrating them from the network. She's seeking a solution that will detect exfiltration and block it. What type of system is Jody seeking? A.IPS B.SIEM C. Honeypot D.Firewall
A. IPS Explanation Any of these systems will help with malicious activity but the IPS is an active device and will stop such intrusion should it be detected over the network using signatures and heuristics. SIEMs simply collect logs, Honeypots can trap malicious actors but don't stop the data exchange, and Firewalls can block traffic but this method of data transportation often seems legitimate so it's difficult for a firewall to block.
You have been tasked with doing a vulnerability assessment on a company's network and determine that they are using 802.1x for secured access. Which of the following can a threat actor use to bypass the current network security? A.MAC Spoofing B.ARP poisoning C.Ping of death D.Xmas attack
A. MAC Spoofing Explanation Threat actors can use MAC spoofing to bypass network security for authentication. ARP poisoning sends spoofed ARP messages over the LAN, ping of death is a DoS attack, and the Xmas attack doesn't apply.
While working through a malware outbreak, you discover something very odd on your company network. There's a file that has the same name as a Windows system DLL file and has the same API interface but handles the input very differently. It also looks like applications have been attaching to this file rather than the real system DLL. What best describes this? A.Shimming B.Trojan Horse C.Backdoor D.Refactoring
A. Shimming Explanation By definition, shimming is when an attacker places malware between an application and other files which intercepts the communication of the file. Trojan horses might be used to get into a system, but they don't apply here. Backdoor means the authorization was circumvented and direct access to the system was achieved and refactoring is a process of changing names of variables/functions in a program and doesn't apply here.
Jamie is worried that some users on her network could be accessing some files they don't have a reason to view, such as files not required for their job. Which of the following would best determine if this is happening? A.Usage audit and review B.Permission auditing and review C.Account maintenance D.Policy review
A. Usage and audit review Explanation Of all options, the best choice is to do a usage audit and review which would document how users actually use their account permissions. Permission auditing and review is good, but it doesn't show how permissions are used. Usage Account maintenance is part of an audit but doesn't address the issue in question and Policy review has nothing to do with this.
Kenny is responsible for data backups from all the company servers. Two major concerns are the frequency of backup and the security of the backup data. Which feature, would be the most important? A.Using data encryption B.Digitally signing the data C.Using the automated backup scheduling D.Hashing the backup data
A. Using data encryption Explanation It's important to remember that data encryption can only be decrypted by the person who encrypted the data or someone who has a "key" to decrypt the data. Remember, not all backup utilities encrypt the data. All other options are incorrect because digitally signing the data will not assist with what's needed nor will automate backup scheduling or hashing the backup data since those are what is being looked for.
Ricky is over WiFI security for his company. Which wireless security protocol below uses TKIP? A.WPA B.CCMP C.WEP D.WPA2
A. WPA Explanation WPA uses TKIP. CCMP uses WPA2 and AES. WEP uses RC4 and WPA2 uses CCMP.
Carolyn is the network administrator for a small financial services company and is responsible for controlling access to the resources on her network. Which technology is responsible for blocking access to a resource based on the requesting IP address? A.ACL B.NIPS C.HIPS D.Port blocking
A.ACL Explanation ACLs are lists of individuals who can access certain resources and using an IP address to allow/block requests is a common technique. ACLs are the easiest way to handle these tasks. NIPS, HIPS, and Port blocking are not part of access control.
Of the following cloud service models, which service gives the consumer the ability to use applications provided by the cloud service provider over the Internet? A.Saas B.PaaS C.IaaS D.CaaS
A.SaaS Explanation SaaS is software as a service which allows you to use applications provided by a third party. Platform as a service provides you with an operating system, infrastructure is a network infrastructure, and cloud as a service is cloud storage.
Caleb is installing an HVAC system in his data center and would like to know what this HVAC system will have the most impact on. Please choose from the following: A. Confidentiality B. Availability C.Fire suppressiong D.Monitoring access to the datacenter
B. Availability Explanation HVAC system has the most impact on availability. If it gets too hot, the systems will fail to run. HVAC systems have no effect on confidentiality, fire suppression, and/or monitoring access to the datacenter.
You've noticed when in a crowded area, data from your cell phone is stolen. When performing an investigation, you notice a Bluetooth connection in your phone that is unfamiliar. What describes this attack? A.Bluejacking B.Bluesnarfing C.Evil Twin D.RAt
B. Bluesnarfing
Isaac is looking for a physical access solution for his company. He needs the solution to use asymmetric cryptography or public-key cryptography to authorize users. What type of solution is he seeking? A.Asynchronous password token B.Challenge response token C.TOTP token D.Static password token
B. Challenge response password Explanation The best option for a solution is a challenge-response token. Asynchronous password tokens generate an OTP without a clock; TOTP uses a one-time password that's time sensitive and a static password token simply contains a password
Malia has noticed some steganography tools on an employee's computer. What is the greatest concern regarding an employee having steganography tools? A.Password cracking B.Data exfiltration C.Hiding network traffic D.Malware
B. Data exfiltration Explanation Employees can hide sensitive data in files using steganography, which hides files inside of pictures, videos, and media files. Password crackers aren't related to steganography. Steganography tools don't typically let you hide network traffic and malware isn't the greatest concern here.
Stewart works for an organization where employees all have cloud-based solutions for data storage. Stewart has requested funding from the CIO in order to install a DLP solution. What security hazard, if any, is Stewart trying to solve? A. No security hazard B. Malware from the cloud C. Data exfiltration through the cloud D.Security policies dont apply to the cloud
B. Data exfiltration through the cloud Explanation Cloud storage is an easy way to have data leave your organization. Anything put on the cloud can be accessed from outside of the network, thus data exfiltration through the cloud is the correct answer. There's always security hazards via the cloud for DLP. Malware is unlikely from a cloud server, but still possible. Company security policies are supposed to apply to any company asset including data storage.
Which cryptography option uses points on a curve to define public and private key pairs? A.Obfuscation B.ECC C.Stream cipher D.Block cipher
B. ECC Explanation ECC (elliptical curve cryptography) (hence the name) points a curve for key pairs. Obfuscation is the process of making something difficult to read, stream ciphers encrypt data one bit at a time, and block ciphers encrypt data one block or fixed block at a time.
Janet manages the security of the database servers at the mortgage company where she works. The servers are Windows Server 2016; she's concerned about file system security. Which Microsoft feature would be most helpful to implement security to the file systems? A.Password policies B.EFS C.Account lockout D.UAC
B. EFS Explanation The most helpful option to implement would be an EFS which is encrypted file systems. This makes it more difficult for an outsider to obtain your files and it makes it easier for you to keep your files safe. Password policies are important, but not as important, account lockout is important, but not as important and UAC allows the prevention of unauthorized applications, which is very important as well but comes in second to EFS.
Of the following resources, which feature of cloud computing would involve deprovisioning resources as needed? A.Multitenancy B.Elatiscity C.CMDB D.Sandboxings
B. Elasticity Explanation Elasticity is the process of deprovisioning resources as needed in order to make room for other resources. Multitenancy is the ability to host multiple environments, CMDB stands for a configuration management database and Sandboxing is the process of creating an isolated environment.
Millie is responsible for testing security and uses a tool that identifies vulnerabilities and provides mechanisms to test them by trying to exploit them. What best describes this tool? A.Vulnerability scanner B.Exploit framework C.Metasploit D.Nessus
B. Exploit framework Explanation The correct choice is exploit frameworks which are tools for finding vulnerabilities and attempting to exploit them. Vulnerability scanners identify, Metasploit is a popular exploit framework but the question doesn't ask for exact names and the Nessus is a well-known vulnerability scanner.
One of your tasks is being responsible for authentication methods for your company. You've implemented fingerprint scanners in order to gain access to server rooms. People are frequently denied access to the server room even though they are authorized. What problem is presented here? A.FAR B.FRR C.CER D.EER
B. FRR Explanation False rejection rate (FRR) tells you about authentication attempts that are rejected when they should have succeeded. When this number gets higher for the individuals being denied access, that number is too high. FAR (false acceptance rate) is the number of people who should not be authenticated, CER (crossover error rate) is the rate at which FAR and FRR are equal, and ERR (equal error rate) is another name for CER.
Choose the scenario where using a shared account would pose the least security risk. A.For a group of tech support personnel B.For guest Wi-Fi access C.For students logging in at a university D.For accounts with few privileges
B. For guest Wi-Fi access Explanation The least amount of security risk is creating a shared account for guest WiFi access. Tech support typically has elevated privileges. For student accounts, you'd typically need to know what specific student is logging on and accessing what particular resources and low-level accounts should always require it's own individual login.
Jason manages password management for his company. Sometimes users cannot remember their passwords. What is the best option for Jason to address this? A. Changing password history B.Implementing password recovery C.Eliminating password complecxity D.Lengthening password age
B. Implementing password recovery Explanation The best option for Jason to address this would be to enable password recovery. If this is set for too short, the users have to change their password too often. Changing password history might help but it won't help them remember their passwords. Eliminating password complexity is completely insecure and lengthening password age would have a negative impact on security as well.
You're currently facing a common security issue that's very difficult to control in a large environment. It happens when a user has more privileges than that required for the task the user needs to fulfill. This is the opposite of what principle? A.Seperation of duties B.Least privilege C.Transitive trust D.Account management
B. Least privileges Explanation The aforementioned scenario is the opposite of least privilege. Accounts should have access to allow the execution of job functions but nothing more. Separation of duties means that several users will have to assist in performing the steps of the task, transitive trust is when all parties trust each other (e.g., a trusts b, b trusts c, so a trusts c), and Account management is basically just a set of rules for managing accounts and doesn't assist with the issue that's being faced.
Of the listed principles, which is not a part of password complexity? A.Using both uppercase and lowercase B.Minimum password length C.Using numbers D.Using symbols
B. Minimum password length Explanation Minimum password length is not part of password complexity. Password complexity consists of uppercase/lowercase letters, numbers, and special characters.
Frank is concerned that confidential documents, with proprietary information, may be leaked. The leaks could either be intentional or accidental, but he is looking for a solution that would embed some identifying information into documents in a way that it would not be seen by the reader but could be extracted with the right software. What technology would best meet these needs? A.Symmetric encryption B.Steganography C.Hashing D.Aymmetric encryption
B. Stegnography Explanation The correct choice is steganography. Steganography allows you to embed data, messages, videos, media, whatever into other files. It's common to use steganography to send out confidential data. Symmetric encryption and asymmetric encryption are types of encryption so do not directly relate to the scenario given and hashing can be useful but it doesn't meet the task at hand.
In your company, there are some computers on your network that still use Windows XP. They have to stay at XP and cannot be upgraded due to application specifications. The application doesn't run on newer operating systems. What security issue does this pose? A.No special concerns; this is normal B.The machines cannot be patches as XP is no longer supported C.The machines cannot coordinate with a SIEM since XP doesnt support that D.The machines are more vulnerable to DoS attacks
B. The machines cannot be patched as XP is no longer supported Explanation When using products that are no longer supported, you won't find any updates, any patches, or any fixes; therefore, your device is very vulnerable to attacks and infections. This isn't normal at all. SIEM doesn't work with specific OS versions and these machines aren't any more susceptible to a DoS attack than any other machine.
Mike works for a company where employees have wearable technology, such as smartwatches. What is the most significant security concern for him in regard to such devices? A.These devices can distract employess B.These devices can be used to carry data in/out of the company C.These devices may not have encrypted drives D.These devices may not have strong passwords
B. These devices can be used to carry data in/out of the company Practice Exam #3 - Results Attempt 1 Question 1: Correct Using the image provided, place the port numbers in the correct order with their associated protocols: Larger image Explanation For the exam, you need to know your ports and protocols. The Secure Copy (SCP) operates over port 22. Telnet operates over port 23. The Simple Network Management Protocol (SNMP) operates over port 161. The Post Office Protocol 3 (POP3) operates over port 110. Question 2: Correct How would you appropriately categorize the authentication method being displayed here? Larger image Explanation For the exam, you need to know the different categories of authentication and what type of authentication methods belong to each category. A retina scan is categorized as biometric authentication. Biometric authentications include any authentication system that relies on one or more physical characteristics of a person for authentication. Question 3: Incorrect Which of the following types of attacks occurs when an attacker attempts to gain confidential information or login credentials by sending targeted emails to a specific set of recipients within an organization? Larger image Explanation Spear phishing is the fraudulent practice of sending emails from a seemingly known or trusted sender in order to induce targeted individuals to reveal confidential information. Question 4: Incorrect You have been asked to help conduct a white box penetration test. As part of your preparations, you have been given the source code for the organization's custom web application. Which type of vulnerability might be able to exploit the code shown in this image? Larger image Explanation The function DionCode may be subject to a buffer overflow as the user enters something over 20 characters as their input. In defining the char (character) type array, the programmer only allocated 20 characters worth of storage in memory. To solve this problem, the programmer should create proper input validation to ensure that the input is less than 20 characters prior to passing the user_input variable to the strcpy (string copy) function. Question 5: Incorrect Using the image provided, select four security features that you should use with a workstation or laptop within your organization? Larger image Explanation Host-based firewall, Network sniffer, a Cable lock, and CAT5e STP cables are all appropriate security features to use with a corporate workstation or laptop. By using a host-based firewall (such as Windows Firewall), you can configure the workstation or laptop to block incoming or outgoing data from the network connection of the device. If you install a network sniffer, you will be able to capture any network traffic that is being used on the network for later analysis. If you use a cable lock, it will lock the workstation or laptop to a desk and prevent theft of the device. If you use a CAT 5e STP cable for your network connection, you will minimize the risk of EMI and reduce data emanations. Question 6: CorrectOf the following, which provides the best examples of the drawback of symmetric key systems? Explanation Symmetric encryption uses the same key to decrypt and encrypt a file, which can be good and bad. All other options describe asymmetric encryption. Question 7: CorrectShelton is the manager at one of your local branch banks. He wants to ensure all customer information isn't compromised when the employees step away from their desks for a day. What would be used to mitigate this concern? Explanation Clean desk policy would be used to mitigate this concern because it ensures all confidential documents should be removed from the workstation and locked up when not in use. Background checks do not apply, continuing education does not apply, and job rotation policy also does not apply to this current scenario. Question 8: CorrectYou've noticed that someone has been rummaging through the company's trash bins looking for documents, diagrams, and other sensitive information that's been thrown out. What is this called? Explanation Dumpster diving is the technical term for rummaging through trash. Nothing in this scenario describes social engineering and Trash diving and Trash engineering are not appropriate industry terms. Question 9: IncorrectYour company has purchased new laptops for your salespeople. Your IT department plans to dispose of the hard drives from the old computers as part of a sale. Which method would you use to properly dispose of the hard drives? Explanation If personnel don't sanitize the drives before disposing of these devices, it can also result in a loss of confidentiality. Purging is a general sanitzation term indicating that all sensitive data has been removed from a device Question 10: CorrectKevin manages the security for his company and is working to implement a kernel integrity subsystem for key servers. Of the following list, what is the primary benefit of this? Explanation Kernel integrity system has a major benefit it provides in that it detects if files have been altered. It doesn't detect malware, that's the job of an antivirus software, and it doesn't detect if rogue programs have been installed or if changes were made to user accounts. Question 11: CorrectPenny, a saleslady in your company, sent in a request for assistance with a computer that is behaving sluggishly. You've checked but don't see any obvious malware, but you did locate a temp folder with JPEGs which are screenshots of his desktop. Of the following, which is most likely the cause? Explanation From the scenario, we see that there appears to be spyware on the computer because some spyware takes screen captures and hides them in a temp folder. There doesn't seem to be any corporate data so she isn't stealing from the company; nothing indicates a backdoor and updates do not affect this. Question 12: IncorrectOf the following cloud service models, which service provides the consumer with the infrastructure to create and host applications? Explanation Platform as a Service provides consumers with the infrastructure for hosted applications. Infrastructure as a service is a network infrastructure, software is an application, and cloud is cloud storage. Question 13: IncorrectWhile working through a malware outbreak, you discover something very odd on your company network. There's a file that has the same name as a Windows system DLL file and has the same API interface but handles the input very differently. It also looks like applications have been attaching to this file rather than the real system DLL. What best describes this? Explanation By definition, shimming is when an attacker places malware between an application and other files which intercepts the communication of the file. Trojan horses might be used to get into a system, but they don't apply here. Backdoor means the authorization was circumvented and direct access to the system was achieved and refactoring is a process of changing names of variables/functions in a program and doesn't apply here. Question 14: Correct Carolyn is the network administrator for a small financial services company and is responsible for controlling access to the resources on her network. Which technology is responsible for blocking access to a resource based on the requesting IP address? Explanation ACLs are lists of individuals who can access certain resources and using an IP address to allow/block requests is a common technique. ACLs are the easiest way to handle these tasks. NIPS, HIPS, and Port blocking are not part of access control. Question 15: CorrectChoose the type of attack that is based on entering fake information into a target network domain name server? Explanation This is a prime example of DNS poisoning also known as domain hijacking. ARP poisoning involves altering IP tables and bluejacking and bluesnarfing are Bluetooth attacks. Question 16: CorrectYou are concerned about fault tolerance for the database server you manage. You need to ensure that if a single drive fails, the data can be recovered. What RAID level would be used to support this goal while simultaneously distributing parity bits? Explanation RAID 5 is full fault tolerance with striping and parity that's distributed amongst all drives. RAID0 provides disk striping, but no fault tolerance. RAID1 is mirroring which protects loss but doesn't provide parity. RAID3 is striping with dedicated parity, but the best option for this scenario would be RAID5. Question 17: IncorrectWhich cryptography option uses points on a curve to define public and private key pairs? Explanation ECC (elliptical curve cryptography) (hence the name) points a curve for key pairs. Obfuscation is the process of making something difficult to read, stream ciphers encrypt data one bit at a time, and block ciphers encrypt data one block or fixed block at a time. Question 18: IncorrectOf the listed principles, which is not a part of password complexity? Explanation Minimum password length is not part of password complexity. Password complexity consists of uppercase/lowercase letters, numbers, and special characters. Question 19: IncorrectWhich of the following provides an example of stream cipher? Explanation RC4 is a stream cipher that encrypts data. All other options are examples of block ciphers. Question 20: Incorrect You currently have web developers in your company who have direct access to production servers and can deploy code to it. These actions can lead to insecure code and code flaws being deployed to directly into the live environment. Currently, your company only has one server available (the production server). What is the best change that can be made to mitigate this risk? Explanation The best change to mitigate this risk would be to implement a staging server. Staging servers can test security features and check to see that everything will be able to integrate with the system itself. Question 21: CorrectCaleb is installing an HVAC system in his data center and would like to know what this HVAC system will have the most impact on. Please choose from the following: Explanation HVAC system has the most impact on availability. If it gets too hot, the systems will fail to run. HVAC systems have no effect on confidentiality, fire suppression, and/or monitoring access to the datacenter. Question 22: CorrectYou have been tasked with doing a vulnerability assessment on a company's network and determine that they are using 802.1x for secured access. Which of the following can a threat actor use to bypass the current network security? Explanation Threat actors can use MAC spoofing to bypass network security for authentication. ARP poisoning sends spoofed ARP messages over the LAN, ping of death is a DoS attack, and the Xmas attack doesn't apply. Question 23: CorrectAs the security administrator, you're configuring data label options for your R&D file server. Standard users can label documents as contractor, public, or internal. Which label should be assigned to company trade secrets? Explanation Company trade secrets should be assigned a label of proprietary because they're specific to the company and nothing else. All other options are industry terms, but they aren't specific to one place or thing. Question 24: IncorrectChoose an agreement that is not as formal as a traditional contract but still has a level of importance to all involved parties? Explanation The MOU (memo of understanding) is the type of agreement that isn't legally binding. SLAs are measurable, the BPA is a business partnership agreement that establishes expectations and ISA (interconnection security agreement) is an agreement on technical and security requirements between organizations. Question 25: CorrectOf the following choices, which item best shows the state of a computer at the time it was collected by law enforcement? Explanation The screenshot is what will show the state of the computer at the time law enforcement collected it. Identification just identifies the information, tabletop exercises work through training before an implementation, and hash values ensure integrity. Question 26: CorrectMalia has noticed some steganography tools on an employee's computer. What is the greatest concern regarding an employee having steganography tools? Explanation Employees can hide sensitive data in files using steganography, which hides files inside of pictures, videos, and media files. Password crackers aren't related to steganography. Steganography tools don't typically let you hide network traffic and malware isn't the greatest concern here. Question 27: CorrectStewart works for an organization where employees all have cloud-based solutions for data storage. Stewart has requested funding from the CIO in order to install a DLP solution. What security hazard, if any, is Stewart trying to solve? Explanation Cloud storage is an easy way to have data leave your organization. Anything put on the cloud can be accessed from outside of the network, thus data exfiltration through the cloud is the correct answer. There's always security hazards via the cloud for DLP. Malware is unlikely from a cloud server, but still possible. Company security policies are supposed to apply to any company asset including data storage. Question 28: CorrectYou manage the account access control and authorization at your work, a large college. There are approximately 30,000 students and 1,200 faculty/staff that you manage accounts for. Which of the following is the best access control/account management approach? Explanation The best access control/account management implementation option would be group-based account control where users are placed in groups and permissions are applied to groups. Location-based isn't bad, but what if everybody from that location belongs in a different group (department, etc)? MAC is secure but very granular and not a great option for a large network and DAC isn't secure enough. Question 29: IncorrectOne of your tasks is being responsible for authentication methods for your company. You've implemented fingerprint scanners in order to gain access to server rooms. People are frequently denied access to the server room even though they are authorized. What problem is presented here? Explanation False rejection rate (FRR) tells you about authentication attempts that are rejected when they should have succeeded. When this number gets higher for the individuals being denied access, that number is too high. FAR (false acceptance rate) is the number of people who should not be authenticated, CER (crossover error rate) is the rate at which FAR and FRR are equal, and ERR (equal error rate) is another name for CER. Question 30: CorrectOf the following, which is a symmetric encryption algorithm that works with 128/192/256bit key versions? Explanation AES works with 128/192 and 256 bits. All other options are incorrect. Question 31: CorrectYou've noticed that users on your network use a specific bank for personal banking. Some users have been the victim of a recent attack, where they visited a fake bank website and their logins were compromised. They had all visited the bank from your network and they insist they typed in the correct URL. What is most likely the explanation for this? Explanation The correct answer is DNS poisoning. DNS poisoning will result in attacking the DNS server to send users to a fake site. Question 32: CorrectYou're currently facing a common security issue that's very difficult to control in a large environment. It happens when a user has more privileges than that required for the task the user needs to fulfill. This is the opposite of what principle? Explanation The aforementioned scenario is the opposite of least privilege. Accounts should have access to allow the execution of job functions but nothing more. Separation of duties means that several users will have to assist in performing the steps of the task, transitive trust is when all parties trust each other (e.g., a trusts b, b trusts c, so a trusts c), and Account management is basically just a set of rules for managing accounts and doesn't assist with the issue that's being faced. Question 33: CorrectJohn David works for a large retail company that processes credit card purchases and has been asked to test the network for security issues. The specific test he is running involves checking policies, documentation and past incident reports. What describes this type of test? Explanation Of the answer choices, security audits typically focus on documents, policies, etc. Penetration tests and vulnerability scans are done so to detect vulnerabilities and exploit them (pen tests) and security test is a generic term. Question 34: CorrectNicole noticed when she's in a crowded area, she gets a stream of unwanted texts. They end when she leaves the area. What is the attack just described? Explanation Bluejacking is when someone sends messages to a Bluetooth device when they are in range. Bluesnarfing is pulling data FROM Bluetooth devices and evil twin and rouge access points do not flow with this scenario. Question 35: IncorrectEllen manages network security and has discovered behavior on a computer that appears as a virus. She identified a file she thinks may be a virus, but no antivirus program has detected the file. Which could most likely be occurring? Explanation Zero-day exploits typically aren't in the virus definitions for antivirus programs because the attack happens when the infection is still new. All other options are forms of malware but should be easily picked up by at least one antivirus program. Question 36: CorrectYou currently use a PKI (public key infrastructure) in your company to issue digital certificates to users. Recently, you've had temporary contractors for a project that is now complete, and management has asked that all digital certificates be revoked. Which PKI component should be consulted for the request? Explanation A CRL (certificate revocation list) would be the best resource consulted to see about the status of certain revoked digital certificates. A CRL is issued by a CRL issuer, which is typically the CA which also issued the corresponding certificates but could alternatively be some other trusted authority. The CA (certificate authority) issues the digital certificates, the RA (registered authority) forwards the responses to CA, and the CSR is a certified signing request. Question 37: IncorrectJamie is worried that some users on her network could be accessing some files they don't have a reason to view, such as files not required for their job. Which of the following would best determine if this is happening? Explanation Of all options, the best choice is to do a usage audit and review which would document how users actually use their account permissions. Permission auditing and review is good, but it doesn't show how permissions are used. Usage Account maintenance is part of an audit but doesn't address the issue in question and Policy review has nothing to do with this. Question 38: CorrectYour company is looking for a secure backup tool for key storage in a PKI. Which one would you recommend? Explanation Key escrow is a secure key storage tool. CSR is a certificate signing request, CRL is a certificate revocation list, and CA is a certificate authority, so these three do not apply. Question 39: CorrectMike works for a company where employees have wearable technology, such as smartwatches. What is the most significant security concern for him in regard to such devices? Explanation The most significant security concern is that these devices can be used to bring data in that isn't related or could be harmful to the company, as well as exfiltrating data that shouldn't be allowed to leave the company. These devices CAN store data. They can also be a distraction, however, that doesn't affect security. These devices do not require drivers and while passwords may be difficult to manage, they aren't the greatest security concern with wearable devices.
You're tasked with configuring a friend's SOHO router and noticed a PIN on the back of their router. What is the purpose of this PIN? A. This is a WEP PIN B. This is a WPS PIN C.This is a WPA PIN D. THis is a Bluetooth PIN
B. This is a WPS PIN Explanation WPS is the network security standard that assists users in setting up wireless networks without long passphrases and users entering a PIN to allow the device to connect after pressing the WPS button on top of the device. All other options have passphrases, not PINs.
Kevin manages the security for his company and is working to implement a kernel integrity subsystem for key servers. Of the following list, what is the primary benefit of this? A.To detect malware B.To detect whether files have been altered C.To detect rogue programs being installed D.To detect changes to user accounts
B. To detect whether files have been altered Explanation Kernel integrity system has a major benefit it provides in that it detects if files have been altered. It doesn't detect malware, that's the job of an antivirus software, and it doesn't detect if rogue programs have been installed or if changes were made to user accounts.
You work for a company that requires a user's credentials to include providing something they know and something they are. Which of the following types of authentication is being described? A.Token B.Two-factor C.Kerberos D.Biometrics
B. Two-factor Explanation Two-factor authentication contains multiple methods of authentication. This typically includes something you know and something you are, which would be 2FA or two-factor. Tokens are something you have (type II), Kerberos isn't related to this question, and Biometrics is something you are (Type III).
Of the following cloud service models, which service provides the consumer with the infrastructure to create and host applications? A.Saas B.Paas C.Iaas D.Caas
B.Paas Explanation Platform as a Service provides consumers with the infrastructure for hosted applications. Infrastructure as a service is a network infrastructure, software is an application, and cloud is cloud storage.
Which protocols are associated with the correct port number? A. SCP/161, POP3/22, SNMP/161, Telnet/23 B.SCP/22, POP3/110,SNMP/161, Telnet/23 C. SCP/110, POP3/161, SNMP/23, Telnet/22 D. SCP/23, POP3/110, SNMP/22,Telnet/161
B.SCP/22, POP3/110,SNMP/161, Telnet/23 Explanation For the exam, you need to know your ports and protocols. The Secure Copy (SCP) operates over port 22. Telnet operates over port 23. The Simple Network Management Protocol (SNMP) operates over port 161. The Post Office Protocol 3 (POP3) operates over port 110.
Ellen manages network security and has discovered behavior on a computer that appears as a virus. She identified a file she thinks may be a virus, but no antivirus program has detected the file. Which could most likely be occurring? A.The computer has a RAT B.The computer has a zero-day exploit C.The computer has a logic bomb D.The computer has a rootkit
B.The computer has a zero day exploit Explanation Zero-day exploits typically aren't in the virus definitions for antivirus programs because the attack happens when the infection is still new. All other options are forms of malware but should be easily picked up by at least one antivirus program
Your company has hired an outside security firm to perform various tests on your network, specifically vulnerability scans. During this vulnerability scan, you provided the company with a set of usernames and passwords for various systems (database server, application server, web server) to assist in their scan. What best describes what is happening? A.A white-box test B.A grey-box test C.A credential scan D.A logged-in scan
C. A credential scan Explanation When you give a tester login (username and password), you are allowing him to conduct a credentialed scan because he/she has access to some things, just not to all things. Some organizations may also provide you an administrator login and password to conduct these scans. White-box and gray-box are incorrect because these are referring to the knowledge level of the tester. A "logged-in" scan isn't an industry term.
Caleb is worried his SIEM logs aren't being stored long enough or securely enough. He is aware that a breach may not be discovered until long after it occurs. This would require the company to analyze older logs, so it's important that he finds a SIEM log backup solution that can do the following: handle all aggregate logs of the SIEM, be maintained for a long period of time, and maintain the integrity of logs being stored. Which of the following solutions would ensure the integrity of the data isn't changed after storage? A.Back up to large-capacity external drives B.Back up to large-capacity backup tapes C. D.
C. Back up WORM Storage Explanation WORM (write-once, read many) works with high-capacity storage where once the data is written, it cannot be edited. This provides secure storage because backups cannot be tampered with. All other options are incorrect. Backing up to large-capacity external drives - the drive will need to be secured in storage; backup tapes are older technology, and backup tapes can be easily damaged.
Your wireless network has been breached and it seems as though the attacker has modified a portion of your data that is used with a stream cipher. This was used to expose wirelessly-encrypted data. What type of attack is this? A.Evil twin B.Rogue WAP C.IV Attack D.WPS attack
C. IV Attack Explanation IV attacks are used with stream ciphers. Nothing in this points to a rogue/evil twin and WPS uses a PIN to connect to a WAP. The correct choice for this is an IV attack.
You currently have web developers in your company who have direct access to production servers and can deploy code to it. These actions can lead to insecure code and code flaws being deployed to directly into the live environment. Currently, your company only has one server available (the production server). What is the best change that can be made to mitigate this risk? A.Implement sandboxing B.Implement virtualized servers C.Implement a staging server D.Implement deployment policies
C. Implement a staging server Explanation The best change to mitigate this risk would be to implement a staging server. Staging servers can test security features and check to see that everything will be able to integrate with the system itself.
Of the following, which is the most fundamental BIOS integrity technique? A.Verifying the BIOS version B.Using a TPM C.Managing BIOS passwors D.Backing up the BIOS
C. Managing BIOS passwords Explanation A BIOS password would be a fundamental integrity technique. BIOS password management is also the most effective technique because, without this, all other listed options prove less effective.
As the security administrator, you're configuring data label options for your R&D file server. Standard users can label documents as contractor, public, or internal. Which label should be assigned to company trade secrets? A.High B.Top Secret C.Propietary D.Low
C. Proprietary Explanation Company trade secrets should be assigned a label of proprietary because they're specific to the company and nothing else. All other options are industry terms, but they aren't specific to one place or thing.
Your company has purchased new laptops for your salespeople. Your IT department plans to dispose of the hard drives from the old computers as part of a sale. Which method would you use to properly dispose of the hard drives? A.Destruction B.Shredding C.Purging D.Formatting
C. Purging Explanation If personnel don't sanitize the drives before disposing of these devices, it can also result in a loss of confidentiality. Purging is a general sanitzation term indicating that all sensitive data has been removed from a device
John David works for a large retail company that processes credit card purchases and has been asked to test the network for security issues. The specific test he is running involves checking policies, documentation and past incident reports. What describes this type of test? A.Vulnerability B.Penetration test C.Security audit D.Security test
C. Security Audit Explanation Of the answer choices, security audits typically focus on documents, policies, etc. Penetration tests and vulnerability scans are done so to detect vulnerabilities and exploit them (pen tests) and security test is a generic term.
Penny, a saleslady in your company, sent in a request for assistance with a computer that is behaving sluggishly. You've checked but don't see any obvious malware, but you did locate a temp folder with JPEGs which are screenshots of his desktop. Of the following, which is most likely the cause? A.She is stealing data from the company B.There is a backdoor on the computer C.There is spyware on the system D.Windows needs to be updated
C. There is spyware on the system Explanation From the scenario, we see that there appears to be spyware on the computer because some spyware takes screen captures and hides them in a temp folder. There doesn't seem to be any corporate data so she isn't stealing from the company; nothing indicates a backdoor and updates do not affect this.
Jeff, a network administrator, has discovered that someone registered a domain name that is spelled just one letter different from the company's domain. The website with the misspelled URL is a phishing site. What best describes this attack? A.Session hijacking B.Cross-site forgery C.Typosquatting D.Clickjacking
C. Typosquatting This is a perfect example of typosquatting. The website is off by just one letter, therefore, most users don't catch the mistake. Session hijacking is taking over an already authenticated session, XSRF sends users to a fake website, and clickjacking works by tricking users into clicking on something they don't intend to click on.
Caleb is running a port scan on a network to meet some requirements of a security audit. He has noticed that domain controller is using secured LDAP. Which port would lead him to that conclusion? A.53 B.389 C.443 D.636
D. 636 Explanation The secure lightweight directory uses port 636 by default. DNS is 53, LDAP is 389, and Secure HTTP uses 443.
George is a security officer for a bank. When an executive has a laptop decommissioned, he wants to be sure that all of the data is completely wiped and unrecoverable, even via forensic tools. How many times should the hard drive be wiped? A.1 B.3 C.5 D.7
D. 7 Explanation DoD standard 5220.22-M recommends 7 wipes to completely wipe data. All other answers are less than seven.
Michael manages the secure communications at his company and would like to give administrators the option to log in remotely and execute command-line functions. He would like for this to only be possible via a secure encrypted connection. What action should be taken on the firewall? A.Block port 23 and allow ports 20 and 21 B.Block port 22 and allow ports 20 and 21 C.Block port 22 and allow port 23 D.Block port 23 and allow port 22
D. Block port 23 and allow port 22 Explanation Secure Shell uses port 22 and Telnet uses port 23 which is not secure. The best answer is to block port 23 and allow port 22. Telnet uses port 23 (insecure) and 20 and 21 are FTP (file transfer protocol) which are also insecure without something added onto them.
Frank is responsible for network security at a university where faculty members are being issued laptops. Many of the faculty members leave their laptops in their offices most of the time. Frank is concerned about device theft. In this situation, what would be the most cost-effective method to secure the laptops? A.FDE B.GPS Tagging C.Geofencing D.Cable locks
D. Cable locks Explanation Installing cable locks would be the best option. It is an easy and inexpensive solution that would make it difficult to steal a device if it was locked to a table or desk. FDE (full disk encryption) is a good way to protect data, but the laptop can still be stolen and wiped clean. GPS may help you locate a stolen laptop, but if the laptop is cleaned off, you will not be able to locate with GPS, and content management is good for the management of data, but it is ineffective for keeping physical possession of something like a laptop.
You are responsible for security for a defense contracting company and are concerned about users within your network exfiltrating data via sensitive documents to emails. What is the best solution to address this? A.Email encryption B.USB blocking C.NIPS D.Content filtering
D. Content filtering Explanation Content filtering can also be something that works on content that is set out, not just on web pages and websites and things you view (videos, etc). Email encryption makes it easier to exfiltrate data; USB blocking doesn't affect email filtration and NIPS cannot stop attachments.
You've noticed that users on your network use a specific bank for personal banking. Some users have been the victim of a recent attack, where they visited a fake bank website and their logins were compromised. They had all visited the bank from your network and they insist they typed in the correct URL. What is most likely the explanation for this? A.Trojan horse B.IP SPoofing C.Clickjacking D.DNS poisoning
D. DNS Poisoning Explanation The correct answer is DNS poisoning. DNS poisoning will result in attacking the DNS server to send users to a fake site.
Which four security features that you should use with a workstation or laptop within your organization? A. Network sniffer B. Cable lock C. Ceullar data D. Host-based firewall E. Location tracking F. CAT 5e STP G.MDM H. Remote wipe
D. Hots-based firewall, network snigger, cable lock, CAT 5e STP Explanation Host-based firewall, Network sniffer, a Cable lock, and CAT5e STP cables are all appropriate security features to use with a corporate workstation or laptop. By using a host-based firewall (such as Windows Firewall), you can configure the workstation or laptop to block incoming or outgoing data from the network connection of the device. If you install a network sniffer, you will be able to capture any network traffic that is being used on the network for later analysis. If you use a cable lock, it will lock the workstation or laptop to a desk and prevent theft of the device. If you use a CAT 5e STP cable for your network connection, you will minimize the risk of EMI and reduce data emanations.
Choose an agreement that is not as formal as a traditional contract but still has a level of importance to all involved parties? A.SLA B.BPA C.ISA D.MOU
D. MOU Explanation The MOU (memo of understanding) is the type of agreement that isn't legally binding. SLAs are measurable, the BPA is a business partnership agreement that establishes expectations and ISA (interconnection security agreement) is an agreement on technical and security requirements between organizations.
Of the listed principles below, which is NOT a common security policy type? A.Acceptable use policy B.Social Media Policy C.Password policy D.Parking policy
D. Parkinig policy Explanation The parking policy is not a security policy.
You are concerned about fault tolerance for the database server you manage. You need to ensure that if a single drive fails, the data can be recovered. What RAID level would be used to support this goal while simultaneously distributing parity bits? A.RAID 0 B.RAID 1 C.RAID 3 D.RAID 5
D. RAID 5 Explanation RAID 5 is full fault tolerance with striping and parity that's distributed amongst all drives. RAID0 provides disk striping, but no fault tolerance. RAID1 is mirroring which protects loss but doesn't provide parity. RAID3 is striping with dedicated parity, but the best option for this scenario would be RAID5.
Which of the following provides an example of stream cipher? A.AES B.DES C.3DES D.RC4
D. RC4 Explanation RC4 is a stream cipher that encrypts data. All other options are examples of block ciphers.
As the manager for network operations at his company, Shane saw an accountant in the hall who thanks him for keeping the antivirus software up to date. When asked what he means, he mentions one of the IT staff members named Michael called him yesterday and remotely connected to his PC to update the antivirus...but there's no employee named Michael. What happened? A.IP Spoofing B.MAC spoofing C.Man-in-the-Middle attack D.Social engineering
D. Social engineering Explanation Social engineering works through weaknesses in people. Nothing in this scenario points to IP spoofing or MAC spoofing and a man-in-the-middle attack would require an attacker to be between the source and the target to receive some communication
Of the following, which provides the best examples of the drawback of symmetric key systems? A. You must use different keys for encryption/decryption B.The alogrithm is more complex C.The system works much more slowly than an asymmetric system D.The key must be delivered in a secure manner
D. The key must be delivered in a secure manner Explanation Symmetric encryption uses the same key to decrypt and encrypt a file, which can be good and bad. All other options describe asymmetric encryption.
Which of the following types of attacks occurs when an attacker attempts to gain confidential information or login credentials by sending targeted emails to a specific set of recipients within an organization? A.Phishing B.Hoax C. Vishing D.Pharming E. Spear phishing
E. Spear phishing Explanation Spear phishing is the fraudulent practice of sending emails from a seemingly known or trusted sender in order to induce targeted individuals to reveal confidential information.