Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ Review > Implementation > Flashcards

Implementation Flashcards

1
Q

You are installing a new wireless network in your office building and want to ensure it is secure. Which of the following configurations would create the MOST secure wireless network?

WPA2 and RC4

WEP and TKIP

WPA and MAC filtering

WPA2 and AES

A

WPA2 and AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your company has an office in Boston and is worried that its employees may not reach the office during periods of heavy snowfall. You have been asked to select a technology that would allow employees to work remotely from their homes during poor weather conditions. Which of the following should you select?

VPN

IDS

VLAN

NAT

A

VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A firewall administrator has configured a new DMZ to allow public systems to be segmented from the organization’s internal network. The firewall now has three security zones set: Untrusted (Internet) [143.27.43.0/24]; DMZ (DMZ) [161.212.71.0/24]; Trusted (Intranet) [10.10.0.0/24]. The firewall administrator has been asked to enable remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ for the Chief Security Officer to work from his home office after hours. The CSO’s home internet uses a static IP of 143.27.43.32. The remote desktop server is assigned a public-facing IP of 161.212.71.14. What rule should the administrator add to the firewall?

Permit 143.27.43.32 161.212.71.14 RDP 3389

Permit 143.27.43.32 161.212.71.0/24 RDP 3389

Permit 143.27.43.0/24 161.212.71.0/24 RDP 3389

Permit 143.27.43.0/24 161.212.71.14 RDP 3389

A

Permit 143.27.43.32 161.212.71.14 RDP 3389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You want to provide controlled remote access to the remote administration interfaces of multiple servers hosted on a private cloud. What type of segmentation security solution is the best choice for this scenario?

Bastion hosts

Physical

Jumpbox

Airgap

A

Jumpbox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following ports should you block at the firewall if you want to prevent a remote login to a server from occurring?

110

23

443

25

A

23

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is the LEAST secure wireless security and encryption protocol?

WPA2

WPA

AES

WEP

A

WEP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following secure coding best practices ensures special characters like , /, and ‘ are not accepted from the user via a web form?

Session management

Input validation

Output encoding

Error handling

A

Input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why would a company want to utilize a wildcard certificate for their servers?

To increase the certificate’s encryption key length

To extend the renewal date of the certificate

To reduce the certificate management burden

To secure the certificate’s private key

A

To reduce the certificate management burden

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your company just installed a new webserver within your DMZ. You have been asked to open up the port for secure web browsing on the firewall. Which port should you set as open to allow users to access this new server?

80

443

21

143

A

443 (HTTPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You received an incident response report indicating a piece of malware was introduced into the company’s network through a remote workstation connected to the company’s servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?

SPF

MAC filtering

NAC

ACL

A

NAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are conducting an incident response and have traced the attack source to some compromised user credentials. After performing log analysis, you discover that the attack was successfully authenticated from an unauthorized foreign country. Your management is now asking for you to implement a solution to help mitigate this type of attack from occurring again. Which of the following should you implement?

Context-based authentication

Single sign-on

Password complexity

Self-service password reset

A

Context-based authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Pass Certs Fast corporation has recently been embarrassed by several high profile data breaches. The CIO proposes improving the company’s cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?

This approach assumes that the cloud will provide better security than is currently done on-site

This approach only changes the location of the network and not the attack surface of it

This is a reasonable approach that will increase the security of the servers and infrastructure

The company has already paid for the physical servers and will not fully realize their ROI on them due to the migration

A

This approach only changes the location of the network and not the attack surface of it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The management at Steven’s work is concerned about rogue devices being attached to the network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired network?

A physical survey

A discovery scan using a port scanner

Reviewing a central administration tool like a SCCM

Router and switch-based MAC address reporting

A

Router and switch-based MAC address reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You are configuring the ACL for the network perimeter firewall. You have just finished adding all the proper allow and deny rules. What should you place at the end of your ACL rules?

A time of day restriction

A SNMP deny string

An implicit deny statement

An implicit allow statement

A

An implicit deny statement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which authentication mechanism does 802.1x usually rely upon?

HOTP

RSA

EAP

TOTP

A

EAP

Extensible Authentication Protocol - A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key
infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are reviewing a rule within your organization’s IDS. You see the following output:-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET anymsg: “BROWSER-IE Microsoft Internet ExplorerCacheSize exploit attempt”;flow: to_client,established; file_data; content:”recordset”; offset:14; depth:9; content:”.CacheSize”; distance:0; within:100; pcre:”/CacheSize\s=\s/”; byte_test:10,>,0x3ffffffe,0,relative,string; max-detect-ips drop, service http; reference:cve,2016-8077; classtype: attempted-user; sid:65535;rev:1; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on this rule, which of the following malicious packets would this IDS alert on?

Any malicious outbound packets

An malicious inbound TCP packet

Any malicious inbound packets

An malicious outbound TCP packet

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In an effort to improve the security of the Dion Training corporate network, a security administrator wants to update the configuration of their wireless network to have IPSec built into the protocol by default. Additionally, the security administrator would like for NAT to no longer be required for extending the number of IP addresses available. What protocol should the administrator implement on the wireless network to achieve their goals?

IPv4

IPv6

WEP

WPA2

A

IPv6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following protocols is commonly used to collect information about CPU utilization and memory usage from network devices?

SNMP

MIB

NetFlow

SMTP

A

MIB (Management Information Base)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which operating system feature is designed to detect malware that is loaded early in the system startup process or before the operating system can load itself?

Advanced anti-malware

Startup Control

Measured boot

Master Boot Record analytics

A

Measured boot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A new security appliance was installed on a network as part of a managed service deployment. The vendor is who controls the appliance, and the IT team is not able to log in or configure it. The IT team is concerned about the appliance receiving necessary updates. Which of the following mitigations should be performed to minimize the concern for the appliance and updates?

Vulnerability scanning

Automatic updates

Scan and patch the device

Configuration management

A

Vulnerability scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following technologies is NOT a shared authentication protocol?

Facebook Connect

OpenID Connect

LDAP

OAuth

A

LDAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You need to determine the best way to test operating system patches in a lab environment prior to deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches prior to deployment?

Virtualization

Bypass testing and deploy patches directly into the production environment

Sandboxing

Purchase additional workstations

A

Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You suspect that your server has been the victim of a web-based attack. Which of the following ports would most likely be seen in the logs to indicate the target of the attack?

443

389

3389

21

A

443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following access control methods provides the most detailed and explicit type of access control over a resource?

DAC

MAC

ABAC

RBAC

A

ABAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Dion Training is using an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server then is able to exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret?

RADIUS

LDAP

PKI

Kerberos

A

RADIUS

The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications.The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

You are installing a new wireless network in your office building and want to ensure it is secure. Which of the following configurations would create the MOST secure wireless network?

WPA2 and AES

WEP and TKIP

WPA and MAC filtering

WPA2 and RC4

A

WPA2 and AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement?

WPA2 with a complex shared key

MAC address filtering with IP filtering

802.1x using EAP with MSCHAPv2

PKI with user authentication

A

802.1x using EAP with MSCHAPv2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A user reports that every time they try to access https://www.diontraining.com, they receive an error stating “Invalid or Expired Security Certificate”. The technician attempts to connect to the same site from other computers on the network, and no errors or issues are observed. Which of the following settings needs to be changed on the user’s workstation to fix the “Invalid or Expired Security Certificate” error?

UEFI boot mode

Date and time

User access control

Logon times

A

Date and time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement?

Utilize the key escrow process

Revoke the digital certificate

Deploy a new group policy

Create a new security group

A

Deploy a new group policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

William would like to use full-disk encryption on his laptop. He is worried about slow performance, though, so he has requested that the laptop have an onboard hardware-based cryptographic processor. Based on this requirement, what should William ensure the laptop contains?

AES

PAM

FDE

TPM

A

Trusted Platform Module (TPM) is a hardware-based cryptographic processing component that is a part of the motherboard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following functions is not provided by a TPM?

User authentication

Secure generation of cryptographic keys

Binding

Sealing

Random number generation

Remote attestation

A

User authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following tools could be used to detect unexpected output from an application being managed or monitored?

A log analysis tool

A signature-based detection tool

Manual analysis

A behavior-based analysis tool

A

A behavior-based analysis tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Your firewall is blocking outbound email traffic that is attempting to be sent. Which port should you verify is set to ALLOW in the firewall to ensure your emails are being sent?

80

143

25

22

A

25

Email servers rely on port 25 to send emails out of the network. Port 25 must be set to OPEN or ALLOW in the firewall in order for SMTP (sendmail transfer protocol) to function properly. Port 22 is SSH, Port 80 is HTTP, and Port 143 is IMAP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?

SSL certificates

RADIUS

CSMA/CA

WPA2 security key

A

RADIUS

Captive portals usually rely on 802.1x, and 802.1x uses RADIUS for authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What tool is used to collect wireless packet data?

John the Ripper

Nessus

Aircrack-ng

Netcat

A

Aircrack-ng

Aircrack-ng is a complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A hacker successfully modified the sale price of items purchased through your company’s web site. During the investigation that followed, the security analyst has verified the web server, and the Oracle database was not compromised directly. The analyst also found no attacks that could have caused this during their log verification of the Intrusion Detection System (IDS). What is the most likely method that the attacker used to change the sale price of the items purchased?

Cross-site scripting

Changing hidden form values

SQL injection

Buffer overflow attack

A

Changing hidden form values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Tim, a help desk technician, receives a call from a frantic executive who states that their company-issued smartphone was stolen during their lunch meeting with a rival company’s executive. Tim quickly checks the MDM administration tool and identifies that the user’s smartphone is still communicating with the MDM and displays the location of the device on a map. What should Tim do next to ensure the data on the stolen device remains confidential and inaccessible to the thief?

Remotely encrypt the device

Identify the IP address of the smartphone

Reset the device’s password

Perform a remote wipe of the device

A

Perform a remote wipe of the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever technically possible. What should you do?

Conduct remediation actions to update encryption keys on each server to match port 636

Change all devices and servers that support it to port 636 since encrypted services run by default on port 636

Change all devices and servers that support it to port 636 since port 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks

Mark this as a false positive in your audit report since the services that typically run on ports 389 and 636 are identical

A

Change all devices and servers that support it to port 636 since encrypted services run by default on port 636

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What technology is NOT PKI x.509 compliant and cannot be used in a variety of secure functions?

Blowfish

SSL/TLS

PKCS

AES

A

Blowfish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

You have been asked to recommend a capability to monitor all of the traffic entering and leaving the corporate network’s default gateway. Additionally, the company’s CIO requests the ability to block certain types of content before it leaves the network based on operational priorities. Which of the following solution should you recommend to meet these requirements?

Install a NIPS on the internal interface and a firewall on the external interface of the router

Install a firewall on the router’s internal interface and a NIDS on the router’s external interface

Installation of a NIPS on both the internal and external interfaces of the router

Configure IP filtering on the internal and external interfaces of the router

A

Install a NIPS on the internal interface and a firewall on the external interface of the router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which of the following identity and access management controls relies upon using a certificate-based authentication mechanism?

HOTP

TOTP

Smart card

Proximity card

A

Smart card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

You want to provide controlled remote access to the remote administration interfaces of multiple servers hosted on a private cloud. What type of segmentation security solution is the best choice for this scenario?

Airgap

Jumpbox

Physical

Bastion hosts

A

Jumpbox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which protocol relies on mutual authentication of the client and the server for its security?

RADIUS

Two-factor authentication

LDAPS

CHAP

A

LDAPS

The Lightweight Directory Access Protocol (LDAP) uses a client-server model for mutual authentication. LDAP is used to enable access to a directory of resources (workstations, users, information, etc). TLS provides mutual authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS, it provides mutual authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Your home network is configured with a long, strong, and complex pre-shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of “connected clients” and see that “Bob’s Laptop” is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the WPA2 password?

Disable WPA2

Disabled WPS

Enable WPA

Disable SSID broadcast

A

Disabled WPS

WPS was created to ease the setup and configuration of new wireless devices by allowing the router to automatically configure them after a short eight-digit PIN was entered. Unfortunately, WPS is vulnerable to a brute-force attack and is easily compromised. Therefore, WPS should be disabled on all wireless networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

While working as a security analyst, you have been asked to monitor the SIEM. You observed network traffic going from an external IP to an internal host’s IP within your organization’s network over port 443. Which of the following protocols would you expect to be in use?

TLS

TFTP

SSH

HTTP

A

TLS

Transport Layer Security (TLS) is used to secure web connections over port 443. Since port 443 was in use, you should expect either HTTPS, SSL, or TLS to be used as the protocol. If not, this would be suspicious activity and should be investigated. In fact, since this was a connection from the external IP to an internal host over port 443, this is suspicious and could be indicative of a remote access trojan on your host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

A cybersecurity analyst has deployed a custom DLP signature to alert on any files that contain numbers in the format of a social security number (xxx-xx-xxxx). Which of the following concepts within DLP is being utilized?

Document matching

Statistical matching

Exact data match

Classification

A

Exact data match

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Port 22

A

SCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Port 110

A

POP3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Port 161

A

SNMP

50
Q

Port 23

A

Telnet

51
Q

You have been asked to install a computer in a public workspace. The computer should only be used by an authorized user. Which of the following security requirements should you implement to prevent unauthorized users from accessing the network with this computer?

Remove the guest account from the administrator group

Disable single sign-on

Require authentication on wake-up

Issue the same strong and complex password for all users

A

Require authentication on wake-up

52
Q

Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should be able to obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should be able to access Dion Training’s secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?

MAC filtering

Create an ACL to allow access

Configure a SIEM

Implement NAC

A

Implement NAC

Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network.

53
Q

Which type of monitoring would utilize a network tap?

Router-based

SNMP

Active

Passive

A

Passive

54
Q

You are reviewing a rule within your organization’s IDS. You see the following output: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any msg: “BROWSER-IE Microsoft Internet Explorer CacheSize exploit attempt”; flow: to_client,established; file_data; content:”recordset”; offset:14; depth:9; content:”.CacheSize”; distance:0; within:100; pcre:”/CacheSize\s=\s/”; byte_test:10,>,0x3ffffffe,0,relative,string; max-detect-ips drop, service http; reference:cve,2016-8077; classtype: attempted-user; sid:65535;rev:1; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on this rule, which of the following malicious packets would this IDS alert on?

An malicious outbound TCP packet

Any malicious outbound packets

Any malicious inbound packets

An malicious inbound TCP packet

A

An malicious inbound TCP packet

55
Q

A financial services company wants to donate some old hard drives from their servers to a local charity, but they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use?

Zero-fill

Cryptographic erase

Overwrite

Secure erase

A

Cryptographic erase

56
Q

Port 1701

A

L2TP

57
Q

Port 3389

A

RDP

58
Q

Port 389

A

LDAP

59
Q

Port 88

A

Kerberos

60
Q

Dion Training has an open wireless network called “InstructorDemos” for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the “InstructorDemos” network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor’s requirements and prevent students from using the “InstructorDemos” network?

NAT

MAC filtering

QoS

Signal strength

A

MAC filtering

61
Q

Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?

MAC filtering

Intrusion Detection System

Whitelisting

VPN

A

Whitelisting

62
Q

Which of the following access control methods provides the most detailed and explicit type of access control over a resource?

DAC

MAC

ABAC

RBAC

A

ABAC

Attribute-based access control (ABAC) provides the most detailed and explicit type of access control over a resource because it is capable of making access decisions based on a combination of subject and object attributes, as well as context-sensitive or system-wide attributes. Information such as the group membership, the OS being used by the user, and even the IP address of the machine could be considered when granting or denying access.

63
Q

Dion Training is using an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server then is able to exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret?

RADIUS

LDAP

PKI

Kerberos

A

RADIUS

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple-A) management for users who connect and use a network service.

64
Q

You are installing a new wireless network in your office building and want to ensure it is secure. Which of the following configurations would create the MOST secure wireless network?

WPA2 and AES

WEP and TKIP

WPA and MAC filtering

WPA2 and RC4

A

WPA2 and AES

65
Q

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement?

WPA2 with a complex shared key

MAC address filtering with IP filtering

802.1x using EAP with MSCHAPv2

PKI with user authentication

A

802.1x using EAP with MSCHAPv2

66
Q

A user reports that every time they try to access https://www.diontraining.com, they receive an error stating “Invalid or Expired Security Certificate”. The technician attempts to connect to the same site from other computers on the network, and no errors or issues are observed. Which of the following settings needs to be changed on the user’s workstation to fix the “Invalid or Expired Security Certificate” error?

UEFI boot mode

Date and time

User access control

Logon times

A

Date and time

Since the technician can successfully connect to the website from other computers, it shows that the error is on the user’s computer. One of the common causes of an Invalid or Expired Security Certificate error is the clock on the user’s computer being wrong since the website security certificates are issued to be valid within a given date range.

67
Q

Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement?

Utilize the key escrow process

Revoke the digital certificate

Deploy a new group policy

Create a new security group

A

Deploy a new group policy

68
Q

William would like to use full-disk encryption on his laptop. He is worried about slow performance, though, so he has requested that the laptop have an onboard hardware-based cryptographic processor. Based on this requirement, what should William ensure the laptop contains?

AES

PAM

FDE

TPM

A

TPM

Trusted Platform Module (TPM) is a hardware-based cryptographic processing component that is a part of the motherboard. A Pluggable Authentication Module (PAM) is a device that looks like a USB thumb drive and is used as a software key in cryptography. Full Disk Encryption (FDE) can be hardware or software-based. Therefore, it isn’t the right answer. The Advanced Encryption System (AES) is a cryptographic algorithm. Therefore, it isn’t a hardware solution.

69
Q

Which of the following types of access control provides the strongest level of protection?

MAC

DAC

RBAC

ABAC

A

MAC

Mandatory Access Control (MAC) requires all access to be predefined based on system classification, configuration, and authentication. MAC is commonly used in highly centralized environments and usually relies on a series of labels, such as classification levels of the data.

70
Q

Which of the following functions is not provided by a TPM?

User authentication

Secure generation of cryptographic keys

Binding

Sealing

Random number generation

Remote attestation

A

User authentication

71
Q

Which of the following tools could be used to detect unexpected output from an application being managed or monitored?

A log analysis tool

A signature-based detection tool

Manual analysis

A behavior-based analysis tool

A

A behavior-based analysis tool

72
Q

Your firewall is blocking outbound email traffic that is attempting to be sent. Which port should you verify is set to ALLOW in the firewall to ensure your emails are being sent?

80

143

25

22

A

25

Email servers rely on port 25 to send emails out of the network. Port 25 must be set to OPEN or ALLOW in the firewall in order for SMTP (sendmail transfer protocol) to function properly. Port 22 is SSH, Port 80 is HTTP, and Port 143 is IMAP.

73
Q

You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever possible. What should you do?

Mark this as false positive in your audit report since the services that typically run on ports 389 and 636 are identical

Change all devices that support to to port 636 since sport 389 is a reserved port that requires root access and c an expose the server to privilege escalation

Conduct remediation actions to update encryption keys on each server to match port 636

Change all devices and servers that support it to port 636 since encrypted services run default on port 636

A

Change all devices and servers that support it to port 636 since encrypted services run default on port 636

74
Q

Riaan’s company runs critical web applications. During a vulnerability scan, Riaan found a serious SQL injection vulnerability in one of their web applications. The system cannot be taken offline to remediate the vulnerability. Which of the following compensating controls should Riaan recommend using until the system can be remediated?

Vulnerability scanning

WAF

IPS

Encryption

A

WAF

WAF (web application firewall) is the best option since it has the ability to serve as a compensating control and can protect against web application vulnerabilities like an SQL injection until the application can be fully remediated

75
Q

Your home network is configured with a long, strong, and complex pre-shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of “connected clients” and see that “Bob’s Laptop” is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the WPA2 password?

Disable WPA2
Disabled WPS
Disable SSID broadcast
Enable WPA

A

Disabled WPS

76
Q

You have been asked to provide some training to Dion Training’s system administrators about the importance of proper patching of a system prior to deployment. To demonstrate the effects of deploying a new system without patching it first, you ask for the system administrators to provide you with an image of a brand-new server they plan to deploy. How should you deploy the image to demonstrate the vulnerabilities that are being exposed while maintaining the security of the corporate network?

Utilize a server with multiple virtual machine snapshots installed o it, restore from a known compromised image, then scan it for vulnerabilities

Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities

Deploy the vulnerable image to a virtual machine on a physical server, create an ACL to restrict all incoming connections to the system, then scan it for vulnerabilities

Deploy the image to a brand new physical server, connect it to the corporate network, then conduct a vulnerability scan to demonstrate how many vulnerabilities are now on the network

A

Deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan it for vulnerabilities

77
Q

Which of the following features is supported by Kerberos, but not by RADIUS and Diameter?

Single sign-on capability
XML for cross-platform interoperability
Tickets used to identify authenticated users
Services for authentication

A

Tickets used to identify authenticated users

78
Q

Which of the following is not normally part of an endpoint security suite?

Anti-virus
VPN
Software firewall
IPS

A

VPN

A VPN is not typically considered an endpoint security tool because it is a network security tool.

79
Q

Marta’s organization is concerned with the vulnerability of a user’s account being vulnerable for an extended period of time if their password was compromised. Which of the following controls should be configured as part of their password policy to minimize this vulnerability?

Minimum password length
Password complexity
Password expiration
Password history

A

Password expiration

80
Q

Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?

Whitelisting
Intrusion Detection System
MAC filtering
VPN

A

Whitelisting

81
Q

You have been investigating how a malicious actor was able to exfiltrate confidential data from a web server to a remote host. After an in-depth forensic review, you determine that the web server’s BIOS had been modified by the installation of a rootkit. After you remove the rootkit and reflash the BIOS to a known good image, what should you do in order to prevent the malicious actor from affecting the BIOS again?

Utilize secure boot
Install an anti-malware application
Utilize file integrity monitoring
Install a host-based IDS

A

Utilize secure boot

82
Q

Dion Training has an open wireless network called “InstructorDemos” for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the “InstructorDemos” network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor’s requirements and prevent students from using the “InstructorDemos” network?

Signal strength
NAT
MAC filtering
QoS

A

MAC filtering

83
Q

Which type of monitoring would utilize a network tap?

Active
SNMP
Passive
Router-based

A

Passive

They conduct passive network monitoring and visibility without interfering with the network traffic itself.

84
Q

Which of the following policies should contain the requirements for removing a user’s access when an employee is terminated?

Data ownership policy
Data retention policy
Data classification policy
Account management policy

A

Account management policy

85
Q

An analyst is reviewing the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC control system. The open wireless network must remain openly available so that visitors are able to access the internet. How can this type of attack be prevented from occurring in the future?

Enable NAC on the open wireless network

Install an IDS to protect the HVAC system

Enable WPA2 security on the open wireless network

Implement a VLAN to separate the HVAC control system from the open wireless network

A

Implement a VLAN to separate the HVAC control system from the open wireless network

86
Q

A cybersecurity analyst is working for a university that is conducting a big data medical research project. The analyst is concerned about the possibility of an inadvertent release of PHI data. Which of the following strategies should be used to prevent this?

Use DevSecOps to build the application that processes the PHI

Conduct tokenization of the PHI data before ingesting it into the big data application

Utilize a SaaS model to process the PHI data instead of an on-premise solution

Utilize formal methods of verification against the application processing the PHI

A

Conduct tokenization of the PHI data before ingesting it into the big data application

87
Q

Which of the following access control methods utilizes a set of organizational roles in which users are assigned to gain permissions and access rights?

DAC
ABAC
MAC
RBAC

A

Role-based access control (RBAC)

88
Q

A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?

Setting the secure attribute on the cookie
Forcing the use of SSL for the web application
Forcing the use of TLS for the web application
Hashing the cookie value

A

Setting the secure attribute on the cookie

89
Q

The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server’s certificate?

Key escrow
CSR
OCSP
CRL

A

certificate signing request

90
Q

CSR

A

CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate.

91
Q

CRL

A

is a list of revoked certificate

92
Q

Which of the following proprietary tools is used to create forensic disk images without making changes to the original evidence?

Autopsy
FTK Imager
Memdump
dd

A

FTK Imager

FTK Imager can create perfect copies or forensic images of computer data without making changes to the original evidence. The forensic image is identical in every way to the original, including file slack and unallocated space or drive free space. The dd tool can also be used to create forensic images, but it is not a proprietary tool since it is open-source. Memdump is used to collect the content within RAM on a given host. Autopsy is a cross-platform, open-source forensic tool suite.

93
Q

Which of the following utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise?

Software as a Service (SaaS)
Infrastructure as Code (IaC)
Infrastructure as a Service (IaaS)
Software Defined Networking (SDN)

A

Infrastructure as Code (IaC)

IaC is designed with the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise, and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities

94
Q

IaC

A

the idea that a well-coded description of the server/network operating environment will produce consistent results across an enterprise, and significantly reduce IT overhead costs through automation while precluding the existence of security vulnerabilities

95
Q

Which analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat?

Lockheed Martin cyber kill chain
OpenIOC
MITRE ATT&CK framework
Diamond Model of Intrusion Analysis

A

MITRE ATT&CK framework

MITRE ATT&CK framework provides explicit pseudo-code examples for how to detect or mitigate a given threat within a network and ties specific behaviors back to individual actors

96
Q

MITRE ATT&CK framework

A

MITRE ATT&CK framework provides explicit pseudo-code examples for how to detect or mitigate a given threat within a network and ties specific behaviors back to individual actors

97
Q

Diamond Model of Intrusion

A

Diamond Model provides an excellent methodology for communicating cyber events and allowing an analyst to implicitly derive mitigation strategies.

98
Q

Lockheed Martin cyber kill chain

A

Lockheed Martin cyber kill chain provides a general life cycle description of how attacks occur but does not deal with the specifics of how to mitigate

99
Q

OpenIOC

A

contains a depth of research on APTs but does not integrate the detections and mitigation strategy.

100
Q

A cybersecurity analyst is conducting an incident response at a government agency when she discovers that attackers had exfiltrated PII. Which of the following types of breaches has occurred?

Financial breach
Privacy breach
Proprietary breach
Integrity breach

A

Privacy breach

101
Q

Dion Training wants to ensure that none of its computers can run a peer-to-peer file sharing program on its office computers. Which of the following practices should be implemented to achieve this?

MAC filtering
Application blacklisting
Enable NAC
Application whitelisting

A

Application blacklisting

102
Q

Dion Training is using an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server then is able to exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret?

Kerberos
LDAP
RADIUS
PKI

A

RADIUS

The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications.

103
Q

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement?

MAC address filtering with IP filtering
WPA2 with a complex shared key
802.1x using EAP with MSCHAPv2
PKI with user authentication

A

802.1x using EAP with MSCHAPv2

104
Q

Which of the following functions is not provided by a TPM?

User authentication
Remote attestation
Secure generation of cryptographic keys
Binding
Random number generation
Sealing

A

User authentication

105
Q

Which of the following access control methods provides the most detailed and explicit type of access control over a resource?

RBAC
MAC
DAC
ABAC

A

ABAC

Attribute-based access control (ABAC) provides the most detailed and explicit type of access control over a resource because it is capable of making access decisions based on a combination of subject and object attributes, as well as context-sensitive or system-wide attributes

106
Q

You are conducting an incident response and want to determine if any account-based indicators of compromise (IoC) exist on a compromised server. Which of the following would you NOT search for on the server?

Unauthorized sessions
Failed logins
Malicious processes
Off-hours usage

A

Malicious processes

A malicious process is one that is running on a system and is outside the norm.

107
Q

Your coworker is creating a script to run on a Windows server using PowerShell. Which of the following file formats should the file be in?

sh
.py
.bat
.ps1

A

.ps1

108
Q

Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?

Whitelisting
VPN
Intrusion Detection System
MAC filtering

A

Whitelisting

109
Q

Dion Training has an open wireless network called “InstructorDemos” for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the “InstructorDemos” network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor’s requirements and prevent students from using the “InstructorDemos” network?

NAT
QoS
Signal strength
MAC filtering

A

MAC filtering

110
Q

Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?

Cross-site scripting
Missing patches
SQL injection
CRLF injection

A

Missing patches

111
Q

A company’s NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data?

Enable NetFlow compression
Enable sampling of the data
Enable QoS
Enable full packet capture

A

Enable sampling of the data

Sampling can help them to capture network flows that could be useful without collecting everything passing through the sensor

112
Q

A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?

Hashing the cookie value
Setting the secure attribute on the cookie
Forcing the use of SSL for the web application
Forcing the use of TLS for the web application

A

Setting the secure attribute on the cookie

113
Q

You are working as a network administrator for Dion Training. The company has decided to allow employees to connect their devices to the corporate wireless network under a new BYOD policy. You have been asked to separate the corporate network into an administrative network (for corporate-owned devices) and an untrusted network (for employee-owned devices). Which of the following technologies should you implement to achieve this goal?

WPA2
VPN
VLAN
MAC filtering

A

VLAN

114
Q

You are working as a security administrator and need to respond to an ongoing spearphishing campaign against your organization. Which of the following should be used as a checklist of actions to perform in order to detect and resposd to this particular incident?

Incident response plan
Playbook
Runbook
DRP

A

Playbook

A playbook is a checklist of actions to perform to detect and respond to a specific type of incident

115
Q

What containment techniques is the strongest possible response to an incident?

Isolating affected systems
Enumeration
Isolating the attacker
Segmentation

A

Isolating affected systems

116
Q

Which of the following elements is LEAST likely to be included in an organization’s data retention policy?

Minimum retention period
Maximum retention period
Description of information that needs to be retained
Classification of information

A

Classification of information

117
Q

Dion Training is using an authentication protocol to connect a network client to a networked file server by providing its authentication credentials. The file server then uses the authentication credentials to issue an authentication request to the server running this protocol. The server then is able to exchange authentication messages with the file server on behalf of the client. Throughout this process, a shared secret is used to protect the communication. Which of the following technologies relies upon the shared secret?

LDAP
PKI
Kerberos
RADIUS

A

RADIUS

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. The RADIUS protocol utilizes an obfuscated password that is created from the shared secret and creates a MD5 hash of the authentication request to protect the communications

118
Q

Which of the following types of access control provides the strongest level of protection?

MAC
DAC
ABAC
RBAC

A

MAC

119
Q

A corporate workstation was recently infected with malware. The malware was able to access the workstation’s credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to come up with a plan to prevent this type of issue from occurring again in the future. Which of the following would BEST prevent this from reoccurring?

Install an anti-virus or anti-malware solution that uses heuristic analysis

Monitor all workstations for failed login attempts and forward them to a centralized SYSLOG server

Install a host-based intrusion detection system on all of the corporate workstations

Install a Unified Threat Management system on the network to monitor for suspicious traffic

A

Install an anti-virus or anti-malware solution that uses heuristic analysis

The only solution provided that could STOP this from reoccurring would be to use an anti-virus or anti-malware solution with heuristic analysis. The other options might be able to monitor and detect the issue, but not stop it from spreading. Heuristic analysis is a method employed by many computer anti-virus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the wild

3.6 Obj: Given a scenario, apply cybersec solutions to the cloud

120
Q

A web developer wants to protect their new web application from a man-in-the-middle attack. Which of the following controls would best prevent an attacker from stealing tokens stored in cookies?

Forcing the use of SSL for the web application
Setting the secure attribute on the cookie
Hashing the cookie value
Forcing the use of TLS for the web application

A

Setting the secure attribute on the cookie

When a cookie has the Secure attribute, the user agent includes the cookie in an HTTP request only if the request is transmitted over a secure channel (typically HTTPS)

OBJ 3.2: Given a scenario, implement host or application security controls

121
Q

The digital certificate on the Dion Training web server is about to expire. Which of the following should Jason submit to the CA in order to renew the server’s certificate?

Key escrow
CRL
CSR
OCSP

A

CSR

A CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate. Key escrow stores keys, CRL is a list of revoked certificate, and the OCSP is a status of certificates that provides validity such as good, revoked, or unknown

Obj 3.9: Given a scenario, implement public key infrastructure

122
Q

Ryan needs to verify the installation of a critical Windows patch on his organization’s workstations. Which method would be the most efficient to validate the current patch status for all of the organization’s Windows 10 workstations?

Use SCCM to validate patch status for each machine on the domain

Create and run a PowerShell script to search for the specific patch in question

Conduct a registry scan of each workstation to validate the patch was installed

Check the Update History manually

A

Use SCCM to validate patch status for each machine on the domain

The Microsoft System Center Configuration Manager (SCCM) provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.

OBJ: 3.2 Given a scenario, implement host or application security controls

Sec+ Review (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions