exam1 x2 Flashcards
A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility? (Select TWO) ❍ A. Partition data ❍ B. Kernel statistics ❍ C. ROM data ❍ D. Temporary file systems ❍ E. Process table
The Answer: A. Partition data and D. Temporary file systems
Both temporary file system data and partition data are part of the file
storage subsystem.
The incorrect answers:
B. Kernel statistics
Kernel statistics are stored in memory.
C. ROM data
ROM data is a type of memory storage.
E. Process table
The process table keeps track of system processes, and it stores this
information in RAM.
More information:
SY0-601, Objective 4.5 - Forensics Data Acquisition
https://professormesser.link/601040502
Which of the following standards provides information on privacy and managing PII? ❍ A. ISO 31000 ❍ B. ISO 27002 ❍ C. ISO 27701 ❍ D. ISO 27001
The Answer: C. ISO 27701
The ISO (International Organization for Standardization) 27701
standard extends the ISO 27001 and 27002 standards to include detailed
management of PII (Personally Identifiable Information) and data privacy.
The incorrect answers:
A. ISO 31000
The ISO 31000 standard sets international standards for risk management
practices.
B. ISO 27002
Information security controls are the focus of the ISO 27002 standard.
D. ISO 27001
The ISO 27001 standard is the foundational standard for Information
Security Management Systems (ISMS).
A system administrator, Daniel, is working on a contract that will specify
a minimum required uptime for a set of Internet-facing firewalls. Daniel
needs to know how often the firewall hardware is expected to fail between
repairs. Which of the following would BEST describe this information?
❍ A. MTBF
❍ B. RTO
❍ C. MTTR
❍ D. MTTF
The Answer: A. MTBF
The MTBF (Mean Time Between Failures) is a prediction of how often a
repairable system will fail.
The incorrect answers:
B. RTO
RTO (Recovery Time Objectives) define a set of objectives needed to
restore a particular service level.
C. MTTR
MTTR (Mean Time to Restore) is the amount of time it takes to repair a
component.
D. MTTF
MTTF (Mean Time to Failure) is the expected lifetime of a nonrepairable product or system.
More information:
SY0-601, Objective 5.4 - Business Impact Analysis
https://professormesser.link/601050403
An attacker calls into a company’s help desk and pretends to be the
director of the company’s manufacturing department. The attacker
states that they have forgotten their password and they need to have the
password reset quickly for an important meeting. What kind of attack
would BEST describe this phone call?
❍ A. Social engineering
❍ B. Tailgating
❍ C. Vishing
❍ D. On-path
The Answer: A. Social engineering
A social engineering attack takes advantage of authority and urgency
principles in an effort to convince someone else to circumvent normal
security controls.
The incorrect answers:
B. Tailgating
A tailgating attack follows someone else with proper credentials through a
door. This allows the attack to gain access to an area that’s normally locked.
C. Vishing
Vishing (voice phishing) attacks use the phone to obtain private
information from others. In this example, the attacker was not asking for
confidential information.
D. On-path
An on-path attack commonly occurs without any knowledge to the parties
involved, and there’s usually no additional notification that an attack is
underway. In this question, the attacker contacted the help desk engineer
directly.
More information:
SY0-601, Objective 1.1 - Principles of Social Engineering
https://professormesser.link/601010110
A security administrator has been using EAP-FAST wireless
authentication since the migration from WEP to WPA2. The company’s
network team now needs to support additional authentication protocols
inside of an encrypted tunnel. Which of the following would meet the
network team’s requirements?
❍ A. EAP-TLS
❍ B. PEAP
❍ C. EAP-TTLS
❍ D. EAP-MSCHAPv2
The Answer: C. EAP-TTLS
EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport
Layer Security) allows the use of multiple authentication protocols
transported inside of an encrypted TLS (Transport Layer Security) tunnel.
This allows the use of any authentication while maintaining confidentiality
with TLS.
The incorrect answers:
A. EAP-TLS
EAP-TLS does not provide a mechanism for using multiple
authentication types within a TLS tunnel.
B. PEAP
PEAP (Protected Extensible Authentication Protocol) encapsulates EAP
within a TLS tunnel, but does not provide a method of encapsulating
other authentication methods.
D. EAP-MSCHAPv2
EAP-MSCHAPv2 (EAP - Microsoft Challenge Handshake
Authentication Protocol v2) is a common implementation of PEAP.
More information:
SY0-601, Objective 3.4 - Wireless Authentication Protocols
https://professormesser.link/601030403
Which of the following would be commonly provided
by a CASB? (Select TWO)
❍ A. List of all internal Windows devices that have not installed the
latest security patches
❍ B. List of applications in use
❍ C. Centralized log storage facility
❍ D. List of network outages for the previous month
❍ E. Verification of encrypted data transfers
❍ F. VPN connectivity for remote users
The Answer: B. A list of applications in use
E. Verification of encrypted data transfers
A CASB (Cloud Access Security Broker) can be used to apply security
policies to cloud-based implementations. Two common functions of a
CASB are visibility into application use and data security policy use. Other
common CASB functions are the verification of compliance with formal
standards and the monitoring and identification of threats.
The incorrect answers:
A. List of all internal Windows devices that have not installed the latest
security patches
A CASB focuses on policies associated with cloud-based services and not
internal devices.
C. Centralized log storage facility
Using Syslog to centralize log storage is most commonly associated with a
SIEM (Security Information and Event Manager).
D. List of network outages for the previous month
A network availability report would be outside the scope of a CASB.
F. VPN connectivity for remote users
VPN concentrators are commonly used to provide security connectivity
for remote users.
More information:
SY0-601, Objective 3.6 - Cloud Security Solutions
https://professormesser.link/601030605
A security administrator is adding additional authentication controls to the existing infrastructure. Which of the following should be added by the security administrator? (Select TWO) ❍ A. TOTP ❍ B. Least privilege ❍ C. Role-based awareness training ❍ D. Separation of duties ❍ E. Job rotation ❍ F. Smart Card
The Answer: A. TOTP and F. Smart Card
TOTP (Time-based One-Time Passwords) and smart cards are
useful authentication controls when used in conjunction with other
authentication factors.
The incorrect answers:
B. Least privilege
Least privilege is a security principle that limits access to resources based
on a person’s job role. Least privilege is managed through security policy
and is not an authentication control.
C. Role-based awareness training
Role-based awareness training is specialized training that is based on a
person’s control of data within an organization. This training is not part of
the authentication process.
D. Separation of duties
A security policy that separates duties across different individuals is
separation of duties. This separation is not part of the authentication
process.
E. Job rotation
Job rotation is a security policy that moves individuals into different job
roles on a regular basis. This rotation is not part of the authentication
process.
More information:
SY0-601, Objective 2.4 - Authentication Methods
https://professormesser.link/601020401
A network administrator has installed a new access point, but only a
portion of the wireless devices are able to connect to the network. Other
devices can see the access point, but they are not able to connect even
when using the correct wireless settings. Which of the following security
features was MOST likely enabled?
❍ A. MAC filtering
❍ B. SSID broadcast suppression
❍ C. 802.1X authentication
❍ D. Anti-spoofing
The Answer: A. MAC filtering
Filtering addresses by MAC (Media Access Control) address will limit
which devices can connect to the wireless network. If a device is filtered by
MAC address, it will be able to see an access point but it will not be able
to connect.
The incorrect answers:
B. SSID broadcast suppression
A suppressed SSID (Service Set Identifier) broadcast will hide the name
from the list of available wireless networks. Properly configured client
devices can still connect to the wireless network, even with the SSID
suppression.
C. 802.1X authentication
With 802.1X authentication, users will be prompted for a username and
password to gain access to the wireless network. Enabling 802.1X would
not restrict properly configured devices.
D. Anti-spoofing
Anti-spoofing features are commonly used with routers to prevent
communication from spoofed IP addresses. This issue in this question
doesn’t appear to involve any spoofed addresses.
More information:
SY0-601, Objective 3.3 - Port Security
https://professormesser.link/601030304
A company is deploying a new mobile application to all of its employees
in the field. Some of the problems associated with this rollout include:
• The company does not have a way to manage the mobile devices
in the field
• Company data on mobile devices in the field introduces additional risk
• Team members have many different kinds of mobile devices
Which of the following deployment models would address
these concerns?
❍ A. Corporate-owned
❍ B. COPE
❍ C. VDI
❍ D. BYOD
The Answer: C. VDI
A VDI (Virtual Desktop Infrastructure) would allow the field teams to
access their applications from many different types of devices without the
requirement of a mobile device management or concern about corporate
data on the devices.
The incorrect answers:
A. Corporate-owned
A corporate-owned device would solve the issue of device standardization,
but the corporate data would be stored on the mobile devices in the field.
B. COPE
COPE (Corporate Owned and Personally Enabled) devices are purchased
by the company but are used as both a corporate device and a personal
device. This would standardize the devices, but the corporate data would
still be at-risk in the field.
D. BYOD
BYOD (Bring Your Own Device) means that the employee would choose
the mobile platform. This would not address the issue of mobile device
management, data security in the field, or standardization of mobile
devices and apps.
More information:
SY0-601, Objective 3.5 - Mobile Deployment Models
https://professormesser.link/601030505
A security administrator is designing an authentication process for a
new remote site deployment. They would like the users to provide their
credentials when they authenticate in the morning, and they do not want
any additional authentication requests to appear during the rest of the
day. Which of the following should be used to meet this requirement?
❍ A. TACACS+
❍ B. LDAPS
❍ C. Kerberos
❍ D. 802.1X
The Answer: C. Kerberos
Kerberos uses a ticket-based system to provide SSO (Single Sign-On)
functionality. You only need to authenticate once with Kerberos to gain
access to multiple resources.
The incorrect answers:
A. TACACS+
TACACS+ (Terminal Access Controller Access-Control System) is a
common authentication method, but it does not provide any single signon functionality.
B. LDAPS
LDAPS (Lightweight Directory Access Protocol Secure) is a standard for
accessing a network directory. This can provide an authentication method,
but it does not provide any single sign-on functionality.
D. 802.1X
802.1X is a standard for port-based network access control (PNAC), but it
does not inherently provide any single sign-on functionality.
More information:
SY0-601, Objective 3.8 - Identity and Access Services
https://professormesser.link/601030803
