Deck J Flashcards
A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?
A. Penetration testing
B. WAF testing
C. Vulnerability scanning
D. White box testing
Vulnerability scanning
After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?
A. Fencing
B. Proximity readers
C. Video surveillance
D. Bollards
Bollards
Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).
A. Disable the USB root hub within the OS.
B. Install anti-virus software on the USB drives.
C. Disable USB within the workstations BIOS.
D. Apply the concept of least privilege to USB devices.
E. Run spyware detection against all workstations.
Disable the USB root hub within the OS.
Disable USB within the workstations BIOS.
In PKI, a key pair consists of: (Select TWO).
A. A key ring
B. A public key
C. A private key
D. Key escrow
E. A passphrase
A public key
A private key
A technician is investigating intermittent switch degradation. The issue only seems to occur when the building’s roof air conditioning system runs. Which of the following would reduce the connectivity issues?
A. Adding a heat deflector
B. Redundant HVAC systems
C. Shielding
D. Add a wireless network
Shielding
Which of the following is an application security coding problem?
A. Error and exception handling
B. Patch management
C. Application hardening
D. Application fuzzing
Error and exception handling
A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?
A. Remove all previous smart card certificates from the local certificate store.
B. Publish the new certificates to the global address list.
C. Make the certificates available to the operating system.
D. Recover the previous smart card certificates.
Publish the new certificates to the global address list.
Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?
A. Least privilege
B. Job rotation
C. Mandatory vacations
D. Separation of duties
Job rotation
Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?
A. Penetration test
B. Code review
C. Baseline review
D. Design review
Baseline review
A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons?
A. SNMPv3
B. TFTP
C. SSH
D. TLS
SNMPv3
A network engineer is configuring a VPN tunnel connecting a company’s network to a business partner. Which of the following protocols should be used for key exchange?
A. SHA-1
B. RC4
C. Blowfish
D. Diffie-Hellman
SHA-1
The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?
A. Sniffers
B. NIDS
C. Firewalls
D. Web proxies
E. Layer 2 switches
Firewalls
Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?
A. Event
B. SQL_LOG
C. Security
D. Access
Event
Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?
A. Least privilege access
B. Separation of duties
C. Mandatory access control
D. Mandatory vacations
Mandatory vacations
Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?
A. Hashing
B. Transport encryption
C. Digital signatures
D. Steganography
Steganography
Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?
A. The data should be encrypted prior to transport
B. This would not constitute unauthorized data sharing
C. This may violate data ownership and non-disclosure agreements
D. Acme Corp should send the data to ABC Services’ vendor instead
This may violate data ownership and non-disclosure agreements
The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced?
A. Acceptable use policy
B. Telecommuting policy
C. Data ownership policy
D. Non disclosure policy
Acceptable use policy
A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?
A. WPA2 CCMP
B. WPA
C. WPA with MAC filtering
D. WPA2 TKIP
WPA2 CCMP
Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?
A. Least privilege
B. Sandboxing
C. Black box
D. Application hardening
Sandboxing
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.
C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.
D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?
A. Single sign-on
B. Authorization
C. Access control
D. Authentication
Authentication
A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?
A. Internet networks can be accessed via personally-owned computers.
B. Data can only be stored on local workstations.
C. Wi-Fi networks should use WEP encryption by default.
D. Only USB devices supporting encryption are to be used.
Only USB devices supporting encryption are to be used.
To ensure proper evidence collection, which of the following steps should be performed FIRST?
A. Take hashes from the live system
B. Review logs
C. Capture the system image
D. Copy all compromised files
Capture the system image
Which of the following should an administrator implement to research current attack methodologies?
A. Design reviews
B. Honeypot
C. Vulnerability scanner
D. Code reviews
Honeypot
Which of the following attacks involves the use of previously captured network traffic?
A. Replay
B. Smurf
C. Vishing
D. DDoS
Replay
A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people’s first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data?
A. PII
B. PCI
C. Low
D. Public
PII
An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?
A. Generate a new private key based on AES.
B. Generate a new public key based on RSA.
C. Generate a new public key based on AES.
D. Generate a new private key based on RSA.
Generate a new private key based on RSA.
A security administrator wants to block unauthorized access to a web server using a locally installed software program. Which of the following should the administrator deploy?
A. NIDS
B. HIPS
C. NIPS
D. HIDS
HIPS
A security technician received notification of a remotely exploitable vulnerability affecting all multifunction printers firmware installed throughout the organization. The vulnerability allows a malicious user to review all the documents processed by the affected printers. Which of the following compensating controls can the security technician to mitigate the security risk of a sensitive document leak?
A. Create a separate printer network
B. Perform penetration testing to rule out false positives
C. Install patches on the print server
D. Run a full vulnerability scan of all the printers
Install patches on the print server
Which of the following BEST allows Peter, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?
A. Switches
B. Protocol analyzers
C. Routers
D. Web security gateways
Protocol analyzers
An encrypted message is sent using PKI from Emily, a client, to a customer. Emily claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?
A. CRL
B. Non-repudiation
C. Trust models
D. Recovery agents
Non-repudiation
Which of the following network architecture concepts is used to securely isolate at the boundary between networks?
A. VLAN
B. Subnetting
C. DMZ
D. NAT
DMZ
An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk?
A. (Threats X vulnerability X asset value) x controls gap
B. (Threats X vulnerability X profit) x asset value
C. Threats X vulnerability X control gap
D. Threats X vulnerability X asset value
Threats X vulnerability X asset value
Timestamps and sequence numbers act as countermeasures against which of the following types of attacks?
A. Smurf
B. DoS
C. Vishing
D. Replay
Replay
Environmental control measures include which of the following?
A. Access list
B. Lighting
C. Motion detection
D. EMI shielding
EMI shielding
A password history value of three means which of the following?
A. Three different passwords are used before one can be reused.
B. A password cannot be reused once changed for three years.
C. After three hours a password must be re-entered to continue.
D. The server stores passwords in the database for three days.
Three different passwords are used before one can be reused.
Which of the following is the MOST important step for preserving evidence during forensic procedures?
A. Involve law enforcement
B. Chain of custody
C. Record the time of the incident
D. Report within one hour of discovery
Chain of custody
Which of the following is the LEAST volatile when performing incident response procedures?
A. Registers
B. RAID cache
C. RAM
D. Hard drive
Hard drive
On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages.
Which of the following is the MOST likely cause for this issue?
A. Too many incorrect authentication attempts have caused users to be temporarily disabled.
B. The DNS server is overwhelmed with connections and is unable to respond to queries.
C. The company IDS detected a wireless attack and disabled the wireless network.
D. The Remote Authentication Dial-In User Service server certificate has expired.
The Remote Authentication Dial-In User Service server certificate has expired.
Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?
A. Spam filter
B. URL filter
C. Content inspection
D. Malware inspection
URL filter