Practice Question 73-84 Flashcards
An administrator recently learned of a suspected attack on a Florida-based web server from IP address 72.52.206.134 at 01:45:43 GMT However, after investigating the logs, he doesn’t see any traffic from that IP at that time. Which id the MOST likely reason why the administrators was unable identify the traffic?
A. He did not account for time offsets
B. He did not capture an image
C. The IP address has expired
D. The logs were erased when the system was rebooted
The most likely reason is that he did not account for the time offset. The attack occurred on GMT and the web servers in EST which is a five hours different from GMT.
Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which would be MOST effective at reducing the success of these attacks?
A. Implement a BYOD policy
B. Update the AUP
C. Provide training on data handling
D. Implement a program to increase security awareness
Implementing a program to increase security awareness, it could focus on social engineering attacks
Management has implemented a policy starting that messages sent between upper level executives must arrive without any changes. The IT department is tasked with implementing technical controls to meet this need. Which security goal does this policy address? A. Confidentiality B. Integrity C. Availability D. Authentication
Integrity provides assurance that data has not been modified and integrity is commonly enforced with hashing.
Your organization recently implemented two servers that act as failover devices for each other. Which security goal is your goal pursuing? A. Obfuscation B. Integrity C. Confidentiality D. Availability
Failover devices increases availability. A failover cluster uses redundant servers to ensure a service will continue to operate even if one of the servers fail.
You are tasked with improving the overall security for a database server. Which is a preventive control that will assist with this goal?
A. Disabling unnecessary services
B. Identifying the initial baseline configuration
C. Monitoring logs for trends
D. Implementing a backup and restore plan
Disabling unnecessary services is one of the several steps that you can take to Harden a server, it is a preventive control to operate because it helps prevent an incident.
An IT department recently had its hardware locks budget reduced, but the organization still expects them to maintain availability of services. Which choice would be BEST help them with maintain availability with a reduced budget? A. Fallover cluster B. Virtualization C. Bollards D. Hashing
Virtualization provides increased availability because it is much easier to rebuild a virtual server than a physical server after a failure, it supports a reduced budget because virtual servers require less hardware, space in data center, less power and less heating and AC.
You want to test new security controls before deploying them. Which technologies provides the MOST flexibility to meet this goal? A. Baselines B. Hardening techniques C. Virtualization D. Patch management programs
Virtualization provides a high degree of flexibility when testing security controls because tester can easily rebuild virtual systems or revert them using a snapshot
You suspect that traffic in your network is being rerouted to an unauthorized router within your network. Which command-line tools would help you narrow down the problem? A. ping B. traceart C. ifconfig D. net stat
Traceart tracks packet flow through a network and if an extra router has been added to your network, traceart will identify it.
The First Bank of Springfield has been experiencing widespread fraud recently. Attacker are transferring funds out of customers accounts to other banks. The bank began requiring customers to obtain credentials in person at the bank . However, this hasn't reduced the number of fraudulent transactions. After reviewing available logs, investigators determined that these fraudulent transactions are conducted with the customer's actual credentials. Which security controls should be strengthened to reduce these incidents? A.Authentication B. Identification C. Accounting D. Authorization
Authentication should be increased by forcing users to use stronger passwords.
An outside security auditor recently completed an in-depth security audit on your network. One of the issues he reported was related to to passwords. Specifically, he found the following passwords used on the network , 1@W2 and G7bT3. Which should be changed to avoid the problem shown with these passwords? A. Password complexity B. Password length C. Password history D. Password reuse
The password policy should be be changed to increase the minimum password length of passwords.