Deck J Flashcards

1
Q

A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?

A. Penetration testing

B. WAF testing

C. Vulnerability scanning

D. White box testing

A

Vulnerability scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?

A. Fencing

B. Proximity readers

C. Video surveillance

D. Bollards

A

Bollards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).

A. Disable the USB root hub within the OS.

B. Install anti-virus software on the USB drives.

C. Disable USB within the workstations BIOS.

D. Apply the concept of least privilege to USB devices.

E. Run spyware detection against all workstations.

A

Disable the USB root hub within the OS.

Disable USB within the workstations BIOS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In PKI, a key pair consists of: (Select TWO).

A. A key ring

B. A public key

C. A private key

D. Key escrow

E. A passphrase

A

A public key

A private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A technician is investigating intermittent switch degradation. The issue only seems to occur when the building’s roof air conditioning system runs. Which of the following would reduce the connectivity issues?

A. Adding a heat deflector

B. Redundant HVAC systems

C. Shielding

D. Add a wireless network

A

Shielding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is an application security coding problem?

A. Error and exception handling

B. Patch management

C. Application hardening

D. Application fuzzing

A

Error and exception handling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?

A. Remove all previous smart card certificates from the local certificate store.

B. Publish the new certificates to the global address list.

C. Make the certificates available to the operating system.

D. Recover the previous smart card certificates.

A

Publish the new certificates to the global address list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?

A. Least privilege

B. Job rotation

C. Mandatory vacations

D. Separation of duties

A

Job rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?

A. Penetration test

B. Code review

C. Baseline review

D. Design review

A

Baseline review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons?

A. SNMPv3

B. TFTP

C. SSH

D. TLS

A

SNMPv3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A network engineer is configuring a VPN tunnel connecting a company’s network to a business partner. Which of the following protocols should be used for key exchange?

A. SHA-1

B. RC4

C. Blowfish

D. Diffie-Hellman

A

SHA-1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?

A. Sniffers

B. NIDS

C. Firewalls

D. Web proxies

E. Layer 2 switches

A

Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?

A. Event

B. SQL_LOG

C. Security

D. Access

A

Event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?

A. Least privilege access

B. Separation of duties

C. Mandatory access control

D. Mandatory vacations

A

Mandatory vacations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?

A. Hashing

B. Transport encryption

C. Digital signatures

D. Steganography

A

Steganography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?

A. The data should be encrypted prior to transport

B. This would not constitute unauthorized data sharing

C. This may violate data ownership and non-disclosure agreements

D. Acme Corp should send the data to ABC Services’ vendor instead

A

This may violate data ownership and non-disclosure agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced?

A. Acceptable use policy

B. Telecommuting policy

C. Data ownership policy

D. Non disclosure policy

A

Acceptable use policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?

A. WPA2 CCMP

B. WPA

C. WPA with MAC filtering

D. WPA2 TKIP

A

WPA2 CCMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?

A. Least privilege

B. Sandboxing

C. Black box

D. Application hardening

A

Sandboxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?

A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.

B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.

C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.

D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.

A

Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?

A. Single sign-on

B. Authorization

C. Access control

D. Authentication

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?

A. Internet networks can be accessed via personally-owned computers.

B. Data can only be stored on local workstations.

C. Wi-Fi networks should use WEP encryption by default.

D. Only USB devices supporting encryption are to be used.

A

Only USB devices supporting encryption are to be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

To ensure proper evidence collection, which of the following steps should be performed FIRST?

A. Take hashes from the live system

B. Review logs

C. Capture the system image

D. Copy all compromised files

A

Capture the system image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following should an administrator implement to research current attack methodologies?

A. Design reviews

B. Honeypot

C. Vulnerability scanner

D. Code reviews

A

Honeypot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following attacks involves the use of previously captured network traffic?

A. Replay

B. Smurf

C. Vishing

D. DDoS

A

Replay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people’s first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data?

A. PII

B. PCI

C. Low

D. Public

A

PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?

A. Generate a new private key based on AES.

B. Generate a new public key based on RSA.

C. Generate a new public key based on AES.

D. Generate a new private key based on RSA.

A

Generate a new private key based on RSA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A security administrator wants to block unauthorized access to a web server using a locally installed software program. Which of the following should the administrator deploy?

A. NIDS

B. HIPS

C. NIPS

D. HIDS

A

HIPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A security technician received notification of a remotely exploitable vulnerability affecting all multifunction printers firmware installed throughout the organization. The vulnerability allows a malicious user to review all the documents processed by the affected printers. Which of the following compensating controls can the security technician to mitigate the security risk of a sensitive document leak?

A. Create a separate printer network

B. Perform penetration testing to rule out false positives

C. Install patches on the print server

D. Run a full vulnerability scan of all the printers

A

Install patches on the print server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following BEST allows Peter, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?

A. Switches

B. Protocol analyzers

C. Routers

D. Web security gateways

A

Protocol analyzers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

An encrypted message is sent using PKI from Emily, a client, to a customer. Emily claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?

A. CRL

B. Non-repudiation

C. Trust models

D. Recovery agents

A

Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

A. VLAN

B. Subnetting

C. DMZ

D. NAT

A

DMZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk?

A. (Threats X vulnerability X asset value) x controls gap

B. (Threats X vulnerability X profit) x asset value

C. Threats X vulnerability X control gap

D. Threats X vulnerability X asset value

A

Threats X vulnerability X asset value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Timestamps and sequence numbers act as countermeasures against which of the following types of attacks?

A. Smurf

B. DoS

C. Vishing

D. Replay

A

Replay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Environmental control measures include which of the following?

A. Access list

B. Lighting

C. Motion detection

D. EMI shielding

A

EMI shielding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A password history value of three means which of the following?

A. Three different passwords are used before one can be reused.

B. A password cannot be reused once changed for three years.

C. After three hours a password must be re-entered to continue.

D. The server stores passwords in the database for three days.

A

Three different passwords are used before one can be reused.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following is the MOST important step for preserving evidence during forensic procedures?

A. Involve law enforcement

B. Chain of custody

C. Record the time of the incident

D. Report within one hour of discovery

A

Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following is the LEAST volatile when performing incident response procedures?

A. Registers

B. RAID cache

C. RAM

D. Hard drive

A

Hard drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages.
Which of the following is the MOST likely cause for this issue?

A. Too many incorrect authentication attempts have caused users to be temporarily disabled.

B. The DNS server is overwhelmed with connections and is unable to respond to queries.

C. The company IDS detected a wireless attack and disabled the wireless network.

D. The Remote Authentication Dial-In User Service server certificate has expired.

A

The Remote Authentication Dial-In User Service server certificate has expired.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?

A. Spam filter

B. URL filter

C. Content inspection

D. Malware inspection

A

URL filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A company that has a mandatory vacation policy has implemented which of the following controls?

A. Risk control

B. Privacy control

C. Technical control

D. Physical control

A

Risk control

42
Q

Which of the following is an indication of an ongoing current problem?

A. Alert

B. Trend

C. Alarm

D. Trap

A

Alarm

43
Q

The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank’s certificates are still valid?

A. Bank’s CRL

B. Bank’s private key

C. Bank’s key escrow

D. Bank’s recovery agent

A

Bank’s CRL

44
Q

The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?

A. WEP

B. WPA2 CCMP

C. Disable SSID broadcast and increase power levels

D. MAC filtering

A

WPA2 CCMP

45
Q

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to integrate the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?

A. Unified Threat Management

B. Virtual Private Network

C. Single sign on

D. Role-based management

A

Unified Threat Management

46
Q

A security analyst noticed a colleague typing the following command:
`Telnet some-host 443’
Which of the following was the colleague performing?

A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack.

B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead.

D. A mistaken port being entered because telnet servers typically do not listen on port 443.

A

A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

47
Q

Who should be contacted FIRST in the event of a security breach?

A. Forensics analysis team

B. Internal auditors

C. Incident response team

D. Software vendors

A

Incident response team

48
Q

A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone’s boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?

A. Zero-day

B. Trojan

C. Virus

D. Rootkit

A

Virus

49
Q

A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect’s emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered.
Which of the following is occurring?

A. The user is encrypting the data in the outgoing messages.

B. The user is using steganography.

C. The user is spamming to obfuscate the activity.

D. The user is using hashing to embed data in the emails.

A

The user is using steganography

50
Q

The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available?

A. Cloud computing

B. Full disk encryption

C. Data Loss Prevention

D. HSM

A

Cloud computing

51
Q

Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?

A. Armored virus

B. Polymorphic malware

C. Logic bomb

D. Rootkit

A

Armored virus

52
Q

Which of the following application security principles involves inputting random data into a program?

A. Brute force attack

B. Sniffing

C. Fuzzing

D. Buffer overflow

A

Fuzzing

53
Q

In order to prevent and detect fraud, which of the following should be implemented?

A. Job rotation

B. Risk analysis

C. Incident management

D. Employee evaluations

A

Job rotation

54
Q

A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches.
Which of the following will BEST mitigate the risk if implemented on the switches?

A. Spanning tree

B. Flood guards

C. Access control lists

D. Syn flood

A

Spanning tree

55
Q

In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time?

A. Import the recipient’s public key

B. Import the recipient’s private key

C. Export the sender’s private key

D. Export the sender’s public key

A

Import the recipient’s public key

56
Q

A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the:

A. badge reader was improperly installed.

B. system was designed to fail open for life-safety.

C. system was installed in a fail closed configuration.

D. system used magnetic locks and the locks became demagnetized.

A

system was designed to fail open for life-safety.

57
Q

A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO).

A. FTP service should be disabled

B. HTTPS service should be disabled

C. SSH service should be disabled

D. HTTP service should disabled

E. Telnet service should be disabled

A

SSH service should be disabled

HTTP service should disabled

58
Q

Which of the following is the difference between identification and authentication of a user?

A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system.

B. Identification tells who the user is and authentication proves it.

C. Identification proves who the user is and authentication is used to keep the users data secure.

D. Identification proves who the user is and authentication tells the user what they are allowed to do.

A

Identification tells who the user is and authentication proves it.

59
Q

Which of the following protocols allows for the LARGEST address space?

A. IPX

B. IPv4

C. IPv6

D. Appletalk

A

IPv6

60
Q

A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature?

A. TCP/IP socket design review

B. Executable code review

C. OS Baseline comparison

D. Software architecture review

A

OS Baseline comparison

61
Q

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices.
Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected?

A. VPN

B. VLAN

C. WPA2

D. MAC filtering

A

VLAN

62
Q

The method to provide end users of IT systems and applications with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is:

A. Security awareness training.

B. BYOD security training.

C. Role-based security training.

D. Legal compliance training.

A

Security awareness training

63
Q

Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost-effective solution to assist in capacity planning as well as visibility into the performance of the network. Which of the following cloud technologies should she look into?

A. IaaS

B. MaaS

C. SaaS

D. PaaS

A

MaaS

64
Q

An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building?

A. Cloud

B. Trusted

C. Sandbox

D. Snapshot

A

Sandbox

65
Q

A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?

A. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP

B. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

C. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS

D. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS

A

Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

66
Q

A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date.
Which of the following BEST describes this system type?

A. NAT

B. NIPS

C. NAC

D. DMZ

A

NAC

67
Q

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

A. Install a token on the authentication server

B. Install a DHCP server on the authentication server

C. Install an encryption key on the authentication server

D. Install a digital certificate on the authentication server

A

Install a digital certificate on the authentication server

68
Q

A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption.
Which of the following should be implemented?

A. WPA2-CCMP with 802.1X

B. WPA2-PSK

C. WPA2-CCMP

D. WPA2-Enterprise

A

WPA2-Enterprise

69
Q
A security engineer is reviewing log data and sees the output below: 
POST: /payload.php HTTP/1.1 
HOST: localhost 
Accept: */* 
Referrer: http://localhost/ 
******* HTTP/1.1 403 Forbidden 
Connection: close 
Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log? 

A. Host-based Intrusion Detection System

B. Web application firewall

C. Network-based Intrusion Detection System

D. Stateful Inspection Firewall

E. URL Content Filter

A

Web application firewall

70
Q

After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen:
`Please only use letters and numbers on these fields’
Which of the following is this an example of?

A. Proper error handling

B. Proper input validation

C. Improper input validation

D. Improper error handling

A

Proper input validation

71
Q

Which of the following protocols encapsulates an IP packet with an additional IP header?

A. SFTP

B. IPSec

C. HTTPS

D. SSL

A

IPSec

72
Q

Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?

A. Honeynet

B. Vulnerability scanner

C. Port scanner

D. Protocol analyzer

A

Honeynet

73
Q

A system administrator wants to confidentially send a user name and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal?

A. Digital signatures

B. Hashing

C. Full-disk encryption

D. Steganography

A

Steganography

74
Q

After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?

A. Change management

B. Implementing policies to prevent data loss

C. User rights and permissions review

D. Lessons learned

A

Lessons learned

75
Q

After an audit, it was discovered that the security group memberships were not properly adjusted for employees’ accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO).

A. Mandatory access control enforcement.

B. User rights and permission reviews.

C. Technical controls over account management.

D. Account termination procedures.

E. Management controls over account management.

F. Incident management and response plan.

A

User rights and permission reviews.

Management controls over account management.

76
Q

Peter, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Peter search for in the log files?

A. Failed authentication attempts

B. Network ping sweeps

C. Host port scans

D. Connections to port 22

A

Connections to port 22

77
Q

Which of the following is a management control?

A. Logon banners

B. Written security policy

C. SYN attack prevention

D. Access Control List (ACL)

A

Logon banners

78
Q

Which of the following MOST interferes with network-based detection techniques?

A. Mime-encoding

B. SSL

C. FTP

D. Anonymous email accounts

A

SSL

79
Q

Peter, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?

A. $500

B. $5,000

C. $25,000

D. $50,000

A

$5,000

80
Q

Digital Signatures provide which of the following?

A. Confidentiality

B. Authorization

C. Integrity

D. Authentication

E. Availability

A

Integrity

81
Q

A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system’s services to the list of standard services on the company’s system image. This review process depends on:

A. MAC filtering.

B. System hardening.

C. Rogue machine detection.

D. Baselining.

A

Baselining

82
Q

Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

A. Input validation

B. Exception handling

C. Application hardening

D. Fuzzing

A

Fuzzing

83
Q

Which of the following is used to certify intermediate authorities in a large PKI deployment?

A. Root CA

B. Recovery agent

C. Root user

D. Key escrow

A

Root CA

84
Q

The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?

A. HPM technology

B. Full disk encryption

C. DLP policy

D. TPM technology

A

DLP policy

85
Q

By default, which of the following uses TCP port 22? (Select THREE).

A. FTPS

B. STELNET

C. TLS

D. SCP

E. SSL

F. HTTPS

G. SSH

H. SFTP

A

SCP

SSH

SFTP

86
Q

A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?

A. Write-once drives

B. Database encryption

C. Continuous monitoring

D. Role-based access controls

A

Write-once drives

87
Q

Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?

A. Single sign on

B. IPv6

C. Secure zone transfers

D. VoIP

A

Secure zone transfers

88
Q

A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information?

A. Automatically encrypt impacted outgoing emails

B. Automatically encrypt impacted incoming emails

C. Monitor impacted outgoing emails

D. Prevent impacted outgoing emails

A

Automatically encrypt impacted outgoing emails

89
Q

A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO).

A. Password age

B. Password hashing

C. Password complexity

D. Password history

E. Password length

A

Password age

Password history

90
Q

Which of the following tests a number of security controls in the least invasive manner?

A. Vulnerability scan

B. Threat assessment

C. Penetration test

D. Ping sweep

A

Vulnerability scan

91
Q

Which of the following is considered a risk management BEST practice of succession planning?

A. Reducing risk of critical information being known to an individual person who may leave the organization

B. Implementing company-wide disaster recovery and business continuity plans

C. Providing career advancement opportunities to junior staff which reduces the possibility of insider threats

D. Considering departmental risk management practices in place of company-wide practices

A

Implementing company-wide disaster recovery and business continuity plans

92
Q

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

A. Procedure and policy management

B. Chain of custody management

C. Change management

D. Incident management

A

Incident management

93
Q

A recently installed application update caused a vital application to crash during the middle of the
workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?

A. Application configuration baselines

B. Application hardening

C. Application access controls

D. Application patch management

A

Application patch management

94
Q

Public keys are used for which of the following?

A. Decrypting wireless messages

B. Decrypting the hash of an electronic signature

C. Bulk encryption of IP based email traffic

D. Encrypting web browser traffic

A

Decrypting the hash of an electronic signature

95
Q

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user’s history log shows evidence that the user attempted to escape the rootjail?

A. cd ../../../../bin/bash

B. whoami

C. ls /root

D. sudo -u root

A

cd ../../../../bin/bash

96
Q

Which of the following is the BEST concept to maintain required but non-critical server availability?

A. SaaS site

B. Cold site

C. Hot site

D. Warm site

A

Warm site

97
Q

Users can authenticate to a company’s web applications using their credentials form a popular social media site. Which of the following poses the greatest risk with this integration?

A. Malicious users can exploit local corporate credentials with their social media credentials

B. Changes to passwords on the social media site can be delayed from replicating to the company

C. Data loss from the corporate servers can create legal liabilities with the social media site

D. Password breaches to the social media affect the company application as well

A

Password breaches to the social media affect the company application as well

98
Q

Which of the following is the BEST reason for placing a password lock on a mobile device?

A. Prevents an unauthorized user from accessing owner’s data

B. Enables remote wipe capabilities

C. Stops an unauthorized user from using the device again

D. Prevents an unauthorized user from making phone calls

A

Prevents an unauthorized user from accessing owner’s data

99
Q

Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either “good”, “unknown”, or “revoked”?

A. CRL

B. PKI

C. OCSP

D. RA

A

OCSP

100
Q

Which of the following BEST describes part of the PKI process?

A. User1 decrypts data with User2’s private key

B. User1 hashes data with User2’s public key

C. User1 hashes data with User2’s private key

D. User1 encrypts data with User2’s public key

A

User1 encrypts data with User2’s public key