Deck K Flashcards
Which of the following cryptographic related browser settings allows an organization to communicate securely?
A. SSL 3.0/TLS 1.0
B. 3DES
C. Trusted Sites
D. HMAC
SSL 3.0/TLS 1.0
Peter, an employee, needs a certificate to encrypt data. Which of the following would issue Peter a certificate?
A. Certification authority
B. Key escrow
C. Certificate revocation list
D. Registration authority
Certification authority
A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?
A. Zero-day
B. Buffer overflow
C. Cross site scripting
D. Malicious add-on
Buffer overflow
Which of the following is a directional antenna that can be used in point-to-point or point-to-multipoint WiFi communication systems? (Select TWO).
A. Backfire
B. Dipole
C. Omni
D. PTZ
E. Dish
Backfire
Dish
Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:
A. Set up a honeypot and place false project documentation on an unsecure share.
B. Block access to the project documentation using a firewall.
C. Increase antivirus coverage of the project servers.
D. Apply security updates and harden the OS on all project servers.
Set up a honeypot and place false project documentation on an unsecure share.
An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions.
Which of the following database designs provides the BEST security for the online store?
A. Use encryption for the credential fields and hash the credit card field
B. Encrypt the username and hash the password
C. Hash the credential fields and use encryption for the credit card field
D. Hash both the credential fields and the credit card field
Hash the credential fields and use encryption for the credit card field
Which of the following is characterized by an attack against a mobile device?
A. Evil twin
B. Header manipulation
C. Blue jacking
D. Rogue AP
Blue jacking
Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?
A. To ensure proper use of social media
B. To reduce organizational IT risk
C. To detail business impact analyses
D. To train staff on zero-days
To reduce organizational IT risk
Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?
A. Increased availability of network services due to higher throughput
B. Longer MTBF of hardware due to lower operating temperatures
C. Higher data integrity due to more efficient SSD cooling
D. Longer UPS run time due to increased airflow
Longer MTBF of hardware due to lower operating temperatures
Which of the following components MUST be trusted by all parties in PKI?
A. Key escrow
B. CA
C. Private key
D. Recovery key
CA
Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?
A. Phishing
B. Tailgating
C. Pharming
D. Vishing
Vishing
Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?
A. Restoration and recovery strategies
B. Deterrent strategies
C. Containment strategies
D. Detection strategies
Containment strategies
Which of the following results in datacenters with failed humidity controls? (Select TWO).
A. Excessive EMI
B. Electrostatic charge
C. Improper ventilation
D. Condensation
E. Irregular temperature
Electrostatic charge
Condensation
A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend?
A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna.
B. Change the encryption used so that the encryption protocol is CCMP-based.
C. Disable the network’s SSID and configure the router to only access store devices based on MAC addresses.
D. Increase the access point’s encryption from WEP to WPA TKIP.
Change the encryption used so that the encryption protocol is CCMP-based.
A small company has recently purchased cell phones for managers to use while working outside if the office.
The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the company’s requirements?
A. Screen-lock
B. Disable removable storage
C. Full device encryption
D. Remote wiping
Screen-lock
A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?
A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site.
B. Require the customer to physically come into the company’s main office so that the customer can be authenticated prior to their password being reset.
C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password.
D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.
Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.
The system administrator has been notified that many users are having difficulty connecting to the company’s wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?
A. The certificate used to authenticate users has been compromised and revoked.
B. Multiple war drivers in the parking lot have exhausted all available IPs from the pool to deny access.
C. An attacker has gained access to the access point and has changed the encryption keys.
D. An unauthorized access point has been configured to operate on the same channel.
An unauthorized access point has been configured to operate on the same channel.
Which of the following is the term for a fix for a known software problem?
A. Skiff
B. Patch
C. Slipstream
D. Upgrade
Patch
A company determines a need for additional protection from rogue devices plugging into physical ports around the building.
Which of the following provides the highest degree of protection from unauthorized wired network access?
A. Intrusion Prevention Systems
B. MAC filtering
C. Flood guards
D. 802.1x
802.1x
Which of the following describes the purpose of an MOU?
A. Define interoperability requirements
B. Define data backup process
C. Define onboard/offboard procedure
D. Define responsibilities of each party
Define responsibilities of each party
Peter, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board.
INSERT INTO message `
This is an example of which of the following?
A. XSS attack
B. XML injection attack
C. Buffer overflow attack
D. SQL injection attack
XSS attack
While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).
A. 20
B. 21
C. 22
D. 68
E. 69
20
21
A security administrator wants to implement a solution which will allow some applications to run under the user’s home directory and only have access to files stored within the same user’s folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users?
A. OS Virtualization
B. Trusted OS
C. Process sandboxing
D. File permission
Process sandboxing
The finance department just procured a software application that needs to communicate back to the vendor server via SSL. Which of the following default ports on the firewall must the security engineer open to accomplish this task?
A. 80
B. 130
C. 443
D. 3389
443
Which of the following is the MOST secure protocol to transfer files?
A. FTP
B. FTPS
C. SSH
D. TELNET
FTPS
A company executive’s laptop was compromised, leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators. Which of the following procedures could have been implemented to aid the authorities in their investigation?
A. A comparison should have been created from the original system’s file hashes
B. Witness testimony should have been taken by the administrator
C. The company should have established a chain of custody tracking the laptop
D. A system image should have been created and stored
A system image should have been created and stored
If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing?
A. Transitive trust
B. Public key trust
C. Certificate authority trust
D. Domain level trust
Transitive trust
Which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?
A. Mitigation
B. Identification
C. Preparation
D. Lessons learned
Lessons learned
Which of the following passwords is the LEAST complex?
A. MyTrain!45
B. Mytr@in!!
C. MyTr@in12
D. MyTr@in#8
Mytr@in!!
Which of the following concepts is used by digital signatures to ensure integrity of the data?
A. Non-repudiation
B. Hashing
C. Transport encryption
D. Key escrow
Hashing
A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity?
A. Key escrow
B. Private key verification
C. Public key verification
D. Certificate revocation list
Certificate revocation list
A corporation has experienced several media leaks of proprietary data on various web forums. The posts were made during business hours and it is believed that the culprit is posting during work hours from a corporate machine. The Chief Information Officer (CIO) wants to scan internet traffic and keep records for later use in legal proceedings once the culprit is found. Which of the following provides the BEST solution?
A. Protocol analyzer
B. NIPS
C. Proxy server
D. HIDS
Protocol analyzer
It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?
A. Integrity
B. Safety
C. Availability
D. Confidentiality
Integrity
Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic?
A. Subnetting
B. NAT
C. Quality of service
D. NAC
Quality of service
Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives?
A. Virtualization
B. Remote access
C. Network access control
D. Blade servers
Virtualization
A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?
A. Vishing
B. Phishing
C. Whaling
D. SPAM
E. SPIM
Phishing
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?
A. VLAN
B. Subnet
C. VPN
D. DMZ
DMZ
An advantage of virtualizing servers, databases, and office applications is:
A. Centralized management.
B. Providing greater resources to users.
C. Stronger access control.
D. Decentralized management.
Centralized management
Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?
A. Email scanning
B. Content discovery
C. Database fingerprinting
D. Endpoint protection
Endpoint protection
Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?
A. SHA1
B. MD2
C. MD4
D. MD5
SHA1