Deck J Flashcards
A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?
A. Penetration testing
B. WAF testing
C. Vulnerability scanning
D. White box testing
Vulnerability scanning
After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?
A. Fencing
B. Proximity readers
C. Video surveillance
D. Bollards
Bollards
Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).
A. Disable the USB root hub within the OS.
B. Install anti-virus software on the USB drives.
C. Disable USB within the workstations BIOS.
D. Apply the concept of least privilege to USB devices.
E. Run spyware detection against all workstations.
Disable the USB root hub within the OS.
Disable USB within the workstations BIOS.
In PKI, a key pair consists of: (Select TWO).
A. A key ring
B. A public key
C. A private key
D. Key escrow
E. A passphrase
A public key
A private key
A technician is investigating intermittent switch degradation. The issue only seems to occur when the building’s roof air conditioning system runs. Which of the following would reduce the connectivity issues?
A. Adding a heat deflector
B. Redundant HVAC systems
C. Shielding
D. Add a wireless network
Shielding
Which of the following is an application security coding problem?
A. Error and exception handling
B. Patch management
C. Application hardening
D. Application fuzzing
Error and exception handling
A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?
A. Remove all previous smart card certificates from the local certificate store.
B. Publish the new certificates to the global address list.
C. Make the certificates available to the operating system.
D. Recover the previous smart card certificates.
Publish the new certificates to the global address list.
Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?
A. Least privilege
B. Job rotation
C. Mandatory vacations
D. Separation of duties
Job rotation
Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?
A. Penetration test
B. Code review
C. Baseline review
D. Design review
Baseline review
A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons?
A. SNMPv3
B. TFTP
C. SSH
D. TLS
SNMPv3
A network engineer is configuring a VPN tunnel connecting a company’s network to a business partner. Which of the following protocols should be used for key exchange?
A. SHA-1
B. RC4
C. Blowfish
D. Diffie-Hellman
SHA-1
The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?
A. Sniffers
B. NIDS
C. Firewalls
D. Web proxies
E. Layer 2 switches
Firewalls
Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?
A. Event
B. SQL_LOG
C. Security
D. Access
Event
Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?
A. Least privilege access
B. Separation of duties
C. Mandatory access control
D. Mandatory vacations
Mandatory vacations
Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?
A. Hashing
B. Transport encryption
C. Digital signatures
D. Steganography
Steganography
Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?
A. The data should be encrypted prior to transport
B. This would not constitute unauthorized data sharing
C. This may violate data ownership and non-disclosure agreements
D. Acme Corp should send the data to ABC Services’ vendor instead
This may violate data ownership and non-disclosure agreements
The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced?
A. Acceptable use policy
B. Telecommuting policy
C. Data ownership policy
D. Non disclosure policy
Acceptable use policy
A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?
A. WPA2 CCMP
B. WPA
C. WPA with MAC filtering
D. WPA2 TKIP
WPA2 CCMP
Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?
A. Least privilege
B. Sandboxing
C. Black box
D. Application hardening
Sandboxing
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.
C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.
D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?
A. Single sign-on
B. Authorization
C. Access control
D. Authentication
Authentication
A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?
A. Internet networks can be accessed via personally-owned computers.
B. Data can only be stored on local workstations.
C. Wi-Fi networks should use WEP encryption by default.
D. Only USB devices supporting encryption are to be used.
Only USB devices supporting encryption are to be used.
To ensure proper evidence collection, which of the following steps should be performed FIRST?
A. Take hashes from the live system
B. Review logs
C. Capture the system image
D. Copy all compromised files
Capture the system image
Which of the following should an administrator implement to research current attack methodologies?
A. Design reviews
B. Honeypot
C. Vulnerability scanner
D. Code reviews
Honeypot