Practice Test (2) Flashcards
One of your colleagues attempted to ping a computer name and received the response of fe80::3281:80ea:b72b:0b55. What type of address did the colleague view?
IPv6
IPv4
MAC address
IPv6
An IPv6 address is a 128-bit address that uses hexadecimal values (0–9 and A–F)
Which of the following defines the act of sending unsolicited messages to nearby Bluetooth devices?
Bluesnarfing
Brute force
Bluejacking
Bluejacking
Bluejacking is the act of sending unsolicited messages from one Bluetooth device to another Bluetooth device such as smartphones, tablets, and laptop computers
You are a system administrator and you are creating a public and private key pair. You have to specify the key strength. Which of the following would be your best choice?
RSA
DES
MD5
RSA
RSA is an asymmetric algorithm that uses private and public keys to encrypt and decrypt data
You are the security administrator for the sales department and the department needs to email high volumes of sensitive information to clients to help close sales. All emails go through a DLP scanner. Which of the following is the best solution to help the department protect the sensitive information?
Automatically encrypt outgoing emails.
Monitor all outgoing emails.
Automatically encrypt incoming emails.
Automatically encrypt outgoing emails.
Automatically encrypting outgoing emails will protect the company’s sensitive email that may contain personally identifiable information. Should the email be intercepted, the attacker wouldn’t be able to read the information contained in the email
You are the IT security officer of your company and have established a security policy that requires users to protect all sensitive documents to avoid their being stolen. What policy have you implemented?
Separation of duties
Clean desk
Job rotation
Clean desk
Clean desk policy ensures that all sensitive/confidential documents are removed from an end-user workstation and locked up when the documents are not in use
Which of the following options can a security administrator deploy on a mobile device that will deter undesirable people from seeing the data on the device if it is left unattended?
Screen lock
Push notification services
Remote wipe
Screen lock
The screen lock option can be enabled to prevent an unauthorized person from viewing the data on a device should the owner leave it unattended. This option can be configured to enable within seconds to minutes if device is unattended
You are a system administrator and are asked to prevent staff members from using each other’s credentials to access secured areas of the building. Which of the following will best address this request?
Install a biometric reader at the entrance of the secure area.
Install a proximity card reader at the entrance of the secure area.
Implement least privilege.
Install a biometric reader at the entrance of the secure area.
Biometrics are a person’s physical characteristics, such as a fingerprint, retina, hand geometry, and voice
A sales manager has asked for an option for sales reps who travel to have secure remote access to your company’s database server. Which of the following should you configure for the sales reps?
VPN
WLAN
NAT
VPN
A virtual private network (VPN) creates an encrypted connection between a remote client and a private network over an insecure network such as the Internet
An attacker tricks one of your employees into clicking on a malicious link that causes an unwanted action on the website the employee is currently authenticated to. What type of attack is this?
Replay
Cross-site request forgery
Cross-site scripting
Cross-site request forgery
A cross-site request forgery attack occurs when an attacker tricks a user into performing unwanted actions on a website the user is currently authenticated to
Which of the following is considered the strongest access control?
RBAC
DAC
MAC
MAC
The correct answer is mandatory access control (MAC). Access is controlled by comparing security labels with security clearances such as Confidential, Secret, and Top Secret
Your company wants to expand its data center, but has limited space to store additional hardware. The IT staff needs to continue their operations while expansion is underway. Which of the following would best accomplish this expansion idea?
IaaS
Virtualization
Public cloud
Virtualization
Virtualization allows the creation of virtual resources such as a server operating system. Multiple operating systems can run on one machine by sharing the resources such as RAM, hard drive, and CPU
Which of the following algorithms have known collisions? (Choose two.)
MD5
AES
SHA
SHA-256
RSA
MD5
SHA
MD5 and SHA have known cases of collisions
Which of the following must a security administrator implement to allow customers, vendors, suppliers, and other businesses to obtain information while preventing access to the company’s entire network?
Internet
Extranet
Honeynet
Extranet
An extranet will give customers, vendors, suppliers, and other business access to a controlled private network while preventing them from accessing the company’s entire network
The head of HR is conducting an exit interview with an IT network administrator named Matt. The interview questions include Matt’s view of his manager, why he is leaving his current position, and what he liked most about his job. Which of the following should also be addressed in this exit interview?
Job rotation
Background checks
Property return form
Property return form
A property return form properly records all equipment, keys, and badges that must be surrendered to the company when the employee leaves the company
Which of the following is considered the least secure authentication method?
CHAP
NTLM
PAP
PAP
Password Authentication Protocol (PAP) is an authentication protocol that sends the username and password as plain text to the authentication server
You are a security administrator for your company and have been asked to recommend a secure method for storing passwords due to recent brute-force attempts. Which of the following will provide the best protection? (Choose two.)
ROT13
BCRYPT
RIPEMD
PBKDF2
BCRYPT
PBKDF2
BCRYPT and PBKDF2 use key stretching to reduce brute-force attacks against vulnerabilities of encrypted keys. Both are considered password hashing functions
You installed a WAP for a local coffee shop and have discovered the signal is extending into the parking lot. Which of the following configurations will best correct this issue?
Change the antenna type.
Disable the SSID broadcast.
Reduce the signal strength for indoor coverage only.
Reduce the signal strength for indoor coverage only.
The correct answer is to reduce the signal strength for indoor coverage only. This action will prevent potential attackers from accessing the wireless access point and possibly compromising the users currently connected. Having the signal limited inside the business will help determine who is possibly connected
You are a network administrator for a bank. A branch manager discovers that the deskside employees have the ability to delete lending policies found in a folder within the file server. You review the permissions and notice the deskside employees have “modify” permissions to the folder. The employees should have read permissions only. Which of the following security principles has been violated?
Time-of-day restrictions
Separation of duties
Least privilege
Least privilege
Least privilege gives users the lowest level of rights so they can do their job to limit the potential chance of security breach
Which of the following concepts of cryptography ensures integrity of data by the use of digital signatures?
Steganography
Key exchange
Hashing
Hashing
Hashing transforms a string of characters into a key that represents the original string. When the string of characters is transformed and compared to the original hash, it will identify whether the string has been modified
Your manager has asked you to recommend a public key infrastructure component to store certificates that are no longer valid. Which of the following is the best choice?
Intermediate CA
CSR
CRL
CRL
A certificate revocation list (CRL) is a list of certificates that were revoked by a CA before their expiration date. The certificates listed in the CRL should not be considered trusted
You are a backup operator and receive a call from a user asking you to send sensitive documents immediately because their manager is going to a meeting with the company’s executives. The user states the manager’s files are corrupted and he is attending the meeting in the next 5 minutes. Which of the following forms of social engineering best describes this situation?
Scarcity
Consensus
Intimidation
Intimidation
The user is using an intimidation tactic to get the employee to take action quickly. Sometimes intimidation tactics can be combined with other principles such as urgency
Which of the following controls can you implement together to prevent data loss if a mobile device is lost or stolen? (Choose two.)
Geofencing
Full-device encryption
Screen locks
Push notification services
Full-device encryption
Screen locks
The correct answers are full-device encryption and screen locks. Full-device encryption encodes all the user’s data on a mobile device by using an encrypted key, and enabling screen lock prevents an unauthorized person from viewing the data on a device should the owner leave it unattended
A chief security officer (CSO) notices that a large number of contractors work for the company. When a contractor leaves the company, the provisioning team is not notified. The CSO wants to ensure the contractors cannot access the network when they leave. Which of the following polices best supports the CSO’s plan?
Account lockout policy
Enforce password history
Account expiration policy
Account expiration policy
Account expiration policy will prevent the contracts from attempting to access the network after they leave. The provisioning team can set a date when the contract is set to leave, and the user will not be able to have access to systems within the company’s network
The CISO wants to strengthen the password policy by adding special characters to users’ passwords. Which of the following control best achieves this goal?
Password complexity
Password length
Password history
Password complexity
Password complexity is a rule that demands inclusion of three of the four following character sets: lowercase letters, uppercase letters, numerals, and special characters
Which of the following deployment models allows a business to have more control of the devices given to employees that handle company information?
COPE
BYOD
CYOD
CYOD
CYOD (Choose Your Own Device) allows an employee to choose from a limited number of devices. The business can also limit the usage of the device to work activities only
A network administrator uses their fingerprint and enters a PIN to log onto a server. Which of the following best describes this example?
Identification
Single authentication
Multifactor authentication
Multifactor authentication
Multifactor authentication requires more than one method of authentication from independent credentials: something you know, something you have, and something you are
Your company wants to perform a privacy threshold assessment (PTA) to identify all PII residing in its systems before retiring hardware. Which of the following would be examples of PII? (Choose two.)
Date of birth
Email address
Race
Fingerprint
Email address
Fingerprint
The correct answers are email address and fingerprint. Personally identifiable information (PII) is any information that can be used to distinguish or trace an individual’s identity
Your HIPS is incorrectly reporting legitimate network traffic as suspicious activity. What is this best known as?
False positive
False negative
Credentialed
False positive
The correct answer is a false positive. When legitimate data enters a system and the host intrusion prevention system (HIPS) mistakenly marks it as malicious, it is referred to as a false positive
Matt, a network administrator, is asking how to configure the switches and routers to securely monitor their status. Which of the following protocols would he need to implement on the devices?
SNMP
SMTP
SNMPv3
SNMPv3
The correct answer is SNMPv3. Simple Network Management Protocol (SNMP) collects and organizes information about managed devices on an IP network. SNMPv3 is the newest version and its primary feature is enhanced security
Your company has issued a hardware token-based authentication to administrators to reduce the risk of password compromise. The tokens display a code that automatically changes every 30 seconds. Which of the following best describes this authentication mechanism?
TOTP
HOTP
Smartcard
TOTP
A Time-Based One-Time Password (TOTP) is a temporary passcode that is generated for the use of authenticating to a computer system and the passcode is valid for a certain amount of time—for example, 30 seconds
You are the network administrator for your company’s Microsoft network. Your CISO is planning the network security and wants a secure protocol that will authenticate all users logging into the network. Which of the following authentication protocols would be the best choice?
RADIUS
TACACS+
Kerberos
Kerberos
Kerberos is an authentication protocol that uses tickets to allow access to resources within the network
Which of the following is not a vulnerability of end-of-life systems?
When systems can’t be updated, firewalls and antiviruses are not sufficient protection.
Out-of-date systems can result in fines in regulated industries.
When an out-of-date system reaches the end-of-life, it will automatically shut down.
When an out-of-date system reaches the end-of-life, it will automatically shut down.
The correct answer is C. This is not a vulnerability, because most systems will not automatically shut down when they have reached their end-of-life period
Which of the following statements are true regarding viruses and worms? (Choose two.)
A virus is a malware that self-replicates over the network.
A worm is a malware that self-replicates over the network.
A virus is a malware that replicates by attaching itself to a file.
A worm is a malware that replicates by attaching itself to a file.
A worm is a malware that self-replicates over the network.
A virus is a malware that replicates by attaching itself to a file.
A worm self-replicates itself over the network to consume bandwidth and a virus needs to be attached to a file to be replicated over the network
Which of the following wireless attacks would be used to impersonate another WAP to obtain unauthorized information from nearby mobile users?
Rogue access point
Evil twin
Bluejacking
Evil twin
An evil twin is a fake access point that looks like a legitimate one. The attacker will use the same network name and transmit beacons to get a user to connect. This allows the attacker to gain personal information without the end user knowing
Tony, a security administrator, discovered through an audit that all the company’s access points are currently configured to use WPA with TKIP for encryption. Tony needs to improve the encryption on the access points. Which of the following would be the best option for Tony?
WPA2 with CCMP
WEP
WPA with CCMP
WPA2 with CCMP
WPA2 with CCMP provides data confidentiality and authentication. CCMP uses a 128-bit key, which is considered secured against attacks
Your department manager assigns Tony, a network administrator, the job of expressing the business and financial effects that a failed SQL server would cause if it was down for 4 hours. What type of analysis must Tony perform?
Security audit
Asset identification
Business impact analysis
Business impact analysis
Business impact analysis (BIA) usually identifies costs linked to failures. These costs may include equipment replacement, salaries paid to employees to catch up with loss of work, and loss of profits
You are the security administrator for a local hospital. The doctors want to prevent the data from being altered while working on their mobile devices. Which of the following would most likely accomplish the request?
Cloud storage
Wiping
SIEM
Cloud storage
Cloud storage offers protection from cyberattacks since the data is backed up. Should the data become corrupted, the hospital can recover the data from cloud storage
You are a Unix engineer, and on October 29 you discovered that a former employee had planted malicious code that would destroy 4,000 servers at your company. This malicious code would have caused millions of dollars worth of damage and shut down your company for at least a week. The malware was set to detonate at 9:00 a.m. on January 31. What type of malware did you discover?
Logic bomb
RAT
Spyware
Logic bomb
A logic bomb is a malicious code that is inserted intentionally and designed to execute under certain circumstances. It is designed to display a false message, delete or corrupt data, or have other unwanted effects
Which of the following is defined as hacking into a computer system for a politically or socially motivated purpose?
Hacktivist
Insider
Script kiddie
Hacktivist
A hacktivist’s purpose is to perform hacktivism. This is the act of hacking into a computer system for a politically or socially motivated purpose
A network administrator with your company has received phone calls from an individual who is requesting information about their personal finances. Which of the following type of attack is occurring?
Whaling
Phishing
Vishing
Vishing
Vishing is a type of social engineering attack that tries to trick a person into disclosing secure information over the phone or a Voice over IP (VoIP) call
Which of the following can be restricted on a mobile device to prevent security violations? (Choose three.)
Third-party app stores
Biometrics
Content management
Rooting
Sideloading
Third-party app stores
Rooting
Sideloading
The correct answers are third-party app store, rooting, and sideloading. Restricting these options will increase the security of a device. Third-party app stores can carry apps that may contain malware. Companies will allow certain apps to be downloaded. Rooting is the process of gaining privileged control over a device. For a user with root access, anything is possible, such as installing new applications, uninstalling system applications, and revoking existing permissions. Sideloading is installing applications on a mobile device without using an official distributed scheme
Which of the following does a remote access VPN usually rely on? (Choose two.)
IPSec
DES
SSL
SFTP
IPSec
SSL
The correct answers are IPSec and SSL. IPSec protects IP packets that are exchanged between the remote network and an IPSec gateway, which is located on the edge of a private network. Secure Socket Layer (SSL) usually supplies a secure access to a single application
Matt, a security administrator, wants to use a two-way trust model for the owner of a certificate and the entity relying on the certificate. Which of the following is the best option to use?
WPA
Object identifiers
PKI
PKI
Public Key Infrastructure (PKI) distributes and identifies public keys to users and computers securely over a network. It also verifies the identity of the owner of the public key
If domain A trusts domain B, and domain B trusts domain C, then domain A trusts domain C. Which concept does this describe?
Federation
Single sign-on
Transitive trust
Transitive trust
Transitive trust is a two-way relationship that is created between parent and child domains in a Microsoft Active Directory forest. When a child domain is created, it will share the resources with its parent domain automatically. This allows an authenticated user to access resources in both the child and parent domains
A user entered a username and password to log into the company’s network. Which of the following best describes the username?
Authentication
Identification
Accounting
Identification
Identification is used to identify a user within the system. It allows each user to distinguish itself from other users
Which of the following tools can be used to hide messages within a file?
Data sanitization
Steganography
Tracert
Steganography
Steganography is the practice of hiding a message such as a file within a picture
Which of the following is best used to prevent ARP poisoning on a local network? (Choose two.)
Antivirus
Static ARP entries
Patching management
Port security
Static ARP entries
Port security
The correct answers are static ARP entries and port security. Static ARP entry is the process of assigning a MAC address to an IP address to prevent an attacker from poisoning the cache. Disabling unused physical ports will prevent an attacker from plugging in their laptop and performing an ARP poisoning
Which of the following is the best practice to place at the end of an ACL?
USB blocking
MAC filtering
Implicit deny
Implicit deny
Implicit deny is placed at the bottom of the list. If traffic goes through the ACL list of rules and isn’t explicitly denied or allowed, implicit deny will deny the traffic as it is the last rule. In other words, if traffic is not explicitly allowed within an access list, then by default it is denied
