Exam B review Flashcards
A security engineer is preparing to conduct a penetration test of a thirdparty website. Part of the preparation involves reading through social media posts for information about this site. Which of the following
describes this practice?
OSINT
OSINT (Open Source Intelligence) describes the process of obtaining
information from open sources such as social media sites, corporate
websites, online forums, and other publicly available locations.
An online retailer is planning a penetration test as part of their PCI DSS validation. A third-party organization will be performing the test, and the online retailer has provided the Internet-facing IP addresses for their
public web servers. No other details were provided. What penetration
testing methodology is the online retailer using?
Partially known environment
A partially known environment test is performed when the attacker knows
some information about the victim, but not all information is available.
A user in the accounting department would like to email a spreadsheet
with sensitive information to a list of third-party vendors. Which of the
following would be the BEST way to protect the data in this email?
Asymmetric encryption
Asymmetric encryption uses a recipient’s public key to encrypt data,
and this data can only be decrypted with the recipient’s private key. This
encryption method is commonly used with software such as PGP or
GPG
A transportation company is installing new wireless access points in their
corporate office. The manufacturer estimates the access points will operate
an average of 100,000 hours before a hardware-related outage. Which of
the following describes this estimate?
MTBF
The MTBF (Mean Time Between Failures) is the average time expected
between outages. This is usually an estimation based on the internal device
components and their expected operational lifetime.
A security administrator is configuring the authentication process used by
technicians when logging into wireless access points and switches. Instead
of using local accounts, the administrator would like to pass all login
requests to a centralized database. Which of the following would be the
BEST way to implement this requirement?
AAA
Using AAA (Authentication, Authorization, and Accounting) is a
common method of centralizing authentication. Instead of having separate local accounts on different devices, users can authenticate with account information maintained in a centralized database.
A security administrator has been asked to build a network link to secure
all communication between two remote locations. Which of the following
would be the best choice for this task?
IPsec
IPsec (Internet Protocol Security) is commonly used to create a VPN
(Virtual Private Network) protected tunnel between devices or locations.
Which of the following would be the BEST way to protect credit card
account information when performing real-time purchase authorizations?
Tokenization
Tokenization is a technique that replaces user data with a non-sensitive
placeholder, or token. Tokenization is commonly used on mobile devices
during a purchase to use a credit card without transmitting the physical
credit card number across the network.
A security administrator has been tasked with hardening all internal web
servers to control access from certain IP address ranges and ensure all
transferred data remains confidential. Which of the following should the
administrator include in his project plan? (Select TWO)
❍ A. Change the administrator password
❍ B. Use HTTPS for all server communication
❍ C. Uninstall all unused software
❍ D. Enable a host-based firewall
❍ E. Install the latest operating system update
B. Use HTTPS for all server communication, and
D. Enable a host-based firewall
Using the secure HTTPS (Hypertext Transfer Protocol Secure) protocol
will ensure that all network communication is encrypted between the web server and the client devices. A host-based firewall can be used to allow or disallow traffic from certain IP address ranges.
A system administrator has protected a set of system backups with an encryption key. The system administrator used the same key when
restoring files from this backup. Which of the following would BEST describe this encryption type?
Symmetric
Symmetric encryption uses the same key for both encryption and
decryption.
Which of the following would be the main reasons why a system
administrator would use a TPM when configuring full disk encryption?
(Select TWO)
❍ A. Allows the encryption of multiple volumes
❍ B. Uses burned-in cryptographic keys
❍ C. Stores certificates in a hardware security module
❍ D. Maintains a copy of the CRL
❍ E. Includes built-in protections against brute-force attacks
B. Uses burned-in cryptographic keys and
E. Includes built-in protections against brute-force attacks
A TPM (Trusted Platform Module) is part of a computer’s motherboard,
and it’s specifically designed to assist and protect with cryptographic
functions. Full disk encryption (FDE) can use the burned-in TPM keys
to verify the local device hasn’t changed, and there are security features in
the TPM to prevent brute-force or dictionary attacks against the full disk
encryption login credentials.
Which of the following would be the best way to describe the estimated
number of laptops that might be stolen in a fiscal year?
ARO
The ARO (Annualized Rate of Occurrence) describes the number of
instances estimated to occur in a year. For example, if the organization
expect to lose seven laptops to theft in a year, the ARO for laptop theft is
seven.