Practice Exam 1 Flashcards
Management within your organization has defined a use case to support confidentiality of PII stored in a database. Which of the following solutions will BEST meet this need? A. Hashing B. Digital signature C. Encryption D. Smart card
C. Encryption is the best choice to provide confidentiality of any type of information, including Personally Identifiable Information (PII) stored in a database. Hashing will support a use case of supporting integrity. Digital signatures will support a use case of supporting non-repudiation. A smart card will support a use case of supporting authentication.
Management has implemented a policy stating that messages sent between upper-level executives must arrive without any changes. The IT department is tasked with implementing technical controls to meet this need. Which security goal does this policy address? A. Confidentiality B. Integrity C. Availability D. Authentication
B. Integrity provides assurances that data has not been modified and integrity is commonly enforced with hashing. Confidentiality prevents unauthorized disclosure of data, but doesn’t address modifications of data. Availability ensures systems are up and operational when needed and uses fault tolerance and redundancy methods. Authentication provides proof that users are who they claim to be.
Your organization recently implemented two servers that act as failover devices for each other. Which security goal is your organization pursuing? A. Obfuscation B. Integrity C. Confidentiality D. Availability
D. Failover devices increase availability. A failover cluster uses redundant servers to ensure a service will continue to operate even if one of the servers fails. Obfuscation methods attempt to make something unclear or difficult to understand and are not related to failover devices. Integrity methods ensure that data has not been modified. Confidentiality methods such as encryption prevent the unauthorized disclosure of data.
You are tasked with improving the overall security for a database server. Which of the following is a preventive control that will assist with this goal?
A. Disabling unnecessary services
B. Identifying the initial baseline configuration
C. Monitoring logs for trends
D. Implementing a backup and restoration plan
A. Disabling unnecessary services is one of several steps you can take to harden a server. It is a preventive control because it helps prevent an incident. Identifying the initial baseline configuration is useful to determine the security posture of the system, but by itself it doesn’t prevent attacks. Monitoring logs and trend analysis are detective controls, not preventive controls. A backup and restoration plan is a corrective control.
An IT department recently had its hardware budget reduced, but the organization still expects them to maintain availability of services. Which of the following choices would BEST help them maintain availability with a reduced budget? A. Failover clusters B. Virtualization C. Bollards D. Hashing
B. Virtualization provides increased availability because it is much easier to rebuild a virtual server than a physical server after a failure. Virtualization supports a reduced budget because virtual servers require less hardware, less space in a data center, less power, and less heating and air conditioning. Failover clusters are more expensive. Bollards are physical barriers that block vehicles. Hashing provides integrity, not availability.
You want to test new security controls before deploying them. Which of the following technologies provides the MOST flexibility to meet this goal? A. Baselines B. Hardening techniques C. Virtualization technologies D. Patch management programs
C. Virtualization provides a high degree of flexibility when testing security controls because testers can easily rebuild virtual systems or revert them using a snapshot. Baselines provide a known starting point, but aren’t flexible because they stay the same. Hardening techniques make systems more secure than their default configuration. Patch management programs ensure patches are deployed, but do not test security controls.
You suspect that traffic in your network is being rerouted to an unauthorized router within your network. Which of the following command-line tools would help you narrow down the problem? A. ping B. tracert C. ipconfig D. netstat
B. You can use tracert to track packet flow through a network and if an extra router has been added to your network, tracert will identify it. You can use ping to check connectivity with a remote system, but it doesn’t show the route. The ipconfig command will show the network settings on a Windows computer, but it doesn’t identify failed routers. Netstat shows active connections and other network statistics on a local system, but it doesn’t identify network paths.
The First Bank of Springfield has been experiencing widespread fraud recently. Attackers are transferring funds out of customer accounts to other banks. The bank began requiring customers to obtain credentials in person at the bank. However, this hasn’t reduced the number of fraudulent transactions. After reviewing available logs, investigators determined that these fraudulent transactions are conducted with the customer’s actual credentials. Which of the following security controls should be strengthened to reduce these incidents? A. Authentication B. Identification C. Accounting D. Authorization
A. Authentication should be increased, such as by forcing users to use stronger passwords. The scenario indicates that attackers are somehow obtaining customer credentials and using them to conduct the fraudulent transactions. Identification is simply claiming an identity, and having customers come into the bank to obtain their credentials increases identification, but this didn’t help. Accounting is typically performed by reviewing logs, but the current logs are documenting the fraud. Authorization indicates what customers can do, but there isn’t any indication that authorization is a problem.
An outside security auditor recently completed an in-depth security audit on your network. One of the issues he reported was related to passwords. Specifically, he found the following passwords used on the network: Pa\$\$, 1@W2, and G7bT3. Which of the following should be changed to avoid the problem shown with these passwords? A. Password complexity B. Password length C. Password history D. Password reuse
B. The password policy should be changed to increase the minimum password length of passwords. These passwords are only four and five characters long, which is too short to provide adequate security. They are complex because they include a mixture of at least three of the following character types: uppercase letters, lowercase letters, numbers, and special characters. Password history and password reuse should be addressed if users are reusing the same passwords, but the scenario doesn’t indicate this is a problem.
When you log on to your online bank account, you are also able to access a partner’s credit card site, check-ordering services, and a mortgage site without entering your credentials again. Which of the following does this describe? A. SSO B. Same sign-on C. SAML D. Kerberos
A. This is an example of single sign-on (SSO) capabilities because you can log on once and access all the resources without entering your credentials again. Same sign-on requires you to reenter your credentials for each new site, but you use the same credentials. Security Assertion Markup Language (SAML) is an SSO solution used for web-based applications and the bank might be using SAML, but other SSO solutions are also available. Kerberos is used in an internal network.
Your network uses an authentication service based on the X.500 specification. When encrypted, it uses TLS. Which authentication service is your network using? A. SAML B. Diameter C. Kerberos D. LDAP
D. Lightweight Directory Access Protocol (LDAP) uses X.500- based phrases to identify components and Secure LDAP can be encrypted with Transport Layer Security (TLS). Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used for single sign-on (SSO), but it is not based on X.500. Diameter is an alternative to RADIUS used in some remote access solutions. Kerberos is not based on X.500.
You’re asked to identify who is accessing a spreadsheet containing employee salary data. Detailed logging is configured correctly on this file. However, you are unable to identify a specific person who is accessing the file. Which of the following is the MOST likely reason?
A. Shared accounts are not prohibited.
B. Guest accounts are disabled.
C. Permissions for the file were assigned to a group.
D. Account lockout has been enabled.
A. The most likely reason of those given is that shared accounts are not prohibited, allowing multiple users to access the same file. For
example, if the Guest account is enabled and used as a shared account by all users, the logs will indicate the Guest account accessed the file, but it won’t identify specific individuals. It doesn’t matter how permissions are assigned in order for a log to identify who accessed the file. Account lockout stops someone from guessing a password, but it doesn’t affect file access logs.
Interns from a local college frequently work at your company. Some interns work with the database developers, some interns work with the web application developers, and some interns work with both developers. Interns working with the database developers require specific privileges, and interns working with the web application developers require different privileges. Which of the following is the simplest method to meet these requirements?
A. Use generic accounts.
B. Create user-based privileges.
C. Use group-based privileges.
D. Grant the interns access to the Guest account.
C. Using group-based privileges is the best choice to meet the needs of this scenario. For example, you can create a DB_Group and a Web_Group, assign appropriate privileges to the groups, and add intern accounts to the groups based on their assignments. Generic accounts such as the Guest account should not be used. User-based privileges take too much time to manage because you’d have to implement them separately.
You are configuring a file server used to share files and folders among employees within your organization. However, employees should not be able to access all folders on this server. Which of the following choices is the BEST method to manage security for these folders?
A. Assign permissions to each user as needed.
B. Wait for users to request permission and then assign the appropriate permissions.
C. Delegate authority to assign these permissions.
D. Use security groups with appropriate permissions.
D. You can create security groups, place users into these groups, and grant access to the folders by assigning appropriate permissions to the security groups. For example, the security groups might be Sales, Marketing, and HR, and you place users into the appropriate group based on their job. This is an example of using group-based privileges. Assigning permissions to each user individually has a high administrative overhead. Waiting for users to ask will also increase administrative overhead. Although delegating authority to assign permissions might work, it doesn’t provide the same level of security as centrally managed groups, and without groups, it will still have a high administrative overhead for someone.
The Retirement Castle uses groups for ease of administration and management. They recently hired Jasper as their new accountant. Jasper needs access to all the files and folders used by the Accounting department. Which of the following should the administrator do to give Jasper appropriate access?
A. Create an account for Jasper and add the account to the Accounting group.
B. Give Jasper the password for the Guest account.
C. Create an account for Jasper and use rule-based access control for accounting.
D. Create an account for Jasper and add the account to the Administrators group.
A. The administrator should create an account for Jasper and add it to the Accounting group. Because the organization uses groups, it makes sense that they have an Accounting group. The Guest account should be disabled to prevent the use of generic accounts. This scenario describes role-based access control, not rule-based access control. Jasper does not require administrator privileges, so his account should not be added to the Administrators group.
You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task? A. FTP B. SNMPv3 C. SFTP D. SRTP
C. Secure File Transfer Protocol (SFTP) is the best choice. File Transfer Protocol (FTP) is the best choice to send large files if they don’t contain sensitive data. These files contain proprietary data so they should be encrypted and SFTP encrypts the files using Secure Shell (SSH). Simple Network Management Protocol version 3 (SNMPv3) is used to manage network devices, not transfer files. The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for streaming media.
Your organization is planning to establish a secure link between one of your mail servers and a business partner’s mail server. The connection will use the Internet. Which protocol is the BEST choice? A. TLS B. SMTP C. HTTP D. SSH
A. Transport Layer Security (TLS) is a good choice to create a secure connection between two systems over the Internet. Although the mail servers will likely exchange mail using Simple Mail Transfer Protocol (SMTP), SMTP by itself will not create a secure link. Similarly, Hypertext Transfer Protocol (HTTP) doesn’t create a secure link. Although Secure Shell (SSH) creates a secure connection, it isn’t used with SMTP.
Bart is adding a DMZ into his organization’s network. Which of the following is the BEST description of why he would do so?
A. To increase security for servers accessed from public networks
B. To provide a secure physical location for networking equipment
C. To lure attackers to a fake server or fake network
D. To cache data retrieved from a web server
A. A demilitarized zone (DMZ) is a logical buffer zone for servers accessed from public networks such as the Internet, and it provides a layer of security for servers in the DMZ. A wiring closet or server room provides physical security for networking equipment. A honeypot is a fake server used to lure attackers and a honeynet is a fake network. Proxy servers cache data retrieved from web servers.
Your organization wants to prevent employees from accessing file sharing web sites. Which of the following choices will meet this need?
A. Content inspection B.Malware inspection
C. URL filter
D. Web application firewall
C. A URL filter blocks access to specific web sites based on their URLs. Proxy servers and unified threat management (UTM) devices include URL filters. UTM devices also include content inspection to identify and filter out different types of files and traffic, and malware inspection to identify and block malware. A web application firewall (WAF) protects a web server from incoming attacks.
Your organization hosts several web servers in a web farm. They have recently been attacked, resulting in unacceptable downtime. Management wants to implement a solution that will provide protection for the web farm and include load balancing to improve the overall performance of the web farm. Which of the following will BEST meet this need? A. Stateless firewall B. Stateful firewall C. Web application firewall D. Host-based firewall
C. A web application firewall (WAF) is the best choice. You can place it in the demilitarized zone (DMZ) and the web farm servers in the internal network. In addition to protecting the web servers, the WAF also provides load balancing. None of the other solutions provides load balancing. A stateless firewall filters traffic using an access control list. A stateful firewall filters traffic based on the state of a packet within a session. A host-based firewall provides protection for a single host.
Management suspects that employees have been sending proprietary data out of the network via email. They want to implement a solution that will detect and block similar incidents in the future. Which of the following is the BEST choice to meet this need? A. Mail gateway B.UTM appliance C. Forward proxy D. Reverse proxy
A. A mail gateway is placed between an email server and the Internet and mail gateways typically include data loss prevention (DLP) capabilities. They can inspect the contents of outgoing traffic looking for key words and block any traffic containing proprietary data. A unified threat management (UTM) device includes content inspection, but this most often blocks specific types of traffic, or specific file types. A mail gateway is more focused on email. Proxy servers are typically used for web traffic. They don’t include the ability to filter email.
You are tasked with configuring a switch so that it separates VoIP and data traffic. Which of the following provides the BEST solution? A. NAC B. DMZ C. SRTP D. VLAN
D. A virtual local area network (VLAN) provides separation for traffic and can be configured to separate Voice over IP (VoIP) traffic and data traffic. Network access control (NAC) solutions inspect clients for health after they connect to a network. A demilitarized zone (DMZ) provides a layer of protection for Internet-facing systems, while also allowing clients to connect to them. Secure Real-time Transport Protocol (SRTP) provides encryption and authentication for Real-time Transport Protocol (RTP) traffic. RTP is used for audio/video streaming, such as in video teleconferencing applications.
Your organization hosts an e-commerce business that has become quite successful recently. It includes a web farm and a database server within the DMZ. IT management is concerned that there isn’t enough staff working around the clock to protect these servers. Which of the following would provide the BEST automated protection for these servers? A. NIDS and HIDS B. NIPS and HIPS C. SIEM and NIPS D. SIEM and NIDS
B. The best automated solution of the available choices is a network-based intrusion prevention system (NIPS) protecting the demilitarized zone (DMZ), and host-based intrusion prevention systems (HIPSs) on the database server and web servers. An intrusion detection system (IDS) detects intrusions and reports them, but it does not provide automated responses to protect the systems. A security information and event management (SIEM) system provides aggregation and correlation services for log entries, but it doesn’t provide automated protection.
Management is concerned about malicious activity and wants to implement a security control that will detect unusual traffic on the network. Which of the following is the BEST choice to meet this goal? A. Network-based firewall B. Signature-based IDS C. Anomaly-based IDS D. Honeynet
C. An anomaly-based (also called heuristic-based or behavior- based) intrusion detection system (IDS) compares current activity with a previously created baseline to detect any anomalies or unusual traffic on a network. A network-based firewall will block and allow traffic, but it does not detect unusual traffic. Signature-based IDS systems use signatures similar to antivirus software. A honeynet is a group of servers configured as honeypots. A honeynet is designed to look valuable to an attacker and can divert attacks.
Of the following choices, what can you use to divert malicious attacks on your network away from valuable data to worthless, fabricated data? A. IPS B. Proxy server C. Web application firewall D. Honeypot
D. A honeypot can divert malicious attacks to a harmless area of your network, such as away from production servers holding valid data. An intrusion prevention system (IPS) can block attacks, but it doesn’t divert them. A proxy server can filter and cache content from web pages, but it
doesn’t divert attacks. A web application firewall (WAF) is an additional firewall designed to protect a web application.
Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via the wireless network, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. Which of the following would BEST meet this need? A. NAT B. DMZ C. VPN D. 802.1x
D. An 802.1x server provides port-based authentication and can authenticate clients. Clients that cannot authenticate (the guests in this scenario) can be redirected to the guest network, which grants them Internet access but not access to the internal network. None of the other solutions provides port security or adequate network separation. Network Address Translation (NAT) translates private IP addresses to public IP addresses. A demilitarized zone (DMZ) provides a buffer zone between a public network and a private network for public-facing servers. A virtual private network (VPN) provides access to a private network via a public network.
Management asks you if you can modify the wireless network to prevent users from easily discovering it. Which of the following would you modify to meet this goal? A. CCMP B. WPA2 Enterprise C. SSID broadcast D. MAC address filter
C. You can disable service set identifier (SSID) broadcasting to prevent users from easily discovering the wireless networks. None of the other methods hide the network. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) provides stronger security for Wi-Fi Protected Access II (WPA2) and WPA2 Enterprise adds authentication for a wireless network. Media access control (MAC) address filtering can restrict access to the wireless network.
Marge, a security administrator, is tasked with ensuring that all devices have updated virus definition files before they can access network resources. Which of the following technologies would help her accomplish this goal? A. NIDS B. NAC C. DLP D. DMZ
B. Network access control (NAC) inspects clients for health, including having up-to-date virus definition files and can restrict network access to unhealthy clients to a remediation network. A network intrusion detection system (NIDS) can detect incoming attacks, but doesn’t inspect internal clients. A data loss prevention (DLP) system typically examines outgoing traffic looking for confidential data. A demilitarized zone (DMZ) is a buffer zone between the Internet and an internal network.
Your organization is hosting a wireless network with an 802.1x server using PEAP. On Thursday, users report they can no longer access the wireless network, but they could access it on the previous day. Administrators verified the network configuration matches the baseline, there aren’t any hardware outages, and the wired network is operational. Which of the following is the MOST likely cause for this problem?
A. The RADIUS server certificate expired.
B. DNS is providing incorrect host names.
C. DHCP is issuing duplicate IP addresses.
D. MAC filtering is enabled.
A. The most likely cause is that the Remote Authentication Dial-In User Service (RADIUS) server certificate expired. An 802.1x server is implemented as a RADIUS server and Protected Extensible Authentication Protocol (PEAP) requires a certificate, which is a key clue in this question. If Domain Name System (DNS) or Dynamic Host Configuration Protocol (DHCP) failed, it would affect both wired and wireless users. Media access control (MAC) address filtering might cause this symptom if all MAC addresses were blocked, but the scenario states that there weren’t any network configuration changes.
Lisa has created an application on her development computer. She wants to test it on a Linux-based computer she commonly uses for testing. However, she wants to ensure it is isolated when she tests it. Which of the following is the BEST solution to meet her needs?
A. Use chroot.
B. Sideload the application. C. Use FDE.
D. Use chmod.
A. The best answer of the available choices is to use the chroot command to isolate the application within a sandbox. Sideloading is the process of copying an application to a mobile device, not a Linux-based computer. Full disk encryption (FDE) is associated with mobile devices and would not isolate an application. The chmod command is used to change permissions on a Linux system.
