Mitigating Security Threats

Question 1

The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing, they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. What term describes their actions?

Cross-site scripting

Fuzzing

Patching

Answer 1

Fuzzing

Fuzzing is a means of injecting data into an application that it does not expect in order to ensure that there are no weaknesses by using proper input validation

Question 2

The process of disabling unneeded network services on a computer is referred to as what?

Patching

Fuzzing

Hardening

Answer 2

Hardening

Hardening includes actions such as disabling unneeded services to make a system more secure

Question 3

You are on a conference call with your developers, Serena and Thomas, discussing the security of your new travel site. You express concern over a recent article describing how user submissions to web sites may contain malicious code that runs locally when others simply read the post. Serena suggests validating user input before allowing the user submissions. Which problem might validation solve?

Cross-site scripting

Fuzzing

Hardening

Answer 3

Cross-site scripting

Cross-site scripting attacks take advantage of dynamically generated web pages on sites that allow unvalidated user input. User submissions can be validated to ensure that malicious scripts do not exist on the site

Question 4

Which of the following lessens the success of dictionary password attacks?

Password complexity requirements

Account lockout threshold

Password hints

Answer 4

Password complexity requirements

Complex password enforcement means dictionary words or username variations, to name just a few, cannot be used as passwords

Question 5

A RADIUS server is used to authenticate your wireless network users. While creating a new user account, you notice there are many more user accounts than actual users. What should be done?

Disable all accounts not linked to a user.

Verify how accounts are used and then delete unnecessary accounts.

Verify how accounts are used and then disable unnecessary accounts.

Answer 5

Verify how accounts are used and then disable unnecessary accounts.

Disable only those accounts that are not required; the account may be needed later. Further investigation is needed to determine whether any accounts are used by network services and not users

Question 6

The 802.11n wireless network in your department must be layer 2 secured. You would like to control which specific wireless devices are allowed to connect. How can you do this?

SIM card

NetBIOS computer name

MAC address

Answer 6

MAC address

The MAC address is an OSI layer 2 (Data Link layer) 48-bit unique hexadecimal address assigned to all network cards and is often used to restrict connecting wireless clients

Question 7

What is the best definition of the IEEE 802.1x standard?

It defines the Ethernet standard.

It defines network access control only for wireless networks.

It defines network access control for wired and wireless networks.

Answer 7

It defines network access control for wired and wireless networks.

802.1x applies to wired and wireless networks. 802.1x connectivity devices forward authentication requests to an authentication server before allowing access to a network

Question 8

You are hardening a Linux computer and have disabled SSH in favor of Telnet. You ensure that passwords are required for Telnet access. Identify your error.

Secure Telnet should have public key authentication enabled.

Only strong passwords should be used with Telnet.

SSH should have been used instead of Telnet.

Answer 8

SSH should have been used instead of Telnet.

Secure Shell (SSH) encrypts all packet payloads unlike Telnet and therefore should be used when hardening

Question 9

As the IT director of a high school using Group Policy and Active Directory, you plan the appropriate standard security settings for newly deployed Windows 10 workstations. Some teachers require modifications to these settings because of the specialized software they use. Which term refers to the standardized security parameters?

Initial baseline configuration

Principle of least privilege

Sysprepped image

Answer 9

Initial baseline configuration

The initial baseline configuration implies blanket security settings that are the minimum standard

Question 10

The periodic assessment of security policy compliance is referred to as what?

Remediation

Hardening

Continuous security monitoring

Answer 10

Continuous security monitoring

Continuous security monitoring ensures that security policies are adhered to and enforced

Question 11

You are a Windows Server 2016 administrator. You install and configure the Network Policy Server (NPS) role and configure health policies that require all connecting clients to have firewall and spyware software enabled. Clients violating these health policies will receive an IP address placing them on a restricted subnet containing servers with client firewall and spyware software to install. What term accurately refers to the role the servers on this restricted subnet play?

Isolation

Remediation

Validation

Answer 11

Remediation

Remediation servers provide a method of correcting security deficiencies

Question 12

IT security personnel respond to the repeated misuse of an authenticated user’s session cookie on an e-commerce web site. The affected user reports that he occasionally uses the site but not for the transactions in question. The security personnel decide to reduce the amount of time an authentication cookie is valid. What type of attack have they responded to?

Dictionary

Privilege escalation

Cross-site request forgery

Answer 12

Cross-site request forgery

Cross-site request forgeries involve the malicious use of a trusted party’s cookie against a web site

Question 13

A network administrator places a network appliance on the DMZ network and configures it with various security thresholds, each of which will notify the IT group via e-mail. The IT group will then adhere to the incident response policy and take action. What will be triggered when any of these thresholds is violated?

Alarm

Alert

Remediation

Answer 13

Alarm

An alarm is a warning of danger that requires action (adherence to an incident response policy), such as a security threshold that might warn of excessive types of network traffic (which could imply a denial-of-service attack)

Question 14

A user reports repeated instances of Windows 10 slowing down to the point where she can no longer be productive. You view the Windows Event Viewer logs for the past month and notice an exorbitant amount of SMTP traffic leaving the local machine each morning between 10 a.m. and 11 a.m. What type of analysis was performed to learn of this anomaly?

Forensic

Trend

Network statistical

Answer 14

Trend

A trend analysis seeks patterns within data sets, such as events happening around the same time each day

Question 15

Roman is developing an application that controls the lighting system in a large industrial complex. A piece of code calls a function that controls a custom-built circuit board. While running his application, Roman’s application fails repeatedly because of unforeseen circumstances. Which secure coding guideline did Roman not adhere to?

Packet encryption

Digital signatures

Error handling

Answer 15

Error handling

Error handling is a secure coding guideline that requires developers to write code that will capture any unforeseen situations instead of allowing applications to fail

Question 16

What can be done to harden the Windows operating system? (Choose three.)

Disable system restore points.

Disable unnecessary services.

Patch the operating system.

Configure EFS.

Disable Group Policy.

Answer 16

Disable unnecessary services.

Patch the operating system.

Configure EFS.

Hardening is defined as making hardware or software less vulnerable to security breaches. Disabling unnecessary services reduces the potential attack surface of an operating system. Patching applies solutions for known flaws and weaknesses. Encrypting File System (EFS) protects files and folders by encrypting them in such a way that parties without the decryption keys cannot decrypt the data

Question 17

You are configuring a fleet of Windows laptops for traveling employees, some of whom prefer using USB mice. It is critical that the machines are as secure as possible. What should you configure? (Choose three.)

Disable USB ports.

Require USB device encryption.

Enable and configure the Windows firewall.

Install and configure antivirus software.

Enable a power management scheme.

Answer 17

Require USB device encryption.

Enable and configure the Windows firewall.

Install and configure antivirus software.

USB device encryption can be enforced, which disallows copying of data to USB drives unless the USB device is encrypted. This ensures copied data remains confidential even if the USB drive is lost. The Windows firewall is critical in controlling inbound and outbound network traffic. For example, when connected to public networks, the firewall might block all incoming traffic, but when connected to the Active Directory domain network, the firewall might allow inbound remote control. Antivirus software is always essential to protecting operating systems from the enormous amount of known malware

Question 18

A shipment of new Windows computers has arrived for Accounting department employees. The computers have the operating system preinstalled but will require additional financial software. In which order should you perform all of the following?

Join the Active Directory domain.

Apply all operating system patches.

Ensure the virus scanner is up to date.

Log in to the Active Directory domain to receive Group Policy security settings.

Install the additional financial software.

Answer 18

Ensure the virus scanner is up to date.

Apply all operating system patches.

Join the Active Directory domain.

Log in to the Active Directory domain to receive Group Policy security settings.

Install the additional financial software.

The virus scanner must first be updated either manually or automatically to protect against malicious code while the system is updating. Applying operating system patches is the second thing to do to ensure that any software and security flaws are addressed. Next you would join the computer to the domain, but only after patching and ensuring that there are no viruses. Once the computer is joined to the domain, you would log in to ensure Group Policy security settings are applied. Finally, the financial software required by Accounting department employees should be installed and tested

Question 19

Which of the following items can help prevent ARP cache poisoning? (Choose three.)

Use 802.1x security.

Disable ARP.

Patch the operating system.

Configure the use of digital signatures for all network traffic.

Disable unused switch ports.

Answer 19

Use 802.1x security.

Configure the use of digital signatures for all network traffic.

Disable unused switch ports.

ARP cache poisoning is a process by which a malicious device sends unsolicited broadcasts including its MAC address and another node’s IP address, thus redirecting traffic through itself instead of to that other node. This can happen only if network access is granted. Unused switch ports should be disabled to prevent unauthorized access to the network. 802.1x security requires device authentication before allowing network access. Unauthorized computers should not be able to authenticate to the network. ARP cache poisoning requires having network access to transmit forged ARP broadcast packets. Digital signatures assure the recipient of a transmission that the sender is valid. This can be done in many ways, such as by using Internet Protocol Security (IPSec), which can require that computers first authenticate to Active Directory before they can participate in secure transmissions

Question 20

our intranet provides employees with the ability to search through an SQL database for their past travel expenses once they have logged in. One employee from the IT department discovers that if she enters an SQL string such as SELECT * FROM EXPENSES WHERE EMPID = ‘x’=’x’;, it returns all employee travel expense records. What secure coding guideline was ignored?

SQL injection prevention

Input validation

Disabling of SQL indexes

Answer 20

Input validation

Had the SQL query string been properly validated, returning all records would have been prevented

Question 21

You capture and examine network traffic weekly to ensure that the network is being used properly. In doing so, you notice traffic to TCP port 53 on your server from an unknown IP address. After reviewing your server logs, you notice repeated failed attempts to execute a zone transfer to your server. What type of attack was attempted?

ARP poisoning

Cross-site scripting

DNS poisoning

Answer 21

DNS poisoning

Domain Name Service (DNS) poisoning means including incorrect name resolution data with the intent of secretly redirecting users to malicious hosts. TCP port 53 is used by DNS servers to synchronize DNS records and, in this case, to, and not from, your server

Question 22

A network security audit exposes three insecure wireless routers using default configurations. Which security principle has been ignored?

Application patch management

Device hardening

Input validation

Answer 22

Device hardening

Had the wireless routers been properly hardened, the default configurations would have been changed, such as lack of MAC filtering, encryption, and default admin passwords

Question 23

Which of the following standards must authenticate computing devices before allowing network access?

Router

Hub

IEEE 802.1x

Answer 23

IEEE 802.1x

IEEE 802.1x is a standard that authenticates computers against a server before allowing access to wired or wireless networks

Question 24

What will prevent frequent repeated malicious attacks against user account passwords?

Minimum password age

Password hints

Account lockout

Answer 24

Account lockout

Account lockout locks an account after a predetermined number of incorrect password attempts and renders the account unusable for a period of time, thus preventing further password attempts

Question 25

Which item would best apply a standard security baseline to many computers?

A disk image of the operating system

Security templates distributed through Group Policy

Password settings distributed through Group Policy

Answer 25

Security templates distributed through Group Policy

Security templates can contain many security settings that are best distributed to groups of computers through Group Policy

Question 26

After patching and hardening your computers, how would you determine whether your computers are secure?

Performance baseline

Security templates

Penetration testing

Answer 26

Penetration testing

Penetration testing exploits hardware and software vulnerabilities to determine how secure computing devices or networks really are

Question 27

While hardening a Windows server, you decide to disable a number of services. How can you ensure that the services you are disabling will not adversely affect other services?

Run the net start ‘service name’ / dep command.

Right-click the service and choose Show Dependency Chain.

Double-click the service and view the Dependencies tab.

Answer 27

Double-click the service and view the Dependencies tab.

The Dependencies tab in a service’s properties lists other services that depend on the one you are considering disabling

Question 28

Your company uses Microsoft IIS to host multiple intranet web sites on a two-node cluster. All sites store their configuration and content on drive C: and log files are stored on the D: drive. All sites share a common application pool. The IT director has asked that you ensure that a single hacked web site will not adversely affect other running web sites. What should you do?

Move each web site configuration to a separate hard disk.

Move each web site’s content to a separate hard disk.

Configure each web site to use its own application pool.

Answer 28

Configure each web site to use its own application pool.

Web sites running in separate application pools prevent one pool from affecting other pools in the event of a compromised web site

Question 29

You are developing your Windows 8.1 enterprise rollout strategy. IT security policies have been updated to reflect the company’s stricter security standards. Which of the following will harden Windows 8.1? (Choose two.)

Use a Class C IP address.

Configure log archiving.

Configure USB device restrictions.

Disable unused services.

Answer 29

Configure USB device restrictions.

Disable unused services.

Disabling or restricting the use of USB ports and services and their listening ports helps make operating systems more secure

Question 30

How can you prevent rogue machines from connecting to your network?

Deploy an IEEE 802.1x configuration.

Use strong passwords for user accounts.

Use IPv6.

Answer 30

Deploy an IEEE 802.1x configuration.

The IEEE 802.1x standard requires that devices be authenticated before being given network access. For example, it might be configured for VPN appliances, network switches, and wireless access points that adhere to the IEEE 802.1x standard

Question 31

What can be done to secure the network traffic that is generated when administering your wireless router?

Use HTTP with PKI.

Use HTTP with IPv6.

Use HTTPS with PKI.

Answer 31

Use HTTPS with PKI.

Hypertext Transfer Protocol Secure (HTTPS) uses at least one Public Key Infrastructure (PKI) security certificate to encrypt transmissions between the client web browser and the wireless router. This protects the router’s management interface

Question 32

Your company is upgrading to a new office suite. The spreadsheet application must trust only macros digitally signed by the company certificate authority. You have servers installed in a single Windows Active Directory domain. What should you configure to ensure that macro security on all stations is configured properly?

Configure the spreadsheet application on each computer to trust company macros.

Create an EFS PKI certificate for signing the macros.

Use Group Policy to enforce the described application configuration baseline.

Answer 32

Use Group Policy to enforce the described application configuration baseline.

Group Policy can be used to configure these options centrally

Question 33

Aidan is creating a Linux operating system image that will be used to deploy Linux virtual machines from a template. After patching the operating system, he installs the required application software, installs and updates the anti-malware software, creates the image, and stores it on the imaging server. What did Aidan forget to do?

He forgot to Sysprep the installation before capturing the image.

He forgot to patch the application software.

He forgot to turn on anti-malware real-time monitoring.

Answer 33

He forgot to patch the application software.

Application software patches must be applied regularly

Question 34

You are the founder of Acme Data Mining. The business focuses on retrieving relevant consumer habits from various sources, and that data is then sold to retailers. Because of the amount of data that must be processed, you must implement the fastest possible solution. Which type of technology should you implement?

SQL

NoSQL

SATA

Answer 34

NoSQL

NoSQL is a simplified database standard (nonrelational) designed for quick retrieval when processing large volumes of data

Question 35

You have been asked to develop a secure web application for a home brewing retailer. The app will read and write to a back-end database for customer transactions. The database has rules in place to check that data is valid. The web site uses HTTPS. What else should be done to secure the web app further?

Use JavaScript for server-side data validation.

Use PKI.

Use JavaScript for client-side data validation.

Answer 35

Use JavaScript for client-side data validation.

JavaScript code executes in the client web browser. Even though server-side database validation is in place, it is wise also to configure client-side validation to ensure invalid data does not even reach the server

Question 36

Your company has issued Android-based smart phones to select employees. Your manager asks you to ensure that data on the smart phones is protected. How do you address your manager’s concerns?

Implement SCADA, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones.

Implement PKI VPN authentication certificates, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones.

Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones.

Answer 36

Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones.

Hardening a smart phone includes configuring automatic screen locking, encrypting data on the device, patching the OS and required apps, installing and updating anti-malware, and disabling unnecessary features and software

Question 37

While hardening your home office network, you decide to check that the firmware in all your network devices is updated. To which of the following devices would this apply?

Smart TV, gaming console, printer, HVAC, wireless router

Refrigerator, printer, wireless router, electrical outlets, printer

HVAC, fire extinguisher, gaming console, printer, wireless router

Answer 37

Smart TV, gaming console, printer, HVAC, wireless router

You should check that the firmware in your smart TV, gaming console, printer, HVAC system, wireless router, and printer are all up to date. Outdated firmware could expose device vulnerabilities

Question 38

Which enterprise-class items within your organization should be patched regularly? (Choose all that apply.)

Mainframes

Thin clients

Public cloud virtualization hosts

IP addresses

Answer 38

Mainframes

Thin clients

Mainframe computers and thin client computers should be patched regularly

Question 39

An application accesses memory outside of its allocated space. What is the issue?

Access violations

Certificate issues

Misconfigured content filter

Answer 39

Access violations

Access violations occur when an application attempts to access memory outside of its allocated space

Question 40

A service on a local server cannot communicate with its database server running on another machine. The database server is functioning correctly and all network connections are working properly. What is the issue?

Insider threat

Unauthorized software

Misconfigured firewall

Answer 40

Misconfigured firewall

A misconfigured firewall would prevent the local service from being able to talk to a service on another machine over the network

Question 41

An attacker has contacted one of your employees and has convinced her to give up her username and password, giving the attacker access to your network. What sort of attack is this?

Data exfiltration

Social engineering

HIDS/HIPS

Answer 41

Social engineering

Social engineering is an attack based on deception. It involves convincing a user that the attacker is somebody else so that victims divulge private information

Question 42

Important data about the internal network of your company has been leaked online. There has been no breach of your network by an attacker. What type of issue is this?

File integrity check

Host-based firewall

Social media

Answer 42

Social media

Employees can inadvertently leak important details about your network to online forums or social media. For example, an organization’s VPN acceptable use policy or a network diagram document could be mistakenly attached to a Facebook post

Question 43

While monitoring network traffic, you notice a lot of IMAP communications between your network and an IP address that does not belong to the company e-mail server. What is the cause of this traffic?

Advanced malware tools

Whitelisted applications

Personal e-mail

Answer 43

Personal e-mail

Employees are most likely accessing their personal e-mail accounts from work, which may or may not be allowed depending on company policy

Question 44

New company laptops have arrived, and before being deployed in the field, software is installed on them to allow them to be centrally tracked and managed. Which term best describes this scenario?

File integrity checks

Web application firewall

Asset management

Answer 44

Asset management

Tracking the location or configuration of laptops, which are assets, allows them to be better managed and located if lost or stolen. It also allows for centralized management on a small, medium, or large scale

Question 45

The NIST Cybersecurity Framework is an example of what kind of industry-standard framework? (Choose two.)

Regulatory

National

Nonregulatory

International

Answer 45

National

Nonregulatory

It is nonregulatory and national, being created by the American National Institute of Standards and Technology

Question 46

Why might you want to keep the diversity of end-user technologies in use to a minimum? (Choose all that apply.)

It takes less effort to maintain.

It reduces costs.

It takes more effort to maintain.

It improves the user experience.

Answer 46

It takes less effort to maintain.

It reduces costs.

It improves the user experience.

Keeping technological diversity to a minimum takes less effort to maintain, can reduce costs and complexity, and can also improve the user experience because of its simplicity. At the technical level, sometimes the use of diverse technologies increases security, such as using different vendor firewalls for external-facing and internal-facing networks

Question 47

Which of the following is not an example of a smart (or IoT) device?

A watch

A lightbulb

A UAV/drone

Internet camera

System on a Chip

Answer 47

A watch

A lightbulb

A UAV/drone

Internet camera

A System on a Chip (SoC) can be a component of a smart/Internet of Things (IoT) device, but unto itself it is not a smart/IoT device, much like firmware can be used in a firewall device but is itself not a firewall

Question 48

You are approached by a company that wants your team to develop an application for them. They would like to be highly involved and would like a basic version of the software working as soon as possible. What development model is best suited for this?

Agile

Waterfall

SCADA

Answer 48

Agile

Agile is a method that involves the customer in the development of the product and can create basic versions of working software quickly

Question 49

What can be used to validate SQL statements repetitively?

Data exposure

Normalization

Stored procedure

Answer 49

Stored procedure

A database stored procedure enables a subroutine to be called many times. Potential use cases include for fuzzing or data validation

Question 50

What does Secure DevOps entail? (Choose all that apply.)

Security automation

Continuous integration

Immutable systems

Infrastructure as Code

Answer 50

Security automation

Continuous integration

Immutable systems

Infrastructure as Code

Security automation involves testing your code with automated security tools—for example, to ensure when it’s fed unexpected data, the app doesn’t crash or reveal sensitive information. Continuous integration allows the merging of all working copies of code into a single unified mainline, which facilitates code management involving multiple code versions and multiple developers. Immutable systems apply where components are replaced rather than changed. Infrastructure as Code is the process of managing computing systems and their configurations through code

Question 51

You are joining a team of developers who use Git for their products. What primary benefit does Git provide?

SDK

Version control

Memory management

Answer 51

Version control

Git is an Internet-based code repository that provides version control, which is a way to manage changed code by giving each change its own unique identifier

Question 52

The development team you are working with wants to analyze some code without executing it. How can this be achieved?

Static code analysis.

Dynamic analysis.

Sandboxing.

Answer 52

Static code analysis.

Static code analysis allows code to be analyzed without running it

Question 53

You are asked to test the ability of a program to function correctly under heavy load conditions. What type of test should you run?

Baselining

Encryption

Stress testing

Answer 53

Stress testing

Stress testing determines how code will function under heavy loads