Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

sec+ fisher false prophet > maybe this one? > Flashcards

maybe this one? Flashcards

1
Q

A penetration tester has written an application that performs a bit-by- bit XOR 0xFF operation on
binaries prior to transmission over untrusted media. Which of the following BEST describes the action
performed by this type of application?

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company wants to ensure confidential data storage media is sanitized in such a way that the drive
cannot be reused. Which of the following methods should the technician use?

A

Shredding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is
looking for information about software versions on the network. Which of the following techniques is
the intruder using?

A

Banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following specifically describes the exploitation of an interactive process to access
otherwise restricted areas of the OS?

A

Pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When developing an application, executing a preconfigured set of instructions is known as:

A

A stored procedure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network administrator needs to allocate a new network for the R&D group. The network must not be
accessible from the internet, regardless of the network firewall or other external misconfigurations.
Which of the following settings should the network administrator implement to accomplish this?

A

Enable protected ports on the switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An application was recently compromised after some malformed data came in via a web form. Which of
the following would MOST likely have prevented this?

A

Input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When attackers use a compromised host as a platform for launching attacks deeper into a company’s
network, it is said that they are:

A

Pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A new Chief Information Officer has been reviewing the badging procedures and decides to write a
policy that all employees must have their badges rekeyed at least annually. Which of the following
controls BEST describes this policy?

A

Administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following refers to the term used to restore a system to its operational state?

A

RPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A security manager is creating an account management policy for a global organization with sales
personnel who must access corporate network resources while traveling all over the world. Which of the
following practices is the security manager MOST likely to enforce with the policy? (Select TWO)

A

Password complexity

Group-based access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following would provide additional security by adding another factor to a smart card?

A

PIN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security analyst is mitigating a pass-the- hash vulnerability on a Windows infrastructure. Given the
requirement, which of the following should the security analyst do to MINIMIZE the risk?

A

Disable NTLM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

14.) A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The
main culprit of CPU utilization is the antivirus program. Which of the following issues could occour if left
unresolved?(Select TWO)

A

DoS attack

Resource exhaustion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A company has a data classification system with definitions for “Private” and “Public.” The company’s
security policy outlines how data should be protected based on type. The company recently added the
data type “Proprietary” which of the following is the MOST likely reason the company added this data
type.

A

More searchable data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A computer emergency response team is called at midnight to investigate a case in which a mail server
was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an
active connection. Which of the following is the NEXT step the team should take?

A

Perform a containment procedure by disconnecting the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A security engineer must install the same x.509 certificate on three different servers. The client
application that connects to the server performs a check to ensure the certificate matches the host
name. Which of the following should the security engineer use?

A

Certificate chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following BEST describes an important security advantage yielded by implementing vendor
diversity?

A

Resiliency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

20.) Which of the following differentiates a collision attack from a rainbow table attack?

A

A rainbow table attack performs a hash lookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Ransomware is detected on a database administrators workstation. Which of the following forensic
procedures should be performed FIRST to mitigate the threat?

A

Capture volatile memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Ann, a new security specialists, is attempting to access the internet using the company’s open wireless
network. The wireless network is not encrypted, however, once associated, Ann cannot access the
internet or other resources. In an attempt to troubleshoot, she scans the wireless network with NMAP
and discovers the firewall is the only other device on the wireless network. Which of the following BEST
describes the company’s wireless network situation?

A

The company uses VPN to authenticate and encrypt connections and traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

RJ-45 ports have been implemented on an embedded system to allow engineers more convenient
access. The network administrator has concerns regarding placing the equipment on the internal
network and exposing the devices. Which of the following would BEST meet both concerns if the
equipment is placed on the internal network?

A

Create a separate network segment for the equipment that only the engineers can access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following threats is BEST mitigated by application hardening and patching rather than
security training?

A

Software exploits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A security administrator generates a key pair and sends one key inside a request file to a third party. The
third party sends back a signed file. In this scenario, the key sent to the third party is called a:

A

Public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

An attacker drives past a company, captures the name of the WiFi network and locates a coffee shop
near the company. The attacker creates a mobile hotspot with the same name as the company’s WiFi.
Which of the following Best describes this wireless attack?

A

Evil twin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A developer needs to store sensitive employee information on a backend database. The sensitive
database records must be accessed by a public web server in the DMZ. Which of the following should be
implemented to secure the sensitive information stored in the database?

A

Store the sensitive records using irreversible encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

To protect the confidentiality of a VPN session key, the administrator copies the key to a USB drive and
ships it overnight to a remote location. This type of key exchange is BEST described as:

A

Out-of- band

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A company is experiencing problems with performance and downtime because application updates and
patching are being conducted on production systems during business hours. Users and other IT staff are
not being notified of the updates. Which of the following should be instituted to BEST resolve the
problems?

A

Change management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A Linux server using TCP wrappers is utilized in a SCADA environment. Which of the following entries
should be placed in the hosts.allow file to allow access on port 22 for a client at 192.168.14.127?

A

In.ssh 192.168.14.127

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A service desk manager is developing an SLA to be used with a new customer. As part of the SLA, various
metrics regarding uptime, responsiveness, and remediation are being identified. Given the manager’s
unfamiliarity with the products being supported, which of the following metrics would be MOST
important to solicit from the customer to determine how much downtime should be expected?

A

MTBF, MTTF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Members of a production team have been using the username and password of Ann, and employee, to
log into their workstations because Ann has elevated privileges. The administrator wants to prevent
unauthorized users from logging in with false credentials, while still allowing Ann to continue to utilize
her provided equipment. Which of the following should the administrator configure to achieve this?

A

Authorized workstations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A company needs to adopt a single tenant CSP due to strict regulatory compliance issues. The company
wants the CSP to be available at all times and accessible from anywhere over the internet. Which of the
following solutions should the company adopt?

A

Private cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A security administrator spots the following log entry fragment on a web server:
GET /home.aspx?id=

alert(document.cookie)

Which of the following types of attacks was attempted?
A

Cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A systems administrator wants to install a new PKI certificate on a web server. The administrator creates
a CSR. Which of the following should the administrator send to the CA to issue a trusted certificate?

A

The web server’s public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A malicious user attempts to access a company’s wireless network from the parking lot. Upon launching
the wireless network from the parking lot. Upon launching the wireless scanner, the malicious user
activates the SSID decloak feature and views many other SSID’s. However, the company’s SSID does not
appear as an available network in the tool. Which of the following is preventing the malicious user form
scanning the company’s wireless network?

A

Low-power directional antennas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A new security policy being implemented requires all email within the organization be digitally signed by
the author using PGP. Which of the following would needs to be created for each user?

A

A public and private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

While responding to an incident on a Linux server, the administrator needs to disable unused services.
Which of the following commands can be used to see processes that are listening on a TCP port?

A

Lsof

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the
computer is in use. Which of the following can be implemented

A

Cluster tip wiping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which of the following access controls enforces permissions based on data labeling at specific levels?

A

Mandatory access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A security technician would like an application to use random salts to generate short lived encryption
leys during the secure communication handshake process to increase communication security. Which of
the following concepts would BEST meet this goal?

A

Symmetric Encryption Keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets
to a competitor. Joe had already been working for two hours before leaving the premises.
A security technician was asked to prepare a report of files that had changed since last night’s integrity
scan.
Which of the following could the technician use to prepare the report? (Select TWO).

A

MD5

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

A breach at a credit card company resulted in customers credit card information being exposed . The
company has conducted a full forensic investigation and identified the source of the breach. Which of
the following should the company do NEXT?

A

Implement damage and loss control procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

A security administrator discovered that all communication over the company’s encrypted wireless
network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted
in an attempt to steal other employee’s credentials. Which of the following technology is MOST likely in
use on the company’s wireless?

A

WEP 128-PSK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

An administrator is implementing a new management system for the machinery on the company’s
production line. One requirement is that the system only be accessible while within the production
facility. Which of the following will be the MOST effective solution in limiting access based on this
requirement?

A

Access control list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which of the following is a security concern regarding users bringing personally-owned devices that they
connect to the corporate network?

A

Lack of controls in place to ensure that the devices have the latest system patches and signature files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which of the following offerings typically allows the customer to apply operating system patches?

A

Infrastructure as a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

A thief has stolen mobile device and removed its battery to circumvent GPS location tracking. The device
user is a four digit PIN. Which of the following is a mobile device security control that ensures the
confidentiality of company data?

A

Full device encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was
attempting to break out of a rootjail. Which of the following lines in the user’s history log shows
evidence that the user attempted to escape the rootjail?

A

cd ../../../../bin/bash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Due to issues with building keys being duplicated and distributed, a security administrator wishes to
change to a different security control regarding a restricted area. The goal is to provide access based
upon facial recognition. Which of the following will address this requirement?

A

Place a guard at the entrance to approve access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Anne an employee receives the following email:
From: Human Resources
To: Employee
Subject: Updated employee code of conduct
Please click on the following link: http//external.site.com/codeofconduct.exe to review the updated
code of conduct at your earliest convenience.
After clicking the email link, her computer is compromised. Which of the following principles of social
engineering was used to lure Anne into clicking the phishing link in the above email?

A

Familiarity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which of the following is an XML based open standard used in the exchange of authentication and
authorization information between different parties?

A

SAML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

A security administrator must implement a network that is immune to ARP spoofing attacks. Which of
the following should be implemented to ensure that a malicious insider will not be able to successfully
use ARP spoofing techniques?

A

IPv6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent
penetration test reveals vulnerabilities on the network. Which of the following has been reported by the
vulnerability scan?

A

False negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

A company used a partner company to develop critical components of an application. Several
employees of the partner company have been arrested for cybercrime activities. Which of the following
should be done to protect the interest of the company?

A

Perform a penetration test against the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

A recently installed application update caused a vital application to crash during the middle of the
workday. The application remained down until a previous version could be reinstalled on the server, and
this resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?

A

Application patch management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

A systems administrator has implemented PKI on a classified government network. In the event that a
disconnect occurs from the primary CA, which of the following should be accessible locally from every
site to ensure users with bad certificates cannot gain access to the network?

A

A CRL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

The loss prevention department has purchased a new application that allows the employees to monitor
the alarm systems at remote locations. However, the application fails to connect to the vendor’s server
and the users are unable to log in. Which of the following are the MOST likely causes of this issue?
(Select TWO).

A

URL filtering

Firewall rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which of the following steps in incident response procedures entails of the incident and identification of
knowledge gained that can be applied to future handling of incidents?

A

Lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Which of the following protocols operates at the HIGHEST level of the OSI model?

A

SCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

An administrator implements SELinux on a production web server. After implementing this, the web
server no longer serves up files from users’ home directories. To rectify this, the administrator creates a
new policy as the root user. This is an example of which of the following? (Select Two).

A

Enforcing SELinux in the OS kernel is mandatory access control
The policy added by the root user is rule-based access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Which of the following documents outlines the technical and security requirements of an agreement
between organizations?

A

ISA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which of the following is a penetration testing method?

A

Calling the target’s helpdesk, requesting a password reset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which of the following types of technologies is used by security and research personnel for
identification and analysis of new security threats in a networked environment by using false data/hosts
for information collection?

A

Honeynet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

When confidentiality is the primary concern, and a secure channel for key exchange is not available,
which of the following should be used for transmitting company documents?

A

Asymmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

A new web server has been provisioned at a third party hosting provider for processing credit card
transactions. The security administrator runs the netstat command on the server and notices that ports
80, 443 and 3389 are in listening state. No other ports are open. Which of the following services should
be disabled to ensure secure communications?

A

HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

A security administrator must implement a network that is immune to ARP spoofing attacks. Which of
the following should be implemented to ensure that a malicious insider will not be able to successfully
use ARP spoofing techniques?

A

IPv6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

After working on his doctoral dissertation for two years, Joe, a user, is unable to open his dissertation
file. The screen shows a warning that the dissertation file is corrupted because it is infected with a
backdoor, and can only be recovered by upgrading the antivirus software from the free version to the
commercial version. Which of the following types of malware is the laptop MOST likely infected with?

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

The loss prevention department has purchased a new application that allows the employees to monitor
the alarm systems at remote locations. However, the application fails to connect to the vendor’s server
and the users are unable to log in. Which of the following are the MOST likely causes of this issue?

A

URL filtering

Firewall Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Joe must send Ann a message and provide Ann with assurance that he was the actual sender. Which of
the following will Joe need to use to BEST accomplish the objective?

A

His private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Which of the following protocols is MOST likely to be leveraged by users who need additional
information about another user?

A

LDAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

A retail store uses a wireless network for its employees to access inventory from anywhere in the store.
Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to
harden the network. During the site survey, the consultant discovers that the network was using WEP
encryption. Which of the following would be the BEST course of action for the consultant to
recommend?

A

Change the encryption used so that the encryption protocol is CCMP-based.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

A security team has established a security awareness program. Which of the following would BEST prove
the success of the program?

A

Metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Which of the following should an administrator implement to research current attack methodologies?

A

Honeypot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

After analyzing and correlating activity from multiple sensors, the security administrator has determined
that a group of very well organized individuals from an enemy country is responsible for various

attempts to breach the company network, through the use of very sophisticated and targeted attacks.
Which of the following is this an example of?

A

Advanced persistent threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Which of the following types of attacks involves interception of authentication traffic in an attempt to
gain unauthorized access to a wireless network?

A

IV attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Alice, a security analyst, is reviewing logs from hosts across the Internet which her company uses to
gather data on new malware. Which of the following is being implemented by Alice’s company?

A

Honeynet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

A company is looking to improve their security posture by addressing risks uncovered by a recent
penetration test. Which of the following risks is MOST likely to affect the business on a day-to- day basis?

A

Lack of antivirus software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Which system should you implement if you want to create a file system access control model where you
can label files as “Secret” Confidential”
Restricted
Unclassified

A

Trusted OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Bob, an employee, was escorted from the company premises due to suspicion of revealing trade secrets
to a competitor. Bob had already been working for two hours before leaving the premises. A security
technician was asked to prepare a report of files that had changed since last night;s integrity scan. Which
of the following could the technician use to prepare the report? (Select TWO).

A

MD5

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Which is the hardest to crack and requires both parties to exchange the encryption key before
communicating?

A

One-time pads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Bob needs to send Sally a digitally signed and encrypted email. Which algorithms and keys is used to
complete these actions?

A

Sally’s public key to encrypt using 3DES, Bob’s private key to sign using SHA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

order to digitally sign your emails with PGP, what needs to be created first?

A

A public and private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

85.) If you need to look at a former employee’s email for a court case but the emails have been deleted, you
should take a look at your?

A

Data retention policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Which of the following can be used to ensure that sensitive records stored on a backend server can only
be accessed by a front end server with the appropriate record key?

A

File encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

In order to secure additional budget, a security manager wants to quantify the financial impact of a one-
time compromise. Which of the following is MOST important to the security manager?

A

SLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

A security technician is implementing PKI on a Network. The technician wishes to reduce the amount of
bandwidth used when verifying the validity of a certificate. Which of the following should the technician
implement?

A

CRL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

An access point has been configured for AES encryption but a client is unable to connect to it. Which of
the following should be configured on the client to fix this issue?

A

CCMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

A company wants to improve its overall security posture by deploying environmental controls in its
datacenter. Which of the following is considered an environmental control that can be deployed to meet
this goal?

A

Proximity readers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Ann, a security administrator, is strengthening the security controls of the company’s campus. Her goal
is to prevent people from accessing open locations that are not supervised, such as around the receiving
dock. She is also concerned that employees are using these entry points as a way of bypassing the
security guard at the main entrance. Which of the following should Ann recommend that would BEST
address her concerns?

A

Build fences around campus with gate entrances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

A security administrator is responsible for ensuring that there are no unauthorized devices utilizing the
corporate network. During a routine scan, the security administrator discovers an unauthorized device
belonging to a user in the marketing department. The user is using an android phone in order to browse
websites. Which of the following device attributes was used to determine that the device was
unauthorized?

A

A MAC address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

A security administrator is notified that users attached to a particular switch are having intermittent
connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack.
Which of the following could be utilized to provide protection from this type of attack?

A

Configure flood guards on the switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

A software security concern when dealing with hardware and devices that have embedded software or
operating systems is:

A

The vendor may not have a method for installation of patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Ann a technician received a spear-phishing email asking her to update her personal information by
clicking the link within the body of the email. Which of the following type of training would prevent Ann
and other employees from becoming victims to such attacks?

A

Personal identifiable information

95
Q

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

A

Install a digital certificate on the authentication server

96
Q

A system administrator needs to implement 802.1x whereby when a user logs into the network the
authentication server communicates with a switch and assigns the user to the proper VLAN. Which of
the following protocols should be used?

A

RADIUS

97
Q

Which of the following can be provided to an AAA system for the identification phase?

A

Username

98
Q

A security administrator is notified that users attached to a particular switch are having
intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP
spoofing attack. Which of the following could be utilized to provide protection from this type of attack?

A

Configure flood guards on the switch

99
Q

The Chief Information Security Officer is concerned that users could bring their personal laptops
to work and plug them directly into the network ports under their desks. Which of the following should
be configured on the network switch to prevent this from happening?

A

Port security

100
Q

Recently, several employees were victims of a phishing email that appeared to originate from
the company president. The email claimed the employees would be disciplined if they did not click on a
malicious link in the message. Which of the following principles of social engineering made this attack
successful?

A

Authority

101
Q

Which of the following would enhance the security of accessing data stored in the cloud? (select
two)

A

SAML authentication

Multifactor authentication

102
Q

A dumpster driver recovers several hard drives from a company and is able to obtain
confidential data from one of the hard drives. The company then discovers its information is posted
online. Which of the following methods would have MOST likely prevented the data from being
exposed?

A

Using magnetic fields to erase the data

103
Q

Ann, a systems administrator, is installing an extremely critical system that can support zero
downtime. Which of the following BEST describes the type of system Ann is installing?

A

High availability

104
Q

An administrator has to determine host operating systems on the network and has deployed a
transparent proxy. Which of the following fingerprint types would this solution use?

A

Passive

105
Q

An administrator needs to protect against downgrade attacks due to various vulnerabilities in
SSL/TLS. Which of the following actions should be performed? (select Two)

A

Request a new certificate from the CA

Add the old certificate to the CRL

106
Q

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

A

Install a digital certificate on the authentication server

107
Q

The security manager must store a copy of a sensitive document and needs to verify at a later
point in time that the document has not been altered. Which of the following will accomplish the
security manager’s objective?

A

MD5

108
Q

An organization currently employs signature-based NIPS and a firewall, though a recent
penetration test demonstrated this existing implementation is insufficient. Which of the following
represents the BEST approach to reduce risk?

A

Deploy technologies that will detect and stop deviations from normal

109
Q

An administrator is instructed to disable IP-directed broadcasts on all routers in an organization.
Which of the following attacks does this prevent?

A

Smurf

110
Q

Which of the following can be used for both encryption and digital signatures?

A

RSA

111
Q

A security technician would like to obscure sensitive data within a file so it can be transferred
without causing suspicion. Which of the following technologies would be BEST suited to accomplish this?

A

Steganography

112
Q

A security administrator is reviewing the following log from the company’s UTM, which is
installed at the network perimeter
PERMIT 172.165.143.5:80 192.168.2.6:1020 FIN
PERMIT 10.76.23.5:42331 192.168.1.4:80 SYN
PERMIT 192.168.1.4:80 10.76.23.5:42331 SYN/ACK
PERMIT 10.76.23.5:42331 192.168.1.4:80 ACK
DENY 10.100.34.5:1331 192.168.3.10:445 ACK
PERMIT 172.132.5.6:1432 192.168.3.2:80 SYN
Given the following additional information:
Guess Network: 192.168.1.0/24
User Network: 192.168.2.0/24
Server Network: 192.168.3.0/24
Which of the following should the security administrator recommend?

A

Block incoming traffic to the guest network

113
Q

A vice president at a manufacturing organization is concerned about desktops being connected
to the network. Employees need to log onto the desktops’ local account to verify that a product is being
created within specifications, otherwise, the desktops should be as isolated as possible. Which of the
following is the BEST way to accomplish this?

A

Create a separate VLAN for the desktops

114
Q

An administrator has configured a new Linux server with the FTP service. Upon verifying that the
service was configured correctly, the administrator has several users test the FTP service. Users report
that they are able to connect to the FTP service and download their personal files, however, they cannot
transfer new files to the server. Which of the following will MOST likely fix the uploading issue for the
users?

A

Set the Boolean SELinux value to allow FTP home directory uploads

115
Q

The Chief Information Office has asked a security analyst to determine the estimated costs
associated with each potential breach of the database that contains customer information. Which of the
following is the risk calculation the CIO is asking for?

A

SLE

116
Q

An employer requires that employees use a key-generating app on their smart phones to log
into corporate applications. In terms of authentication to the individual, this type of access policy is BEST
defined as:

A

Something you have

117
Q

A project manager is working with an architectural firm that focuses on physical security. The
project manager would like to provide requirements that support the primary goal of safety. Based on
the project manager’s desires, which of the following controls would be BEST to incorporate into the
facility design?

A

Escape routes

118
Q

A small company has recently purchased cell phones for managers to use while working outside
of the office. The company does not currently have a budget for mobile device management and is
primarily concerned with deterring leaks of sensitive information obtained by unauthorized access to

unattended phones. Which of the following would provide the solution that BEST meets the company’s
requirements?

A

Screen lock

119
Q

Which of the following attack types is being carried out when a target is being sent unsolicited
messages via Bluetooth?

A

Bluejacking

120
Q

When analyzing the behavior of a malicious piece of software, which of the following
environments should be used?

A

Sandbox

121
Q

An employee needs to connect to a server using a secure protocol on the default port. Which of
the following ports should be used?

A

22

122
Q

Which of the following technologies would be MOST appropriate to utilize when testing a new
software patch before a company-wide deployment?

A

Virtualization

123
Q

Which of the following would an attacker use to generate and capture additional traffic prior to
performing an IV attack?

A

Dictionary attack

124
Q

A company executive’s laptop was compromised leading to a security breach. The laptop was
placed into storage by a junior system administrator and was subsequently wiped and reimaged. When
it was determined that the authorities would need to be involved, there was little evidence to present to
the investigators. Which of the following procedures should have been implemented to aid the
authorities in their investigation?

A

A system image should have been created and stored

125
Q

An administrator wants to establish a WiFi network using a high gain directional antenna with a
narrow radiation pattern to connect two buildings separated by a very long distance. Which of the
following antennas would be BEST for this situation?

A

Yagi

126
Q

Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for
a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a
system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this
server?

A

$5,000

127
Q

The Chief Information Officer (CIO) has asked a security analyst to determine the estimated
costs associated with each potential breach of their database that contains customer information.
Which of the following is the risk calculation that the CIO is asking for?

A

SLE

128
Q

A system administrator wants to confidentially send a user name and password list to an
individual outside the company without the information being detected by security controls. Which of
the following would BEST meet this security goal?

A

Steganography

129
Q

Which of the following provides the strongest authentication security on a wireless network?

A

WPA2

130
Q

A security administrator is notified that users attached to a particular switch are having
intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP
spoofing attack. Which of the following could be utilized to provide protection from this type of attack?

A

Configure flood guards on the switch

131
Q

An administrator has to determine host operating systems on the network and has deployed a
transparent proxy. Which of the following fingerprint types would this solution use?

A

Passive

132
Q

Which of the following ports is used for TELNET by default?

A

23

133
Q

Which of the following can be used to ensure that sensitive records stored on a backend server
can only be accessed by a front end server with the appropriate record key?

A

File encryption

134
Q

A system administrator is configuring UNIX accounts to authenticate against an external server.
The configuration file asks for the following information DC=ServerName and DC=COM. Which of the
following authentication services is being used?

A

LDAP

135
Q

Which of the following is an XML based open standard used in the exchange of authentication
and authorization information between different parties?

A

SAML

136
Q

Which of the following is an authentication method that can be secured by using SSL?

A

LDAP

137
Q

Ann a member of the Sales Department has been issued a company-owned laptop for use when
traveling to remote sites. Which of the following would be MOST appropriate when configuring security
on her laptop?

A

Configure the laptop with a BIOS password

138
Q

An overseas branch office within a company has many more technical and non-technical
security incidents than other parts of the company. Which of the following management controls should
be introduced to the branch office to improve their state of security?

A

Continuous security monitoring process

139
Q

When designing a new network infrastructure, a security administrator requests that the
intranet web server be placed in an isolated area of the network for security purposes. Which of the
following design elements would be implemented to comply with the security administrator’s request?

A

DMZ

140
Q

Which of the following can be used to maintain a higher level of security in a SAN by allowing
isolation of mis-configurations or faults?

A

VSAN

141
Q

A company determines a need for additional protection from rogue devices plugging into
physical
ports around the building. Which of the following provides the highest degree of protection from
unauthorized wired network access?

A

802.1x

142
Q

An access point has been configured for AES encryption but a client is unable to connect to it.
Which of the following should be configured on the client to fix this issue?

A

CCMP

143
Q

Which of the following is the BEST concept to maintain required but non-critical server
availability?

A

Warm site

144
Q

Virutalization would provide an ROI when implemented under which of the following situations?

A

Multiple existing but underutilized physical servers

145
Q

Which of the following remote authentication methods uses a reliable transport layer protocol
for communication?

A

TACACS+

146
Q

An administrator wants to restrict traffic between two VLANs. The network devices connecting
the two VLANs are layer 3 switches. Which of the following should the admin configure?

A

ACL

147
Q

A security architect is choosing a cryptographic suite for the TLS 1.2 configuration for a new
web-based financial management application that will be used heavily by mobile devices. Which of the
following would be the architects MOST secure selection for both key exchange and the session key
algorithms? (Select Two)

A

3DES

ECDHE

148
Q

A security administrator creates separate VLANs for employee devices and HVAC equipment
that is network attached. Which of the following are security reasons for this design? ( Select Three)

A

Broadcasts from HVAC equipment will be confined to their own network segment
HVAC equipment can be isolated from compromised employee workstations
Access to and from the HVAC equipment can be more easily controlled

149
Q

A security administrator is reviewing the password security configuration of a company’s
directory service domain. The administrator recognizes that the domain controller has been configured
to store LM hashes. Which of the following explains why the domain controller might be configured like
this? (Select TWO)

A

Default configuration

Backward compatibility

150
Q

A finance manager is responsible for approving wire transfers and processing the transfers using
the software provided by the company’s bank. A number of discrepancies have been found related to
the wires in a recent financial audit and the wires appearance to be fraudulent. Which of the following
controls should be implemented to reduce the likelihood of fraud related to the use of wire transfers?

A

Separation of duties

151
Q

The security manager has learned a user inadvertanly sent encrypted PII to an incorrect
distribution group. The manager has instructed the user to immediately recall the message. Recipients
are instructed to delete the email from all queues and devices. This is an example of which of the
following incident response procedures

A

Mitigation

152
Q

Joe, a system administrator, configured a device to block network traffic from entering the
network. The configuration consisted of zero-day exploit awareness at the application layer of the OSI
model. The exploit signatures have been seen on the internet daily. Which of the following does this
describe?

A

NIPS

153
Q

An organization is developing a plan to ensure an earthquake at a datacenter does not disrupt
business. The organization has identified all the critical applications within the datacenter, determining
the financial loss of an outage of different duration for each application. This effort is known as a

A

Disaster recovery

154
Q

From a network security point of view, the primary reason to implement VLANs is to

A

Provide network segmentation

155
Q

A network administrator is configuring a web server to ensure the use of only strong ciphers.
Which of the following stream ciphers should the administrator configure?

A

RC4

156
Q

An engineer is designing a system that needs the fastest encryption possible due to system
requirements. Which of the following should the engineer use?

A

RSA-1024

157
Q

An organization’s security policy requires secure file transfers to and from internal hosts. An
employee is attempting to upload a file using an unsecured method to a Linux-based dedicated file
server and fails. Which of the following should the employee use to transfer the file?

A

SCP

158
Q

A security administrator suspects that a server has been compromised with zero-day malware,
and that it is now being used to host various copyrighted material, which is being shared through an IRC
network. Which of the following should the system administrator use to determine if the server has
been compromised?

A

Baseline

159
Q

Which of the following BEST describes the benefits of using Extended Validation?

A

The website provider demonstrates an additional level of trust

160
Q

Which of the following is susceptible to an attack that can obtain the wireless password by
brute-forcing a 4-digit PIN followed by a 3-digit PIN?

A

WPS

161
Q

A server administrator is investigating a breach and determines an attacker modified the
application log to obscure the attack vector. During the lessons learned activity, the facilitator asks for a
mitigation response to protect the integrity of the logs should a similar attack occur. Which of the
following mitigations would be MOST appropriate to fulfill the requirement?

A

Enterprise SIEM

162
Q

In order to comply with new auditing standards, a security administrator must be able to
complete system security alert logs directly with the employee who triggers the alert. Which of the
following should the security administrator implement in order to meet this requirement?

A

Elimination of shared accounts

163
Q

On a campus network, users frequently remove the network cable from desktop NIC’s and plug
personal laptops into the school network. Which of the following could be used to reduce the likelihood
of unauthorized laptops on the campus network?

A

Port security

164
Q

An employee is using company time and assets to use a third party tool to share downloadable
media with other users around the world. Sharing downloadable media is not expressly forbidden in the

company security policy or acceptable use policy. Which of the following BEST describes what the
security staff should consider adding to these policies?

A

P2P

165
Q

The network administrator wants to assign VLANs based on which user is logging into the
network. Which of the following should the administrator use to accomplish this? (select Two)

A

MAC filtering

802.1x

166
Q

An application is performing slowly. Management asks the security team to determine if a
security compromise is the underlying cause. The security team finds two processes with high resource
utilization. Which of the following actions should the team take NEXT?

A

Conduct a baseline comparison

167
Q

A company implemented a public-facing authentication system that uses PKI and extended
attributes to allow third-party, web-based application integration. This is an example of which of the
following? (select three)

A

Federation
Two-factor authentication
Single sign-on

168
Q

An employee connects to a public wireless hotspot during a business trip. The employee
attempts to go to a secure website but instead connects to an attacker who is performing a MITM
attack. Which of the following should the employee do to mitigate the vulnerability described In the
scenario?

A

Connect to a VPN when using public wireless networks

169
Q

Joe, a security administrator, recently configured a method of secure access for remote
administration of network devices. When he attempts to connect to an access layer switch in the
organization from outside the network he is unable to successfully connect. Which of the following ports
should be open on the firewall for Joe to successfully connect to the switch?

A

TCP 161

170
Q

Which of the following is a suitable method of checking for revoked certificates in a client/server
environment with connectivity to the issuing PKI?

A

CRL

171
Q

During an audit of a software development organization, an auditor finds the organization did
not properly follow industry best practices, including peer review and board approval, prior to moving
applications into the production environment. The auditor recommends adopting a formal process
incorporating these steps. To remediate the finding, the organization implements

A

Change management

172
Q

Two companies are partnering to bid on a contract. Normally these companies are fierce
competitors, but for this procurement they have determined that a partnership is the only way they can
win the job. Both companies are concerned about unauthorized data sharing and want to ensure other
divisions within each company will not have access to proprietary data. To best protect against
unauthorized data sharing they should each sign a

A

BPA

173
Q

A recent network audit revealed several devices on the internal network were not running
antivirus or HIPS. Upon further investigation, it was discovered that these devices were new laptops that
were deployed without installing the end-point protection suite used by the company. Which of the
following could be used to mitigate the risk of authorized devices that are unprotected residing on the
network?

A

MAC filtering

174
Q

Ann is attempting to send a digitally signed message to Joe. Which of the following should Ann
do?

A

Encrypt a certificate signing request with her private key

175
Q

Which of the following would provide you with a measure of the frequency at which critical
business systems experience breakdowns?

A

MTBF

176
Q

Which of the following should be used to secure data-in- use?

A

Full memory encryption

177
Q

Which of the following provides a safe, contained environment in which to enforce physical
security?

A

Virtualized sandbox

178
Q

A local coffee shop provides guests with wireless access but disabled the SSID broadcast for
security purposes. When guests make a purchase, they are provided with the SSID to the router. A new
customer’s laptop shows the coffee shop’s SSID appears to be broadcasting despite the fact that the
wireless router configuration shows the broadcast is disabled. Which of the following situations is likely
occurring?

A

user has set up an evil twin access point near the coffee shop

179
Q

A security technician notices that several successful attacks are being carried out on the
network. The Chief information Security Officer tells the technician to deploy countermeasures that will
help actively stop these ongoing attacks. Which of the following technologies will accomplish this task?

A

A network-based IPS with advanced heuristic capability

180
Q

Ann, a security administrator, is hardening the user password policies. She currently has the
following in place.. Password expire every 60 days, password length is at least eight characters,
passwords must contain at least one capital letter and one numeric character. She learns that several
employees are still using their original passwords after the 60-day forced change. Which of the following
can she implement to BEST mitigate this?

A

Create a rule that users can only change their passwords once every two weeks

181
Q

The administrator set up a new WPA2 Enterprise wireless network using EAP-TLS for
authentication. The administrator configured the RADIUS servers with certificates that are trusted by
the endpoint devices and rules to authenticate a particular group of users. The administrator is part of
the group that is authorized to connect but is unable to connect successfully during the first test of the
network. Which of the following is the MOST likely cause of the issue?

A

Client certificates were not deployed

182
Q

A company has an email server dedicated to only outbound email, inbound email retrieval to
this server must be blocked. Which of the following ports must be set to explicit deny?

A

110

143

183
Q

A PKI architect is implementing a corporate enterprise solution. The solution will incorporate
key escrow and recovery agents, as well as a tiered architecture. Which of the following is required to
implement the architecture correctly?

A

Intermediate authorities

184
Q

The Chief Information Security Officer wants to move the web server from the public network
because it has been breached a number of times in the past month. The CISO does not want to place it
in the private network since many external users access the web server to fill out their orders. The
company policy does not allow any non-secure protocols into the internal network. Given the
circumstances, which of the following would be the BEST course of action?

A

Use NAT on the web server

185
Q

A security auditor has full knowledge of company configuration and equipment. The auditor
performed a test on the network, resulting in an exploitation of a zero-day vulnerability. Which of the
following did the security auditor perform?

A

Penetration test

186
Q

Which of the following authentication services is BEST suited for an environment that requires
the TCP protocol with a clear-text payload?

A

TACACS+

187
Q

A security administrator receives a hard drive that must be imaged for forensics analysis. The
paperwork that comes with the hard drive shows: 10:00 technician A-Hard drive removed, 10:30-
Technician A- Hard drive delivered to Manager A and 11:00-IT director-Hard drive delivered to the
security administrator. Which of the following should the security administrator do?

A

Report a problem with the chain of custody log

188
Q

The network administrator is installing RS-485 terminal servers to provide card readers to
vending machines. Which of the following should be performed to protect the terminal servers?

A

Network separation

189
Q

An attacker drives past a company, captures the name of the WiFi network, and locates a coffee
shop near the company. The attacker creates a mobile hotspot with the same name as the company’s
WiFi. Which of the following BEST describes this wireless attack?

A

Evil twin

190
Q

Which of the following MUST be implemented to ensure accountability?

A

Disable shared accounts

191
Q

Which of the following attack types is MOST likely to cause damage or data loss for an
organization and be difficult to investigate?

A

DDoS

192
Q

The remote branch of an organization has been assigned two public IP addresses by an ISP. The
organization has ten workstations and a wireless router. Which of the following should be deployed to
ensure that all devices have internet access?

A

PAT

193
Q

A security administrator wishes to perform authentication, authorization, and accounting, but
does not wish to use a proprietary protocol. Which of the following services would fulfill these
requirements?

A

TACACS+

194
Q

Which of the following is the FASTEST method to disclose one way hashed passwords?

A

Rainbow tables

195
Q

A network has been impacted by downtime resulting from unauthorized devices connecting
directly to the wired network. The network administrator has been tasked to research and evaluate
technical controls that would effectively mitigate risks associated with such devices. Which of the
following capabilities would be MOST suitable for implementation in this scenario?

A

Port Security

196
Q

A company is providing mobile devices to all employees. The system administrator has been
tasked with providing input for the company’s mobile device policy. Which of the following are valid
security concepts that the system administrator should include when offering feedback to
management? (Select Two)

A

Asset tracking

Remote wiping

197
Q

Forensics analyst is asked to identify identical files on a hard drive. Due to the large number of
files to be compared, the analyst must use an algorithm that is known to have the lowest collision rate.
Which of the following should be selected?

A

SHA-128

198
Q

John wants to secure an 802.11n network. Which of the following encryption methods would
provide the highest level of protection?

A

WPA2 with AES

199
Q

Which of the following is the MOST influential concern that contributes to an organization’s
ability to extend enterprise policies to mobile devices?

A

Support of mobile OS

200
Q

An application service provider has notified customers of a breach resulting from improper
configuration changes. In the incident, a server intended for internal access only was made accessible to

external parties. Which of the following configurations were likely to have been improperly modified
resulting in the breach?

A

NAT

201
Q

Which of the following is commonly done as part of a vulnerability scan?

A

Indentifying unpatched workstations

202
Q

A software developer is concerned about DLL hijacking in an application being written. Which of
the following is the MOST viable mitigation measure of this type of attack?

A

Access to DLLs from the windows registry should be disabled

203
Q

A systems administrator is attempting to recover from a catastrophic failure in the datacenter.
To recover the domain controller, the systems administrator needs to provide the domain
administrator credentials. Which of the following account types is the systems administrator
using?

A

Service account

204
Q

Which of the following types of embedded systems is required in manufacturing environments
with life safety requirements?

A

ICS

205
Q

Users from two organizations, each with its own PKI, need to begin working together on a joint
project. Which of the following would allow the users of the separate PKIs to work together
without connection errors?

A

Trust model

206
Q

A systems administrator wants to provide balance between the security of a wireless network
and usability. The administrator is concerned with wireless encryption compatibility of older
devices used by some employees. Which of the following would provide strong security and
backward compatibility when accessing the wireless network?

A

WPA using a preshared key

207
Q

A stock trading company had the budget for enhancing its secondary datacenter approved.
Since the main site is in a hurricane-affected area and the disaster recovery site is 100mi away,
the company wants to ensure its business is always operational with the least amount of man
hours needed. Which of the following types of disaster recovery sites should the company
implement?

A

Hot site

208
Q

An organization is expanding its network team. Currently, it has local accounts on all network
devices, but with growth, it wants to move to centrally managed authentication. Which of the
following are the BEST solutions for the organization? (Select TWO)

A

LDAP

RADIUS

209
Q

Which of the following threat actors is MOST likely to steal a company’s proprietary information
to gain a market edge and reduce time to market?

A

Competitor

210
Q

A security analyst is reviewing an assessment report that includes software versions, running
services, supported encryption algorithms, and permission settings. Which of the following
produced the report?

A

Protocol analyzer

211
Q

The computer resource center issued smart-phones to all first-level and above managers. The
managers have the ability to install mobile tools. Which of the following tools should be
implemented to control the types of tools the managers install?

A

Application manager

212
Q

A security administrator has written a script that will automatically upload binary and text-based
configuration files onto a remote server using a scheduled task. The configuration files contain
sensitive information. Which of the following should the administrator use? (Select TWO)

A

SRTP

SNMPv3

213
Q

A security analyst is conducting a web application vulnerability scan against the company
website. Which of the following is considered an intrusive scan?

A

Time-delay port scanning

214
Q

A security technician is configuring an access management system to track and record user
actions. Which of the following functions should the technician configure?

A

Accounting

215
Q

Which of the following BEST describes a network-based attack that can allow an attacker to take
full control of a vulnerable host?

A

Man-in- the-middle

216
Q

Which of the following is used to validate the integrity of data?

A

MD5

217
Q

Which of the following solutions should an administrator use to reduce the risk from an
unknown vulnerability in a third-party software application?

A

Sandboxing

218
Q

An active/passive configuration has an impact on:

A

Availability

219
Q

A home invasion occurred recently in which an intruder compromised a home network and
accessed a WiFi-enabled baby monitor while the baby’s parents were sleeping. Which of the
following BEST describes how the intruder accessed the monitor?

A

Default configurations

220
Q

An administrator is replacing a wireless router. The configuration of the old wireless router was
not documented before it stopped functioning. The equipment connecting to the wireless
network uses older legacy equipment that was manufactured prior to the release of the 802.22i
standard. Which of the following configuration options should the administrator select for the
new wireless router?

A

WPA2+TKIP

221
Q

A security administrator installed a new network scanner that identifies new host systems on
the network. Which of the following did the security administrator install?

A

Rogue system detection

222
Q

A security technician has been receiving alerts form several servers that indicate load balancers
have had a significant increase in traffic. The technician initiates a system scan. The scan results
illustrate that the disk space on several servers has reached capacity. The scan also indicates
that incoming internet traffic to the servers has increased. Which of the following is the MOST
likely cause of the decreased disk space?

A

Unauthorized software

223
Q

To help prevent one job role from having sufficient access to create, modify, and approve
payroll data, which of the following practices should be employed?

A

Least privilege

224
Q

An analyst receives an alert from the SIEM showing an IP address that does not belong to the
assigned network can be seen sending packets to the wrong gateway. Which of the following

network devices is misconfigured and which of the following should be done to remediate the
issue?

A

Firewall, implement an ACL on the interface

225
Q

A Chief Information Officer asks the company’s security specialist if the company should spend
any funds on malware protection for a specific server. Based on a risk assessment, the ARO
value of a malware infection for the server is 5 and the annual cost for the malware protection is
$2500. Which of the following SLE values warrants a recommendation against purchasing the
malware protection?

A

$500

226
Q

Which of the following uses precomputed hashes to guess passwords?

A

Rainbow tables

227
Q

Which of the following attack types BEST describes a client-side attack that is used to
manipulate an HTML iframe with JavaScript code via a web browser?

A

XSS

228
Q

A security administrator receives an alert from a third-party vendor that indicates a certificate
that was installed in the browser has been hijacked at the root of a small public CA. The security
administrator knows there are at least four different browsers in use on more than a thousand
computers in the domain worldwide. Which of the following solutions would be BEST for the
security administrator to implement to most efficiently assist with this issue?

A

CRL

229
Q

Which of the following should be used to create a hash of a source code file that can be used to
ensure the file was not altered during transmission?

A

MD5

230
Q

In determining when it may be necessary to perform a credentialed scan against a system
instead of a non-credentialed scan, which of the following requirements is MOST likely to
influence this decision?

A

The scanner must be able to audit file system permissions

231
Q

A company was recently audited by a third party. The audit revealed the company’s network
devices were transferring files in the clear. Which of the following protocols should the company
use to transfer files?

A

SCP

232
Q

A security analyst is investigating a potential breach. Upon gathering, documenting, and
securing the evidence, which of the following actions is the NEXT step to minimize the business
impact?

A

Launch an investigation to identify the attacking host

233
Q

A recent internal audit is forcing a company to review each internal business unit’s VMs because
the cluster they are installed on is in danger of running out of computer resources. Which of the
following vulnerabilities exists?

A

System sprawl

sec+ fisher false prophet (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions