Deck L Flashcards
Peter, the compliance manager, wants to meet regulations. Peter would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Peter implement to BEST achieve this goal?
A. A host-based intrusion prevention system
B. A host-based firewall
C. Antivirus update system
D. A network-based intrusion detection system
A host-based firewall
Which of the following risks could IT management be mitigating by removing an all-in-one device?
A. Continuity of operations
B. Input validation
C. Single point of failure
D. Single sign on
Single point of failure
A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?
A. Database field encryption
B. File-level encryption
C. Data loss prevention system
D. Full disk encryption
Database field encryption
An administrator is investigating a system that may potentially be compromised, and sees the following log entries on the router.
*Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 3 packets.
*Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 6 packets.
*Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?
A. It is running a rogue web server
B. It is being used in a man-in-the-middle attack
C. It is participating in a botnet
D. It is an ARP poisoning attack
It is participating in a botnet
A company wants to ensure that all aspects if data are protected when sending to other sites within the enterprise. Which of the following would ensure some type of encryption is performed while data is in transit?
A. SSH
B. SHA1
C. TPM
D. MD5
TPM
Peter, an employee is taking a taxi through a busy city and starts to receive unsolicited files sent to his Smartphone. Which of the following is this an example of?
A. Vishing
B. Bluejacking
C. War Driving
D. SPIM
E. Bluesnarfing
Bluejacking
Which of the following is a notification that an unusual condition exists and should be investigated?
A. Alert
B. Trend
C. Alarm
D. Trap
Alert
A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs:
10.10.3.16
10.10.3.23
212.178.24.26
217.24.94.83
These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring?
A. XSS
B. DDoS
C. DoS
D. Xmas
DDoS
Which of the following documents outlines the responsibility of both participants in an agreement between two organizations?
A. RFC
B. MOU
C. RFQ
D. SLA
MOU
A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).
A. Deny incoming connections to the outside router interface.
B. Change the default HTTP port
C. Implement EAP-TLS to establish mutual authentication
D. Disable the physical switch ports
E. Create a server VLAN
F. Create an ACL to access the server
Create a server VLAN
Create an ACL to access the server
Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?
A. Deploy a HIDS suite on the users’ computers to prevent application installation.
B. Maintain the baseline posture at the highest OS patch level.
C. Enable the pop-up blockers on the users’ browsers to prevent malware.
D. Create an approved application list and block anything not on it.
Create an approved application list and block anything not on it.
The Chief Security Officer (CSO) for a datacenter in a hostile environment is concerned about protecting the facility from car bomb attacks. Which of the following BEST would protect the building from this threat? (Select two.)
A. Dogs
B. Fencing
C. CCTV
D. Guards
E. Bollards
F. Lighting
Fencing
Bollards
Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?
A. Check the referrer field in the HTTP header
B. Disable Flash content
C. Use only cookies for authentication
D. Use only HTTPS URLs
Check the referrer field in the HTTP header
A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs.
Which of the following should the administrator use to test the patching process quickly and often?
A. Create an incremental backup of an unpatched PC
B. Create an image of a patched PC and replicate it to servers
C. Create a full disk image to restore after each installation
D. Create a virtualized sandbox and utilize snapshots
Create a virtualized sandbox and utilize snapshots
Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding?
A. Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing.
B. MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high.
C. MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.
D. MOUs between two companies working together cannot be held to the same legal standards as SLAs.
MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.
A company’s employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?
A. Spam filter
B. Digital signatures
C. Antivirus software
D. Digital certificates
Digital signatures
A user has received an email from an external source which asks for details on the company’s new product line set for release in one month. The user has a detailed spec sheet but it is marked “Internal Proprietary Information”. Which of the following should the user do NEXT?
A. Contact their manager and request guidance on how to best move forward
B. Contact the help desk and/or incident response team to determine next steps
C. Provide the requestor with the email information since it will be released soon anyway
D. Reply back to the requestor to gain their contact information and call them
Contact the help desk and/or incident response team to determine next steps
Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?
A. Error and exception handling
B. Application hardening
C. Application patch management
D. Cross-site script prevention
Application hardening
Privilege creep among long-term employees can be mitigated by which of the following procedures?
A. User permission reviews
B. Mandatory vacations
C. Separation of duties
D. Job function rotation
User permission reviews
Peter, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?
A. NIPS
B. HIDS
C. HIPS
D. NIDS
NIPS
Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?
A. Set up mantraps to avoid tailgating of approved users.
B. Place a guard at the entrance to approve access.
C. Install a fingerprint scanner at the entrance.
D. Implement proximity readers to scan users’ badges.
Place a guard at the entrance to approve access.
Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?
PERMIT TCP ANY HOST 192.168.0.10 EQ 80
PERMIT TCP ANY HOST 192.168.0.10 EQ 443
A. It implements stateful packet filtering.
B. It implements bottom-up processing.
C. It failed closed.
D. It implements an implicit deny.
It implements an implicit deny.
Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process?
A. Separation of Duties
B. Mandatory Vacations
C. Discretionary Access Control
D. Job Rotation
Separation of Duties
A new intern was assigned to the system engineering department, which consists of the system architect and system software developer’s teams. These two teams have separate privileges. The intern requires privileges to view the system architectural drawings and comment on some software development projects. Which of the following methods should the system administrator implement?
A. Group based privileges
B. Generic account prohibition
C. User access review
D. Credential management
Group based privileges