651-700

Question 1

The security team would like to gather intelligence about the types of attacks being launched against the organization.

Which of the following would provide them with the MOST information?

Answer 1

A.

Implement a honeynet

Question 2

Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware.

Which of the following is being implemented by Jane’s company?

Answer 2

B.

Honeynet

Question 3

A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks.

Which of the following should be used to accomplish this goal?

Answer 3

B.

Honeynets

Question 4

During a security assessment, an administrator wishes to see which services are running on a remote server.

Which of the following should the administrator use?

Answer 4

A.

Port scanner

Question 5

Which of the following tools would a security administrator use in order to identify all running services throughout an organization?

Answer 5

C.

Port scanner

Question 6

Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network.

Which of the following should be used to complete this task?

Answer 6

D.

Port scan and fingerprinting

Question 7

Which device monitors network traffic in a passive manner?

Answer 7

A.

Sniffer

Question 8

A new security analyst is given the task of determining whether any of the company’s servers are vulnerable to a recently discovered attack on an old version of SSH.

Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers?

Answer 8

B.

Banner grabbing

Question 9

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks.

Which of the following is this an example of?

Answer 9

B.

Advanced persistent threat

Question 10

A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards.

Which of the following steps should the system administrator implement to address the vulnerability?

Answer 10

C.
Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes

Question 11

A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment.

Which of the following will MOST likely be performed?

Answer 11

A.

Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.

Question 12

Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?

Answer 12

C.

Baseline review

Question 13

Several users report to the administrator that they are having issues downloading files from the file server.

Which of the following assessment tools can be used to determine if there is an issue with the file server?

Answer 13

C.

Baselines

Question 14

One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory.

Which of the following would have BEST kept this incident from occurring?

Answer 14

B.

Set up a performance baseline

Question 15

Ann, the software security engineer, works for a major software vendor.

Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?

Answer 15

D.

Code review

Question 16

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

Answer 16

D.

Design reviews

Question 17

A financial company requires a new private network link with a business partner to cater for realtime and batched data flows.
Design review
Which of the following activities should be performed by the IT security staff member prior to establishing the link?

Answer 17

B.

Design review

Question 18

Which of the following assessments would Pete, the security administrator, use to actively test that an application’s security controls are in place?

Answer 18

B.

Penetration test

Question 19

Which of the following is the MOST intrusive type of testing against a production system?

Answer 19

D.

Penetration testing

Question 20

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool.

Which statement BEST describes her privileges?

Answer 20

C.

All users have read access to the file.

Question 21

During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it.

Which ports and protocols are MOST likely to be open on the firewall? (Choose FOUR).

Answer 21

B.
22

C.
23

F.
SSH

J.
Telnet

Question 22

Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company’s live modem pool.

Which of the following activities is MOST appropriate?

Answer 22

A.

War dialing

Question 23

Which of the following is BEST utilized to actively test security controls on a particular system?

Answer 23

B.

Penetration test

Question 24

A security administrator is aware that a portion of the company’s Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet.

Which of the following should the administrator perform?

Answer 24

C.

Penetration test

Question 25

Ann, a security analyst, is preparing for an upcoming security audit.

Which of the following would Ann use to ensure that she identifies unapplied security controls and patches without attacking or compromising the system?

Answer 25

A.

Vulnerability scanning

Question 26

Which of the following BEST represents the goal of a vulnerability assessment?

Answer 26

C.

To determine the system’s security posture

Question 27

A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people.

Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?

Answer 27

B.

Vulnerability scan

Question 28

Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network.

Which of the following should Jane perform?

Answer 28

A.

Vulnerability assessment

Question 29

A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures.

Which of the following types of testing does the company want performed?

Answer 29

C.

Vulnerability scanning

Question 30

Which of the following tests a number of security controls in the least invasive manner?

Answer 30

A.

Vulnerability scan

Question 31

A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test.

Which of the following risks is MOST likely to affect the business on a day-to-day basis?

Answer 31

D.

Lack of antivirus software

Question 32

Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?

Answer 32

A.

Vulnerability scanning

Question 33

Which of the following is an example of a false positive?

Answer 33

A.

Anti-virus identifies a benign application as malware.

Question 34

Joe a company’s new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits.

Which of the following should Joe recommend to remediate these issues?

Answer 34

A.

Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company’s servers

Question 35

The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application.

Which of the following is the team performing?

Answer 35

B.

Black box testing

Question 36

A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:

Answer 36

A.

Black box testing

Question 37

The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures.

Which of the following types of testing is this an example of?

Answer 37

A.

Black box

Question 38

Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him

Which of the following BEST describes what the security company might do during a black box test?

Answer 38

B.

The security company is provided with no information about the corporate network or physical locations.

Question 39

A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers.

Which of the following types of testing is this an example of?

Answer 39

D.

White box

Question 40

Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production.

Which of the following reviews should Jane conduct?

Answer 40

A.

Gray Box Testing

Question 41

An IT auditor tests an application as an authenticated user.

Which of the following types of testing is this an example of?

Answer 41

D.

Gray box

Question 42

A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities.

Which of the following is the developer performing when testing the application?

Answer 42

C.

Gray box testing

Question 43

A set of standardized system images with a pre-defined set of applications is used to build end- user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:

Answer 43

A.

attack surface.

Question 44

On a train, an individual is watching a proprietary video on Joe’s laptop without his knowledge.

Which of the following describes this?

Answer 44

B.

Shoulder surfing

Question 45

Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?

Answer 45

A.

Proxies

Question 46

An administrator is investigating a system that may potentially be compromised, and sees the following log entries on the router.

• Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 3 packets.
• Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 6 packets.
• Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 8 packets.

Which of the following BEST describes the compromised system?

Answer 46

C.

It is participating in a botnet

Question 47

The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one else received the voice mail.

Which of the following BEST describes this attack?

Answer 47

A.

Whaling

Question 48

An administrator was asked to review user accounts.

Which of the following has the potential to cause the MOST amount of damage if the account was compromised?

Answer 48

C.

A user account with administrative rights

Question 49

Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks?

Answer 49

D.

Buffer overflow

Question 50

During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization.

Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization?

Answer 50

C.

Malware and viruses