Deck F Flashcards
After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?
A. Host based firewall
B. Initial baseline configurations
C. Discretionary access control
D. Patch management system
Patch management system
When using PGP, which of the following should the end user protect from compromise? (Select TWO).
A. Private key
B. CRL details
C. Public key
D. Key password
E. Key escrow
F. Recovery agent
Private key
Key password
When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?
A. Deploying identical application firewalls at the border
B. Incorporating diversity into redundant design
C. Enforcing application white lists on the support workstations
D. Ensuring the systems’ anti-virus definitions are up-to-date
Incorporating diversity into redundant design
A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?
A. RADIUS
B. TACACS+
C. Kerberos
D. LDAP
TACACS+
Which of the following relies on the use of shared secrets to protect communication?
A. RADIUS
B. Kerberos
C. PKI
D. LDAP
RADIUS
Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?
A. Water base sprinkler system
B. Electrical
C. HVAC
D. Video surveillance
HVAC
A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal?
A. AES
B. IPSec
C. PGP
D. SSH
SSH
A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).
A. Antenna placement
B. Interference
C. Use WEP
D. Single Sign on
E. Disable the SSID
F. Power levels
Antenna placement
Power levels
Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?
A. Business continuity planning
B. Continuity of operations
C. Business impact analysis
D. Succession planning
Succession planning
Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank’s website, but not login. Which is the following is MOST likely the issue?
A. The IP addresses of the clients have change
B. The client certificate passwords have expired on the server
C. The certificates have not been installed on the workstations
D. The certificates have been installed on the CA
The certificates have not been installed on the workstations
In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?
A. Mitigation
B. Identification
C. Preparation
D. Lessons learned
Lessons learned
The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed?
A. Signature Based IDS
B. Heuristic IDS
C. Behavior Based IDS
D. Anomaly Based IDS
Signature Based IDS
Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources?
A. Zero-day
B. LDAP injection
C. XML injection
D. Directory traversal
Zero-day
Which of the following is true about an email that was signed by User A and sent to User B?
A. User A signed with User B’s private key and User B verified with their own public key.
B. User A signed with their own private key and User B verified with User A’s public key.
C. User A signed with User B’s public key and User B verified with their own private key.
D. User A signed with their own public key and User B verified with User A’s private key.
User A signed with their own private key and User B verified with User A’s public key.
After working on his doctoral dissertation for two years, Peter, a user, is unable to open his dissertation file. The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version. Which of the following types of malware is the laptop MOST likely infected with?
A. Ransomware
B. Trojan
C. Backdoor
D. Armored virus
Ransomware
Data execution prevention is a feature in most operating systems intended to protect against which type of attack?
A. Cross-site scripting
B. Buffer overflow
C. Header manipulation
D. SQL injection
Buffer overflow
A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up.
Which of the following BEST allows the analyst to restrict user access to approved devices?
A. Antenna placement
B. Power level adjustment
C. Disable SSID broadcasting
D. MAC filtering
MAC filtering
A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?
A. Implement privacy policies
B. Enforce mandatory vacations
C. Implement a security policy
D. Enforce time of day restrictions
Enforce mandatory vacations
Which of the following can Peter, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?
A. Security logs
B. Protocol analyzer
C. Audit logs
D. Honeypot
Honeypot
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?
A. All users have write access to the directory.
B. Jane has read access to the file.
C. All users have read access to the file.
D. Jane has read access to the directory.
All users have read access to the file.
Which of the following can only be mitigated through the use of technical controls rather that user security training?
A. Shoulder surfing
B. Zero-day
C. Vishing
D. Trojans
Zero-day
Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues. Which of the following should the technician do?
A. Change the access point from WPA2 to WEP to determine if the encryption is too strong
B. Clear all access logs from the AP to provide an up-to-date access list of connected users
C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter
D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap
Check the MAC address of the AP to which the users are connecting to determine if it is an imposter
LDAP and Kerberos are commonly used for which of the following?
A. To perform queries on a directory service
B. To store usernames and passwords for Federated Identity
C. To sign SSL wildcard certificates for subdomains
D. To utilize single sign-on capabilities
To utilize single sign-on capabilities
After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?
A. Reduce the power level of the AP on the network segment
B. Implement MAC filtering on the AP of the affected segment
C. Perform a site survey to see what has changed on the segment
D. Change the WPA2 encryption key of the AP in the affected segment
Reduce the power level of the AP on the network segment