Final Exam Flashcards by Victor Mendez

Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO)

SAML authentication

Predefined challenge questions

Transport encryption

Block level encryption

Multifactor authentication

Hashing

SAML authentication

& Multifactor authentication

How well did you know this?

Not at all

Perfectly

The help desk received a call after hours from an employee who was attempting to log into the payroll server remotely. When the help desk returned the call the next morning, the employee was able to log into the server remotely without incident. However, the incident occurred again the next evening. Which of the following BEST describes the cause of the issue?

The password expired on the account and needed to be reset

The employee does not have the rights needed to access the database remotely

The employee’s account was locked out and needed to be unlocked

Time-of-day restrictions prevented the account from logging in

How well did you know this?

Not at all

Perfectly

A company has a data classification system with definitions for “Private” and “Public”. The company’s security policy outlines how data should be protected based on type. The company recently added the data type “Proprietary”.

Which of the following is the MOST likely reason the company added this data type?

Expanded authority of the privacy officer

More searchable data

Better data classification

Reduced cost

Better data classification

How well did you know this?

Not at all

Perfectly

Security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation.

Given these requirements, which of the following technologies should the analyst recommend and configure?

Kerberos services

LDAP Services

CHAP services

NTLM services

Kerberos services

How well did you know this?

Not at all

Perfectly

Multiple organizations operating in the same vertical want to provide seamless wireless access for their employees as they visit the other organizations. Which of the following should be implemented if all the organizations use the native 802.1x client on their mobile devices?

OpenID connect

RADIUS federation

SAML

OAuth

Shibboleth

RADIUS federation

How well did you know this?

Not at all

Perfectly

Joe, a security administrator, needs to extend the organization’s remote access functionality to be used by staff while traveling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services.

Which of the following represents the BEST access technology for Joe to use? (Choose Two)

Diameter

Radius

TACASC+

Kerberos

Radius

& TACASC+

How well did you know this?

Not at all

Perfectly

A security administrator is evaluating three different services: radius, diameter, and Kerberos.

Which of the following is a feature that is UNIQUE to Kerberos?

It provides single sign-on capability

It uses XML for cross-platform interoperability

It provides authentication services

It uses tickets to identify authenticated users

How well did you know this?

Not at all

Perfectly

A company stores highly sensitive data files used by the accounting system on a server file share. The accounting system uses a service account named accounting-svc to access the file share. The data is protected will a full disk encryption, and the permissions are set as follows:
File system permissions: Users = Read Only
Share permission: accounting-svc = Read Only

Given the listed protections are in place and unchanged, to which of the following risks is the data still subject?

Remote exfiltration of data using domain credentials

Disclosure of sensitive data to third parties due to excessive share permissions

Theft of physical hard drives and a breach of confidentiality

Exploitation of local console access and removal of data

How well did you know this?

Not at all

Perfectly

A security analyst is investigating a suspected security breach and discovers the following in the logs of the potentially compromised server:

Question_Chap12_Q29-1.JPG

Which of the following would be the BEST method for preventing this type of suspected attack in the future?

Implement account lockout settings

Implement time-of-day restrictions on this server

Implement password expirations

Implement restrictions on shared credentials

Implement password expirations

How well did you know this?

Not at all

Perfectly

During an application design, the development team designed a LDAP module for single sign-on communication with the company’s access control database. This is an example of which of the following?

Identification

Application control

Data in-transit

Authentication

How well did you know this?

Not at all

Perfectly

A systems administrator is configuring a system that uses data classification labels. Which of the following will the administrator need to implement to enforce access control?

Rule-based access control

Role-based access control

Mandatory access control

Discretionary access control

Mandatory access control

How well did you know this?

Not at all

Perfectly

Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication.

Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?

Use of smartcards that store x.509 keys, signed by a global CA

Use of a third-party, SAML-based authentication service for attestation

Use of active directory federation between the company and the cloud-based service

Use of OATH between the user and the service and attestation from the company domain

Use of active directory federation between the company and the cloud-based service

How well did you know this?

Not at all

Perfectly

A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential information after working hours when no one else is around. Which of the following actions can help to prevent this specific threat?

Audit file access times

Implement time-of-day restrictions

Require swipe-card access to enter the lab

Secretly install a hidden surveillance camera

Require swipe-card access to enter the lab

How well did you know this?

Not at all

Perfectly

An organization’s employees currently use three different sets of credentials to access multiple internal resources. Management wants to make this process less complex.

Which of the following would be the BEST option to meet this goal?

Single sign-on

Secure token

Transitive trust

Federation

Single sign-on

How well did you know this?

Not at all

Perfectly

A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility.

Which of the following configuration commands should be implemented to enforce this requirement?

CN=company, CN=com, OU=netadmin, DC=192.32.10.233

LDAP server 10.55.199.3

SYSLOG SERVER 172.16.23.50

TACAS server 192.168.1.100

CN=company, CN=com, OU=netadmin, DC=192.32.10.233

How well did you know this?

Not at all

Perfectly

A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called “Purchasing”, however, the purchasing group permissions allow write access.

Which of the following would be the BEST course of action?

Modify all the shared files with read only permissions for the intern

Remove all permissions for the shared files

Create a new group that has only read permissions for the files

Add the intern to the “Purchasing” group

Create a new group that has only read permissions for the files

How well did you know this?

Not at all

Perfectly

A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login.

Which of the following should the systems administrator configure?

L2TP with MAC filtering

RADIUS federation

WPA2-CCMP with PSK

EAP-TTLS

RADIUS federation

How well did you know this?

Not at all

Perfectly

A system administrator needs to implement 802.1x whereby when a user logs into the network, the authentication server communicates to the network switch and assigns the user to the proper VLAN.

Which of the following protocols should be used?

Kerberos

RADIUS

MSCHAP

LDAP

RADIUS

How well did you know this?

Not at all

Perfectly

Joe notices there are several user accounts on the local network generating spam with embedded malicious code.

Which of the following technical control should Joe put in place to BEST reduce these incidents?

Account lockout

Least privilege

Group Based Privileges

Password complexity

Account lockout

How well did you know this?

Not at all

Perfectly

Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO.

Which of the following are needed given these requirements? (Select TWO)

Elliptic curve

Private key

DES

Shared key

Public key

MD5

Private key

& Public key

How well did you know this?

Not at all

Perfectly

A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements:

All access must be correlated to a user account.
All user accounts must be assigned to a single individual.
User access to the PHI data must be recorded.
Anomalies in PHI data access must be reported.
Logs and records cannot be deleted or modified.

Which of the following should the administrator implement to meet the above requirements? (Select three.)

Implement usage auditing and review.

Perform regular permission audits and reviews.

Enable account lockout thresholds.

Copy logs in real time to a secured WORM drive.

Eliminate shared accounts.

Create a standard naming convention for accounts.

Implement time-of-day restrictions.

Implement usage auditing and review.
& Perform regular permission audits and reviews.
& Eliminate shared accounts.

How well did you know this?

Not at all

Perfectly

A company offers SaaS, maintaining all customers’ credentials and authenticating locally. Many large customers have requested the company offer some form of federation with their existing authentication infrastructures.

Which of the following would allow customers to manage authentication and authorizations from within their existing organizations?

“Implement SAML so the company’s services may accept assertions from the customers’ authentication servers.”

“Provide customers with a constrained interface to manage only their users’ accounts in the company’s active directory server.

“Use SOAP calls to support authentication between the company’s product and the customers’ authentication servers.

“Provide a system for customers to replicate their users’ passwords from their authentication service to the company’s.

“Implement SAML so the company’s services may accept assertions from the customers’ authentication servers.”

How well did you know this?

Not at all

Perfectly

Which of the following is the proper order for logging a user into a system from the first step to the last step?

Authorization, identification, authentication

Identification, authentication, authorization

Authentication, identification, authorization

Identification, authorization, authentication

Authentication, identification, authorization

Identification, authentication, authorization

How well did you know this?

Not at all

Perfectly

When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?

Owner

User

Administrator

System

Administrator

How well did you know this?

Not at all

Perfectly

A penetration tester finds that a company's login credentials for the email client were being sent in clear text. Which of the following should be done to provide encrypted logins to the email server? Enable an SSL certificate for IMAP services. Enable SSH and LDAP credentials. Enable IPSec and configure SMTP. Enable MIME services and POP3.

Enable an SSL certificate for IMAP services.

A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production. Which of the following would correct the deficiencies? Host hardening Disable remote login Mandatory access controls Disabling services

Host hardening

A company's loss control department identifies theft as a recurring loss type over the past year. Based on the department's report, the Chief Information Officer (CIO) wants to detect theft of datacenter equipment. Which of the following controls should be implemented? Mantraps Motion detectors Cameras Biometrics

Motion detectors

New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks? Fail secure Fail safe Fault tolerance Redundancy

Fail safe

An audit report has identify a weakness that could allow unauthorized personnel access to the facility at its main entrance and from there gain access to the network. Which of the following would BEST resolve the vulnerability? Mantrap Air gap Bollards Faraday cage

Mantrap

An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented? Use a camera for facial recognition Require a palm geometry scan Have users sign their name naturally Implement iris recognition

Have users sign their name naturally

A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application's full life cycle. Which of the following software development methodologies is the development team using? Agile Rapid Waterfall Extreme

Agile

Six months into development, the core team assigned to implement a new internal piece of software must convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes the phase the company is in? The system development phase of the SDLC The system integration phase of the SDLC The system design phase of the SDLC The system analysis phase of SDLC

The system analysis phase of SDLC

A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols. Which of the following summarizes the BEST response to the programmer's proposal? New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries. A programmer should have specialized training in protocol development before attempting to design a new encryption protocol. The newly developed protocol will only be as secure as the underlying cryptographic algorithms used. The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.

New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries.

A botnet has hit a popular website with a massive number of GRE-encapsulated packets to perform a DDoS attack. News outlets discover a certain type of refrigerator was exploited and used to send outbound packets to the website that crashed. To which of the following categories does the refrigerator belong? SoC MFD IoT ICS

IoT

A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. A RDP application is used from the tablet to connect into the company network. Which of the following should be implemented in order to meet the security policy requirements? RFID tagging system A hardware security module (HSM) Security Requirements Traceability Matrix (SRTM) MDM software WS-security and geo-fencing Virtual desktop infrastructure (VDI)

MDM software

A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about what happens to the data on the phone when they leave the company. Which of the following portions of the company's mobile device management configuration would allow the company data to be removed from the device without touching the new hire's data? Storage segmentation Asset control Storage lock out Device access control

Device access control

Which of the following is the BEST reason for salting a password hash before it is stored in a database? To prevent duplicate values from being stored To prevent users from using simple passwords for their access credentials To make the password retrieval process very slow To protect passwords from being saved in readable format

To prevent duplicate values from being stored

An auditor is reviewing the following output from a password-cracking tool: user1: Password1 user2: Recovery! user3: Alaskan10 user4: 4Private user5: PerForMance2 Which of the following methods did the auditor MOST likely use? Rainbow table Hybrid Dictionary Brute force

Hybrid

A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Which of the following types of controls does this BEST describe? Compensating Detective Preventive Deterrent

Deterrent

The process of applying a salt and cryptographic hash to a password then repeating the process many times is known as which of the following? Key stretching Brute force attack Collision resistance Rainbow table

Key stretching

Which of the following controls allows a security guard to perform a post-incident review? Corrective Detective Deterrent Preventive

Corrective

A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine. Which of the following can be implemented to reduce the likelihood of this attack going undetected? User access reviews Account lockout policies Continuous monitoring Password complexity rules

Continuous monitoring

Company policy requires the use of passphrases instead of passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases? Length Reuse Complexity History

Complexity

Which of the following implements two-factor authentication? At ATM requiring a credit card and PIN A computer requiring username and password A datacenter mantrap requiring fingerprint and iris scan A phone system requiring a PIN to make a call

At ATM requiring a credit card and PIN

An auditor has identified an access control system that can incorrectly accept an access attempt from an unauthorized user. Which of the following authentication systems has the auditor reviewed? Location-based Password-based Certificate-based Biometric-based

Biometric-based

A company's AUP requires: * Passwords must meet complexity requirements. * Passwords are changed at least once every six months. * Passwords must be at least eight characters long. An auditor is reviewing the following report: Prohibit password reuse Account recovery Password expiration Account lockout thresholds

Password expiration

Which of the following is commonly done as part of a vulnerability scan? Exploiting misconfigured applications Sending phishing emails to employees Identifying unpatched workstations Cracking employee passwords

Identifying unpatched workstations

An external contractor, who has not been given information about the software or network architecture, is conducting a penetration test. Which of the following BEST describes the test being performed? Black box Vulnerability scan White box Passive reconnaissance

Black box

Which of the following network vulnerability scan indicators BEST validates a successful, active scan? The scan job is scheduled to run during off-peak hours The scan output lists SQL injection attack vectors The scan data identifies the use of privileged-user credentials The scan results identify the hostname and IP address

The scan results identify the hostname and IP address

Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment? Redundancy Cloud computing Application control Virtualization

Virtualization

Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which of the following is considered to be a corrective action to combat this vulnerability? Educate the workstation users Install an antivirus definition patch Leverage server isolation Install an intrusion detection system Install a vendor-supplied patch

Install a vendor-supplied patch

A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a: Credentialed scan Passive scan Privilege escalation test Non-intrusive scan

Credentialed scan

After attempting to harden a web server, a security analyst needs to determine if an application remains vulnerable to SQL injection attacks. Which of the following would BEST assist the analyst in making this determination? nslookup Nmap tracert netcat Fuzzer

Fuzzer

Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application? Vulnerability scan Port scanner Penetration test Protocol analyzer

Vulnerability scan

As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed? Regression Black box Fuzzing White box

White box

A Chief Information Officer (CIO) recently saw on the news that a significant security flaws exists with a specific version of a technology the company uses to support many critical application. The CIO wants to know if this reported vulnerability exists in the organization and, if so, to what extent the company could be harmed. Which of the following would BEST provide the needed information? Active reconnaissance Penetration test Patching assessment report Vulnerability scan

Penetration test

A company recently replaced its unsecure email server with a cloud-based email and collaboration solution that is managed and insured by a third party. Which of the following actions did the company take regarding risks related to its email and collaboration services? Acceptance Transference Mitigation Deterrence

Transference

Technicians working with servers hosted at the company's datacenter are increasingly complaining of electric shocks when touching metal items which have been linked to hard drive failures. Which of the following should be implemented to correct this issue? Utilize better hot/cold aisle configurations Increase humidity in the room Implement EMI shielding Decrease the room temperature

Increase humidity in the room

A bank uses a wireless network to transmit credit card purchases to a billing system. Which of the following would be MOST appropriate to protect credit card information from being accessed by unauthorized individuals outside of the premises? Protected distributions Faraday cage Air gap Infrared detection

Faraday cage

Which of the following can affect electrostatic discharge in a network operations center? Environmental monitoring Fire suppression Humidity controls Proximity card access

Humidity controls

Which of the following would allow for the QUICKEST restoration of a server into a warm recovery site in a case in which server data mirroring is not enabled? Full backup Incremental backup Differential backup Snapshot

Differential backup

A member of a digital forensics team, Joe, arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile data first. Which of the following is the correct order in which Joe should collect the data? CPU cache, paging/swap files, RAM, remote logging data CPU cache, RAM, paging/swap files, remote logging data Paging/swap files, CPU cache, RAM, remote logging data RAM, CPU cache. Remote logging data, paging/swap files

CPU cache, RAM, paging/swap files, remote logging data

A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic's: - Initial IR engagement time frame - Length of time before an executive management notice went out - Average IR phase completion The director wants to use the data to shorten the response time. Which of the following would accomplish this? Escalation notifications CSIRT Tabletop exercise Containment phase

Tabletop exercise

A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which of the following is the FIRST step the forensic expert needs to take to ensure proper chain of custody has been established? Make a forensic copy Recover the hard drive data Update the evidence log Create a hash of the hard drive

Update the evidence log

A datacenter recently experienced a breach. When access was gained, a RF device was used to access an air-gapped and locked server rack. Which of the following would BEST prevent this type of attack? Faraday cage Infrared detection Smart cards Alarms

Faraday cage

A product manager is concerned about continuing operations at a facility located in a region undergoing significant political unrest. After consulting with senior management, a decision is made to suspend operations at the facility until the situation stabilizes. Which of the following risk management strategies BEST describes management's response? Acceptance Mitigation Avoidance Deterrence

Avoidance

A security architect has convened a meeting to discuss an organization's key management policy. The organization has a reliable internal key management system, and some argue that it would be best to manage the cryptographic keys internally as opposed to using a solution from a third party. The company should use: a software solution including secure key escrow capabilities a third-party key management system that will reduce operating costs risk benefits analysis results to make a determination the current internal key management system

risk benefits analysis results to make a determination

To determine the ALE of a particular risk, which of the following must be calculated? (Select two.) SLE ROI RTO RPO ARO

SLE & ARO

A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.) EF ROI AV ALE ARO

EF & AV

Ann, a college professor, was recently reprimanded for posting disparaging remarks regrading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remakes. Which of the following security-related trainings could have made Ann aware of the repercussions of her actions? Use of social networking Role-based training Use of P2P networking Data Labeling and disposal

Use of social networking

During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the organization incurs in this situation in the future? Group-based privileges Time-of-day restrictions Change management policies User access reviews

User access reviews

A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be mentioned as the MOST secure way for password recovery? Use a different e-mail address to recover password Sending a PIN to a smartphone through text message Utilizing a single Q for password recovery Utilizing CAPTCHA to avoid brute force attacks

Sending a PIN to a smartphone through text message

Company A agrees to provide perimeter protection, power, and environmental support with measurable goals for Company B but will not be responsible for user authentication or patching of operating systems within the perimeter. Which of the following is being described? Service level agreement Memorandum of understanding Business partner agreement Interoperability agreement

Service level agreement

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data? Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations Ensure all data is encrypted according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location

Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations

An information security analyst needs to work with an employee who can answer questions about how data for a specific system is used in the business. The analyst should seek out an employee who has the role of: systems administrator owner steward privacy officer

owner