TestOut Sec Pro Ch 8-14
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?
Auditing
To prevent server downtime, which of the following components should be installed redundantly in a server system?
Power supply
Which of the following disk configurations might sustain losing two disks? (Select two.)
RAID 0+1 RAID 1+0
You are the security administrator for your organization. You have implemented a cloud service to provide features such as authentication, anti-malware, intrusion detection, and penetration testing. Which cloud service have you most likely implemented?
SECaaS
Which type of wireless access point is generally used in a residential setting?
SOHO
You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run Windows. Neither laptop can find the network. You have come to the conclusion that you must manually configure the access point (AP). Which of the following values uniquely identifies the network AP?
SSID
What is isolating a virtual machine from the physical network to allow testing to be performed without impacting the production environment called?
Sandboxing
You have been hired as part of the team that manages an organization's network defense. Which security team are you working on?
blue
Which of the following are the two main causes of software vulnerabilities? (Select two.)
design flaws and coding errors
Which of the following tools can be used to view and modify DNS server information in Linux?
dig
You are performing a security test from the outside on a new application that has been deployed. Which secure testing method are you MOST likely using?
dynamic
Which of the following is an exploit in which malware allows the virtual OS to interact directly with the hypervisor?
escape
You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use?
ping
HIPAA is a set of federal regulations that define security guidelines. What do HIPAA guidelines protect?
privacy
An attacker has intercepted near-field communication (NFC) data and is using that information to masquerade as the original device. Which type of attack is being executed?
relay
Which of the following is the first step in the Waterfall application development model?
requirements
Which of the following is an important aspect of evidence-gathering?
Back up all log files and audit trails.
Which of the following provides the network virtualization solution called XenServer?
Citrix
Which of the following is a network device that is deployed in the cloud to protect against unwanted access to a private network?
Cloud-based firewall
Which of the following network strategies connects multiple servers together so that if one server fails, the others immediately take over its tasks, preventing a disruption in service?
Clustering
Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present?
Cold site
What is a virtual LAN that runs on top of a physical LAN called?
VAN
Which of the following virtual devices provides packet filtering and monitoring?
VFA
Which of the following is an example of protocol-based network virtualization?
VLAN
Which of the following is used as a secure tunnel to connect two networks?
VPN
Which application development model approaches software development as a continuous, changing process with never-ending versions, bug fixes, and enhancements?
agile
Which of the following DLP implementations can be used to monitor and control access to physical devices on workstations or servers?
Endpoint DLP
Which of the following types of site surveys should be performed first?
passive
Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived. On a Wednesday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?
1
How often should change-control management be implemented?
Any time a production system is altered.
Which of the following app deployment and update methods can be configured to make available to specific users and groups only the apps that they have rights to access?
App catalog
Which of the following cloud storage access services acts as a gatekeeper, extending an organization's security policies into the cloud storage infrastructure?
A cloud-access security broker
Which of the following are disadvantages of server virtualization?
A compromised host system might affect multiple servers.
Which of the following accurately describes what a protocol analyzer is used for? (Select two.)
A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack). A passive device that is used to copy frames and allow you to view frame contents.
Which of the following describes a man-in-the-middle attack?
A false server intercepts communications from a client by impersonating the intended server.
Which of the following best describes an evil twin?
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.
Which of the following is an example of a preventative control type?
An advanced network appliance
A group of small local businesses have joined together to share access to a cloud-based payment system. Which type of cloud is MOST likely being implemented?
Community
Which of the following Intune portals is used by end users to manage their own account and enroll devices?
Company portal
What does an IDS that uses signature recognition use to identify attacks?
Comparisons to known attack patterns
You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.)
Conduct a site survey. Check the MAC addresses of devices connected to your wired switch.
You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?
Configure the connection with a pre-shared key and AES encryption.
You have detected and identified a security event. What's the first step you should complete?
Containment
You would like to make sure users are not accessing inappropriate content online at work. Which endpoint security strategy would you employ?
Content filtering
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?
Create a checksum using a hashing algorithm
What is the primary function of the IKE Protocol used with IPsec?
Create a security association between communicating partners.
BPO
Creates an agreement with a vendor to provide services on an ongoing basis
You suspect cache poisoning or spoofing has occurred on your network. Users are complaining of strange web results and being redirected to undesirable sites. Which log would help you determine what is going on?
DNS logs
Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?
Data loss prevention
Which of the following BEST describes a constant?
Data or a value that does not change.
An attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's web browser. Which practice would have prevented this exploit?
Implementing client-side validation
You have been offered a position as a security analyst for Acme, Inc. The position will be remote. Acme Inc. has sent you your employment contract using a system that only allows you to open and digitally sign the contract. Which rights management method is being used?
IRM
Which type of attack is WEP extremely vulnerable to?
IV attack
A conditional statement that selects the statements to run depending on whether an expression is true or false is known as which of the following?
If else statement
As a security analyst, you are configuring your environment to be able to properly gather digital forensic information. Which of the following must be set up to help create a timeline of events?
Make sure all client computers have their time set accurately by a time server.
Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?
OSINT
Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs?
Maintain access
What is the primary goal of business continuity planning?
Maintain business operations with reduced or restricted infrastructure capabilities or resources
secret
If this information is disclosed, it could cause severe and permanent damage to military actions.
sensitive but unclassified
If this information is disclosed, it could cause some harm, but not a national disaster.
The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the internet. If a user does not provide the correct code, he or she should not be allowed to access the internet. What should you do?
Implement a captive portal
Your organization allows employees to bring their own devices into work, but management is concerned that a malicious internal user could use a mobile device to conduct an insider attack. Which of the following should be implemented to help mitigate this threat?
Implement an AUP that specifies where and when mobile devices can be possessed within the organization.
Which type of audit is performed by either a consultant or an auditing firm employee?
External audit
Google Cloud, Amazon Web Services (AWS), and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompt companies to take advantage of cloud storage? (Select two.)
Growing demand for storage Need to bring costs down
Which of the following government acts protects medical records and personal health information?
HIPAA
Which phase or step of a security assessment is a passive activity?
Reconnaissance
Which of the following terms describes the actual time required to successfully recover operations in the event of an incident?
Recovery time objective (RTO)
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?
Signature-based IDS
Which of the following do Raspberry Pi systems make use of?
SoC
Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred?
Social engineering
Network engineers have the option of using software to configure and control the network rather than relying on individual static configuration files that are located on each network device. Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network?
Software-defined networking (SDN)
MOU
Summarizes which party is responsible for performing specific tasks
Which of the following is a standard for sending log messages to a central logging server?
Syslog
What is the primary purpose of penetration testing?
Test the effectiveness of your security perimeter.
unclassified
This information can be accessed by the public and poses no security threat.
Which of the following best describes Bluesnarfing?
Viewing calendar, emails, and messages on a mobile device without authorization
What is the best definition of a security incident?
Violation of a security policy
You have been promoted to team lead of one of the security operations teams. Which security team are you now a part of?
White
You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins. Which type of penetration test are you performing?
White box
This application endpoint-protection rule implicitly denies unless added to the rule. Which of the following processes describes this?
Whitelisting
Which of the following is responsible for broadcasting information and data over radio waves?
Wireless access point
Which type of RFID tag can send a signal over a long distance?
active
Which of the following enters random data to the inputs of an application?
fuzzing
You need to find the text string New Haven in 100 documents in a folder structure on a Linux server. Which command would you use?
grep
Which of the following is generated after a site survey and shows the Wi-Fi signal strength throughout the building?
heat map
You would like to add some entries into the system log file. Which command would you use?
logger
A broken water pipe that floods the reception area would be considered which type of threat?
natural
You would like to see only the last 15 lines of /home/user/logfile on your Linux machine. Which command line interface (CLI) command would you use?
tail -n 15 /home/user/logfile
Which passive reconnaissance tool is used to gather information from a variety of public sources?
theHarvester
Your network uses the following backup strategy: -Full backups every Sunday night -Differential backups Monday night through Saturday night On Thursday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?
2
Which ISO publication lays out guidelines for selecting and implementing security controls?
27002
You have been asked to implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5?
3
Your network uses the following backup strategy: -Full backups every Sunday night -Incremental backups Monday night through Saturday night On a Thursday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?
4
What is the minimum number of users needed in a Windows Enterprise agreement for Intune to be included?
500
You have conducted a risk analysis to protect a key company asset. You identify the following values: -Asset value = 400 -Exposure factor = 75 -Annualized rate of occurrence = .25 What is the annualized loss expectancy (ALE)?
75
Which of the following BEST describes phishing?
A fraudulent email that claims to be from a trusted organization.
What is a service level agreement (SLA)?
A guarantee of a specific level of service.
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on their personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information from the organization's network. Your job is to implement a solution that prevents insiders from accessing sensitive information stored on the organization's network from their personal devices while still giving them access to the internet. Which of the following should you implement?
A guest wireless network that is isolated from your organization's production network
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands. The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen. Which of the following should you implement?
A mobile device management (MDM) infrastructure
In a variation of the brute force attack, an attacker may use a predefined list of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?
A strong password policy
Which of the following describes a system image backup? (Select two.)
A system image backup consists of an entire volume backed up to .vhd files. A system image contains everything on the system volume, including the operating system, installed programs, drivers, and user data files.
Which of the following could be an example of a malicious insider attack?
A user uses the built-in microphone to record conversations.
You need to configure a wireless network using WPA2-Enterprise. Which of the following components should be part of your design? (Select two.)
AES encryption 802.1x
The MAC address of the attacker can be associated with the IP address of another host.
ARP poisoning
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
ARP poisoning
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network?
ARP poisoning
Which of the following is a policy that defines appropriate and inappropriate usage of company resources, assets, and communications?
Acceptable use policy (AUP)
Which of the following is the first phase of the Microsoft Intune application life cycle?
Add
You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl. You want to make sure that these emails never reach your inbox, but you also want to make sure that emails from other senders are not affected. What should you do?
Add kenyan.msn.pl to the email blacklist.
Which of the following strategies can protect against a rainbow table password attack?
Add random bits to the password before hashing takes place
Which of the following components are the SIEM's way of letting the IT team know that a pre-established parameter is not within the acceptable range?
Alerts
Which of the following BEST describes the Physical SDN layer?
Also known as the Infrastructure layer.
Which of the following defines an acceptable use agreement?
An agreement that identifies employees' rights to use company property, such as internet access and computer equipment, for personal use.
What is the average number of times that a specific risk is likely to be realized in a single year?
Annualized rate of occurrence
You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?
Anomaly-based IDS
What is the most common form of host-based IDS that employs signature or pattern-matching detection methods?
Antivirus software
Your organization recently purchased 20 Android tablets for use by the organization's management team. To increase the security of these devices, you want to ensure that only specific apps can be installed. Which of the following would you implement?
App whitelisting
Which SDN layer would a load balancer that stops and starts VMs as resource use increases reside on?
Application
Which type of firewall operates at Layer 7 of the OSI model?
Application layer
Some users report that frequent system crashes have started happening on their workstations. Upon further investigation, you notice that these users all have the same application installed that has been recently updated. Where would you go to conduct a root cause analysis?
Application log
Which of the following is an open-source hardware and software company that designs and manufactures single-board microcontrollers as well as kits to build digital devices?
Arduino
Which of the following activities are typically associated with a penetration test?
Attempt social engineering.
Which of the following is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy and is often used to detect unwanted and unauthorized user activity?
Audit trail
A recreation of historical events is made possible through which of the following?
Audit trails
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best step or action to take next?
Back up all logs and audits regarding the incident.
Which of the following is true of an incremental backup's process?
Backs up all files with the archive bit set and resets the archive bit.
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
Bluejacking
A file server with data is consider which of the following asset types?
Both tangible and intangible
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?
Brute force attack
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
Buffer overflow attack
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?
Buffer overflow attack
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
Buffer overflow attack
As part of a special program, you have discovered a vulnerability in an organization's website and reported it to the organization. Because of the severity, you are paid a good amount of money. Which type of penetration test are you performing?
Bug bounty
You are in charge of making sure the IT systems of your company survive in case of any type of disaster in any of your locations. Your document should include organizational charts, phone lists, and order of restore. Each business unit should write their own policies and procedures with guidelines from corporate management. Which of the following documents should you create for this purpose?
Business continuity plan
Which device deployment model gives businesses significant control over device security while allowing employees to use their devices to access both corporate and personal data?
COPE
Which of the following laws was designed to protect a child's information on the internet?
COPPA
Which of the following frameworks introduced the first cloud-centric individual certification?
CSA
Which of the following are network-sniffing tools?
Cain and Abel, Ettercap, and TCPDump
You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simplify this process?
Capture filters
Which of the following are advantages of virtualization? (Select two.)
Centralized administration Easy migration of systems to different hardware
You have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. Which type of document is this?
Chain of custody
What is the most important element related to evidence in addition to the evidence itself?
Chain of custody document
You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from using the access point (AP) configuration utility?
Change the administrative password on the AP.
What is the on-premises, cloud-based software tool that sits between an organization and a cloud service provider called?
Cloud-access security broker
Which of the following can provide the most specific protection and monitoring capabilities?
Cloud-access security broker
You have just finished developing a new application. Before putting it on the website for users to download, you want to provide a checksum to verify that the object has not been modified. Which of the following would you implement?
Code signing
Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?
Collectors
Which of the following BEST describes the Application SDN layer?
Communicates with the Control layer through the northbound interface.
Your organization entered into an interoperability agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase? (Select two.)
Conduct periodic vulnerability assessments Verify compliance with the IA documents
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?
Configure the network interface to use promiscuous mode.
You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems' versions and editions. Currently, all of your virtual machines used for testing are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent issues, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select two. Both responses are part of the complete solution.)
Connect the virtual network interfaces in the virtual machines to the virtual switch. Create a new virtual switch configured for host-only (internal) networking.
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you use them in the future?
Create a hash of each log.
A security administrator logs onto a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Which type of scan was conducted in this scenario?
Credentialed scan
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. Which kind of exploit has been used in this scenario?
DNS poisoning
Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?
DNS poisoning
While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred?
DNS poisoning
Which rights management category is applied to music, videos, and software that is sold to consumers?
DRM
When you dispose of a computer or sell used hardware, it is crucial that none of the data on the hard disks can be recovered. Which of the following actions can you take to ensure that no data is recoverable?
Damage the hard disks so badly that all data remanence is gone.
You have a computer with three hard disks. A RAID 0 volume uses space on Disk 1 and Disk 2. A RAID 1 volume uses space on Disk 2 and Disk 3. Disk 2 fails. Which of the following is true?
Data on the RAID 1 volume is accessible; data on the RAID 0 volume is not.
SLA
Defines how disputes are managed
Which of the following is the LEAST reliable means of cleaning or purging media?
Degaussing
In which phase of the Microsoft Intune application life cycle would you assign an app to users and/or devices you manage and monitor them on the Azure portal?
Deploy
In a high-security environment, which of the following is the most important concern when removable media is no longer needed?
Destruction
Which type of control is used to discourage malicious actors from attempting to breach a network?
Deterrent
Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)
Devices are typically more difficult to monitor than traditional network devices. Devices tend to employ much weaker security than traditional network devices.
As a security analyst, you have discovered the victims of an malicious attack have several things in common. Which tools would you use to help you identify who might be behind the attacks and prevent potential future victims?
Diamond Model of Intrusion Analysis Mitre Att@cks
Which of the following protocols can TLS use for key exchange? (Select two.)
Diffie-Hellman and RSA
When you inform an employee that he or she is being terminated, which of the following is the most important activity?
Disable his or her network access
During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence?
Disconnect the access point from the network.
Cloud storage is a virtual service, so the infrastructure is the responsibility of the storage provider. Access control should be set as a local file system would be, with no need for the provider to have access to the stored data. You are implementing the following measures to secure your cloud storage: -Verify that security controls are the same as in a physical data center. -Use data classification policies. -Assign information into categories that determine storage, handling, and access requirements. -Assign information classification based on information sensitivity and criticality. Which of the following is another security measure you can implement?
Dispose of data when it is no longer needed by using specialized tools.
When you conduct a forensic investigation, which of the following initial actions is appropriate for preserving evidence?
Document what is on the screen.
You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first?
Document what is on the screen.
ISA
Documents how data is to be shared
You suspect a bad video driver is causing a user's system to randomly crash and reboot. Where would you go to identify and confirm your suspicions?
Dump files
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Dumpster diving
Your organization is having a third party come in and perform an audit on the financial records. You want to ensure that the auditor has access to the data they need while keeping the customers' data secure. To accomplish this goal, you plan to implement a mask that replaces the client names and account numbers with fictional data. Which masking method are you implementing?
Dynamic
Which EAP implementation is MOST secure?
EAP-TLS
Which type of interference is caused by motors, heavy machinery, and fluorescent lights?
EMI
Which of the following mobile device management (MDM) solutions is hardware-agnostic and supports many different brands of mobile devices?
EMM
IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)
ESP and AH
Which Amazon device can be used to control smart devices (such as lights) throughout a home using voice commands?
Echo
Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the BEST approach to take to accomplish this? (Select two. Each option is part of a complete solution.)
Enroll the devices in a mobile device management (MDM) system. Configure and apply security policy settings in a mobile device management (MDM) system.
Your company is preparing to enter into a partner relationship with another organization. It will be necessary for the information systems used by each organization to connect and integrate with each other. Which of the following is of primary importance as you take steps to enter into this partner relationship?
Ensure that the integration process maintains the security of each organization's network
You would like to get a feel for the amount of bandwidth you are using in your network. What is the first thing you should do?
Establish a baseline.
Change control should be used to oversee and manage changes over which aspect of an organization?
Every aspect
In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported. Upon further inspection, none of the vulnerabilities actually existed. Which type of result is this?
False positive
DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within the file. Which of the following DLP implementations travels with sensitive data files when they are moved or copied?
File-level DLP
Which of the following processes identifies an operating system based on its response to different types of network traffic?
Fingerprinting
You want to allow RDP 3389 traffic into your network for a group of users to access a particular workstation that has a special application in your office. Which endpoint security tool would you use to make this happen?
Firewall rules
Which fuzz testing program type defines new test data based on models of the input?
Generation-based
Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice president's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network. You've reviewed the vice president's social media pages. You found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smartphone was never misplaced prior to the attack. Which security weakness is the MOST likely cause of the security breach?
Geotagging was enabled on her smartphone.
Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sub-layer for security?
HTTPS
Which of the following protocols uses port 443?
HTTPS
Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?
Hashing
You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. Which type of wireless antenna should you use on each side of the link? (Select two.)
High-gain and Parabolic
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Host-based IDS
You have been asked to deploy a network solution that includes an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?
Hot site
Which of the following is a network virtualization solution provided by Microsoft?
Hyper-V
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?
Hypervisor
Which SOC type reports focus on predetermined controls that are audited and a detailed report that attests to a company's compliance?
II
Your organization has discovered that an overseas company has reverse-engineered and copied your main product and is now selling a counterfeit version. Which of the following BEST describes the type of consequence your organization has suffered?
IP theft
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
IPS
top secret
If this information is released, it poses grave consequences to national security.
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?
Implement an application-aware IPS in front of the web server
While using a web-based order form, an attacker enters an unusually large value in the Quantity field. The value he or she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit? (Select two.)
Implementing server-side validation Implementing client-side validation
The IT manager has tasked you with configuring Intune. You have enrolled the devices and now need to set up the Intune policies. Where would you go to set up the Intune policies?
In the Admin portal, select Policy > Add Policy.
Which of the following are true concerning virtual desktop infrastructure (VDI)? (Select two.)
In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on a few central servers. User desktop environments are centrally hosted on servers instead of on individual desktop systems.
Which of the following functions does a single quote (') perform in an SQL injection?
Indicates that data has ended and a command is beginning
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?
Input validation
You are replacing a wired business network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network has multiple wireless access points, and you want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.)
Install a RADIUS server and use 802.1x authentication Configure devices to run in infrastructure mode
You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.
Which of the following tools allows the user to set security rules for an instance of an application that interacts with one organization and different security rules for an instance of the application when interacting with another organization?
Instance awareness
What is the system that connects application repositories, systems, and IT environments in a way that allows access and exchange of data over a network by multiple devices and locations called?
Integration
You notice that a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices?
Internet of Things (IoT)
Your organization recently purchased 20 Android tablets for use by the organization's management team. You are using a Windows domain. Which of the following should you use to push security settings to the devices?
Intune
Which of the following is the recommend Intune configuration?
Intune Standalone
You need to limit a compromised application from causing harm to other assets in your network. Which strategy should you employ?
Isolation
Which of the following BEST describes dynamic data masking? (Select two.)
It can be used to control which users can see the actual data. It replaces original information with a mask that mimics the original in form and function.
Which of the following BEST describes an email security gateway?
It monitors emails that originate from an organization.
You want to check a server for user accounts that have weak passwords. Which tool should you use?
John the Ripper
When should a hardware device be replaced in order to minimize downtime?
Just before its MTBF is reached
Your company is about to begin litigation, and you need to gather information. You need to get emails, memos, invoices, and other electronic documents from employees. You'd also like to get printed, physical copies of documents. Which tool would you use to gather this information?
Legal hold
Which of the following describes a false positive when using an IPS device?
Legitimate traffic being flagged as malicious
The chain of custody is used for which purpose?
Listing people coming into contact with the evidence
Which of the following is a technique that disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput, or response time?
Load balancing
Which of the following do switches and wireless access points use to control access through a device?
MAC address filtering
Allows an attacker's computer to connect to a switch using an authorized MAC address.
MAC flooding
Allows an attacker's computer to connect to a switch using an authorized MAC address.
MAC spoofing
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which type of attack?
Man-in-the-middle attack
Which type of control makes use of policies, DPRs, and BCPs?
Managerial
Which DLP method works by replacing sensitive data with realistic fictional data?
Masking
As a security analyst, you suspect a threat actor used a certain tactic and technique to infiltrate your network. Which incident-response framework or approach would you utilize to see if other companies have had the same occurrence and what they did to remedy it?
Mitre Att@ck
Which of the following is a solution that pushes security policies directly to mobile devices over a network connection?
Mobile device management (MDM)
You need to remotely wipe an android phone for one of your rogue users. Which endpoint tool would you use?
Mobile device management (MDM)
Which of the following is an advantage of software-defined networking (SDN)?
More granular control
Which of the following statements about virtual networks is true? (Select two.)
Multiple virtual networks can be associated with a single physical network adapter. A virtual network is dependent on the configuration and physical hardware of the host operating system.
The IT manager has tasked you with implementing a solution that ensures that mobile devices are up to date, have anti-malware installed, and have the latest definition updates before being allowed to connect to the network. Which of the following should you implement?
NAC
Which of the following security frameworks is used by the federal government and all its departments, including the Department of Defense?
NIST
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?
Nessus
DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property?
Network DLP
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Network mapper
A security administrator needs to run a vulnerability scan that analyzes a system from the perspective of a hacker attacking the organization from the outside. Which type of scan should he or she use?
Non-credentialed scan
Which of the following does the Application layer use to communicate with the Control layer?
Northbound APIs
You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?
On a RADIUS server
Which of the following are backed up during an incremental backup?
Only files that have changed since the last full or incremental backup.
Which of the following would you do to help protect against phishing?
Only open emails if you recognize the sender.
You install a new Linux distribution on a server in your network. The distribution includes a Simple Mail Transfer Protocol (SMTP) daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages. Which type of email attack is this server susceptible to?
Open SMTP relay
Which of the following BEST describes PuTTy?
Open-source software that is developed and supported by a group of volunteers.
Which of the following are control categories? (Select three.)
Operational Technical Managerial
Which of the following standards relates to the use of credit cards?
PCI DSS
Which of the following BEST describes the Platform as a Service (PaaS) cloud computing service model?
PaaS delivers everything a developer needs to build an application on the cloud infrastructure.
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?
Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?
Packet sniffer
Which type of firewall protects against packets coming from certain IP addresses?
Packet-filtering
Which of the following BEST describes compensating controls?
Partial control solution that is implemented when a control cannot fully meet a requirement.
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?
Password salting
Which of the following uses hacking techniques to proactively discover internal vulnerabilities?
Penetration testing
Your disaster recovery plan calls for backup media to be stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies that you choose a method that uses the least amount of backup media, but also allows you to quickly back up and restore files. Which backup strategy would BEST meet the disaster recovery plan?
Perform a full backup once per week and a differential backup the other days of the week.
An active IDS system often performs which of the following actions? (Select two.)
Performs reverse lookups to identify an intruder. Updates filters to block suspect traffic.
If you lose your wallet or purse and it ends up in the wrong hands, several pieces of information could be used to do personal harm to you. These pieces of information include the following: -Name and address -Driver license number -Credit card numbers -Date of birth Which of the following classifications does this information fall into?
Personally identifiable information (PII)
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking username and password. The URL in the link is in the .ru top-level DNS domain. Which kind of attack has occurred?
Phishing
Which of the following Security Orchestration, Automation, and Response (SOAR) system automation components is often used to document the processes and procedures that are to be used by a human during a manual intervention?
Playbook
As you browse the internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
Pop-up blocker
Creates a duplicate of all network traffic on a port and sends it to another device.
Port mirroring
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure on the switch?
Port mirroring
You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services. Which tool should you use?
Port scanner
Which of the following is the primary purpose of change control?
Prevent unmanaged change
What does the hashing of log files provide?
Proof that the files have not been altered
Tokenization is another effective tool in data loss prevention. Tokenization does which of the following? (Select two.)
Protects data on its server with authentication and authorization protocols. Replaces actual data with a randomly generated alphanumeric character set.
Which of the following is an advantage of a virtual browser?
Protects the host operating system from malicious downloads
You want to identify traffic that is generated and sent through a network by a specific application running on a device. Which tool should you use?
Protocol analyzer
Which of the following BEST describes a virtual desktop infrastructure (VDI)?
Provides enhanced security and better data protection because most of the data processing is provided by servers in the data center rather than on the local device.
Which of the following data destruction techniques uses a punch press or hammer system to crush a hard disk?
Pulverizing
!= or <> refers to Not Equal in which scripting language?
Python
When analyzing assets, which analysis method assigns financial values to assets?
Quantitative
Which of the following drive configurations is fault tolerant?
RAID 5
Which of the following serves real-time applications without buffer delays?
RTOS
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table attack
A forensic investigator gathers potential evidence from many software, hardware, and other sources. There is an order in which the evidence needs to be gathered. The order of volatility describes the process of capturing data based on the volatility of said data. Place the following items in the correct order of volatility in the gathering of potential evidence.
Random Access Memory (RAM) Swap/page file Hard drive Remote logs Archived data
What is the primary security feature that can be designed into a network's infrastructure to protect and support availability?
Redundancy
Which of the following app deployment and update methods allows an administrator to remove apps and clear all data from a device without affecting the device itself?
Remote management
Which of the following app deployment and update methods allows updates to be uploaded onto Intune where they can be pushed out to users within 24 hours?
Remote management
A smartphone was lost at the airport. There is no way to recover the device. Which of the following ensures data confidentiality on the device?
Remote wipe
Mobile application management (MAM) provides the ability to do which of the following?
Remotely install and uninstall apps.
Which of the following methods can cloud providers implement to provide high availability?
Replication
What is the storage location called that holds all the development source files that version control systems use?
Repository
Your organization has suffered a data breach, and it was made public. As a result, stock prices have fallen, as consumers no longer trust the organization. Which of the following BEST describes the type of consequence your organization has suffered due to the breach?
Reputation damage
Which of the following is considered a drawback of the Waterfall application development life cycle?
Requirements are determined at the beginning and are carried through to the end product.
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called?
Residual risk
A system failure has occurred. Which of the following restoration processes would result in the fastest restoration of all data to its most current state?
Restore the full backup and the last differential backup
Which component of an IT security audit evaluates defense in depth and IT-related fraud?
Risk evaluation
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this?
Rogue access point
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk. Which of the following actions would BEST protect your system?
Run the browser within a virtual environment.
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?
Run the vulnerability assessment again.
You would like to enhance your incident-response process and automate as much of it as possible. Which of the following elements would you need to include? (Select two.)
Runbooks and playbooks
Which of the following mechanisms can you use to add encryption to email? (Select two.)
S/MIME PGP
Which of the following devices are special computer systems that gather, analyze, and manage automated factory equipment?
SCADA
As a network administrator, you are asked to recommend a secure method for transferring data between hosts on a network. Which of the following protocols would you recommend? (Select two.)
SCP and SFTP
What is a set of software development tools called that can be installed as one unit and provides code frameworks or code snippets to help development go faster?
SDK
Which of the following is a disadvantage of software defined networking (SDN)?
SDN standards are still being developed.
As a security analyst, you are looking for a platform to compile all your security data generated by different endpoints. Which tool would you use?
SOAR
Which of the following systems is able to respond to low-level security events without human assistance?
SOAR
Which type of report is used for marketing and letting future partners know that compliance has been met?
SOC Type III
Which of the following is a government audit by the SEC that relates to internal controls and focuses on IT security, access controls, data backup, change management, and physical security?
SOX
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?
SQL injection
SFTP uses which mechanism to provide security for authentication and data transfer?
SSH
Which of the following tools allow remote management of servers? (Select two.)
SSH and Telnet
Which of the following is used on a wireless network to identify the network name?
SSID
Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)
SSL and TLS
Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network?
SaaS
Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test?
Scope of work
Which of the following mobile device security considerations disables the ability to use the device after a short period of inactivity?
Screen lock
Which of the following is a network security service that filters malware from user-side internet connections using different techniques?
Secure web gateway
Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors?
Security operations team
You need to limit the impact of a security breach for a particular file server with sensitive company data. Which strategy would you employ?
Segmentation
Which of the following is defined as a contract that prescribes the technical support or business parameters a provider bestows to its client?
Service level agreement
Which of the following tools can be used to see if a target has any online IoT devices without proper security?
Shodan
Which of the following best describes shoulder surfing?
Someone nearby watching you enter your password on your computer and recording it.
Which APIs do individual networking devices use to communicate with the control plane from the Physical layer?
Southbound
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. Which kind of attack has occurred in this scenario?
Spam
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as an SMTP relay agent. Which activity could result if this happens?
Spamming
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?
Spamming
BPO
Specifies a preset discounted pricing structure
SLA
Specifies exactly which services are to be performed by each party
A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of which form of attack?
Spoofing
Which type of activity changes or falsifies information in order to mislead or re-direct traffic?
Spoofing
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred. Which log type should you check?
System
You would like to simulate an attack on your network so you can test defense equipment and discover vulnerabilities in order to mitigate risk. Which tool would you use to simulate all the packets of an attack?
TCPReplay
If a user's BYOD device (such as a tablet or phone) is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is to use a Network Access Control (NAC) system. How does an NAC protect your network from being infected by a BYOD device?
The NAC remediates devices before allowing them to connect to your network.
Software defined networking (SDN) uses a controller to manage devices. The controller is able to inventory hardware components on the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make widespread configuration changes on just one device. Which of the following best describes an SDN controller?
The SDN controller is software.
When using SSL authentication, what does the client verify first when checking a server's identity?
The current date and time must fall within the server's certificate-validity period.
confidential
The lowest level of classified information used by the military. Release of this information could cause damage to military efforts.
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
Which of the following best defines single loss expectancy (SLE)?
The total monetary loss associated with a single occurrence of a threat.
Which of the following is true concerning internal audits?
They are generally nonobjective.
The IT manager has tasked you with installing new physical machines. These computer systems are barebone systems that simply establish a remote connection to the data center to run the user's virtualized desktop. Which type of deployment model is being used?
Thin client
In your role as a security analyst, you need to stay up to date on the latest threats. You are currently reviewing the latest real-time updates on cyberthreats from across the world. Which of the following resources are you MOST likely using?
Threat feeds
What is the purpose of audit trails?
To detect security-violating events.
Why should backup media be stored offsite?
To prevent the same disaster from affecting both the network and the backup media
Mobile device management (MDM) provides the ability to do which of the following?
Track the device.
A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. On first login, Bob is prompted to change his password. He changes it to the name of his dog, Fido. What should you do to increase the security of Bob's account? (Select two.)
Train users not to use passwords that are easy to guess. Use Group Policy to require strong passwords on user accounts.
Which of the following mobile device management (MDM) solutions allows an organization to manage all devices, including printers, workstations, and even IoT devices?
UEM
What is the limit of virtual machines that can be connected to a virtual network?
Unlimited
Which formula is used to determine a cloud provider's availability percentage?
Uptime/uptime + downtime
Which of the following types of auditing verifies that systems are utilized appropriately and in accordance with written organizational policies?
Usage audit
You are concerned that an attacker can gain access to your web server, make modifications to the system, and alter the log files to hide his or her actions. Which of the following actions would best protect the log files?
Use syslog to send log entries to another server.
Which of the following describes privilege auditing?
Users' and groups' rights and privileges are checked to guard against creeping privileges.
You manage information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from the device manufacturer.
Which of the following devices facilitates communication between different virtual machines by checking data packets before moving them to a destination?
Virtual switch
Which of the following lets you make phone calls over a packet-switched network?
VoIP
You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need?
Vulnerability scanner
You need to implement a solution to manage multiple access points in your organization. Which of the following would you most likely use?
WLC
You need to add security for your wireless network, and you would like to use the most secure method. Which method should you implement?
WPA2
The process of walking around an office building with an 802.11 signal detector is known as:
War driving
Daily backups are completed at the ABD company location, and only a weekly backup is maintained at another network location. Which of the following disaster recovery strategies is ABD using?
Warm site
Which log file type is one of the most tedious to parse but can tell you exactly when users log onto your site and what their location is?
Web server logs
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
Wireshark
Which load balancing method distributes a workload across multiple computers?
Workload balancing
You are worried about email spoofing. What can be put throughout an email's header that provides the originating email account or IP address and not a spoofed one?
X-headers
Which of the following is an attack that injects malicious scripts into web pages to redirect users to fake websites to gather personal information?
XSS
For some reason, when you capture packets as part of your monitoring, you aren't seeing much traffic. What could be the reason?
You forgot to turn on promiscuous mode for the network interface.
Your browser has blocked your from your crucial secure intranet sites. What could be the problem?
Your SSL certificate status has been revoked.
Which class of wireless access point (WAP) has everything necessary to manage clients and broadcast a network already built into its functionality?
fat
Which backup strategy backs up all files from a computer's file system, regardless of whether the file's archive bit is set or not, and then marks them as backed up?
full
You are the security analyst for your organization. Clients are complaining about being unable to connect to the wireless network. After looking into the issue, you have noticed short bursts of high-intensity RF signals are interfering with your wireless network's signal. Which type of attack are you most likely experiencing?
jamming
The IT manager has tasked you with installing the new wireless LAN controller (WLC). Where should you install the controller?
network closet
You need to enumerate the devices on your network and display the network's configuration details. Which of the following utilities should you use?
nmap
Which type of reconnaissance is dumpster diving?
passive
Which type of hypervisor runs as an application on the host machine?
type 2
Which of the following devices would you use to perform a site survey?
wi-fi analyzer