651-700 Flashcards
The security team would like to gather intelligence about the types of attacks being launched against the organization.
Which of the following would provide them with the MOST information?
A.
Implement a honeynet
Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware.
Which of the following is being implemented by Jane’s company?
B.
Honeynet
A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks.
Which of the following should be used to accomplish this goal?
B.
Honeynets
During a security assessment, an administrator wishes to see which services are running on a remote server.
Which of the following should the administrator use?
A.
Port scanner
Which of the following tools would a security administrator use in order to identify all running services throughout an organization?
C.
Port scanner
Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network.
Which of the following should be used to complete this task?
D.
Port scan and fingerprinting
Which device monitors network traffic in a passive manner?
A.
Sniffer
A new security analyst is given the task of determining whether any of the company’s servers are vulnerable to a recently discovered attack on an old version of SSH.
Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers?
B.
Banner grabbing
After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks.
Which of the following is this an example of?
B.
Advanced persistent threat
A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards.
Which of the following steps should the system administrator implement to address the vulnerability?
C.
Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes
A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment.
Which of the following will MOST likely be performed?
A.
Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?
C.
Baseline review
Several users report to the administrator that they are having issues downloading files from the file server.
Which of the following assessment tools can be used to determine if there is an issue with the file server?
C.
Baselines
One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory.
Which of the following would have BEST kept this incident from occurring?
B.
Set up a performance baseline
Ann, the software security engineer, works for a major software vendor.
Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?
D.
Code review
Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?
D.
Design reviews
A financial company requires a new private network link with a business partner to cater for realtime and batched data flows.
Design review
Which of the following activities should be performed by the IT security staff member prior to establishing the link?
B.
Design review
Which of the following assessments would Pete, the security administrator, use to actively test that an application’s security controls are in place?
B.
Penetration test
Which of the following is the MOST intrusive type of testing against a production system?
D.
Penetration testing
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool.
Which statement BEST describes her privileges?
C.
All users have read access to the file.
During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it.
Which ports and protocols are MOST likely to be open on the firewall? (Choose FOUR).
B.
22
C.
23
F.
SSH
J.
Telnet
Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company’s live modem pool.
Which of the following activities is MOST appropriate?
A.
War dialing
Which of the following is BEST utilized to actively test security controls on a particular system?
B.
Penetration test
A security administrator is aware that a portion of the company’s Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet.
Which of the following should the administrator perform?
C.
Penetration test
Ann, a security analyst, is preparing for an upcoming security audit.
Which of the following would Ann use to ensure that she identifies unapplied security controls and patches without attacking or compromising the system?
A.
Vulnerability scanning
Which of the following BEST represents the goal of a vulnerability assessment?
C.
To determine the system’s security posture
A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people.
Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?
B.
Vulnerability scan
Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network.
Which of the following should Jane perform?
A.
Vulnerability assessment
A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures.
Which of the following types of testing does the company want performed?
C.
Vulnerability scanning
Which of the following tests a number of security controls in the least invasive manner?
A.
Vulnerability scan
A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test.
Which of the following risks is MOST likely to affect the business on a day-to-day basis?
D.
Lack of antivirus software
Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?
A.
Vulnerability scanning
Which of the following is an example of a false positive?
A.
Anti-virus identifies a benign application as malware.
Joe a company’s new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits.
Which of the following should Joe recommend to remediate these issues?
A.
Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company’s servers
The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application.
Which of the following is the team performing?
B.
Black box testing
A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:
A.
Black box testing
The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures.
Which of the following types of testing is this an example of?
A.
Black box
Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him
Which of the following BEST describes what the security company might do during a black box test?
B.
The security company is provided with no information about the corporate network or physical locations.
A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers.
Which of the following types of testing is this an example of?
D.
White box
Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production.
Which of the following reviews should Jane conduct?
A.
Gray Box Testing
An IT auditor tests an application as an authenticated user.
Which of the following types of testing is this an example of?
D.
Gray box
A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities.
Which of the following is the developer performing when testing the application?
C.
Gray box testing
A set of standardized system images with a pre-defined set of applications is used to build end- user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:
A.
attack surface.
On a train, an individual is watching a proprietary video on Joe’s laptop without his knowledge.
Which of the following describes this?
B.
Shoulder surfing
Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?
A.
Proxies
An administrator is investigating a system that may potentially be compromised, and sees the following log entries on the router.
- Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 3 packets.
- Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 6 packets.
- Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?
C.
It is participating in a botnet
The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one else received the voice mail.
Which of the following BEST describes this attack?
A.
Whaling
An administrator was asked to review user accounts.
Which of the following has the potential to cause the MOST amount of damage if the account was compromised?
C.
A user account with administrative rights
Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks?
D.
Buffer overflow
During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization.
Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization?
C.
Malware and viruses
