7 Flashcards
Charles wants to monitor changes to a log file via a command line in real time. Which of the following command-line Linux tools will let him see the last lines of a log file as they change?
A. logger
B. tail
C. chmod
D. head
B. tail
Naomi has discovered the following TCP ports open on a system she wants to harden. Which ports are used for unsecure services and thus should be disabled to allow their secure equivalents to continue to be used?
21
22
23
80
443
A. 21, 22, and 80
B. 21 and 80
C. 21, 23, and 80
D. 22 and 443
C. 21, 23, and 80
Frank’s organization is preparing to deploy a data loss prevention (DLP) system. What key process should they undertake before they deploy it?
A. Define data lifecycles for all nonsensitive data.
B. Encrypt all sensitive data.
C. Implement and use a data classification scheme.
D. Tag all data with the name of the creator or owner.
C. Implement and use a data classification scheme.
The company that Theresa works for has deployed IoT sensors that have built-in cellular modems for communication back to a central server. What issue may occur if the devices can be accessed by attackers?
A. Attackers may change the baseband frequency used by the devices, causing them to fail.
B. Attackers may switch the devices to a narrowband radio mode that limits the range of the cellular modems.
C. Attackers may steal the SIM cards from the devices and use them for their own purposes.
D. Attackers may clone the SIM cards from the devices to conduct attacks against one-time password systems.
C. Attackers may steal the SIM cards from the devices and use them for their own purposes.
Which of the following is not a typical security concern with MFPs?
A. Exposure of sensitive data from copies and scans
B. Acting as a reflector for network attacks
C. Acting as an amplifier for network attacks
D. Use of weak encryption
D. Use of weak encryption
Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?
A. A hardening application
B. An allow list application
C. A deny list application
D. A HIPS
B. An allow list application
What term is used to describe tools focused on detecting and responding to suspicious activities occurring on endpoints like desktops, laptops, and mobile devices?
A. EDR
B. IAM
C. FDE
D. ESC
A. EDR
Which of the following is not typically part of a SoC?
A. A CPU
B. A display
C. Memory
D. I/O
C. Memory
What scripting environment is native to Windows systems?
A. Python
B. PowerShell
C. Bash
D. CMD
B. PowerShell
Amanda is assessing a vehicle’s internal network. What type of bus is she most like to discover connecting its internal sensors and controllers?
A. Narrowband bus
B. A Zigbee bus
C. A CAN bus
D. An SoC bus
C. A CAN bus
The company that Hui works for has built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has Hui’s organization deployed, and where should Hui place her focus on securing it?
A. An FPGA, and on network security
B. A microcontroller, and on physical security
C. A GPU, and on network security
D. An ICS, and on physical security
B. A microcontroller, and on physical security
Which of the following is not a typical reason to use an IP addressing schema in an enterprise?
A. Avoiding use of other organizations’ IP addresses
B. Avoiding IP address exhaustion in a subnet
C. Asset and system inventory
D. Consistency of practice with gateway and other IP addresses
A. Avoiding use of other organizations’ IP addresses
Brian has deployed a system that monitors sensors and uses that data to manage the power distribution for the power company that he works for. Which of the following terms is commonly used to describe this type of control and monitoring solution?
A. SCADA
B. AVAD
C. SIM
D. HVAC
A. SCADA
The organization that Lynn works for wants to deploy an embedded system that needs to process data as it comes in to the device without processing delays or other interruptions. What type of solution does Lynn’s company need to deploy?
A. An MFP
B. A HIPS
C. An SoC
D. An RTOS
D. An RTOS
Which of the following is not a common constraint of an embedded system?
A. Compute
B. Form factor
C. Network
D. Authentication
B. Form factor
Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine least vulnerable to having data stolen from it?
A. When the machine is off
B. When the machine is booted and logged in but is locked
C. When the machine is booted and logged in but is unlocked
D. When the machine is booted and logged in but is asleep
A. When the machine is off
Olivia wants to install a host-based security package that can detect attacks against the system coming from the network, but she does not want to take the risk of blocking the attacks since she fears that she might inadvertently block legitimate traffic. What type of tool could she install that will meet this requirement?
A. A host firewall
B. A host intrusion detection system
C. A host intrusion prevention system
D. A data loss prevention tool
B. A host intrusion detection system
Lucca is prototyping an embedded system and wants to use a device that can run a full Linux operating system so that he can install and use a firewall and other security software to protect a web service he will run on it. Which of the following solutions should he use?
A. An Arduino
B. An FPGA
C. A Raspberry Pi
D. None of the above
C. A Raspberry Pi
Chris wants systems that connect to his network to report their boot processes to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations?
A. UEFI/Trusted boot
B. BIOS/Trusted boot
C. UEFI/Measured boot
D. BIOS/Measured boot
C. UEFI/Measured boot
Elaine wants to securely erase the contents of a tape used for backups in her organization’s tape library. What is the fastest secure erase method available to her that will allow the tape to be reused?
A. Use a degausser.
B. Wipe the tape by writing a random pattern of 1s and 0s to it.
C. Incinerate the tape.
D. Wipe the tape by writing all 1s or all 0s to it.
A. Use a degausser.
What does a SSL stripping attack look for to perform an on-path attack?
A. An unencrypted HTTP connection
B. A DNS query that is not protected by DNSSEC
C. An unprotected ARP request
D. All of the above
A. An unencrypted HTTP connection
Ben wants to observe malicious behavior targeted at multiple systems on a network. He sets up a variety of systems and instruments to allow him to capture copies of attack tools and to document all the attacks that are conducted. What has he set up?
A. A honeypot
B. A beartrap
C. A honeynet
D. A tarpit
C. A honeynet
Valerie wants to replace the telnet access that she found still in use in her organization. Which protocol should she use to replace it, and what port will it run on?
A. SFTP, port 21
B. SSH, port 22
C. HTTPS, port 443
D. RDP, port 3389
B. SSH, port 22
James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network?
A. Disable ARP on all accessible ports
B. Enable Spanning Tree Protocol
C. Enable loop protect features on switches
D. Limit the size of VLANs
A. Disable ARP on all accessible ports
Chuck wants to provide route security for his organization, and he wants to secure the BGP traffic that his routers rely on for route information. What should Chuck do?
A. Choose a TLS-enabled version of BGP.
B. Turn on BGP route protection.
C. Use signed BGP by adopting certificates for each BGP peer.
D. None of the above.
D. None of the above.
Connor believes that there is an issue between his organization’s network and a remote web server, and he wants to verify this by checking each hop along the route. Which tool should he use if he is testing from a Windows 10 system?
A. tracert
B. route
C. traceroute
D. pathping
D. pathping
Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache?
A. arp /a
B. arp -d
C. showarp
D. arpcache -show
A. arp /a
Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending a SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic?
A. dd
B. tcpreplay
C. tcpdump
D. Wireshark
C. tcpdump
What protocol is used to securely wrap many otherwise insecure protocols?
A. ISAKMP
B. SSL
C. IKE
D. TLS
D. TLS
Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use?
A. LDAPS
B. IMAPS
C. SRTP
D. SNMPv3
A. LDAPS
Randy wants to prevent DHCP attacks on his network. What secure protocol should he implement to have the greatest impact?
A. ARPS
B. LDAPS
C. SDHCP
D. None of the above
D. None of the above
Gary wants to use secure protocols for email access for his end users. Which of the following groups of protocols should he implement to accomplish this task?
A. DKIM, DMARC, HTTPS
B. SPF, POPS, IMAPS
C. POPS, IMAPS, HTTPS
D. DMARC, DKIM, SPF
C. POPS, IMAPS, HTTPS
Which of the following statements about the security implications of IPv6 is not true?
A. Rules based on static IP addresses may not work.
B. IPv6 reputation services may not be mature and useful.
C. IPv6’s NAT implementation is insecure.
D. IPv6 traffic may bypass existing security controls.
C. IPv6’s NAT implementation is insecure.
Madhuri is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need?
A. A daisy chain
B. Active/active
C. Duck-duck-goose
D. Active/passive
B. Active/active
What type of NAC will provide Isaac with the greatest amount of information about the systems that are connecting while also giving him the most amount of control of systems and their potential impact on other systems that are connected to the network?
A. Agent-based, pre-admission NAC
B. Agentless, post-admission NAC
C. Agent-based NAC, post-admission NAC
D. Agent-based, post-admission NAC
A. Agent-based, pre-admission NAC
Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively?
A. A network SIPper
B. tcpdump
C. Wireshark
D. netcat
C. Wireshark
Wayne is concerned that an on-path attack has been used against computers he is responsible for. What artifact is he most likely to find associated with this attack?
A. A compromised router
B. A browser plug-in
C. A compromised server
D. A modified hosts file
B. A browser plug-in
Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use?
A. SRTP
B. UDP/S
C. S/MIME
D. SFTP
A. SRTP
What technique is used to ensure that DNSSEC-protected DNS information is trustworthy?
A. It is digitally signed.
B. It is sent via TLS.
C. It is encrypted using AES256.
D. It is sent via an IPSec VPN.
A. It is digitally signed.
Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organization’s network design?
A. NAC
B. Trunking
C. Out-of-band management
D. Port security
C. Out-of-band management
