Security+ SY0-401 Practice Exam 5

In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time?

Import the recipient's public key

A software development company wants to implement a digital rights management solution to protect its intellectual property. Which of the following should the company implement to enforce software digital rights?

Public key infrastructure

Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic?

Quality of Service

A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?

3

Which of the following provides additional encryption strength by repeating the encryption process with additional keys?

3DES

Which of the following is the default port for TFTP?

69

A security administrator plans on replacing a critical business application in five years. Recently, there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement. Which of the following should the security administrator do in regards to the application?

Accept the risk and continue to enable the accounts each month saving money

A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?

Account Lockout

While rarely enforced, mandatory vacation policies are effective at uncovering:

Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.

Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new software?

Application hardening

Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?

Attributes based

A user ID and password together provide which of the following?

Authentication

RADIUS provides which of the following?

Authentication, Authorization, Accounting

In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?

Best practice

A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?

Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available?

Cloud computing

Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service?

Clustering

Which of the following concepts are included on the three sides of the "security triangle"? (Select THREE).

Confidentiality Availability Integrity

Layer 7 devices used to prevent specific types of html tags are called:

Content filters

In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered?

Continuous security monitoring

An administrator connects VoIP phones to the same switch as the network PCs and printers. Which of the following would provide the BEST logical separation of these three device types while still allowing traffic between them via ACL?

Create three VLANs on the switch connected to a router

A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of 192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?

Cross-site Request Forgery

Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?

DLP

A security analyst needs to ensure all external traffic is able to access the company's front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?

DMZ

Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

DMZ

Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns?

Data confidentiality

The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?

Discretionary access control

Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device's removable media in the event that the device is lost or stolen?

Encryption

When implementing fire suppression controls in a datacenter it is important to:

Ensure proper placement of sprinkler lines to avoid accidental leakage onto servers.

After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output: MAC SSID ENCRYPTION POWER BEACONS 00:10:A1:36:12:CC MYCORP WPA2 CCMP 60 1202 00:10:A1:49:FC:37 MYCORP WPA2 CCMP 70 9102 FB:90:11:42:FA:99 MYCORP WPA2 CCMP 40 3031 00:10:A1:AA:BB:CC MYCORP WPA2 CCMP 55 2021 00:10:A1:FA:B1:07 MYCORP WPA2 CCMP 30 6044 Given that the corporate wireless network has been standardized, which of the following attacks is underway?

Evil twin

After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points: Corpnet Coffeeshop FreePublicWifi Using this information the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created?

Evil twin

Mandatory vacations are a security control which can be used to uncover which of the following?

Fraud committed by a system administrator

Which of the following security concepts identifies input variables which are then used to perform boundary testing?

Fuzzing

Each server on a subnet is configured to only allow SSH access from the administrator's workstation. Which of the following BEST describes this implementation?

Host-based firewalls

A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?

Group based privileges

A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts?

High availability

A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68. Which of the following replies has the administrator received?

IPv6 address

Purchasing receives a phone call from a vendor asking for a payment over the phone. The phone number displayed on the caller ID matches the vendor's number. When the purchasing agent asks to call the vendor back, they are given a different phone number with a different area code. Which of the following attack types is this?

Impersonation

Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data?

Information classification training

Digital Signatures provide which of the following?

Integrity

Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? PERMIT TCP ANY HOST 192.168.0.10 EQ 80 PERMIT TCP ANY HOST 192.168.0.10 EQ 443

It implements an implicit deny.

Which of the following types of authentication solutions use tickets to provide access to various resources from a central location?

Kerberos

An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?

LDAP

A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall?

Least privilege

Which of the following provides the BEST application availability and is easily expanded as demand grows?

Load balancing

Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?

MAC filtering

Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?

Mandatory vacations

A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?

NetBIOS

Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?

Non-repudiation

Which of the following offers the LEAST secure encryption capabilities?

PAP

Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?

PEAP-MSCHAPv2

The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help?

Password Recovery

After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).

Password expiration Password complexity

A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?

Phishing

During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?

Port scanner

Company A sends a PGP encrypted file to company B. If company A used company B's public key to encrypt the file, which of the following should be used to decrypt data at company B?

Private key

A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?

Replay

A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?

Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.

A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports?

SNMPv3

During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO).

SSL 1.0 DES

Which of the following cryptographic related browser settings allows an organization to communicate securely?

SSL 3.0/TLS 1.0

A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here?

Same sign-on

Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO).

Scanning of outbound IM (Instance Messaging). Scanning of HTTP user traffic

Users need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key?

Session Key

A security administrator is concerned about the strength of user's passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?

Shorten the password expiration period

Which of the following network devices is used to analyze traffic between various network interfaces?

Sniffers

A company's business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?

Software as a Service

The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO's direction but has mandated that key authentication systems be run within the organization's network. Which of the following would BEST meet the CIO and CRO's requirements?

Software as a Service

A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?

Spoof the MAC address of an observed wireless network client

A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?

Spyware

A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive's laptop they notice several pictures of the employee's pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match. Which of the following describes how the employee is leaking these secrets?

Steganography

Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?

System hardening

Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens?

TACACS+

Which of the following should be enabled in a laptop's BIOS prior to full disk encryption?

TPM

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?

Tailgating

A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability?

Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes

Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank's website, but not login. Which is the following is MOST likely the issue?

The certificates have not been installed on the workstations

Which of the following is a best practice when a mistake is made during a forensics examination?

The examiner should document the mistake and workaround the problem.

Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?

The intermediate CA certificates were not installed on the server.

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?

The switch has several VLANs configured on it.

After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).

To allow for business continuity if one provider goes out of business To eliminate a single point of failure

Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?

To reduce organizational IT risk

Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure?

Trust Model

Which of the following is a measure of biometrics performance which rates the ability of a system to correctly authenticate an authorized user?

Type II

Which of the following assets is MOST likely considered for DLP?

USB mass storage devices

A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies?

User rights and permissions review

An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?

User rights reviews

Which of the following BEST describes part of the PKI process?

User1 encrypts data with User2's public key

A recent audit of a company's identity management system shows that 30% of active accounts belong to people no longer with the firm. Which of the following should be performed to help avoid this scenario? (Select TWO).

Utilize automated provisioning and de-provisioning processes where possible. Perform regular user account review / revalidation process.

A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.

A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?

Virtual switches with VLANs

A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?

Virtualization

Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this?

Vishing

A company hires outside security experts to evaluate the security status of the corporate network. All of the company's IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?

Vulnerability scanning

After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings?

War chalking

The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented?

Warm site

The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection. Which of the following has happened on the workstation?

Zero-day Attack

Input validation is an important security defense because it:

rejects bad or malformed data.

A network administrator has recently updated their network devices to ensure redundancy is in place so that:

single points of failure are removed.

A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:

time offset can be calculated.