maybe this one? Flashcards
A penetration tester has written an application that performs a bit-by- bit XOR 0xFF operation on
binaries prior to transmission over untrusted media. Which of the following BEST describes the action
performed by this type of application?
Encryption
A company wants to ensure confidential data storage media is sanitized in such a way that the drive
cannot be reused. Which of the following methods should the technician use?
Shredding
A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is
looking for information about software versions on the network. Which of the following techniques is
the intruder using?
Banner grabbing
Which of the following specifically describes the exploitation of an interactive process to access
otherwise restricted areas of the OS?
Pivoting
When developing an application, executing a preconfigured set of instructions is known as:
A stored procedure
A network administrator needs to allocate a new network for the R&D group. The network must not be
accessible from the internet, regardless of the network firewall or other external misconfigurations.
Which of the following settings should the network administrator implement to accomplish this?
Enable protected ports on the switch
An application was recently compromised after some malformed data came in via a web form. Which of
the following would MOST likely have prevented this?
Input validation
When attackers use a compromised host as a platform for launching attacks deeper into a company’s
network, it is said that they are:
Pivoting
A new Chief Information Officer has been reviewing the badging procedures and decides to write a
policy that all employees must have their badges rekeyed at least annually. Which of the following
controls BEST describes this policy?
Administrative
Which of the following refers to the term used to restore a system to its operational state?
RPO
A security manager is creating an account management policy for a global organization with sales
personnel who must access corporate network resources while traveling all over the world. Which of the
following practices is the security manager MOST likely to enforce with the policy? (Select TWO)
Password complexity
Group-based access control
Which of the following would provide additional security by adding another factor to a smart card?
PIN
A security analyst is mitigating a pass-the- hash vulnerability on a Windows infrastructure. Given the
requirement, which of the following should the security analyst do to MINIMIZE the risk?
Disable NTLM
14.) A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The
main culprit of CPU utilization is the antivirus program. Which of the following issues could occour if left
unresolved?(Select TWO)
DoS attack
Resource exhaustion
A company has a data classification system with definitions for “Private” and “Public.” The company’s
security policy outlines how data should be protected based on type. The company recently added the
data type “Proprietary” which of the following is the MOST likely reason the company added this data
type.
More searchable data
A computer emergency response team is called at midnight to investigate a case in which a mail server
was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an
active connection. Which of the following is the NEXT step the team should take?
Perform a containment procedure by disconnecting the server
A security engineer must install the same x.509 certificate on three different servers. The client
application that connects to the server performs a check to ensure the certificate matches the host
name. Which of the following should the security engineer use?
Certificate chaining
Which of the following BEST describes an important security advantage yielded by implementing vendor
diversity?
Resiliency
20.) Which of the following differentiates a collision attack from a rainbow table attack?
A rainbow table attack performs a hash lookup
Ransomware is detected on a database administrators workstation. Which of the following forensic
procedures should be performed FIRST to mitigate the threat?
Capture volatile memory
Ann, a new security specialists, is attempting to access the internet using the company’s open wireless
network. The wireless network is not encrypted, however, once associated, Ann cannot access the
internet or other resources. In an attempt to troubleshoot, she scans the wireless network with NMAP
and discovers the firewall is the only other device on the wireless network. Which of the following BEST
describes the company’s wireless network situation?
The company uses VPN to authenticate and encrypt connections and traffic
RJ-45 ports have been implemented on an embedded system to allow engineers more convenient
access. The network administrator has concerns regarding placing the equipment on the internal
network and exposing the devices. Which of the following would BEST meet both concerns if the
equipment is placed on the internal network?
Create a separate network segment for the equipment that only the engineers can access
Which of the following threats is BEST mitigated by application hardening and patching rather than
security training?
Software exploits
A security administrator generates a key pair and sends one key inside a request file to a third party. The
third party sends back a signed file. In this scenario, the key sent to the third party is called a:
Public key
An attacker drives past a company, captures the name of the WiFi network and locates a coffee shop
near the company. The attacker creates a mobile hotspot with the same name as the company’s WiFi.
Which of the following Best describes this wireless attack?
Evil twin
A developer needs to store sensitive employee information on a backend database. The sensitive
database records must be accessed by a public web server in the DMZ. Which of the following should be
implemented to secure the sensitive information stored in the database?
Store the sensitive records using irreversible encryption
To protect the confidentiality of a VPN session key, the administrator copies the key to a USB drive and
ships it overnight to a remote location. This type of key exchange is BEST described as:
Out-of- band
A company is experiencing problems with performance and downtime because application updates and
patching are being conducted on production systems during business hours. Users and other IT staff are
not being notified of the updates. Which of the following should be instituted to BEST resolve the
problems?
Change management
A Linux server using TCP wrappers is utilized in a SCADA environment. Which of the following entries
should be placed in the hosts.allow file to allow access on port 22 for a client at 192.168.14.127?
In.ssh 192.168.14.127
A service desk manager is developing an SLA to be used with a new customer. As part of the SLA, various
metrics regarding uptime, responsiveness, and remediation are being identified. Given the manager’s
unfamiliarity with the products being supported, which of the following metrics would be MOST
important to solicit from the customer to determine how much downtime should be expected?
MTBF, MTTF
Members of a production team have been using the username and password of Ann, and employee, to
log into their workstations because Ann has elevated privileges. The administrator wants to prevent
unauthorized users from logging in with false credentials, while still allowing Ann to continue to utilize
her provided equipment. Which of the following should the administrator configure to achieve this?
Authorized workstations
A company needs to adopt a single tenant CSP due to strict regulatory compliance issues. The company
wants the CSP to be available at all times and accessible from anywhere over the internet. Which of the
following solutions should the company adopt?
Private cloud
A security administrator spots the following log entry fragment on a web server:
GET /home.aspx?id=
alert(document.cookie)
Which of the following types of attacks was attempted?
Cross-site scripting
A systems administrator wants to install a new PKI certificate on a web server. The administrator creates
a CSR. Which of the following should the administrator send to the CA to issue a trusted certificate?
The web server’s public key
A malicious user attempts to access a company’s wireless network from the parking lot. Upon launching
the wireless network from the parking lot. Upon launching the wireless scanner, the malicious user
activates the SSID decloak feature and views many other SSID’s. However, the company’s SSID does not
appear as an available network in the tool. Which of the following is preventing the malicious user form
scanning the company’s wireless network?
Low-power directional antennas
A new security policy being implemented requires all email within the organization be digitally signed by
the author using PGP. Which of the following would needs to be created for each user?
A public and private key
While responding to an incident on a Linux server, the administrator needs to disable unused services.
Which of the following commands can be used to see processes that are listening on a TCP port?
Lsof
An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the
computer is in use. Which of the following can be implemented
Cluster tip wiping
Which of the following access controls enforces permissions based on data labeling at specific levels?
Mandatory access control
A security technician would like an application to use random salts to generate short lived encryption
leys during the secure communication handshake process to increase communication security. Which of
the following concepts would BEST meet this goal?
Symmetric Encryption Keys
Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets
to a competitor. Joe had already been working for two hours before leaving the premises.
A security technician was asked to prepare a report of files that had changed since last night’s integrity
scan.
Which of the following could the technician use to prepare the report? (Select TWO).
MD5
HMAC
A breach at a credit card company resulted in customers credit card information being exposed . The
company has conducted a full forensic investigation and identified the source of the breach. Which of
the following should the company do NEXT?
Implement damage and loss control procedures
A security administrator discovered that all communication over the company’s encrypted wireless
network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted
in an attempt to steal other employee’s credentials. Which of the following technology is MOST likely in
use on the company’s wireless?
WEP 128-PSK
An administrator is implementing a new management system for the machinery on the company’s
production line. One requirement is that the system only be accessible while within the production
facility. Which of the following will be the MOST effective solution in limiting access based on this
requirement?
Access control list
Which of the following is a security concern regarding users bringing personally-owned devices that they
connect to the corporate network?
Lack of controls in place to ensure that the devices have the latest system patches and signature files
Which of the following offerings typically allows the customer to apply operating system patches?
Infrastructure as a service
A thief has stolen mobile device and removed its battery to circumvent GPS location tracking. The device
user is a four digit PIN. Which of the following is a mobile device security control that ensures the
confidentiality of company data?
Full device encryption
The security administrator is analyzing a user’s history file on a Unix server to determine if the user was
attempting to break out of a rootjail. Which of the following lines in the user’s history log shows
evidence that the user attempted to escape the rootjail?
cd ../../../../bin/bash
Due to issues with building keys being duplicated and distributed, a security administrator wishes to
change to a different security control regarding a restricted area. The goal is to provide access based
upon facial recognition. Which of the following will address this requirement?
Place a guard at the entrance to approve access.
Anne an employee receives the following email:
From: Human Resources
To: Employee
Subject: Updated employee code of conduct
Please click on the following link: http//external.site.com/codeofconduct.exe to review the updated
code of conduct at your earliest convenience.
After clicking the email link, her computer is compromised. Which of the following principles of social
engineering was used to lure Anne into clicking the phishing link in the above email?
Familiarity
Which of the following is an XML based open standard used in the exchange of authentication and
authorization information between different parties?
SAML
A security administrator must implement a network that is immune to ARP spoofing attacks. Which of
the following should be implemented to ensure that a malicious insider will not be able to successfully
use ARP spoofing techniques?
IPv6
Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent
penetration test reveals vulnerabilities on the network. Which of the following has been reported by the
vulnerability scan?
False negative
A company used a partner company to develop critical components of an application. Several
employees of the partner company have been arrested for cybercrime activities. Which of the following
should be done to protect the interest of the company?
Perform a penetration test against the application
A recently installed application update caused a vital application to crash during the middle of the
workday. The application remained down until a previous version could be reinstalled on the server, and
this resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?
Application patch management
A systems administrator has implemented PKI on a classified government network. In the event that a
disconnect occurs from the primary CA, which of the following should be accessible locally from every
site to ensure users with bad certificates cannot gain access to the network?
A CRL
The loss prevention department has purchased a new application that allows the employees to monitor
the alarm systems at remote locations. However, the application fails to connect to the vendor’s server
and the users are unable to log in. Which of the following are the MOST likely causes of this issue?
(Select TWO).
URL filtering
Firewall rules
Which of the following steps in incident response procedures entails of the incident and identification of
knowledge gained that can be applied to future handling of incidents?
Lessons learned
Which of the following protocols operates at the HIGHEST level of the OSI model?
SCP
An administrator implements SELinux on a production web server. After implementing this, the web
server no longer serves up files from users’ home directories. To rectify this, the administrator creates a
new policy as the root user. This is an example of which of the following? (Select Two).
Enforcing SELinux in the OS kernel is mandatory access control
The policy added by the root user is rule-based access control
Which of the following documents outlines the technical and security requirements of an agreement
between organizations?
ISA
Which of the following is a penetration testing method?
Calling the target’s helpdesk, requesting a password reset
Which of the following types of technologies is used by security and research personnel for
identification and analysis of new security threats in a networked environment by using false data/hosts
for information collection?
Honeynet
When confidentiality is the primary concern, and a secure channel for key exchange is not available,
which of the following should be used for transmitting company documents?
Asymmetric
A new web server has been provisioned at a third party hosting provider for processing credit card
transactions. The security administrator runs the netstat command on the server and notices that ports
80, 443 and 3389 are in listening state. No other ports are open. Which of the following services should
be disabled to ensure secure communications?
HTTP
A security administrator must implement a network that is immune to ARP spoofing attacks. Which of
the following should be implemented to ensure that a malicious insider will not be able to successfully
use ARP spoofing techniques?
IPv6
After working on his doctoral dissertation for two years, Joe, a user, is unable to open his dissertation
file. The screen shows a warning that the dissertation file is corrupted because it is infected with a
backdoor, and can only be recovered by upgrading the antivirus software from the free version to the
commercial version. Which of the following types of malware is the laptop MOST likely infected with?
Ransomware
The loss prevention department has purchased a new application that allows the employees to monitor
the alarm systems at remote locations. However, the application fails to connect to the vendor’s server
and the users are unable to log in. Which of the following are the MOST likely causes of this issue?
URL filtering
Firewall Rules
Joe must send Ann a message and provide Ann with assurance that he was the actual sender. Which of
the following will Joe need to use to BEST accomplish the objective?
His private key
Which of the following protocols is MOST likely to be leveraged by users who need additional
information about another user?
LDAP
A retail store uses a wireless network for its employees to access inventory from anywhere in the store.
Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to
harden the network. During the site survey, the consultant discovers that the network was using WEP
encryption. Which of the following would be the BEST course of action for the consultant to
recommend?
Change the encryption used so that the encryption protocol is CCMP-based.
A security team has established a security awareness program. Which of the following would BEST prove
the success of the program?
Metrics
Which of the following should an administrator implement to research current attack methodologies?
Honeypot
After analyzing and correlating activity from multiple sensors, the security administrator has determined
that a group of very well organized individuals from an enemy country is responsible for various
attempts to breach the company network, through the use of very sophisticated and targeted attacks.
Which of the following is this an example of?
Advanced persistent threat
Which of the following types of attacks involves interception of authentication traffic in an attempt to
gain unauthorized access to a wireless network?
IV attack
Alice, a security analyst, is reviewing logs from hosts across the Internet which her company uses to
gather data on new malware. Which of the following is being implemented by Alice’s company?
Honeynet
A company is looking to improve their security posture by addressing risks uncovered by a recent
penetration test. Which of the following risks is MOST likely to affect the business on a day-to- day basis?
Lack of antivirus software
Which system should you implement if you want to create a file system access control model where you
can label files as “Secret” Confidential”
Restricted
Unclassified
Trusted OS
Bob, an employee, was escorted from the company premises due to suspicion of revealing trade secrets
to a competitor. Bob had already been working for two hours before leaving the premises. A security
technician was asked to prepare a report of files that had changed since last night;s integrity scan. Which
of the following could the technician use to prepare the report? (Select TWO).
MD5
HMAC
Which is the hardest to crack and requires both parties to exchange the encryption key before
communicating?
One-time pads
Bob needs to send Sally a digitally signed and encrypted email. Which algorithms and keys is used to
complete these actions?
Sally’s public key to encrypt using 3DES, Bob’s private key to sign using SHA
order to digitally sign your emails with PGP, what needs to be created first?
A public and private key
85.) If you need to look at a former employee’s email for a court case but the emails have been deleted, you
should take a look at your?
Data retention policies
Which of the following can be used to ensure that sensitive records stored on a backend server can only
be accessed by a front end server with the appropriate record key?
File encryption
In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?
Authentication
In order to secure additional budget, a security manager wants to quantify the financial impact of a one-
time compromise. Which of the following is MOST important to the security manager?
SLE
A security technician is implementing PKI on a Network. The technician wishes to reduce the amount of
bandwidth used when verifying the validity of a certificate. Which of the following should the technician
implement?
CRL
An access point has been configured for AES encryption but a client is unable to connect to it. Which of
the following should be configured on the client to fix this issue?
CCMP
A company wants to improve its overall security posture by deploying environmental controls in its
datacenter. Which of the following is considered an environmental control that can be deployed to meet
this goal?
Proximity readers
Ann, a security administrator, is strengthening the security controls of the company’s campus. Her goal
is to prevent people from accessing open locations that are not supervised, such as around the receiving
dock. She is also concerned that employees are using these entry points as a way of bypassing the
security guard at the main entrance. Which of the following should Ann recommend that would BEST
address her concerns?
Build fences around campus with gate entrances
A security administrator is responsible for ensuring that there are no unauthorized devices utilizing the
corporate network. During a routine scan, the security administrator discovers an unauthorized device
belonging to a user in the marketing department. The user is using an android phone in order to browse
websites. Which of the following device attributes was used to determine that the device was
unauthorized?
A MAC address
A security administrator is notified that users attached to a particular switch are having intermittent
connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack.
Which of the following could be utilized to provide protection from this type of attack?
Configure flood guards on the switch
A software security concern when dealing with hardware and devices that have embedded software or
operating systems is:
The vendor may not have a method for installation of patches
Ann a technician received a spear-phishing email asking her to update her personal information by
clicking the link within the body of the email. Which of the following type of training would prevent Ann
and other employees from becoming victims to such attacks?
Personal identifiable information
Which of the following is a step in deploying a WPA2-Enterprise wireless network?
Install a digital certificate on the authentication server
A system administrator needs to implement 802.1x whereby when a user logs into the network the
authentication server communicates with a switch and assigns the user to the proper VLAN. Which of
the following protocols should be used?
RADIUS
Which of the following can be provided to an AAA system for the identification phase?
Username
A security administrator is notified that users attached to a particular switch are having
intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP
spoofing attack. Which of the following could be utilized to provide protection from this type of attack?
Configure flood guards on the switch
The Chief Information Security Officer is concerned that users could bring their personal laptops
to work and plug them directly into the network ports under their desks. Which of the following should
be configured on the network switch to prevent this from happening?
Port security
Recently, several employees were victims of a phishing email that appeared to originate from
the company president. The email claimed the employees would be disciplined if they did not click on a
malicious link in the message. Which of the following principles of social engineering made this attack
successful?
Authority
Which of the following would enhance the security of accessing data stored in the cloud? (select
two)
SAML authentication
Multifactor authentication
A dumpster driver recovers several hard drives from a company and is able to obtain
confidential data from one of the hard drives. The company then discovers its information is posted
online. Which of the following methods would have MOST likely prevented the data from being
exposed?
Using magnetic fields to erase the data
Ann, a systems administrator, is installing an extremely critical system that can support zero
downtime. Which of the following BEST describes the type of system Ann is installing?
High availability
An administrator has to determine host operating systems on the network and has deployed a
transparent proxy. Which of the following fingerprint types would this solution use?
Passive
An administrator needs to protect against downgrade attacks due to various vulnerabilities in
SSL/TLS. Which of the following actions should be performed? (select Two)
Request a new certificate from the CA
Add the old certificate to the CRL
Which of the following is a step in deploying a WPA2-Enterprise wireless network?
Install a digital certificate on the authentication server
The security manager must store a copy of a sensitive document and needs to verify at a later
point in time that the document has not been altered. Which of the following will accomplish the
security manager’s objective?
MD5
An organization currently employs signature-based NIPS and a firewall, though a recent
penetration test demonstrated this existing implementation is insufficient. Which of the following
represents the BEST approach to reduce risk?
Deploy technologies that will detect and stop deviations from normal
An administrator is instructed to disable IP-directed broadcasts on all routers in an organization.
Which of the following attacks does this prevent?
Smurf
Which of the following can be used for both encryption and digital signatures?
RSA
A security technician would like to obscure sensitive data within a file so it can be transferred
without causing suspicion. Which of the following technologies would be BEST suited to accomplish this?
Steganography
A security administrator is reviewing the following log from the company’s UTM, which is
installed at the network perimeter
PERMIT 172.165.143.5:80 192.168.2.6:1020 FIN
PERMIT 10.76.23.5:42331 192.168.1.4:80 SYN
PERMIT 192.168.1.4:80 10.76.23.5:42331 SYN/ACK
PERMIT 10.76.23.5:42331 192.168.1.4:80 ACK
DENY 10.100.34.5:1331 192.168.3.10:445 ACK
PERMIT 172.132.5.6:1432 192.168.3.2:80 SYN
Given the following additional information:
Guess Network: 192.168.1.0/24
User Network: 192.168.2.0/24
Server Network: 192.168.3.0/24
Which of the following should the security administrator recommend?
Block incoming traffic to the guest network
A vice president at a manufacturing organization is concerned about desktops being connected
to the network. Employees need to log onto the desktops’ local account to verify that a product is being
created within specifications, otherwise, the desktops should be as isolated as possible. Which of the
following is the BEST way to accomplish this?
Create a separate VLAN for the desktops
An administrator has configured a new Linux server with the FTP service. Upon verifying that the
service was configured correctly, the administrator has several users test the FTP service. Users report
that they are able to connect to the FTP service and download their personal files, however, they cannot
transfer new files to the server. Which of the following will MOST likely fix the uploading issue for the
users?
Set the Boolean SELinux value to allow FTP home directory uploads
The Chief Information Office has asked a security analyst to determine the estimated costs
associated with each potential breach of the database that contains customer information. Which of the
following is the risk calculation the CIO is asking for?
SLE
An employer requires that employees use a key-generating app on their smart phones to log
into corporate applications. In terms of authentication to the individual, this type of access policy is BEST
defined as:
Something you have
A project manager is working with an architectural firm that focuses on physical security. The
project manager would like to provide requirements that support the primary goal of safety. Based on
the project manager’s desires, which of the following controls would be BEST to incorporate into the
facility design?
Escape routes
A small company has recently purchased cell phones for managers to use while working outside
of the office. The company does not currently have a budget for mobile device management and is
primarily concerned with deterring leaks of sensitive information obtained by unauthorized access to
unattended phones. Which of the following would provide the solution that BEST meets the company’s
requirements?
Screen lock
Which of the following attack types is being carried out when a target is being sent unsolicited
messages via Bluetooth?
Bluejacking
When analyzing the behavior of a malicious piece of software, which of the following
environments should be used?
Sandbox
An employee needs to connect to a server using a secure protocol on the default port. Which of
the following ports should be used?
22
Which of the following technologies would be MOST appropriate to utilize when testing a new
software patch before a company-wide deployment?
Virtualization
Which of the following would an attacker use to generate and capture additional traffic prior to
performing an IV attack?
Dictionary attack
A company executive’s laptop was compromised leading to a security breach. The laptop was
placed into storage by a junior system administrator and was subsequently wiped and reimaged. When
it was determined that the authorities would need to be involved, there was little evidence to present to
the investigators. Which of the following procedures should have been implemented to aid the
authorities in their investigation?
A system image should have been created and stored
An administrator wants to establish a WiFi network using a high gain directional antenna with a
narrow radiation pattern to connect two buildings separated by a very long distance. Which of the
following antennas would be BEST for this situation?
Yagi
Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for
a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a
system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this
server?
$5,000
The Chief Information Officer (CIO) has asked a security analyst to determine the estimated
costs associated with each potential breach of their database that contains customer information.
Which of the following is the risk calculation that the CIO is asking for?
SLE
A system administrator wants to confidentially send a user name and password list to an
individual outside the company without the information being detected by security controls. Which of
the following would BEST meet this security goal?
Steganography
Which of the following provides the strongest authentication security on a wireless network?
WPA2
A security administrator is notified that users attached to a particular switch are having
intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP
spoofing attack. Which of the following could be utilized to provide protection from this type of attack?
Configure flood guards on the switch
An administrator has to determine host operating systems on the network and has deployed a
transparent proxy. Which of the following fingerprint types would this solution use?
Passive
Which of the following ports is used for TELNET by default?
23
Which of the following can be used to ensure that sensitive records stored on a backend server
can only be accessed by a front end server with the appropriate record key?
File encryption
A system administrator is configuring UNIX accounts to authenticate against an external server.
The configuration file asks for the following information DC=ServerName and DC=COM. Which of the
following authentication services is being used?
LDAP
Which of the following is an XML based open standard used in the exchange of authentication
and authorization information between different parties?
SAML
Which of the following is an authentication method that can be secured by using SSL?
LDAP
Ann a member of the Sales Department has been issued a company-owned laptop for use when
traveling to remote sites. Which of the following would be MOST appropriate when configuring security
on her laptop?
Configure the laptop with a BIOS password
An overseas branch office within a company has many more technical and non-technical
security incidents than other parts of the company. Which of the following management controls should
be introduced to the branch office to improve their state of security?
Continuous security monitoring process
When designing a new network infrastructure, a security administrator requests that the
intranet web server be placed in an isolated area of the network for security purposes. Which of the
following design elements would be implemented to comply with the security administrator’s request?
DMZ
Which of the following can be used to maintain a higher level of security in a SAN by allowing
isolation of mis-configurations or faults?
VSAN
A company determines a need for additional protection from rogue devices plugging into
physical
ports around the building. Which of the following provides the highest degree of protection from
unauthorized wired network access?
802.1x
An access point has been configured for AES encryption but a client is unable to connect to it.
Which of the following should be configured on the client to fix this issue?
CCMP
Which of the following is the BEST concept to maintain required but non-critical server
availability?
Warm site
Virutalization would provide an ROI when implemented under which of the following situations?
Multiple existing but underutilized physical servers
Which of the following remote authentication methods uses a reliable transport layer protocol
for communication?
TACACS+
An administrator wants to restrict traffic between two VLANs. The network devices connecting
the two VLANs are layer 3 switches. Which of the following should the admin configure?
ACL
A security architect is choosing a cryptographic suite for the TLS 1.2 configuration for a new
web-based financial management application that will be used heavily by mobile devices. Which of the
following would be the architects MOST secure selection for both key exchange and the session key
algorithms? (Select Two)
3DES
ECDHE
A security administrator creates separate VLANs for employee devices and HVAC equipment
that is network attached. Which of the following are security reasons for this design? ( Select Three)
Broadcasts from HVAC equipment will be confined to their own network segment
HVAC equipment can be isolated from compromised employee workstations
Access to and from the HVAC equipment can be more easily controlled
A security administrator is reviewing the password security configuration of a company’s
directory service domain. The administrator recognizes that the domain controller has been configured
to store LM hashes. Which of the following explains why the domain controller might be configured like
this? (Select TWO)
Default configuration
Backward compatibility
A finance manager is responsible for approving wire transfers and processing the transfers using
the software provided by the company’s bank. A number of discrepancies have been found related to
the wires in a recent financial audit and the wires appearance to be fraudulent. Which of the following
controls should be implemented to reduce the likelihood of fraud related to the use of wire transfers?
Separation of duties
The security manager has learned a user inadvertanly sent encrypted PII to an incorrect
distribution group. The manager has instructed the user to immediately recall the message. Recipients
are instructed to delete the email from all queues and devices. This is an example of which of the
following incident response procedures
Mitigation
Joe, a system administrator, configured a device to block network traffic from entering the
network. The configuration consisted of zero-day exploit awareness at the application layer of the OSI
model. The exploit signatures have been seen on the internet daily. Which of the following does this
describe?
NIPS
An organization is developing a plan to ensure an earthquake at a datacenter does not disrupt
business. The organization has identified all the critical applications within the datacenter, determining
the financial loss of an outage of different duration for each application. This effort is known as a
Disaster recovery
From a network security point of view, the primary reason to implement VLANs is to
Provide network segmentation
A network administrator is configuring a web server to ensure the use of only strong ciphers.
Which of the following stream ciphers should the administrator configure?
RC4
An engineer is designing a system that needs the fastest encryption possible due to system
requirements. Which of the following should the engineer use?
RSA-1024
An organization’s security policy requires secure file transfers to and from internal hosts. An
employee is attempting to upload a file using an unsecured method to a Linux-based dedicated file
server and fails. Which of the following should the employee use to transfer the file?
SCP
A security administrator suspects that a server has been compromised with zero-day malware,
and that it is now being used to host various copyrighted material, which is being shared through an IRC
network. Which of the following should the system administrator use to determine if the server has
been compromised?
Baseline
Which of the following BEST describes the benefits of using Extended Validation?
The website provider demonstrates an additional level of trust
Which of the following is susceptible to an attack that can obtain the wireless password by
brute-forcing a 4-digit PIN followed by a 3-digit PIN?
WPS
A server administrator is investigating a breach and determines an attacker modified the
application log to obscure the attack vector. During the lessons learned activity, the facilitator asks for a
mitigation response to protect the integrity of the logs should a similar attack occur. Which of the
following mitigations would be MOST appropriate to fulfill the requirement?
Enterprise SIEM
In order to comply with new auditing standards, a security administrator must be able to
complete system security alert logs directly with the employee who triggers the alert. Which of the
following should the security administrator implement in order to meet this requirement?
Elimination of shared accounts
On a campus network, users frequently remove the network cable from desktop NIC’s and plug
personal laptops into the school network. Which of the following could be used to reduce the likelihood
of unauthorized laptops on the campus network?
Port security
An employee is using company time and assets to use a third party tool to share downloadable
media with other users around the world. Sharing downloadable media is not expressly forbidden in the
company security policy or acceptable use policy. Which of the following BEST describes what the
security staff should consider adding to these policies?
P2P
The network administrator wants to assign VLANs based on which user is logging into the
network. Which of the following should the administrator use to accomplish this? (select Two)
MAC filtering
802.1x
An application is performing slowly. Management asks the security team to determine if a
security compromise is the underlying cause. The security team finds two processes with high resource
utilization. Which of the following actions should the team take NEXT?
Conduct a baseline comparison
A company implemented a public-facing authentication system that uses PKI and extended
attributes to allow third-party, web-based application integration. This is an example of which of the
following? (select three)
Federation
Two-factor authentication
Single sign-on
An employee connects to a public wireless hotspot during a business trip. The employee
attempts to go to a secure website but instead connects to an attacker who is performing a MITM
attack. Which of the following should the employee do to mitigate the vulnerability described In the
scenario?
Connect to a VPN when using public wireless networks
Joe, a security administrator, recently configured a method of secure access for remote
administration of network devices. When he attempts to connect to an access layer switch in the
organization from outside the network he is unable to successfully connect. Which of the following ports
should be open on the firewall for Joe to successfully connect to the switch?
TCP 161
Which of the following is a suitable method of checking for revoked certificates in a client/server
environment with connectivity to the issuing PKI?
CRL
During an audit of a software development organization, an auditor finds the organization did
not properly follow industry best practices, including peer review and board approval, prior to moving
applications into the production environment. The auditor recommends adopting a formal process
incorporating these steps. To remediate the finding, the organization implements
Change management
Two companies are partnering to bid on a contract. Normally these companies are fierce
competitors, but for this procurement they have determined that a partnership is the only way they can
win the job. Both companies are concerned about unauthorized data sharing and want to ensure other
divisions within each company will not have access to proprietary data. To best protect against
unauthorized data sharing they should each sign a
BPA
A recent network audit revealed several devices on the internal network were not running
antivirus or HIPS. Upon further investigation, it was discovered that these devices were new laptops that
were deployed without installing the end-point protection suite used by the company. Which of the
following could be used to mitigate the risk of authorized devices that are unprotected residing on the
network?
MAC filtering
Ann is attempting to send a digitally signed message to Joe. Which of the following should Ann
do?
Encrypt a certificate signing request with her private key
Which of the following would provide you with a measure of the frequency at which critical
business systems experience breakdowns?
MTBF
Which of the following should be used to secure data-in- use?
Full memory encryption
Which of the following provides a safe, contained environment in which to enforce physical
security?
Virtualized sandbox
A local coffee shop provides guests with wireless access but disabled the SSID broadcast for
security purposes. When guests make a purchase, they are provided with the SSID to the router. A new
customer’s laptop shows the coffee shop’s SSID appears to be broadcasting despite the fact that the
wireless router configuration shows the broadcast is disabled. Which of the following situations is likely
occurring?
user has set up an evil twin access point near the coffee shop
A security technician notices that several successful attacks are being carried out on the
network. The Chief information Security Officer tells the technician to deploy countermeasures that will
help actively stop these ongoing attacks. Which of the following technologies will accomplish this task?
A network-based IPS with advanced heuristic capability
Ann, a security administrator, is hardening the user password policies. She currently has the
following in place.. Password expire every 60 days, password length is at least eight characters,
passwords must contain at least one capital letter and one numeric character. She learns that several
employees are still using their original passwords after the 60-day forced change. Which of the following
can she implement to BEST mitigate this?
Create a rule that users can only change their passwords once every two weeks
The administrator set up a new WPA2 Enterprise wireless network using EAP-TLS for
authentication. The administrator configured the RADIUS servers with certificates that are trusted by
the endpoint devices and rules to authenticate a particular group of users. The administrator is part of
the group that is authorized to connect but is unable to connect successfully during the first test of the
network. Which of the following is the MOST likely cause of the issue?
Client certificates were not deployed
A company has an email server dedicated to only outbound email, inbound email retrieval to
this server must be blocked. Which of the following ports must be set to explicit deny?
110
143
A PKI architect is implementing a corporate enterprise solution. The solution will incorporate
key escrow and recovery agents, as well as a tiered architecture. Which of the following is required to
implement the architecture correctly?
Intermediate authorities
The Chief Information Security Officer wants to move the web server from the public network
because it has been breached a number of times in the past month. The CISO does not want to place it
in the private network since many external users access the web server to fill out their orders. The
company policy does not allow any non-secure protocols into the internal network. Given the
circumstances, which of the following would be the BEST course of action?
Use NAT on the web server
A security auditor has full knowledge of company configuration and equipment. The auditor
performed a test on the network, resulting in an exploitation of a zero-day vulnerability. Which of the
following did the security auditor perform?
Penetration test
Which of the following authentication services is BEST suited for an environment that requires
the TCP protocol with a clear-text payload?
TACACS+
A security administrator receives a hard drive that must be imaged for forensics analysis. The
paperwork that comes with the hard drive shows: 10:00 technician A-Hard drive removed, 10:30-
Technician A- Hard drive delivered to Manager A and 11:00-IT director-Hard drive delivered to the
security administrator. Which of the following should the security administrator do?
Report a problem with the chain of custody log
The network administrator is installing RS-485 terminal servers to provide card readers to
vending machines. Which of the following should be performed to protect the terminal servers?
Network separation
An attacker drives past a company, captures the name of the WiFi network, and locates a coffee
shop near the company. The attacker creates a mobile hotspot with the same name as the company’s
WiFi. Which of the following BEST describes this wireless attack?
Evil twin
Which of the following MUST be implemented to ensure accountability?
Disable shared accounts
Which of the following attack types is MOST likely to cause damage or data loss for an
organization and be difficult to investigate?
DDoS
The remote branch of an organization has been assigned two public IP addresses by an ISP. The
organization has ten workstations and a wireless router. Which of the following should be deployed to
ensure that all devices have internet access?
PAT
A security administrator wishes to perform authentication, authorization, and accounting, but
does not wish to use a proprietary protocol. Which of the following services would fulfill these
requirements?
TACACS+
Which of the following is the FASTEST method to disclose one way hashed passwords?
Rainbow tables
A network has been impacted by downtime resulting from unauthorized devices connecting
directly to the wired network. The network administrator has been tasked to research and evaluate
technical controls that would effectively mitigate risks associated with such devices. Which of the
following capabilities would be MOST suitable for implementation in this scenario?
Port Security
A company is providing mobile devices to all employees. The system administrator has been
tasked with providing input for the company’s mobile device policy. Which of the following are valid
security concepts that the system administrator should include when offering feedback to
management? (Select Two)
Asset tracking
Remote wiping
Forensics analyst is asked to identify identical files on a hard drive. Due to the large number of
files to be compared, the analyst must use an algorithm that is known to have the lowest collision rate.
Which of the following should be selected?
SHA-128
John wants to secure an 802.11n network. Which of the following encryption methods would
provide the highest level of protection?
WPA2 with AES
Which of the following is the MOST influential concern that contributes to an organization’s
ability to extend enterprise policies to mobile devices?
Support of mobile OS
An application service provider has notified customers of a breach resulting from improper
configuration changes. In the incident, a server intended for internal access only was made accessible to
external parties. Which of the following configurations were likely to have been improperly modified
resulting in the breach?
NAT
Which of the following is commonly done as part of a vulnerability scan?
Indentifying unpatched workstations
A software developer is concerned about DLL hijacking in an application being written. Which of
the following is the MOST viable mitigation measure of this type of attack?
Access to DLLs from the windows registry should be disabled
A systems administrator is attempting to recover from a catastrophic failure in the datacenter.
To recover the domain controller, the systems administrator needs to provide the domain
administrator credentials. Which of the following account types is the systems administrator
using?
Service account
Which of the following types of embedded systems is required in manufacturing environments
with life safety requirements?
ICS
Users from two organizations, each with its own PKI, need to begin working together on a joint
project. Which of the following would allow the users of the separate PKIs to work together
without connection errors?
Trust model
A systems administrator wants to provide balance between the security of a wireless network
and usability. The administrator is concerned with wireless encryption compatibility of older
devices used by some employees. Which of the following would provide strong security and
backward compatibility when accessing the wireless network?
WPA using a preshared key
A stock trading company had the budget for enhancing its secondary datacenter approved.
Since the main site is in a hurricane-affected area and the disaster recovery site is 100mi away,
the company wants to ensure its business is always operational with the least amount of man
hours needed. Which of the following types of disaster recovery sites should the company
implement?
Hot site
An organization is expanding its network team. Currently, it has local accounts on all network
devices, but with growth, it wants to move to centrally managed authentication. Which of the
following are the BEST solutions for the organization? (Select TWO)
LDAP
RADIUS
Which of the following threat actors is MOST likely to steal a company’s proprietary information
to gain a market edge and reduce time to market?
Competitor
A security analyst is reviewing an assessment report that includes software versions, running
services, supported encryption algorithms, and permission settings. Which of the following
produced the report?
Protocol analyzer
The computer resource center issued smart-phones to all first-level and above managers. The
managers have the ability to install mobile tools. Which of the following tools should be
implemented to control the types of tools the managers install?
Application manager
A security administrator has written a script that will automatically upload binary and text-based
configuration files onto a remote server using a scheduled task. The configuration files contain
sensitive information. Which of the following should the administrator use? (Select TWO)
SRTP
SNMPv3
A security analyst is conducting a web application vulnerability scan against the company
website. Which of the following is considered an intrusive scan?
Time-delay port scanning
A security technician is configuring an access management system to track and record user
actions. Which of the following functions should the technician configure?
Accounting
Which of the following BEST describes a network-based attack that can allow an attacker to take
full control of a vulnerable host?
Man-in- the-middle
Which of the following is used to validate the integrity of data?
MD5
Which of the following solutions should an administrator use to reduce the risk from an
unknown vulnerability in a third-party software application?
Sandboxing
An active/passive configuration has an impact on:
Availability
A home invasion occurred recently in which an intruder compromised a home network and
accessed a WiFi-enabled baby monitor while the baby’s parents were sleeping. Which of the
following BEST describes how the intruder accessed the monitor?
Default configurations
An administrator is replacing a wireless router. The configuration of the old wireless router was
not documented before it stopped functioning. The equipment connecting to the wireless
network uses older legacy equipment that was manufactured prior to the release of the 802.22i
standard. Which of the following configuration options should the administrator select for the
new wireless router?
WPA2+TKIP
A security administrator installed a new network scanner that identifies new host systems on
the network. Which of the following did the security administrator install?
Rogue system detection
A security technician has been receiving alerts form several servers that indicate load balancers
have had a significant increase in traffic. The technician initiates a system scan. The scan results
illustrate that the disk space on several servers has reached capacity. The scan also indicates
that incoming internet traffic to the servers has increased. Which of the following is the MOST
likely cause of the decreased disk space?
Unauthorized software
To help prevent one job role from having sufficient access to create, modify, and approve
payroll data, which of the following practices should be employed?
Least privilege
An analyst receives an alert from the SIEM showing an IP address that does not belong to the
assigned network can be seen sending packets to the wrong gateway. Which of the following
network devices is misconfigured and which of the following should be done to remediate the
issue?
Firewall, implement an ACL on the interface
A Chief Information Officer asks the company’s security specialist if the company should spend
any funds on malware protection for a specific server. Based on a risk assessment, the ARO
value of a malware infection for the server is 5 and the annual cost for the malware protection is
$2500. Which of the following SLE values warrants a recommendation against purchasing the
malware protection?
$500
Which of the following uses precomputed hashes to guess passwords?
Rainbow tables
Which of the following attack types BEST describes a client-side attack that is used to
manipulate an HTML iframe with JavaScript code via a web browser?
XSS
A security administrator receives an alert from a third-party vendor that indicates a certificate
that was installed in the browser has been hijacked at the root of a small public CA. The security
administrator knows there are at least four different browsers in use on more than a thousand
computers in the domain worldwide. Which of the following solutions would be BEST for the
security administrator to implement to most efficiently assist with this issue?
CRL
Which of the following should be used to create a hash of a source code file that can be used to
ensure the file was not altered during transmission?
MD5
In determining when it may be necessary to perform a credentialed scan against a system
instead of a non-credentialed scan, which of the following requirements is MOST likely to
influence this decision?
The scanner must be able to audit file system permissions
A company was recently audited by a third party. The audit revealed the company’s network
devices were transferring files in the clear. Which of the following protocols should the company
use to transfer files?
SCP
A security analyst is investigating a potential breach. Upon gathering, documenting, and
securing the evidence, which of the following actions is the NEXT step to minimize the business
impact?
Launch an investigation to identify the attacking host
A recent internal audit is forcing a company to review each internal business unit’s VMs because
the cluster they are installed on is in danger of running out of computer resources. Which of the
following vulnerabilities exists?
System sprawl
