Deck D Flashcards
Which of the following was launched against a company based on the following IDS log?
122.41.15.252 – – [21/May/2012:00:17:20 +1200] “GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A
AAA HTTP/1.1″ 200 2731 “http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209″ “Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)”
A. SQL injection
B. Buffer overflow attack
C. XSS attack
D. Online password crack
Buffer overflow attack
During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic?
A. FTP
B. DNS
C. Email
D. NetBIOS
DNS
Peter, the system administrator, wants to restrict access to advertisements, games, and gambling web sites. Which of the following devices would BEST achieve this goal?
A. Firewall
B. Switch
C. URL content filter
D. Spam filter
URL content filter
Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?
A. Authentication
B. Blacklisting
C. Whitelisting
D. Acceptable use policy
Whitelisting
The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO).
A. Permit redirection to Internet-facing web URLs.
B. Ensure all HTML tags are enclosed in angle brackets, e.g., ””.
C. Validate and filter input on the server side and client side.
D. Use a web proxy to pass website requests between the user and the application.
E. Restrict and sanitize use of special characters in input and URLs.
Validate and filter input on the server side and client side.
Restrict and sanitize use of special characters in input and URLs.
Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks?
A. Implement a HIDS to protect the SCADA system
B. Implement a Layer 2 switch to access the SCADA system
C. Implement a firewall to protect the SCADA system
D. Implement a NIDS to protect the SCADA system
Implement a firewall to protect the SCADA system
Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?
A. DLP
B. CRL
C. TPM
D. HSM
DLP
A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices?
A. Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED hardware.
B. A malicious employee can gain the SED encryption keys through software extraction allowing access to other laptops.
C. If the laptop does not use a Secure Boot BIOS, the SED hardware is not enabled allowing full data access.
D. Laptops that are placed in a sleep mode allow full data access when powered back on.
Laptops that are placed in a sleep mode allow full data access when powered back on.
The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. Which of the following is the team performing?
A. Grey box testing
B. Black box testing
C. Penetration testing
D. White box testing
Black box testing
An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?
A. RADIUS
B. Kerberos
C. TACACS+
D. LDAP
LDAP
Several employee accounts appear to have been cracked by an attacker. Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO).
A. Increase password complexity
B. Deploy an IDS to capture suspicious logins
C. Implement password history
D. Implement monitoring of logins
E. Implement password expiration
F. Increase password length
Increase password complexity
Increase password length
Peter, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct?
A. Gray Box Testing
B. Black Box Testing
C. Business Impact Analysis
D. White Box Testing
Gray Box Testing
Which of the following should Peter, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?
A. Privacy Policy
B. Least Privilege
C. Acceptable Use
D. Mandatory Vacations
Mandatory Vacations
A security administrator has concerns that employees are installing unapproved applications on their company provide smartphones. Which of the following would BEST mitigate this?
A. Implement remote wiping user acceptance policies
B. Disable removable storage capabilities
C. Implement an application whitelist
D. Disable the built-in web browsers
Implement an application whitelist
A new security policy being implemented requires all email within the organization be digitally signed by the author using PGP. Which of the following would needs to be created for each user?
A. A certificate authority
B. A key escrow
C. A trusted key
D. A public and private key
A certificate authority
If you don’t know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?
A. macconfig
B. ifconfig
C. ipconfig
D. config
ifconfig
Peter, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?
A. PAP, MSCHAPv2
B. CHAP, PAP
C. MSCHAPv2, NTLMv2
D. NTLM, NTLMv2
PAP, MSCHAPv2
Emily, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Emily then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?
A. Phishing
B. Shoulder surfing
C. Impersonation
D. Tailgating
Impersonation
An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this?
A. certificate, private key, and intermediate certificate chain
B. certificate, intermediate certificate chain, and root certificate
C. certificate, root certificate, and certificate signing request
D. certificate, public key, and certificate signing request
certificate, private key, and intermediate certificate chain
Which of the following provides additional encryption strength by repeating the encryption process with additional keys?
A. AES
B. 3DES
C. TwoFish
D. Blowfish
3DES
Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed.
Which of the following would be the BEST control to implement?
A. File encryption
B. Printer hardening
C. Clean desk policies
D. Data loss prevention
Data loss prevention
A security engineer is asked by the company’s development team to recommend the most secure method for password storage.
Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO).
A. PBKDF2
B. MD5
C. SHA2
D. Bcrypt
E. AES
F. CHAP
PBKDF2
Bcrypt
An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?
A. Integrity
B. Availability
C. Confidentiality
D. Remediation
Integrity
A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator to take?
A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.
B. Obtain the vendor’s email and phone number and call them back after identifying the number of systems affected by the patch.
C. Give the caller the database version and patch level so that they can receive help applying the patch.
D. Call the police to report the contact about the database systems, and then check system logs for attack attempts.
Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.