601-650

Question 1

Which of the following can only be mitigated through the use of technical controls rather that user security training?

Answer 1

B.

Zero-day

Question 2

The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection.

Which of the following has happened on the workstation?

Answer 2

A.

Zero-day attack

Question 3

Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources?

Answer 3

A.

Zero-day

Question 4

Which of the following may cause Jane, the security administrator, to seek an ACL work around?

Answer 4

A.

Zero-day exploit

Question 5

Matt, an IT administrator, wants to protect a newly built server from zero day attacks.

Which of the following would provide the BEST level of protection?

Answer 5

A.

HIPS

Question 6

Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Joe’s browser. The attacker later uses the credentials to impersonate Joe and creates SPAM messages.

Which of the following attacks allows for this impersonation?

Answer 6

D.

Session hijacking

Question 7

How often, at a MINIMUM, should Sara, an administrator, review the accesses and rights of the users on her system?

Answer 7

A.

Annually

Question 8

Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?

Answer 8

A.

Event

Question 9

Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago.

Which of the following could have mitigated this event?

Answer 9

A.

Routine log audits

Question 10

A security administrator needs to determine which system a particular user is trying to login to at various times of the day.

Which of the following log types would the administrator check?

Answer 10

D.

Security

Question 11

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was attempting to break out of a rootjail.

Which of the following lines in the user’s history log shows evidence that the user attempted to escape the rootjail?

Answer 11

A.

cd ../../../../bin/bash

Question 12

A security technician is attempting to improve the overall security posture of an internal mail server.

Which of the following actions would BEST accomplish this goal?

Answer 12

B.

Disabling unnecessary services

Question 13

A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22.

Which of the following should be executed on the router to prevent access via these ports? (Choose two.

Answer 13

C.
SSH service should be disabled

D.
HTTP service should disabled

Question 14

During a routine audit a web server is flagged for allowing the use of weak ciphers.

Which of the following should be disabled to mitigate this risk? (Choose two.)

Answer 14

A.
SSL 1.0

F.
TLS 1.0

Question 15

A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a `listening’ state. No other ports are open.

Which of the following services should be disabled to ensure secure communications?

Answer 15

B.

HTTP

Question 16

Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?

Host 192.168.1.123
[00: 00: 01]Successful Login: 015 192.168.1.123 : local
[00: 00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
[00: 00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
[00: 00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[00: 00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124

Answer 16

D.

Hardening

Question 17

The Chief Technology Officer (CTO) wants to improve security surrounding storage of customer passwords.

The company currently stores passwords as SHA hashes.

Which of the following can the CTO implement requiring the LEAST change to existing systems?

Answer 17

A.

Smart cards

Question 18

An auditor’s report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors’ accounts who would be returning in three months and would need to resume the activities.

Which of the following would mitigate and secure the auditors finding?

Answer 18

A.

Disable unnecessary contractor accounts and inform the auditor of the update.

Question 19

An administrator notices that former temporary employees’ accounts are still active on a domain.

Which of the following can be implemented to increase security and prevent this from happening?

Answer 19

D.

Run a last logon script to look for inactive accounts.

Question 20

How must user accounts for exiting employees be handled?

Answer 20

A.

Disabled, regardless of the circumstances

Question 21

An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only.

Which of the following would BEST address this desire?

Answer 21

C.

Configure the switch to allow only traffic from computers based upon their physical address.

Question 22

A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users.

Which of the following is the MOST likely reason the users are unable to connect to the server?

Answer 22

A.

The new virtual server’s MAC address was not added to the ACL on the switch

Question 23

Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?

Answer 23

C.

Enable MAC filtering

Question 24

Which of the following implementation steps would be appropriate for a public wireless hotspot?

Answer 24

C.

Open system authentication

Question 25

Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?

Answer 25

A.

802.1x

Question 26

A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses.

Which of the following would be an appropriate mitigation technique?

Answer 26

B.

Rogue machine detection

Question 27

Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality.

Which of the following is MOST likely affected?

Answer 27

C.

Initial baseline configuration

Question 28

In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage.

Which of the following is the MOST important activity that should be considered?

Answer 28

A.

Continuous security monitoring

Question 29

A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports.

Which of the following job responsibilities is the analyst performing? (Choose two.)

Answer 29

A.
Detect security incidents

C.
Implement monitoring controls

Question 30

Which of the following is an indication of an ongoing current problem?

Answer 30

C.

Alarm

Question 31

Which of the following is a notification that an unusual condition exists and should be investigated?

Answer 31

A.

Alert

Question 32

A security manager must remain aware of the security posture of each system.

Which of the following supports this requirement?

Answer 32

B.

Establishing baseline reporting

Question 33

Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators.

Which of the following security devices needs to be configured to disable future false alarms?

Answer 33

D.

Anomaly based IDS

Question 34

Jane, a security administrator, has observed repeated attempts to break into a server.

Which of the following is designed to stop an intrusion on a specific server?

Answer 34

A.

HIPS

Question 35

Which of the following tools will allow a technician to detect security-related TCP connection anomalies?

Answer 35

B.

Performance monitor

Question 36

Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly?

Answer 36

A.

Protocol analyzer

Question 37

Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?

Answer 37

A.

Protocol analyzer

Question 38

Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?

Answer 38

A.

Protocol analyzer

Question 39

Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?

Answer 39

C.

Protocol analyzer

Question 40

Joe, the security administrator, has determined that one of his web servers is under attack.

Which of the following can help determine where the attack originated from?

Answer 40

D.

Network sniffing

Question 41

Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?

Answer 41

B.

Protocol analyzers

Question 42

Which of the following security architecture elements also has sniffer functionality? (Choose two.)

Answer 42

B.
IPS

E.
IDS

Question 43

Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?

Answer 43

C.

Vulnerability scan

Question 44

An administrator is concerned that a company’s web server has not been patched.

Which of the following would be the BEST assessment for the administrator to perform?

Answer 44

A.

Vulnerability scan

Question 45

Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?

Answer 45

C.

Vulnerability scan

Question 46

Which of the following should an administrator implement to research current attack methodologies?

Answer 46

B.

Honeypot

Question 47

Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:

Answer 47

A.

Set up a honeypot and place false project documentation on an unsecure share.

Question 48

Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server.

However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not.

Which of the following is the second server?

Answer 48

D.

Honeypot

Question 49

Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?

Answer 49

D.

Honeypot

Question 50

What is a system that is intended or designed to be broken into by an attacker?

Answer 50

A.

Honeypot