Deck G Flashcards
Which of the following authentication methods can use the SCTP and TLS protocols for reliable packet transmissions?
A. TACACS+
B. SAML
C. Diameter
D. Kerberos
Diameter
Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?
A. Biometrics
B. PKI
C. Single factor authentication
D. Multifactor authentication
Multifactor authentication
It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue?
A. Device encryption
B. Application control
C. Content filtering
D. Screen-locks
Application control
After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).
A. To allow load balancing for cloud support
B. To allow for business continuity if one provider goes out of business
C. To eliminate a single point of failure
D. To allow for a hot site in case of disaster
E. To improve intranet communication speeds
To allow for business continuity if one provider goes out of business
To eliminate a single point of failure
The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Select TWO).
A. Device encryption
B. Antivirus
C. Privacy screen
D. Cable locks
E. Remote wipe
Antivirus
Cable locks
A periodic update that corrects problems in one version of a product is called a
A. Hotfix
B. Overhaul
C. Service pack
D. Security update
Service pack
Peter, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of technologies will BEST address this scenario?
A. Application Firewall
B. Anomaly Based IDS
C. Proxy Firewall
D. Signature IDS
Anomaly Based IDS
Which of the following is the primary security concern when deploying a mobile device on a network?
A. Strong authentication
B. Interoperability
C. Data security
D. Cloud storage technique
Data security
Which of the following is a best practice for error and exception handling?
A. Log detailed exception but display generic error message
B. Display detailed exception but log generic error message
C. Log and display detailed error and exception messages
D. Do not log or display error or exception messages
Log detailed exception but display generic error message
A company replaces a number of devices with a mobile appliance, combining several functions.
Which of the following descriptions fits this new implementation? (Select TWO).
A. Cloud computing
B. Virtualization
C. All-in-one device
D. Load balancing
E. Single point of failure
All-in-one device
Single point of failure
An organizations’ security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue?
A. Password history
B. Password complexity
C. Password length
D. Password expiration
Password history
A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?
A. Bind server
B. Apache server
C. Exchange server
D. RADIUS server
Bind server
An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO).
A. Length of password
B. Password history
C. Minimum password age
D. Password expiration
E. Password complexity
F. Non-dictionary words
Password history
Minimum password age
Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed?
A. Bollards
B. Video surveillance
C. Proximity readers
D. Fencing
Video surveillance
Ann, a security administrator, has concerns regarding her company’s wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be.
Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current functionality for clients?
A. Enable MAC filtering on the wireless access point.
B. Configure WPA2 encryption on the wireless access point.
C. Lower the antenna’s broadcasting power.
D. Disable SSID broadcasting.
Lower the antenna’s broadcasting power.
When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?
A. Trust models
B. CRL
C. CA
D. Recovery agent
CA
A large corporation has data centers geographically distributed across multiple continents. The company needs to securely transfer large amounts of data between the data center. The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit. Which of the following represents the BEST cryptographic solution?
A. Driving a van full of Micro SD cards from data center to data center to transfer data
B. Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN
C. Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN
D. Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server
Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN
A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?
A. Role-based privileges
B. Credential management
C. User assigned privileges
D. User access
Role-based privileges
A security administrator must implement a secure key exchange protocol that will allow company clients to autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following MUST be implemented?
A. SHA-256
B. AES
C. Diffie-Hellman
D. 3DES
Diffie-Hellman
A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here?
A. Separation of duties
B. Least privilege
C. Same sign-on
D. Single sign-on
Same sign-on
Which of the following may cause Jane, the security administrator, to seek an ACL work around?
A. Zero day exploit
B. Dumpster diving
C. Virus outbreak
D. Tailgating
Zero day exploit
A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following?
A. Peer to Peer
B. Mobile devices
C. Social networking
D. Personally owned devices
Social networking
Emily, a security engineer, is testing encryption ciphers for performance. Which of the following ciphers offers strong encryption with the FASTEST speed?
A. 3DES
B. Blowfish
C. Serpent
D. AES256
Blowfish
An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:
A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT
NAT
Emily, a security technician, has received notice that a vendor coming in for a presentation will require access to a server outside of the network. Currently, users are only able to access remote sites through a VPN connection. How could Emily BEST accommodate the vendor?
A. Allow incoming IPSec traffic into the vendor’s IP address.
B. Set up a VPN account for the vendor, allowing access to the remote site.
C. Turn off the firewall while the vendor is in the office, allowing access to the remote site.
D. Write a firewall rule to allow the vendor to have access to the remote site.
Write a firewall rule to allow the vendor to have access to the remote site.
The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task?
A. A security group
B. A group policy
C. Key escrow
D. Certificate revocation
A group policy
Which of the following is true about PKI? (Select TWO).
A. When encrypting a message with the public key, only the public key can decrypt it.
B. When encrypting a message with the private key, only the private key can decrypt it.
C. When encrypting a message with the public key, only the CA can decrypt it.
D. When encrypting a message with the public key, only the private key can decrypt it.
E. When encrypting a message with the private key, only the public key can decrypt it.
When encrypting a message with the public key, only the private key can decrypt it.
When encrypting a message with the private key, only the public key can decrypt it.
Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?
A. Key escrow
B. Non-repudiation
C. Multifactor authentication
D. Hashing
Non-repuditation
A security administrator must implement all requirements in the following corporate policy: Passwords shall be protected against offline password brute force attacks. Passwords shall be protected against online password brute force attacks. Which of the following technical controls must be implemented to enforce the corporate policy? (Select THREE).
A. Account lockout
B. Account expiration
C. Screen locks
D. Password complexity
E. Minimum password lifetime
F. Minimum password length
Account lockout
Password complexity
Minimum password length
Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?
A. Structured walkthrough
B. Full Interruption test
C. Checklist test
D. Tabletop exercise
Structured walkthrough
A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts?
A. High availability
B. Load balancing
C. Backout contingency plan
D. Clustering
High availability
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
A. Conduct surveys and rank the results.
B. Perform routine user permission reviews.
C. Implement periodic vulnerability scanning.
D. Disable user accounts that have not been used within the last two weeks.
Perform routine user permission reviews.
An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?
A. Install a proxy server between the users’ computers and the switch to filter inbound network traffic.
B. Block commonly used ports and forward them to higher and unused port numbers.
C. Configure the switch to allow only traffic from computers based upon their physical address.
D. Install host-based intrusion detection software to monitor incoming DHCP Discover requests.
Configure the switch to allow only traffic from computers based upon their physical address.
Which of the following devices is MOST likely being used when processing the following?
1 PERMIT IP ANY ANY EQ 80
2 DENY IP ANY ANY
A. Firewall
B. NIPS
C. Load balancer
D. URL filter
Firewall
When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator’s request?
A. DMZ
B. Cloud services
C. Virtualization
D. Sandboxing
DMZ
Which of the following is an authentication method that can be secured by using SSL?
A. RADIUS
B. LDAP
C. TACACS+
D. Kerberos
LDAP
Which of the following types of authentication packages user credentials in a ticket?
A. Kerberos
B. LDAP
C. TACACS+
D. RADIUS
Kerberos
In which of the following scenarios is PKI LEAST hardened?
A. The CRL is posted to a publicly accessible location.
B. The recorded time offsets are developed with symmetric keys.
C. A malicious CA certificate is loaded on all the clients.
D. All public keys are accessed by an unauthorized user.
A malicious CA certificate is loaded on all the clients.
Ann has taken over as the new head of the IT department. One of her first assignments was to implement AAA in preparation for the company’s new telecommuting policy. When she takes inventory of the organizations existing network infrastructure, she makes note that it is a mix of several different vendors. Ann knows she needs a method of secure centralized access to the company’s network resources. Which of the following is the BEST service for Ann to implement?
A. RADIUS
B. LDAP
C. SAML
D. TACACS+
RADIUS
Configuring the mode, encryption methods, and security associations are part of which of the following?
A. IPSec
B. Full disk encryption
C. 802.1x
D. PKI
IPSec