Deck H Flashcards by Jerry Brinson

Which of the following explains the difference between a public key and a private key?

A. The public key is only used by the client while the private key is available to all. Both keys are mathematically related.

B. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related.

C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption.

D. The private key is only used by the client and kept secret while the public key is available to all.

The private key is only used by the client and kept secret while the public key is available to all.

How well did you know this?

Not at all

Perfectly

The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?

A. Implement a honeynet

B. Perform a penetration test

C. Examine firewall logs

D. Deploy an IDS

Implement a honeynet

How well did you know this?

Not at all

Perfectly

Which of the following can be used as an equipment theft deterrent?

A. Screen locks

B. GPS tracking

C. Cable locks

D. Whole disk encryption

Cable locks

How well did you know this?

Not at all

Perfectly

An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that:

A. it is being caused by the presence of a rogue access point.

B. it is the beginning of a DDoS attack.

C. the IDS has been compromised.

D. the internal DNS tables have been poisoned.

it is the beginning of a DDoS attack.

How well did you know this?

Not at all

Perfectly

A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?

A. 20

B. 21

C. 22

D. 23

How well did you know this?

Not at all

Perfectly

A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with which of the following security controls?

A. Integrity

B. Availability

C. Confidentiality

D. Safety

Safety

How well did you know this?

Not at all

Perfectly

A company is trying to implement physical deterrent controls to improve the overall security posture of their data center. Which of the following BEST meets their goal?

A. Visitor logs

B. Firewall

C. Hardware locks

D. Environmental monitoring

Hardware locks

How well did you know this?

Not at all

Perfectly

A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall?

A. Mandatory vacations

B. Job rotation

C. Least privilege

D. Time of day restrictions

Least privilege

How well did you know this?

Not at all

Perfectly

Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure?

A. Trust Model

B. Recovery Agent

C. Public Key

D. Private Key

Trust Model

How well did you know this?

Not at all

Perfectly

Which of the following wireless protocols could be vulnerable to a brute-force password attack? (Select TWO).

A. WPA2-PSK

B. WPA – EAP – TLS

C. WPA2-CCMP

D. WPA -CCMP

E. WPA – LEAP

F. WEP

WPA2-PSK

WPA-LEAP

How well did you know this?

Not at all

Perfectly

Which of the following protocols is used by IPv6 for MAC address resolution?

A. NDP

B. ARP

C. DNS

D. NCP

NDP

How well did you know this?

Not at all

Perfectly

During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization. Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization?

A. Hostile takeovers

B. Large scale natural disasters

C. Malware and viruses

D. Corporate espionage

Malware and viruses

How well did you know this?

Not at all

Perfectly

An employee needs to connect to a server using a secure protocol on the default port. Which of the following ports should be used?

A. 21

B. 22

C. 80

D. 110

How well did you know this?

Not at all

Perfectly

A new security analyst is given the task of determining whether any of the company’s servers are vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers?

A. Passive scanning

B. Banner grabbing

C. Protocol analysis

D. Penetration testing

Banner grabbing

How well did you know this?

Not at all

Perfectly

Peter, a network security engineer, has visibility to network traffic through network monitoring tools.
However, he’s concerned that a disgruntled employee may be targeting a server containing the company’s financial records. Which of the following security mechanism would be MOST appropriate to confirm Peter’s suspicion?

A. HIDS

B. HIPS

C. NIPS

D. NIDS

HIDS

How well did you know this?

Not at all

Perfectly

A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue?

A. HTTP

B. DHCP

C. DNS

D. NetBIOS

DNS

How well did you know this?

Not at all

Perfectly

Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret?

A. RIPEMD

B. MD5

C. SHA

D. HMAC

HMAC

How well did you know this?

Not at all

Perfectly

Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file?

A. Cognitive password

B. Password sniffing

C. Brute force

D. Social engineering

Brute force

How well did you know this?

Not at all

Perfectly

Peter a company’s new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Peter recommend to remediate these issues?

A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company’s servers

B. Ensure the vulnerability scanner is configured to authenticate with a privileged account

C. Ensure the vulnerability scanner is attempting to exploit the weaknesses it discovers

D. Ensure the vulnerability scanner is conducting antivirus scanning

Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company’s servers

How well did you know this?

Not at all

Perfectly

Emily, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Emily runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30.
Which of the following was used to perform this attack?

A. SQL injection

B. XML injection

C. Packet sniffer

D. Proxy

XML injection

How well did you know this?

Not at all

Perfectly

A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address:

A. Integrity of downloaded software.

B. Availability of the FTP site.

C. Confidentiality of downloaded software.

D. Integrity of the server logs.

Integrity of downloaded software.

How well did you know this?

Not at all

Perfectly

Which of the following ports would be blocked if Peter, a security administrator, wants to deny access to websites?

A. 21

B. 25

C. 80

D. 3389

How well did you know this?

Not at all

Perfectly

Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services?

A. NIPS

B. Content filter

C. NIDS

D. Host-based firewalls

Host-based firewalls

How well did you know this?

Not at all

Perfectly

Which of the following access methods uses radio frequency waves for authentication?

A. Video surveillance

B. Mantraps

C. Proximity readers

D. Biometrics

Proximity readers

How well did you know this?

Not at all

Perfectly

Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems? A. Incident management B. Server clustering C. Change management D. Forensic analysis

Change management

Which of the following does full disk encryption prevent? A. Client side attacks B. Clear text access C. Database theft D. Network-based attacks

Clear text access

An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised? A. A password that has not changed in 180 days B. A single account shared by multiple users C. A user account with administrative rights D. An account that has not been logged into since creation

A user account with administrative rights

A security team has established a security awareness program. Which of the following would BEST prove the success of the program? A. Policies B. Procedures C. Metrics D. Standards

Metrics

Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks? A. Malicious logic B. Cross-site scripting C. SQL injection D. Buffer overflow

Buffer overflow

Which of the following BEST describes a protective countermeasure for SQL injection? A. Eliminating cross-site scripting vulnerabilities B. Installing an IDS to monitor network traffic C. Validating user input in web applications D. Placing a firewall between the Internet and database servers

Validating user input in web applications

A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used? A. RADIUS B. SAML C. TACACS+ D. LDAP

LDAP

Which of the following types of encryption will help in protecting files on a PED? A. Mobile device encryption B. Transport layer encryption C. Encrypted hidden container D. Database encryption

Mobile device encryption

Emily, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent? A. Warm site B. Load balancing C. Clustering D. RAID

Clustering

Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees? A. Routine audits B. Account expirations C. Risk assessments D. Change management

Routine audits

Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device’s removable media in the event that the device is lost or stolen? A. Hashing B. Screen locks C. Device password D. Encryption

Encryption

After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely. Which of the following is the MOST likely reason the PC technician is unable to ping those devices? A. ICMP is being blocked B. SSH is not enabled C. DNS settings are wrong D. SNMP is not configured properly

ICMP is being blocked

Which of the following fire suppression systems is MOST likely used in a datacenter? A. FM-200 B. Dry-pipe C. Wet-pipe D. Vacuum

FM-200

Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits? A. Botnet B. Rootkit C. Adware D. Virus

Adware

A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server? A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. C. Format the storage and reinstall both the OS and the data from the most current backup. D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.

Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.

A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented? A. Mandatory access control B. Discretionary access control C. Rule based access control D. Role based access control

Mandatory access control

A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication works fine, but VLAN 12 does not. Which of the following MUST happen before the server can communicate on VLAN 12? A. The server’s network switch port must be enabled for 802.11x on VLAN 12. B. The server’s network switch port must use VLAN Q-in-Q for VLAN 12. C. The server’s network switch port must be 802.1q untagged for VLAN 12. D. The server’s network switch port must be 802.1q tagged for VLAN 12.

The server’s network switch port must be 802.1q tagged for VLAN 12.

Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE). A. Authentication B. Data leakage C. Compliance D. Malware E. Non-repudiation F. Network loading

Data leakage Compliance Malware

To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended? A. SHA B. MD5 C. Blowfish D. AES

AES

Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server? A. MAC filter list B. Recovery agent C. Baselines D. Access list

Baselines

Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies? A. To ensure that false positives are identified B. To ensure that staff conform to the policy C. To reduce the organizational risk D. To require acceptable usage of IT systems

To reduce the organizational risk

Peter, a user, wants to protect sensitive information stored on his hard drive. He uses a program that encrypted the whole hard drive. Once the hard drive is fully encrypted, he uses the same program to create a hidden volume within the encrypted hard drive and stores the sensitive information within the hidden volume. This is an example of which of the following? (Select TWO). A. Multi-pass encryption B. Transport encryption C. Plausible deniability D. Steganography E. Transitive encryption F. Trust models

Plausible deniability Steganography

Establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster is an example of which of the following? A. Fault tolerance B. Succession planning C. Business continuity testing D. Recovery point objectives

Succession planning

Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties? A. LDAP B. SAML C. TACACS+ D. Kerberos

SAML

A security administrator is tackling issues related to authenticating users at a remote site. There have been a large number of security incidents that resulted from either tailgating or impersonation of authorized users with valid credentials. The security administrator has been told to implement multifactor authentication in order to control facility access. To secure access to the remote facility, which of the following could be implemented without increasing the amount of space required at the entrance? A. MOTD challenge and PIN pad B. Retina scanner and fingerprint reader C. Voice recognition and one-time PIN token D. One-time PIN token and proximity reader

Voice recognition and one-time PIN token

Which of the following risk concepts requires an organization to determine the number of failures per year? A. SLE B. ALE C. MTBF D. Quantitative analysis

ALE

A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability? A. Host-based firewall B. IDS C. IPS D. Honeypot

IDS

How often, at a MINIMUM, should Emily, an administrator, review the accesses and rights of the users on her system? A. Annually B. Immediately after an employee is terminated C. Every five years D. Every time they patch the server

Annually

The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection. Which of the following has happened on the workstation? A. Zero-day attack B. Known malware infection C. Session hijacking D. Cookie stealing

Zero-day attack

Which of the following provides the LEAST availability? A. RAID 0 B. RAID 1 C. RAID 3 D. RAID 5

RAID 0

Which of the following is a vulnerability associated with disabling pop-up blockers? A. An alert message from the administrator may not be visible B. A form submitted by the user may not open C. The help window may not be displayed D. Another browser instance may execute malicious code

Another browser instance may execute malicious code

Which of the following is a measure of biometrics performance which rates the ability of a system to correctly authenticate an authorized user? A. Failure to capture B. Type II C. Mean time to register D. Template capacity

Type II

A security analyst needs to ensure all external traffic is able to access the company’s front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended? A. DMZ B. Cloud computing C. VLAN D. Virtualization

DMZ

Protecting the confidentiality of a message is accomplished by encrypting the message with which of the following? A. Sender’s private key B. Recipient’s public key C. Sender’s public key D. Recipient’s private key

Recipient’s public key

Which of the following is an example of a false negative? A. The IDS does not identify a buffer overflow. B. Anti-virus identifies a benign application as malware. C. Anti-virus protection interferes with the normal operation of an application. D. A user account is locked out after the user mistypes the password too many times.

The IDS does not identify a buffer overflow.

A distributed denial of service attack can BEST be described as: A. Invalid characters being entered into a field in a database application. B. Users attempting to input random or invalid data into fields within a web browser application. C. Multiple computers attacking a single target in an organized attempt to deplete its resources. D. Multiple attackers attempting to gain elevated privileges on a target system.

Multiple computers attacking a single target in an organized attempt to deplete its resources.

One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring? A. Set up a protocol analyzer B. Set up a performance baseline C. Review the systems monitor on a monthly basis D. Review the performance monitor on a monthly basis

Set up a performance baseline

During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server? A. SPIM B. Backdoor C. Logic bomb D. Rootkit

Rootkit

CompTIA Security+ Question H-63 During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR). A. 21 B. 22 C. 23 D. 69 E. 3389 F. SSH G. Terminal services H. Rlogin I. Rsync J. Telnet

22 23 SSH Telnet

FTP/S uses which of the following TCP ports by default? A. 20 and 21 B. 139 and 445 C. 443 and 22 D. 989 and 990

989 and 990

An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack? A. Integer overflow B. Cross-site scripting C. Zero-day D. Session hijacking E. XML injection

Zero-day

Full disk encryption is MOST effective against which of the following threats? A. Denial of service by data destruction B. Eavesdropping emanations C. Malicious code D. Theft of hardware

Theft of hardware

The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help? A. Account Disablements B. Password Expiration C. Password Complexity D. Password Recovery

Password Recovery

A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic. Which of the following would accomplish this task? A. Deny TCP port 68 B. Deny TCP port 69 C. Deny UDP port 68 D. Deny UDP port 69

Deny UDP port 69

Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server? A. HIPS B. NIDS C. HIDS D. NIPS

HIPS

Company A sends a PGP encrypted file to company B. If company A used company B’s public key to encrypt the file, which of the following should be used to decrypt data at company B? A. Registration B. Public key C. CRLs D. Private key

Private key

An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses within the code? A. Vulnerability scanning B. Denial of service C. Fuzzing D. Port scanning

Fuzzing

A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed? A. The request needs to be sent to the incident management team. B. The request needs to be approved through the incident management process. C. The request needs to be approved through the change management process. D. The request needs to be sent to the change management team.

The request needs to be approved through the change management process.

An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause? A. Spyware B. Trojan C. Privilege escalation D. DoS

DoS

Why would a technician use a password cracker? A. To look for weak passwords on the network B. To change a user’s passwords when they leave the company C. To enforce password complexity requirements D. To change users passwords if they have forgotten them

To look for weak passwords on the network

Emily, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task? A. Fingerprinting and password crackers B. Fuzzing and a port scan C. Vulnerability scan and fuzzing D. Port scan and fingerprinting

Port scan and fingerprinting

Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring? A. A user has plugged in a personal access point at their desk to connect to the network wirelessly. B. The company is currently experiencing an attack on their internal DNS servers. C. The company’s WEP encryption has been compromised and WPA2 needs to be implemented instead. D. An attacker has installed an access point nearby in an attempt to capture company information.

An attacker has installed an access point nearby in an attempt to capture company information.

Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Peter writes, signs and distributes paychecks, as well as other expenditures. Which of the following controls can she implement to address this concern? A. Mandatory vacations B. Time of day restrictions C. Least privilege D. Separation of duties

Separation of duties

Peter’s corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number. Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent? A. Collusion B. Impersonation C. Pharming D. Transitive Access

Impersonation

An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used? A. Routing B. DMZ C. VLAN D. NAT

VLAN

Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser

Sniffer

Allowing unauthorized removable devices to connect to computers increases the risk of which of the following? A. Data leakage prevention B. Data exfiltration C. Data classification D. Data deduplication

Data exfiltration

Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms? A. Signature based IPS B. Signature based IDS C. Application based IPS D. Anomaly based IDS

Anomaly based IDS

A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend? A. CHAP B. TOTP C. HOTP D. PAP

TOTP

Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO). A. Acceptable use of social media B. Data handling and disposal C. Zero day exploits and viruses D. Phishing threats and attacks E. Clean desk and BYOD F. Information security awareness

Phishing threats and attacks Information security awareness

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? A. Packet Filter Firewall B. Stateful Firewall C. Proxy Firewall D. Application Firewall

Stateful Firewall

A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with? A. Data confidentiality B. High availability C. Data integrity D. Business continuity

Data integrity

A review of the company’s network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose? A. ACL B. IDS C. UTM D. Firewall

UTM

Which of the following devices will help prevent a laptop from being removed from a certain location? A. Device encryption B. Cable locks C. GPS tracking D. Remote data wipes

Cable locks

Which of the following can be performed when an element of the company policy cannot be enforced by technical means? A. Develop a set of standards B. Separation of duties C. Develop a privacy policy D. User training

User training

Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE). A. RC4 B. 3DES C. AES D. MD5 E. PGP F. Blowfish

3DES AES Blowfish

A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address? A. Identification B. Authorization C. Access control D. Authentication

Identification

The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO’s direction but has mandated that key authentication systems be run within the organization’s network. Which of the following would BEST meet the CIO and CRO’s requirements? A. Software as a Service B. Infrastructure as a Service C. Platform as a Service D. Hosted virtualization service

Software as a Service

Which of the following security benefits would be gained by disabling a terminated user account rather than deleting it? A. Retention of user keys B. Increased logging on access attempts C. Retention of user directories and files D. Access to quarantined files

Retention of user keys

Layer 7 devices used to prevent specific types of html tags are called: A. Firewalls B. Content filters C. Routers D. NIDS

Content filters

Internet banking customers currently use an account number and password to access their online accounts. The bank wants to improve security on high value transfers by implementing a system which call users back on a mobile phone to authenticate the transaction with voice verification. Which of the following authentication factors are being used by the bank? A. Something you know, something you do, and something you have B. Something you do, somewhere you are, and something you have C. Something you are, something you do and something you know D. Something you have, something you are, and something you know

Something you are, something you do and something you know

A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO). A. Deploy a honeypot B. Disable unnecessary services C. Change default passwords D. Implement an application firewall E. Penetration testing

Disable unnecessary services Change default passwords

Ann an employee is visiting Peter, an employee in the Human Resources Department. While talking to Peter, Ann notices a spreadsheet open on Peter’s computer that lists the salaries of all employees in her department. Which of the following forms of social engineering would BEST describe this situation? A. Impersonation B. Dumpster diving C. Tailgating D. Shoulder surfing

Shoulder surfing

A video surveillance audit recently uncovered that an employee plugged in a personal laptop and used the corporate network to browse inappropriate and potentially malicious websites after office hours. Which of the following could BEST prevent a situation like this form occurring again? A. Intrusion detection B. Content filtering C. Port security D. Vulnerability scanning

Port security

Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website? A. Protocol analyzer B. Load balancer C. VPN concentrator D. Web security gateway

Load balancer

Which of the following tools would a security administrator use in order to identify all running services throughout an organization? A. Architectural review B. Penetration test C. Port scanner D. Design review

Port scanner