Deck B Flashcards by Jerry Brinson

One of the findings of risk assessment is that many of the servers on the data center subnet contain data that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of their job function. Which of the following should the administrator do?

A. Segment the network

B. Use 802.1X

C. Deploy a proxy sever

D. Configure ACLs

E. Write an acceptable use policy

Segment the network

How well did you know this?

Not at all

Perfectly

Requiring technicians to report spyware infections is a step in which of the following?

A. Routine audits

B. Change management

C. Incident management

D. Clean desk policy

Incident management

How well did you know this?

Not at all

Perfectly

Which of the following ports should be used by a system administrator to securely manage a remote server?

A. 22

B. 69

C. 137

D. 445

How well did you know this?

Not at all

Perfectly

A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place?

A. NIDS

B. CCTV

C. Firewall

D. NIPS

CCTV

How well did you know this?

Not at all

Perfectly

Which of the following is replayed during wireless authentication to exploit a weal key infrastructure?

A. Preshared keys

B. Ticket exchange

C. Initialization vectors

D. Certificate exchange

Ticket exchange

How well did you know this?

Not at all

Perfectly

When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;–” and “or 1=1 –“) were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?

A. The user is attempting to highjack the web server session using an open-source browser.

B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.

C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.

D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

How well did you know this?

Not at all

Perfectly

Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO’s office with various connected cables from the office. Which of the following describes the type of attack that was occurring?

A. Spear phishing

B. Packet sniffing

C. Impersonation

D. MAC flooding

Packet sniffing

How well did you know this?

Not at all

Perfectly

An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?

A. Cluster tip wiping

B. Individual file encryption

C. Full disk encryption

D. Storage retention

Cluster tip wiping

How well did you know this?

Not at all

Perfectly

Which of the following can be implemented with multiple bit strength?

A. AES

B. DES

C. SHA-1

D. MD5

E. MD4

AES

How well did you know this?

Not at all

Perfectly

A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?

A. OCSP

B. PKI

C. CA

D. CRL

CRL

How well did you know this?

Not at all

Perfectly

Which of the following helps to establish an accurate timeline for a network intrusion?

A. Hashing images of compromised systems

B. Reviewing the date of the antivirus definition files

C. Analyzing network traffic and device logs

D. Enforcing DLP controls at the perimeter

Analyzing network traffic and device logs

How well did you know this?

Not at all

Perfectly

A company recently experienced data loss when a server crashed due to a midday power outage.
Which of the following should be used to prevent this from occurring again?

A. Recovery procedures

B. EMI shielding

C. Environmental monitoring

D. Redundancy

Redundancy

How well did you know this?

Not at all

Perfectly

A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Peter, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Peter indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?

A. Privacy Policy

B. Security Policy

C. Consent to Monitoring Policy

D. Acceptable Use Policy

Acceptable Use Policy

How well did you know this?

Not at all

Perfectly

Which of the following is where an unauthorized device is found allowing access to a network?

A. Bluesnarfing

B. Rogue access point

C. Honeypot

D. IV attack

Rogue access point

How well did you know this?

Not at all

Perfectly

A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario?

A. Site visit to the backup data center

B. Disaster recovery plan review

C. Disaster recovery exercise

D. Restore from backup

Disaster recovery exercise

How well did you know this?

Not at all

Perfectly

A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege?

A. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for sales. Make user 3 an administrator.

B. Make all users administrators and then restrict users 1 and 2 from sales. Then restrict users 4 and 5 from payroll.

C. Create two additional generic accounts, one for payroll and one for sales that users utilize.

D. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.

Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.

How well did you know this?

Not at all

Perfectly

An administrator is concerned that a company’s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?

A. Vulnerability scan

B. Risk assessment

C. Virus scan

D. Network sniffer

Vulnerability scan

How well did you know this?

Not at all

Perfectly

A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network?

A. A CRL

B. Make the RA available

C. A verification authority

D. A redundant CA

A CRL

How well did you know this?

Not at all

Perfectly

Emily, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?

A. A recent security breach in which passwords were cracked.

B. Implementation of configuration management processes.

C. Enforcement of password complexity requirements.

D. Implementation of account lockout procedures.

A recent security breach in which passwords were cracked.

How well did you know this?

Not at all

Perfectly

Several bins are located throughout a building for secure disposal of sensitive information.
Which of the following does this prevent?

A. Dumpster diving

B. War driving

C. Tailgating

D. War chalking

Dumpster diving

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST specific plan for various problems that can arise within a system?

A. Business Continuity Plan

B. Continuity of Operation Plan

C. Disaster Recovery Plan

D. IT Contingency Plan

IT Contingency Plan

How well did you know this?

Not at all

Perfectly

Which of the following provides data the best fault tolerance at the LOWEST cost?

A. Load balancing

B. Clustering

C. Server virtualization

D. RAID 6

RAID 6

How well did you know this?

Not at all

Perfectly

Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations?

A. Subnetting

B. NAT

C. Jabber

D. DMZ

Jabber

How well did you know this?

Not at all

Perfectly

A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.

B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.

C. Exploit security controls to determine vulnerabilities and misconfigurations.

D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.

Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.

How well did you know this?

Not at all

Perfectly

Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image? A. Transport encryption B. Steganography C. Hashing D. Digital signature

Steganography

Which of the following is replayed during wireless authentication to exploit a weak key infrastructure? A. Preshared keys B. Ticket exchange C. Initialization vectors D. Certificate exchange

Ticket exchange

A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior? A. Assign users passwords based upon job role. B. Enforce a minimum password age policy. C. Prevent users from choosing their own passwords. D. Increase the password expiration time frame.

Enforce a minimum password age policy.

A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company? A. $7,000 B. $10,000 C. $17,500 D. $35,000

$17,500

A network consists of various remote sites that connect back to two main locations. Peter, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal? A. Block port 23 on the L2 switch at each remote site B. Block port 23 on the network firewall C. Block port 25 on the L2 switch at each remote site D. Block port 25 on the network firewall

Block port 23 on the network firewall

A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability? A. Test the update in a lab environment, schedule downtime to install the patch, install the patch and reboot the server and monitor for any changes B. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the patch, and monitor for any changes C. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes D. Backup the server, schedule downtime to install the patch, installs the patch and monitor for any changes

Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes

Which of the following software allows a network administrator to inspect the protocol header in order to troubleshoot network issues? A. URL filter B. Spam filter C. Packet sniffer D. Switch

Packet sniffer

Which of the following tools will allow a technician to detect security-related TCP connection anomalies? A. Logical token B. Performance monitor C. Public key infrastructure D. Trusted platform module

Performance monitor

A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments? A. User assigned privileges B. Password disablement C. Multiple account creation D. Group based privileges

Group based privileges

A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the: A. attack surface. B. application hardening effectiveness. C. application baseline. D. OS hardening effectiveness.

attack surface

A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident? A. Eye Witness B. Data Analysis of the hard drive C. Chain of custody D. Expert Witness

Chain of custody

Emily, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware? A. Logic bomb B. Worm C. Trojan D. Adware

Trojan

Peter, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause? A. The system is running 802.1x. B. The system is using NAC. C. The system is in active-standby mode. D. The system is virtualized.

The system is virtualized.

Which of the following access controls enforces permissions based on data labeling at specific levels? A. Mandatory access control B. Separation of duties access control C. Discretionary access control D. Role based access control

Mandatory access control

A user attempts to install new and relatively unknown software recommended by a colleague. The user is unable to install the program, despite having successfully installed other programs previously. Which of the following is MOST likely the cause for the user’s inability to complete the installation? A. Application black listing B. Network Intrusion Prevention System C. Group policy D. Application white listing

Application black listing

A user ID and password together provide which of the following? A. Authorization B. Auditing C. Authentication D. Identification

Authentication

Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of. A. Scarcity B. Familiarity C. Intimidation D. Trust

Scarcity

Which of the following attacks could be used to initiate a subsequent man-in-the-middle attack? A. ARP poisoning B. DoS C. Replay D. Brute force

Replay

A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability. Which of the following BEST describes this exploit? A. Malicious insider threat B. Zero-day C. Client-side attack D. Malicious add-on

Zero-day

Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks? A. Protocol filter B. Load balancer C. NIDS D. Layer 7 firewall

Layer 7 firewall

Ann is a member of the Sales group. She needs to collaborate with Peter, a member of the IT group, to edit a file. Currently, the file has the following permissions: Ann:read/write Sales Group:read IT Group:no access If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Peter? A. Add Peter to the Sales group. B. Have the system administrator give Peter full access to the file. C. Give Peter the appropriate access to the file directly. D. Remove Peter from the IT group and add him to the Sales group.

Give Peter the appropriate access to the file directly.

Peter, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic? A. Connect the WAP to a different switch. B. Create a voice VLAN. C. Create a DMZ. D. Set the switch ports to 802.1q mode.

Create a voice VLAN.

A recent vulnerability scan found that Telnet is enabled on all network devices. Which of the following protocols should be used instead of Telnet? A. SCP B. SSH C. SFTP D. SSL

SSH

Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee’s credential? A. Account expiration B. Password complexity C. Account lockout D. Dual factor authentication

Account expiration

A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080? A. Create a dynamic PAT from port 80 on the outside interface to the internal interface on port B. Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port C. Create a static PAT from port 80 on the outside interface to the internal interface on port 8080 D. Create a static PAT from port 8080 on the outside interface to the server IP address on port 80

Create a static PAT from port 80 on the outside interface to the internal interface on port 8080

A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 22, 25, 445, 1433, 3128, 3389, 6667 Which of the following protocols was used to access the server remotely? A. LDAP B. HTTP C. RDP D. HTTPS

RDP

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred? A. Buffer overflow B. Cross-site scripting C. XML injection D. SQL injection

Buffer overflow

Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions? A. TACACS B. XTACACS C. RADIUS D. TACACS+

TACACS+

Which of the following uses port 22 by default? (Select THREE). A. SSH B. SSL C. TLS D. SFTP E. SCP F. FTPS G. SMTP H. SNMP

SSH SFTP SCP

A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented? A. Mandatory vacations B. Job rotation C. Least privilege D. Separation of duties

Job rotation

The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action? A. Create a single, shared user account for every system that is audited and logged based upon time of use. B. Implement a single sign-on application on equipment with sensitive data and high-profile shares. C. Enact a policy that employees must use their vacation time in a staggered schedule. D. Separate employees into teams led by a person who acts as a single point of contact for observation purposes.

Enact a policy that employees must use their vacation time in a staggered schedule.

Which of the following provides the strongest authentication security on a wireless network? A. MAC filter B. WPA2 C. WEP D. Disable SSID broadcast

WPA2

Which of the following common access control models is commonly used on systems to ensure a “need to know” based on classification levels? A. Role Based Access Controls B. Mandatory Access Controls C. Discretionary Access Controls D. Access Control List

Mandatory Access Controls

sers need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key? A. Session Key B. Public Key C. Private Key D. Digital Signature

Private Key

During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware? A. Lessons Learned B. Preparation C. Eradication D. Identification

Preparation

An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the recipient to a malicious site where information is harvested. The message is narrowly tailored so it is effective on only a small number of victims. This describes which of the following? A. Spear phishing B. Phishing C. Smurf attack D. Vishing

Spear phishing

Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools? A. Identify user habits B. Disconnect system from network C. Capture system image D. Interview witnesses

Capture system image

A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network. Which of the following should the administrator implement? A. WPA2 over EAP-TTLS B. WPA-PSK C. WPA2 with WPS D. WEP over EAP-PEAP

WEP over EAP-PEAP

Which of the following incident response plan steps would MOST likely engaging business professionals with the security team to discuss changes to existing procedures? A. Recovery B. Incident identification C. Isolation / quarantine D. Lessons learned E. Reporting

Lessons learned

What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)? A. Enticement B. Entrapment C. Deceit D. Sting

Entrapment

Which of the following can Peter, a security administrator, use to distribute the processing effort when generating hashes for a password cracking program? A. RAID B. Clustering C. Redundancy D. Virtualization

Clustering

Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks? A. 802.1x B. Data encryption C. Password strength D. BGP

802.1x

Visible security cameras are considered to be which of the following types of security controls? A. Technical B. Compensating C. Deterrent D. Administrative

Deterrent

A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting? A. DoS B. Account lockout C. Password recovery D. Password complexity

Account lockout

Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server? A. SSLv2 B. SSHv1 C. RSA D. TLS

TLS

The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand? A. Warm site implementation for the datacenter B. Geographically disparate site redundant datacenter C. Localized clustering of the datacenter D. Cold site implementation for the datacenter

Geographically disparate site redundant datacenter

Matt, an administrator, is concerned about the wireless network being discovered by war driving. Which of the following can be done to mitigate this? A. Enforce a policy for all users to authentic through a biometric device. B. Disable all SSID broadcasting. C. Ensure all access points are running the latest firmware. D. Move all access points into public access areas.

Disable all SSID broadcasting.

Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks? A. User Awareness B. Acceptable Use Policy C. Personal Identifiable Information D. Information Sharing

Personal Identifiable Information

A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application? A. Black box testing B. White box testing C. Gray box testing D. Design review

Gray box testing

After entering the following information into a SOHO wireless router, a mobile device’s user reports being unable to connect to the network: PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB Which of the following is preventing the device from connecting? A. WPA2-PSK requires a supplicant on the mobile device. B. Hardware address filtering is blocking the device. C. TCP/IP Port filtering has been implemented on the SOHO router. D. IP address filtering has disabled the device from connecting.

Hardware address filtering is blocking the device.

Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO). A. 110 B. 137 C. 139 D. 143 E. 161 F. 443

137 139

Users are trying to communicate with a network but are unable to do so. A network administrator sees connection attempts on port 20 from outside IP addresses that are being blocked. How can the administrator resolve this? A. Enable stateful FTP on the firewall B. Enable inbound SSH connections C. Enable NETBIOS connections in the firewall D. Enable HTTPS on port 20

Enable stateful FTP on the firewall

A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an: A. Logic bomb. B. Backdoor. C. Adware application. D. Rootkit.

Backdoor

Recent data loss on financial servers due to security breaches forced the system administrator to harden their systems. Which of the following algorithms with transport encryption would be implemented to provide the MOST secure web connections to manage and access these servers? A. SSL B. TLS C. HTTP D. FTP

TLS

The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this? A. Disable the SSID broadcasting B. Configure the access points so that MAC filtering is not used C. Implement WEP encryption on the access points D. Lower the power for office coverage only

Lower the power for office coverage only

After a security incident involving a physical asset, which of the following should be done at the beginning? A. Record every person who was in possession of assets, continuing post-incident. B. Create working images of data in the following order: hard drive then RAM. C. Back up storage devices so work can be performed on the devices immediately. D. Write a report detailing the incident and mitigation suggestions.

Record every person who was in possession of assets, continuing post-incident.

Identifying residual is MOST important to which of the following concepts? A. Risk deterrence B. Risk acceptance C. Risk mitigation D. Risk avoidance

Risk mitigation

Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration? A. Hard drive encryption B. Infrastructure as a service C. Software based encryption D. Data loss prevention

Hard drive encryption

A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following? A. Availability B. Integrity C. Confidentiality D. Fire suppression

Availability

A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not trusted. Which of the following BEST describes the service that should be implemented to meet these requirements? A. Trust model B. Key escrow C. OCSP D. PKI

Trust model

CompTIA Security+ Question B-85 A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario? A. Content filtering B. IDS C. Audit logs D. DLP

DLP

Connections using point-to-point protocol authenticate using which of the following? (Select TWO). A. RIPEMD B. PAP C. CHAP D. RC4 E. Kerberos

PAP CHAP

A systems administrator has made several unauthorized changes to the server cluster that resulted in a major outage. This event has been brought to the attention of the Chief Information Office (CIO) and he has requested immediately implement a risk mitigation strategy to prevent this type of event from reoccurring. Which of the following would be the BEST risk mitigation strategy to implement in order to meet this request? A. Asset Management B. Change Management C. Configuration Management D. Incident Management

Change Management

Which of the following security concepts would Emily, the security administrator, use to mitigate the risk of data loss? A. Record time offset B. Clean desk policy C. Cloud computing D. Routine log review

Clean desk policy

A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks? A. Replay B. DDoS C. Smurf D. Ping of Death

Replay

Which of the following will allow Peter, a security analyst, to trigger a security alert because of a tracking cookie? A. Network based firewall B. Anti-spam software C. Host based firewall D. Anti-spyware software

Anti-spyware software

Which of the following solutions provides the most flexibility when testing new security controls prior to implementation? A. Trusted OS B. Host software baselining C. OS hardening D. Virtualization

Virtualization

A company hosts its public websites internally. The administrator would like to make some changes to the architecture. The three goals are: 1. reduce the number of public IP addresses in use by the web servers 2. drive all the web traffic through a central point of control 3. mitigate automated attacks that are based on IP address scanning Which of the following would meet all three goals? A. Firewall B. Load balancer C. URL filter D. Reverse proxy

Reverse proxy

The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity? A. Application hardening B. Application firewall review C. Application change management D. Application patch management

Application change management

In order to enter a high-security datacenter, users are required to speak the password into a voice recognition system. Ann a member if the sales department over hears the password and upon speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center? A. An authentication factor B. Discretionary access C. Time of day restrictions D. Least privilege restrictions

An authentication factor

A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered? A. Symmetric encryption B. Non-repudiation C. Steganography D. Hashing

Steganography

The security administrator runs an rpm verify command which records the MD5 sum, permissions, and timestamp of each file on the system. The administrator saves this information to a separate server. Which of the following describes the procedure the administrator has performed? A. Host software base-lining B. File snapshot collection C. TPM D. ROMDB verification

ROMDB verification

Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access? A. CCTV system access B. Dial-up access C. Changing environmental controls D. Ping of death

Changing environmental controls

Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10. DIAGRAM PC1 PC2 [192.168.1.30]——–[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]———[10.2.2.10] LOGS 10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN 10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK 10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK Given the above information, which of the following can be inferred about the above environment? A. 192.168.1.30 is a web server. B. The web server listens on a non-standard port. C. The router filters port 80 traffic. D. The router implements NAT.

The router implements NAT.

Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability? A. Twofish B. Diffie-Hellman C. ECC D. RSA

ECC

Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. Which of the following does this illustrate? A. System image capture B. Record time offset C. Order of volatility D. Chain of custody

Chain of custody