Deck B Flashcards
One of the findings of risk assessment is that many of the servers on the data center subnet contain data that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of their job function. Which of the following should the administrator do?
A. Segment the network
B. Use 802.1X
C. Deploy a proxy sever
D. Configure ACLs
E. Write an acceptable use policy
Segment the network
Requiring technicians to report spyware infections is a step in which of the following?
A. Routine audits
B. Change management
C. Incident management
D. Clean desk policy
Incident management
Which of the following ports should be used by a system administrator to securely manage a remote server?
A. 22
B. 69
C. 137
D. 445
22
A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place?
A. NIDS
B. CCTV
C. Firewall
D. NIPS
CCTV
Which of the following is replayed during wireless authentication to exploit a weal key infrastructure?
A. Preshared keys
B. Ticket exchange
C. Initialization vectors
D. Certificate exchange
Ticket exchange
When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;–” and “or 1=1 –“) were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?
A. The user is attempting to highjack the web server session using an open-source browser.
B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.
C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.
D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO’s office with various connected cables from the office. Which of the following describes the type of attack that was occurring?
A. Spear phishing
B. Packet sniffing
C. Impersonation
D. MAC flooding
Packet sniffing
An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?
A. Cluster tip wiping
B. Individual file encryption
C. Full disk encryption
D. Storage retention
Cluster tip wiping
Which of the following can be implemented with multiple bit strength?
A. AES
B. DES
C. SHA-1
D. MD5
E. MD4
AES
A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?
A. OCSP
B. PKI
C. CA
D. CRL
CRL
Which of the following helps to establish an accurate timeline for a network intrusion?
A. Hashing images of compromised systems
B. Reviewing the date of the antivirus definition files
C. Analyzing network traffic and device logs
D. Enforcing DLP controls at the perimeter
Analyzing network traffic and device logs
A company recently experienced data loss when a server crashed due to a midday power outage.
Which of the following should be used to prevent this from occurring again?
A. Recovery procedures
B. EMI shielding
C. Environmental monitoring
D. Redundancy
Redundancy
A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Peter, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Peter indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?
A. Privacy Policy
B. Security Policy
C. Consent to Monitoring Policy
D. Acceptable Use Policy
Acceptable Use Policy
Which of the following is where an unauthorized device is found allowing access to a network?
A. Bluesnarfing
B. Rogue access point
C. Honeypot
D. IV attack
Rogue access point
A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario?
A. Site visit to the backup data center
B. Disaster recovery plan review
C. Disaster recovery exercise
D. Restore from backup
Disaster recovery exercise
A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege?
A. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for sales. Make user 3 an administrator.
B. Make all users administrators and then restrict users 1 and 2 from sales. Then restrict users 4 and 5 from payroll.
C. Create two additional generic accounts, one for payroll and one for sales that users utilize.
D. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.
Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.
An administrator is concerned that a company’s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?
A. Vulnerability scan
B. Risk assessment
C. Virus scan
D. Network sniffer
Vulnerability scan
A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network?
A. A CRL
B. Make the RA available
C. A verification authority
D. A redundant CA
A CRL
Emily, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?
A. A recent security breach in which passwords were cracked.
B. Implementation of configuration management processes.
C. Enforcement of password complexity requirements.
D. Implementation of account lockout procedures.
A recent security breach in which passwords were cracked.
Several bins are located throughout a building for secure disposal of sensitive information.
Which of the following does this prevent?
A. Dumpster diving
B. War driving
C. Tailgating
D. War chalking
Dumpster diving
Which of the following is the MOST specific plan for various problems that can arise within a system?
A. Business Continuity Plan
B. Continuity of Operation Plan
C. Disaster Recovery Plan
D. IT Contingency Plan
IT Contingency Plan
Which of the following provides data the best fault tolerance at the LOWEST cost?
A. Load balancing
B. Clustering
C. Server virtualization
D. RAID 6
RAID 6
Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations?
A. Subnetting
B. NAT
C. Jabber
D. DMZ
Jabber
A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?
A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.
C. Exploit security controls to determine vulnerabilities and misconfigurations.
D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.
Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.