Exam A - review Flashcards
A company’s email server has received an email from a third-party, but the
origination server does not match the list of authorized devices. Which of
the following would determine the disposition of this message?
DMARC
DMARC (Domain-based Message Authentication Reporting and
Conformance) specifies the disposition of spam emails. The legitimate
owner of the originating email domain can choose to have these messages
accepted, sent to a spam folder, or rejected.
A system administrator is working on a contract that will specify a
minimum required uptime for a set of Internet-facing firewalls. The
administrator needs to know how often the firewall hardware is expected
to fail between repairs. Which of the following would BEST describe this
information?
MTBF
The MTBF (Mean Time Between Failures) is a prediction of how often a
repairable system will fail.
A network administrator would like each user to authenticate with
their corporate username and password when connecting to the
company’s wireless network. Which of the following should the network
administrator configure on the wireless access points?
802.1X
802.1X uses a centralized authentication server, and this allows all users to
use their corporate credentials during the login process.
A company’s VPN service performs a posture assessment during the
login process. Which of the following mitigation techniques would this
describe?
Configuration enforcement
A posture assessment evaluates the configuration of a system to ensure
all configurations and applications are up to date and secure as possible.
If a configuration does not meet these standards, the user is commonly
provided with options for resolving the issue before proceeding.
A user has assigned individual rights and permissions to a file on their
network drive. The user adds three additional individuals to have readonly access to the file. Which of the following would describe this access
control model?
Discretionary
Discretionary access control is used in many operating systems, and this
model allows the owner of the resource to control who has access.
A company has placed a SCADA system on a segmented network with
limited access from the rest of the corporate network. Which of the
following would describe this process?
Hardening
The hardening process for an industrial SCADA (Supervisory Control and
Data Acquisition) system might include network segmentation, additional
firewall controls, and the implementation of access control lists.
An administrator is viewing the following security log:
Dec 30 08:40:03 web01 Failed password for root
from 10.101.88.230 port 26244 ssh2
Dec 30 08:40:05 web01 Failed password for root
from 10.101.88.230 port 26244 ssh2
Dec 30 08:40:09 web01 445 more authentication
failures; rhost=10.101.88.230 user=root
Which of the following would describe this attack?
Brute force
A brute force attack discovers password by attempting a large combination
of letters, numbers, and special characters until a match is found. In this
example, the notification of over four hundred attempts would qualify as a
brute force attack.
An organization needs to provide a remote access solution for a newly
deployed cloud-based application. This application is designed to be used
by mobile field service technicians. Which of the following would be the
best option for this requirement?
SASE
A SASE (Secure Access Service Edge) solution is a next-generation VPN
technology designed to optimize the process of secure communication to
cloud services.
A corporate security team would like to consolidate and protect the
private keys across all of their web servers. Which of these would be the
BEST way to securely store these keys?
Integrate an HSM
An HSM (Hardware Security Module) is a high-end cryptographic
hardware appliance that can securely store keys and certificates for all
devices.
A security technician is reviewing this security log from an IPS:
ALERT 2018-06-01 13:07:29 [163bcf65118-179b547b]
Cross-Site Scripting in JSON Data
222.43.112.74:3332 -> 64.235.145.35:80
URL/index.html - Method POST - Query String “-“
User Agent: curl/7.21.3 (i386-redhat-linux-gnu) libcurl/7.21.3
NSS/3.13.1.0 zlib/1.2.5 libidn/1.19 libssh2/1.2.7
Detail: token=”
" key="key7" value="alert(2)"
Which of the following can be determined from this log information?
(Select TWO)
❍ A. The alert was generated from a malformed User Agent header
❍ B. The alert was generated from an embedded script
❍ C. The attacker’s IP address is 222.43.112.74
❍ D. The attacker’s IP address is 64.235.145.35
❍ E. The alert was generated due to an invalid client port number
B. The alert was generated from an embedded script and
C. The attacker’s IP address is 222.43.112.74
The details of the IPS (Intrusion Prevention System) alert show a script
value embedded into JSON ( JavaScript Object Notation) data. The IPS
log also shows the flow of the attack with an arrow in the middle. The
attacker was IP address 222.43.112.74 with port 3332, and the victim was
64.235.145.35 over port 80.
A web-based manufacturing company processes monthly charges to credit
card information saved in the customer’s profile. All of the customer
information is encrypted and protected with additional authentication
factors. Which of the following would be the justification for these
security controls?
Compliance reporting
The storage of sensitive information such as customer details and payment
information may require additional reporting to ensure compliance with
the proper security controls.
A company would like to securely deploy applications without the
overhead of installing a virtual machine for each system. Which of the
following would be the BEST way to deploy these applications?
Containerization
Application containerization uses a single virtual machine to use as a
foundation for separate application “containers.” These containers are
implemented as isolated instances, and an application in one container is
not inherently accessible from other containers on the system.
