Implementation Flashcards
You are installing a new wireless network in your office building and want to ensure it is secure. Which of the following configurations would create the MOST secure wireless network?
WPA2 and RC4
WEP and TKIP
WPA and MAC filtering
WPA2 and AES
WPA2 and AES
Your company has an office in Boston and is worried that its employees may not reach the office during periods of heavy snowfall. You have been asked to select a technology that would allow employees to work remotely from their homes during poor weather conditions. Which of the following should you select?
VPN
IDS
VLAN
NAT
VPN
A firewall administrator has configured a new DMZ to allow public systems to be segmented from the organization’s internal network. The firewall now has three security zones set: Untrusted (Internet) [143.27.43.0/24]; DMZ (DMZ) [161.212.71.0/24]; Trusted (Intranet) [10.10.0.0/24]. The firewall administrator has been asked to enable remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ for the Chief Security Officer to work from his home office after hours. The CSO’s home internet uses a static IP of 143.27.43.32. The remote desktop server is assigned a public-facing IP of 161.212.71.14. What rule should the administrator add to the firewall?
Permit 143.27.43.32 161.212.71.14 RDP 3389
Permit 143.27.43.32 161.212.71.0/24 RDP 3389
Permit 143.27.43.0/24 161.212.71.0/24 RDP 3389
Permit 143.27.43.0/24 161.212.71.14 RDP 3389
Permit 143.27.43.32 161.212.71.14 RDP 3389
You want to provide controlled remote access to the remote administration interfaces of multiple servers hosted on a private cloud. What type of segmentation security solution is the best choice for this scenario?
Bastion hosts
Physical
Jumpbox
Airgap
Jumpbox
Which of the following ports should you block at the firewall if you want to prevent a remote login to a server from occurring?
110
23
443
25
23
Which of the following is the LEAST secure wireless security and encryption protocol?
WPA2
WPA
AES
WEP
WEP
Which of the following secure coding best practices ensures special characters like , /, and ‘ are not accepted from the user via a web form?
Session management
Input validation
Output encoding
Error handling
Input validation
Why would a company want to utilize a wildcard certificate for their servers?
To increase the certificate’s encryption key length
To extend the renewal date of the certificate
To reduce the certificate management burden
To secure the certificate’s private key
To reduce the certificate management burden
Your company just installed a new webserver within your DMZ. You have been asked to open up the port for secure web browsing on the firewall. Which port should you set as open to allow users to access this new server?
80
443
21
143
443 (HTTPS)
You received an incident response report indicating a piece of malware was introduced into the company’s network through a remote workstation connected to the company’s servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?
SPF
MAC filtering
NAC
ACL
NAC
You are conducting an incident response and have traced the attack source to some compromised user credentials. After performing log analysis, you discover that the attack was successfully authenticated from an unauthorized foreign country. Your management is now asking for you to implement a solution to help mitigate this type of attack from occurring again. Which of the following should you implement?
Context-based authentication
Single sign-on
Password complexity
Self-service password reset
Context-based authentication
The Pass Certs Fast corporation has recently been embarrassed by several high profile data breaches. The CIO proposes improving the company’s cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?
This approach assumes that the cloud will provide better security than is currently done on-site
This approach only changes the location of the network and not the attack surface of it
This is a reasonable approach that will increase the security of the servers and infrastructure
The company has already paid for the physical servers and will not fully realize their ROI on them due to the migration
This approach only changes the location of the network and not the attack surface of it
The management at Steven’s work is concerned about rogue devices being attached to the network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired network?
A physical survey
A discovery scan using a port scanner
Reviewing a central administration tool like a SCCM
Router and switch-based MAC address reporting
Router and switch-based MAC address reporting
You are configuring the ACL for the network perimeter firewall. You have just finished adding all the proper allow and deny rules. What should you place at the end of your ACL rules?
A time of day restriction
A SNMP deny string
An implicit deny statement
An implicit allow statement
An implicit deny statement
Which authentication mechanism does 802.1x usually rely upon?
HOTP
RSA
EAP
TOTP
EAP
Extensible Authentication Protocol - A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key
infrastructure
You are reviewing a rule within your organization’s IDS. You see the following output:-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET anymsg: “BROWSER-IE Microsoft Internet ExplorerCacheSize exploit attempt”;flow: to_client,established; file_data; content:”recordset”; offset:14; depth:9; content:”.CacheSize”; distance:0; within:100; pcre:”/CacheSize\s=\s/”; byte_test:10,>,0x3ffffffe,0,relative,string; max-detect-ips drop, service http; reference:cve,2016-8077; classtype: attempted-user; sid:65535;rev:1; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on this rule, which of the following malicious packets would this IDS alert on?
Any malicious outbound packets
An malicious inbound TCP packet
Any malicious inbound packets
An malicious outbound TCP packet
In an effort to improve the security of the Dion Training corporate network, a security administrator wants to update the configuration of their wireless network to have IPSec built into the protocol by default. Additionally, the security administrator would like for NAT to no longer be required for extending the number of IP addresses available. What protocol should the administrator implement on the wireless network to achieve their goals?
IPv4
IPv6
WEP
WPA2
IPv6
Which of the following protocols is commonly used to collect information about CPU utilization and memory usage from network devices?
SNMP
MIB
NetFlow
SMTP
MIB (Management Information Base)
Which operating system feature is designed to detect malware that is loaded early in the system startup process or before the operating system can load itself?
Advanced anti-malware
Startup Control
Measured boot
Master Boot Record analytics
Measured boot
A new security appliance was installed on a network as part of a managed service deployment. The vendor is who controls the appliance, and the IT team is not able to log in or configure it. The IT team is concerned about the appliance receiving necessary updates. Which of the following mitigations should be performed to minimize the concern for the appliance and updates?
Vulnerability scanning
Automatic updates
Scan and patch the device
Configuration management
Vulnerability scanning
Which of the following technologies is NOT a shared authentication protocol?
Facebook Connect
OpenID Connect
LDAP
OAuth
LDAP
You need to determine the best way to test operating system patches in a lab environment prior to deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches prior to deployment?
Virtualization
Bypass testing and deploy patches directly into the production environment
Sandboxing
Purchase additional workstations
Virtualization
You suspect that your server has been the victim of a web-based attack. Which of the following ports would most likely be seen in the logs to indicate the target of the attack?
443
389
3389
21
443
Which of the following access control methods provides the most detailed and explicit type of access control over a resource?
DAC
MAC
ABAC
RBAC
ABAC
Dion Training is using an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server then is able to exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret?
RADIUS
LDAP
PKI
Kerberos
RADIUS
The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications.The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications.
You are installing a new wireless network in your office building and want to ensure it is secure. Which of the following configurations would create the MOST secure wireless network?
WPA2 and AES
WEP and TKIP
WPA and MAC filtering
WPA2 and RC4
WPA2 and AES
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement?
WPA2 with a complex shared key
MAC address filtering with IP filtering
802.1x using EAP with MSCHAPv2
PKI with user authentication
802.1x using EAP with MSCHAPv2
A user reports that every time they try to access https://www.diontraining.com, they receive an error stating “Invalid or Expired Security Certificate”. The technician attempts to connect to the same site from other computers on the network, and no errors or issues are observed. Which of the following settings needs to be changed on the user’s workstation to fix the “Invalid or Expired Security Certificate” error?
UEFI boot mode
Date and time
User access control
Logon times
Date and time
Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement?
Utilize the key escrow process
Revoke the digital certificate
Deploy a new group policy
Create a new security group
Deploy a new group policy
William would like to use full-disk encryption on his laptop. He is worried about slow performance, though, so he has requested that the laptop have an onboard hardware-based cryptographic processor. Based on this requirement, what should William ensure the laptop contains?
AES
PAM
FDE
TPM
Trusted Platform Module (TPM) is a hardware-based cryptographic processing component that is a part of the motherboard.
Which of the following functions is not provided by a TPM?
User authentication
Secure generation of cryptographic keys
Binding
Sealing
Random number generation
Remote attestation
User authentication
Which of the following tools could be used to detect unexpected output from an application being managed or monitored?
A log analysis tool
A signature-based detection tool
Manual analysis
A behavior-based analysis tool
A behavior-based analysis tool
Your firewall is blocking outbound email traffic that is attempting to be sent. Which port should you verify is set to ALLOW in the firewall to ensure your emails are being sent?
80
143
25
22
25
Email servers rely on port 25 to send emails out of the network. Port 25 must be set to OPEN or ALLOW in the firewall in order for SMTP (sendmail transfer protocol) to function properly. Port 22 is SSH, Port 80 is HTTP, and Port 143 is IMAP.
Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?
SSL certificates
RADIUS
CSMA/CA
WPA2 security key
RADIUS
Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication.
What tool is used to collect wireless packet data?
John the Ripper
Nessus
Aircrack-ng
Netcat
Aircrack-ng
Aircrack-ng is a complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks
A hacker successfully modified the sale price of items purchased through your company’s web site. During the investigation that followed, the security analyst has verified the web server, and the Oracle database was not compromised directly. The analyst also found no attacks that could have caused this during their log verification of the Intrusion Detection System (IDS). What is the most likely method that the attacker used to change the sale price of the items purchased?
Cross-site scripting
Changing hidden form values
SQL injection
Buffer overflow attack
Changing hidden form values
Tim, a help desk technician, receives a call from a frantic executive who states that their company-issued smartphone was stolen during their lunch meeting with a rival company’s executive. Tim quickly checks the MDM administration tool and identifies that the user’s smartphone is still communicating with the MDM and displays the location of the device on a map. What should Tim do next to ensure the data on the stolen device remains confidential and inaccessible to the thief?
Remotely encrypt the device
Identify the IP address of the smartphone
Reset the device’s password
Perform a remote wipe of the device
Perform a remote wipe of the device
You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever technically possible. What should you do?
Conduct remediation actions to update encryption keys on each server to match port 636
Change all devices and servers that support it to port 636 since encrypted services run by default on port 636
Change all devices and servers that support it to port 636 since port 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks
Mark this as a false positive in your audit report since the services that typically run on ports 389 and 636 are identical
Change all devices and servers that support it to port 636 since encrypted services run by default on port 636
What technology is NOT PKI x.509 compliant and cannot be used in a variety of secure functions?
Blowfish
SSL/TLS
PKCS
AES
Blowfish
You have been asked to recommend a capability to monitor all of the traffic entering and leaving the corporate network’s default gateway. Additionally, the company’s CIO requests the ability to block certain types of content before it leaves the network based on operational priorities. Which of the following solution should you recommend to meet these requirements?
Install a NIPS on the internal interface and a firewall on the external interface of the router
Install a firewall on the router’s internal interface and a NIDS on the router’s external interface
Installation of a NIPS on both the internal and external interfaces of the router
Configure IP filtering on the internal and external interfaces of the router
Install a NIPS on the internal interface and a firewall on the external interface of the router
Which of the following identity and access management controls relies upon using a certificate-based authentication mechanism?
HOTP
TOTP
Smart card
Proximity card
Smart card
You want to provide controlled remote access to the remote administration interfaces of multiple servers hosted on a private cloud. What type of segmentation security solution is the best choice for this scenario?
Airgap
Jumpbox
Physical
Bastion hosts
Jumpbox
Which protocol relies on mutual authentication of the client and the server for its security?
RADIUS
Two-factor authentication
LDAPS
CHAP
LDAPS
The Lightweight Directory Access Protocol (LDAP) uses a client-server model for mutual authentication. LDAP is used to enable access to a directory of resources (workstations, users, information, etc). TLS provides mutual authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS, it provides mutual authentication.
Your home network is configured with a long, strong, and complex pre-shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of “connected clients” and see that “Bob’s Laptop” is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the WPA2 password?
Disable WPA2
Disabled WPS
Enable WPA
Disable SSID broadcast
Disabled WPS
WPS was created to ease the setup and configuration of new wireless devices by allowing the router to automatically configure them after a short eight-digit PIN was entered. Unfortunately, WPS is vulnerable to a brute-force attack and is easily compromised. Therefore, WPS should be disabled on all wireless networks
While working as a security analyst, you have been asked to monitor the SIEM. You observed network traffic going from an external IP to an internal host’s IP within your organization’s network over port 443. Which of the following protocols would you expect to be in use?
TLS
TFTP
SSH
HTTP
TLS
Transport Layer Security (TLS) is used to secure web connections over port 443. Since port 443 was in use, you should expect either HTTPS, SSL, or TLS to be used as the protocol. If not, this would be suspicious activity and should be investigated. In fact, since this was a connection from the external IP to an internal host over port 443, this is suspicious and could be indicative of a remote access trojan on your host.
A cybersecurity analyst has deployed a custom DLP signature to alert on any files that contain numbers in the format of a social security number (xxx-xx-xxxx). Which of the following concepts within DLP is being utilized?
Document matching
Statistical matching
Exact data match
Classification
Exact data match
Port 22
SCP
Port 110
POP3
Port 161
SNMP
Port 23
Telnet
You have been asked to install a computer in a public workspace. The computer should only be used by an authorized user. Which of the following security requirements should you implement to prevent unauthorized users from accessing the network with this computer?
Remove the guest account from the administrator group
Disable single sign-on
Require authentication on wake-up
Issue the same strong and complex password for all users
Require authentication on wake-up
Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should be able to obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should be able to access Dion Training’s secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?
MAC filtering
Create an ACL to allow access
Configure a SIEM
Implement NAC
Implement NAC
Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network.
Which type of monitoring would utilize a network tap?
Router-based
SNMP
Active
Passive
Passive
You are reviewing a rule within your organization’s IDS. You see the following output: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any msg: “BROWSER-IE Microsoft Internet Explorer CacheSize exploit attempt”; flow: to_client,established; file_data; content:”recordset”; offset:14; depth:9; content:”.CacheSize”; distance:0; within:100; pcre:”/CacheSize\s=\s/”; byte_test:10,>,0x3ffffffe,0,relative,string; max-detect-ips drop, service http; reference:cve,2016-8077; classtype: attempted-user; sid:65535;rev:1; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on this rule, which of the following malicious packets would this IDS alert on?
An malicious outbound TCP packet
Any malicious outbound packets
Any malicious inbound packets
An malicious inbound TCP packet
An malicious inbound TCP packet
A financial services company wants to donate some old hard drives from their servers to a local charity, but they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use?
Zero-fill
Cryptographic erase
Overwrite
Secure erase
Cryptographic erase
Port 1701
L2TP
Port 3389
RDP
Port 389
LDAP
Port 88
Kerberos
Dion Training has an open wireless network called “InstructorDemos” for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the “InstructorDemos” network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor’s requirements and prevent students from using the “InstructorDemos” network?
NAT
MAC filtering
QoS
Signal strength
MAC filtering
Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
MAC filtering
Intrusion Detection System
Whitelisting
VPN
Whitelisting
Which of the following access control methods provides the most detailed and explicit type of access control over a resource?
DAC
MAC
ABAC
RBAC
ABAC
Attribute-based access control (ABAC) provides the most detailed and explicit type of access control over a resource because it is capable of making access decisions based on a combination of subject and object attributes, as well as context-sensitive or system-wide attributes. Information such as the group membership, the OS being used by the user, and even the IP address of the machine could be considered when granting or denying access.
Dion Training is using an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server then is able to exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret?
RADIUS
LDAP
PKI
Kerberos
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple-A) management for users who connect and use a network service.
You are installing a new wireless network in your office building and want to ensure it is secure. Which of the following configurations would create the MOST secure wireless network?
WPA2 and AES
WEP and TKIP
WPA and MAC filtering
WPA2 and RC4
WPA2 and AES
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement?
WPA2 with a complex shared key
MAC address filtering with IP filtering
802.1x using EAP with MSCHAPv2
PKI with user authentication
802.1x using EAP with MSCHAPv2
A user reports that every time they try to access https://www.diontraining.com, they receive an error stating “Invalid or Expired Security Certificate”. The technician attempts to connect to the same site from other computers on the network, and no errors or issues are observed. Which of the following settings needs to be changed on the user’s workstation to fix the “Invalid or Expired Security Certificate” error?
UEFI boot mode
Date and time
User access control
Logon times
Date and time
Since the technician can successfully connect to the website from other computers, it shows that the error is on the user’s computer. One of the common causes of an Invalid or Expired Security Certificate error is the clock on the user’s computer being wrong since the website security certificates are issued to be valid within a given date range.
Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement?
Utilize the key escrow process
Revoke the digital certificate
Deploy a new group policy
Create a new security group
Deploy a new group policy
William would like to use full-disk encryption on his laptop. He is worried about slow performance, though, so he has requested that the laptop have an onboard hardware-based cryptographic processor. Based on this requirement, what should William ensure the laptop contains?
AES
PAM
FDE
TPM
TPM
Trusted Platform Module (TPM) is a hardware-based cryptographic processing component that is a part of the motherboard. A Pluggable Authentication Module (PAM) is a device that looks like a USB thumb drive and is used as a software key in cryptography. Full Disk Encryption (FDE) can be hardware or software-based. Therefore, it isn’t the right answer. The Advanced Encryption System (AES) is a cryptographic algorithm. Therefore, it isn’t a hardware solution.
Which of the following types of access control provides the strongest level of protection?
MAC
DAC
RBAC
ABAC
MAC
Mandatory Access Control (MAC) requires all access to be predefined based on system classification, configuration, and authentication. MAC is commonly used in highly centralized environments and usually relies on a series of labels, such as classification levels of the data.
Which of the following functions is not provided by a TPM?
User authentication
Secure generation of cryptographic keys
Binding
Sealing
Random number generation
Remote attestation
User authentication
Which of the following tools could be used to detect unexpected output from an application being managed or monitored?
A log analysis tool
A signature-based detection tool
Manual analysis
A behavior-based analysis tool
A behavior-based analysis tool
Your firewall is blocking outbound email traffic that is attempting to be sent. Which port should you verify is set to ALLOW in the firewall to ensure your emails are being sent?
80
143
25
22
25
Email servers rely on port 25 to send emails out of the network. Port 25 must be set to OPEN or ALLOW in the firewall in order for SMTP (sendmail transfer protocol) to function properly. Port 22 is SSH, Port 80 is HTTP, and Port 143 is IMAP.
You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever possible. What should you do?
Mark this as false positive in your audit report since the services that typically run on ports 389 and 636 are identical
Change all devices that support to to port 636 since sport 389 is a reserved port that requires root access and c an expose the server to privilege escalation
Conduct remediation actions to update encryption keys on each server to match port 636
Change all devices and servers that support it to port 636 since encrypted services run default on port 636
Change all devices and servers that support it to port 636 since encrypted services run default on port 636
Riaan’s company runs critical web applications. During a vulnerability scan, Riaan found a serious SQL injection vulnerability in one of their web applications. The system cannot be taken offline to remediate the vulnerability. Which of the following compensating controls should Riaan recommend using until the system can be remediated?
Vulnerability scanning
WAF
IPS
Encryption
WAF
WAF (web application firewall) is the best option since it has the ability to serve as a compensating control and can protect against web application vulnerabilities like an SQL injection until the application can be fully remediated
Your home network is configured with a long, strong, and complex pre-shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of “connected clients” and see that “Bob’s Laptop” is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the WPA2 password?
Disable WPA2
Disabled WPS
Disable SSID broadcast
Enable WPA
Disabled WPS
You have been asked to provide some training to Dion Training’s system administrators about the importance of proper patching of a system prior to deployment. To demonstrate the effects of deploying a new system without patching it first, you ask for the system administrators to provide you with an image of a brand-new server they plan to deploy. How should you deploy the image to demonstrate the vulnerabilities that are being exposed while maintaining the security of the corporate network?
Utilize a server with multiple virtual machine snapshots installed o it, restore from a known compromised image, then scan it for vulnerabilities
Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities
Deploy the vulnerable image to a virtual machine on a physical server, create an ACL to restrict all incoming connections to the system, then scan it for vulnerabilities
Deploy the image to a brand new physical server, connect it to the corporate network, then conduct a vulnerability scan to demonstrate how many vulnerabilities are now on the network
Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities
Which of the following features is supported by Kerberos, but not by RADIUS and Diameter?
Single sign-on capability
XML for cross-platform interoperability
Tickets used to identify authenticated users
Services for authentication
Tickets used to identify authenticated users
Which of the following is not normally part of an endpoint security suite?
Anti-virus
VPN
Software firewall
IPS
VPN
A VPN is not typically considered an endpoint security tool because it is a network security tool.
Marta’s organization is concerned with the vulnerability of a user’s account being vulnerable for an extended period of time if their password was compromised. Which of the following controls should be configured as part of their password policy to minimize this vulnerability?
Minimum password length
Password complexity
Password expiration
Password history
Password expiration
Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
Whitelisting
Intrusion Detection System
MAC filtering
VPN
Whitelisting
You have been investigating how a malicious actor was able to exfiltrate confidential data from a web server to a remote host. After an in-depth forensic review, you determine that the web server’s BIOS had been modified by the installation of a rootkit. After you remove the rootkit and reflash the BIOS to a known good image, what should you do in order to prevent the malicious actor from affecting the BIOS again?
Utilize secure boot
Install an anti-malware application
Utilize file integrity monitoring
Install a host-based IDS
Utilize secure boot
Dion Training has an open wireless network called “InstructorDemos” for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the “InstructorDemos” network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor’s requirements and prevent students from using the “InstructorDemos” network?
Signal strength
NAT
MAC filtering
QoS
MAC filtering
Which type of monitoring would utilize a network tap?
Active
SNMP
Passive
Router-based
Passive
They conduct passive network monitoring and visibility without interfering with the network traffic itself.
Which of the following policies should contain the requirements for removing a user’s access when an employee is terminated?
Data ownership policy
Data retention policy
Data classification policy
Account management policy
Account management policy
An analyst is reviewing the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC control system. The open wireless network must remain openly available so that visitors are able to access the internet. How can this type of attack be prevented from occurring in the future?
Enable NAC on the open wireless network
Install an IDS to protect the HVAC system
Enable WPA2 security on the open wireless network
Implement a VLAN to separate the HVAC control system from the open wireless network
Implement a VLAN to separate the HVAC control system from the open wireless network
A cybersecurity analyst is working for a university that is conducting a big data medical research project. The analyst is concerned about the possibility of an inadvertent release of PHI data. Which of the following strategies should be used to prevent this?
Use DevSecOps to build the application that processes the PHI
Conduct tokenization of the PHI data before ingesting it into the big data application
Utilize a SaaS model to process the PHI data instead of an on-premise solution
Utilize formal methods of verification against the application processing the PHI
Conduct tokenization of the PHI data before ingesting it into the big data application
Which of the following access control methods utilizes a set of organizational roles in which users are assigned to gain permissions and access rights?
DAC
ABAC
MAC
RBAC
Role-based access control (RBAC)
A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?
Setting the secure attribute on the cookie
Forcing the use of SSL for the web application
Forcing the use of TLS for the web application
Hashing the cookie value
Setting the secure attribute on the cookie
The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server’s certificate?
Key escrow
CSR
OCSP
CRL
certificate signing request
CSR
CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate.
CRL
is a list of revoked certificate
Which of the following proprietary tools is used to create forensic disk images without making changes to the original evidence?
Autopsy
FTK Imager
Memdump
dd
FTK Imager
FTK Imager can create perfect copies or forensic images of computer data without making changes to the original evidence. The forensic image is identical in every way to the original, including file slack and unallocated space or drive free space. The dd tool can also be used to create forensic images, but it is not a proprietary tool since it is open-source. Memdump is used to collect the content within RAM on a given host. Autopsy is a cross-platform, open-source forensic tool suite.
Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise?
Software as a Service (SaaS)
Infrastructure as Code (IaC)
Infrastructure as a Service (IaaS)
Software Defined Networking (SDN)
Infrastructure as Code (IaC)
IaC is designed with the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise, and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities
IaC
the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise, and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities
Which analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat?
Lockheed Martin cyber kill chain
OpenIOC
MITRE ATT&CK framework
Diamond Model of Intrusion Analysis
MITRE ATT&CK framework
MITRE ATT&CK framework provides explicit pseudo-code examples for how to detect or mitigate a given threat within a network and ties specific behaviors back to individual actors
MITRE ATT&CK framework
MITRE ATT&CK framework provides explicit pseudo-code examples for how to detect or mitigate a given threat within a network and ties specific behaviors back to individual actors
Diamond Model of Intrusion
Diamond Model provides an excellent methodology for communicating cyber events and allowing an analyst to implicitly derive mitigation strategies.
Lockheed Martin cyber kill chain
Lockheed Martin cyber kill chain provides a general life cycle description of how attacks occur but does not deal with the specifics of how to mitigate
OpenIOC
contains a depth of research on APTs but does not integrate the detections and mitigation strategy.
A cybersecurity analyst is conducting an incident response at a government agency when she discovers that attackers had exfiltrated PII. Which of the following types of breaches has occurred?
Financial breach
Privacy breach
Proprietary breach
Integrity breach
Privacy breach
Dion Training wants to ensure that none of its computers can run a peer-to-peer file sharing program on its office computers. Which of the following practices should be implemented to achieve this?
MAC filtering
Application blacklisting
Enable NAC
Application whitelisting
Application blacklisting
Dion Training is using an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server then is able to exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret?
Kerberos
LDAP
RADIUS
PKI
RADIUS
The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications.
A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement?
MAC address filtering with IP filtering
WPA2 with a complex shared key
802.1x using EAP with MSCHAPv2
PKI with user authentication
802.1x using EAP with MSCHAPv2
Which of the following functions is not provided by a TPM?
User authentication
Remote attestation
Secure generation of cryptographic keys
Binding
Random number generation
Sealing
User authentication
Which of the following access control methods provides the most detailed and explicit type of access control over a resource?
RBAC
MAC
DAC
ABAC
ABAC
Attribute-based access control (ABAC) provides the most detailed and explicit type of access control over a resource because it is capable of making access decisions based on a combination of subject and object attributes, as well as context-sensitive or system-wide attributes
You are conducting an incident response and want to determine if any account-based indicators of compromise (IoC) exist on a compromised server. Which of the following would you NOT search for on the server?
Unauthorized sessions
Failed logins
Malicious processes
Off-hours usage
Malicious processes
A malicious process is one that is running on a system and is outside the norm.
Your coworker is creating a script to run on a Windows server using PowerShell. Which of the following file formats should the file be in?
sh
.py
.bat
.ps1
.ps1
Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
Whitelisting
VPN
Intrusion Detection System
MAC filtering
Whitelisting
Dion Training has an open wireless network called “InstructorDemos” for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the “InstructorDemos” network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor’s requirements and prevent students from using the “InstructorDemos” network?
NAT
QoS
Signal strength
MAC filtering
MAC filtering
Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?
Cross-site scripting
Missing patches
SQL injection
CRLF injection
Missing patches
A company’s NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data?
Enable NetFlow compression
Enable sampling of the data
Enable QoS
Enable full packet capture
Enable sampling of the data
Sampling can help them to capture network flows that could be useful without collecting everything passing through the sensor
A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?
Hashing the cookie value
Setting the secure attribute on the cookie
Forcing the use of SSL for the web application
Forcing the use of TLS for the web application
Setting the secure attribute on the cookie
You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?
WPA2
VPN
VLAN
MAC filtering
VLAN
You are working as a security administrator and need to respond to an ongoing spearphishing campaign against your organization. Which of the following should be used as a checklist of actions to perform in order to detect and resposd to this particular incident?
Incident response plan
Playbook
Runbook
DRP
Playbook
A playbook is a checklist of actions to perform to detect and respond to a specific type of incident
What containment techniques is the strongest possible response to an incident?
Isolating affected systems
Enumeration
Isolating the attacker
Segmentation
Isolating affected systems
Which of the following elements is LEAST likely to be included in an organization’s data retention policy?
Minimum retention period
Maximum retention period
Description of information that needs to be retained
Classification of information
Classification of information
Dion Training is using an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server then is able to exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret?
LDAP
PKI
Kerberos
RADIUS
RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications
Which of the following types of access control provides the strongest level of protection?
MAC
DAC
ABAC
RBAC
MAC
A corporate workstation was recently infected with malware. The malware was able to access the workstation’s credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to come up with a plan to prevent this type of issue from occurring again in the future. Which of the following would BEST prevent this from reoccurring?
Install an anti-virus or anti-malware solution that uses heuristic analysis
Monitor all workstations for failed login attempts and forward them to a centralized SYSLOG server
Install a host-based intrusion detection system on all of the corporate workstations
Install a Unified Threat Management system on the network to monitor for suspicious traffic
Install an anti-virus or anti-malware solution that uses heuristic analysis
The only solution provided that could STOP this from reoccurring would be to use an anti-virus or anti-malware solution with heuristic analysis. The other options might be able to monitor and detect the issue, but not stop it from spreading. Heuristic analysis is a method employed by many computer anti-virus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the wild
3.6 Obj: Given a scenario, apply cybersec solutions to the cloud
A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?
Forcing the use of SSL for the web application
Setting the secure attribute on the cookie
Hashing the cookie value
Forcing the use of TLS for the web application
Setting the secure attribute on the cookie
When a cookie has the Secure attribute, the user agent includes the cookie in an HTTP request only if the request is transmitted over a secure channel (typically HTTPS)
OBJ 3.2: Given a scenario, implement host or application security controls
The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server’s certificate?
Key escrow
CRL
CSR
OCSP
CSR
A CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate. Key escrow stores keys, CRL is a list of revoked certificate, and the OCSP is a status of certificates that provides validity such as good, revoked, or unknown
Obj 3.9: Given a scenario, implement public key infrastructure
Ryan needs to verify the installation of a critical Windows patch on his organization’s workstations. Which method would be the most efficient to validate the current patch status for all of the organization’s Windows 10 workstations?
Use SCCM to validate patch status for each machine on the domain
Create and run a PowerShell script to search for the specific patch in question
Conduct a registry scan of each workstation to validate the patch was installed
Check the Update History manually
Use SCCM to validate patch status for each machine on the domain
The Microsoft System Center Configuration Manager (SCCM) provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
OBJ: 3.2 Given a scenario, implement host or application security controls
