Deck F

Question 1

After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?

A. Host based firewall

B. Initial baseline configurations

C. Discretionary access control

D. Patch management system

Answer 1

Patch management system

Question 2

When using PGP, which of the following should the end user protect from compromise? (Select TWO).

A. Private key

B. CRL details

C. Public key

D. Key password

E. Key escrow

F. Recovery agent

Answer 2

Private key

Key password

Question 3

When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?

A. Deploying identical application firewalls at the border

B. Incorporating diversity into redundant design

C. Enforcing application white lists on the support workstations

D. Ensuring the systems’ anti-virus definitions are up-to-date

Answer 3

Incorporating diversity into redundant design

Question 4

A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?

A. RADIUS

B. TACACS+

C. Kerberos

D. LDAP

Answer 4

TACACS+

Question 5

Which of the following relies on the use of shared secrets to protect communication?

A. RADIUS

B. Kerberos

C. PKI

D. LDAP

Answer 5

RADIUS

Question 6

Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?

A. Water base sprinkler system

B. Electrical

C. HVAC

D. Video surveillance

Answer 6

HVAC

Question 7

A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal?

A. AES

B. IPSec

C. PGP

D. SSH

Answer 7

SSH

Question 8

A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).

A. Antenna placement

B. Interference

C. Use WEP

D. Single Sign on

E. Disable the SSID

F. Power levels

Answer 8

Antenna placement

Power levels

Question 9

Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?

A. Business continuity planning

B. Continuity of operations

C. Business impact analysis

D. Succession planning

Answer 9

Succession planning

Question 10

Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank’s website, but not login. Which is the following is MOST likely the issue?

A. The IP addresses of the clients have change

B. The client certificate passwords have expired on the server

C. The certificates have not been installed on the workstations

D. The certificates have been installed on the CA

Answer 10

The certificates have not been installed on the workstations

Question 11

In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?

A. Mitigation

B. Identification

C. Preparation

D. Lessons learned

Answer 11

Lessons learned

Question 12

The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed?

A. Signature Based IDS

B. Heuristic IDS

C. Behavior Based IDS

D. Anomaly Based IDS

Answer 12

Signature Based IDS

Question 13

Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources?

A. Zero-day

B. LDAP injection

C. XML injection

D. Directory traversal

Answer 13

Zero-day

Question 14

Which of the following is true about an email that was signed by User A and sent to User B?

A. User A signed with User B’s private key and User B verified with their own public key.

B. User A signed with their own private key and User B verified with User A’s public key.

C. User A signed with User B’s public key and User B verified with their own private key.

D. User A signed with their own public key and User B verified with User A’s private key.

Answer 14

User A signed with their own private key and User B verified with User A’s public key.

Question 15

After working on his doctoral dissertation for two years, Peter, a user, is unable to open his dissertation file. The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version. Which of the following types of malware is the laptop MOST likely infected with?

A. Ransomware

B. Trojan

C. Backdoor

D. Armored virus

Answer 15

Ransomware

Question 16

Data execution prevention is a feature in most operating systems intended to protect against which type of attack?

A. Cross-site scripting

B. Buffer overflow

C. Header manipulation

D. SQL injection

Answer 16

Buffer overflow

Question 17

A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up.
Which of the following BEST allows the analyst to restrict user access to approved devices?

A. Antenna placement

B. Power level adjustment

C. Disable SSID broadcasting

D. MAC filtering

Answer 17

MAC filtering

Question 18

A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?

A. Implement privacy policies

B. Enforce mandatory vacations

C. Implement a security policy

D. Enforce time of day restrictions

Answer 18

Enforce mandatory vacations

Question 19

Which of the following can Peter, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?

A. Security logs

B. Protocol analyzer

C. Audit logs

D. Honeypot

Answer 19

Honeypot

Question 20

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?

A. All users have write access to the directory.

B. Jane has read access to the file.

C. All users have read access to the file.

D. Jane has read access to the directory.

Answer 20

All users have read access to the file.

Question 21

Which of the following can only be mitigated through the use of technical controls rather that user security training?

A. Shoulder surfing

B. Zero-day

C. Vishing

D. Trojans

Answer 21

Zero-day

Question 22

Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues. Which of the following should the technician do?

A. Change the access point from WPA2 to WEP to determine if the encryption is too strong

B. Clear all access logs from the AP to provide an up-to-date access list of connected users

C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter

D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap

Answer 22

Check the MAC address of the AP to which the users are connecting to determine if it is an imposter

Question 23

LDAP and Kerberos are commonly used for which of the following?

A. To perform queries on a directory service

B. To store usernames and passwords for Federated Identity

C. To sign SSL wildcard certificates for subdomains

D. To utilize single sign-on capabilities

Answer 23

To utilize single sign-on capabilities

Question 24

After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?

A. Reduce the power level of the AP on the network segment

B. Implement MAC filtering on the AP of the affected segment

C. Perform a site survey to see what has changed on the segment

D. Change the WPA2 encryption key of the AP in the affected segment

Answer 24

Reduce the power level of the AP on the network segment

Question 25

Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate laptops where the file structures are unknown?

A. Folder encryption

B. File encryption

C. Whole disk encryption

D. Steganography

Answer 25

Whole disk encryption

Question 26

A database administrator would like to start encrypting database exports stored on the SAN, but the storage administrator warns that this may drastically increase the amount of disk space used by the exports. Which of the following explains the reason for the increase in disk space usage?

A. Deduplication is not compatible with encryption

B. The exports are being stored on smaller SAS drives

C. Encrypted files are much larger than unencrypted files

D. The SAN already uses encryption at rest

Answer 26

Encrypted files are much larger than unencrypted files

Question 27

Which statement is TRUE about the operation of a packet sniffer?

A. It can only have one interface on a management network.

B. They are required for firewall operation and stateful inspection.

C. The Ethernet card must be placed in promiscuous mode.

D. It must be placed on a single virtual LAN interface.

Answer 27

The Ethernet card must be placed in promiscuous mode.

Question 28

A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost?

A. Clustering

B. Mirrored server

C. RAID

D. Tape backup

Answer 28

RAID

Question 29

Which of the following must be kept secret for a public key infrastructure to remain secure?

A. Certificate Authority

B. Certificate revocation list

C. Public key ring

D. Private key

Answer 29

Private key

Question 30

Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?

A. Routine log audits

B. Job rotation

C. Risk likelihood assessment

D. Separation of duties

Answer 30

Routine log audits

Question 31

Peter, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Peter insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company’s information systems?

A. Acceptable Use Policy

B. Privacy Policy

C. Security Policy

D. Human Resource Policy

Answer 31

Acceptable Use Policy

Question 32

A company hired Peter, an accountant. The IT administrator will need to create a new account for
Peter. The company uses groups for ease of management and administration of user accounts.
Peter will need network access to all directories, folders and files within the accounting department.
Which of the following configurations will meet the requirements?

A. Create a user account and assign the user account to the accounting group.

B. Create an account with role-based access control for accounting.

C. Create a user account with password reset and notify Peter of the account creation.

D. Create two accounts: a user account and an account with full network administration rights.

Answer 32

Create an account with role-based access control for accounting.

Question 33

One month after a software developer was terminated the helpdesk started receiving calls that several employees’ computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place?

A. Logic bomb

B. Cross-site scripting

C. SQL injection

D. Malicious add-on

Answer 33

Logic bomb

Question 34

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?

A. Recovery agent

B. Certificate authority

C. Trust model

D. Key escrow

Answer 34

Recovery agent

Question 35

A system administrator has noticed network performance issues and wants to gather performance data from the gateway router. Which of the following can be used to perform this action?

A. SMTP

B. iSCSI

C. SNMP

D. IPSec

Answer 35

SNMP

Question 36

Which of the following practices reduces the management burden of access management?

A. Password complexity policies

B. User account audit

C. Log analysis and review

D. Group based privileges

Answer 36

Group based privileges

Question 37

Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?

A. Train employees on correct data disposal techniques and enforce policies.

B. Only allow employees to enter or leave through one door at specified times of the day.

C. Only allow employees to go on break one at a time and post security guards 24/7 at each entrance.

D. Train employees on risks associated with social engineering attacks and enforce policies.

Answer 37

Train employees on risks associated with social engineering attacks and enforce policies.

Question 38

Which of the following attacks targets high level executives to gain company information?

A. Phishing

B. Whaling

C. Vishing

D. Spoofing

Answer 38

Whaling

Question 39

The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor’s server and the users are unable to log in. Which of the following are the MOST likely causes of this issue? (Select TWO).

A. URL filtering

B. Role-based access controls

C. MAC filtering

D. Port Security

E. Firewall rules

Answer 39

URL filtering

Firewall rules

Question 40

A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes this goal?

A. Require different account passwords through a policy

B. Require shorter password expiration for non-privileged accounts

C. Require shorter password expiration for privileged accounts

D. Require a greater password length for privileged accounts

Answer 40

Require different account passwords through a policy

Question 41

Which of the following is BEST carried out immediately after a security breach is discovered?

A. Risk transference

B. Access control revalidation

C. Change management

D. Incident management

Answer 41

Incident management

Question 42

A company’s Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster?

A. Risk

B. Asset

C. Threat

D. Vulnerability

Answer 42

Threat

Question 43

Which of the following is built into the hardware of most laptops but is not setup for centralized management by default?

A. Whole disk encryption

B. TPM encryption

C. USB encryption

D. Individual file encryption

Answer 43

TPM encryption

Question 44

A security administrator wants to deploy security controls to mitigate the threat of company employees’ personal information being captured online. Which of the following would BEST serve this purpose?

A. Anti-spyware

B. Antivirus

C. Host-based firewall

D. Web content filter

Answer 44

Anti-spyware

Question 45

A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure?

A. IPsec

B. SFTP

C. BGP

D. PPTP

Answer 45

IPsec

Question 46

Which of the following presents the STRONGEST access control?

A. MAC

B. TACACS

C. DAC

D. RBAC

Answer 46

MAC

Question 47

A security administrator is reviewing the company’s continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?

A. Systems should be restored within six hours and no later than two days after the incident.

B. Systems should be restored within two days and should remain operational for at least six hours.

C. Systems should be restored within six hours with a minimum of two days worth of data.

D. Systems should be restored within two days with a minimum of six hours worth of data.

Answer 47

Systems should be restored within six hours with a minimum of two days worth of data.

Question 48

One of the senior managers at a company called the help desk to report to report a problem. The manager could no longer access data on a laptop equipped with FDE. The manager requested that the FDE be removed and the laptop restored from a backup. The help desk informed the manager that the recommended solution was to decrypt the hard drive prior to reinstallation and recovery. The senior manager did not have a copy of the private key associated with the FDE on the laptop. Which of the following tools or techniques did the help desk use to avoid losing the data on the laptop?

A. Public key

B. Recovery agent

C. Registration details

D. Trust Model

Answer 48

Recovery agent

Question 49

Peter, a security administrator, is informed that people from the HR department should not have access to the accounting department’s server, and the accounting department should not have access to the HR department’s server. The network is separated by switches. Which of the following is designed to keep the HR department users from accessing the accounting department’s server and vice-versa?

A. ACLs

B. VLANs

C. DMZs

D. NATS

Answer 49

VLANs

Question 50

Input validation is an important security defense because it:

A. rejects bad or malformed data.

B. enables verbose error reporting.

C. protects mis-configured web servers.

D. prevents denial of service attacks.

Answer 50

rejects bad or malformed data.

Question 51

Ann, a technician, is attempting to establish a remote terminal session to an end user’s computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open?

A. 22

B. 139

C. 443

D. 3389

Answer 51

3389

Question 52

How must user accounts for exiting employees be handled?

A. Disabled, regardless of the circumstances

B. Disabled if the employee has been terminated

C. Deleted, regardless of the circumstances

D. Deleted if the employee has been terminated

Answer 52

Disabled, regardless of the circumstances

Question 53

Which of the following is a hardware based encryption device?

A. EFS

B. TrueCrypt

C. TPM

D. SLE

Answer 53

TPM

Question 54

An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?

A. Business continuity planning

B. Quantitative assessment

C. Data classification

D. Qualitative assessment

Answer 54

Data classification

Question 55

Which of the following would prevent a user from installing a program on a company-owned mobile device?

A. White-listing

B. Access control lists

C. Geotagging

D. Remote wipe

Answer 55

White-listing

Question 56

Which of the following provides a static record of all certificates that are no longer valid?

A. Private key

B. Recovery agent

C. CRLs

D. CA

Answer 56

CRLs

Question 57

A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen?

A. Application control

B. Remote wiping

C. GPS

D. Screen-locks

Answer 57

Remote wiping

Question 58

Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?

A. Vulnerability assessment

B. Black box testing

C. White box testing

D. Penetration testing

Answer 58

Vulnerability assessment

Question 59

A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:

A. HDD hashes are accurate.

B. the NTP server works properly.

C. chain of custody is preserved.

D. time offset can be calculated.

Answer 59

time offset can be calculated.

Question 60

Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as which of the following?

A. Output sanitization

B. Input validation

C. Application hardening

D. Fuzzing

Answer 60

Input validation

Question 61

A security administrator is investigating a recent server breach. The breach occurred as a result of a zero-day attack against a user program running on the server. Which of the following logs should the administrator search for information regarding the breach?

A. Application log

B. Setup log

C. Authentication log

D. System log

Answer 61

Application log

Question 62

After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings?

A. IV attack

B. War dialing

C. Rogue access points

D. War chalking

Answer 62

War chalking

Question 63

The server administrator has noted that most servers have a lot of free disk space and low memory utilization. Which of the following statements will be correct if the server administrator migrates to a virtual server environment?

A. The administrator will need to deploy load balancing and clustering.

B. The administrator may spend more on licensing but less on hardware and equipment.

C. The administrator will not be able to add a test virtual environment in the data center.

D. Servers will encounter latency and lowered throughput issues.

Answer 63

The administrator may spend more on licensing but less on hardware and equipment.

Question 64

Which of the following encompasses application patch management?

A. Configuration management

B. Policy management

C. Cross-site request forgery

D. Fuzzing

Answer 64

Configuration management

Question 65

A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal?

A. CCTV

B. Environmental monitoring

C. RFID

D. EMI shielding

Answer 65

RFID

Question 66

A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:

A. Black box testing

B. White box testing

C. Black hat testing

D. Gray box testing

Answer 66

Black box testing

Question 67

Which of the following is the default port for TFTP?

A. 20

B. 69

C. 21

D. 68

Answer 67

69

Question 68

A new client application developer wants to ensure that the encrypted passwords that are stored in their database are secure from cracking attempts. To implement this, the developer implements a function on the client application that hashes passwords thousands of times prior to being sent to the database. Which of the following did the developer MOST likely implement?

A. RIPEMD

B. PBKDF2

C. HMAC

D. ECDHE

Answer 68

PBKDF2

Question 69

Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network?

A. Cross-platform compatibility issues between personal devices and server-based applications

B. Lack of controls in place to ensure that the devices have the latest system patches and signature files

C. Non-corporate devices are more difficult to locate when a user is terminated

D. Non-purchased or leased equipment may cause failure during the audits of company-owned assets

Answer 69

Lack of controls in place to ensure that the devices have the latest system patches and signature files

Question 70

A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO).

A. 22

B. 135

C. 137

D. 143

E. 443

F. 3389

Answer 70

22

3389

Question 71

A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution?

A. Attach cable locks to each laptop

B. Require each customer to sign an AUP

C. Install a GPS tracking device onto each laptop

D. Install security cameras within the perimeter of the café

Answer 71

Attach cable locks to each laptop

Question 72

Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).

A. Virtual switch

B. NAT

C. System partitioning

D. Access-list

E. Disable spanning tree

F. VLAN

Answer 72

Virtual switch

VLAN

Question 73

Which of the following would be used when a higher level of security is desired for encryption key storage?

A. TACACS+

B. L2TP

C. LDAP

D. TPM

Answer 73

TPM

Question 74

A company uses PGP to ensure that sensitive email is protected. Which of the following types of cryptography is being used here for the key exchange?

A. Symmetric

B. Session-based

C. Hashing

D. Asymmetric

Answer 74

Symmetric

Question 75

A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack?

A. Typo squatting

B. Session hijacking

C. Cross-site scripting

D. Spear phishing

Answer 75

Typo squatting

Question 76

The datacenter manager is reviewing a problem with a humidity factor that is too low. Which of the following environmental problems may occur?

A. EMI emanations

B. Static electricity

C. Condensation

D. Dry-pipe fire suppression

Answer 76

Static electricity

Question 77

A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO).

A. Detect security incidents

B. Reduce attack surface of systems

C. Implement monitoring controls

D. Hardening network devices

E. Prevent unauthorized access

Answer 77

Detect security incidents

Implement monitoring controls

Question 78

The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading. This setup is using which of the following authentication types?

A. Two-factor authentication

B. Single sign-on

C. Multifactor authentication

D. Single factor authentication

Answer 78

Single factor authentication

Question 79

An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation?

A. Testing controls

B. Risk assessment

C. Signed AUP

D. Routine audits

Answer 79

Testing controls

Question 80

Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?

A. True negatives

B. True positives

C. False positives

D. False negatives

Answer 80

False positives

Question 81

A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this?

A. Multi-factor authentication

B. Smart card access

C. Same Sign-On

D. Single Sign-On

Answer 81

Single Sign-On

Question 82

A software development company wants to implement a digital rights management solution to protect its intellectual property. Which of the following should the company implement to enforce software digital rights?

A. Transport encryption

B. IPsec

C. Non-repudiation

D. Public key infrastructure

Answer 82

Public key infrastructure

Question 83

The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?

A. Black box

B. Penetration

C. Gray box

D. White box

Answer 83

Black box

Question 84

A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:

A. escalation and notification.

B. first responder.

C. incident identification.

D. incident mitigation.

Answer 84

escalation and notification

Question 85

Which of the following helps to apply the proper security controls to information?

A. Data classification

B. Deduplication

C. Clean desk policy

D. Encryption

Answer 85

Data classification

Question 86

Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?

A. Co-hosted application

B. Transitive trust

C. Mutually exclusive access

D. Dual authentication

Answer 86

Transitive trust

Question 87

Which of the following BEST describes a SQL Injection attack?

A. The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.

B. The attacker attempts to have the receiving server run a payload using programming commonly found on web servers.

C. The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage.

D. The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.

Answer 87

The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.

Question 88

An administrator is instructed to disable IP-directed broadcasts on all routers in an organization. Which of the following attacks does this prevent?

A. Pharming

B. Smurf

C. Replay

D. Xmas

Answer 88

Smurf

Question 89

Human Resources suspect an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place?

A. Shared accounts should be prohibited.

B. Account lockout should be enabled

C. Privileges should be assigned to groups rather than individuals

D. Time of day restrictions should be in use

Answer 89

Shared accounts should be prohibited.

Question 90

Which the following flags are used to establish a TCP connection? (Select TWO).

A. PSH

B. ACK

C. SYN

D. URG

E. FIN

Answer 90

ACK

SYN

Question 91

Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to access an account at a bank teller machine?

A. Account expiration settings

B. Complexity of PIN

C. Account lockout settings

D. PIN history requirements

Answer 91

Account lockout settings

Question 92

The incident response team has received the following email message.
From: monitor@ext-company.com To: security@company.com Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the incident.
09:
45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09:
50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok
Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?

A. The logs are corrupt and no longer forensically sound.

B. Traffic logs for the incident are unavailable.

C. Chain of custody was not properly maintained.

D. Incident time offsets were not accounted for.

Answer 92

Incident time offsets were not accounted for.

Question 93

The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?

A. TwoFish

B. SHA-512

C. Fuzzy hashes

D. HMAC

Answer 93

Fuzzy hashes

Question 94

A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?

A. AES

B. 3DES

C. RC4

D. WPA2

Answer 94

3DES

Question 95

End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:

A. Date of birth.

B. First and last name.

C. Phone number.

D. Employer name.

Answer 95

Date of birth

Question 96

A network administrator noticed various chain messages have been received by the company.
Which of the following security controls would need to be implemented to mitigate this issue?

A. Anti-spam

B. Antivirus

C. Host-based firewalls

D. Anti-spyware

Answer 96

Anti-spam

Question 97

A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator’s concerns?

A. Install a mobile application that tracks read and write functions on the device.

B. Create a company policy prohibiting the use of mobile devices for personal use.

C. Enable GPS functionality to track the location of the mobile devices.

D. Configure the devices so that removable media use is disabled.

Answer 97

Configure the devices so that removable media use is disabled.

Question 98

Physical documents must be incinerated after a set retention period is reached. Which of the following attacks does this action remediate?

A. Shoulder Surfing

B. Dumpster Diving

C. Phishing

D. Impersonation

Answer 98

Dumpster Diving

Question 99

Which of the following can be utilized in order to provide temporary IT support during a disaster, where the organization sets aside funds for contingencies, but does not necessarily have a dedicated site to restore those services?

A. Hot site

B. Warm site

C. Cold site

D. Mobile site

Answer 99

Mobile site

Question 100

Peter, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing?

A. OS hardening

B. Application control

C. Virtualization

D. Sandboxing

Answer 100

Sandboxing