Deck F Flashcards
After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?
A. Host based firewall
B. Initial baseline configurations
C. Discretionary access control
D. Patch management system
Patch management system
When using PGP, which of the following should the end user protect from compromise? (Select TWO).
A. Private key
B. CRL details
C. Public key
D. Key password
E. Key escrow
F. Recovery agent
Private key
Key password
When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?
A. Deploying identical application firewalls at the border
B. Incorporating diversity into redundant design
C. Enforcing application white lists on the support workstations
D. Ensuring the systems’ anti-virus definitions are up-to-date
Incorporating diversity into redundant design
A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?
A. RADIUS
B. TACACS+
C. Kerberos
D. LDAP
TACACS+
Which of the following relies on the use of shared secrets to protect communication?
A. RADIUS
B. Kerberos
C. PKI
D. LDAP
RADIUS
Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?
A. Water base sprinkler system
B. Electrical
C. HVAC
D. Video surveillance
HVAC
A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal?
A. AES
B. IPSec
C. PGP
D. SSH
SSH
A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).
A. Antenna placement
B. Interference
C. Use WEP
D. Single Sign on
E. Disable the SSID
F. Power levels
Antenna placement
Power levels
Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?
A. Business continuity planning
B. Continuity of operations
C. Business impact analysis
D. Succession planning
Succession planning
Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank’s website, but not login. Which is the following is MOST likely the issue?
A. The IP addresses of the clients have change
B. The client certificate passwords have expired on the server
C. The certificates have not been installed on the workstations
D. The certificates have been installed on the CA
The certificates have not been installed on the workstations
In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?
A. Mitigation
B. Identification
C. Preparation
D. Lessons learned
Lessons learned
The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed?
A. Signature Based IDS
B. Heuristic IDS
C. Behavior Based IDS
D. Anomaly Based IDS
Signature Based IDS
Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources?
A. Zero-day
B. LDAP injection
C. XML injection
D. Directory traversal
Zero-day
Which of the following is true about an email that was signed by User A and sent to User B?
A. User A signed with User B’s private key and User B verified with their own public key.
B. User A signed with their own private key and User B verified with User A’s public key.
C. User A signed with User B’s public key and User B verified with their own private key.
D. User A signed with their own public key and User B verified with User A’s private key.
User A signed with their own private key and User B verified with User A’s public key.
After working on his doctoral dissertation for two years, Peter, a user, is unable to open his dissertation file. The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version. Which of the following types of malware is the laptop MOST likely infected with?
A. Ransomware
B. Trojan
C. Backdoor
D. Armored virus
Ransomware
Data execution prevention is a feature in most operating systems intended to protect against which type of attack?
A. Cross-site scripting
B. Buffer overflow
C. Header manipulation
D. SQL injection
Buffer overflow
A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up.
Which of the following BEST allows the analyst to restrict user access to approved devices?
A. Antenna placement
B. Power level adjustment
C. Disable SSID broadcasting
D. MAC filtering
MAC filtering
A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?
A. Implement privacy policies
B. Enforce mandatory vacations
C. Implement a security policy
D. Enforce time of day restrictions
Enforce mandatory vacations
Which of the following can Peter, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?
A. Security logs
B. Protocol analyzer
C. Audit logs
D. Honeypot
Honeypot
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?
A. All users have write access to the directory.
B. Jane has read access to the file.
C. All users have read access to the file.
D. Jane has read access to the directory.
All users have read access to the file.
Which of the following can only be mitigated through the use of technical controls rather that user security training?
A. Shoulder surfing
B. Zero-day
C. Vishing
D. Trojans
Zero-day
Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues. Which of the following should the technician do?
A. Change the access point from WPA2 to WEP to determine if the encryption is too strong
B. Clear all access logs from the AP to provide an up-to-date access list of connected users
C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter
D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap
Check the MAC address of the AP to which the users are connecting to determine if it is an imposter
LDAP and Kerberos are commonly used for which of the following?
A. To perform queries on a directory service
B. To store usernames and passwords for Federated Identity
C. To sign SSL wildcard certificates for subdomains
D. To utilize single sign-on capabilities
To utilize single sign-on capabilities
After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?
A. Reduce the power level of the AP on the network segment
B. Implement MAC filtering on the AP of the affected segment
C. Perform a site survey to see what has changed on the segment
D. Change the WPA2 encryption key of the AP in the affected segment
Reduce the power level of the AP on the network segment
Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate laptops where the file structures are unknown?
A. Folder encryption
B. File encryption
C. Whole disk encryption
D. Steganography
Whole disk encryption
A database administrator would like to start encrypting database exports stored on the SAN, but the storage administrator warns that this may drastically increase the amount of disk space used by the exports. Which of the following explains the reason for the increase in disk space usage?
A. Deduplication is not compatible with encryption
B. The exports are being stored on smaller SAS drives
C. Encrypted files are much larger than unencrypted files
D. The SAN already uses encryption at rest
Encrypted files are much larger than unencrypted files
Which statement is TRUE about the operation of a packet sniffer?
A. It can only have one interface on a management network.
B. They are required for firewall operation and stateful inspection.
C. The Ethernet card must be placed in promiscuous mode.
D. It must be placed on a single virtual LAN interface.
The Ethernet card must be placed in promiscuous mode.
A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost?
A. Clustering
B. Mirrored server
C. RAID
D. Tape backup
RAID
Which of the following must be kept secret for a public key infrastructure to remain secure?
A. Certificate Authority
B. Certificate revocation list
C. Public key ring
D. Private key
Private key
Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?
A. Routine log audits
B. Job rotation
C. Risk likelihood assessment
D. Separation of duties
Routine log audits
Peter, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Peter insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company’s information systems?
A. Acceptable Use Policy
B. Privacy Policy
C. Security Policy
D. Human Resource Policy
Acceptable Use Policy
A company hired Peter, an accountant. The IT administrator will need to create a new account for
Peter. The company uses groups for ease of management and administration of user accounts.
Peter will need network access to all directories, folders and files within the accounting department.
Which of the following configurations will meet the requirements?
A. Create a user account and assign the user account to the accounting group.
B. Create an account with role-based access control for accounting.
C. Create a user account with password reset and notify Peter of the account creation.
D. Create two accounts: a user account and an account with full network administration rights.
Create an account with role-based access control for accounting.
One month after a software developer was terminated the helpdesk started receiving calls that several employees’ computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place?
A. Logic bomb
B. Cross-site scripting
C. SQL injection
D. Malicious add-on
Logic bomb
Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?
A. Recovery agent
B. Certificate authority
C. Trust model
D. Key escrow
Recovery agent
A system administrator has noticed network performance issues and wants to gather performance data from the gateway router. Which of the following can be used to perform this action?
A. SMTP
B. iSCSI
C. SNMP
D. IPSec
SNMP
Which of the following practices reduces the management burden of access management?
A. Password complexity policies
B. User account audit
C. Log analysis and review
D. Group based privileges
Group based privileges
Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?
A. Train employees on correct data disposal techniques and enforce policies.
B. Only allow employees to enter or leave through one door at specified times of the day.
C. Only allow employees to go on break one at a time and post security guards 24/7 at each entrance.
D. Train employees on risks associated with social engineering attacks and enforce policies.
Train employees on risks associated with social engineering attacks and enforce policies.
Which of the following attacks targets high level executives to gain company information?
A. Phishing
B. Whaling
C. Vishing
D. Spoofing
Whaling
The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor’s server and the users are unable to log in. Which of the following are the MOST likely causes of this issue? (Select TWO).
A. URL filtering
B. Role-based access controls
C. MAC filtering
D. Port Security
E. Firewall rules
URL filtering
Firewall rules
A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes this goal?
A. Require different account passwords through a policy
B. Require shorter password expiration for non-privileged accounts
C. Require shorter password expiration for privileged accounts
D. Require a greater password length for privileged accounts
Require different account passwords through a policy