Implementation Flashcards
Which of the following access control models is the most flexible and allow the resources owner to control the access permissions?
(A)DAC
(B)MAC
(C)ABAC
(D)RBAC
(A)DAC(Stresses the importance of the owner. The original creator is considered the owner an can assign permission.)
Chris just downloaded a new third-party email client for his smartphone. When Chris attempts to log in to his email with his username and password the email client generates an error messaging stating that “invalid credentials “ were entered. Chris assumes he must have forgotten his password , so he resets his email username and password and then reenters them into email client. AGAIN, Chris receives an invalid credentials error. What is Most likely causing the Invalid Credentials error regarding Chris email client?
(A)His email account requires a strong password to be used..
(B)His email account is locked out
(C)His email account requires multi factor authentication
(D)His Smartphone has full device encryption enabled
(C)His email account requires Multi-Facor authentication
You received an incident response report indicating apiece of malware was introduced into the company’s network through a remote workstation connected to the company’s servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?
(A)NAC
(B)ACL
(C)MAC Filtering
(D)SPF
(NAC) is an approach to computer security that attempts to unify endpoint security technology.
Your home network is configured with a long, strong, and complex pre shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of ‘connected client’ and see that ‘Bob’s laptop’ is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the proper WPA3 password?
(A)Disable WPS
(B)Disable WPA3
(C)Enable WEP
(D)Disable SSID
(A)Disable WPS(Unfortunately, WPS is vulnerable to a brute-force attack and is easily compromised. Therefore, WPS should be Disabled on all wireless networks. Bob could press WiFi button to connect.
Which mobile device strategy is most likely to introduce vulnerable devices to a corporate network?
(A)COPE
(B)BYOD
(C)MDM
(D)CYOD
BYOD(Brining yor own device that connected to company system opens up to many vulnerabilities)
With of the following features is supported by Kerberos but not RADIUS?
(A)Services for authentication
(B)XML for cross platform interoperability
(C)Tickets used to identify authenticated users
(D)SSO Capabilty
(C)Kerberos is all about tickets. Kerberos uses a system of tickets to allow nodes to communicate over a non-secure network and securely proves their identity.
Why would a company want to utilize a wildcard certificate for their servers?
(A)To reduce the certificate management burden
(B)To secure the certificate private key
(C)To increase the certificate encryption key length
(D)To extend the renewal date of the certificate
(A) To Reduce the certificate management
Burden(Is a public key that saves money and reduce the management burden of managing multiple certificates)
What control provides the best protection against both SQL injection and cross site scripting attacks?
(A)Network layet Firewall
(B)Input Validation
(C)CSRF
(D)Hypervisors
(B)Input Validation prevents the attacker from sending invalid data to an application and is a strong control against both SQL injection and cross site scripting attacks.
A company netflow collection system can handle up to 2 Gbps. Due to excessive load, this excessive load this has begun to approach full utilization at various times of day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to coll useful data?
(A)Enable sampling of the data
(B)Enable full packet capture
(C)Enable Qos
(D)Enable NetFlow compression
(A) Sampling can help them capture network flows that cold be useful without collecting everything passing through the sensor.
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre shaved keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement?
(A)PKI with user authentication
(B)MAC address filtering with IP filtering
(C)802.1x using EAP with MSCAPv2
(D)WPA2 with a complex shared key
(C)Since the backend uses RADIUS server for backend authentication, the network administrator can install 802.1x using EAP with Ms for authentication.
Which of the following would NOT be included in a company’s password policy?
(A)Password Style
(B)Password History
(C)Password Complexity Requirements
(D)Password Age
(A) A Password policy is a set of rules that must be followed for security reasons. A security awareness would include a Password complexity, age, and history requirements.
Whay type of wireless security measures can easily be defeated by a hacker by spoofing their network interface card’s hardware address?
(A)Disable SSID braodcadt
(B)WPS
(C)MAC filtering
(D)WEP
(C) WAP uses Mac Filtering to ensure only known network interface cards are allowed to connect to the network.
Which type of threat will patches NOT effectively combat as a security control?
(A)Zero Day Attack
(B)Malware with defined indicator
(C)Discovered Software Bugs
(D)Known Vulnerability
A Zero Day Attack
Which of the following describes the security method used when users enters their username and password only once and can access multiple application?
(A)Inheritance
(B)Mulfifactor Authentication
(C)SSO
(D)Permission Propagation
(C)SSO allows you to access multiple systems with one sign on.
The email client on a desktop workstation is acting strangely. Evertimethe user opens an email with an image embedded within it, is not displayed on their screen. Which of the following is the MOST likely causes of this issue?
(A)Incorrect email settings in the anti-virus software
(B)Incorrect settings in the host based firewall
(C)Incorrect settings in your email proxy server
(D)Incorrt setting in your web browsers trusted site configuration
(E)Incorrect security settings in the email client
(E) This is a security setting on the mail client to prevent malicious malware and viruses from entering you environment.
David Noticed that port 3389 was open on one of the POS terminals in a store during a scheduled PCI compliance scan. Based on the scan results, what service should he expect to find enabled on this terminal?
(A)RDP
(B)IMAP
(C)MYSQL
(D)LDAP
(A)RDP(Port 3389 is an RDP used for Remote Desktop Protocal.)
Which of the following types of digital forensic investigation is the most challenging due to the on demand nature of the analyzed assets?
(A)On Premise Servers
(B)Cloud Service
(C)mobile Device
(D)Employee Workstation
(B)Cloud Sevice( The on demand nature of Cloud Services means that instance are often created and destroyed again, with no real opportunity for forensic recovery of any data)
Ryan needs to verify the installation of a critical Windows patch on his organization workstation. Which method would be the most efficient to validate the current patch status for all of the organization Windows 10 Workstation?
A. Check the update History Manually
B. Conduct a registry scan off each workstation to validate the patch was installed
C. Create and run owerShell script to search for the specific patch in question
D. Use an Endpoint manager to validate patch Status for each machine on the domain
D. Use an endpoint manager to validate patch status for each machine on the domain
You are reviewing a rule within your organization’s IDS. You see the following output: Based on this rule, which of the following malicious packets would this IDS alert on?
A. A malicious outbound TCP Packet
B. A malicious outbound packets
C. A malicious inbound TCP Packet
D. A malicious inbound packets
C. A malicious inbound TCP Packet
OBJ-3.3: The rule header is set to alert only on TCP packets based on this IDS rule’s first line. The flow condition is set as “to_client, established,” which means that only inbound traffic will be analyzed against this rule and only inbound traffic for connections that are already established. Therefore, this rule will alert on an inbound malicious TCP packet only when the packet matches all the conditions listed in this rule. This rule is an example of a Snort IDS rule. For the exam, you do not need to create your own IDS rules, but you should be able to read them and pick out generic content like the type of protocol covered by the signature, the port to be analyzed, and the direction of flow.
(Sample Simulation – On the real exam for this type of question, you would have to rearrange the ports into the proper order by dragging and dropping them into place.) Using the image provided, place the port numbers in the correct order with their associated protocols:
A. 389,88,1701,3389
B.1701,3389,88,389
C.3389,1701,389,88
D.88,389,3389,1701
C.3389,1701,389,88
OBJ-3.1: For the exam, you need to know your ports and protocols. The Remote Desktop Protocol (RDP) operates over port 3389. Layer 2 Tunneling Protocol (L2TP) operates over port 1701. The Lightweight Directory Access Protocol (LDAP) operates over port 389. Kerberos operates over port 88.
The Pass Certs Fast corporation has recently been embarrassed by several high-profile data breaches. The CIO proposes improving the company’s cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?
A. The attack assumes that the on-site admin will provide better security then the cloud provider.
B. This approach only changes the location of the network and not the network’s attack surface.
C. This is a reasonable approach that will increase the security of the servers and infrastructure
D. The company has already paid for the physical server and will not fully realize their ROI on them do to the mitigation.
B. This approach only changes the location of the network and not the network’s attack suface.
Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
A. Implement an allow list
B.VPN
C. Intrusion Detection System
D.MAC Filtering
A. Implement an allow list
Which of the following ports should you block at the firewall if you want to prevent a remote login to a server from occurring?
A. 80
B. 143
C. 22
D. 21
C.22
Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement?
A. Utilize the escrow process
B. Deploy a new group policy
C. Create a new security group
D. Revoke the digital certificate
B. Deploy a new group policy