Deck K Flashcards

1
Q

Which of the following cryptographic related browser settings allows an organization to communicate securely?

A. SSL 3.0/TLS 1.0

B. 3DES

C. Trusted Sites

D. HMAC

A

SSL 3.0/TLS 1.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Peter, an employee, needs a certificate to encrypt data. Which of the following would issue Peter a certificate?

A. Certification authority

B. Key escrow

C. Certificate revocation list

D. Registration authority

A

Certification authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?

A. Zero-day

B. Buffer overflow

C. Cross site scripting

D. Malicious add-on

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is a directional antenna that can be used in point-to-point or point-to-multi­point WiFi communication systems? (Select TWO).

A. Backfire

B. Dipole

C. Omni

D. PTZ

E. Dish

A

Backfire

Dish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:

A. Set up a honeypot and place false project documentation on an unsecure share.

B. Block access to the project documentation using a firewall.

C. Increase antivirus coverage of the project servers.

D. Apply security updates and harden the OS on all project servers.

A

Set up a honeypot and place false project documentation on an unsecure share.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions.
Which of the following database designs provides the BEST security for the online store?

A. Use encryption for the credential fields and hash the credit card field

B. Encrypt the username and hash the password

C. Hash the credential fields and use encryption for the credit card field

D. Hash both the credential fields and the credit card field

A

Hash the credential fields and use encryption for the credit card field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is characterized by an attack against a mobile device?

A. Evil twin

B. Header manipulation

C. Blue jacking

D. Rogue AP

A

Blue jacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?

A. To ensure proper use of social media

B. To reduce organizational IT risk

C. To detail business impact analyses

D. To train staff on zero-days

A

To reduce organizational IT risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?

A. Increased availability of network services due to higher throughput

B. Longer MTBF of hardware due to lower operating temperatures

C. Higher data integrity due to more efficient SSD cooling

D. Longer UPS run time due to increased airflow

A

Longer MTBF of hardware due to lower operating temperatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following components MUST be trusted by all parties in PKI?

A. Key escrow

B. CA

C. Private key

D. Recovery key

A

CA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?

A. Phishing

B. Tailgating

C. Pharming

D. Vishing

A

Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?

A. Restoration and recovery strategies

B. Deterrent strategies

C. Containment strategies

D. Detection strategies

A

Containment strategies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following results in datacenters with failed humidity controls? (Select TWO).

A. Excessive EMI

B. Electrostatic charge

C. Improper ventilation

D. Condensation

E. Irregular temperature

A

Electrostatic charge

Condensation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend?

A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna.

B. Change the encryption used so that the encryption protocol is CCMP-based.

C. Disable the network’s SSID and configure the router to only access store devices based on MAC addresses.

D. Increase the access point’s encryption from WEP to WPA TKIP.

A

Change the encryption used so that the encryption protocol is CCMP-based.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A small company has recently purchased cell phones for managers to use while working outside if the office.
The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the company’s requirements?

A. Screen-lock

B. Disable removable storage

C. Full device encryption

D. Remote wiping

A

Screen-lock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?

A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site.

B. Require the customer to physically come into the company’s main office so that the customer can be authenticated prior to their password being reset.

C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password.

D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.

A

Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The system administrator has been notified that many users are having difficulty connecting to the company’s wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?

A. The certificate used to authenticate users has been compromised and revoked.

B. Multiple war drivers in the parking lot have exhausted all available IPs from the pool to deny access.

C. An attacker has gained access to the access point and has changed the encryption keys.

D. An unauthorized access point has been configured to operate on the same channel.

A

An unauthorized access point has been configured to operate on the same channel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following is the term for a fix for a known software problem?

A. Skiff

B. Patch

C. Slipstream

D. Upgrade

A

Patch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A company determines a need for additional protection from rogue devices plugging into physical ports around the building.
Which of the following provides the highest degree of protection from unauthorized wired network access?

A. Intrusion Prevention Systems

B. MAC filtering

C. Flood guards

D. 802.1x

A

802.1x

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following describes the purpose of an MOU?

A. Define interoperability requirements

B. Define data backup process

C. Define onboard/offboard procedure

D. Define responsibilities of each party

A

Define responsibilities of each party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Peter, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board.
INSERT INTO message `
This is an example of which of the following?

A. XSS attack

B. XML injection attack

C. Buffer overflow attack

D. SQL injection attack

A

XSS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).

A. 20

B. 21

C. 22

D. 68

E. 69

A

20

21

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A security administrator wants to implement a solution which will allow some applications to run under the user’s home directory and only have access to files stored within the same user’s folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users?

A. OS Virtualization

B. Trusted OS

C. Process sandboxing

D. File permission

A

Process sandboxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The finance department just procured a software application that needs to communicate back to the vendor server via SSL. Which of the following default ports on the firewall must the security engineer open to accomplish this task?

A. 80

B. 130

C. 443

D. 3389

A

443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following is the MOST secure protocol to transfer files?

A. FTP

B. FTPS

C. SSH

D. TELNET

A

FTPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A company executive’s laptop was compromised, leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators. Which of the following procedures could have been implemented to aid the authorities in their investigation?

A. A comparison should have been created from the original system’s file hashes

B. Witness testimony should have been taken by the administrator

C. The company should have established a chain of custody tracking the laptop

D. A system image should have been created and stored

A

A system image should have been created and stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing?

A. Transitive trust

B. Public key trust

C. Certificate authority trust

D. Domain level trust

A

Transitive trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?

A. Mitigation

B. Identification

C. Preparation

D. Lessons learned

A

Lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which of the following passwords is the LEAST complex?

A. MyTrain!45

B. Mytr@in!!

C. MyTr@in12

D. MyTr@in#8

A

Mytr@in!!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following concepts is used by digital signatures to ensure integrity of the data?

A. Non-repudiation

B. Hashing

C. Transport encryption

D. Key escrow

A

Hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity?

A. Key escrow

B. Private key verification

C. Public key verification

D. Certificate revocation list

A

Certificate revocation list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A corporation has experienced several media leaks of proprietary data on various web forums. The posts were made during business hours and it is believed that the culprit is posting during work hours from a corporate machine. The Chief Information Officer (CIO) wants to scan internet traffic and keep records for later use in legal proceedings once the culprit is found. Which of the following provides the BEST solution?

A. Protocol analyzer

B. NIPS

C. Proxy server

D. HIDS

A

Protocol analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?

A. Integrity

B. Safety

C. Availability

D. Confidentiality

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic?

A. Subnetting

B. NAT

C. Quality of service

D. NAC

A

Quality of service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives?

A. Virtualization

B. Remote access

C. Network access control

D. Blade servers

A

Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?

A. Vishing

B. Phishing

C. Whaling

D. SPAM

E. SPIM

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

A. VLAN

B. Subnet

C. VPN

D. DMZ

A

DMZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

An advantage of virtualizing servers, databases, and office applications is:

A. Centralized management.

B. Providing greater resources to users.

C. Stronger access control.

D. Decentralized management.

A

Centralized management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?

A. Email scanning

B. Content discovery

C. Database fingerprinting

D. Endpoint protection

A

Endpoint protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?

A. SHA1

B. MD2

C. MD4

D. MD5

A

SHA1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which of the following is true about the recovery agent?

A. It can decrypt messages of users who lost their private key.

B. It can recover both the private and public key of federated users.

C. It can recover and provide users with their lost or private key.

D. It can recover and provide users with their lost public key.

A

It can decrypt messages of users who lost their private key.

42
Q

A network administrator is asked to send a large file containing PII to a business associate.
Which of the following protocols is the BEST choice to use?

A. SSH

B. SFTP

C. SMTP

D. FTP

A

SFTP

43
Q

A major security risk with co-mingling of hosts with different security requirements is:

A. Security policy violations.

B. Zombie attacks.

C. Password compromises.

D. Privilege creep.

A

Security policy violations

44
Q

Prior to leaving for an extended vacation, Peter uses his mobile phone to take a picture of his family in the house living room. Peter posts the picture on a popular social media site together with the message: “Heading to our two weeks vacation to Italy.” Upon returning home, Peter discovers that the house was burglarized. Which of the following is the MOST likely reason the house was burglarized if nobody knew Peter’s home address?

A. Peter has enabled the device access control feature on his mobile phone.

B. Peter’s home address can be easily found using the TRACEROUTE command.

C. The picture uploaded to the social media site was geo-tagged by the mobile phone.

D. The message posted on the social media site informs everyone the house will be empty.

A

The picture uploaded to the social media site was geo-tagged by the mobile phone.

45
Q

A security Operations Center was scanning a subnet for infections and found a contaminated machine. One of the administrators disabled the switch port that the machine was connected to, and informed a local technician of the infection. Which of the following steps did the administrator perform?

A. Escalation

B. Identification

C. Notification

D. Quarantine

E. Preparation

A

Notification

Quarantine

46
Q

A resent OS patch caused an extended outage. It took the IT department several hours to uncover the cause of the issue due to the system owner who installed the patch being out of the office. Which of the following could help reduce the likelihood of this situation occurring in the future?

A. Separation of duties

B. Change management procedures

C. Incident management procedures

D. User rights audits and reviews

A

Change management procedures

47
Q

Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?

A. Proxies

B. Load balancers

C. Protocol analyzer

D. VPN concentrator

A

Proxies

48
Q

Which of the following would be used as a secure substitute for Telnet?

A. SSH

B. SFTP

C. SSL

D. HTTPS

A

SSH

49
Q

The act of magnetically erasing all of the data on a disk is known as:

A. Wiping

B. Dissolution

C. Scrubbing

D. Degaussing

A

Degaussing

50
Q

An organization recently switched from a cloud-based email solution to an in-house email server. The firewall needs to be modified to allow for sending and receiving email. Which of the following ports should be open on the firewall to allow for email traffic? (Select THREE).

A. TCP 22

B. TCP 23

C. TCP 25

D. TCP 53

E. TCP 110

F. TCP 143

G. TCP 445

A

TCP 25

TCP 110

TCP 143

51
Q

Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended?

A. Screen lock

B. Voice encryption

C. GPS tracking

D. Device encryption

A

Screen lock

52
Q
Which of the following is the below pseudo-code an example of? 
IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT 

A. Buffer overflow prevention

B. Input validation

C. CSRF prevention

D. Cross-site scripting prevention

A

Input validation

53
Q

Encryption of data at rest is important for sensitive information because of which of the following?

A. Facilitates tier 2 support, by preventing users from changing the OS

B. Renders the recovery of data harder in the event of user password loss

C. Allows the remote removal of data following eDiscovery requests

D. Prevents data from being accessed following theft of physical equipment

A

Prevents data from being accessed following theft of physical equipment

54
Q

A security technician needs to open ports on a firewall to allow for domain name resolution.
Which of the following ports should be opened? (Select TWO).

A. TCP 21

B. TCP 23

C. TCP 53

D. UDP 23

E. UDP 53

A

TCP 53

UDP 53

55
Q

Which of the following is an advantage of implementing individual file encryption on a hard drive which already deploys full disk encryption?

A. Reduces processing overhead required to access the encrypted files

B. Double encryption causes the individually encrypted files to partially lose their properties

C. Individually encrypted files will remain encrypted when copied to external media

D. File level access control only apply to individually encrypted files in a fully encrypted drive

A

Individually encrypted files will remain encrypted when copied to external media

56
Q

Certificates are used for: (Select TWO).

A. Client authentication.

B. WEP encryption.

C. Access control lists.

D. Code signing.

E. Password hashing.

A

Client authentication

Code signing

57
Q

The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following?

A. Rainbow tables attacks

B. Brute force attacks

C. Birthday attacks

D. Cognitive passwords attacks

A

Cognitive passwords attacks

58
Q

An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?

A. TCP/IP

B. SSL

C. SCP

D. SSH

A

SSL

59
Q

Which of the following concepts defines the requirement for data availability?

A. Authentication to RADIUS

B. Non-repudiation of email messages

C. Disaster recovery planning

D. Encryption of email messages

A

Disaster recovery planning

60
Q

Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?

A. 21/UDP

B. 21/TCP

C. 22/UDP

D. 22/TCP

A

22/TCP

61
Q

An auditor is given access to a conference room to conduct an analysis. When they connect their laptop’s Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue?

A. Ethernet cable is damaged

B. The host firewall is set to disallow outbound connections

C. Network Access Control

D. The switch port is administratively shutdown

A

Network Access Control

62
Q

Employee badges are encoded with a private encryption key and specific personal information.
The encoding is then used to provide access to the network. Which of the following describes this access control type?

A. Smartcard

B. Token

C. Discretionary access control

D. Mandatory access control

A

Smartcard

63
Q

Which of the following could cause a browser to display the message below?
“The security certificate presented by this website was issued for a different website’s address.”

A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs.

B. The website is using a wildcard certificate issued for the company’s domain.

C. HTTPS://127.0.01 was used instead of HTTPS://localhost.

D. The website is using an expired self signed certificate.

A

HTTPS://127.0.01 was used instead of HTTPS://localhost.

64
Q

Which of the following allows an organization to store a sensitive PKI component with a trusted third party?

A. Trust model

B. Public Key Infrastructure

C. Private key

D. Key escrow

A

Key escrow

65
Q

A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?

A. Account lockout policy

B. Account password enforcement

C. Password complexity enabled

D. Separation of duties

A

Separation of duties

66
Q

Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches?

A. DIAMETER

B. RADIUS

C. TACACS+

D. Kerberos

A

TACACS+

67
Q

Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password?

A. Authentication server

B. Server certificate

C. Key length

D. EAP method

A

Key length

68
Q

A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO’s requirements?

A. Username and password

B. Retina scan and fingerprint scan

C. USB token and PIN

D. Proximity badge and token

A

USB token and PIN

69
Q

Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?

A. Vulnerability scanning

B. Port scanning

C. Penetration testing

D. Black box

A

Vulnerability scanning

70
Q

Which of the following is a requirement when implementing PKI if data loss is unacceptable?

A. Web of trust

B. Non-repudiation

C. Key escrow

D. Certificate revocation list

A

Key escrow

71
Q

Ann wants to send a file to Peter using PKI. Which of the following should Ann use in order to sign the file?

A. Peter’s public key

B. Peter’s private key

C. Ann’s public key

D. Ann’s private key

A

Ann’s private key

72
Q

One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?

A. File level encryption with alphanumeric passwords

B. Biometric authentication and cloud storage

C. Whole disk encryption with two-factor authentication

D. BIOS passwords and two-factor authentication

A

Whole disk encryption with two-factor authentication

73
Q

A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?

A. The old APs use 802.11a

B. Users did not enter the MAC of the new APs

C. The new APs use MIMO

D. A site survey was not conducted

A

A site survey was not conducted

74
Q

Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?

A. Installing anti-malware

B. Implementing an IDS

C. Taking a baseline configuration

D. Disabling unnecessary services

A

Disabling unnecessary services

75
Q

Peter analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
Host 192.168.1.123
[00:
00: 01]Successful Login: 015 192.168.1.123 : local
[00:
00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
[00:
00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
[00:
00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[00:
00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124

A. Reporting

B. IDS

C. Monitor system logs

D. Hardening

A

Hardening

76
Q

A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?

A. Succession plan

B. Continuity of operation plan

C. Disaster recovery plan

D. Business impact analysis

A

Business impact analysis

77
Q

Peter, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Peter?

A. Succession planning

B. Disaster recovery

C. Separation of duty

D. Removing single loss expectancy

A

Succession planning

78
Q

An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?

A. Use a stateful firewall

B. Enable MAC filtering

C. Upgrade to WPA2 encryption

D. Force the WAP to use channel 1

A

Enable MAC filtering

79
Q

Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

A. Incident management

B. Clean desk policy

C. Routine audits

D. Change management

A

Change management

80
Q

Which of the following is a best practice when securing a switch from physical access?

A. Disable unnecessary accounts

B. Print baseline configuration

C. Enable access lists

D. Disable unused ports

A

Disable unused ports

81
Q

A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface.
PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443
Which of the following rules would accomplish this task? (Select TWO).

A. Change the firewall default settings so that it implements an implicit deny

B. Apply the current ACL to all interfaces of the firewall

C. Remove the current ACL

D. Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53

E. Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53

F. Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53

A

Change the firewall default settings so that it implements an implicit deny

Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53

82
Q

An administrator notices that former temporary employees’ accounts are still active on a domain.
Which of the following can be implemented to increase security and prevent this from happening?

A. Implement a password expiration policy.

B. Implement an account expiration date for permanent employees.

C. Implement time of day restrictions for all temporary employees.

D. Run a last logon script to look for inactive accounts.

A

Run a last logon script to look for inactive accounts.

83
Q

The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as:

A. Stabilizing

B. Reinforcing

C. Hardening

D. Toughening

A

Hardening

84
Q

An incident occurred when an outside attacker was able to gain access to network resources. During the incident response, investigation security logs indicated multiple failed login attempts for a network administrator. Which of the following controls, if in place could have BEST prevented this successful attack?

A. Password history

B. Password complexity

C. Account lockout

D. Account expiration

A

Account lockout

85
Q

Four weeks ago, a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff began to spread, the IDS alerted the network administrator that access to sensitive client files had risen far above normal. Which of the following kind of IDS is in use?

A. Protocol based

B. Heuristic based

C. Signature based

D. Anomaly based

A

Anomaly based

86
Q

To protect corporate data on removable media, a security policy should mandate that all removable devices use which of the following?

A. Full disk encryption

B. Application isolation

C. Digital rights management

D. Data execution prevention

A

Full disk encryption

87
Q

A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user’s host:
Old hosts’ file: 127.0.0.1 localhost New hosts’ file:
127.0.0.1 localhost
5.5.5.5 www.comptia.com
Which of the following attacks has taken place?

A. Spear phishing

B. Pharming

C. Phishing

D. Vishing

A

Pharming

88
Q

Which of the following BEST explains Platform as a Service?

A. An external entity that provides a physical or virtual instance of an installed operating system

B. A third party vendor supplying support services to maintain physical platforms and servers

C. An external group providing operating systems installed on virtual servers with web applications

D. An internal group providing physical server instances without installed operating systems or support

A

An external group providing operating systems installed on virtual servers with web applications

89
Q

Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages?

A. Risk transference

B. Change management

C. Configuration management

D. Access control revalidation

A

Change management

90
Q

Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender?

A. Recipient’s private key

B. Sender’s public key

C. Recipient’s public key

D. Sender’s private key

A

Sender’s public key

91
Q

A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?

A. Firewall

B. Application

C. IDS

D. Security

A

Security

92
Q

A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68.
Which of the following replies has the administrator received?

A. The loopback address

B. The local MAC address

C. IPv4 address

D. IPv6 address

A

IPv6 address

93
Q

A technician wants to verify the authenticity of the system files of a potentially compromised system. Which of the following can the technician use to verify if a system file was compromised? (Select TWO).

A. AES

B. PGP

C. SHA

D. MD5

E. ECDHE

A

SHA

MD5

94
Q

Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?

A. Honeypot

B. Port scanner

C. Protocol analyzer

D. Vulnerability scanner

A

Protocol analyzer

95
Q

A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a `listening’ state. No other ports are open. Which of the following services should be disabled to ensure secure communications?

A. HTTPS

B. HTTP

C. RDP

D. TELNET

A

HTTP

96
Q

Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?

A. SFTP

B. HTTPS

C. TFTP

D. TLS

A

TLS

97
Q

Which of the following algorithms has well documented collisions? (Select TWO).

A. AES

B. MD5

C. SHA

D. SHA-256

E. RSA

A

MD5

SHA

98
Q

Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO).

A. Scanning printing of documents.

B. Scanning of outbound IM (Instance Messaging).

C. Scanning copying of documents to USB.

D. Scanning of SharePoint document library.

E. Scanning of shared drives.

F. Scanning of HTTP user traffic.

A

Scanning of outbound IM (Instance Messaging).

Scanning of HTTP user traffic.

99
Q

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?

A. Privilege escalation

B. Advanced persistent threat

C. Malicious insider threat

D. Spear phishing

A

Advanced persistent threat

100
Q

Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

A. SQL injection

B. Session hijacking and XML injection

C. Cookies and attachments

D. Buffer overflow and XSS

A

SQL injection